DETAILED ACTION
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .
Claims Status
Claims 1–27 are pending in this application.
Claims 1–27 are rejected.
Response to Arguments
Applicant's arguments filed 4/21/2022 have been fully considered but they are not persuasive.

The Applicant argues that the combination of Rykowski et al. (2018/0145968) and Grajek et al. (2014/0082715) fail to teach the limitation “establishing, by a portion of binary code of the mobile application and using the redirect, a brokered authentication session with the ID service provider, the portion of binary code configured to operate as a broker for the mobile application for the authentication session.” Remarks on 4/21/2022 at 7. The Applicant supports by pointing out that the Grajek reference generally teaches away from the claimed invention providing a binary code fused in the mobile application, where the teachings of Grajek “merely disclos[es] a web browser SSO solution described in the Background section of Applicant’s specification.” See, generally, Remarks at 7–9.
The Examiner respectfully disagrees. the broadest reasonable interpretation of the “portion of binary code of the mobile application” does not include the concept of fused binary code which the Applicant argues is present in the independent claims. Remarks at 7. In fact, claim 8 includes the language “fused to binary code” as a dependent claim, but is nowhere to be found in any of the independent claims. Furthermore, the Applicant’s pointing of the specification for the support of the binary code being fused that may teach away from the references teaching the instant claimed limitations may be well and good; but without the explicit claiming of the fused binary code claim language within the independent claims, such arguments is no more than importation of claim limitations from the specifications. See, MPEP Section 2111.01 (II) (“Though understanding the claim language may be aided by explanations contained in the written description, it is important not to import into a claim limitations that are not part of the claim. For example, a particular embodiment appearing in the written description may not be read into a claim when the claim language is broader than the embodiment.” Superguide Corp. v. DirecTV Enterprises, Inc., 358 F.3d 870, 875, 69 USPQ2d 1865, 1868 (Fed. Cir. 2004).
In contrast, Rykowski teaches the general operations of a mobile binary code operating to provide third party identity services for authentication within the mobile binary code, but for the claim limitation “a brokered authentication session with the ID service provider” which “the portion of binary code configured to operate as a broker for the mobile application for the authentication session.” Non-Final Rejection at 3–4. Grajek teaches such limitations where a mobile application itself has the ability to provide brokered authentication session as part of the mobile application itself. Id. at 4–5.
Thus, the Examiner maintains the rejection of record. The prior art rejection of record from the previous office action is repeated below.
Claim Rejections – 35 USC §103
In the event the determination of the status of the application as subject to AIA  35 U.S.C. 102 and 103 (or as subject to pre-AIA  35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status.

The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.

Claims 1-4, 6, 7, 11, 12, 14-17, 19, 20, 24 and 25 are rejected under 35 U.S.C. § 103 as being unpatentable over Rykowski et al. (2018/0145968) in view of Grajek et al. (2014/0082715).
Regarding claims 1, 14 and 27, Rykowski teaches A method/mobile device/non-transitory storage media comprising:
sending, by a mobile application operating on a mobile device, a request to an online service provider for access to a resource; receiving, by the mobile application, a redirect from the online service provider to an identity (ID) service provider for authentication; (Figs. 1 and 2, mobile devices 203 [mobile device] can have its authentication of mobile apps federated; Fig. 3; ¶¶36-37, client app 224 [mobile application] can send access request 303 to service provider 209 [online service provider], at which point the provider can redirect 306 the access request back to client app 224 in order for the client app to request authentication by identity provider 206 [identity service provider]) and
establishing, by a portion of binary code of the mobile application and using the redirect, a brokered authentication session with the ID service provider, the portion of binary code configured to operate as a broker for the mobile application for the authentication session (Fig. 3; ¶37, the client application 224 itself [and only part of such application provides ability to perform the procedures as described] can send an identity assertion request to the identity provider 206 using the redirect received; however, Rykowski teaches that the service provider provides the authenticated session rather than the identity provider 206 and therefore does NOT teach "a brokered authentication session with the ID service provider"; however, Rykowski does teach "the portion of binary code configured to operate as a broker for the mobile application for the authentication session" since the client application 224 is capable of working with the service provider to receive authenticated session token for further authentication by the client application and is more likely than not be able to perform similar functionality if such sessions were coming from the identity provider 206 as well).
However, Rykowski does not explicitly teach establishing, by a portion of binary code of the mobile application and using the redirect, a brokered authentication session with the ID service provider, the portion of binary code configured to operate as a broker for the mobile application for the authentication session.
Grajek from the same field of endeavor teaches establishing, by a portion of binary code of the mobile application and using the redirect, a brokered authentication session with the ID service provider, the portion of binary code configured to operate as a broker for the mobile application for the authentication session (Figs. 2 and 6; ¶¶34-37, authentication appliance 102 [similar to identity service provider as claimed] can provide authentication services to the mobile device 110 so that authenticated session token can be given out for further authentication purposes by the mobile device itself; such session tokens can be used by the native mobile applications, for example; session token coming from authentication appliance rather than service provider such as enterprise service server 103 is advantageous in case authentication needs to be performed again, in cases such as token being lost/expired/etc.; it would save an additional step of requesting and being redirected towards the identity provider step as disclosed in Rykowski; see also ¶38).
It would have been obvious to one of ordinary skill in the art before the effective filing date of the invention to improve upon Rykowski using Grajek to improve efficiency of the system of Rykowski by taking into consideration the case where authentication needs to be performed multiple times. By implementing the performance of identity verification/authentication using the identity provider rather than the service provider itself, the service provider would have saved an additional step of receiving a new request from a mobile device and then directing the device to the identity provider.

Regarding claims 2 and 15, Rykowski and Grajek teaches the limitations of claims 1 and 14 respectively. Rykowski further teaches wherein the portion of binary code further provides single sign- on (SSO) services to the mobile application and to one or more other mobile applications operating on the mobile device (Fig. 2; ¶11, client device provides to the client applications 224a to 224N "single sign-on experience").

Regarding claims 3 and 16, Rykowski and Grajek teaches the limitations of claims 1 and 14 respectively. Rykowski further teaches wherein the SSO services include at least one of a service to access the resources or a service for authorization to use the accessed resources (¶30, service providers 209 include, for example, social networking services, email services, game services, etc. that requires some sort of login to access those services).

Regarding claims 4 and 17, Rykowski and Grajek teaches the limitations of claims 1 and 14 respectively. Grajek further teaches receiving, by the portion of binary code, a cookie from the ID service provider; encrypting, by the portion of binary code, the cookie; and (¶¶28-29, part of authentication token comprises an encrypted cookie; Rykowski also teaches that session token can be comprised of cookies in ¶42) and
storing, by the portion of binary code, the encrypted cookie in a shared memory location (Fig. 1; ¶¶28-29).
It would have been obvious to one of ordinary skill in the art before the effective filing date of the invention to improve upon Rykowski using Grajek to provide improved security of generally known single sign on methods by implementing well-known encryption methods.

Regarding claims 6 and 19, Rykowski and Grajek teaches the limitations of claims 1 and 14 respectively. Rykowski further teaches wherein the mobile application and at least one other mobile application operating on the mobile device communicate with each other and share information (Fig. 1, after authentication 102, applications 103/104/105 has single-sign on enabled through a use of a single cookie representing authenticated session).

Regarding claims 7 and 20, Rykowski and Grajek teaches the limitations of claims 1 and 14 respectively. Grajek further teaches wherein the shared information includes cookies provided by the ID service provider (¶¶28-29, part of authentication token comprises an encrypted cookie; Rykowski also teaches that session token can be comprised of cookies in ¶42).
It would have been obvious to one of ordinary skill in the art before the effective filing date of the invention to improve upon Rykowski using Grajek to improve efficiency of the system of Rykowski by taking into consideration the case where authentication needs to be performed multiple times. By implementing the performance of identity verification/authentication using the identity provider rather than the service provider itself, the service provider would have saved an additional step of receiving a new request from a mobile device and then directing the device to the identity provider.

Regarding claims 11 and 24, Rykowski and Grajek teaches the limitations of claims 1 and 14 respectively. Rykowski further teaches wherein the portion of binary code operates as a forward broker in the brokered authentication session (Fig. 3; ¶37, the client application 224 itself [and only part of such application provides ability to perform the procedures as described] can send an identity assertion request to the identity provider 206 using the redirect received).

Regarding claims 12 and 25, Rykowski and Grajek teaches the limitations of claims 1 and 14 respectively. Rykowski further teaches wherein the redirect includes a Uniform Resource Locator (URL) (¶59, HTTP redirection response code 302).

Claims 5 and 18 are rejected under 35 U.S.C. § 103 as being unpatentable over Rykowski et al. (2018/0145968) in view of Grajek et al. (2014/0082715), and further in view of Agarwal et al. (2011/0154464).
Regarding claims 5 and 18, Rykowski and Grajek teaches the limitations of claims 4 and 17 respectively. However, the teachings do not explicitly teach wherein the shared memory location is external to the mobile device.
Agarwal from the same field of endeavor teaches wherein the shared memory location is external to the mobile device (Fig. 6A; ¶235; ¶238, in a context of client authenticating with a login form provided by a server, cookies containing client-authentication data can be retained by the intermediary server 200 for possible future authentication purposes where client does not need to use its own cookies again for subsequent interactions [rather, the intermediary provides the client's cookies as an intermediary and therefore two copies of cookies are kept, one in client and the other on the intermediary server, completely separate entities having different physical memory spaces]).
It would have been obvious to one of ordinary skill in the art before the effective filing date of the invention to improve upon Rykowski using Agarwal to increase ease of use for single sign on situations where a client may lose a cookie inadvertently. By having the system of Agarwal where an intermediary may also have a copy of the client's authentication token, in a form of a copy of a cookie, the user of the system of Rykowski would have found it easier to rectify such problems.

Claims 8 and 21 are rejected under 35 U.S.C. § 103 as being unpatentable over Rykowski et al. (2018/0145968) in view of Grajek et al. (2014/0082715), and further in view of Khalid et al. (2015/0188907).
Regarding claims 8 and 21, Rykowski and Grajek teach the limitations of claims 1 and 14 respectively. However, the teachings do not explicitly teach wherein the portion of binary code is fused to binary code of the mobile application.
Khalid from the same field of endeavor teaches wherein the portion of binary code is fused to binary code of the mobile application (Fig. 2; ¶33, mobile applications 38-40 can include SSO function libraries 42, 44 and 45 that is implemented as DLLs which is loaded into memory of the OS of mobile station 13 that can perform operations related to remote authentication using SSO credentials).
It would have been obvious to one of ordinary skill in the art before the effective filing date of the invention to improve upon Rykowski using Khalid to provide mobile device app programmers with flexibility of implementing certain functionalities within a dynamically linked libraries for all the advantages that are associated with such dynamically linked libraries. Obvious advantages include, for example, the ability to modularize portions of code that can be used universally in other operating systems upon compilation of source code used within the DLL into other compatible execution architectures, amongst many other advantages.

Claims 9 and 22 are rejected under 35 U.S.C. § 103 as being unpatentable over Rykowski et al. (2018/0145968) in view of Grajek et al. (2014/0082715), and further in view of Lahteenmaki et al. (2007/0124564).
Regarding claims 9 and 22, Rykowski and Grajek teaches the limitations of claims 1 and 14 respectively. However, the teachings do not explicitly teach wherein the portion of the binary code is manually added to the binary code of the mobile application.
Lahteenmaki from the same field of endeavor teaches wherein the portion of the binary code is manually added to the binary code of the mobile application (¶5, based on trust level of an EXE or DLL component, calling process of the underlying executable can [select from a plurality of exe or dlls having various trust levels most likely] a DLL with a lower capability or trust level manually into the memory for execution).
It would have been obvious to one of ordinary skill in the art before the effective filing date of the invention to improve upon Rykowski using Lahteenmaki to be able to dynamically link several different types of modules into the base application code for maximum flexibility. By being able to implement different kinds of DLLs that can be linked to the application code manually, the flexibility provided to the user of the mobile app device would be increased. The different types of DLLs providing different types of SSO capabilities to the various identity providing services would be an obvious possibility to the one ordinarily skilled in the art.

Claims 10 and 23 are rejected under 35 U.S.C. § 103 as being unpatentable over Rykowski et al. (2018/0145968) in view of Grajek et al. (2014/0082715), and further in view of Dumais NPL ("Forwarding DLLs Add Functions to Existing Software", October 1, 2000).
Regarding claims 10 and 23, Rykowski and Grajek teach the limitations of claims 1 and 14 respectively. However, the teachings do not explicitly teach wherein the portion of binary code operates as a direct broker in the brokered authentication session.
Dumais from the same field of endeavor teaches wherein the portion of binary code operates as a direct broker in the brokered authentication session (p. 1, ability of an application program to add a "forwarding" DLL to perform/replace at least portions of the functionalities provided by "older DLL" or in this case, another DLL; uses cases identified in the article include improving performance, fixing a bug in the other DLL, easier to use forwarding DLL, etc.).
It would have been obvious to one of ordinary skill in the art before the effective filing date of the invention to improve upon Rykowski using Dumais NPL to account for situations where the DLL being linked into the application code may be not modifiable/fixable and the application must still pick up such slack by implementing further similar functionalities. Such situations are identified in the NPL itself, such as the case where the DLL is possibly an older DLL and would not be optimal to use the routines provided within the DLL, for example.

Claims 13 and 26 are rejected under 35 U.S.C. § 103 as being unpatentable over Rykowski et al. (2018/0145968) in view of Grajek et al. (2014/0082715), and further in view of Cha et al. (2013/0174241).
Regarding claims 13 and 26, Rykowski and Grajek teaches the limitations of claims 1 and 14 respectively. However, the teachings do not explicitly teach wherein the redirect is a response code indicating an authentication scheme and one or more requirements.
Cha from the same field of endeavor teaches wherein the redirect is a response code indicating an authentication scheme and one or more requirements (¶114, as part of single sign on authentication processes, HTTP response codes may comprise 401 unauthorized with www-authenticate header including the particular authentication protocol to be used as well as additional information such as algorithm to be used, or the realm information).
It would have been obvious to one of ordinary skill in the art before the effective filing date of the invention to improve upon Rykowski using Cha to provide further instructions to the client on how to effectively connect to the provided system by using efficient code response systems such as the well-known HTTP response code system with embedded information. By providing such method of feedback to the clients, the system of Rykowski would have enjoyed benefits such as implementation of applications using well-known systems, thereby reducing overall development time.

Conclusion
THIS ACTION IS MADE FINAL. Applicant is reminded of the extension of time policy as set forth in 37 CFR 1.136(a). 
A shortened statutory period for reply to this final action is set to expire THREE MONTHS from the mailing date of this action. In the event a first reply is filed within TWO MONTHS of the mailing date of this final action and the advisory action is not mailed until after the end of the THREE-MONTH shortened statutory period, then the shortened statutory period will expire on the date the advisory action is mailed, and any extension fee pursuant to 37 CFR 1.136(a) will be calculated from the mailing date of the advisory action. In no event, however, will the statutory period for reply expire later than SIX MONTHS from the mailing date of this final action.

Any inquiry concerning this communication or earlier communications from the examiner should be directed to DAE KIM whose telephone number is (571)270-0621. The examiner can normally be reached Monday-Friday 8AM-5PM EST.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Kevin Bates can be reached on (571) 272-3980. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. Visit https://www.uspto.gov/patents/apply/patent-center for more information about Patent Center and https://www.uspto.gov/patents/docx for information about filing in DOCX format. For additional questions, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.





/DAE KIM/
Examiner, Art Unit 2458                                                                                                    
/KEVIN T BATES/             Supervisory Patent Examiner, Art Unit 2458