DETAILED ACTION
Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .
This action is in response to the filing dated 11/25/2020. Claims 1-20 have been filed.

Priority
The instant application claims no priority.

Information Disclosure Statement
The information disclosure statement (IDS) submitted on 11/25/2020 is in compliance with the provisions of 37 CFR 1.97.  Accordingly, the information disclosure statement is being considered by the examiner.

Claim Rejections - 35 USC § 101
35 U.S.C. 101 reads as follows:
Whoever invents or discovers any new and useful process, machine, manufacture, or composition of matter, or any new and useful improvement thereof, may obtain a patent therefor, subject to the conditions and requirements of this title.


Claim 20 is rejected under 35 U.S.C. 101 because:
1.	The claimed invention is directed to non-statutory subject matter.  The claim does not fall within at least one of the four categories of patent eligible subject matter because the original specification, par. 0076, only excludes a transitory computer program medium.  It is noted that a computer program product is not necessarily a computer program media.
2.	Per 2019 Revised PEG, since Step 1 of the analysis is not satisfied, although claims do not recite any abstract idea as decided by Step 2A of the analysis, claim 20 is nonetheless patent “ineligible”. 

Intended Use
Claims 1, 10 and 20 recite the functional limitation “to attempt discovery with a second user device to ascertain virtual proximity of the first user device with the second user device” as intended use. 
For examination, intended use recitations have been considered but given less patentable weight because they fail to add any steps and are thereby regarded as intended use language. A recitation of the intended use of the claimed invention must result in a structural difference between the claimed invention and the prior art in order to patentably distinguish the claimed invention from the prior art. As such, if the prior art structure is capable of performing the intended use, then it meets the claim.
A positive recitation of the limitations is required in order to be given full patentable weight. 

Claim Rejections - 35 USC § 102
The following is a quotation of the appropriate paragraphs of 35 U.S.C. 102 that form the basis for the rejections under this section made in this Office action:
A person shall be entitled to a patent unless –

(a)(2) the claimed invention was described in a patent issued under section 151, or in an application for patent published or deemed published under section 122(b), in which the patent or application, as the case may be, names another inventor and was effectively filed before the effective filing date of the claimed invention.

Claim(s) 1-3, 5, 7-13, 15 and 17-20 are rejected under 35 U.S.C. 102 (a) (2) as being anticipated by Abdul, US2020/0358755A1.

Per claim 1, Abdul discloses a computer-implemented method for establishing connectivity between user devices, comprising: 
broadcasting a message to running processes on an operating system of a first user device (in the microservices architecture, an application is developed as a collection of services, and each service runs a respective process and uses a lightweight protocol to communicate (e.g., a unique API for each microservice) – Abdul: par. 0029 – Note: SSO microservice 1008 issues the sessions (i.e., an SSO cookie 1014 is provided) and is the only system in the architecture that has the authority to issue a session – par. 0159) to indicate that a requesting application is looking for a live connection channel (SSO session) to attempt discovery with a second user device to ascertain virtual proximity of the first user device with the second user device (Since the user has already signed in from device A, IDCS SSO finds the existing user session, and creates an alias user session linked to the primary/existing user session (e.g., parent/child user sessions). The alias user session is stored in IDCS session data store with the user session status as “In Process”. IDCS creates and sets an encrypted session cookie with the session ID of the alias user session in device B's browser component and returns the OAuth authorization code. The IDCS generated authorization code also has an association to this alias user session…Then, the app in device B generates a client assertion by signing the JWT token using the private key of device B (whose corresponding public key is enrolled in the CoT device group) and sends the OAuth token request to IDCS OAuth infrastructure. OAuth validates the authorization code and the client assertion sent by device B using the public key of device B in the CoT device group. After successful validation, IDCS retrieves the alias session ID from authorization code and updates the alias session status in IDCS session data store to “Valid” – Abdul: par. 0212 and 0213 – Note: Embodiments provide SSO session synchronization across multiple devices owned by the same user by enrolling the devices in a Circle of Trust (“CoT”) device group associated with the user and managed in IDCS, where only devices in proximity of each other may request and complete enrollment in the CoT device group – par. 0201); 
receiving a response from a live connection channel (In one embodiment, a request ID identifying the first request is generated. In one embodiment, the request ID and device characteristics of the first device are passed in the push notification to the second device, and the request ID is returned to the first device in an HTTPS response – Abdul: par. 0230); and 
attempting to verify pairing via the live connection channel to confirm a virtual proximity of the second user device with the first user device, wherein the pairing provides information for establishing a subsequent connection between the first and second user devices via the requesting application (some embodiments perform session synchronization using, for example, Bluetooth or NFC communications, for sharing the same SSO session across multiple devices when the devices are in a vicinity of each other. For example, in one embodiment, the first device encrypts the SSO session/token using the second device's public key it obtained from the user's CoT device group and sends the encrypted SSO session to the second device. The second device decrypts the encrypted SSO session using the second private key stored in the second device and re-uses the SSO session/token. In one embodiment, when one session is logged off, all other sessions are logged off. Unlike known systems that use a central server, embodiments use device to device communication for device enrollment in the CoT device group used during session synchronization. One embodiment enables seamless transfer and replication of an SSO session created in one user's device to the user's other trusted devices, via a CoT device group, thereby avoiding user re-authentication when the user starts using secured apps in their other devices – Abdul: par. 0242 – Note: Once the signature of the JWT token is validated successfully, IDCS adds the public key of device B to the user's CoT device group and returns the device ID and the client ID to the app in device B).

Per claim 10, it recites a computer system for establishing connectivity between user devices as recited in the computer-implemented method of claim 1, comprising: 
one or more computer processors; one or more computer readable storage media; and computer program instructions, the computer program instructions being stored on the one or more computer readable storage media for execution by the one or more computer processors (Each client or server includes a bus or other communication mechanism for communicating information, and a processor coupled to bus for processing information. The processor may be any type of general or specific purpose processor. Each client or server may further include a memory for storing information and instructions to be executed by processor. The memory can be comprised of any combination of random access memory (“RAM”), read only memory (“ROM”), static storage such as a magnetic or optical disk, or any other type of computer readable media. Each client or server may further include a communication device, such as a network interface card, to provide access to a network. Therefore, a user may interface with each client or server directly, or remotely through a network, or any other method – Abdul: par. 0193).
Therefore, claim 10 is rejected based on the same analysis and motivation to combine as set forth in the rejection of claim 1 above. 

Per claim 20, it recites a computer program product for establishing connectivity between user devices, the computer program product comprising a computer readable storage medium having program instructions embodied therewith (Computer readable media may be any available media that can be accessed by processor and includes both volatile and non-volatile media, removable and non-removable media, and communication media. Communication media may include computer readable instructions, data structures, program modules, or other data in a modulated data signal such as a carrier wave or other transport mechanism, and includes any information delivery media – Abdul: par. 0194), the program instructions executable by a processor to cause the processor to perform the method steps of claim 1. 
Therefore, claim 20 is rejected based on the same analysis and motivation to combine as set forth in the rejection of claim 1 above. 

Per claims 2 and 11, Abdul discloses features as claimed in claims 1 and 10, wherein providing information for establishing the subsequent connection provides secured information using cryptographic operations (device A determines the distance between the two devices, and if the devices are within a certain range, device A creates a JSON Web Token (“JWT”) including “subject” and “issuer” claims as device A's device ID and the request ID. The JWT token is signed with device A's private key using JSON Web Signature (“JWS”). The app in device A sends the signed JWT token to the app in device B using the P2P channel. The JWT token indicates that the user has given consent from device A for enrolling device B in the CoT device group of the user – Abdul: par. 0205).

Per claims 3 and 12, Abdul discloses features as claimed in claims 1 and 10, wherein the pairing uses pairing codes registered for a payload at a pairing service (Embodiments provide SSO session synchronization across multiple devices owned by the same user by enrolling the devices in a Circle of Trust (“CoT”) device group associated with the user and managed in IDCS, where only devices in proximity of each other may request and complete enrollment in the CoT device group – Abdul: par. 0201) for a limited amount of time (JWS includes user consent to enroll and is only valid while SSO session cookie is valid) and includes sending a cryptographically signed and/or encrypted payload via the live connection channel (At 1442 enrolled device 1406 determines whether the distance between itself and enrolling device 1404 is within a threshold, and if so, establishes a P2P communication with enrolling device 1404. At 1444 enrolled device 1406 generates and sends a JSON Web Signature (“JWS”) signed using its private key to enrolling device 1404 through P2P. The JWS contains the request ID generated at 1428 and indicates user consent to enroll the new device at 1446. At 1448 enrolling device 1404 verifies if the request ID in JWS claim matches the request ID returned from SSO Service 1408 at 1430, and at 1450 enrolling device 1404 re-submits the enrollment request containing its public key, its push notification ID, the consent token (JWS), and the access token, to SSO service 1406 – Abdul: par. 0221).

Per claims 5 and 15, Abdul discloses features as claimed in claims 1 and 10, wherein providing information includes information identifying the requesting application and identifying a user (In contrast to the known systems, embodiments provide improved user sign in experience by enabling the user to log in once into one of his/her trusted devices and then sharing the user's session seamlessly across all the user's trusted devices, so that the user does not have to sign in again when switching to a different device. Similarly, when a user signs out from his/her SSO session, the shared user session gets invalidated across all of the user's trusted devices. Accordingly, embodiments provide SSO and Single Log-out (“SLO”) experience across all of the user's trusted devices – Abdul: par. 0200 – Note: user and session/application information are inherently shared).

Per claims 7 and 17, Abdul discloses features as claimed in claims 1 and 10, further comprising: broadcasting a first message to running processes to indicate that the requesting application is attempting to discover and receiving a response to the first message by indicating availability to receive pairing codes via the live connection channel (After the user provides consent, device A may use one of the P2P communication mechanisms described below (or any other applicable communication mechanism) to create a connection to device B identified in the push notification. In one embodiment, device A determines the distance between the two devices, and if the devices are within a certain range, device A creates a JSON Web Token (“JWT”) including “subject” and “issuer” claims as device A's device ID and the request ID. The JWT token is signed with device A's private key using JSON Web Signature (“JWS”). The app in device A sends the signed JWT token to the app in device B using the P2P channel. The JWT token indicates that the user has given consent from device A for enrolling device B in the CoT device group of the user – Abdul: par. 0205 – Note: proximity is determined through peer-to-peer (“P2P”) communication via a protocol that is supported by both devices, for example, Bluetooth Low Energy advertisements (“BTLE”), Near Field Communication (“NFC”), or W-Fi Direct protocols).

Per claims 8 and 18, Abdul disclose features as claimed in claims 1 and 10, further comprising: broadcasting a second message to running processes (session synchronization) to indicate that the requesting application is attempting to share pairing codes and receiving a response to the second message by indicating availability to deliver the pairing codes via the live connection channel (some embodiments perform session synchronization using, for example, Bluetooth or NFC communications, for sharing the same SSO session across multiple devices when the devices are in a vicinity of each other. For example, in one embodiment, the first device encrypts the SSO session/token using the second device's public key it obtained from the user's CoT device group and sends the encrypted SSO session to the second device. The second device decrypts the encrypted SSO session using the second private key stored in the second device and re-uses the SSO session/token – Abdul: par. 0242).

Per claims 9 and 19, Abdul discloses features as claimed in claims 1 and 10, further comprising: using the subsequent connection for transactions between the requesting application and a corresponding application on the second user device (If the user switches to the same app in another one of his/her devices, say device B, to continue his/her business functions in device B by launching the app in device B, the app in device B also attempts to obtain an OIDC identity token and an OAuth access token by initiating OIDC Authorization Code Grant flow with additional extension of its enrolled device ID in “device_id” query parameter using browser tab components such as “SFSafariViewController” in iOS or “ChromeTab” in Android browsers…the app in device B generates a client assertion by signing the JWT token using the private key of device B (whose corresponding public key is enrolled in the CoT device group) and sends the OAuth token request to IDCS OAuth infrastructure. OAuth validates the authorization code and the client assertion sent by device B using the public key of device B in the CoT device group – Abdul: par. 0212 and 0213 – Note: the P2P channel provides the client assertion/consent).

Claim Rejections - 35 USC § 103
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.

1.	Claim(s) 4 and 14 are rejected under 35 U.S.C. 103 as being unpatentable over Abdul, US2020/0358755A1 in view of Choyi, WO2013/163634A1.

Per claims 4 and 14, Abdul discloses features as claimed in claims 1 and 10.
Abdul is not relied on to explicitly disclose but Choyi discloses further comprising: receiving a request to identify virtual contacts from the requesting application and receiving information from the requesting application for use in establishing the subsequent connection between the first and second user devices via the requesting application (The PISF may also implement a Discovery Function, which aids in mapping the ProSelD to the appropriate applications and respective temporary application identities. The PISF may act as manager of multiple applications mapping to the same but unique ProSelD (e.g. mapping CompName.GameName.CompNamexyz.Application_abc.UserTempIDl to ProSelDl, and the like). In addition, the PISF may act as entity which connects two users who have an interest in a common ProSe connectivity with discover and attach function … If both the UEs may be associated or subscribed to the same Application or application class or class of service then the respective application identities may be obtained. The Discovery Function may also discover that UEl and UE2 may be both subscribed to Appl… the PISF may communicate directly with Appl using Message 4h to initiate service between UserTempIDl_Appl and UserTempID2_Appl – Choyi: par. 0134-0135 – Note: UEs may maintain a list of temporary identities of other UEs or users/subscribers of interest – par. 0136).
Therefore, it would have been obvious to a person of ordinary skill in the art before the effective filing date of the claimed invention to modify Abdul in view of Choyi to include receiving a request to identify virtual contacts from the requesting application and receiving information from the requesting application for use in establishing the subsequent connection between the first and second user devices via the requesting application.
One of ordinary skill in the art would have been motivated because it would allow “devices to discover each other and/or establish or join a session associated with the similar application on the devices” by establishing a temporary service name or temporary identifier between an application and a network such that “a UE and/or network may execute such a service at a later time possibly without further involvement by the application – Jones: par. 0006.

2.	Claim(s) 6 and 16 are rejected under 35 U.S.C. 103 as being unpatentable over Abdul, US2020/0358755A1 in view of Jones, US2011/0271192A1.

Per claims 6 and 16, Abdul discloses features as claimed in claims 1 and 10, wherein a live connection channel is selected from the group consisting of: a channel that has a live real-time communication (Since the user has already signed in from device A, IDCS SSO finds the existing user session, and creates an alias user session linked to the primary/existing user session (e.g., parent/child user sessions). The alias user session is stored in IDCS session data store with the user session status as “In Process” – Abdul: par. 0212), a messaging channel that has sent or received a message within a predefined time period (Interactive web-based and native applications leverage standard browser-based Open ID Connect flow to request user authentication, receiving standard identity tokens that are JavaScript Object Notation (“JSON”) Web Tokens (“JWTs”) conveying the user's authenticated identity. Internally, the runtime authentication model is stateless, maintaining the user's authentication/session state in the form of a host HTTP cookie (including the JWT identity token) – Abdul: par. 0079 – Note: JWT identity token has a predefined expiration), and Although Abdul is not relied on to disclose, Jones discloses wherein a live connection channel is a channel sharing a document for collaboration (the conference interface includes a collaboration application 8104. In general, the collaboration application 8104 comprises a shared space within the conference interface that enables the participants to share information (e.g., text, audio, video, images, etc.)…In other embodiments, the collaboration application 8104 may comprise a whiteboard-type functionality that supports a drawing function. It should be appreciated that the collaboration application 8104 may support any desirable functionality for enabling the participants to share information regardless the medium – Jones: par. 0339).
Therefore, it would have been obvious to a person of ordinary skill in the art before the effective filing date of the claimed invention to modify Abdul in view of Jones to include wherein a live connection channel is a channel sharing a document for collaboration.
One of ordinary skill in the art would have been motivated because it would allow “enabling people to conduct live meetings, conferences, presentations, or other types of gatherings via the Internet, the public switched telephone network (PS TN), or other voice and/or data networks” – Jones: par. 0002. It would further allow supporting “any desirable functionality for enabling the participants to share information regardless the medium” – Jones: par. 0339.

Conclusion
The prior art made of record and not relied upon is considered pertinent to applicant's disclosure. 
Leitch (US2014/0149512A1) discloses peer-to-peer discovery and connection from a collaborative application session.
Garcia (US2010/0235523A1) discloses a framework for supporting multi-device collaboration.
Rosati (US2013/0343542A1) discloses establishing trust on first use for close proximity communications.
Lawson (US2016/0112521A1) discloses providing a network discovery service platform.
Any inquiry concerning this communication or earlier communications from the examiner should be directed to AREZOO SHERKAT whose telephone number is (571)272-8533. The examiner can normally be reached Monday - Friday 8:30-5.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Jung Kim can be reached on 571 - 272 - 3804. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. Visit https://www.uspto.gov/patents/apply/patent-center for more information about Patent Center and https://www.uspto.gov/patents/docx for information about filing in DOCX format. For additional questions, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.





/AREZOO SHERKAT/            Examiner, Art Unit 2494