DETAILED ACTION
Claims 1, 3-8, 10-15, and 17-23 are allowed.

Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .

EXAMINER’S AMENDMENT
An examiner’s amendment to the record appears below. Should the changes and/or additions be unacceptable to applicant, an amendment may be filed as provided by 37 CFR 1.312. To ensure consideration of such an amendment, it MUST be submitted no later than the payment of the issue fee.
Authorization for this examiner’s amendment was given in an interview with Marlena Burt (Reg. No. 68750) on July 27, 2022.
The application has been amended as follows: 

1. (Currently Amended) A system for implementing single sign on (SSO) for third-party services accessible through received messages, the system comprising: 
a client device comprising a processor and a memory; 
a first application executable in the client device, wherein, when executed, the first application causes the client device to at least: 
receive an email message associated with a third-party service, the email message including a selectable component configured to redirect a user to the third-party service upon selection, the third-party service requiring authentication of the user for access to content; 
send a request for the content associated with the third-party service in response to a selection of the selectable component; 
initialize a second application configured to intercept traffic between a network and the first application; and 
render a user interface comprising the content associated with the third-party service in response to providing a SSO token to the third-party service for authentication, and 
the second application executable in the client device, wherein, when executed, the second application causes the client device to at least: 
intercept an authentication request from the third-party service; 
redirect the authentication request and a device certificate associated with the client device to an identity manager to obtain [a] the SSO token; and 
receive the SSO token from the identity manager. 

5. (Currently Amended) The system of claim 3, wherein the SSO connector is configured to comply with an administrator-defined authentication mechanism.  

6. (Currently Amended) The system of claim 1, wherein the selectable component is an embedded uniform resource locator (URL).

7. (Currently Amended) The system of claim 1, wherein, when executed, the first application causes the client device to at least: 
generate a prompt requesting [a] the user to select the selectable component; and 
display the prompt on a display of the client device. 

14. (Currently Amended) The method of claim 8, further comprising: 
generating, by the first application, a prompt requesting [a] the user to select the selectable component; and -5-
displaying, by the first application, the prompt on a display of the client device.  

15. (Currently Amended) A non-transitory computer readable medium for implementing single sign on (SSO) for third-party services accessible through received messages, the non-transitory[,] computer readable medium comprising machine-readable instructions that, when executed by a processor of a client device, cause the client device to at least: 
receive, by a first application executed by the client device, an email message associated with a third-party service, the email message including a selectable component configured to redirect a user to a third-party service upon selection, the third-party service requiring authentication of the user for access of content; 
send, by the first application executed by the client device, a request for the content associated with the third-party service in response to a selection of the selectable component; 
initialize, by the first application executed by the client device, a second application, the second application being configured to intercept traffic between a network and the first application; 
intercept, by the second application executed by the client device, an authentication request from the third-party service; 
redirect, by the second application executed by the client device, the authentication request and a device certificate associated with the client device to an identity manager to obtain a SSO token; -6-
receive, by the second application executed by the client device, the SSO token from the identity manager; and render, by the first application executed by the client device, a user interface comprising the content associated with the third-party service in response to providing the SSO token to the third-party service for authentication.

20. (Currently Amended) The non-transitory computer readable medium of claim 15, wherein the machine-readable instructions, when executed by the processor of the client device, further cause the client device to at least: 
generate, by the first application, a prompt requesting [a] the user to select the selectable component; and 
display, by the first application, the prompt on a display of the client device.  

21. (Currently Amended) The system of claim 1, wherein the second application provides the SSO token to the first application in response to receiving the SSO token from the identity manager.  

22. (Currently Amended) The method of claim 8, wherein the second application provides the SSO token to the first application in response to receiving the SSO token from the identity manager.  

23. (Currently Amended) The non-transitory computer readable medium of claim 15, wherein the second application provides the SSO token to the first application in response to receiving the SSO token from the identity manager.

REASONS FOR ALLOWANCE
The following is an examiner’s statement of reasons for allowance: The primary reason for the allowance of the claims is the inclusion of the limitation, inter alia, “a client device comprising a processor and a memory; a first application executable in the client device, wherein, when executed, the first application causes the client device to at least: receive an email message associated with a third-party service, the email message including a selectable component configured to redirect a user to the third-party service upon selection, the third-party service requiring authentication of the user for access to content; send a request for the content associated with the third-party service in response to a selection of the selectable component; initialize a second application configured to intercept traffic between a network and the first application; and render a user interface comprising the content associated with the third-party service in response to providing a SSO token to the third-party service for authentication, and the second application executable in the client device, wherein, when executed, the second application causes the client device to at least: intercept an authentication request from the third-party service; redirect the authentication request and a device certificate associated with the client device to an identity manager to obtain the SSO token; and receive the SSO token from the identity manager". 
The following is considered to be the closest prior art of record:
O’Donnell (US 2017/0026362) – teaches the user receiving an email with a clickable link to direct the user to an SSO protected web page. A request for user credentials is intercepted and redirected to a ticket generator. The ticket is generated and sent to the SSO resource, where the ticket is exchanged for an SSO token. Next, the user is granted access to the SSO resource based on the SSO token.
Cha (US 2012/0072979) – teaches receiving a shared secret and a signed assertion message that are used to obtain access to services.
Maria (US 2019/0372962) – teaches an agent intercepting an access request for an application on the client device and redirecting the access request and sending a device X.509 certificate for authentication. The user device certificate is used to sign and later verify the token.
Slavov (US 2017/0093868) – teaches intercepting authentication requests and authentication responses.
Cai (US 2017/0289140) – teaches SSO for an enterprise using a session token.
Agarwal (US 2011/0277026) – teaches SSO using interception and redirection to access third party applications.
However, the concept of using multiple applications on the same client device to receive an SSO token to obtain access to protected content as claimed cannot be found in the prior art of record.
None of the prior art of record, either taken by itself or in any combination, would have reasonably anticipated or made obvious the invention of the present application at or before the time it was effectively filed. The concepts and features, as claimed, are considered to be a non-obvious combination of limitations not taught in the prior art. Therefore, claims 1, 3-8, 10-15, and 17-23 are considered to be allowable.
According to MPEP 1302.14 (I): “In most cases, the examiner’s actions and the applicant’s replies make evident the reasons for allowance, satisfying the “record as a whole” proviso of the rule. This is particularly true when applicant fully complies with 37 CFR 1.111 (b) and (c) and 37 CFR 1.133(b). Thus, where the examiner’s actions clearly point out the reasons for rejection and the applicant’s reply explicitly presents reasons why claims are patentable over the reference, the reasons for allowance are in all probability evident from the record and no statement should be necessary.”
The amendments and remarks submitted on July 7, 2022 in combination with the above Examiner Amendment has overcome the previous prior art rejections. Therefore, all of the previous rejections have been removed and the current claims are in condition for allowance.
Any comments considered necessary by applicant must be submitted no later than the payment of the issue fee and, to avoid processing delays, should preferably accompany the issue fee.  Such submissions should be clearly labeled “Comments on Statement of Reasons for Allowance.”

Conclusion
Any inquiry concerning this communication or earlier communications from the examiner should be directed to JOHN B KING whose telephone number is (571)270-7310.  The examiner can normally be reached on Monday-Friday 10AM-6PM EST.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Yin-Chen Shaw can be reached on 5712728878.  The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system.  Status information for published applications may be obtained from either Private PAIR or Public PAIR.  Status information for unpublished applications is available through Private PAIR only.  For more information about the PAIR system, see http://pair-direct.uspto.gov. Should you have questions on access to the Private PAIR system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative or access to the automated information system, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.





/John B King/
Primary Examiner, Art Unit 2498