Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .


Response to Arguments

Applicant's arguments have been fully considered but they are not persuasive. 

Applicant argues again that a “browser” and not a client application sends a request for a token to a remote server, and thus Grajek US 2014/0082715 fails to teach the claims as amended.
As Examiner has asserted previously, the browser is acting as an agent of the client, and that this does not negate that a client application is sending requests to a remote server.

Examiner further asserts that one interpretation of the claim limitations is that in Grajek, the browser is a first application, and a “client application” is a second application.  This interpretation would appear to meet every argument put forth by the Applicant.

Examiner further asserts that the argument made my Applicant that the client application does not “receive” a connector code, and at least one other token, is not persuasive.  As stated previously, Grajek teaches initiating by a client a request to a remote server.  Grajek teaches that the client utilizes a browser for this purpose.   Grajek teaches that in response, a “token” , a “connector code” and “at least one other token” is received.   Examiner asserts that reasonably speaking, these have been received “by the first mobile application”.  Examiner points out that the next limitation recites “storing in a shared security mechanism, the at least one other token and the connector code”.  This is well met by Grajek, as the shared security mechanism is the browser and thus the “other token” and “connector code” are stored there.  Grajek does explicitly teach that the “token” is passed to the client application.

Applicant further argues that the “token” is only used by one client application, and not used by another client application to obtain a “token” for the other client application.
Examiner asserts, respectfully, that this is not in the claim limitations.   The claims state that the second application uses “the at least one other token and the connector code”.  Grajek teaches a second application, again, utilizing the shared browser, use these to obtain “a token” which is specific to the second client application.

In the interest of advancing prosecution, Examiner has included a supplemental teaching of 2 client applications that utilize shared tokens and SSO.   Examiner asserts that this reference, at minimum, teaches that the applications themselves receive 2 tokens and a connector code, rather than a browser.
 Examiner has included this reference in an attempt to satisfy the Applicant.  Examiner has included this reference for the sole purpose of advancing prosecution.     Examiner asserts that all three references included to meet the claim limitations have been variations of SSO for mobile applications.



Claim Rejections - 35 USC § 103
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.

Claim 1-5, 7-9, 11-20 is/are rejected under 35 U.S.C. 103 as being unpatentable over Trammel US 20140075513 in view of Grajek US 2014/0082715 in view of Aamir US 2017/0116424.


As per claim 1, 14, 18  Trammel teaches A method for enhanced single sign-on for mobile applications, the method comprising: requesting, by a first mobile application, an authorization server to authenticate the first mobile application. Trammel teaches receiving, by the first mobile application, the connector code and at least one token from a remote server in response to authentication request;  Trammel teaches storing the at least one token and connector code in a shared security mechanism; Trammel teaches searching by a second mobile application other than the first mobile application in the shared security mechanism for the at least one token and connector code, and obtaining by the second mobile application, a token for the second mobile application, using a profile based at least in part on the at least one token and the connector code received in connection with the first mobile applications authentication (managed storing application for credentials) [0027][0034][0036] [0037] [0040][0041] [0047][0049][0055][0060][0066][0074]  (Trammel teaches authenticating in a request for a device token that is associated with a plurality of applications and including a connector code that is a hardware identifier and or user identifier, after the device/application receives the one token/device token, a second mobile application may use the one token and connector code to obtain  “a token”/access token which is further used by the second application to access resources. ) While trammel arguably teaches the connector code/unique client ID is sent from a remote server in response to authentication either as part of the token, as part of the registration process, or as part of additional data in redirects or JSON, Examiner has included Pochuev explicitly and supplementally to teach sending two tokens/pieces of data in response to the authentication request

Grajek teaches a first mobile application requesting a token and receiving a token an connector code and at least one other token from a remote server in response to the token request.  Grajek teaches storing by the first mobile application in a shared security mechanism the at least one other token and connector code in a shared security mechanism.  Grajek teaches searching, by a second mobile application, in the shared security mechanism for the at least one token; and using, by the second mobile application, a profile to obtain a token for the second mobile application based on the at least one token and the connector code. Grajek explicitly teaches that authentication is of an application rather than a client/user. [0023] [0024] [0027] [0028] [0029] [0030] [0031] [0033] [0034] [0035] [0088]- [0092] (uses token from first application and an additional authentication factor to obtain a new token) 
It would have been obvious to one of ordinary skill in the art to use the teaching of Grajek with Trammel at the time the invention was filed because it provides a convenient way to share authentication credentials.

Aamir explicitly teaches returning both a connector code and a token in response to an authentication request from a remote server [0003]-[0004], [0064][-[0066][0070] [0080][0085][0088][0089][0094]-[0097]  (Aamir teaches a first application authenticates *directly* with an authentication server and receives a root key, a session token, and an intent encryption key,  Aamir teaches the first application stores data in shared storage, and that applications can share data for SSO purposes. Aamir teaches that a second application requests a session token and root key and receives said data from shared storage and first application.  

It would have been obvious to one of ordinary skill at the time the invention was filed to use the tokens of Aamir with the prior art because it allows privileged server access by multiple applications via SSO.

As per claim 2.  Trammel teaches the method of claim 1 wherein the remote server is the authorization server.  [0040] (authorization server)

As per claim 3.  Trammel teaches the method of claim 1 wherein the remote server is a second server.  [0040] (authorization server)

As per claim 4. Trammel teaches the method of claim 1 wherein the first mobile application and second mobile application are issued by a same vendor.  [0026] (same vendor)

As per claim 5. Trammel teaches the method of claim 1 wherein the shared security mechanism comprises a keychain. [0049] (iOS keychain)

As per claim 7. Trammel teaches the method of claim 1 wherein the connector code is unique to a specific mobile device.  [0036] (device token unique to user, device)

As per claim 8.  Grajek teaches the method of claim 1 wherein the at least one token identifies a user who is logged in to the first mobile application.  [0068]

As per claim 9. Grajek teaches the method of claim 8, further comprising querying, by the second mobile application, the user to determine whether the user accepts use of the at least one token with the second mobile application, and not using a profile to obtain a token for the second mobile application without acceptance of use of the at least one token with the second mobile application by the user.  [0090] (requires user involvement)


As per claim 11. Grajek teaches the method of claim 1, further comprising searching, by the second mobile application, in the shared security mechanism for the connector code.  [0088] [0094] [0095] (second application uses first token to obtain new token and or access)

As per claim 12. Grajek teaches the method of claim 1, wherein the profile is a profile of a token exchange between the second application and the authorization server; [0088]- [0091]

As per claim 13. Trammel teaches the method of claim 12, wherein the first mobile application and second mobile application are issued by a same vendor and wherein the method further comprises providing to the authorization server, by the profile, the at least one token, the connector code, and a client code associated with the same vendor of the first mobile application and the second mobile application.  [0026] [0034] [0036] [0043] [0047] (teaches the same vendor, token, connector client/App ID)
Grajek teaches the second application and supplementally teaches token and client code/ connector code [0072] [0079] [0088]- [0091]

As per claim 15. Trammel teaches the non-transitory computer-readable storage medium of claim 14 further comprising sending to the second mobile application, by the authorization server, the token for a second mobile application, wherein the token for a second mobile application is stored in the shared security mechanism by the second mobile application.  [0049] (iOS keychain)

As per claim 16. Trammel teaches a request for a token for the first mobile application comprises an authorization code and the request for the token from the first mobile application comprises a request to exchange the authorization code for the first mobile applications token the connector code and at least one other token [0034] [0036] [0037] (Teaches receiving access token/connector code after device token after authentication)

Grajek additionally teaches a request for a token for the first mobile application comprises an authorization code and the request for the token from the first mobile application comprises a request to exchange the authorization code for the first mobile applications token the connector code and at least one other token [0023] [0024] [0027] [0028] [0029] [0030] [0031] [0033] [0034] [0035] [0088]- [0092]

As per claim 17. Trammel teaches the non-transitory computer-readable storage medium of claim 14 wherein the connector code is unique to a specific mobile device.  [0036] (device token unique to user, device)


As per claim 19. Trammel teaches the computing device of claim 18 wherein the program logic further comprises executable logic for sending, to the second mobile application, the token for a second mobile application, wherein the token for a second mobile application is stored in the shared security mechanism by the second mobile application.  [0049] (iOS keychain)


As per claim 20. Trammel teaches the computing device of claim 18 wherein the returning the connector code to the first mobile application occurs after an authorization code from the first mobile application is exchanged for the at least one token. [0034] [0036] [0037] (Teaches receiving access token/connector code after device token after authentication)

Claims 6 is/are rejected under 35 U.S.C. 103 as being unpatentable over Trammel US 20140075513 in view of Grajek US 2014/0082715 in view of in view of Aamir US 2017/0116424 in view of Kendall US 9,473,485.


As per claim 6. Kendall teaches the method of claim 1 wherein the shared security mechanism comprises a keystore.  (Column 33 lines 31-35; 41-53) (teaches storing SSO credentials in a keychain and a keystore)  
It would have been obvious to one of ordinary skill in the art at the time the invention was filed to use the keychain of Kendall with the previous combination because it increases security.


Conclusion
Any inquiry concerning this communication or earlier communications from the examiner should be directed to CHRISTOPHER BROWN whose telephone number is (571)272-3833.  The examiner can normally be reached on M-F 8-5.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Luu Pham can be reached on (571) 270-5002.  The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system.  Status information for published applications may be obtained from either Private PAIR or Public PAIR.  Status information for unpublished applications is available through Private PAIR only.  For more information about the PAIR system, see https://ppair-my.uspto.gov/pair/PrivatePair. Should you have questions on access to the Private PAIR system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative or access to the automated information system, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.






/CHRISTOPHER J BROWN/Primary Examiner, Art Unit 2439