Detailed Action
1.	This Office Action is in response to the Applicant’s communication filed on 05/25/2022. In virtue of this communication, claims 1-20 are currently pending in this Office Action.

Response to Arguments
2.	In Remarks, applicant states that the prior art does not teach or suggest at least the elements of independent claims mainly based on the amended claim limitations. However, the amended claims are considered obvious by the rationales presented in the claim rejection section set forth below.

	Claim Rejections - 35 USC § 103
3.	The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102 of this title, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains.  Patentability shall not be negated by the manner in which the invention was made.

4.	The factual inquiries set forth in Graham v. John Deere Co., 383 U.S. 1, 148 USPQ 459 (1966), that are applied for establishing a background for determining obviousness under 35 U.S.C. 103 are summarized as follows:
1. Determining the scope and contents of the prior art.
2. Ascertaining the differences between the prior art and the claims at issue.
3. Resolving the level of ordinary skill in the pertinent art.
4.Considering objective evidence present in the application indicating obviousness or nonobviousness.

5.	Claims 1-11 and  14-20 are rejected under 35 U.S.C. 103 as being unpatentable over Vangpat et al. Pub. No.: US 2013/0086670 A1 in view of Grajek et al. Pub. No.: US 2015/0007299 A1 evidenced by Bestmann et al. Pub. No.: US 2013/0275560 A1. 

Claim 1
Vangpat discloses a method (fig. 3-5) comprising:

    PNG
    media_image1.png
    406
    749
    media_image1.png
    Greyscale

receiving, at a wireless carrier network (host system server 104 in fig. 1 and host system in fig. 3-5), a request (330 in fig. 3 and 334 in fig. 4) to determine a current status of access rights in association with a user and an online service (the callback request in par. 0058; see online data in par. 0025), the request comprising a request to access the online service received from at least one user device (par. 0059 for logging the user into the host system via the user’s third party system credentials, and see par. 0065 for credentials; alternatively 344 in fig. 4), wherein the at least one user device is granted access (320 in fig. 3 for granting access or validating the token in 348 of fig. 4) to the online service via a session token associated with the online service (348-350 in fig. 4; see fig. 5); 
determining, in parallel to the at least one user device being granted access to the online service (fig. 3-4 in view of fig. 5; validating the token in 348 in fig. 4 and 320 in fig. 3 for authorizing access), and based on one or more conditions associated with the online service, the current status of access rights (348 in fig. 4 and par. 0062; 374 in fig. 5 and see par. 0065); and
upon determining that the current status of access rights indicates that the user is not authorized to access the online service (348 in fig. 4 and par. 0062 in view of par. 0056, if token is invalid, the user access would be denied as explained in par. 0056). 
Although Vangpat does not explicitly disclose: “generating programmatic instructions to cause the session token associated with the online service to be removed from a memory of the at least one user device; and providing the programmatic instructions to the at least one user device”, the claim limitations are considered obvious by the following rationales.
	Firstly, to consider the obviousness of the claim limitation “generating programmatic instructions to cause the session token associated with the online service to be removed from a memory of the at least one user device”, recall that Vangpat discloses generating programmatic instructions to cause the session token associated with the online service (third party system 106 in fig. 1 & 3 sends user browser to send a callback request in 326 in fig. 3; 362 in fig. 4). In particular, Grajek teaches sending  mobile device 110a instruction to delete browser token (5 in fig. 9).
	Secondly, to reveal the obviousness of the claim limitation “providing the programmatic instructions to the at least one user device”, recall that callback request 326 in fig. 3 and 362 in fig. 4 of Vangpat would have met the four corners of the addressing claim limitation. Additionally, Grajek teaches performing access authentication URL and receiving claim App identity from authentication appliance via browser in fig. 7-8 (see step 5 in fig. 9 and step 6 in fig. 10).
Therefore, it would have been obvious to one of ordinary skill in the art, before the effective filing date of the claimed invention, to modify third party authentication in an on-demand service of Vangpat by providing mobile multifactor single-sign-on authentication as taught in Grajek. Such a modification would have included an independent browser on a mobile device to authenticate an application executed on the mobile device so that a user might not have created a security risk when the user logs in and logs out of applications as suggested in par. 0005 & 0007 in Grajek.
	Alternatively, the claim limitations “generating programmatic instructions to cause the session token associated with the online service to be removed from a memory of the at least one user device” are considered obvious by the rationales found in Bestmann. In particular, Bestmann teaches sending the device push notification to delete profile (fig. 5 and see par. 0049) and verifying token validity to ensure a legit call to modify the configuration profile explained in par. 0082.
Therefore, it would have been obvious to one of ordinary skill in the art, before the effective filing date of the claimed invention, to modify third party authentication in an on-demand service of Vangpat in view of Grajek by providing configuration of third party applications as taught in Bestmann to obtain the claimed invention as specified in the claim. Such a modification would have included a software application on a mobile device to configure a profile for the third party applications in a sandboxed environment so that a security mechanism would have protected the mobile device from malware and other malicious code injected into running applications as suggested in par. 0003-0005 in Bestmann.

Claim 2
Vangpat, in view of Grajek and Bestmann, discloses the method of claim 1, wherein the request is received from a mobile application installed upon the at least one user device (Vangpat, web browser application 110 in fig. 1 sends request to the host system in 304 of fig. 3 and a callback request in 328 in fig. 3; Grajek, 11a App 1 in fig. 1; and thus, application reads on the claim).

Claim 3
Vangpat, in view of Grajek and Bestmann, discloses the method of claim 1, wherein the request is received from a third-party provider of the online service (Vangpat, third party sends the authentication token in 342 of fig. 4; Grajek, authentication appliance 102 receives access request via access authentication URL in steps 3 in fig. 2; therefore, the combined prior art would have rendered the claim obvious).

Claim 4
Vangpat, in view of Grajek and Bestmann, discloses the method of claim 3, wherein the session token is associated with a set of communications between the user device and the third-party provider of the online service (Vangpat, session token in fig. 4; Grajek, token in fig. 2-4 and see token in par. 0029, 0034 & 0034; Bestmann, token validation in par. 0078 & 0080; accordingly, the combined prior art reads on the claim).

Claim 5
Vangpat, in view of Grajek and Bestmann, discloses the method of claim 3, wherein the request is received from the third-party provider of the online service upon a determination that some predetermined amount of time has passed since a latest request to determine access rights was submitted (Vangpat, session token in fig. 4 and see a refresh token in par. 0060; Grajek, the identity token with the credential’s expiration time in par. 0028; the session toke may be valid during one browser session or other short time period in par. 0034; accordingly, one of the ordinary skill in the art would have expected the claim to perform equally well with the combined prior art, see MPEP 2143, Exemplary Rationale F).

Claim 6
Vangpat, in view of Grajek and Bestmann, discloses the method of claim 1, wherein the instructions are provided to the at least one user device via a mobile data channel (Vangpat, data communication network 108 in fig. 1 and see par. 0023 & 0032 for cellular communications network for communicating with mobile phones and thus, client device 102 of fig. 1 could have performed instructions in fig. 3-4 via the cellular data communications; Grajek, 3G, or 4G cellular data technology, GSM, EDGE, UMTS, WCDMA, EV-DO & LTE in par. 0045; and thus, the combined prior art reads on the claim).
Claim 7
Vangpat, in view of Grajek and Bestmann, discloses the method of claim 6, wherein the mobile data channel comprises a mobile communication channel that uses a long-term evolution (LTE) standard (Vangpat, network 108 of fig. 1 in par. 0032; Grajek, 3G or 4G such as LTE in par. 0045; therefore, the combined prior art meets the claim condition; alternatively, LTE is merely a standard).

Claim 8
Vangpat, in view of Grajek and Bestmann, discloses the method of claim 1, wherein the session token comprises a string of random characters (Vangpat, token in par. 0030 & 0059; Grajek, identity token is a client app identity that could be encrypted or unencrypted URL string in par. 0029, text string in par. 0071; accordingly, one of ordinary skill in the art would have expected the token in the combined prior art to be a string random characters as recited in the claim, see MPEP 2143, KSR Exemplary Rationale G).

Claim 9
	Claim 9 is a device claim corresponding to method claim 1. All of the limitations in claim 9 are found reciting the structures for the same scopes of the respective limitation of claim 1. Accordingly, claim 9 is considered obvious by the same rationales applied in the rejection of claim set forth above. Additionally, Winner discloses a computing device (140 in fig. 1-3) comprising: a processor (authorization server 330 in fig. 3); and a memory (login database 335 in fig. 3) including instructions that, when executed with the processor, cause the computing device (see fig. 1 & 4 for the instructions performed by online system 140 in fig. 1-3).

Claim 10
Vangpat, in view of Grajek and Bestmann, discloses the computing device of claim 9, wherein determining a current status of access rights for the user with respect to the online service comprises retrieving one or more conditions associated with the access rights and determining an extent to which information associated with the user satisfies the one or more conditions (Vangpat, session token in fig. 4 and par. 0056 & 0062; Grajek, client App identity 606 & token 605 in fig. 6 could be one or more conditions, and see par. 0062 & 0064; accordingly, one of ordinary skill in the art would have expected the claim to perform equally well with the combined prior art).

Claim 11
Vangpat, in view of Grajek and Bestmann, discloses the computing device of claim 10, wherein the information associated with the user comprises information retrieved from an account associated with the user with the wireless carrier network (Vangpat, third party user data in fig. 5 and par. 0065; Grajek, the web server will retrieve the browser-accessible session token in par. 0098; therefore, the combined prior art would have rendered the claim obvious).



Claim 14
Vangpat, in view of Grajek and Bestmann, discloses the computing device of claim 9, wherein the session token enables access to the online service without authentication (Grajek, the session token may be presented to the authentication appliance by the browser to bypass reauthentication as validation and other mobile apps may pass through without authentication in par. 0028; accordingly, one of ordinary skill in the art would have expected the claim to perform equally well with the combined prior art, see MPEP 2143, KSR Exemplary Rationale G).

Claim 15
Vangpat, in view of Grajek and Bestmann, discloses the computing device of claim 14, wherein removal of the session token from the memory of the at least one user device causes a provider of the online service to request login credentials from the user device upon an attempt to gain access to the online service using the user device (Vangpat, credentials for authentication in par. 0056, credentials for token in par. 0059, and user data credentials in par. 0065; Grajek, the session token may be presented to the authentication appliance by the browser to bypass reauthentication as validation in par. 0028, and credential in par. 0054; accordingly, the combined prior art would have rendered the claim obvious, see MPEP 2143, KSR Exemplary Rationale F).

Claim 16
Vangpat, in view of Grajek and Bestmann, discloses the computing device of claim 15, wherein the instructions are provided to the at least one user device as a software update (Vangpat, update in step 378 of fig. 5; Grajek, updating software could have involved downloading and installation explained in par. 0053; Bestmann, push notification popped up on the device to install a new configuration profile, i.e., a software update, in par. 0037 and fig. 2; for these reasons, the combined prior art would have rendered the claim obvious).

Claim 17
Vangpat, in view of Grajek and Bestmann, discloses the computing device of claim 9, wherein the instructions are provided to the at least one user device within a push message (Bestmann, notification pushed in step 102 in fig. 2 and par. 0036, a push notification, and 202 in fig. 5 and par. 0050; and thus, the combined prior art renders the claim obvious).

Claim 18-20
	Claims 18-20 are product claims corresponding to method claims 1-3. All of the limitations in claims 18-20 are found reciting the same scopes of the respective limitations of claims 1-3. Accordingly, claims 18-20 are considered obvious by the same rationales applied in the rejection of claims 1-3 respectively set forth above.

6.	Claims 12 and 13 are rejected under 35 U.S.C. 103 as being unpatentable over Vangpat in view of Grajek, Bestmann, and Ashley et al. Pub. No.: US 2014/0351370 A1. 

Claim 12
Although Vangpat, in view of Grajek and Bestmann, does not disclose “the computing device of claim 9, wherein the at least one user device comprises multiple user devices associated with the user”, claim 12 is considered  obvious by the following rationales.
	In fact, it’s conventional that a user uses to log in to a third party application from different device, for instance, a social media, a user logging into Facebook, Twitter with a mobile phone, tablet, PC and laptop. Therefore, third party application in the combined prior art could be accessed by user with different mobile devices and claim could have been expected by one ordinary skill in the art to perform equally well with Vangpat in view of Grajek and Bestmann. However, to advance the prosecution, further evidence is provided herein. In particular, Ashley teaches authenticating user on different devices for an active network communication session associated with a server (fig. 3).
Therefore, it would have been obvious to one of ordinary skill in the art, before the effective filing date of the claimed invention, to modify third party authentication in an on-demand service of Vangpat in view of Grajek and Bestmann by providing web application sessions shared across multiple devices as taught in Ashley to obtain the claimed invention as specified in the claim. Such a modification would have authenticated a user for sharing web application sessions associated with a server across multiple devices associated with a user for synchronizing files, applications and application configurations so that the user could have continued the active network communication session through a second device or a third device without complication and requiring sophisticated system  as suggested in par. 0003-0005 of Ashley.
Claim 13
Vangpat, in view of Grajek, Bestmann and Ashley, discloses the computing device of claim 12, wherein the multiple user devices are identified by virtue of having been used to access the online service in the past (par. 0021-0023 of Ashley reads on the claim for maintaining communication sessions active and inactive in the state table depicted in fig. 2).

Conclusion
7.	The prior art made of record and not relied upon is considered pertinent to applicant's disclosure.
	Pollutro et al. Pub. No.: US 20090328186 A1, “Computer Security System” (see fig. 3, 7, 12-13).
	Mary et al. Pub. No.: US 2015/0373015 A1, “Authentication And Authorization Using Device-Based Validation” (see fig. 2-5 & 9).

8.	Applicant's amendment necessitated the new ground(s) of rejection presented in this Office action.  Accordingly, THIS ACTION IS MADE FINAL.  See MPEP § 706.07(a).  Applicant is reminded of the extension of time policy as set forth in 37 CFR 1.136(a).  
A shortened statutory period for reply to this final action is set to expire THREE MONTHS from the mailing date of this action.  In the event a first reply is filed within TWO MONTHS of the mailing date of this final action and the advisory action is not mailed until after the end of the THREE-MONTH shortened statutory period, then the shortened statutory period will expire on the date the advisory action is mailed, and any extension fee pursuant to 37 CFR 1.136(a) will be calculated from the mailing date of the advisory action.  In no event, however, will the statutory period for reply expire later than SIX MONTHS from the date of this final action. 

Contact Information
9.	Any inquiry concerning this communication or earlier communications from the examiner should be directed to SAN HTUN whose telephone number is (571)270-3190. The examiner can normally be reached Monday - Thursday 7 AM - 5 PM.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Jinsong Hu can be reached on 5712723965. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. Visit https://www.uspto.gov/patents/apply/patent-center for more information about Patent Center and https://www.uspto.gov/patents/docx for information about filing in DOCX format. For additional questions, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.


/SAN HTUN/
Primary Examiner, Art Unit 2643