DETAILED ACTION

Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .

Information Disclosure Statement
The information disclosure statements (IDS) submitted on 1/13/2020 and 1/25/2021 are in compliance with the provisions of 37 CFR 1.97.  Accordingly, the information disclosure statement is being considered by the examiner.

Claim Rejections - 35 USC § 112
The following is a quotation of 35 U.S.C. 112(b):
(b)  CONCLUSION.—The specification shall conclude with one or more claims particularly pointing out and distinctly claiming the subject matter which the inventor or a joint inventor regards as the invention.


The following is a quotation of 35 U.S.C. 112 (pre-AIA ), second paragraph:
The specification shall conclude with one or more claims particularly pointing out and distinctly claiming the subject matter which the applicant regards as his invention.


Claims 1-8 and 14 are rejected under 35 U.S.C. 112(b) or 35 U.S.C. 112 (pre-AIA ), second paragraph, as being indefinite for failing to particularly point out and distinctly claim the subject matter which the inventor or a joint inventor (or for applications subject to pre-AIA  35 U.S.C. 112, the applicant), regards as the invention.
the first server".  There is insufficient antecedent basis for this limitation in the claim. The dependent claims are similarly rejected.
Claim 14 recites the limitation “the identifier”. There is insufficient antecedent basis for this limitation in the claim.

Claim Rejections - 35 USC § 103
In the event the determination of the status of the application as subject to AIA  35 U.S.C. 102 and 103 (or as subject to pre-AIA  35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status.  
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.

Claims 1-7, 9, and 11-15 are rejected under 35 U.S.C. 103 as being unpatentable over Mowatt in view of Mahaffey et al. (hereinafter, “Mahaffey”) US 2014/0189808 in further view of Kessler et al. (hereinafter, “Kessler”), US 2015/0334105.
As per claim 1: Mowatt discloses: A method for securely registering and activating an application downloaded to a user device of a user (a method is disclosed for application licensing authentication by providing a specific token to a user for allowing access to an , the application being provided from an application store maintained by an application server of an enterprise (an application is downloaded from a marketplace service and installed on a user device 118 [Mowatt, ¶42]), wherein a number is associated with the user device (identity of the user devices [Mowatt, ¶41]), comprising: generating an activation code suitable for activating downloaded applications which are pending activation (generating an entitlement token within the marketplace service 102 [Mowatt, ¶32; Fig. 1]), storing the generated activation code on the application server (the entitlement token is stored is stored in an entitlement storage database 128, which is within the marketplace service 102 [Mowatt, ¶31; Fig. 1]), the first server not being accessible to the user and only being accessible to a jump server (the user device 118 accesses the token within client platform 104, not directly from marketplace service 102, where the token is provided to a purchaser device 116 instead [Mowatt, ¶¶32-35; Fig. 1]); enabling an administrator to access the jump server using (the purchaser device may be designated as an administrator that signs in to marketplace service 102 through an entitlement processing center 124 [Mowatt, ¶¶29, 49; Fig. 3A]); accessing the first sever via the jump server (the purchaser device is able to access an entitlement storage database via the entitlement processing center [Mowatt, ¶¶49-50; Fig. 3A]); responding to a command by the administrator, provided through a remote connection between the jump server and the application server, by electronically communicating to the administrator any activation codes associated with applications pending activation (providing entitlement tokens from the entitlement storage database [Mowatt, ¶¶49-50]); and completing registration and activation of the application downloaded by the user by the user providing a into the user device (determining if the entitlement token is valid and allowing access to an installed application [Mowatt, ¶¶36-37, 42]); .
Mowatt does not specify that a “two factor” authentication method is used by the purchaser device to sign in to the marketplace service. However, multi-factor authentication is a well-known concept in the art. For example, Mahaffey is directed to a consolidated multi-factor authentication and log-in system for applications [Mahaffey, ¶1]. Multi-factor authentication requires multiple factors to verify a user’s identity beyond a convention username and password [Mahaffey, ¶79].
Thus, it would have been obvious to a person having ordinary skill in the art before the effective filing date of the claimed invention to implement a multi-factor authentication process for logging in the administrator of the purchaser device to the marketplace service. Multi-factor authentication would have provided improved security by requiring multiple forms aspects of verifying one’s identity.
Mowatt does not “manually transferred” (e.g. also “wherein the activation code associated with the application downloaded by the user is manually transferred from the administrator to the user”) the entitlement token (“activation code”) to the user device from the purchaser device. Rather, Mowatt discloses automatically providing the entitlement token to the user device on the client platform after the purchaser device writes the token into a license storage database [Mowatt, ¶53]. However, Kessler discloses analogous art application activation [Kessler, ¶8]. An administrator sends an email with an access key that functions as an wherein the activation code associated with the application downloaded by the user is manually transferred from the administrator to the user”) [Kessler, ¶35].
Thus, it would have been obvious to a person having ordinary skill in the art before the effective filing date of the claimed invention to modify the manner of providing the entitlement tokens in Mowatt, such as simply emailing the user device with an activation code as disclosed in Kessler. A manual process would have been useful in events where an automated process for obtaining tokens is down. For example, the entitlement storage database may be down for maintenance and authorization to access an application may be immediately needed. 

As per claim 2: Mowatt in view of Mahaffey and Kessler disclose all limitations of claim 1. Furthermore, Mowatt in view of Mahaffey and Kessler disclose: wherein the transfer from the administrator to the user is by way of an electronic communication not involving the application server (administrator sends an email with an access key that functions as an activation code to a user after authorizing said user [Kessler, ¶35]; this would have been provided by the email as in view of Kessler (e.g. from the purchaser device storing it in the license storage database 134 [Mowatt, Fig. 1])).

As per claim 3: Mowatt in view of Mahaffey and Kessler disclose all limitations of claim 1. Furthermore, Mowatt in view of Mahaffey and Kessler disclose: wherein the application is downloaded to the user via a backend server different from the application server (the application center 138 in [Mowatt ¶35] provides the application for installation; the 

As per claim 4: Mowatt in view of Mahaffey and Kessler disclose all limitations of claim 1. Furthermore, Mowatt in view of Mahaffey and Kessler disclose: wherein the two-factor authentication is based on at least two of i) a knowledge factor, ii) a possession and iii) a biometric factor (there are three major factors in multi-factor authentication: something one knows, something one is, and something one has [Mahaffey, ¶79]).

As per claim 5: Mowatt in view of Mahaffey and Kessler disclose all limitations of claim 4. Furthermore, Mowatt in view of Mahaffey and Kessler disclose: wherein the knowledge factor is one of a password and personal identification number (PIN) (passwords, passphrases, or codes are common things one knows [Mahaffey, ¶79]).

As per claim 6: Mowatt in view of Mahaffey and Kessler disclose all limitations of claim 4. Furthermore, Mowatt in view of Mahaffey and Kessler disclose: wherein the possession factor is an identifier of a device (a security token that one uniquely possesses [Mahaffey, ¶79]).

As per claim 7: Mowatt in view of Mahaffey and Kessler disclose all limitations of claim 1. Furthermore, Mowatt in view of Mahaffey and Kessler disclose: wherein the number associated with the user device is a phone number (the user device is any type of computing 

As per claim 9: Claim 9 is different in overall scope from claim 1 but recites substantially similar subject matter as claim 1. Claim 9 is directed to a method corresponding to the method of claim 1. However, claim 9 presents a broader scope of the method of claim 1. Thus, the response provided above for claim 1 is equally applicable to claim 9.

As per claim 11: Claim 11 incorporates all limitations of claim 9 and is a method corresponding to the method of claim 4. Therefore, the arguments set forth above with respect to claims 4 and 9 are equally applicable to claim 11 and rejected for the same reasons.

As per claim 12: Claim 12 is different in overall scope from claim 1 but recites substantially similar subject matter as claim 1. Claim 12 is directed to a method corresponding to the method of claim 1. However, claim 12 presents a broader scope of the method of claim 1. Thus, the response provided above for claim 1 is equally applicable to claim 12.

As per claim 13: Mowatt in view of Mahaffey and Kessler disclose all limitations of claim 12. Furthermore, Mowatt in view of Mahaffey and Kessler disclose: further comprising storing the activation code in association with an identifier of the user device having the application to be registered and activated (the entitlement token is stored in an entitlement storage 

As per claim 14: Mowatt in view of Mahaffey and Kessler disclose all limitations of claim 12. Furthermore, Mowatt in view of Mahaffey and Kessler disclose: wherein the identifier of the user device is a phone number or an IP address (e user device is any type of computing device operated by a particular user, such as a personal computer or a mobile device [Mowatt, ¶¶26, 28]; a phone is a well-known and common type of mobile device and can be identified via its phone number [Mahaffey, ¶125]; furthermore, hardware identification may be used for the user devices [Mowatt, ¶41]).

As per claim 15: Mowatt in view of Mahaffey and Kessler disclose all limitations of claim 12. Furthermore, Mowatt in view of Mahaffey and Kessler disclose: wherein the administrator communicates the activation code to the user device via link in a text message or an email (administrator sends an email with an access key that functions as an activation code to a user after authorizing said user [Kessler, ¶35]; this would have been provided by the email as in view of Kessler (e.g. from the purchaser device, wherein the tokens are stored in the license storage database 134 [Mowatt, Fig. 1])).

Claims 8 and 10 are rejected under 35 U.S.C. 103 as being unpatentable over Mowatt in view of Mahaffey in further view of Kessler and in further view of  Skinner et al. (hereinafter, “Skinner”), US 5,963,914.
As per claim 8: Mowatt in view of Mahaffey and Kessler disclose all limitations of claim 1. Mowatt in view of Mahaffey and Kessler do not disclose: further comprising logging the administrator activities on or through the jump server. However, it was common practice in the art to log activities of users within a network. For example, Skinner is directed to a method for automatically collecting information about time and user’s activity within a computer network [Skinner, col. 5, lines 1-10].
Thus, it would have been obvious to a person having ordinary skill in the art before the effective filing date of the claimed invention to implement a network activity logging function in the modified system of Mowatt, Mahaffey, and Kessler. Logging user network activity is a significant aspect of auditing and reviewing the security of a computer network. Activity logs provide proof of an activity – either malicious or legitimate. It also helps during troubleshooting network problems that may be user-related.

As per claim 10: Claim 10 incorporates all limitations of claim 9 and is a method corresponding to the method of claim 8. Therefore, the arguments set forth above with respect to claims 8 and 9 are equally applicable to claim 10 and rejected for the same reasons.

Conclusion
The prior art made of record and not relied upon is considered pertinent to applicant's disclosure.
US 9,847,994: Discloses activation of an installed application by submitting a request to a system administrator, wherein an activation code is returned to activate the application.
US 2019/0089705: Discloses providing an authentication code via an activation URI to a client, wherein the client further provides the activation code to an authenticating entity for access approval to resources.
US 7,703,142: Discloses a client device requesting use of a mobile application by forwarding a request to an administrator for allocation of a license.
US 2009/0119779: Discloses an end user requesting activation of software by requesting a license form a license server, wherein the request is forwarded by a network administrator to obtain the license.

Any inquiry concerning this communication or earlier communications from the examiner should be directed to ROBERT B LEUNG whose telephone number is (571)270-1453.  The examiner can normally be reached on Mon - Thurs: 10am-7pm ET.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, JUNG KIM can be reached on 571-272-3804.  The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.





/ROBERT B LEUNG/Primary Examiner, Art Unit 2494                                                                                                                                                                                                        8-13-2021