DETAILED ACTION
Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .

Continued Examination Under 37 CFR 1.114
A request for continued examination under 37 CFR 1.114, including the fee set forth in 37 CFR 1.17(e), was filed in this application after final rejection.  Since this application is eligible for continued examination under 37 CFR 1.114, and the fee set forth in 37 CFR 1.17(e) has been timely paid, the finality of the previous Office action has been withdrawn pursuant to 37 CFR 1.114.  Applicant's submission filed on 08/23/2021 has been entered.

Response to Amendment
This is in response to the amendments filed on 08/23/2021. Claims 1, 3, 4, 6, 8, 10, 11, 13, 14, and 20 have been amended. Claims 7 and 17 are canceled. Claims 21 and 22 are newly added. Claims 1-6, 8-16, and 18-22 are currently pending and have been considered below.

Response to Arguments
Applicant’s arguments, see pages 6-9, filed 08/23/2021, with respect to the rejections of claims 1-20 under 35 U.S.C. 103, have been considered but are moot because the arguments do not apply to any of the references being used in the current rejection.
Meanwhile, Applicant's amendment necessitated the new ground(s) of rejection under 35 USC § 112 as will be discussed below.

Claim Rejections - 35 USC § 112
The following is a quotation of the first paragraph of 35 U.S.C. 112(a):


The following is a quotation of the first paragraph of pre-AIA  35 U.S.C. 112:
The specification shall contain a written description of the invention, and of the manner and process of making and using it, in such full, clear, concise, and exact terms as to enable any person skilled in the art to which it pertains, or with which it is most nearly connected, to make and use the same, and shall set forth the best mode contemplated by the inventor of carrying out his invention.

Claims 1-6, 8-16, and 18-22 are rejected under 35 U.S.C. 112(a) or 35 U.S.C. 112 (pre-AIA ), first paragraph, as failing to comply with the written description requirement.  The claim(s) contains subject matter which was not described in the specification in such a way as to reasonably convey to one skilled in the relevant art that the inventor or a joint inventor, or for pre-AIA  the inventor(s), at the time the application was filed, had possession of the claimed invention.  
Amended claim 1 recites:
providing authorization data from the customization server in response to the user of the mobile device accessing the customization server independently of the mobile device to obtain the authorization data. (Emphasis added)

Here, this feature can be interpreted as “… the user of the mobile device accessing the customization server independently of the mobile device to obtain the authorization data.” However, in this case, the limitation “to obtain the authorization data” does not appear to be described within the Specification. In addition, Applicant does not specifically point out the support for the limitation. In this regard, Applicant’s Specification describes in the paragraph bridging pages 2 and 3, in part, that 
… a user of the mobile device accessing the customization server independently of the mobile device, receiving authorization data from the customization server that enables the mobile device to securely receive customization data from the customization server, and the mobile device using the authorization data to cause the customization server to provide the customization data to the mobile device... (Emphasis added)

In other words, the Specification describes that a user of the mobile device accesses the customization server, and as a result or in response, the mobile device receives the authorization data, but does not describe that a user of the mobile device accesses the customization server for the purpose of obtaining the authorization data. 
Claim 11 recites the same limitation as the limitation recited in claim 1. Thus, claim 11 is rejected by applying the same rationale used to reject claim 1 above. The Examiner suggests Applicant to point to specific language within the Specification that fully discloses the above noted limitation of claims 1, and 11, otherwise Applicant should amend the claims to recite limitations fully supported within Applicant’s Specification.
Claims 2-6, and 8-10 are rejected under 112(a) as being dependent from the rejected claim 1, and claims 12-16, and 18-22 are rejected under 112(a) as being dependent from the rejected claim 11.

The following is a quotation of 35 U.S.C. 112(b):
(b)  CONCLUSION.—The specification shall conclude with one or more claims particularly pointing out and distinctly claiming the subject matter which the inventor or a joint inventor regards as the invention.

The following is a quotation of 35 U.S.C. 112 (pre-AIA ), second paragraph:
The specification shall conclude with one or more claims particularly pointing out and distinctly claiming the subject matter which the applicant regards as his invention.

Claims 1-6, 8-16, and 18-22 are rejected under 35 U.S.C. 112(b) or 35 U.S.C. 112 (pre-AIA ), second paragraph, as being indefinite for failing to particularly point out and distinctly claim the subject matter which the inventor or a joint inventor, or for pre-AIA  the applicant regards as the invention.
Claim 1 recites the limitation “the customization data comprising at least one or more cryptographic keys specific to communication with at least one of a given service provider of the between at least one of a given service provider of the plurality of service providers and a user of the mobile device? 
Claim 11 recites the same limitation as the limitation recited in claim 1 discussed above. Thus, claim 11 is rejected by applying the same rationale used to reject claim 1 above.

Amended claim 1 further recites:
providing authorization data from the customization server in response to the user of the mobile device accessing the customization server independently of the mobile device to obtain the authorization data. (Emphasis added)

Here, this feature can be interpreted as “providing authorization data from the customization server … to obtain the authorization data.” However, in this case, it is unclear as to what is meant by this limitation. In other words, “providing authorization data from the customization server” means that the customization server already has the authorization data. Thus, it is unclear as to why the customization server should provide authorization data to obtain the authorization data? 
Claim 11 recites the same limitation as the limitation recited in claim 1. Thus, claim 11 is rejected by applying the same rationale used to reject claim 1 above. 
Claims 2-6, and 8-10 are rejected under 112(b) as being dependent from the rejected claim 1, and claims 12-16, and 18-22 are rejected under 112(b) as being dependent from the rejected claim 11.
 
Claim Rejections - 35 USC § 103
In the event the determination of the status of the application as subject to AIA  35 U.S.C. 102 and 103 (or as subject to pre-AIA  35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status.
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.


Claims 1, 5-6, 9, 11, 15-16, 19 and 21 are rejected under 35 U.S.C. 103 as being unpatentable over Jackson et al. (US2017/0295154 A1; hereinafter, “Jackson”) in view of Cahill (US10,044,695 B1; hereinafter, “Cahill”).

Regarding claim 1:
Jackson teaches:
A method of customizing an application on a mobile device, the application generic to at least one of a plurality of service providers or a plurality of users (para. [0002]: The instant disclosure generally relates to authenticating client applications to services; para. [0070]: In an embodiment, the computing device on which the client application is executing is a mobile computing device, such as a tablet, laptop, smart phone, or other smart device; para. [0045]: At some point in time after the respective registration and authentication of local services 208 a, 208 c, client application 210 may request (reference 238) a particular one of the local services, or may request knowledge of what local services are available within the environment 102. In the example message flow 215 shown in FIG. 3, client application 210 requests local service(s) (reference 238) by sending a service request to the discovery service 105, e.g., by using the static address of the discovery service 105. Included in the request 238 may be, for example, an indication of an identity and/or type of a particular requested service that is being requested by the client application 210 (e.g., an indication of the identity and/or the type of Service C 208 c) … --- Note that client application teaches an application; a mobile computing device (i.e., client) teaches a mobile device; authenticating client applications to services teaches a method of customizing an application; client application 210 may request a particular one of the local services teaches the application generic to at least one of a plurality of service providers or a plurality of users; 210a and 210b in Fig. 2 teaches service providers), the method comprising: 
storing customization data in a customization server that is independent of the mobile device, the customization data comprising at least one or more cryptographic keys specific to communication with at least one of a given service provider of the plurality of service providers or a user of the mobile device, and when used to modify the application, the customization data thereby changes the application to a customized application that is specific to at least one of the given service provider or the user of the mobile device (para. [0054]: The discovery service 105 may provide the generated session key and the address of Service C 208 c (e.g., the service's URL or Uniform Resource Locator, IP address, or similar service address) to the client application 210 (reference 245), and the discovery service 105 may notify the service 208 c of the generated session key (reference 248). Subsequently, the client application 210 may utilize the session key and the address of Service C 208 c to access the service's API (reference 250) to establish a secure communication session with the service 208 c and access thereto; para. [0021]: FIG. 1 depicts the discovery service 105 and the AA service 108 as being hosted on different nodes of the network 110 for clarity of discussion; however, in some embodiments, the discovery service 105 and the AA service 108 may be hosted on a same node. --- Notes that the discovery service 105 and the AA service 108 collectively (hereinafter, the discovery service 105) teaches a customization server; client teaches the mobile device; the discovery service 105 is independent of the client; the discovery service 105 provide the generated session key teaches storing customization data in a customization server; in this regard, the session key is generated and then providing to the client application, thus it is inherent that the discovery service 105 stores the session key in a memory or buffer at least for a while; utilize the session key to access the service's API (reference 250) to establish a secure communication session with the service 208 c teaches specific to communication with at least one of a given service provider of the plurality of service providers; the generated session key is provided to the client application 210, which teaches when used to modify the application, the customization data thereby changes the application to a customized application that is specific to at least one of the given service provider or the user of the mobile device; that is, the client application is changed to an authorized application); 
... the user of the mobile device accessing the customization server independently of the mobile device …, wherein the authorization data enables the mobile device to securely receive the customization data from the customization server (para. [0046]: Upon receipt of the local service request 238, the discovery service 105 may authenticate and/or authorize (reference 240) the client application 210 to verify or ensure the credentials of the client application 210; para. [0047]: In some embodiments, local service request 238 may include credentials corresponding to the client application 210. … Upon reception of the local service request 238 from the client application 210, the discovery service 105 may determine whether or not the client application's credentials have expired. If the respective client application's credentials have expired, the discovery service 105 may deny the client application's request for services 238. --- Notes that Upon reception of the local service request 238 from the client application 210 teaches the user of the mobile device accessing the customization server independently of the mobile device, here the term “accessing” is interpreted as “connecting”; deny the client application's request for services 238 teaches the authorization data enables the mobile device to securely receive the customization data from the customization server); and 
receiving the authorization data from the mobile device and causing the customization server to provide the customization data to the mobile device (para. [0045]: In the example message flow 215 shown in FIG. 3, client application 210 requests local service(s) (reference 238) by sending a service request to the discovery service 105 …. Included in the request 238 may be, for example, … an indication of a general request for available services, and/or a token. In an embodiment, the token may be an authentication token that is signed by the same party that assigned the address of the discovery service 105 … In an embodiment, the request for service(s) 238 may comprise a request for a key to an API (Application Programming Interface); para. [0046]: Upon receipt of the local service request 238, the discovery service 105 may authenticate and/or authorize (reference 240) the client application 210 to verify or ensure the credentials of the client application 210 para. [0054]: The discovery service 105 may provide the generated session key and the address of Service C 208 c (e.g., the service's URL or Uniform Resource Locator, IP address, or similar service address) to the client application 210 (reference 245); para. [0079]: The session key and the secured connection may thereby provide the client application access to the registered local service provided by the node. --- Note that included in the request 238 may be, for example, a token (an authentication token) teaches receiving the authorization data from the mobile device; upon receipt of the local service request 238, the discovery service 105 may authenticate and/or authorize (reference 240) the client application 210 to verify or ensure the credentials of the client application 210 and provide the generated session key to the client application, which teaches causing the customization server to provide the customization data to the mobile device), wherein the customization data enables the mobile device to change the application to the customized application (para. [0054]: The discovery service 105 may provide the generated session key and the address of Service C 208 c (e.g., the service's URL or Uniform Resource Locator, IP address, or similar service address) to the client application 210 (reference 245), and the discovery service 105 may notify the service 208 c of the generated session key (reference 248). Subsequently, the client application 210 may utilize the session key and the address of Service C 208 c to access the service's API (reference 250) to establish a secure communication session with the service 208 c and access thereto. --- Note that the generated session key is provided to the client application 210 to access the service's API (reference 250) to establish a secure communication session with the service 208 c, which teaches when used to modify the application, the customization data thereby changes the application to a customized application that is specific to at least one of the given service provider or the user of the mobile device; that is, the client application is changed to an authorized application).
Jackson is silent about:
providing authorization data from the … server in response to … the user … accessing the ... server … to obtain the authorization data.
Cahill, in the same field of endeavor, taches:
providing authorization data from the … server in response to … the user … accessing the ... server … to obtain the authorization data (col. 17, ll. 30-35: The process 900 includes a series of operations wherein an end user downloads an application, installs the application, and runs the application. In 902, a provider, such as a computing resource service provider or an online marketplace provider, receives a request to download an application from an online marketplace; col. 17, ll. 39-49: In 904, the provider provides the application files to the end user. … As described in reference to 708 of FIG. 7 and elsewhere, the end user application may have individualized credentials. In some cases, the individualized credentials may include a measurement and a product key determined by the provider before or at the time that the application is downloaded by the end use; col. 17, ll. 56-62: In 906, after installing or during the installation, the provider may receive a request to register the application. The request may include an application identifier and a measurement of the application that the provider may use to validate the installed application against recorded measurements, such as the measurements registered in the process 800 of FIG. 8; col. 2, ll. 13-19: The application may be provided an identity with the computing resource service provider that can be authenticated, at least in part, using the measurement. For example, applications attempting to access the resources can provide the measurement to enable the service provider to use the measurement to determine that the applications are valid, unadulterated copies. --- Note that resource service provider corresponds to the server; the end user corresponds to the user; the provider provides the individualized credentials (included in the application) to the end user in response to a request to download an application, which teaches providing authorization data from the server in response to the user accessing the server; the provider receive an application identifier and a measurement of the application (included in a request to register the application), which corresponds to obtain the authorization data from the mobile device; here, an application identifier and a measurement of the application is the individualized credentials received from the resource service provider; further note that this limitation is not supported by the specification as the reason stated in the 112(a) rejection, thus it is interpreted as providing authorization data from the server in response to the user accessing the server to obtain the authorization data).
Thus, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to modify Jackson’s system by enhancing Jackson’s system to provide the client with the individualized credentials of the client application, as taught by Cahill, in order to confirm the validity of the application. 
The motivation is to prevent an unauthorized party from accessing to provider resources by tempering the application.

Regarding claim 5:
Jackson in view of Cahill teaches:
The method, according to claim 1.
Jackson teaches:
wherein customizing the application allows the mobile device to access a user service on behalf of the user (para. [0052]: For example, the client application 210 may directly transmit an API request including the session key to the local service 208 c (reference 250), and the service 208 c may respond with an API response (reference 252), thereby establishing a direct, secured communication session between the client application 210 and Service C 208 c via the service's API. --- Note that establishing a direct, secured communication session between the client application 210 and Service C 208 c teaches customizing the application allows the mobile device to access a user service on behalf of the user).  

Regarding claim 6:
Jackson in view of Cahill teaches:
The method, according to claim 5.
Jackson teaches:
wherein the user service is provided by the given service provider (para. [0055]: For example, more than one service (or even all services) that are provided by the environmental service provider of the environment 102 may share a common, standard API via which they may be accessed within the environment 102. --- Note that more than one service (or even all services) that are provided by the environmental service provider teaches the user service is provided by the given service provider).  

Regarding claim 9:
Jackson in view of Cahill teaches:
The method, according to claim 1.
Jackson is silent about:
wherein a template is used to populate the customization data.  
Cahill teaches:
wherein a template is used to populate the customization data (Fig. 7 and col. 15, ll. 22-27: The online marketplace interface 700 may also provide tools (e.g., “Add Application,” “Edit,” “Remove Application,” etc.) for uploading applications, editing information and changing attributes about the applications, such as changing a status (“Obsolete” vs. “Current”) or setting a sell price for the applications. --- Note that Fig. 7 which populates credentials, teaches a template is used to populate the customization data; further note that the claim and the specification do not exactly specify what is meant by the template, thus for the sake of examination, it is interpreted as any template or form).  
Thus, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to modify Jackson’s system by enhancing Jackson’s system to provide a graphic user interface, as taught by Cahill, in order to provide the user with the convenience to input credentials. 
The motivation is to allow the user to input the credentials conveniently and easily by providing a graphic user interface.


Regarding claim 11:
Claim 11 recites a non-transitory computer-readable medium which corresponds to the method of claim 1, and additionally contains executable code. However, Jackson teaches executable code (para. [0022]: A “node,” as generally referred to herein, may comprise one or more computing devices having one or more processors, a network interface, and one or more memories storing computer-executable instructions. The instructions may be executed by the processor(s) to perform one or more actions). Therefore, claim 11 is rejected by applying the same rationale used to reject claim 1 above.

Regarding claim 15:
Claim 15 recites the non-transitory computer-readable medium which corresponds to the method of claim 5, and contains no additional limitation. Therefore, claim 15 is rejected by applying the same rationale used to reject claim 5 above.

Regarding claim 16:
Claim 16 recites the non-transitory computer-readable medium which corresponds to the method of claim 6, and contains no additional limitation. Therefore, claim 16 is rejected by applying the same rationale used to reject claim 6 above.

Regarding claim 19:
Claim 19 recites the non-transitory computer-readable medium which corresponds to the method of claim 9, and contains no additional limitation. Therefore, claim 19 is rejected by applying the same rationale used to reject claim 9 above.

Regarding claim 21:
Jackson in view of Cahill teaches:
The non-transitory computer-readable medium, according to claim 11.
Jackson further teaches:
wherein the one or more cryptographic keys are specific to communication between the given service provider and the user of the mobile device (para. [0054]: The discovery service 105 may provide the generated session key and the address of Service C 208 c (e.g., the service's URL or Uniform Resource Locator, IP address, or similar service address) to the client application 210 (reference 245), and the discovery service 105 may notify the service 208 c of the generated session key (reference 248). Subsequently, the client application 210 may utilize the session key and the address of Service C 208 c to access the service's API (reference 250) to establish a secure communication session with the service 208 c and access thereto; para. [0021]: FIG. 1 depicts the discovery service 105 and the AA service 108 as being hosted on different nodes of the network 110 for clarity of discussion; however, in some embodiments, the discovery service 105 and the AA service 108 may be hosted on a same node. --- Notes that utilize the session key to access the service's API (reference 250) to establish a secure communication session with the service 208 c teaches the one or more cryptographic keys are specific to communication between the given service provider and the user of the mobile device).

Claims 2-4, 8, 12-14, 18, and 22 are rejected under 35 U.S.C. 103 as being unpatentable over Jackson et al. (US2017/0295154 A1; hereinafter, “Jackson”) in view of Cahill (US10,044,695 B1; hereinafter, “Cahill”), and further in view of Harris (US 2015/0089591 A1; hereinafter, “Harris”).

Regarding claim 2:
Jackson in view of Cahill teaches:
The method, according to claim 1.
Jackson in view of Cahill is silent about:
wherein the authorization data is provided by at least one of postal message, email message, an SMS text message, or a visual code provided on a screen of a computer used to access the customization server.  
Harris, in the same field of endeavor, teaches: 
(FIG. 3 & para. [0065]: In step S3-2, the computing apparatus 10 receives and displays the web page information. In this example, the web page information comprises a “Login” page 110. The “Login” page 110 is as described with reference to FIG. 2 and comprises the encoded information item 312, which is in this example is a graphical object (GO), in particular a “quick response” (QR) code). --- It is noted that the web page information comprises a “Login” page 110, which teaches the authorization data; FIG. 3 teaches the QR code is displayed on a screen of the computing apparatus, which access the server apparatus).  
Thus, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to modify Jackson in view of Cahill’s system by enhancing Jackson in view of Cahill’s system to provide the credentials by visual code, as taught by Harris, in order to increase the complexity of the authentication system. 
The motivation is to allow the user to input the credentials quickly and easily by using machine-accessible codes such as QR code and Bar code.

Regarding claim 3:
Jackson in view of Cahill and Harris teaches:
The method, according to claim 4, further comprising …
Jackson in view of Cahill is silent about:
receiving credential information from the user via the computer to access the customization server.
Harris teaches:
receiving credential information from the user via the computer to access the customization server (FIG. 3 & para. [0064]: In step S3-1, the first server apparatus 14 provides the computing apparatus 10 with web page information. The provision of the web page information may be in response to a request received from the computing apparatus 10 following receipt at the computing apparatus 10 of a user input; para. [0065]: In step S3-2, the computing apparatus 10 receives and displays the web page information. In this example, the web page information comprises a “Login” page 110. The “Login” page 110 is as described with reference to FIG. 2 and comprises the encoded information item 312, which is in this example is a graphical object (GO), in particular a “quick response” (QR) code. --- It is noted that FIG. 3 teaches the user uses the computer to provide credential information to access the customization server).
The motivation for claim 2 is applicable for claim 3.

Regarding claim 4:
Jackson in view of Cahill and Harris teaches:
The method, according to claim 2.
Jackson in view of Cahill is silent about:
wherein the authorization data is provided by the visual code on the screen of the computer and is configured for capture by the mobile device (FIG. 3 & para. [0065]: In step S3-2, the computing apparatus 10 receives and displays the web page information. In this example, the web page information comprises a “Login” page 110. The “Login” page 110 is as described with reference to FIG. 2 and comprises the encoded information item 312, which is in this example is a graphical object (GO), in particular a “quick response” (QR) code); para. [0072]: In step S3-3, the GO 312 is obtained by the mobile device 12. This may involve the user of the device 12 taking a photograph of the GO 312 with a camera of the device 12. --- It is noted that displays the web page information comprising a “Login” page 110 teaches the authorization data; QR code teaches the visual code; taking a photograph teaches captures).  
The motivation for claim 2 is applicable for claim 4.

Regarding claim 8:
Jackson in view of Cahill teaches:
The method, according to claim 6.
Jackson in view of Cahill is silent about:
wherein the user service is banking.  
Harris teaches:
	wherein the user service is banking (para. [0088]: The GO may also comprise an information item identifying (or allowing identification by the application of) a banking establishment to which the monies are to be paid. --- Note that a banking establishment teaches banking).  
Thus, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to modify Jackson in view of Cahill’s system by enhancing Jackson in view of Cahill’s system to apply the method for authenticating applications to the banking service, as taught by Harris, in order to provide secure user access to its own account. 
The motivation is to protect client’s banking account from unauthorized accessing by preventing spoofing of the codes or interception of information during the log-in process.

Regarding claim 12:
Claim 12 recites the non-transitory computer-readable medium which corresponds to the method of claim 2, and contains no additional limitation. Therefore, claim 12 is rejected by applying the same rationale used to reject claim 2 above.

Regarding claim 13:


Regarding claim 14:
Claim 14 recites the non-transitory computer-readable medium which corresponds to the method of claim 4, and contains no additional limitation. Therefore, claim 14 is rejected by applying the same rationale used to reject claim 4 above.

Regarding claim 18:
Claim 18 recites the non-transitory computer-readable medium which corresponds to the method of claim 8, and contains no additional limitation. Therefore, claim 18 is rejected by applying the same rationale used to reject claim 8 above.

Regarding claim 22:
Claim 22 recites the non-transitory computer-readable medium which corresponds to the method of claim 2, and contains the limitation “teaches graphical customization information” instead of “postal message, email message, an SMS text message, or a visual code.” 
However, Harris describes in para. [0036] that the encoded information item 112 is a graphical object (GO) (which is depicted in the Figures as a “quick response” (QR) code). It will be appreciated that various other types of graphical object may instead be used. Examples of such are barcodes, fractal patterns and moving images. Thus, graphical object teaches graphical customization information. Further note that the claim does not specify how the graphical customization information customize the look of the application, thus the limitation “for customizing the look of the application” is interpreted as intended use. 
.

Claims 10, and 20 are rejected under 35 U.S.C. 103 as being unpatentable over Jackson et al. (US2017/0295154 A1; hereinafter, “Jackson”) in view of Cahill (US10,044,695 B1; hereinafter, “Cahill”), and further in view of Bronshtein et al. (US 9,774,590 B1; hereinafter “Bronshtein”).

Regarding claim 10:
Jackson in view of Cahill teaches:
The method, according to claim 1.
Jackson in view of Cahill is silent about:
wherein certificate pinning is used to require that the mobile device only communicate with predetermined customization servers.  
Bronshtein, in the same field of endeavor, teaches:
wherein certificate pinning is used to require that the mobile device only communicate with predetermined customization servers (col. 5, ll. 1-7: To authenticate a server security certificate, a client may perform “certificate pinning”. In performing certificate pinning, a client may extract particular information from a security certificate; col. 5, ll. 21-25: For example, FIG. 1 illustrates client 102 performing certificate pinning 150. In performing the certificate pinning, client 102 may extract the public key of server 104 from a security certificate received from server 104 (e.g., in the server hello); col. 2, ll. 57-60:  Clients may be, or include, programs operating on a computer, or within a virtual machine of a computer. Clients may be, or include, “apps”, such as those used on a mobile device (e.g., a cell phone or tablet computer)).
Thus, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to modify Jackson in view of Cahill’s system by enhancing 
In this regard, Bronshtein describes that the attacker may then intercept communications between the client and an intended server. The attacker may simply monitor the communications, for example to “snoop” the client information, or may communicate the information to an unauthorized user (e.g., to extract a credit card number for unauthorized use by another). An attacker may modify information in the communications, for example, to expose the client to malware that then may be installed on the client computer. (Bronshtein, col. 3, ll. 38-46).
Thus, the motivation is to protect the system and information from attackers and unauthorized users by assuring that the mobile device communicates with the actual intended server using the certificate pinning.

Regarding claim 20:
Claim 20 recites the non-transitory computer-readable medium which corresponds to the method of claim 10, and contains no additional limitation. Therefore, claim 10 is rejected by applying the same rationale used to reject claim 10 above.

Conclusion
Any inquiry concerning this communication or earlier communications from the examiner should be directed to WANSIK YOU whose telephone number is (571)270-3360.  The examiner can normally be reached on 7:30-5:30 M-Th.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is 
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, ASHOKKUMAR PATEL can be reached on (571)-272-3972.  The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system.  Status information for published applications may be obtained from either Private PAIR or Public PAIR.  Status information for unpublished applications is available through Private PAIR only.  For more information about the PAIR system, see https://ppair-my.uspto.gov/pair/PrivatePair. Should you have questions on access to the Private PAIR system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative or access to the automated information system, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.
/W.Y./Examiner, Art Unit 2491                                                                                                                                                                                                        





/ASHOKKUMAR B PATEL/Supervisory Patent Examiner, Art Unit 2491