Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .
Claim status
This office action is in response to application filed on 12/23/2021; the provisional application date 09/19/2016 is considered.
Claims 1-20 are pending and rejected, Claims 1, 11 and 19 are independent claims.

Information Disclosure Statement
The information disclosure statement (IDS) submitted on 12/23/2021 is in compliance with the provisions of 37 CFR 1.97.  Accordingly, the information disclosure statement is being considered by the examiner.
Double Patenting
The nonstatutory double patenting rejection is based on a judicially created doctrine grounded in public policy (a policy reflected in the statute) so as to prevent the unjustified or improper timewise extension of the “right to exclude” granted by a patent and to prevent possible harassment by multiple assignees. A nonstatutory double patenting rejection is appropriate where the conflicting claims are not identical, but at least one examined application claim is not patentably distinct from the reference claim(s) because the examined application claim is either anticipated by, or would have been obvious over, the reference claim(s). See, e.g., In re Berg, 140 F.3d 1428, 46 USPQ2d 1226 (Fed. Cir. 1998); In re Goodman, 11 F.3d 1046, 29 USPQ2d 2010 (Fed. Cir. 1993); In re Longi, 759 F.2d 887, 225 USPQ 645 (Fed. Cir. 1985); In re Van Ornum, 686 F.2d 937, 214 USPQ 761 (CCPA 1982); In re Vogel, 422 F.2d 438, 164 USPQ 619 (CCPA 1970); In re Thorington, 418 F.2d 528, 163 USPQ 644 (CCPA 1969).
A timely filed terminal disclaimer in compliance with 37 CFR 1.321(c) or 1.321(d) may be used to overcome an actual or provisional rejection based on nonstatutory double patenting provided the reference application or patent either is shown to be commonly owned with the examined application, or claims an invention made as a result of activities undertaken within the scope of a joint research agreement. See MPEP § 717.02 for applications subject to examination under the first inventor to file provisions of the AIA  as explained in MPEP § 2159. See MPEP § 2146 et seq. for applications not subject to examination under the first inventor to file provisions of the AIA . A terminal disclaimer must be signed in compliance with 37 CFR 1.321(b). 
The USPTO Internet website contains terminal disclaimer forms which may be used. Please visit www.uspto.gov/patent/patents-forms. The filing date of the application in which the form is filed determines what form (e.g., PTO/SB/25, PTO/SB/26, PTO/AIA /25, or PTO/AIA /26) should be used. A web-based eTerminal Disclaimer may be filled out completely online using web-screens. An eTerminal Disclaimer that meets all requirements is auto-processed and approved immediately upon submission. For more information about eTerminal Disclaimers, refer to www.uspto.gov/patents/process/file/efs/guidance/eTD-info-I.jsp.
Claims 1-20 are rejected on the ground of nonstatutory double patenting over claims 1-22 of U.S. Patent No. US 11,216,551 B2 since the claims, if allowed, would improperly extend the “right to exclude” already granted in the patent.
The subject matter claimed in the instant application is fully disclosed in the patent and is covered by the patent since the patent and the application are claiming common subject matter, as follows: 
US 11,216,551 B2
Instant application
1. A system comprising: 
a client device comprising a first processing system having at least one processor, wherein the first processing system is configured to perform operations comprising: 
executing, on the client device, a first client application within a web browser, the first client application providing a first client-side portion of a web application; 
executing, on the client device, a second client application providing a second client-side portion of the web application; and executing, on the client device, a service application configured to determine at least one piece of client identifying information of the client device and to provide the determined at least one piece of client identifying information to the first client application and to the second client application in response to respective requests, wherein the first client application and the second client application obtain the determined at least one piece of client identifying information from the service application, wherein the first client application transmits a first request with the obtained at least one piece of client identifying information, and wherein the second client application transmits a second request with the obtained at least one piece of client identifying information; and 
at least one server device comprising a second processing system having at least one processor, wherein the second processing system is configured to execute a server-side process of the web application and to perform operations comprising: 
transmitting configuration information to the client device; receiving the first request from the first client application and the second request from the second client application, the first request including a first client identifying information and the second request including second client identifying information; 
determining whether the second client identifying information corresponds to the first client identifying information; and 
performing a first action which includes enabling the first and second client applications to share a login session if the determining determines that the second client identifying information corresponds to the first client identifying information, and performing a second action which includes disabling a login session for at least one of the first and second client applications if the determining determines that the second client identifying information does not correspond to the first client identifying information, wherein the first processing system is further configured to perform operations comprising: receiving the configuration information; and 
configuring the service application in accordance with the configuration information, wherein the second processing system is further configured to: 
in response to the first request, return a session identifier to the first client application; and 
in response to the second request, (A) provide the session identifier to the second client application if the determining determines that the second client identifying information corresponds to the first client identifying information, or (B) not provide the session identifier to the second client application if the determining determines that the second client identifying information does not correspond to the first client identifying information.
1. A system comprising: 
a client device comprising a first processing system having at least one processor, wherein the first processing system is configured to perform operations comprising: executing, on the client device, 
(1) a first client application within a web browser, the first client application providing a first client-side portion of a web application; 
(2) a second client application providing a second client-side portion of the web application; and 
(3) a service application at a privilege level different from a privilege level of the first client application or the second client application, the service application being configured to determine at least one piece of client identifying information that uniquely identifies the first processing system and to provide the determined at least one piece of client identifying information to the first client application and to the second client application, wherein the first client application and the second client application obtain the determined at least one piece of client identifying information from the service application, wherein the first client application transmits a first request with the obtained at least one piece of client identifying information, and wherein the second client application transmits a second request with the obtained at least one piece of client identifying information; and 
at least one server device comprising a second processing system having at least one processor, wherein the second processing system is configured to execute a server-side process of the web application and to perform operations comprising: receiving the first request from the first client application and the second request from the second client application, the first request including a first client identifying information and the second request including second client identifying information; 
determining whether the second client identifying information corresponds to the first client identifying information; and 
performing a first action which includes enabling the first and second client applications to share a login session if the determining determines that the second client identifying information corresponds to the first client identifying information, and performing a second action which includes disabling a login session for at least one of the first and second client applications if the determining determines that the second client identifying information does not correspond to the first client identifying information.


Furthermore, there is no apparent reason why applicant was prevented from presenting claims corresponding to those of the instant application during prosecution of the application which matured into a patent. See In re Schneller, 397 F.2d 350, 158 USPQ 210 (CCPA 1968). See also MPEP § 804.

Claim Rejections - 35 USC § 103
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.

Claims 1-20 are rejected under 35 U.S.C. 103 as being unpatentable over Akula et al. US Pub. No.: 2012/0210413 A1 (hereinafter Akula) in view of Li et al. US Pub. No.: 2007/0180503 A1 (hereinafter Li).

Akula teaches:
As to claim 1, a system comprising: 
a client device comprising a first processing system having at least one processor (see Akula Fig. 1, client device), wherein the first processing system is configured to perform operations comprising: 
executing, on the client device, 
(1) a first client application within a web browser, the first client application providing a first client-side portion of a web application (see Akula Fig. 2, client Browser (210)); 
(2) a second client application providing a second client-side portion of the web application (see Akula Fig. 2, client browser (290)); and 
(3) a service application at a privilege level different from a privilege level of the first client application or the second client application, the service application being configured to determine at least one piece of client identifying information that uniquely identifies the first processing system and to provide the determined at least one piece of client identifying information to the first client application and to the second client application (see Akula Fig. 2 and ¶60, techniques/information may be employed to uniquely identify each client system), 
wherein the first client application and the second client application obtain the determined at least one piece of client identifying information from the service application (see Akula ¶86, in a scenario that the browser and device signature together can uniquely identify each client system, the unique signatures may be generated dynamically each time an unauthenticated user tries to access), 
wherein the first client application transmits a first request with the obtained at least one piece of client identifying information (see Akula ¶100, in step 570, the (same) user using browser 290 (executing in client system 110H) is shown sending a request for accessing a protected application (e.g. one of application blocks 240A-240B) to agent 260 executing in server system 160C), and 
wherein the second client application transmits a second request with the obtained at least one piece of client identifying information (see Akula ¶100, in step 570, the (same) user using browser 290 (executing in client system 110H) is shown sending a request for accessing a protected application (e.g. one of application blocks 240A-240B) to agent 260 executing in server system 160C); and 
at least one server device comprising a second processing system having at least one processor (see Fig. 1, server system),
wherein the second processing system is configured to execute a server-side process of the web application (see Akula ¶33, Each of server systems 160A and 160C is shown providing a corresponding set of user applications operating based on web pages) and to perform operations comprising: 
receiving the first request from the first client application and the second request from the second client application, the first request including a first client identifying information and the second request including second client identifying information (see Akula ¶60, registration data/list indicates the corresponding set of client systems registered by users, and accordingly, the client system may be identified as being not registered only if the client system is not included in any of the sets); 
determining whether the second client identifying information corresponds to the first client identifying information (see Akula ¶60, registration data/list indicates the corresponding set of client systems registered by users, and accordingly, the client system may be identified as being not registered only if the client system is not included in any of the sets); and 
performing a first action which includes enabling the first and second client applications to share a login session if the determining determines that the second client identifying information corresponds to the first client identifying information (see Akula ¶63, SSO block 250 allows access to the requested (in step 350) protected application based on the previously created SSO session (based on an assumption that the same user has sent the request of step 350 as well). In other words, the same user is not required to re-authenticate again for accessing the requested protected application in view of the same user having registered the second client system in the registration data), and 
Akula does not explicitly teach but the related art Li teaches:
performing a second action which includes disabling a login session for at least one of the first and second client applications if the determining determines that the second client identifying information does not correspond to the first client identifying information (see Li Fig. 5 and ¶94, the Client Service Access Pass is verified, the submitted Client Service Access Pass is destroyed (step 61). It is then determined if another session created by the same user already opened. If a there is an opened pre-existing session (step 67 returns: YES), then the pre-existing session is maintained, no new connection is created for this later session, and the connection for this later session is closed (step 63)).
Therefore, it would have been obvious to one with ordinary skill in the art before the effective filing date of the invention, to modify Facilitating single sign-on across multiple browser instance systems disclosed by Akula to include the session control and authentication, as thought by Li, in order to disabling/closing/destroying of second client login session if the second client identifying information already exist. It would have been obvious to one of ordinary skill in the art to include disabling of one client login session if there is multiple single sign on session of the same client.
As to claim 2, the combination of Akula and Li teaches the system, wherein the second processing system is further configured to provide for disabling a session represented by a session identifier provided by the first client application or the second client application if the determining determines that the second client identifying information does not correspond to the first client identifying information (see Li ¶94, It is then determined if another session created by the same user already opened. If a there is an opened pre-existing session (step 67 returns: YES), then the pre-existing session is maintained, no new connection is created for this later session, and the connection for this later session is closed (step 63)).

As to claim 3, the combination of Akula and Li teaches the system, wherein the service application obtains the information unique to the first processing system from an operating system of the first processing system, and wherein at least one of the first client application or the second client application has insufficient access privileges to obtain the information unique to the first processing system directly from the operating system (see Akula ¶83, the browser signature includes information such as browser version, name, operating system, User-Agent (received as a part of User agent header in the client request)).

As to claim 4, the combination of Akula and Li teaches the system, wherein the determined at least one piece of identifying information is at least partly based upon a unique identifier of a hardware element or a software element in the first processing system (see Akula ¶60, any combination of one or more of the MAC address (e.g., Ethernet address assuming the local area network is based on IEEE 802.3 standard) and IP address (assuming a static IP addressing scheme is employed) may be employed to uniquely identify each client system).

As to claim 5, the combination of Akula and Li teaches the system, wherein the determined at least one piece of client identifying information is at least partly based upon a unique identifier associated with a software element in the first processing system (see Akula ¶76, determines a unique signature for the combination of the client system and the specific browser instance executing in the client system).

As to claim 6,  the combination of Akula and Li teaches the system, wherein the service application is a HTTP server process, and wherein communication between the service application and the first client application is based upon HTTP and JSON (see Li ¶11,  HTML login page is simply an HTML form page that contains username and password fields. The actual identification names and passwords are stored in a table on the server. This information is typically brought to the sever through a CGI script, or other type of database middleware, for lookup in a user identification database).

As to claim 7, the combination of Akula and Li teaches the system, wherein, upon startup, the service application automatically binds to a first available port by sequentially searching from a predetermined port (see Li ¶68, computing devices communicate with a network using one of many available software network ports).

As to claim 8, the combination of Akula and li teaches the system, wherein the communication includes a HTTP query which includes a request portion having included therein a timestamp (see Akula ¶¶42-43, Other information such as time stamp, lifetime of the authentication (validity duration), the resources/domains the authentication is valid for).

As to claim 9, the combination of Akula and Li teaches the system, wherein the first client application is further configured to, upon receiving a response to the HTTP query, compare a timestamp returned with the response against a current time and accept the response only if the time difference between the returned timestamp and the current time is less than a predetermined interval (see Akula ¶¶42-43, Other information such as time stamp, lifetime of the authentication (validity duration), the resources/domains the authentication is valid for).

As to claim 10, the combination of Akula and Li teaches the system, wherein a request parameter of the HTTP query is encrypted, and a command identifier in the HTTP query is not encrypted (see Akula ¶42, the authentication confirmation message is received in the form of a string, containing the URL of the requested resource and parameters including authentication result, and the user name, in encrypted form. Other information such as time stamp, lifetime of the authentication (validity duration), the resources/domains the authentication is valid for, etc., may also be included in the message).
As to independent claim 11, this claim directed to a method executed by the system of claim 1; therefore it is rejected along similar rationale.
As to independent claim 19, this claim directed to a non-transitory computer-readable storage device having stored therein instructions executed by the system of claim 1; therefore it is rejected along similar rationale.
As to dependent claims 12-18 and 20, these claims contain substantially similar subject matter as claim 2-13; therefore they are rejected along the same rationale.

Conclusion
Any inquiry concerning this communication or earlier communications from the examiner should be directed to NEGA WOLDEMARIAM whose telephone number is (571)270-7478. The examiner can normally be reached Monday to Friday, 8am-5pm.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Jeffrey Pwu can be reached on 5712726798. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. Visit https://www.uspto.gov/patents/apply/patent-center for more information about Patent Center and https://www.uspto.gov/patents/docx for information about filing in DOCX format. For additional questions, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.





/NEGA WOLDEMARIAM/               Examiner, Art Unit 2433      

/JEFFREY C PWU/             Supervisory Patent Examiner, Art Unit 2433