DETAILED ACTION
This Office Action is in response to the Amendment filed on February 05th, 2026.
In the event the determination of the status of the application as subject to AIA 35 U.S.C. 102 and 103 (or as subject to pre-AIA 35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status.
In the instant Amendment, claims 1-15 have been amended; claims 1, 8 & 12 are independent; and claims 16-19 were canceled. Claims 1-15 have been examined and are pending. This Action is made FINAL.
Notice of Pre-AIA or AIA Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .
Response to Arguments
The rejection of claim 1 under 35 U.S.C 101 is withdrawn as claim has been amended.
The rejection of claims 16-19 under 35 U.S.C 101 is withdrawn as claims have been canceled.
Applicant’s arguments, see pages 7-9, filed 02/05/2026, with respect to the rejection(s) of claim(s) 1-19 under 35 U.S.C. § 102(a)(1) have been fully considered and are persuasive. Therefore, the rejection has been withdrawn. However, upon further consideration, a new ground(s) of rejection is made in view of Balakrishnan.
Claim Rejections - 35 USC § 103
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.
Claim(s) 1-15 are rejected under 35 U.S.C. 103 as being unpatentable over Lim et al. (Lim), U.S. Pub. Number 2016/0239287, in view of Balakrishnan et al. (Balakrishnan), U.S. Pub. Number 2014/0208401.
Regarding claim 1; Lim discloses an integrated system (par. 0075; fig. 1; a network environment 100.) implemented on an electronic device with a processor and a memory connected to the processor, comprising
a plurality of connection modules and a first authentication module, wherein the plurality of connection modules are connected to at least one first business system included in a business system set, the first authentication module (par. 0157; a security server 601.) is connected to each first business system included in the business system set (par. 0157; an application market 602.), authentication information required for calling interfaces provided by the at least one first business system included in the business system set is the same (par. 0075; fig. 1; an electronic device 101.);
a first connection module is configured to send an authentication request to the first authentication module in response to acquiring a call instruction of a first interface (par. 0159; fig. 6; the electronic device 101 downloads and installs the application from the application market 602; the electronic device 101 downloads the security key from the application market 602.), the first interface is an interface of one first business system included in the business system set, the first connection module is a connection module connected to the first business system to which the first interface belongs in the plurality of connection modules, the authentication request comprises a connection module identifier, and the connection module identifier is configured to identify the first connection module (pars. 0160-0162; fig. 6; the electronic device 101 identifies the metadata and determines whether the downloaded first application is the application to be executed in the sandbox according to a result of the identification; the electronic device 101 transmits an authentication request for the first application to the security server 601; for instance, the authentication request may include an identifier of the first application and the security key; the electronic device 101 may transmit the authentication request including the application identifier and the encoded value.);
the first authentication module is configured to send an authentication result to the first connection module identified by the connection module identifier in response to acquiring the authentication request, the authentication result is obtained by authenticating in the first business system based on the authentication information in the first authentication module (pars. 0162-0163; fig. 6; the sandbox agent 314 may receive an authentication result from the security server 601; the security server 601 transmits an authentication result corresponding to the authentication request to the electronic device 101; the security server 601 transmits the authentication result including authentication success or authentication failure to the electronic device 101.); and
the first connection module is further configured to acquire the authentication result fed back from the first authentication module, and the authentication result is configured to call the first interface (par. 0164; fig. 6; the electronic device 101 identifies the authentication result, allocates the first application according to the authentication result; for instance, when the authentication is successful, the electronic device 101 may allocate the first application to the generated area and the sandbox.).
Lim fails to explicitly disclose the first authentication module is pre-configured with the authentication information; the first authentication module is configured to receive the authentication result sent by the first business system.
However, in the same field on endeavor, Balakrishnan discloses state driven orchestration of authentication components in an access manager comprising the first authentication module is pre-configured with the authentication information (Balakrishnan: par. 0043; in order to create a custom authentication module or view pre-configured authentication modules and/or plugins, user interface 300 is provided; user interface 300 would allow a user to view pre-configured authentication modules and their associated authentication steps and/or to edit or re-configure authentication modules to create custom authentication modules which fit specific user needs; a new custom authentication module may be defined using pre-configured or custom authentication steps through the user interface 300.); the first authentication module is configured to receive the authentication result sent by the first business system (Balakrishnan: par. 0051; each authentication step may include additional information as the orchestration configuration of authentication step within an authentication module is completed; such additional information can define different actions that may be taken when the execution of the authentication step results in success, failure, or error; for each authentication step, drop down menu 326, 328, and 330 may enable selection of proper actions to be taken for each scenario; for instance, drop down menu 326 may include different available actions to be selected upon successful operation of LDAP authentication step; upon successful operation of LDAP authentication step, another authentication step, i.e., RSA authentication step, may be selected to be operated; drop down menu 330 may provide available actions to be taken in case of an error in operation of the LDAP authentication step; available options presented by drop down menu 330 may include success to indicate successful authentication, failure to indicate failed authentication, or another authentication step name to be executed for further processing.).
Therefore, it would have been obvious to one of ordinary skill in the art before the filing of the claimed invention to combine the teaching of Balakrishnan into the device of Lim comprising the first authentication module is pre-configured with the authentication information; the first authentication module is configured to receive the authentication result sent by the first business system to provide secure and regulated access to resources in widely growing complex enterprise environments (Balakrishnan: par. 0009).
Regarding claim 2; Lim and Balakrishnan disclose the system according to claim 1, wherein Lim further discloses the first authentication module is further configured to send the authentication information to the first business system and acquire the authentication result fed back from the first business system after responding to acquiring the authentication request and before sending the authentication result to the first connection module identified by the connection module identifier (Lim: par. 0216; the application manager 241 refers to an authentication result when the application is executed; the electronic device 101 transmits an authentication request to a security server when the application is downloaded, and receives and stores an authentication result; when the application is executed, the application manager 241 determines whether to execute the application in the sandbox with reference to the stored authentication result; the application manager 241 determines to execute the application in the general area or the sandbox or whether to execute the application or not with reference to the stored authentication result.).
Regarding claim 3; Lim and Balakrishnan disclose the system according to claim 1, wherein Lim further discloses the authentication result comprises authorization information, and the first authentication module is further configured to send the authentication information to the first business system and acquire authorization information fed back from the first business system before sending the authentication result to the first connection module identified by the connection module identifier (Lim: par. 0164; the electronic device 101 identifies the authentication result, allocates the first application according to the authentication result.).
Regarding claim 4; Lim and Balakrishnan disclose the system according to claim 3, wherein Lim further discloses the authorization information has an effective time limit, and the first authentication module is further configured to send the authentication information to the first business system and acquire authorization information with updated effective time limit fed back from the first business system in response to determining that the effective time limit is less than a threshold (Lim: par. 0197; the security level is expressed by discrete values of 0, 1, and 2.).
Regarding claim 5; Lim and Balakrishnan disclose the system according to claim 1, wherein the first authentication module has a corresponding relationship with the first business system, and the first connection module is further configured to determine the first authentication module according to the corresponding relationship between the first authentication module and the first business system before sending the authentication request to the first authentication module (Lim: par. 0164; the electronic device 101 identifies the authentication result, allocates the first application according to the authentication result.).
Regarding claim 6; Lim and Balakrishnan disclose the system according to claim 1, wherein Lim further discloses the first connection module is pre-configured with a model identifier of the first authentication module, the model identifier is configured to identify the first authentication module, and the first connection module being configured to send the authentication request to the first authentication module comprises: the first connection module being configured to send the authentication request to the first authentication module identified by the model identifier (Lim: par. 0169; the developer electronic device 630 transmits the application identifier and the security key to the security server 601; the developer electronic device 601 registers the received application identifier and security key; the security server 601 stores correlation information between the application identifier and the security key; the security server 601 authenticates the authentication request received from the electronic device 101 by using the correlation information between the application identifier and the security key.).
Regarding claim 7; Lim and Balakrishnan disclose the system according to claim 1, wherein Lim further discloses the authentication result comprises authentication passing, and the first connection module is further configured to call the first interface based on the authentication result (Lim: par. 0225; when the authentication results in success, the electronic device 101 determines that the first application is properly installed and allocated.).
Regarding claim 8; Claim 8 is directed to an interface calling method which has similar scope as claim 1. Therefore, claim 8 remains un-patentable for the same reasons.
Regarding claims 9-11; Claims 9-11 are directed to the method according to claim 8 which have similar scope as claims 2-7. Therefore, claims 9-11 remain un-patentable for the same reasons.
Regarding claim 12; Claim 8 is directed to an authentication method which has similar scope as claim 1. Therefore, claim 12 remains un-patentable for the same reasons.
Regarding claims 13-15; Claims 13-15 are directed to the method according to claim 12 which have similar scope as claims 2-7. Therefore, claims 13-15 remain un-patentable for the same reasons.
Conclusion
Applicant's amendment necessitated the new ground(s) of rejection presented in this Office action. Accordingly, THIS ACTION IS MADE FINAL. See MPEP § 706.07(a). Applicant is reminded of the extension of time policy as set forth in 37 CFR 1.136(a).
A shortened statutory period for reply to this final action is set to expire THREE MONTHS from the mailing date of this action. In the event a first reply is filed within TWO MONTHS of the mailing date of this final action and the advisory action is not mailed until after the end of the THREE-MONTH shortened statutory period, then the shortened statutory period will expire on the date the advisory action is mailed, and any extension fee pursuant to 37 CFR 1.136(a) will be calculated from the mailing date of the advisory action. In no event, however, will the statutory period for reply expire later than SIX MONTHS from the date of this final action.
Any inquiry concerning this communication or earlier communications from the examiner should be directed to KHOI V LE whose telephone number is (571)270-5087. The examiner can normally be reached on 9:00 AM - 5:00 PM EST.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Shewaye Gelagay can be reached on 571-272-4219. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system. Status information for published applications may be obtained from either Private PAIR or Public PAIR. Status information for unpublished applications is available through Private PAIR only. For more information about the PAIR system, see http://pair-direct.uspto.gov. Should you have questions on access to the Private PAIR system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative or access to the automated information system, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.
/KHOI V LE/
Primary Examiner, Art Unit 2436