DETAILED ACTION
Notice of Pre-AIA or AIA Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .
This office action is in response to claims filed 12/11/2025. Claims 1-2, 4-11, 13-19, and 21-23 have been examined. This office action is Final.
Response to Amendments
Applicant's arguments filed 12/11/2025 have been fully considered but they are not persuasive.
Applicant's arguments on pages 8-12 fail to comply with 37 CFR 1.111(b) because they amount to a general allegation that the claims define a patentable invention without specifically pointing out how the language of the claims patentably distinguishes them from the references.
Claim Rejections - 35 USC § 103
In the event the determination of the status of the application as subject to AIA 35 U.S.C. 102 and 103 (or as subject to pre-AIA 35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis (i.e., changing from AIA to pre-AIA ) for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status.
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.
Claims 1-2, 4, 7-11, 13 and 16-19 are rejected under 35 U.S.C. 103 as being unpatentable over Thakkar (2018/0077142) in view of Fletcher (2018/0077142).
As per claim 1, a method comprising:
receiving a policy indicating multiple enterprise-managed applications that are capable of sharing tokens or cookies for user authentication (Thakkar: see fig. 1, para. 0071, 0082, 0107,
receiving a token policy indicating multiple enterprise applications that are capable of sharing tokens for user authentication);
receiving a token or a cookie indicating that a user is authenticated to access a first application from a first device of the multiple enterprise-managed applications, the token or the cookie being sharable across different devices associated with the user (Thakkar: para. 0076-0078, 0082, receiving a token).
Thakkar does not explicitly disclose providing the token or the cookie to a browser associated with a second application of the multiple enterprise-managed applications such that the second application refrains from causing the user to authenticate for access to the second application from a second device.
However, analogous art of Fletcher discloses providing the token or the cookie to a browser associated with a second application of the multiple enterprise-managed applications such that the second application refrains from causing the user to authenticate for access to the second application from a second device (Fletcher: para. 0143, 0152, refrains from causing the user to authenticate for access to the second application (i.e. SSO)).
It would have been obvious to one of ordinary skill before the effective filing date of the claimed invention to include providing the token or the cookie to a browser associated with a second application of the multiple enterprise-managed applications such that the second application refrains from causing the user to authenticate for access to the second application from a second device of Fletcher with the method/system of Fletcher, the motivation is that token exchange using a shared security improves SSO for mobile applications, thus sharing enhances SSO for mobile applications (Fletcher: para. 0007).
As per claim 2, Thakkar and Fletcher disclose the method of claim 1.
Fletcher further discloses wherein the browser is an embedded browser associated with the second application, the embedded browser utilized to authenticate the user for access to the second application (Fletcher: para. 0143, system browser (i.e. embedded browser)).
Same motivation as claim 1 above.
As per claim 4, Thakkar and Fletcher disclose the method of claim 1, wherein the token or the cookie is provided to the browser on the second device (Thakkar: para. 0082).
As per claim 7, Thakkar and Fletcher disclose the method of claim 1. Thakkar further discloses wherein the policy further indicates an enterprise-managed application that is restricted from sharing tokens or cookies for user authentication (Thakkar: para. 0071, sharing token).
As per claim 8, Thakkar and Fletcher disclose the method of claim 7. Thakkar further discloses comprising refraining from sharing the token or the cookie with an embedded browser associated with the enterprise-managed application based at least in part on the policy (Thakkar: para. 0071, sharing token).
As per claim 9, Thakkar and Fletcher disclose the method of claim 7.
Fletcher further discloses receiving a second token or a second cookie indicating that the user is authenticated to access the enterprise-managed application; and based at least in part on the policy, refraining from sharing the second token or the second cookie (Fletcher: para. 0143, 0152, refrains from causing the user to authenticate for access to the second application (i.e. SSO)).
Same motivation as claim 1 above.
As per claim 10, rejected under similar basis as claim 1 above.
As per claims 11 and 19, rejected under similar basis as claim 2 above.
As per claim 13, rejected under similar basis as claim 4 above.
As per claim 16, rejected under similar basis as claim 7 above.
As per claim 17, rejected under similar basis as claims 8-9.
As per claim 18, rejected under similar basis as claim 1 above.
Claims 6 and 15 rejected under 35 U.S.C. 103 as being unpatentable over Thakkar (2018/0077142) in view of Fletcher (2018/0077142), and further in view of Vlahovic (2021/0352097)
As per claim 6, Thakkar and Fletcher disclose the method of claim 1.
Thakkar and Fletcher do not explicitly disclose storing the token or the cookie in a location at an operating system level of a device utilized by the user to access the first application or the second application.
However, analogous art of Vlahovic storing the token or the cookie in a location at an operating system level of a device utilized by the user to access the first application or the second application (Vlahovic: para. 0081, storing token in operating system).
It would have been obvious to one of ordinary skill before the effective filing date of the claimed invention to include storing the token or the cookie in a location at an operating system level of a device utilized by the user to access the first application or the second application of Vlahovic with the method/system of Thakkar and Fletcher, the motivation is a security measure that protects sensitive data from unauthorized access (Vlahovic: para. 0081).
As per claim 15, rejected under similar basis as claim 6.
Claim Objections
Claims 5, 14, and 21-23 are objected to as being dependent upon a rejected base claim, but would be allowable if rewritten in independent form including all of the limitations of the base claim and any intervening claims.
Conclusion
Applicant's amendment necessitated the new ground(s) of rejection presented in this Office action. Accordingly, THIS ACTION IS MADE FINAL. See MPEP § 706.07(a). Applicant is reminded of the extension of time policy as set forth in 37 CFR 1.136(a).
A shortened statutory period for reply to this final action is set to expire THREE MONTHS from the mailing date of this action. In the event a first reply is filed within TWO MONTHS of the mailing date of this final action and the advisory action is not mailed until after the end of the THREE-MONTH shortened statutory period, then the shortened statutory period will expire on the date the advisory action is mailed, and any nonprovisional extension fee (37 CFR 1.17(a)) pursuant to 37 CFR 1.136(a) will be calculated from the mailing date of the advisory action. In no event, however, will the statutory period for reply expire later than SIX MONTHS from the mailing date of this final action.
Any inquiry concerning this communication or earlier communications from the examiner should be directed to JENISE E JACKSON whose telephone number is (571)272-3791. The examiner can normally be reached M-F 7:00am-3:30pm.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is
encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Philip J Chea can be reached at (571) 272-3951. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. Visit https://www.uspto.gov/patents/apply/patent-center for more information about Patent Center and https://www.uspto.gov/patents/docx for information about filing in DOCX format. For additional questions, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.
4/17/2026
/J.E.J/Examiner, Art Unit 2499 /PHILIP J CHEA/Supervisory Patent Examiner, Art Unit 2499