DETAILED ACTION
Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .

	The claims 1-13, 15-17, 19-20 and 22-23 are pending.

Examiner’s Notes
	The claims have been analyzed under 35 U.S.C. 101 using the "2019 Revised Patent Subject Matter Eligibility Guidance" and is found to be subject matter eligible under 35 U.S.C. 101.  The claims have been found to be directed to a judicial exceptions but reciting additional elements that integrate the judicial exception into a practical application, thus satisfying the Step 2A Prong Two analysis.  Therefore, the claims qualify as eligible statutory subject matter under 35 U.S.C. 101.

Claim Objections
Claim 5 objected to because of the following informalities:  line 2 “store an device location” should read “store a device location”.  Appropriate correction is required.

	
Claim Rejections - 35 USC § 103
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.

Claims 1-13, 15-17, 19-20 and 22-23 are rejected under 35 U.S.C. 103 as being unpatentable over McDowell et al. (US Pub No 2009/0260064) in view of Hiroaki Towata (UB Pub No 2019/0386985).
With respect to claim 1, McDowell teaches  an apparatus for secure access credential management, the apparatus comprising at least one processor and at least one non-transitory memory including computer program code, the at least one non-transitory memory and the computer program code, with the at least one processor, configure the apparatus to: 
receive, from a client device, an authentication request data object, associated with an external system (e.g., receive from a user device transaction data @ ¶ 0064 and Fig. 6 #122 and identifier/pair with entity data @ ¶ 0065 and Fig. 6 #130); 
identify device identification information based on the authentication request data object, wherein the device identification information is associated with the client device (e.g., the received transaction data including entity data coupled with automatic transmittal of device identifiers @ ¶ 0064-0065 and Fig. 6 #130); 
compare the device identification information with a permissioned device information data object (e.g., in response to receiving the entity/device identifiers by the verification system at step 134, the pair is compared with records stored on merchant-side database to determine whether the pair is valid @ ¶ 0066 and Fig. 6 #136-138); and 
transmit an authentication information data object (e.g., if the entity data/device identifier pair provided by merchant server matches a record stored on verification system, then at step 144 verification system sends notification to merchant server that the transaction has been verified @ ¶ 0068 and Fig. 6 #144-146).
McDowell disclose receiving a request with a device identifier to access an external system, comparing the device identifier against approved database, and sending a verified notification message if the device identifier matches as discussed above but does not explicitly disclose identify access credentials associated with the external system and transmit an authentication information data object comprising the access credentials to the client device.  However, Towata teaches identify access credentials associated with the external system (e.g., upon successful login, external service inquires whether Server A is allowed to access External Service, which teaches the identifying of access credentials associated with the external service @ ¶ 0081 and Fig. 4 #424) and transmit an authentication information data object comprising the access credentials to the client device (e.g.,  External Service issues first and second tokens to the client device @ ¶ 0081-0082 and Fig. 4 #428-430).  Therefore, based on McDowell in view of Towata, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to utilize the teaching of Towata to the system of McDowell in order to incorporate an authentication server providing token for accessing services provided by an external apparatus (¶ 0004).

With respect to claim 2, McDowell further teaches wherein to identify the device identification information, the apparatus is configured to: parse the authentication request data object to identify the device identification information included in the authentication request data object by a trusted third-party system (e.g., the transaction data comprising device identifiers ¶ 0064-0065).

With respect to claim 3, Towata further teaches wherein to identify the device identification information, the apparatus is configured to: transmit, to a trusted third-party system, a third-party authentication request data object configured based on the authentication request data object; and receive the device identification information from the trusted third-party system in response to the third-party authentication request data object (e.g., receiving the authenticated tokens based on user authentication @ ¶ 0081-0082 and Fig. 4 #428-430).  The motivation to combine Towata with McDowell remains the same as claim 1 above.



	With respect to claim 5, McDowell further teaches the apparatus further configured to: store an device location event record, an authentication record, or both, to at least one record datastore based on the authentication request data object (e.g., storing the event location @ Claim 15).

	With respect to claim 6, McDowell further teaches the apparatus further configured to: receive permissible device information from the client device or an admin device; and update the permissioned device information data object to include the permissible device information (e.g., registering device information @ ¶ 0033 and 0084).

	With respect to claim 7, Towata further teaches the apparatus further configured to: retrieve the permissioned device information data object from a third-party directory management service (e.g., compares received device identifier to set of authorized device identifiers stored in a data store ¶ 0077).  The motivation to combine Towata with McDowell remains the same as claim 1 above.

With respect to claim 8, McDowell further teaches the apparatus further configured to: receive the access credentials from the client device; and update the permissioned device information data object to include the device identification information (e.g., client device registering device information as permissioned device information @ ¶ 0033 and 0084).



	With respect to claim 10, McDowell further teaches the apparatus further configured to: receive a permission removal request data object associated with removal device identification information; and update the permissioned device information data object to remove the removal device identification information (e.g., deregistering a device @ ¶ 0083-0084 and Fig. 3 #68).

	With respect to claim 11, McDowell further teaches the apparatus further configured to: receive supplemental information associated with the client device via at least one other networked connection, wherein the apparatus is configured to identify the device identification information based on the authentication request data object and at least a portion of the supplemental information (e.g., receiving out-of-band supplemental information @ ¶ 0085, 0051-0052 & Fig. 4 #90-92).

The limitations of claim 12 are substantially similar to claim 1 above, and therefore the claim is likewise rejected.

The limitations of claim 13 are substantially similar to claim 2 above, and therefore the claim is likewise rejected.



The limitations of claim 16 are substantially similar to claim 5 above, and therefore the claim is likewise rejected.

The limitations of claim 17 are substantially similar to claim 6 above, and therefore the claim is likewise rejected.

The limitations of claim 19 are substantially similar to claim 8 above, and therefore the claim is likewise rejected.

The limitations of claim 20 are substantially similar to claim 9 above, and therefore the claim is likewise rejected.

The limitations of claim 22 are substantially similar to claim 11 above, and therefore the claim is likewise rejected.

The limitations of claim 23 are substantially similar to claim 1 above, and therefore the claim is likewise rejected.

Conclusion
The prior art made of record and not relied upon is considered pertinent to applicant's disclosure. Particularly, prior art by Wendell Brown (US Pub No 2017/0195339) discloses relevant system for comparing authentication strings in order to authorize a user device’s action or request.

Any inquiry concerning this communication or earlier communications from the examiner should be directed to CHAU LE whose telephone number is (571)270-7217. The examiner can normally be reached M-F 8:00-5:00.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, CARL COLIN can be reached on (571) 272-3862. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. Visit https://www.uspto.gov/patents/apply/patent-center for more information about Patent Center and https://www.uspto.gov/patents/docx for information about filing in DOCX format. For additional questions, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.

/CHAU LE/Primary Examiner, Art Unit 2493