DETAILED ACTION
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .


Status of Claims
The following claim(s) is/are pending in this office action: 1-15
The following claim(s) is/are amended: 1, 6, 11
The following claim(s) is/are new: -
The following claim(s) is/are cancelled: -
Claim(s) 1-15 is/are rejected. This rejection is FINAL.


Previous Rejections Withdrawn
The 35 USC 101 rejection to claim(s) 11-15 is/are withdrawn based on the amendment.


Response to Arguments
Applicant’s arguments filed in the amendment filed 5/10/2021, have been fully considered but are moot in view of new grounds of rejection. The reasons set forth below.


Applicant’s Invention as Claimed

Claim Rejections - 35 USC § 103
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102 of this title, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains.  Patentability shall not be negated by the manner in which the invention was made.

Claims 1-15 are rejected under 35 U.S.C. 103 as being unpatentable over Barnett (US Pub. 2015/0350338) in view of Birger (US Pub. 2009/0007234) and further in view of Seraphin (US Pub. 2006/0075110).
With respect to Claim 1, Barnett teaches a method of smart login session management, the method comprising: authenticating an end user into a protected session (Fig. 1, paras. 12-13, 28-29, 38; User logs into a system using user name and password, connecting a client to a server. Paras. 15-19, 28-29; communication session between client/server may use licenses, which is a protected session, and may use SAML, which is a secure communication. See also Birger, para. 236; secure session using a short-term authentication credential.)
of a Web application (Fig. 1, para. 13-14, 25; servers provide client devices such as PCs or laptops with access to applications stored on the application servers. Para. 17; browser used to access application. Para. 39; server applications can be web application.)
through a primary computing device; (Fig. 1, para. 13, 25; client devices such as PCs or laptops)
additionally authenticating the end user into a protected session (Fig. 1, paras. 12-13, 28-29, 38; User logs into a system using user name and password, connecting a client to a server. Paras. 15-19, 28-29; communication session between client/server may use licenses, which is a protected session, and may use SAML, which is a secure communication. See also Birger, para. 236; secure session using a short-term authentication credential. Duplication of parts is not a patentable act, see MPEP 2144, but regardless is taught by Barnett, see Fig. 3, para. 25; application is being executed simultaneously on multiple devices such as laptop and smart phone.)
of a mobile application (Fig. 1, paras. 13-14; applications can be stored on application servers and accessed by the devices. Conversely, they can be stored locally on the client devices, or executed on the client devices via java. Any of these are mobile applications. para. 24; mobile application.)
of a secondary mobile computing device; (Fig. 1, para. 13, 25; client device may be mobile communication devices such as smartphones.)
detecting a timeout condition in the protected session of the Web application for the end user; (para. 17-19; web browser can maintain a counter or timestamp to indicate user interface activity. Paras. 21-23; when a time period is exceeded with no activity, the application can be locked or the client device can be logged out.)
and, responsive to the detection of the timeout condition, automatically logging the end user out of the protected session of the Web application if a timeout condition also exists in the protected session of the mobile application for the end user, (Paras. 21-23; when a time period is exceeded with no activity, the application can be locked or the client device can be logged out. Para. 25; when an application is being executed on multiple devices, the separate sessions can be considered a single session to be timed together. An interaction with application running on one device can be considered an interaction with applications on the other device to keep the applications open. When they are considered a single session, the timeout would have to be on both devices in order to trigger the logout.)
But Barnett does not explicitly teach renewal.
Birger, however, does teach but otherwise automatically renewing the protected session of the Web application. (First, see Barnett, Para. 25; when an application is being executed on multiple devices, the separate sessions can be considered a single session to be timed together. An interaction with application running on one device can be considered an interaction with applications on the other device to keep the applications open. Fig. 2, paras. 21-23; if interaction has occurred the timeout timer is reset. Examiner asserts that this is a renewal within the broadest reasonable interpretation of the term. Regardless, Examiner cites Birger, para. 101-105; renewal of registration. See also Seraphin, paras. 20-23, 30, 32; renewal of session.)
It would have been obvious to one of ordinary skill, prior to the effective filing date, to combine the method of Barnett with the renewal of Birger in order to maintain security by providing fresh limited timeframe artifacts. (Birger, para. 105)
But modified Barnett does not explicitly teach new session files.
Seraphin, however, does teach authenticating an end user by creating one or more initial session files for the protected session; (Fig. 2, para. 20-21; following authentication via user name and password the web browser returns a cookie with session expiration time)
by creating one or more new session files (Fig. 2, paras. 20-23, 28, 30; user receives an updated session expiration cookie by interacting with the remote device prior to the expiration time.) 
Designating the end user to the one or more new session files (para. 21; session is for the user. See also paras. 29, 32-33; user has to reauthenticate when the cookie is no longer valid, so the cookie is per user.)
And deleting the initial session files, so that the end user technically remains logged into the protected session of the Web application. (para. 23, 30, 39; updated cookie with new session expiration time, which is a deletion of the initial session timer. Regardless of whether Seraphin anticipates, it would have been obvious to one of ordinary skill prior to the effective filing date to delete the initial file because it is no longer descriptive of the session rules. Removal of an element is obvious when the function of the element is not desired, see MPEP 2144. Para. 21; renewing allows for extension of the session past an otherwise session-ending time, which is a remaining of logging into the session.)
It would have been obvious to one of ordinary skill, prior to the effective filing date, to combine the method of modified Barnett with the new session files of Seraphin in order to allow a user to continue using the authenticated access without having to continually reauthenticate. (Seraphin, paras. 20-21)

With respect to Claim 2, modified Barnett teaches the method of claim 1, and Barnett also teaches wherein a prompt is generated in a display of the secondary mobile computing device (Fig. 5, paras. 30-32; user using a second device is provided with a prompt asking if they want to log out of the first device, which is functionally a request to renew to first session. Nonfunctional descriptive material is not entitled to patentable weight, i.e. asking the user if they want to renew is functionally the same choice as asking a user if they want to log off. Regardless, in the event patentable weight should be given, Birger taught renewal, para. 101-105 and it would have been obvious to one of ordinary skill prior to the effective filing date to ask for a renewal in order to maintain security by providing fresh limited timeframe artifacts.)

With respect to Claim 3, modified Barnett teaches the method of claim 1, and Barnett also teaches wherein the protected session of the mobile application is determined not to be idle so long as user interface interactions are detected in the secondary mobile computing device, (Fig. 2, paras. 21-23; if interaction has occurred the timeout timer is reset.)
but a timeout condition in the protected session of the mobile application is determined to have arisen when a threshold period of time lapses during which no user interface interactions are detected in the secondary mobile computing device. (para. 25; when an application is being executed on multiple devices, the separate sessions can be considered separate sessions to be timed out independently. Further, system may or may not treat sessions as a single session based on conditions such as proximity. Examiner asserts that because a primary and secondary device may both be the same type of devices, this is simply a limitation that both techniques are used. However, even absent that embodiment, Examiner asserts the use of the single session technique for the primary device and the separate session technique for the secondary device is not described as critical, and is therefore application of a known technique or a routine optimization over the teaching that both techniques were known to the art. See MPEP 2143 and 2144.05. Further, Examiner asserts it would have been obvious to one of ordinary skill prior to the effective filing date to have the mobile device not be refreshed by primary usage in order to avoid forcing the mobile device process proximity or interactivity messages, see Barnett, paras. 25-27.)

With respect to Claim 4, modified Barnett teaches the method of claim 3, and Barnett also teaches wherein the user interface interactions include using a phone application in the secondary mobile computing device. (para. 13; smartphone device, and communication network can be a public switched network or telecommunication network, both of which suggest the mobile computing device can function as a phone. See also Birger, paras. 81, 146; telephone communication with mobile devices.)

With respect to Claim 5, modified Barnett teaches the method of claim 3, and Barnett also teaches wherein the user interface interactions include using a media player in the secondary mobile computing device. (para. 13; application can be media player. Para. 16; interaction tracked by application can be clicks, voice commands, typing, swipes, and tracking eye movement. Para. 50; keyboard, mouse, voice-recognition and other input devices.)

With respect to Claim 6, it is substantially similar to Claim 1 and is rejected in the same manner, the same art and reasoning applying. Further, Barnett also teaches a Web application data processing system configured for smart login session management, the system comprising: a host computing platform comprising one or more computers, each with memory and at least one processor; (Fig. 1, para. 13; system includes client/server system. paras. 46-49; device has processor and memory for storing and running software.)
a Web application executing in the memory of the host computing platform and communicating with a Web application server over a computer communications network; (Fig. 1, para. 13-14, 25; servers provide client devices such as PCs or laptops with access to applications stored on the application servers. Para. 17; browser used to access application. Para. 39; server applications can be web application.)
and, a smart login session management module coupled to the Web application, the module comprising program code enabled upon execution in the memory of the host computing platform to: (paras. 17-18, 21; activity manager software in server. Fig. 9, paras. 46-49; device has processor and memory for storing and running software.)

With respect to Claim 7-10, they are substantially similar to Claims 2-5, respectively, and are rejected in the same manner, the same art and reasoning applying.

non-transitory computer readable storage medium having program instructions embodied therewith, the program instructions executable by a device to cause the device to perform a method comprising: (para. 48; computer readable medium such as ROM, CDROM, or magnetic or optical disk.)

With respect to Claim 12-15, they are substantially similar to Claims 2-5, respectively, and are rejected in the same manner, the same art and reasoning applying.


Remarks
Applicant argues at Remarks, pg. 14 that amended Claim 11 fixes the 101 issue. Examiner agrees and withdraws the rejection.
Applicant argues at Remarks, pgs. 14-16 that the amended independent claims distinguish over Birger. Examiner frankly believes that the natural understanding of a renewal as disclosed in Birger suggests the amended subject matter, but regardless cites Seraphin to further support the position. Examiner notes that the citation of Seraphin may render the citation of Birger entirely superfluous, and that all claims are obvious over the cited sections of Barnett/Seraphin. However, in the interests of compact prosecution and mindful that relying upon less than all cited references is not a new ground of rejection (see MPEP 1207.03(a)(II)) Examiner will simply add Seraphin to the rejection rather than possible cause an issue after amendment by withdrawing Birger.
All claims remain obvious and all claims remain rejected.


Conclusion
Applicant's amendment necessitated the new ground(s) of rejection presented in this Office action.  Accordingly, THIS ACTION IS MADE FINAL.  See MPEP § 706.07(a).  Applicant is reminded of the extension of time policy as set forth in 37 CFR 1.136(a).
A shortened statutory period for reply to this final action is set to expire THREE MONTHS from the mailing date of this action.  In the event a first reply is filed within TWO MONTHS of the mailing date of this final action and the advisory action is not mailed until after the end of the THREE-MONTH shortened statutory period, then the shortened statutory period will expire on the date the advisory action is mailed, and any extension fee pursuant to 37 CFR 1.136(a) will be calculated from the mailing date of the advisory action.  In no event, however, will the statutory period for reply expire later than SIX MONTHS from the mailing date of this final action. 

Any inquiry concerning this communication or earlier communications from the examiner should be directed to NICHOLAS P CELANI whose telephone number is (571)272-1205.  The examiner can normally be reached on M-F 9-5.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Vivek Srivastava can be reached on 571-272-7304.  The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.



/NICHOLAS P CELANI/Examiner, Art Unit 2449