Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .

Information Disclosure Statement
The information disclosure statement (IDS) submitted on March 24, 2021 has been considered by the examiner.

Double Patenting
The nonstatutory double patenting rejection is based on a judicially created doctrine grounded in public policy (a policy reflected in the statute) so as to prevent the unjustified or improper timewise extension of the “right to exclude” granted by a patent and to prevent possible harassment by multiple assignees. A nonstatutory double patenting rejection is appropriate where the conflicting claims are not identical, but at least one examined application claim is not patentably distinct from the reference claim(s) because the examined application claim is either anticipated by, or would have been obvious over, the reference claim(s). See, e.g., In re Berg, 140 F.3d 1428, 46 USPQ2d 1226 (Fed. Cir. 1998); In re Goodman, 11 F.3d 1046, 29 USPQ2d 2010 (Fed. Cir. 1993); In re Longi, 759 F.2d 887, 225 USPQ 645 (Fed. Cir. 1985); In re Van Ornum, 686 F.2d 937, 214 USPQ 761 (CCPA 1982); In re Vogel, 422 F.2d 438, 164 USPQ 619 (CCPA 1970); In re Thorington, 418 F.2d 528, 163 USPQ 644 (CCPA 1969).
A timely filed terminal disclaimer in compliance with 37 CFR 1.321(c) or 1.321(d) may be used to overcome an actual or provisional rejection based on nonstatutory double patenting provided the reference application or patent either is shown to be commonly owned with the examined application, or claims an invention made as a result of activities undertaken within the scope of a joint research agreement. See MPEP § 717.02 for applications subject to examination under the first inventor to file provisions of the AIA  as explained in MPEP § 2159. See MPEP § 2146 et seq. for applications not subject to examination under the first inventor to file provisions of the AIA . A terminal disclaimer must be signed in compliance with 37 CFR 1.321(b). 
The USPTO Internet website contains terminal disclaimer forms which may be used. Please visit www.uspto.gov/patent/patents-forms. The filing date of the application in which the form is filed determines what form (e.g., PTO/SB/25, PTO/SB/26, PTO/AIA /25, or PTO/AIA /26) should be used. A web-based eTerminal Disclaimer may be filled out completely online using web-screens. An eTerminal Disclaimer that meets all requirements is auto-processed and approved immediately upon submission. For more information about eTerminal Disclaimers, refer to www.uspto.gov/patents/process/file/efs/guidance/eTD-info-I.jsp.
Claims 21, 28 and 35 are rejected on the ground of nonstatutory double patenting as being unpatentable over claims 1, 7, 13 of U.S. Patent No. 10,984,078. Although the claims at issue are not identical, they are not patentably distinct from each other because the limitation features of claims 21, 28 and 35 in the current Application No: 17/210903 are generic to their corresponding limitation features in claims 1, 7 and 13 respectively of the US Pat. No.: 10,984,078.
Current Application No.: 17/210,903
US Pat. No.: 10,984,078
21. An authentication method to provide single sign on ("SSO") to a first application, comprising:
providing a portal application on a user device, the portal application displaying icons corresponding to a plurality of applications available to the user and providing SSO access to the plurality of applications by authenticating the user;
launching the portal application on the user device, wherein launching is performed based on loading a script to a component that executes on the user device, the script including a unique request token assigned by an authentication server in response to a request from the first application; and
sending, to the authentication server from the portal application, an authentication request that includes the unique request token and an access token accessible to the portal application, wherein the authentication server validates the authentication request and authenticates the user at the first application.
1. An authentication method to provide single-sign on (“SSO”) to a first application that is not SSO enabled, comprising: receiving, at an authentication server, a request to authenticate the first application executing on a user device; assigning a unique request token to the request from the first application; loading a script to a component that executes on the user device and displays content within the first application, wherein the script: includes the unique request token, and causes a portal application executing on the user device to launch, wherein the portal application provides SSO access to the first application by authenticating the user, and wherein the portal application displays icons corresponding to a plurality of applications available to the user; receiving, at the authentication server from the portal application, an authentication request that includes the unique request token and an access token accessible to the portal application; validating the authentication request; and authenticating the user at the first application.
28. A non-transitory, computer-readable medium comprising instructions that, when executed by a processor of a user device, perform stages for providing single sign on ("SSO") to a first application on the user device, the stages comprising:
providing a portal application on the user device, the portal application displaying icons corresponding to a plurality of applications available to the user and providing SSO access to the plurality of applications by authenticating the user;
launching the portal application on the user device, wherein launching is performed based on loading a script to a component that executes on the user device, the script including a unique request token assigned by an authentication server in response to a request from the first application; and
sending, to the authentication server from the portal application, an authentication request that includes the unique request token and an access token accessible to the portal application,
wherein the authentication server validates the authentication request and authenticates the user at the first application.
7. A non-transitory, computer-readable medium comprising instructions that, when executed by a processor of a computing device, perform stages for providing single-sign on (“SSO”) authentication to a first application that is not SSO enabled, the stages comprising: receiving, at an authentication server, a request to authenticate the first application executing on a user device; assigning a unique request token to the request from the first application; loading a script to a component that executes on the user device and displays content within the first application, wherein the script: includes the unique request token, and causes a portal application executing on the user device to launch, wherein the portal application provides SSO access to the first application by authenticating the user, and wherein the portal application displays icons corresponding to a plurality of applications available to the user; receiving, at the authentication server from the portal application, an authentication request that includes the unique request token and an access token accessible to the portal application; validating the authentication request; and authenticating the user at the first application.
35. A user device for providing single sign on ("SSO") authentication to a first application, comprising:
a processor; and
a memory storage containing a non-transitory, computer-readable medium comprising instructions that, when executed by the processor, carry out stages comprising:
providing a portal application on the user device, the portal application displaying icons corresponding to a plurality of applications available to the user and providing SSO access to the plurality of applications by authenticating the user;
launching the portal application on the user device, wherein launching is performed based on loading a script to a component that executes on the user device, the script including a unique request token assigned by an authentication server in response to a request from the first application; and
sending, to the authentication server from the portal application, an authentication request that includes the unique request token and an access token accessible to the portal application, wherein the authentication server validates the authentication request and authenticates the user at the first application.
13. A system for providing single-sign on (“SSO”) authentication to a first application that is not SSO enabled, comprising: an authentication server having a processor and memory storage; wherein the memory storage contains a non-transitory, computer-readable medium comprising instructions that, when executed by the processor, carry out stages comprising: receiving, at an authentication server, a request to authenticate the first application executing on a user device; assigning a unique request token to the request from the first application; loading a script to a component that executes on the user device and displays content within the first application, wherein the script: includes the unique request token, and causes a portal application executing on the user device to launch, wherein the portal application provides SSO access to the first application by authenticating the user, and wherein the portal application displays icons corresponding to a plurality of applications available to the user; receiving, at the authentication server from the portal application, an authentication request that includes the unique request token and an access token accessible to the portal application; validating the authentication request; and authenticating the user at the first application.



Claim Rejections - 35 USC § 103
In the event the determination of the status of the application as subject to AIA  35 U.S.C. 102 and 103 (or as subject to pre-AIA  35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status.  
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.

Claims 21-40 are rejected under 35 U.S.C. 103 as being unpatentable over Ahmed et al. (Hereinafter referred to as Ahmed, US 20140337954) in view of HAYTON et al. (Hereinafter referred to as HAYTON, US 20110277027).

As per claim 21:
Ahmed discloses an authentication method to provide single sign on (“SSO”) to a first application, comprising:
providing a portal application on a user device the portal application displaying icons corresponding to a plurality of applications available to the user ([0057, 0070, 0072]: The merchant user 201 clicks a corresponding UI link 207a (e.g., a link, a widget, etc. including icons), and providing SSO access to the plurality of applications by authenticating the user ([0054-0057]: SSO-based federation to partner sites (e.g., Service A 203a in partnership with Service B 203b);  [0055]: a federated account platform 115 that enables federated single-sign-on access across partner services or portals);
launching the portal application on the user device ([0055]: a self-service interface (SSI) portal, e.g., Service A portal 205a or Service B portal 205b), including a unique request token assigned by an authentication server in response to a request from the first application ([0072]: retrieve the actual OAuth token via, e.g., a GetToken API); and
sending, to the authentication server from the portal application, an authentication request that includes the unique request token and an access token accessible to the portal application ([0070-0072]: The merchant user 201 finds a link or embedded web UI widget 207a that allows the merchant user 201 to seamlessly navigate to the partner portal (e.g., Service B portal 205b). In one embodiment, the UI link 207a is a web link or widget embedded in a landing page of the Service A portal 205a. On detecting the click, the Service A portal 205a provides the Token A to the service A authentication server 215A in a message 309 using, for instance, OAuth for transmission to the Service B 203b. The service A authentication server 215a validates the token in a process 311, and transmits the validated Token A to the UI Link 207a associated with Service B 203b via a message 313), wherein the authentication server validates the authentication request and authenticates the user at the first application ([0072-0073]: Validate token).

Ahmed does not explicitly disclose wherein launching the portal application is performed based on loading a script to a component that executes on the user device and the displayed plurality of application available to the user using icons. HAYTON, in analogous art however, discloses wherein launching the portal application is performed based on loading a script to a component that executes on the user device (H. Systems and Methods for Single Sign on (SSO) to Disparately Hosted Application; [0303] provide a single authentication domain across a plurality of disparately hosted applications. A user may access one or more of a plurality of disparately hosted applications via a web portal or interface provide by a cloud access system. The cloud access system may include, interface, communicate or integrate via an API to any applications of the user running on a client that requests access to the back-end applications. The cloud access system may interface, communicate or integrate to any one or more type of applications, including but not limited to SaaS applications, cloud hosted application and/or enterprise web based applications. [0347] The web server 106 delivers web pages to the client 102. The web server 106 is an Enterprise Information Portal (e.g., corporate Intranet or secured business-to-business extranet). Enterprise portals are company web sites that aggregate, personalize and serve applications, data and content to users, while offering management tools for organizing and using information more efficiently. Portals have replaced traditional desktop software with browser-based access to a virtual workplace. [0348] The web server 106' can also include a publishing server plug-in 1165 to enable the publishing of graphical user interface (GUI) applications. The publishing server plug-in 1165 is a Common Gateway Interface (CGI) script, which is a program designed to accept and return data that conforms to the CGI specification) and the displayed plurality of application available to the user using icons ( [0337) Limit the view to those applications for which the user of the client 102 has authorization to access. Presents the applications to the user as a list or a group of icons. [0394] multiple icons can exist on a client 102 for a particular application. ([0527, 0529]: Web Portal or Dazzle interface consolidated list of applications available to the user along with application icon. Figure 24A: Application cons).
Therefore, it would have been obvious to a person having ordinary skill in the art before the effective filing date of the invention to modify the claimed limitations of the single sign on disclosed by Ahmed to include wherein launching the portal application is performed based on loading a script to a component that executes on the user device and the displayed plurality of application available to the user using icons. This modification would have been obvious because a person having ordinary skill in the art would have been motivated by the desire to provide a solution a problem of accessing applications on disparately hosted systems by providing a single click access via a single interface to any combination of SaaS and cloud hosted applications as well as traditional enterprise hosted applications as suggested by HAYTON in ([0003-0004).

As per claim 22:
HAYTON discloses wherein the script causes the portal application to confirm enrollment of the user device ([0357; 0358-0361:  enroll workstation, groups of users to enroll one or more network resources).

As per claim 23:
HAYTON discloses wherein the component implements a WebView class of an operating system on the user device ([0451, 0453-0455: Object class plug in into web services).

As per claim 24:
Ahmed discloses providing a refreshed access token from the portal application to the authentication server ([0072]: Validation of Token, renew expired token).

As per claim 25:
HAYTON discloses wherein after a predetermined time period elapses without having authenticated the user at the first application, redirecting the user to an authentication interface for the authentication server ([0502, 0505, 0510]: redirect client login to, the cloud access/SSO system processes the redirected request from the client or browser]).

As per claim 26:
HAYTON discloses wherein the first application does not correspond to one of the plurality of application icons displayed within the portal application ([0544-0046]: one of the application is a third party application in the icons displayed with a plurality of applications).

As per claim 27:
HAYTON discloses wherein the first application corresponds to one of the plurality of application icons displayed within the portal application ([05227-0529]: third party application icon in the web Poral/Dazzle).

As per claims 28-34:
Claims 28-34 are directed to a non-transitory, computer-readable medium comprising instructions that, when executed by a processor of a user device, perform stages for providing single sign on ("SSO") to a first application on the user device, the stages having substantially similar corresponding limitation features of claims 21-27 respectively and therefore claims 28-34 are rejected with the same rationale given above to reject claims 21-27 respectively.

As per claim 35-40:
Claims 35-40 are directed to user device for providing single sign on ("SSO") authentication to a first application, comprising: a processor; and a memory storage containing a non-transitory, computer-readable medium comprising instructions that, when executed by the processor, carry out stages having substantially similar corresponding limitation features of claims 21,22, 24-27 respectively and therefore claims 35-34 are rejected with the same rationale given above to reject claims 21,22, 24-27 respectively.


Conclusion
The prior arts made of record and not relied upon are considered pertinent to applicant's disclosure. See the notice of reference cited in form PTO-892 for additional prior arts.

Contact In formation
Any inquiry concerning this communication or earlier communications from the examiner should be directed to TECHANE GERGISO whose telephone number is (571)272-3784. The examiner can normally be reached 9:30am to 6:30pm.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, JUNG W KIM can be reached on 5712723804. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. Visit https://www.uspto.gov/patents/apply/patent-center for more information about Patent Center and https://www.uspto.gov/patents/docx for information about filing in DOCX format. For additional questions, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.





/TECHANE GERGISO/Primary Examiner, Art Unit 2494