DETAILED ACTION
Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .

Information Disclosure Statement
The information disclosure statement (IDS) submitted on 02/28/2021, 08/03/2021 and 02/01/2022. The submission is in compliance with the provisions of 37 CFR 1.97.  Accordingly, the information disclosure statement is being considered by the examiner.
Applicant should note that the large number of references in the attached IDSs have been considered by the examiner in the same manner as other documents in Office search files are considered by the examiner while conducting a search of the prior art in a proper field of search. See MPEP 609.05(b). Applicant is invited to point out any particular reference(s) in the IDS that they believe may be of particular relevance to the instant claimed invention in response to this Office Action. It is desirable to avoid the submission of long lists of documents if it can be avoided (Emphasis added). If a long list is submitted, highlight those documents which have been specifically brought to applicant’s attention and/or are known to be of most significance. See Penn Yan Boats, Inc. v. Sea Lark Boats, Inc., 359 F. Supp. 948, 175 USPQ 260 (S.D. Fla. 1972), aff ’d, 479 F.2d 1338, 178 USPQ 577 (5th Cir. 1973), cert. denied, 414 U.S. 874 (1974).  But cf. Molins PLC v. Textron Inc., 48 F.3d 1172, 33 USPQ2d 1823 (Fed. Cir. 1995).

Drawings
The drawings were received on 01/29/2021.  These drawings are accepted.

Claim Rejections - 35 USC § 112
The following is a quotation of 35 U.S.C. 112(b):
(b)  CONCLUSION.—The specification shall conclude with one or more claims particularly pointing out and distinctly claiming the subject matter which the inventor or a joint inventor regards as the invention.

Claims 1-20 are rejected under 35 U.S.C. 112(b). 
Independent claim 1 recites the limitation "transferring authentication data" in line 15. There are insufficient antecedent basis issues for this limitation in the claim. “Authentication data” has been defined in line 7. It is unclear that it indicates previously referred “authentication data” in line 7 or another “authentication data”. In addition, claim 1 recites “the authentication data to access the account” in line 19. It is unclear which “authentication data” referring to. Therefore, clarification is required. 
Independent Claim 1 recites the limitation "the same data constituting" in line 19. There is insufficient antecedent basis issues for this limitation in the claim. For the sole purpose of prior art analysis, Examiner interpreted the limitation of the claim to recite as follow "same data constituting".

Claims 2, 3, 4, 8 and 9 respectively recite the limitation "the authentication data" in line 1.  There are insufficient antecedent basis issues for this limitation in the claim since claim 1 recites authentication data twice in line 7 and 15. For the sole purpose of prior art analysis, Examiner interpreted the limitation of the respective claims to recite as follow "authentication data".

Claim 7 recites the limitation "the data network-generated data" in line 1. There is insufficient antecedent basis issues for this limitation in the claim. For the sole purpose of prior art analysis, Examiner interpreted the limitation of the claim to recite as follow "data network-generated data".

The dependent claims 5, 6 and 10-13 inherit the deficiencies of the independent claim, and are rejected as well.

Independent claim 14 recites the limitation "transferring authentication data" in line 18. There are insufficient antecedent basis issues for this limitation in the claim. It has been defined in line 10. It is unclear that it indicates previously referred “authentication data” in line 10 or another “authentication data”. In addition, claim 14 recites “the authentication data to access the account” in line 21. It is unclear which “authentication data” referring to. Therefore, clarification is required.

Independent Claim 14 recites the limitation "the same data constituting" in line 21. There is insufficient antecedent basis issues for this limitation in the claim. For the sole purpose of prior art analysis, Examiner interpreted the limitation of the claim to recite as follow "same data constituting".

Claims 15, 16 and 17 respectively recite the limitation "the authentication data" in line 1. There are insufficient antecedent basis issues  for this limitation in the claims since claim 1 recites authentication data twice in line 7 and 15. For the sole purpose of prior art analysis, Examiner interpreted the limitation of the respective claims to recite as follow "authentication data".

Claim 20 recites the limitation "the data network-generated data" in line 1. There are insufficient antecedent basis issues for this limitation in the claim. For the sole purpose of prior art analysis, Examiner interpreted the limitation of the claim to recite as follow "data network-generated data".

The dependent claims 18-19 inherit the deficiencies of the independent claim, and are rejected as well.

Claim Rejections - 35 USC § 103
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.

Claims 1, 2, 4, 5, 13, 14, 15, 17 and 18 are rejected under 35 U.S.C. 103 as being unpatentable over Jones et al. (US 20180219849 A1 hereinafter “Jones”) in view of Mezei et al. (US 9596223 B1 hereinafter “Mezei”) in view of Harrell (US 20170278174 A1).
Regarding independent claim 1, Jones discloses a method, comprising (Fig. 3): 
initiating a request by an extension to authenticate a browser to access a data 5network ([0085-0086] disclosing extension technology. “A single click” such as assuming browser extensions is disclosed (Fig. 3 arrow 14) to access website 150 [mapped to the “data network”]. [0085] also disclosing “The visitor co-browse invitation is validated after the visitor has clicked to accept installation of the browser extension 164 (Emphasis added)”), 
the request being associated with an address and transmitted over HTTP ([0080] disclosing installing the browser extension 182 causes the page shown in the dialog associated with visitor co-browse invitation 160 to initiate hyperlink 174 to load web page 114A into browser 112), 
the extension being implemented in association of a first client computing device in a subset of computing devices each including at least one browser and a corresponding extension ([0067] disclosing the term “browser extension” as used herein; [0070 and 0096] disclosing a browser extension 182 specific to that type of browser and alternate methods when the browser in use by the visitor is incompatible with browser extensions);
sending a second message from the server to the extension or to the corresponding extension ([0058] disclosing the co-browse service 130 [mapped to the “server”] to instruct the co-browse service to generate and transmit a co-browse invitation to the visitor (FIG. 3 arrow 12). Examiner considered the arrows 11 through 12 as the data communication as claimed. Fig 6 and [0063-0064] disclosing the message as claimed; [0085] disclosing “the visitor co-browse invitation is validated after the visitor has clicked to accept installation of the browser extension 164 (Emphasis added)”). 
Jones may not explicitly teach, but Mezei, which is a same field of endeavor, discloses the method, wherein receiving at a proxy browser a first message from the data network in response to the request ([col. 5 line 53-55] disclosing step (1) with the user 300 opening his or her browser 302 to the site's TOTP authentication page, which may require a previous login [mapped to the “request”]),
the first message comprising authentication data, the authentication data 10being forwarded to a server in data communication with the proxy browser and the browser ([col. 5 line 55-62] disclosing steps (3) and (4) in Fig. 3. The browser plug-in 304 detects the TOTP authentication page being rendered in the browser 302 and calls an application programming interface (API) of the cloud service 306 [mapped to the “server”] to request push authentication. The terms “TOTP” is used herein to refer a time-based, one-time password [mapped to the “authentication data”]),
Before the effective filing date, it would have been obvious for one of ordinary skill in the art to have modified the elements disclosed by Jones with the teachings of Mezei to receive at a proxy browser a first message from the data network in response to the request, the first message comprising authentication data, the authentication data being forwarded to a server in data communication with the proxy browser and the browser. One of ordinary skill in the art would have been motivated to make this modification because a client browser executes in a computing machine (e.g., a laptop) distinct from the end user's mobile device. To effect login, the end user opens the browser to a TOTP authentication page. The TOTP-based login attempt from the client browser is detected by a browser plug-in, and this detection initiates a push notification mechanism (col. 1 ln. 63-col. 2 ln. 1).
However, the combination of Jones and Mezei may not explicitly teach, but Harrell, which is a same field of endeavor, further discloses the method, the proxy browser configured to facilitate access to an account at the data network via the authentication data ([0072] disclosing the second browser screen being separate from the first browser screen where granting, to the user, access of the account based on user authentication information received via the second browser screen);
the second message comprising the authentication data configured to facilitate 15access to the account in the data network by any computing device in the subset of computing devices ([0060 and 0069] disclosing that a given user may access the cloud-based resources 708 by a number of devices and the consumer only needs to remember his authentication information with the third party payment provider; [0072] disclosing the second browser screen being separate from the first browser screen. It contains information that allows the user to access an account the user has with a payment provider where granting, to the user, access of the account based on user authentication information received via the second browser screen).
transferring authentication data to the data network from the browser and the extension or the at least one browser and the corresponding extension in response to a query from the data network ([0072] disclosing the second browser where triggering a display of a second browser screen in response to the detected engagement of the browser plugin component and granting, to the user, access of the account based on user authentication information received via the second browser screen),
wherein different computing devices in the subset of computing devices implement the same data constituting the authentication data to access the account ([0060 and 0069] disclosing that a given user may access the cloud-based resources 708 by a number of devices and the consumer only needs to remember his authentication information with the third party payment provider; [0072] disclosing granting, to the user, access of the account based on user authentication information received via the second browser screen). 
Before the effective filing date, it would have been obvious for one of ordinary skill in the art to have modified the elements disclosed by Jones and Mezei with the teachings of Harrell to include the proxy browser that  configured to facilitate access to an account at the data network via the authentication data; transfer authentication data to the data network from the browser and the extension or the at least one browser and the corresponding extension in response to a query from the data network, wherein different computing devices in the subset of computing devices implement the same data constituting the authentication data to access the account. One of ordinary skill in the art would have been motivated to make this modification because authenticating the user may be available based on the user input received via the second display area. The plugin (or extension) may further allow the user to use services offered by the third party payment provider on other web sites, even if the web sites do not natively support the services of the third party payment provider (para. 0032). Therefore, a user may access resources from any number of suitable mobile or non-mobile devices (para. 0060).

Regarding claim 2, the combination of Jones, Mezei and Harrell discloses the method of claim 1, wherein the authentication data comprises login data ([Mezei: col. 5 line 55-62] disclosing steps (3) and (4) in Fig. 3. The browser plug-in 304 detects the TOTP authentication page being rendered in the browser 302 and calls an application programming interface (API) of the cloud service 306 to request push authentication; [col. 1 ln. 23-25] The terms “TOTP” is used herein to refer a time-based, one-time password [mapped to the “login data”]).  

Regarding claim 4, the combination of Jones, Mezei and Harrell discloses the method of claim 1, wherein the authentication data comprises a username and password ([Mezei: 0038] disclosing the page 350 which contain a username field 360 and a password field 361).
Before the effective filing date, it would have been obvious for one of ordinary skill in the art to have modified the elements disclosed by Jones and Harrell with the teachings of Mezei to include the authentication data comprising a username and password. One of ordinary skill in the art would have been motivated to make this modification because upon entering a correct combination of username and password, the user is logged into the account with the third party payment provider (para. 0039).

Regarding claim 5, the combination of Jones, Mezei and Harrell discloses the method of claim 1, wherein the proxy browser is associated with a second client computing device in distributed data communication with the data network and the 10server ([Jones: Fig. 3] disclosing 1st browser 112 in the computer 110, 2nd browser in the computer 120, co-browse service 130 and websites 150 which are respectively mapped to the proxy browser, browser, server and data network). 

Regarding claim 13, the combination of Jones, Mezei and Harrell discloses the method of claim 1, further comprising the browser receiving access to the data 15network if the response to the query is approved by the data network ([Jones: 0064] disclosing the visitor response includes a copy of the authentication token 172 and is compared by the co-browse service 130 with a set of valid tokens in a token database 180. If the authentication token 172 is not valid, a co-browse session will not start).

Regarding independent claim 14,  it is a computerized method that corresponds to claim 1. Jones further discloses the computerized method comprising: 
receiving at a server a request to access a data network ([0070] disclosing that co-browse service uses information provided in the first request, (FIG. 3) arrow 13), the request being initiating a request by an extension to authenticate a browser to access a data network ([0085-0086] disclosing extension technology. “A single click” such as assuming browser extensions is disclosed (Fig. 3 arrow 14) to access website 150 [mapped to the data network]. [0085] also disclosing “The visitor co-browse invitation is validated after the visitor has clicked to accept installation of the browser extension 164 (Emphasis added)”). Therefore, independent claim 14 is rejected for at least same reasons as claim 1.

Regarding claim 15, it is a computerized method claim that corresponds to claim 2. Therefore, the claim is rejected for at least the same reasons as claim 2.

Regarding claim 17, it is a computerized method claim that corresponds to claim 4. Therefore, the claim is rejected for at least the same reasons as claim 4.

Regarding claim 18, it is a computerized method claim that corresponds to claim 5. Therefore, the claim is rejected for at least the same reasons as claim 5.


Claims 3, 6, 7, 8, 12, 16, 19 and 20 are rejected under 35 U.S.C. 103 as being unpatentable over Jones et al. (US 20180219849 A1 hereinafter “Jones”) in view of Mezei et al. (US 9596223 B1 hereinafter “Mezei”) in view of Harrell (US 20170278174 A1) as applied to claim 1 above, and further in view of MARCOVECCHIO et al. (US 20190057204 A1 hereinafter “MARCOVECCHIO”).
Regarding claim 3, the combination of Jones, Mezei and Harrell may not explicitly teach, but MARCOVECCHIO, which is a same field of endeavor, discloses the method of claim 1, wherein the authentication data comprises session data and a cookie ([0037] disclosing the client device 110 may generate a cookie with the session ID that was provided by the application server 130).
Before the effective filing date, it would have been obvious for one of ordinary skill in the art to have modified the elements disclosed by Jones, Mezei and Harrell with the teachings of MARCOVECCHIO to include an authentication data comprises session data and a cookie. One of ordinary skill in the art would have been motivated to make this modification because the client device may be delegating authenticated access of a previously established session as between the client device and the application server by transmitting the generated cookie to the remote server (para. 0050).

Regarding claim 6, the combination of Jones, Mezei and Harrell may not explicitly teach, but MARCOVECCHIO, which is a same field of endeavor, discloses the method of claim 5, wherein the second client computing device has access to the data network using the login data and other session data and another cookie ([0046-0049] disclosing the client device 110 may transmit user credential information [mapped to the “login data”] to the application server 130. The application server 130 may transmit the session ID [mapped to the “session data”] to the client device 110. the client device 110 may generate a cookie [mapped to the “another cookie” because it contains the particular received ID] that includes the received session ID through operations 405-420 in Fig. 4).
Before the effective filing date, it would have been obvious for one of ordinary skill in the art to have modified the elements disclosed by Jones, Mezei and Harrell with the teachings of MARCOVECCHIO to include a second client computing device has access to the data network using the login data and other session data and another cookie. One of ordinary skill in the art would have been motivated to make this modification because the client device may be delegating authenticated access of a previously established session as between the client device and the application server by transmitting the generated cookie to the remote server (para. 0050).

Regarding claim 7, the combination of Jones, Mezei and Harrell may not explicitly teach, but MARCOVECCHIO, which is a same field of endeavor, discloses the method of claim 1, wherein the data network-generated data comprises session data including a time period during which a session between the browser and the data network is active ([0070] disclosing client device 110 which generating a time-limited authentication token. Upon the expiration time/date, the client device 110 or the remote server 150 may recognize that the authentication header is no longer valid and discard that authentication header).
Before the effective filing date, it would have been obvious for one of ordinary skill in the art to have modified the elements disclosed by Jones, Mezei and Harrell with the teachings of MARCOVECCHIO to include the data network-generated data comprising session data including a time period during which a session between the browser and the data network is active. One of ordinary skill in the art would have been motivated to make this modification because the authentication header may be associated with the expiration time/date, and when requests having the authentication header are received at the application server, the application server may prevent authenticated access to a protected application (para. 0070).

Regarding claim 8, the combination of Jones, Mezei and Harrell may not explicitly teach, but MARCOVECCHIO, which is a same field of endeavor, discloses the method of claim 1, wherein the second message comprises the authentication data 20and a cookie, the cookie being server-modifiable ([0055] disclosing that remote server 150 may retrieve or access the cookie from an authentication token storage 270 (FIG. 2) based on information. The remote server 150 may identify the previously stored cookie with that particular session ID and incorporate [mapped to “cookie being server-modifiable”] that particular cookie with each interaction/request when interacting with the social media platform executing on the application server 130).
Before the effective filing date, it would have been obvious for one of ordinary skill in the art to have modified the elements disclosed by Jones, Mezei and Harrell with the teachings of MARCOVECCHIO to include a second message comprising the authentication data 20and a cookie, the cookie being server-modifiable. One of ordinary skill in the art would have been motivated to make this modification because the remote server 150 may incorporate the particular cookie with each interaction/request when interacting with social media platforms. Thus, the remote server 150 may access a social media platform using a cookie having a particular session ID (para. 0054).

Regarding claim 12, the combination of Jones, Mezei and Harrell may not explicitly teach, but MARCOVECCHIO, which is a same field of endeavor, discloses the method of claim 1, further comprising receiving at the server and the extension a cookie if the response to the query is approved by the data network ([0048] disclosing that the application server 130 [“data network”] may transmit the session ID to the client device 110 after verifying the received credential information. The client device 110 may generate a cookie that includes the received session ID. Then, the client device 110 may transmit the generated cookie to the remote server 150 [mapped to the “server”] in operations 415-425. [0065] further disclosing browser enhancement module 122 which is a web browser extension/add-on/plug-in. It may be configured to automatically share the generated authentication tokens (e.g., cookies and/or authentication headers) with the remote server 150 or other computing devices).
Before the effective filing date, it would have been obvious for one of ordinary skill in the art to have modified the elements disclosed by Jones, Mezei and Harrell with the teachings of MARCOVECCHIO to receive at the server and the extension a cookie if the response to the query is approved by the data network. One of ordinary skill in the art would have been motivated to make this modification because the client device may be delegating authenticated access of a previously established session as between the client device and the application server by transmitting the generated cookie to the remote server (para. 0050).

Regarding claim 16, it is a computerized method claim that corresponds to claim 3. Therefore, the claim is rejected for at least the same reasons as claim 3.

Regarding claim 19, it is a computerized method claim that corresponds to claim 6. Therefore, the claim is rejected for at least the same reasons as claim 6.

Regarding claim 20, it is a computerized method claim that corresponds to claim 7. Therefore, the claim is rejected for at least the same reasons as claim 7.


Claims 9 and 10 are rejected under 35 U.S.C. 103 as being unpatentable over Jones et al. (US 20180219849 A1 hereinafter “Jones”) in view of Mezei et al. (US 9596223 B1 hereinafter “Mezei”) in view of Harrell (US 20170278174 A1) as applied to claim 1 above, and further in view of Singleton, IV (US 20170339563 A1 hereinafter “Singleton”).
Regarding claim 9, the combination of Jones, Mezei and Harrell may not explicitly teach, but Singleton, which is a same field of endeavor, discloses the method of claim 1, further comprising receiving at the browser other data network-generated data from the data network if the authentication data sent from the browser and the extension to the query is accepted by the data network ([0076] disclosing that the cloud or hosted web browser service 520 may authenticate the user credentials received from the secure browser plug-in 516 and provide one or more policies for the hosted web applications to the secure browser plug-in 516).
Before the effective filing date, it would have been obvious for one of ordinary skill in the art to have modified the elements disclosed by Jones, Mezei and Harrell with the teachings of Singleton to receive at the browser other data network-generated data from the data network if the authentication data sent from the browser and the extension to the query is accepted by the data network. One of ordinary skill in the art would have been motivated to make this modification because the cloud or hosted web browser service [or the server as claimed] may authenticate the user credentials received from the secure browser plug-in and provide one or more policies for the hosted web applications to the secure browser plug-in. Therefore, the one or more policies may be configured by an administrator and may comprise one or more rules for redirecting internal URLs to external URLs for web applications (para. 0075-0076).

Regarding claim 10, the combination of Jones, Mezei, Harrell and Singleton discloses the method of claim 9, wherein the other data network-generated data comprises query data transmitted from the data network to the browser ([0076] disclosing that the cloud or hosted web browser service 520 may authenticate the user credentials received from the secure browser plug-in 516 and provide one or more policies for the hosted web applications to the secure browser plug-in 516).


Claim 11 is rejected under 35 U.S.C. 103 as being unpatentable over Jones et al. (US 20180219849 A1 hereinafter “Jones”) in view of Mezei et al. (US 9596223 B1 hereinafter “Mezei”) in view of Harrell (US 20170278174 A1) in view of Singleton, IV (US 20170339563 A1 hereinafter “Singleton”) as applied to claim 9 above, and further in view of MARCOVECCHIO et al. (US 20190057204 A1 hereinafter “MARCOVECCHIO”).
Regarding claim 11, the combination of Jones, Mezei, Harrell and Singleton may not explicitly disclose, but MARCOVECCHIO, which is a same field of endeavor, discloses the method of claim 9, wherein the other data network-generated data comprises a session cookie ([0037] disclosing the client device 110 may generate a cookie with the session ID that was provided by the application server 130).
Before the effective filing date, it would have been obvious for one of ordinary skill in the art to have modified the elements disclosed by Jones, Mezei and Harrell and Singleton with the teachings of MARCOVECCHIO to include other data network-generated data comprising a session cookie. One of ordinary skill in the art would have been motivated to make this modification because the client device may be delegating authenticated access of a previously established session as between the client device and the application server by transmitting the generated cookie to the remote server (para. 0050).

Conclusion
Any inquiry concerning this communication or earlier communications from the examiner should be directed to ANDREW SUH whose telephone number is (571)270-5524. The examiner can normally be reached 9:00 AM- 5:00 PM.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Carl Colin can be reached on (571) 272-3862. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. Visit https://www.uspto.gov/patents/apply/patent-center for more information about Patent Center and https://www.uspto.gov/patents/docx for information about filing in DOCX format. For additional questions, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.





/A.S./Examiner, Art Unit 2493                                                                                                                                                                                                        
/CARL G COLIN/Supervisory Patent Examiner, Art Unit 2493