DETAILED ACTION
Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .
A request for continued examination under 37 CFR 1.114, including the fee set forth in 37 CFR 1.17(e), was filed in this application after final rejection.  Since this application is eligible for continued examination under 37 CFR 1.114, and the fee set forth in 37 CFR 1.17(e) has been timely paid, the finality of the previous Office action has been withdrawn pursuant to 37 CFR 1.114.  Applicant's submission filed on 6/23/2022 has been entered.
As per instant amendment, claims 1, 10 and 19 have been amended; claims 1, 10 and 19 are independent claims. Claims 1-20 have been examined and are pending. This Action is made Non-Final. 

Response to Arguments
Applicants’ arguments with respect to claims 1-20 under 35 U.S.C 102(a)(2) have been considered but are moot in view of the new ground(s) of rejection







Claim Rejections - 35 USC § 103
In the event the determination of the status of the application as subject to AIA  35 U.S.C. 102 and 103 (or as subject to pre-AIA  35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status.  
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.

This application currently names joint inventors. In considering patentability of the claims the examiner presumes that the subject matter of the various claims was commonly owned as of the effective filing date of the claimed invention(s) absent any evidence to the contrary.  Applicant is advised of the obligation under 37 CFR 1.56 to point out the inventor and effective filing dates of each claim that was not commonly owned as of the effective filing date of the later invention in order for the examiner to consider the applicability of 35 U.S.C. 102(b)(2)(C) for any potential 35 U.S.C. 102(a)(2) prior art against the later invention.
Claims 1-4, 6, 7, 9-13, 15, 16, 18 and 19 is/are rejected under 35 U.S.C. 103 as being unpatentable over Mahurkar et al. (US 10,834,594 B1) in view of Vogt (US 2021/0234850 A1).

Regarding Claim 1;
Mahurkar discloses method comprising: 
receiving, by an access manager on a first device (col. 3, lines 53-63 - For example, the user device may receive user input to open an application (e.g., an application for accessing the content delivery service, an application associated with the content delivery service, and/or the like) and open the application. After opening the application, the user device may receive user selection of an option within the application to share credentials with another device), a first request from a second device for a credential maintained at the first device, to access a resource via the second device (col. 4, lines 52-col. 5, lines 12 - For example, the display device may not be displaying the login screen, and, after discovering the wireless authentication service (e.g., based on discovering the wireless authentication service), may display the login screen including the prompt to use another device to log into the content delivery service. Additionally, or alternatively, the display device may, based on receiving the selection to use another device to login (as shown in FIG. 1A and by reference number 115), discover the wireless authentication service As shown in FIG. 1B, and by reference number 130, the display device may provide, to the user device, a connection request...);
initiating, by the access manager, responsive to the first request form the second device, a second request for an approval at the first device or the second device (col. 6, lines 37-49 - In some implementations, the user device may prompt the user to authorize sharing of credentials. For example, the user device may, based on connecting to the display device, display a prompt with a virtual button requesting authorization to share credentials. In some implementations, the user device may display an authentication screen including information identifying the display device and/or the authentication service. In some implementations, the user device may receive user input authorizing the sharing of credentials. Additionally, or alternatively, the user device may provide, to the display device and based on receiving the user input authorizing the sharing of credentials, the request for the identifier and col. 8, lines 59-64 - In some implementations, the user device may determine that the user-input identifier and the identifier in the confirmation request match, and may provide, to the display device, encrypted credentials, as shown in FIG. 1D, and by reference number 160. For example, the user device may provide, to the display device and based on determining that the user-input identifier and the identifier in the confirmation request match, the encrypted credentials.);
accessing, by the access manager responsive to receiving the approval, the credential from a secure store, the secure store securely maintaining information of a plurality of credentials (col. 8, lines 59-64 - In some implementations, the user device may determine that the user-input identifier and the identifier in the confirmation request match, and may provide, to the display device, encrypted credentials, as shown in FIG. 1D, and by reference number 160. For example, the user device may provide, to the display device and based on determining that the user-input identifier and the identifier in the confirmation request match, the encrypted credentials and col. 9, lines 4-14); and 
transmitting, by the access manager, the credential to the second device to authenticate a user to access the resource (col. 8, lines 59-64 - In some implementations, the user device may determine that the user-input identifier and the identifier in the confirmation request match, and may provide, to the display device, encrypted credentials, as shown in FIG. 1D, and by reference number 160. For example, the user device may provide, to the display device and based on determining that the user-input identifier and the identifier in the confirmation request match, the encrypted credentials.);
Mahurkar fails to explicitly disclose ...the credential being additional to a primary credential provided at the second device to access the resource.
However, in an analogous art, Vogt teaches receiving, by an access manager on a first device, a first request from a second device for a credential maintained at the first device, to access a resource via the second device, the credential being additional to a primary credential provided at the second device to access the resource (Vogt, FIG. 1 – Secondary Device Logs In and [0010] - The process can be initiated by an authenticated user who may access the authentication platform 104 via a secondary device 102. The secondary device can be generally any computing device having access to a network (including the internet), via wired or wireless connection, but is most typically a personal computer or tablet computer. After (or before) the authenticated user has successfully logged into the authentication platform, such as by entering a username and associated password on record with the authentication platform, the user may request credentials (e.g., username and password) for a website or service for which the authenticated user has an account and [0011]-[0012] - Before the credentials requested by the authentication platform are supplied by the authorized device, the mobile app can display a screen on the authorized device that requests that the user choose to either allow or deny the request for credentials and [0016] and [0017] and Claim 1 - receiving on the authentication platform a request for login credentials from a secondary device; transmitting the request for credentials from the authentication platform to the authorized device; prompting a user to respond via the authorized device to the request to authorize transmission of the credentials between the secondary device and the service provider; and transmitting the requested credentials from the authorized device to the secondary device when authorization is provided by the user via a user interface on the authorized device).
Therefore, it would have been obvious before the effective filing date of the claimed invention to combine the teachings of Vogt to receiving... a first request from a second device for a credential maintained at the first device, to access a resource via the second device of Mahurkar to include the additional features receiving, by an access manager on a first device, a first request from a second device for a credential maintained at the first device, to access a resource via the second device, the credential being additional to a primary credential provided at the second device to access the resource.
One would have been motivated to combine the teachings of Vogt to Mahurkar to do so as it provides / allows the improving the security of authentication mechanisms, and the storage of encrypted authentication credentials.

Regarding Claim 2;
Mahurkar and Vogt disclose the method to Claim 1. 
Mahurkar further discloses wherein the first device and the second device are operated by the user (col. 2, lines 15-39)).

Regarding Claim 3;
Mahurkar and Vogt disclose the method to Claim 1. 
Mahurkar further discloses wherein the second request comprises a prompt to the user to provide the approval at the first device or the second device (col. 6, lines 37-49 - In some implementations, the user device may prompt the user to authorize sharing of credentials. For example, the user device may, based on connecting to the display device, display a prompt with a virtual button requesting authorization to share credentials. In some implementations, the user device may display an authentication screen including information identifying the display device and/or the authentication service. In some implementations, the user device may receive user input authorizing the sharing of credentials. Additionally, or alternatively, the user device may provide, to the display device and based on receiving the user input authorizing the sharing of credentials, the request for the identifier).

Regarding Claim 4;
Mahurkar and Vogt disclose the method to Claim 1. 
Mahurkar further discloses wherein the approval comprises an approval via a pin, a passcode, a fingerprint, a badge tap, a face image, a QR code scan, a device unlock operation, a voice signal, proximity to the first or second device, or a user interface selection (col. 6, lines 37-49 - In some implementations, the user device may prompt the user to authorize sharing of credentials. For example, the user device may, based on connecting to the display device, display a prompt with a virtual button requesting authorization to share credentials. In some implementations, the user device may display an authentication screen including information identifying the display device and/or the authentication service. In some implementations, the user device may receive user input authorizing the sharing of credentials. Additionally, or alternatively, the user device may provide, to the display device and based on receiving the user input authorizing the sharing of credentials, the request for the identifier and col. 6, lines 50-61 and col. 8, lines 59-64 - In some implementations, the user device may determine that the user-input identifier and the identifier in the confirmation request match, and may provide, to the display device, encrypted credentials, as shown in FIG. 1D, and by reference number 160. For example, the user device may provide, to the display device and based on determining that the user-input identifier and the identifier in the confirmation request match, the encrypted credentials.);
Regarding Claim 6;
Mahurkar and Vogt disclose the method to Claim 1. 
Mahurkar further discloses wherein accessing the credential from the secure store comprises accessing the credential that is stored in the secure store or causing the secure store to generate the credential according to the information maintained by the secure store (col. 8, lines 59-64 - In some implementations, the user device may determine that the user-input identifier and the identifier in the confirmation request match, and may provide, to the display device, encrypted credentials, as shown in FIG. 1D, and by reference number 160. For example, the user device may provide, to the display device and based on determining that the user-input identifier and the identifier in the confirmation request match, the encrypted credentials and col. 9, lines 4-14 - In some implementations, the user device may obtain credentials to authenticate the user to access the content delivery service from a memory of the user device. In some implementations, the user device may encrypt the credentials using a key stored on the user device, a key obtained from a secure cloud-based service, and/or the like. For example, the user device may encrypt the credentials using 256-bit Advanced Encryption Standard (AES-256) encryption. In some implementations, the credentials may include a token (e.g., an Open Authorization (OAuth) token and/or the like)






Regarding Claim 7;
Mahurkar and Vogt disclose the method to Claim 1. 
Mahurkar further discloses comprising: receiving, by the access manager (col. 3, lines 53-63 - For example, the user device may receive user input to open an application (e.g., an application for accessing the content delivery service, an application associated with the content delivery service, and/or the like) and open the application. After opening the application, the user device may receive user selection of an option within the application to share credentials with another device) a third request for a second credential maintained at the first device, to access a second resource via a third device (col. 4, lines 52-col. 5, lines 12 - For example, the display device may not be displaying the login screen, and, after discovering the wireless authentication service (e.g., based on discovering the wireless authentication service), may display the login screen including the prompt to use another device to log into the content delivery service. Additionally, or alternatively, the display device may, based on receiving the selection to use another device to login (as shown in FIG. 1A and by reference number 115), discover the wireless authentication service As shown in FIG. 1B, and by reference number 130, the display device may provide, to the user device, a connection request...);  initiating, by the access manager responsive to the third request, a fourth request for a second approval at the first device (col. 6, lines 37-49 - In some implementations, the user device may prompt the user to authorize sharing of credentials. For example, the user device may, based on connecting to the display device, display a prompt with a virtual button requesting authorization to share credentials. In some implementations, the user device may display an authentication screen including information identifying the display device and/or the authentication service. In some implementations, the user device may receive user input authorizing the sharing of credentials. Additionally, or alternatively, the user device may provide, to the display device and based on receiving the user input authorizing the sharing of credentials, the request for the identifier and col. 8, lines 59-64 - In some implementations, the user device may determine that the user-input identifier and the identifier in the confirmation request match, and may provide, to the display device, encrypted credentials, as shown in FIG. 1D, and by reference number 160. For example, the user device may provide, to the display device and based on determining that the user-input identifier and the identifier in the confirmation request match, the encrypted credentials.); and sending, by the access manager responsive to a failure to receive the second approval, a response denying the third request for the second credential (col. 6, lines 37-49 - In some implementations, the user device may prompt the user to authorize sharing of credentials. For example, the user device may, based on connecting to the display device, display a prompt with a virtual button requesting authorization to share credentials. In some implementations, the user device may display an authentication screen including information identifying the display device and/or the authentication service. In some implementations, the user device may receive user input authorizing the sharing of credentials. Additionally, or alternatively, the user device may provide, to the display device and based on receiving the user input authorizing the sharing of credentials, the request for the identifier and col. 8, lines 59-64 - In some implementations, the user device may determine that the user-input identifier and the identifier in the confirmation request match, and may provide, to the display device, encrypted credentials, as shown in FIG. 1D, and by reference number 160. For example, the user device may provide, to the display device and based on determining that the user-input identifier and the identifier in the confirmation request match, the encrypted credentials and col. 14, lines 16-25 - In some implementations, the user device may prompt the user to enter the identifier and, based on the user failing to provide a user-input identifier within a threshold amount time, may disconnect the connection with the display device.).  

Regarding Claim 9;
Mahurkar and Vogt disclose the method to Claim 1. 
Mahurkar further discloses wherein the credential is one of a plurality of authentication factors to authenticate the user to access the resource (col. 2, lines 25-48 - In some implementations, the first device may discover, using the short-range wireless communication protocol, an authentication service advertised by the second device and may establish a connection with the second device using the short-range wireless communication protocol. After establishing the connection with the second device (e.g., based on establishing the connection with the second device, once the connection with second device is established, and/or the like), the first device may display a first identifier, and may provide, to the second device via the connection, a confirmation request including the first identifier to permit the second device to determine whether a second identifier, input by a user into the second device, matches the first identifier (i.e., as constructed a form of a  factor). In some implementations, the first device may receive, from the second device and via the connection, encrypted credentials to authenticate the user to access a service based on the second device determining whether the second identifier matches the first identifier. The first device may decrypt (e.g., using a stored key and/or the like) the encrypted credentials to obtain credentials, and may store the credentials in a memory of the first device. In some implementations, the first device may authenticate, using the credentials, the user to access the service.).

Regarding Claim(s) 10-13, 15, 16, and 18; claim(s) 10-13, 15, 16, and 18 is/are directed to a/an device associated with the method claimed in claim(s) 1-4, 6, 7, and 9. Claim(s) 10-13, 15, 16, and 18 is/are similar in scope to claim(s) 1-4, 6, 7, and 9, and is/are therefore rejected under similar rationale.

Regarding Claim(s) 19; claim(s) 19 is/are directed to a/an medium associated with the method claimed in claim(s) 1. Claim(s) 19 is/are similar in scope to claim(s) 1, and is/are therefore rejected under similar rationale.


Claims 5, 14 and 20 is/are rejected under 35 U.S.C. 103 as being unpatentable over Mahurkar et al. (US 10,834,594 B1) in view of Vogt (US 2021/0234850 A1) and further in view of Oberheide et al. (US 2012/0198228 A1).

Regarding Claim 5;
Mahurkar and Vogt disclose the method to Claim 1. 
Mahurkar further discloses comprising: receiving, by the access manager, the first request via ... (col. 2, lines 25-48 and col. 4, lines 1-10) and transmitting, by the access manager, the credential to the second device via ... (col. 2, lines 25-48 and col. 8, lines 59-64);
Mahurkar and Vogt fails to explicitly disclose receiving... via the secure messaging service; and transmitting... via the secure messaging service. 
However, in an analogous art, Oberheide teaches receiving... via the secure messaging service; and transmitting... via the secure messaging service (Oberheide, [0033] - . Preferably, each of the first and second user devices can be configured for communication across one or more communication channels and/or modes so as to be able to send/receive any suitable type of message and/or communication between the devices, including at least all of the possible types of user challenges such as one or more of SMS or MMS messages, emails, voice telephone calls, automated telephone calls, PIN requests, push notifications, one-time passwords, and the like).
Therefore, it would have been obvious before the effective filing date of the claimed invention to combine the teachings of Oberheide to the credentials of Mahurkar and Vogt to include receiving... via the secure messaging service; and transmitting... via the secure messaging service.
One would have been motivated to combine the teachings of Oberheide to Mahurkar and Vogt to do so as it provides / allows permitting for any particular “communication” to be directed to the user through multiple channels (Oberheide, [0033]).

Regarding Claim(s) 14; claim(s) 14 is/are directed to a/an device associated with the method claimed in claim(s) 5. Claim(s) 14 is/are similar in scope to claim(s) 5, and is/are therefore rejected under similar rationale.

Regarding Claim(s) 20; claim(s) 20 is/are directed to a/an medium associated with the method claimed in claim(s) 5. Claim(s) 20 is/are similar in scope to claim(s) 5, and is/are therefore rejected under similar rationale.



Claims 8 and 17 is/are rejected under 35 U.S.C. 103 as being unpatentable over Mahurkar et al. (US 10,834,594 B1) in view of Vogt (US 2021/0234850 A1) and further in view of Sanciangco et al. (US 2019/0372949 A1).

Regarding Claim 8;
Mahurkar and Vogt disclose the method to Claim 1. 
Mahurkar and Vogt fails to explicitly disclose wherein the credential comprises a one-time password (OTP) code, an authentication token, a single sign-on (SSO) code, or a time-based OTP (TOTP) code.
However, in an analogous art, Sanciangco teaches wherein the credential comprises a one-time password (OTP) code, an authentication token, a single sign-on (SSO) code, or a time-based OTP (TOTP) code (Sanciangco, [0017] - Credential manager 110A, in various embodiments is an application executable to store various credentials 112 at mobile device 100A. These credentials 112 may include any suitable type of credential such as a username and password, one-time password ( OTP), personal identification number (PIN), a cryptographic key for generating a digital signature, authentication token, etc.).
Therefore, it would have been obvious before the effective filing date of the claimed invention to combine the teachings of Sanciangco to the credentials of Mahurkar and Vogt to include wherein the credential comprises a one-time password (OTP) code, an authentication token, a single sign-on (SSO) code, or a time-based OTP (TOTP) code.
One would have been motivated to combine the teachings of Sanciangco to Mahurkar and Vogt to do so as it provides / allows the ability to store various credentials at a mobile device (Sanciangco, [0017]).
Regarding Claim(s) 17; claim(s) 17 is/are directed to a/an device associated with the method claimed in claim(s) 8. Claim(s) 17 is/are similar in scope to claim(s) 8, and is/are therefore rejected under similar rationale.


Conclusion
Any inquiry concerning this communication or earlier communications from the examiner should be directed to KARI L SCHMIDT whose telephone number is (571)270-1385. The examiner can normally be reached Monday-Friday 10am - 6pm (MDT).
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Luu Pham can be reached on (571)270-5002. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. Visit https://www.uspto.gov/patents/apply/patent-center for more information about Patent Center and https://www.uspto.gov/patents/docx for information about filing in DOCX format. For additional questions, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.





/KARI L SCHMIDT/Primary Examiner, Art Unit 2439