DETAILED ACTION
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .
Claims Status
Claims 1–27 are pending in this application.
Claims 1–27 are rejected.
Continued Examination Under 37 CFR 1.114
A request for continued examination under 37 CFR 1.114, including the fee set forth in 37 CFR 1.17(e), was filed in this application after final rejection. Since this application is eligible for continued examination under 37 CFR 1.114, and the fee set forth in 37 CFR 1.17(e) has been timely paid, the finality of the previous Office action has been withdrawn pursuant to 37 CFR 1.114. Applicant's submission filed on 9/30/2022 has been entered.
 Response to Arguments
Applicant’s arguments, see pages 6–10, filed 9/30/2022, with respect to the rejection(s) of claim(s) 1–27 under 35 U.S.C. § 103 have been fully considered and are persuasive. Therefore, the rejection has been withdrawn. However, upon further consideration, a new ground(s) of rejection is made in view of Rykowski et al. (2018/0145968), He et al. (2016/0301684)*, Grajek et al. (2014/0082715), Agarwal et al. (2011/0154464), Hung et al. (2014/0059703)*, Lahteenmaki et al. (2007/0124564), Dumais NPL ("Forwarding DLLs Add Functions to Existing Software", October 1, 2000), and Cha et al. (2013/0174241).
Claim Rejections – 35 USC §103
In the event the determination of the status of the application as subject to AIA  35 U.S.C. 102 and 103 (or as subject to pre-AIA  35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status.

The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.

Claims 1-3, 6, 11, 12, 14-16, 19, 24, 25 and 27 are rejected under 35 U.S.C. § 103 as being unpatentable over Rykowski et al. (2018/0145968) in view of He et al. (2016/0301684).
Regarding claims 1, 14 and 27, Rykowski teaches A method/mobile device/non-transitory storage media comprising:
sending, by a mobile application operating on a mobile device, a request to an online service provider for access to a resource; receiving, by the mobile application, a redirect from the online service provider to an identity (ID) service provider for authentication (Figs. 1 and 2, mobile devices 203 [mobile device] can have its authentication of mobile apps federated; Fig. 3; ¶¶36-37, client app 224 [mobile application] can send access request 303 to service provider 209 [online service provider], at which point the provider can redirect 306 the access request back to client app 224 in order for the client app to request authentication by identity provider 206 [identity service provider]); and
establishing, by a portion of binary code of the mobile application and using the redirect, a brokered authentication session with the ID service provider, the portion of binary code configured to operate as a broker for the mobile application for the authentication session (Fig. 3; ¶37, the client application 224 itself [and only part of such application provides ability to perform the procedures as described] can send an identity assertion request to the identity provider 206 using the redirect received; however, Rykowski teaches that the service provider provides the authenticated session rather than the identity provider 206 and therefore does NOT teach "a brokered authentication session with the ID service provider"; however, Rykowski does teach "the portion of binary code configured to operate as a broker for the mobile application for the authentication session" since the client application 224 is capable of working with the service provider to receive authenticated session token for further authentication by the client application and is more likely than not be able to perform similar functionality if such sessions were coming from the identity provider 206 as well),
However, Rykowski does not explicitly teach establishing, by a portion of binary code of the mobile application and using the redirect, *a brokered authentication session with the ID service provider,* the portion of binary code configured to operate as a broker for the mobile application for the authentication session, wherein after the authenticated session is established for the mobile application, the portion of binary code allows sharing of transaction data with other mobile applications running concurrently on the mobile device, and wherein each of the other mobile applications has established an authenticated session in a same domain as the mobile application.
He from the same field of endeavor teaches establishing, by a portion of binary code of the mobile application and using the redirect, a brokered authentication session with the ID service provider, the portion of binary code configured to operate as a broker for the mobile application for the authentication session (Fig. 1; ¶17, single sign-on [SSO] can be implemented on platforms with sandboxed applications as shown; an election algorithm can identify a primary application to obtain authentication information which can be used by the applications in the plurality of applications to obtain services from service providers associated with the identity provider 110; for example, the primary application can function as an intermediary that receives an authenticated SSO data via the identity provider 110, which can be used by the other sandboxed applications 104-1 to 104-n to share [in particular, IPC processes] the primary application's SSO in order to obtain services from the service providers 108-1 to 108-m; see also ¶¶18-25),
wherein after the authenticated session is established for the mobile application, the portion of binary code allows sharing of transaction data with other mobile applications running concurrently on the mobile device (Fig. 1; ¶¶17-19, for example, the elected primary application with authenticated SSO data can share to other sandboxed applications the data so that they can also use the services provided by the service providers requiring the SSO data, without performing the SSO data by the individual applications themselves again), and
wherein each of the other mobile applications has established an authenticated session in a same domain as the mobile application (Fig. 1, for example, the plurality of applications as shown can access the same service provider, such as 108-1 accessible by a particular destination information).
It would have been obvious to one of ordinary skill in the art before the effective filing date of the invention to improve upon Rykowski using He to improve single sign-on capabilities on mobile devices. Being that mobile operating systems and applications executing under such construct often operates in sandboxed conditions that individualize applications for security purposes, such as the well known iOS or Android systems, one ordinarily skilled in the art would have been motivated to cross the sandboxed barriers that are imposed by implementing the primary application brokering authenticated SSOs to be shared amongst other application. By combining this feature into Rykowski, one ordinarily skilled in the art would have immediately gained advantages such as the inconvenience of having individual application implementing their own SSO authentication systems.

Regarding claims 2 and 15, Rykowski and He teaches the limitations of claims 1 and 14 respectively. Rykowski further teaches wherein the portion of binary code further provides single sign- on (SSO) services to the mobile application and to one or more other mobile applications operating on the mobile device (Fig. 2; ¶11, client device provides to the client applications 224a to 224N "single sign-on experience").

Regarding claims 3 and 16, Rykowski and He teaches the limitations of claims 1 and 14 respectively. Rykowski further teaches wherein the SSO services include at least one of a service to access the resources or a service for authorization to use the accessed resources (¶30, service providers 209 include, for example, social networking services, email services, game services, etc. that requires some sort of login to access those services).

Regarding claims 6 and 19, Rykowski and He teaches the limitations of claims 1 and 14 respectively. Rykowski further teaches wherein the mobile application and at least one other mobile application operating on the mobile device communicate with each other and share information (Fig. 1, after authentication 102, applications 103/104/105 has single-sign on enabled through a use of a single cookie representing authenticated session).

Regarding claims 11 and 24, Rykowski and He teaches the limitations of claims 1 and 14 respectively. Rykowski further teaches wherein the portion of binary code operates as a forward broker in the brokered authentication session (Fig. 3; ¶37, the client application 224 itself [and only part of such application provides ability to perform the procedures as described] can send an identity assertion request to the identity provider 206 using the redirect received).

Regarding claims 12 and 25, Rykowski and He teaches the limitations of claims 1 and 14 respectively. Rykowski further teaches wherein the redirect includes a Uniform Resource Locator (URL) (¶59, HTTP redirection response code 302).

Claims 4, 7, 17 and 20 are rejected under 35 U.S.C. § 103 as being unpatentable over Rykowski et al. (2018/0145968) in view of He et al. (2016/0301684), and further in view of Grajek et al. (2014/0082715).
Regarding claims 4 and 17, Rykowski and He teaches the limitations of claims 1 and 14 respectively. However, Rykowski does not explicitly teach receiving, by the portion of binary code, a cookie from the ID service provider; encrypting, by the portion of binary code, the cookie; and storing, by the portion of binary code, the encrypted cookie in a shared memory location.
Grajek from the same field of endeavor teaches receiving, by the portion of binary code, a cookie from the ID service provider; encrypting, by the portion of binary code, the cookie; (¶¶28-29, part of authentication token comprises an encrypted cookie; Rykowski also teaches that session token can be comprised of cookies in ¶42) and
storing, by the portion of binary code, the encrypted cookie in a shared memory location (Fig. 1; ¶¶28-29).
It would have been obvious to one of ordinary skill in the art before the effective filing date of the invention to improve upon Rykowski using Grajek to provide improved security of generally known single sign on methods by implementing well-known encryption methods.

Regarding claims 7 and 20, Rykowski and He teaches the limitations of claims 1 and 14 respectively. However, the teachings do not explicitly teach wherein the shared information includes cookies provided by the ID service provider.
Grajek from the same field of endeavor teaches wherein the shared information includes cookies provided by the ID service provider (¶¶28-29, part of authentication token comprises an encrypted cookie; Rykowski also teaches that session token can be comprised of cookies in ¶42).
It would have been obvious to one of ordinary skill in the art before the effective filing date of the invention to improve upon Rykowski using Grajek to improve efficiency of the system of Rykowski by taking into consideration the case where authentication needs to be performed multiple times. By implementing the performance of identity verification/authentication using the identity provider rather than the service provider itself, the service provider would have saved an additional step of receiving a new request from a mobile device and then directing the device to the identity provider.

Claims 5 and 18 are rejected under 35 U.S.C. § 103 as being unpatentable over Rykowski et al. (2018/0145968) in view of He et al. (2016/0301684), further in view of Grajek et al. (2014/0082715), and further in view of Agarwal et al. (2011/0154464).
Regarding claims 5 and 18, Rykowski, He and Grajek teaches the limitations of claims 4 and 17 respectively. However, the teachings do not explicitly teach wherein the shared memory location is external to the mobile device.
Agarwal from the same field of endeavor teaches wherein the shared memory location is external to the mobile device (Fig. 6A; ¶235; ¶238, in a context of client authenticating with a login form provided by a server, cookies containing client-authentication data can be retained by the intermediary server 200 for possible future authentication purposes where client does not need to use its own cookies again for subsequent interactions [rather, the intermediary provides the client's cookies as an intermediary and therefore two copies of cookies are kept, one in client and the other on the intermediary server, completely separate entities having different physical memory spaces]).
It would have been obvious to one of ordinary skill in the art before the effective filing date of the invention to improve upon Rykowski using Agarwal to increase ease of use for single sign on situations where a client may lose a cookie inadvertently. By having the system of Agarwal where an intermediary may also have a copy of the client's authentication token, in a form of a copy of a cookie, the user of the system of Rykowski would have found it easier to rectify such problems.

Claims 8 and 21 are rejected under 35 U.S.C. § 103 as being unpatentable over Rykowski et al. (2018/0145968) in view of He et al. (2016/0301684), and further in view of Hung et al. (2014/0059703).
Regarding claims 8 and 21, Rykowski and He teach the limitations of claims 1 and 14 respectively. However, the teachings do not explicitly teach wherein the portion of binary code is fused to binary code of the mobile application.
Hung from the same field of endeavor teaches wherein the portion of binary code is fused to binary code of the mobile application (Fig. 1; ¶5, ability to inject alternative callback schemes is disclosed, where an underlying mobile application can be wrapped to hook into library function call tables of an already compiled application and make use of language runtime reflection techniques to inject new calls that perform other functions [see also ¶3 for details] for purposes of contacting a separate authentication process that manage further authentication processes; ¶24, in particular, as applied to iOS systems, method swizzling is discussed; see also ¶¶22 and 30).
It would have been obvious to one of ordinary skill in the art before the effective filing date of the invention to improve upon Rykowski using Hung to provide further authentication mechanisms for wrapping already compiled applications by injecting further code to work with enterprise sessions without any modifications to the existing code [or minimal modifications]. By combining this ability with Rykowski, Rykowski would have been improved for iOS mobile systems where each individual applications may be prohibited from doing this via sandboxing.

Claims 9 and 22 are rejected under 35 U.S.C. § 103 as being unpatentable over Rykowski et al. (2018/0145968) in view of He et al. (2016/0301684), and further in view of Lahteenmaki et al. (2007/0124564).
Regarding claims 9 and 22, Rykowski and He teaches the limitations of claims 1 and 14 respectively. However, the teachings do not explicitly teach wherein the portion of the binary code is manually added to the binary code of the mobile application.
Lahteenmaki from the same field of endeavor teaches wherein the portion of the binary code is manually added to the binary code of the mobile application (¶5, based on trust level of an EXE or DLL component, calling process of the underlying executable can [select from a plurality of exe or dlls having various trust levels most likely] a DLL with a lower capability or trust level manually into the memory for execution).
It would have been obvious to one of ordinary skill in the art before the effective filing date of the invention to improve upon Rykowski using Lahteenmaki to be able to dynamically link several different types of modules into the base application code for maximum flexibility. By being able to implement different kinds of DLLs that can be linked to the application code manually, the flexibility provided to the user of the mobile app device would be increased. The different types of DLLs providing different types of SSO capabilities to the various identity providing services would be an obvious possibility to the one ordinarily skilled in the art.

Claims 10 and 23 are rejected under 35 U.S.C. § 103 as being unpatentable over Rykowski et al. (2018/0145968) in view of He et al. (2016/0301684), and further in view of Dumais NPL ("Forwarding DLLs Add Functions to Existing Software", October 1, 2000).
Regarding claims 10 and 23, Rykowski and He teach the limitations of claims 1 and 14 respectively. However, the teachings do not explicitly teach wherein the portion of binary code operates as a direct broker in the brokered authentication session.
Dumais from the same field of endeavor teaches wherein the portion of binary code operates as a direct broker in the brokered authentication session (p. 1, ability of an application program to add a "forwarding" DLL to perform/replace at least portions of the functionalities provided by "older DLL" or in this case, another DLL; uses cases identified in the article include improving performance, fixing a bug in the other DLL, easier to use forwarding DLL, etc.).
It would have been obvious to one of ordinary skill in the art before the effective filing date of the invention to improve upon Rykowski using Dumais NPL to account for situations where the DLL being linked into the application code may be not modifiable/fixable and the application must still pick up such slack by implementing further similar functionalities. Such situations are identified in the NPL itself, such as the case where the DLL is possibly an older DLL and would not be optimal to use the routines provided within the DLL, for example.

Claims 13 and 26 are rejected under 35 U.S.C. § 103 as being unpatentable over Rykowski et al. (2018/0145968) in view of He et al. (2016/0301684), and further in view of Cha et al. (2013/0174241).
Regarding claims 13 and 26, Rykowski and He teaches the limitations of claims 1 and 14 respectively. However, the teachings do not explicitly teach wherein the redirect is a response code indicating an authentication scheme and one or more requirements.
Cha from the same field of endeavor teaches wherein the redirect is a response code indicating an authentication scheme and one or more requirements (¶114, as part of single sign on authentication processes, HTTP response codes may comprise 401 unauthorized with www-authenticate header including the particular authentication protocol to be used as well as additional information such as algorithm to be used, or the realm information).
It would have been obvious to one of ordinary skill in the art before the effective filing date of the invention to improve upon Rykowski using Cha to provide further instructions to the client on how to effectively connect to the provided system by using efficient code response systems such as the well-known HTTP response code system with embedded information. By providing such method of feedback to the clients, the system of Rykowski would have enjoyed benefits such as implementation of applications using well-known systems, thereby reducing overall development time.
Conclusion
Any inquiry concerning this communication or earlier communications from the examiner should be directed to DAE KIM whose telephone number is (571)270-0621. The examiner can normally be reached Monday-Friday 8AM-5PM EST.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Kevin Bates can be reached on (571) 272-3980. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. Visit https://www.uspto.gov/patents/apply/patent-center for more information about Patent Center and https://www.uspto.gov/patents/docx for information about filing in DOCX format. For additional questions, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.





/DAE KIM/
Examiner, Art Unit 2458                                                                                                    
/KEVIN T BATES/             Supervisory Patent Examiner, Art Unit 2458