Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .


Response to Arguments
Applicant’s arguments with respect to claim(s) 1-9, 11-20 have been considered but are moot because the new ground of rejection does not rely on any reference applied in the prior rejection of record for any teaching or matter specifically challenged in the argument.
Examiner has incorporated Sondhi US 2015/0089569 to meet the claims as amended.



Claim Rejections - 35 USC § 103
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.

Claim 1-5, 7-9, 11-20 is/are rejected under 35 U.S.C. 103 as being unpatentable over Trammel US 20140075513 in view of GrajekUS 2014/0082715 in view of Sondhi US 2015/0089569.


As per claim 1, 14, 18  Trammel teaches A method for enhanced single sign-on for mobile applications, the method comprising: requesting, by a first mobile application, an authorization server to return a connector code; [0037]   ( application requests access token upon authentication)
Trammel teaches receiving, by the first mobile application, the connector code with at least one token from a remote server; [0034][0036]  (teaches receiving an device token in addition to device token)  Trammel teaches storing in a shared security mechanism, by the first mobile application, the at least one token [0049]  (managed storing application for credentials)


It would have been obvious to one of ordinary skill in the art to use the teaching of Grajek with Trammel at the time the invention was filed because it provides a convenient way to share authentication credentials.

Sondi teaches storing at least one token and the connector code, and a sharing mechanism for the at least one token and the connector code, and obtaining said credentials by a second application. [0069][0072][0127][0128] (teaches including with each token the hardware id, and using said user/hardware id as connector code among applications)
It would have been obvious to one of ordinary skill in the art at the time the invention was filed to use the code of Sondi with the previous art because it increases ease of shared application credentials.

As per claim 2.  Trammel teaches The method of claim 1 wherein the remote server is the authorization server.  [0040] (authorization server)

As per claim 3.  Trammel teaches The method of claim 1 wherein the remote server is a second server.  [0040] (authorization server)

As per claim 4. Trammel teaches The method of claim 1 wherein the first mobile application and second mobile application are issued by a same vendor.  [0026] (same vendor)

As per claim 5. Trammel teaches The method of claim 1 wherein the shared security mechanism comprises a keychain. [0049] (iOS keychain)

As per claim 7. Trammel teaches The method of claim 1 wherein the connector code is unique to a specific mobile device.  [0036]  (device token unique to user, device)

As per claim 8.  Grajek teaches The method of claim 1 wherein the at least one token identifies a user who is logged in to the first mobile application.  [0068]

As per claim 9. Grajek teaches The method of claim 8, further comprising querying, by the second mobile application, the user to determine whether the user accepts use of the at least one token with the second mobile application, and not using a profile to obtain a token for the second mobile application without acceptance of use of the at least one token with the second mobile application by the user.  [0090] (requires user involvement)


As per claim 11. Grajek teaches The method of claim 1, further comprising searching, by the second mobile application, in the shared security mechanism for the connector code.  [0088] [0094][0095]  (second application uses first token to obtain new token and or access)

As per claim 12. Grajek teaches The method of claim 1, wherein the profile is a profile of a token exchange between the second application and the authorization server;  [0088]-[0091]

As per claim 13. Trammel teaches The method of claim 12, wherein the first mobile application and second mobile application are issued by a same vendor and wherein the method further comprises providing to the authorization server, by the profile, the at least one token, the connector code, and a client code associated with the same vendor of the first mobile application and the second mobile application.  [0026][0034][0036][0043][0047] ( teaches the same vendor, token, connector client/App ID)
Grajek teaches the second application and supplementally teaches token and client code/ connector code [0072] [0079][0088]-[0091]

As per claim 15. Trammel teaches The non-transitory computer-readable storage medium of claim 14 further comprising sending to the second mobile application, by the authorization server, the token for a second mobile application, wherein the token for a second mobile application is stored in the shared security mechanism by the second mobile application.  [0049] (iOS keychain)

As per claim 16. Trammel teaches The non-transitory computer-readable storage medium of claim 14 wherein the returning the connector code to the first mobile application occurs after an authorization code from the first mobile application is exchanged for the at least one 


As per claim 17. Trammel teaches The non-transitory computer-readable storage medium of claim 14 wherein the connector code is unique to a specific mobile device.  [0036]  (device token unique to user, device)


As per claim 19. Trammel teaches The computing device of claim 18 wherein the program logic further comprises executable logic for sending, to the second mobile application, the token for a second mobile application, wherein the token for a second mobile application is stored in the shared security mechanism by the second mobile application.  [0049] (iOS keychain)


As per claim 20. Trammel teaches The computing device of claim 18 wherein the returning the connector code to the first mobile application occurs after an authorization code from the first mobile application is exchanged for the at least one token. [0034][0036][0037]  (Teaches receiving access token/connector code after device token after authentication)

Claims 6 is/are rejected under 35 U.S.C. 103 as being unpatentable over Trammel US 20140075513 in view of GrajekUS 2014/0082715 in view of Sondhi US 2015/0089569 in view of Kendall US 9,473,485.


As per claim 6. Kendall teaches The method of claim 1 wherein the shared security mechanism comprises a keystore.  (Column 33 lines 31-35; 41-53)  (teaches storing SSO credentials in a keychain and a keystore)  
It would have been obvious to one of ordinary skill in the art at the time the invention was filed to use the keychain of Kendall with the previous combination because it increases security.


Conclusion
Applicant's amendment necessitated the new ground(s) of rejection presented in this Office action.  Accordingly, THIS ACTION IS MADE FINAL.  See MPEP § 706.07(a).  Applicant is reminded of the extension of time policy as set forth in 37 CFR 1.136(a).  
A shortened statutory period for reply to this final action is set to expire THREE MONTHS from the mailing date of this action.  In the event a first reply is filed within TWO MONTHS of the mailing date of this final action and the advisory action is not mailed until after the end of the THREE-MONTH shortened statutory period, then the shortened statutory period will expire on the date the advisory action is mailed, and any extension fee pursuant to 37 CFR 1.136(a) will be calculated from the mailing date of the advisory action.  In no event, however, will the statutory period for reply expire later than SIX MONTHS from the date of this final action. 
Any inquiry concerning this communication or earlier communications from the examiner should be directed to CHRISTOPHER BROWN whose telephone number is (571)272-3833.  The examiner can normally be reached on M-F 8-5.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Luu Pham can be reached on (571) 270-5002.  The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system.  Status information for published applications 






/CHRISTOPHER J BROWN/Primary Examiner, Art Unit 2439