SYSTEMS AND METHODS FOR CREDENTIALS SHARING

DETAILED ACTION In a communication received on 22 December 2025, applicants amended claims 1, 4-6, 9-11 and 14-15, canceled claims 3, 8, and 13, and added new claims 19-21. Claims 1, 2, 4-7, 9-12 and 14-21 are pending. Notice of Pre-AIA or AIA Status The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA . Response to Arguments Applicant's arguments filed 22 December 2025 have been fully considered but they are not persuasive. With respect to claim 1, the applicants allege, "neither Acharya or Grosberg disclosure or suggest launching a webpage on the second user device that was part of a URL shared from the first user device to the second user device" (page 7) with respect to the claimed limitation(s), "wherein the URL when shared by and selected at the second user device is configured to launch a webpage on the second user device, the webpage when launched including an icon associated with the access control device, and wherein an indication of a selection of the icon on the webpage associated with the access control device provides access to the access control device for the second user device". The examiner respectfully traverses. The arguments/remarks pertain to whether the cited prior art does not disclose or suggest sharing a URL to launch a webpage with icons to select and control an access device. The examiner concludes that the cited prior art clearly discloses the URL shared from a requester to a guest device for presenting a page with buttons to open a door Ascertaining the differences between the prior art and the claims at issue requires interpreting the claim language, and considering both the invention and the prior art references as a whole (See 2141.02 "Differences Between Prior art and Claimed Invention). As best understood by the examiner, the claims pertain to sharing a URL that launches a webpage allowing a guest to select a button and activate an access control device. Acharya discloses the link which includes the encrypted token may be shared with other devices with some restrictions; it is contemplated that token may be shared with other devices and despite restrictions to avoid abuse, this implies there are also authorized uses of sharing the token among other devices (¶0004, ¶0022, ¶0046). Acharya may not explicitly disclose launching webpage corresponding to the sharing of the URL. Grosberg, in order to improve usability and convenience by requiring no additional software beyond text, SMS, email, browser capability to access a shared guest access token (col. 9 lines 19-41), discloses: generate a QR code and communicated to the requesting device and then presented for scanning by the guest device; requesting device can send the URL directly or indirectly via SMS, email, print, or display of the QR code (col. 10 lines 32-57); guest clicks on the URL to retrieve access token; activating the URL; the URL leads to access via browser application (col. 10 lines 32-57; col. 17 lines 13-24); displaying and presenting the activation buttons to the user corresponding to the access token (fig. 7B, col. 14 lines 39-56); guest activating the button on the display may operate to open a gate or unlock a door (col. 15 lines 3-20). Acharya and Grosberg clearly disclose or suggest sharing the URL for access to a guest allowing the guest to launch a webpage from the URL, activate button, and control access to a door or gate because Grosberg suggests an improvement in user experience without relying on guest to install new software to utilize the access control system. In conclusion, the applicants argue(s) that the cited prior art does not disclose or suggest sharing a URL to launch a webpage with icons to select and control an access device. The examiner traverses because the cited prior art clearly discloses the URL shared from a requester to a guest device for presenting a page with buttons to open a door. Claim Rejections - 35 USC § 103 The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action: A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made. Claim(s) 1, 2, 6, 7, 11, 12 and 16-21 is/are rejected under 35 U.S.C. 103 as being unpatentable over Acharya et al. (US 2020/0052896 A1) in view of Grosberg (US 9,640,002 B1). With respect to claim 1, Acharya discloses: a system for credential sharing, the system comprising: at least one processor; and memory storing instructions executable by the at least one processor (i.e., a resource access server including memory and processors for executing instructions in Acharya, ¶0020), the instructions when executed cause the system to: generate a host Uniform Resource Locator (URL), the URL comprising a unique token for accessing the access control device (i.e., generating and providing the URL link with the encrypted token appended to access the requested controlled resources in Acharya, ¶0022-¶0027); and send the URL to the first user device (i.e., respond to the query for resources with a link with appended encrypted token in Acharya, ¶0022-¶0027), wherein the URL is configured to be shared with the second user device (i.e., the link with included encrypted token can be shared based on verifying that the second device is affiliated with the associated location of the controlled resources in Acharya, ¶0004, ¶0046). Acharya discloses the link which includes the encrypted token may be shared with other devices with some restrictions; it is contemplated that token may be shared with other devices and despite restrictions to avoid abuse, this implies there are also authorized uses of sharing the token among other devices (¶0004, ¶0022, ¶0046). Acharya do(es) not explicitly disclose a request to share token for access and indicating the other device to share with. Grosberg, in order to improve usability and convenience by requiring no additional software beyond text, SMS, email, browser capability to access a shared guest access token (col. 9 lines 19-41), discloses: obtain, from a first user device, a request to share credentials for an access control device with a second user device different from the first user device (i.e., resident/authorized party requests to invite a guest and create a guest access token; the guest access token including a URL and communicate it directly to the guest or guest device in Grosberg, fig. 4a, col. 6 lines 15-31, col. 9 lines 6-18); wherein the URL when shared by (i.e., generate a QR code and communicated to the requesting device and then presented for scanning by the guest device; requesting device can send the URL directly or indirectly via SMS, email, print, or display of the QR code in Grosberg, col. 10 lines 32-57) and selected at the second user device is configured to launch a webpage on the second user device (i.e., guest clicks on the URL to retrieve access token; activating the URL; the URL leads to access via browser application in Grosberg, col. 10 lines 32-57; col. 17 lines 13-24), the webpage when launched including an icon associated with the access control device (i.e., displaying and presenting the activation buttons to the user corresponding to the access token in Grosberg, fig. 7B, col. 14 lines 39-56), and wherein an indication of a selection of the icon on the webpage associated with the access control device provides access to the access control device for the second user device (i.e., guest activating the button on the display may operate to open a gate or unlock a door in Grosberg, col. 15 lines 3-20). Based on Acharya in view of Grosberg, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to utilize the teachings of Grosberg to improve upon those of Acharya in order to improves usability and convenience by requiring no additional software beyond text, SMS, email, browser capability to access a shared guest access token. With respect to claim 2, Acharya discloses: the system of claim 1, wherein the request includes one or more access parameters, and wherein generating the URL comprises encoding, in the URL, the one or more access parameters (i.e., the link can include the token encrypted with timestamp, random number, licenses, and IP subnet for various tests for valid shared links in Acharya, ¶0044). With respect to claim 6, the limitation(s) of claim 6 are similar to those of claim(s) 1. Therefore, claim 6 is rejected with the same reasoning as claim(s) 1. With respect to claim 7, the limitation(s) of claim 7 are similar to those of claim(s) 2. Therefore, claim 7 is rejected with the same reasoning as claim(s) 2. With respect to claim 11, the limitation(s) of claim 11 are similar to those of claim(s) 1. Therefore, claim 11 is rejected with the same reasoning as claim(s) 1. With respect to claim 12, the limitation(s) of claim 12 are similar to those of claim(s) 2. Therefore, claim 12 is rejected with the same reasoning as claim(s) 2. With respect to claim 16, Acharya discloses the link which includes the encrypted token may be shared with other devices with some restrictions; it is contemplated that token may be shared with other devices and despite restrictions to avoid abuse, this implies there are also authorized uses of sharing the token among other devices (¶0004, ¶0022, ¶0046). Acharya do(es) not explicitly disclose a request to share token for access and indicating the other device to share with. Grosberg, in order to improve usability and convenience by requiring no additional software beyond text, SMS, email, browser capability to access a shared guest access token (col. 9 lines 19-41), discloses: the system of claim 1, wherein the request to share credentials includes an indication that the shared credentials are for sharing with the second user device (i.e., resident/authorized provide invitation information including guest name, phone number, e-mail for generating guest access token; phone number corresponds with an SMS identifier for the guest device in Grosberg, fig. 4a, col. 6 lines 15-46, col. 6 lines 57-67). Based on Acharya in view of Grosberg, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to utilize the teachings of Grosberg to improve upon those of Acharya in order to improves usability and convenience by requiring no additional software beyond text, SMS, email, browser capability to access a shared guest access token. With respect to claim 17, the limitation(s) of claim 17 are similar to those of claim(s) 16. Therefore, claim 17 is rejected with the same reasoning as claim(s) 16. With respect to claim 18, the limitation(s) of claim 18 are similar to those of claim(s) 16. Therefore, claim 18 is rejected with the same reasoning as claim(s) 16. With respect to claim 19, Acharya discloses: the system of claim 1, wherein the system is configured to share the URL (i.e., explicitly contemplates sharing of the URL in Acharya, ¶0004). Acharya discloses the link which includes the encrypted token may be shared with other devices with some restrictions; it is contemplated that token may be shared with other devices and despite restrictions to avoid abuse, this implies there are also authorized uses of sharing the token among other devices (¶0004, ¶0022, ¶0046). Acharya do(es) not explicitly disclose a request to share token for access and indicating the other device to share with. Grosberg, in order to improves usability and convenience by requiring no additional software beyond text, SMS, email, browser capability to access a shared guest access token (col. 9 lines 19-41), discloses: by executing instructions that cause the system to: provide a Quick Response (QR) code on a display of the first user device (i.e., generate a QR code and communicated to the requesting device and then presented for scanning by the guest device in Grosberg, col. 10 lines 32-57), and share the URL with the second user device by scanning the QR code using the second user device (i.e., guest device scans the QR code, the URL is embedded in the QR code to retrieve the token or resource at the URL via web browser or application in Grosberg, col. 10 lines 32-57). Based on Acharya in view of Grosberg, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to utilize the teachings of Grosberg to improve upon those of Acharya in order to improves usability and convenience by requiring no additional software beyond text, SMS, email, browser capability to access a shared guest access token. With respect to claim 20, the limitation(s) of claim 20 are similar to those of claim(s) 19. Therefore, claim 20 is rejected with the same reasoning as claim(s) 19. With respect to claim 21, the limitation(s) of claim 21 are similar to those of claim(s) 19. Therefore, claim 21 is rejected with the same reasoning as claim(s) 19. Claim(s) 4-5, 9-10 and 14-15 is/are rejected under 35 U.S.C. 103 as being unpatentable over Acharya et al. (US 2020/0052896 A1) in view of Grosberg (US 9,640,002 B1), and further in view of Ben Ayed (US 9032498 B1). With respect to claim 4, Acharya discloses determining access to controlled resources based on determining proximity of the two devices within a recognized location using the IP subnet parameter such that the link can be shared to another device without abuse (¶0046). Acharya and Grosberg do(es) may not explicitly disclose generating the icon responsive to two devices within proximity. Ben Ayed, in order to harden the security of user login by considering location risks with adaptive authentication (col. 3 lines 24-32), discloses: the system of claim 1, wherein the webpage is configured to generate the icon responsive to the second user device being proximate to the access control device (i.e., application for performing the transaction presents an active button and locks or cloaks the button if a Bluetooth signal strength falls below threshold indicating that the device has moved too far from the application device in Ben Ayed, col. 5 line 55 to col. 6 line 7). Based on Acharya in view of Grosberg, and further in view of Ben Ayed, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to utilize the teachings of Ben Ayed to improve upon those of Acharya in order to harden the security of user login by considering location risks with adaptive authentication. With respect to claim 5, Acharya discloses access may be limited to a recognized location such as an institution or corporation, wherein the devices may be in proximity via communication with near area communication like Bluetooth or wireless ethernet (¶0018, ¶0035, ¶0052). Acharya and Grosberg do(es) not explicitly disclose the webpage generates the icon based on the devices within short range wireless proximity. Ben Ayed, in order to harden the security of user login by considering location risks with adaptive authentication (col. 3 lines 24-32), discloses: the system of claim 1, wherein the webpage is configured to generate the icon responsive to the second user device being within short-range wireless communication range with the access control device (i.e., bringing an authenticating device and application device within Bluetooth signal strength threshold to determine proximity to uncloak or unlock a button in Ben Ayed, col. 5 line 55 to col. 6 line 7). Based on Acharya in view of Grosberg, and further in view of Ben Ayed, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to utilize the teachings of Ben Ayed to improve upon those of Acharya in order to harden the security of user login by considering location risks with adaptive authentication. With respect to claim 9, the limitation(s) of claim 9 are similar to those of claim(s) 4. Therefore, claim 9 is rejected with the same reasoning as claim(s) 4. With respect to claim 10, the limitation(s) of claim 10 are similar to those of claim(s) 5. Therefore, claim 10 is rejected with the same reasoning as claim(s) 5. With respect to claim 14, the limitation(s) of claim 14 are similar to those of claim(s) 4. Therefore, claim 14 is rejected with the same reasoning as claim(s) 4. With respect to claim 15, the limitation(s) of claim 15 are similar to those of claim(s) 5. Therefore, claim 15 is rejected with the same reasoning as claim(s) 5. Conclusion Applicant's amendment necessitated the new ground(s) of rejection presented in this Office action. Accordingly, THIS ACTION IS MADE FINAL. See MPEP § 706.07(a). Applicant is reminded of the extension of time policy as set forth in 37 CFR 1.136(a). A shortened statutory period for reply to this final action is set to expire THREE MONTHS from the mailing date of this action. In the event a first reply is filed within TWO MONTHS of the mailing date of this final action and the advisory action is not mailed until after the end of the THREE-MONTH shortened statutory period, then the shortened statutory period will expire on the date the advisory action is mailed, and any nonprovisional extension fee (37 CFR 1.17(a)) pursuant to 37 CFR 1.136(a) will be calculated from the mailing date of the advisory action. In no event, however, will the statutory period for reply expire later than SIX MONTHS from the mailing date of this final action. Any inquiry concerning this communication or earlier communications from the examiner should be directed to SHERMAN L LIN whose telephone number is (571)270-7446. The examiner can normally be reached Monday through Friday 9:00 AM - 5:00 PM (Eastern). Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice. If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Joon Hwang can be reached on 571-272-4036. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300. Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. Visit https://www.uspto.gov/patents/apply/patent-center for more information about Patent Center and https://www.uspto.gov/patents/docx for information about filing in DOCX format. For additional questions, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000. Sherman Lin 01/03/2026 /S. L./Examiner, Art Unit 2447 /JOON H HWANG/Supervisory Patent Examiner, Art Unit 2447