DETAILED ACTION
Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .
1.  This in response to the arguments filed on 14 March 2022.
2.  Claims 1, 3-11, 13-21 and 23-26 are pending in the application.
3.  Claims 1, 3-11, 13-21 and 23-26 have been rejected.
4.  Claims 2, 12 and 22 have been cancelled.
Information Disclosure Statement
5.  The examiner has considered the information disclosure statement (IDS) filed on 11 February 2022 (2), 29 October 2021 and 02 March 2022 (2).
Response to Arguments
6.  Applicant's arguments filed 14 March 2022 have been fully considered but they are not persuasive.
On page 8 the applicant argues that Momchilov does not at least describe “a synchronization processor comprising hardware circuitry to share at least a portion of the authentication data with a second instance of the authenticator associated with a second appl to be executed on the apparatus, wherein to share the portion of the authentication data comprises providing initial user verification reference data to the second instance of the authenticator”.  The applicant argues that while Momchilov appears to disclose that “the vault database may store common secrets shared between registered applications, such as access gateway tickets, SAML tokens, certificates, common policies, and the like (paragraph [0088 and [0091]), Momchilov fails to describe sharing of initial user verification data between applications as none of the access gateway tickets, SAML tokens, certificates, common policies are for user verification.  The applicant argues that common secrets disclosed therein are shared between applications rather than between different instances of the authenticator associated with each respective application.
The examiner respectfully disagrees.  Momchilov discloses different applications utilize a shared memory to exchange common secrets and that the shared memory is configured to store a shared vault which is encrypted using device entropy [0091].  Momchilov discloses that a master app can initially create the shared vault of the secret data (i.e. which would constitute the initial user verification reference data) [0106].  Therefore, the initially created secrets are shared with the other applications.  Furthermore, the examiner asserts that Momchilov discloses the second instance in that the secrets are shared with other applications that perform authentication.  
Claim Rejections - 35 USC § 102
In the event the determination of the status of the application as subject to AIA  35 U.S.C. 102 and 103 (or as subject to pre-AIA  35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status.  
The following is a quotation of the appropriate paragraphs of 35 U.S.C. 102 that form the basis for the rejections under this section made in this Office action:
A person shall be entitled to a patent unless –

(a)(1) the claimed invention was patented, described in a printed publication, or in public use, on sale, or otherwise available to the public before the effective filing date of the claimed invention.


7.  Claim(s) 1, 3, 10, 11, 13, 21, 23 and 26 is/are rejected under 35 U.S.C. 102(a)(1) as being anticipated by Momchilov et al US 2016/0191499 A1 (hereinafter Momchilov).
As to claim 1, Momchilov discloses an apparatus comprising: 
a first instance of an authenticator associated with a first app to allow a user of the first app to authenticate with a first relying party (i.e. application 410a) [0091 and figure 4]; 
a hardware secure key store accessible by the first instance of the authenticator to securely store authentication data related to the first app (i.e. vault database storing per app secrets) [0091 and figure 4]; 
a synchronization processor comprising hardware circuitry to share at least a portion of the authentication data with a second instance of the authenticator associated with a second app to be executed on the apparatus (i.e. vault shares 
As to claim 3, Momchilov discloses the apparatus of claim 2 wherein the initial user verification reference data comprises at least one of a personal identification number (PIN) [abstract], a password [abstract], a pattern, and a biometric template [0064]. 
As to claim 10, Momchilov discloses the apparatus of claim 1 wherein the synchronization processor is to perform encryption of the at least a portion of the authentication data (i.e. encrypted vault database) [0091]. 
As to claim 11, Momchilov discloses a method comprising: 
installing, on a client device, a first instance of an authenticator associated with a first app to allow a user of the first app to authenticate with a first relying party (i.e. application 410a) [0091 and figure 4], the first instance of the authenticator to securely store authentication data related to the first app (i.e. application specific entropy may be stored in application memory) [0092]; 
sharing at least a portion of the authentication data with a second instance of the authenticator associated with a second app to be executed on the client device (i.e. vault shares secrets with other apps) [0091]; and

As to claim 13, Momchilov discloses the method of claim 12 wherein the initial user verification reference data comprises at least one of a personal identification number (PIN) [abstract], a password [abstract], a pattern, and a biometric template [0064]. 
As to claim 21, Momchilov discloses a machine-readable medium having program code stored thereon which, when executed by one or more computing devices, causes the one or more computing devices to perform the operations of: 
installing, on a client device, a first instance of an authenticator associated with a first app to allow a user of the first app to authenticate with a first relying party (i.e. application 410a) [0091 and figure 4], the first instance of the authenticator to securely store authentication data related to the first app (i.e. application specific entropy may be stored in application memory) [0092]; 
sharing at least a portion of the authentication data with a second instance of the authenticator associated with a second app to be executed on the client device (i.e. vault shares secrets with other apps) [0091]; and
providing initial user verification reference data to the second instance of the authenticator (i.e. credentials that are enrolled) [0137]. 

As to claim 26, Momchilov discloses the apparatus of claim 1, further comprising a second synchronization processor associated with the second app, wherein the second synchronization processor is to transmit, to a backend service, the at least portion of the authentication data received from the synchronization processor to establish an authentication session with the backend service (i.e. authenticate with services or servers) [0062].
Claim Rejections - 35 USC § 103
In the event the determination of the status of the application as subject to AIA  35 U.S.C. 102 and 103 (or as subject to pre-AIA  35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status.  
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.

The factual inquiries for establishing a background for determining obviousness under 35 U.S.C. 103 are summarized as follows:
1. Determining the scope and contents of the prior art.
2. Ascertaining the differences between the prior art and the claims at issue.
3. Resolving the level of ordinary skill in the pertinent art.

8.  Claims 4, 5, 14, 15, 20, 24 and 25 is/are rejected under 35 U.S.C. 103 as being unpatentable over Momchilov et al US 2016/0191499 A1 (hereinafter Momchilov) as applied to claims 1, 11 and 21 above, and further in view of Huapaya et al US 2020/0177563 A1 (hereinafter Huapaya).
As to claim 4, Momchilov does not teach the apparatus of claim 1 wherein the synchronization processor comprises a first synchronization processor associated with the first app, wherein a second synchronization processor associated with the second app is to transmit an endorsement request to the first synchronization processor, the first synchronization processor to responsively transmit an endorsement response to the second synchronization processor including the at least a portion of the authentication data. 
Huapaya teaches that the synchronization processor comprises a first synchronization processor associated with the first app, wherein a second synchronization processor associated with the second app is to transmit an endorsement request to the first synchronization processor, the first synchronization processor to responsively transmit an endorsement response to the second synchronization processor including the at least a portion of the authentication data (i.e. mutual authentication between two applications and sending authentication such as a derived symmetric key) [0022]. 
Therefore, it would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains to have modified Momchilov so that the synchronization processor would have comprised a first synchronization processor associated with the first app.  A second synchronization processor would have been associated with the second app were to transmit an endorsement request to the first synchronization processor.  The first synchronization processor to have responsively transmitted an endorsement response to the second synchronization processor including the at least a portion of the authentication data. 
It would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains to have modified Momchilov by the teaching of Huapaya because it provides a system that is less expensive, quicker and more secure than the known solution using a PKI technology [0010].
As to claim 5, Momchilov does not teach the apparatus of claim 4 wherein the at least a portion of the authentication data comprises a first key associated with the first authenticator.
Huapaya teaches that the at least a portion of the authentication data comprises a first key associated with the first authenticator (i.e. derived symmetric key) [0022].
Therefore, it would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains to have modified Momchilov so that the at least a portion of the authentication data would have comprised a first key associated with the first authenticator.
It would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains to have modified Momchilov by the teaching of Huapaya because it provides a system that is less expensive, quicker and more secure than the known solution using a PKI technology [0010].
As to claim 14, Momchilov does not teach the method of claim 11 wherein the first app is associated with a first synchronization processor to share the at least a portion of the authentication data with a second synchronization processor, wherein the second synchronization processor associated with the second app is to transmit an endorsement request to the first synchronization processor, the first synchronization processor to responsively transmit an endorsement response to the second synchronization processor including the at least a portion of the authentication data. 
Huapaya teaches that the synchronization processor is associated with a first synchronization processor associated with the first app, wherein the second synchronization processor is to transmit an endorsement request to the first synchronization processor, the first synchronization processor to responsively transmit an endorsement response to the second synchronization processor including the at least a portion of the authentication data (i.e. mutual authentication between two applications and sending authentication such as a derived symmetric key) [0022]. 
Therefore, it would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains to have modified Momchilov so that the synchronization processor would have comprised a first synchronization processor associated with the first app.  A second synchronization processor would have been were to transmit an endorsement request to the first synchronization processor.  The first synchronization processor to have responsively transmitted an endorsement response to the second synchronization processor including the at least a portion of the authentication data. 
It would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains to have modified Momchilov by the teaching of Huapaya because it provides a system that is less expensive, quicker and more secure than the known solution using a PKI technology [0010].
As to claim 15, Momchilov does not teach the method of claim 14 wherein the at least a portion of the authentication data comprises a first key associated with the first authenticator.
Huapaya teaches that the at least a portion of the authentication data comprises a first key associated with the first authenticator (i.e. derived symmetric key) [0022].
Therefore, it would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains to have modified Momchilov so that the at least a portion of the authentication data would have comprised a first key associated with the first authenticator.
It would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains to have modified Momchilov by the teaching of Huapaya because it provides a system that is less expensive, quicker and more secure than the known solution using a PKI technology [0010].
As to claim 20, Momchilov teaches the method of claim 11 wherein the synchronization processor is to perform encryption of the at least a portion of the authentication data (i.e. encrypting the updated information) [column 13, lines 49-67].
As to claim 24, Momchilov does not teach the machine-readable medium of claim 21 wherein the first app comprises a first synchronization processor to share the at least a portion of the authentication data with a second synchronization processor associated with the second app, wherein a second synchronization processor associated with the second app is to transmit an endorsement request to the first synchronization processor, the first synchronization processor to responsively transmit an endorsement response to the second synchronization processor including the at least a portion of the authentication data. 
Huapaya teaches that the synchronization processor comprises a first synchronization processor associated with the first app, wherein a second synchronization processor associated with the second app is to transmit an endorsement request to the first synchronization processor, the first synchronization processor to responsively transmit an endorsement response to the second synchronization processor including the at least a portion of the authentication data (i.e. mutual authentication between two applications and sending authentication such as a derived symmetric key) [0022]. 
Therefore, it would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains to have modified Momchilov so that the synchronization processor would have comprised a first synchronization processor associated with the first app.  A second synchronization processor would have been associated with the second app were to transmit an endorsement request to the first synchronization processor.  The first synchronization processor to have responsively transmitted an endorsement response to the second synchronization processor including the at least a portion of the authentication data. 
It would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains to have modified Momchilov by the teaching of Huapaya because it provides a system that is less expensive, quicker and more secure than the known solution using a PKI technology [0010].
As to claim 25, Momchilov does not teach the machine-readable medium of claim 24 wherein the at least a portion of the authentication data comprises a first key associated with the first authenticator.
Huapaya teaches that the at least a portion of the authentication data comprises a first key associated with the first authenticator (i.e. derived symmetric key) [0022].
Therefore, it would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains to have modified Momchilov so that the at least a portion of the authentication data would have comprised a first key associated with the first authenticator.
It would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains to have modified Momchilov by the teaching of Huapaya because it provides a system that is less expensive, quicker and more secure than the known solution using a PKI technology [0010].
9.  Claims 6 and 16 is/are rejected under 35 U.S.C. 103 as being unpatentable over Momchilov et al US 2016/0191499 A1 (hereinafter Momchilov) and Huapaya et al US 2020/0177563 A1 (hereinafter Huapaya) as applied to claims 4 and 14 above, and further in view of Lewis U.S. Patent No. 8,132,017 B1.
As to claim 6, the Momchilov-Huapaya combination does not teach the apparatus of claim 4 wherein the first synchronization processor and second synchronization processor are to exchange messages to share updated user verification reference data. 
Lewis teaches that the first synchronization processor and second synchronization processor are to exchange messages to share updated user verification reference data (i.e. exchange of synchronization messages to update password data) [column 7, lines 56-67]. 
Therefore, it would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains to have modified the Momchilov-Huapaya combination so that the first synchronization processor and second synchronization processor would have exchanged messages to share updated user verification reference data. 
It would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains to have modified the Momchilov-Huapaya combination by the teaching of Lewis because it provides a mechanism for allowing a network user to utilize a single password for access to the disparate network resources [column 1 line 46 to column 2 line 2].
As to claim 16, the Momchilov-Huapaya combination does not teach the method of claim 14 wherein the first synchronization processor and second synchronization processor are to exchange messages to share updated user verification reference data. 
Lewis teaches that the first synchronization processor and second synchronization processor are to exchange messages to share updated user verification reference data (i.e. exchange of synchronization messages to update password data) [column 7, lines 56-67]. 
Therefore, it would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains to have modified the Momchilov-Huapaya combination so that the first synchronization processor and second synchronization processor would have exchanged messages to share updated user verification reference data. 
It would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains to have modified the Momchilov-Huapaya combination by the teaching of Lewis because it provides a mechanism for allowing a network user to utilize a single password for access to the disparate network resources [column 1 line 46 to column 2 line 2].
10.  Claims 7 and 17 is/are rejected under 35 U.S.C. 103 as being unpatentable over Momchilov et al US 2016/0191499 A1 (hereinafter Momchilov) and Huapaya et al US 2020/0177563 A1 (hereinafter Huapaya) as applied to claims 4 and 14 above, and further in view of Adrangi et al US 2016/0373257 A1 (hereinafter Adrangi).
As to claim 7, the Momchilov-Huapaya combination does not teach the apparatus of claim 4 wherein the endorsement request comprises one or more authentication public keys. 
Adrangi teaches that the endorsement request comprises one or more authentication public keys (i.e. requests for attestation includes public key) [0026].
Therefore, it would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains to have modified the Momchilov-Huapaya combination so that the endorsement request would have comprised one or more authentication public keys.
It would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains to have modified the Momchilov-Huapaya combination by the teaching of Adrangi because it facilitates many-to-many or any-to-any data transmission without infrastructure support [0003].
As to claim 17, the Momchilov-Huapaya combination does not teach the method of claim 14 wherein the endorsement request comprises one or more authentication public keys.
Adrangi teaches that the endorsement request comprises one or more authentication public keys (i.e. requests for attestation includes public key) [0026].
Therefore, it would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains to have modified the Momchilov-Huapaya combination so that the endorsement request would have comprised one or more authentication public keys.
It would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains to have modified the Momchilov-Huapaya combination by the teaching of Adrangi because it facilitates many-to-many or any-to-any data transmission without infrastructure support [0003].
11.  Claims 8 and 18 is/are rejected under 35 U.S.C. 103 as being unpatentable over Momchilov et al US 2016/0191499 A1 (hereinafter Momchilov) and Huapaya et al US 2020/0177563 A1 (hereinafter Huapaya) as applied to claims 4 and 14 above, and further in view of Cai et al US 2017/0289140 A1 (hereinafter Cai).
As to claim 8, the Momchilov-Huapaya combination does not teach the apparatus of claim 4 wherein the endorsement response includes a session token. 
Cai teaches that the endorsement response includes a session token (i.e. using a session token in response to an identity assertion request) [0049].
Therefore, it would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains to have modified the Momchilov-Huapaya combination so that the endorsement response would have included a session token.
It would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains to have modified the Momchilov-Huapaya combination by the teaching of Cai because it makes it easier to implement single sign-on authentication across multiple different types of middleware platforms in an enterprise-level computing environment [0003].
As to claim 18, the Momchilov-Huapaya combination does not teach the method of claim 14 wherein the endorsement response includes a session token.
Cai teaches that the endorsement response includes a session token (i.e. using a session token in response to an identity assertion request) [0049].
Therefore, it would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains to have modified the Momchilov-Huapaya combination so that the endorsement response would have included a session token.
It would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains to have modified the Momchilov-Huapaya combination by the teaching of Cai because it makes it easier to implement single sign-on authentication across multiple different types of middleware platforms in an enterprise-level computing environment [0003].
12.  Claims 9 and 19 is/are rejected under 35 U.S.C. 103 as being unpatentable over Momchilov et al US 2016/0191499 A1 (hereinafter Momchilov), Huapaya et al US 2020/0177563 A1 (hereinafter Huapaya) and Adrangi et al US 2016/0373257 A1 (hereinafter Adrangi) as applied to claims 7 and 17 above, and further in view of Reinsberg et al US 2019/0179806 A1 (hereinafter Reinsberg).
As to claim 9, the Momchilov-Huapaya-Adrangi combination does not teach the apparatus of claim 7 wherein the endorsement request and/or the endorsement response includes a signature generated over some object including the authentication public key. 
Reinsberg teaches that the endorsement request and/or the endorsement response includes a signature generated over some object including the authentication public key (i.e. verification request includes a communications address, the public key and a signature from the user requesting the verification) [0032].
Therefore, it would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains to have modified the Momchilov-Huapaya combination so that the endorsement request and/or the endorsement response would have included a signature generated over some object including the authentication public key.
It would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains to have modified the Momchilov-Huapaya combination by the teaching of Reinsberg because it allows for a decentralized database associating public keys and communications addresses [0003].
As to claim 19, the Momchilov-Huapaya-Adrangi combination does not teach the method of claim 17 wherein the endorsement request and/or the endorsement response includes a signature generated over some object including the authentication public key. 
Reinsberg teaches that the endorsement request and/or the endorsement response includes a signature generated over some object including the authentication public key (i.e. verification request includes a communications address, the public key and a signature from the user requesting the verification) [0032].
Therefore, it would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains to have modified the Momchilov-Huapaya combination so that the endorsement request and/or the endorsement response would have included a signature generated over some object including the authentication public key.
It would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains to have modified the Momchilov-Huapaya combination by the teaching of Reinsberg because it allows for a decentralized database associating public keys and communications addresses [0003].
Relevant Prior Art
13.  The following references have been considered relevant by the examiner:
A.  Statia et al US 2019/0306169 A1 directed to managing access to a stored object/resource [abstract].
B.  Ting US 2008/0184349 A1 directed to application-specific and single-sign-on user-authentication credentials that are analyzed and consolidated based on commonalities among the credentials and usage of the applications to which they are attributed [abstract].
C.  Oberheide et al US 2015/0046989 A1 directed to the authentication field, and more specifically to a new and useful system and method for verifying status of an authentication device in the authentication field [0002].
Conclusion
14.	THIS ACTION IS MADE FINAL.  Applicant is reminded of the extension of time policy as set forth in 37 CFR 1.136(a).  
A shortened statutory period for reply to this final action is set to expire THREE MONTHS from the mailing date of this action.  In the event a first reply is filed within TWO MONTHS of the mailing date of this final action and the advisory action is not mailed until after the end of the THREE-MONTH shortened statutory period, then the shortened statutory period will expire on the date the advisory action is mailed, and any extension fee pursuant to 37 CFR 1.136(a) will be calculated from the mailing date of the advisory action.  In no event, however, will the statutory period for reply expire later than SIX MONTHS from the mailing date of this final action. 
Any inquiry concerning this communication or earlier communications from the examiner should be directed to ARAVIND K MOORTHY whose telephone number is (571)272-3793. The examiner can normally be reached M-F 5:00-3:30.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Saleh Najjar can be reached on 571-272-4006. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. Visit https://www.uspto.gov/patents/apply/patent-center for more information about Patent Center and https://www.uspto.gov/patents/docx for information about filing in DOCX format. For additional questions, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.





/ARAVIND K MOORTHY/Primary Examiner, Art Unit 2492