Notice of Pre-AIA  or AIA  Status
The present application is being examined under the pre-AIA  first to invent provisions.

In the event the determination of the status of the application as subject to AIA  35 U.S.C. 102 and 103 (or as subject to pre-AIA  35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status.

DETAILED ACTION
This is in response to applicant’s amendment filed on 10/30/2020 to Application #16/374,792 filed on 04/04/2019 in which claims 1-4, 7-11, 14-18, 21-26 are pending.

Status of Claims
Claims 1-4, 7-11, 14-18, 21-26 are pending, of which Claims 1-4, 7-11, 14-18, 21-26 are rejected under 35 U.S.C. 103.  Claims 5, 6, 12, 13, 19, 20 are canceled.

Prior Art Rejections - 35 USC § 102 and/or 35 USC § 103
In the event the determination of the status of the application as subject to AIA  35 U.S.C. 102 and 103 (or as subject to pre-AIA  35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis for the rejection will not be considered a new ground of 

Claim Rejections - 35 USC § 103
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.

This application currently names joint inventors. In considering patentability of the claims the examiner presumes that the subject matter of the various claims was commonly owned as of the effective filing date of the claimed invention(s) absent any evidence to the contrary.  Applicant is advised of the obligation under 37 CFR 1.56 to point out the inventor and effective filing dates of each claim that was not commonly owned as of the effective filing date of the later invention in order for the examiner to consider the applicability of 35 U.S.C. 102(b)(2)(C) for any potential 35 U.S.C. 102(a)(2) prior art against the later invention.

The following is a quotation of pre-AIA  35 U.S.C. 103(a) which forms the basis for all obviousness rejections set forth in this Office action:
(a) A patent may not be obtained though the invention is not identically disclosed or described as set forth in section 102, if the differences between the subject matter sought to be patented and the prior art are such that the subject matter as a whole would have been obvious at the time the invention was made to a person having ordinary skill in the art to which said subject matter pertains. Patentability shall not be negatived by the manner in which the invention was made.

This application currently names joint inventors. In considering patentability of the claims under pre-AIA  35 U.S.C. 103(a), the examiner presumes that the subject matter of the various claims was commonly owned at the time any inventions covered therein were made absent any evidence to the contrary.  Applicant is advised of the obligation under 37 CFR 1.56 to point out the inventor and invention dates of each claim that was not commonly owned at the time a later invention was made in order for the examiner to consider the applicability of pre-AIA  35 U.S.C. 103(c) and potential pre-AIA  35 U.S.C. 102(e), (f) or (g) prior art under pre-AIA  35 U.S.C. 103(a).

Claim(s) 1-4, 7-11, 14-18, 21-26 is/are rejected under pre-AIA  35 35 U.S.C. 103 as being unpatentable over Michaelides US Patent Application Publication No. 2005/0125677 in view of Rantapuska et al. US Patent Application Publication No. 2007/0019616.

Regarding Claim 1, Michaelides discloses:
A method for an authentication to a web service, comprising:
receiving, by a server, a request from a client device requesting an access to the web service [(Michaelides Par 27 Lines 1-4; Par 31 Lines 5-12; Fig 1 Items 27, 22, 23, 24; Fig 3 Items 51, 52, 53) where Michaelides teaches that a user, via a user workstation or client device, requests access to a web service on a web server, this request is then redirected to an authentication server for authentication, with the authentication server receiving the redirected request];
configuring, by the server, a communications path to the client device in response to the request requesting the access to the web service [(Michaelides Par 40 Lines 1-5; Fig 4 Items 55, 56 ) where Michaelides teaches that the authentication server with an authentication controller, configures a communications path to the user workstation or client device, sends form language to the user or client, and receives back information that the user fills out in the form language];
determining, by the server, whether the client device is authorized for the access to the web service, the determining resulting in a determination [(Michaelides Par 40 Lines 5-6; Fig 4 Items 56) where Michaelides teaches that the authentication server with an authentication controller, validates, confirms, or determines that the user workstation or client device is authorized for access to the web service on the web server];
sending, by the server, an authentication token to the client device via the communications path in response to the determination being that the client device is authorized for the access to the web service [(Michaelides Par 40 Lines 5-11; Fig 4 Items 56, 57) where Michaelides teaches that the authentication server with an authentication controller, validates, confirms, or determines that the user workstation or client device is authorized for access to the web service on the web server, and in response to this validation, generates a token as part of a parameter set that is sent to the user workstation or client device over the communication path]; and
closing, by the server, the communications path in response to the sending of the authentication token to the client device [(Michaelides Par 40 Lines 5-11; Fig 4 Items 56, 57) where Michaelides teaches the redirection of the user workstation or client device back to the web service on the web server, along with the parameter set that includes the generated token, which closes the communication path between the authentication server with an authentication controller and the user workstation or client device.

Michaelides does not appear to explicitly disclose:
a detection that the sent authentication token has been received by the client device

However Rantapuska et al. discloses:
a detection that the sent authentication token has been received by the client device [(Rantapuska et al. Par 16 Lines 9-17) where Rantapuska et al. teaches the detection or confirmation that a transmitted authentication token has been received and utilized by the network device to which it was sent].

Michaelides and Rantapuska et al. are analogous art because they are from the “same field of endeavor” and are from the same “problem-solving area,”.  Namely, they are both from the field of “information security”.

It would have been obvious to one of ordinary skill in the art before the time the claimed invention was made to combine the teachings of Michaelides and the teachings of Rantapuska et al. by providing a detection or confirmation that a transmitted authentication token has been received and utilized by the network device to which it was sent as taught by Rantapuska et al. in the teaching described by Michaelides.
The motivation for doing so would be to increase the usability and flexibility of Michaelides by providing a detection or confirmation that a transmitted authentication token has been received and utilized by the network device to which it was sent as taught by Rantapuska et al. in the teaching described by Michaelides so as to fully utilize and realize the purpose of the transmission of an authentication token to a network device.

Regarding Claim 2, most of the limitations of this claim have been noted in the rejection of Claim 1.  Applicant is directed to the rejection of Claim 1 above.  In addition, the combination of Michaelides and Rantapuska et al. discloses:
The method of claim 1, wherein the authentication token indicates that the client device is authorized for the access to the web service [(Michaelides Par 7 Lines 1-13; Par 27 Lines 1-4; Fig 1 Items 19, 22, 24, 27) where Michaelides teaches that the authentication token enables the user to access the target application or web service on the 3rd party web server].

Regarding Claim 3, most of the limitations of this claim have been noted in the rejection of Claim 1.  Applicant is directed to the rejection of Claim 1 above.  In addition, the combination of Michaelides and Rantapuska et al. discloses:
The method of claim 1, further comprising sending, by the server, the authentication token to a web services gateway that facilitates providing the web service [(Michaelides Par 27 Lines 1-4; Par 31 Lines 5-12; Fig 1 Items 27, 22, 23, 24; Fig 3 Items 51, 52, 53) where Michaelides teaches that a user, via a user workstation or client device, requests access to a web service on a vendor’s web services gateway server, this request is then redirected to an authentication server for authentication, with the authentication server receiving the redirected request, the authentication server then sending an authentication token to the vendor’s web services gateway server, which then provides access to the web service by the user].

Regarding Claim 4, most of the limitations of this claim have been noted in the rejection of Claim 1.  Applicant is directed to the rejection of Claim 1 above.  In addition, the combination of Michaelides and Rantapuska et al. discloses:
The method of claim 1, further comprising associating, by the server, the client device to the web service [(Michaelides Par 27 Lines 1-4; Par 31 Lines 5-12; Fig 1 Items 27, 22, 23, 24; Fig 3 Items 51, 52, 53) where Michaelides teaches that a user, via a user workstation or client device, requests access to a web service on a web server, this request is then redirected to an authentication server for authentication, with the authentication server receiving the redirected request, the very action of the user workstation or client device making a request to the web service running on the web server, associates the user workstation or client device to the web service].

Regarding Claim 7, most of the limitations of this claim have been noted in the rejection of Claim 1.  Applicant is directed to the rejection of Claim 1 above.  In addition, the combination of Michaelides and Rantapuska et al. discloses:
The method of claim 1, further comprising sending, by the server, the authentication token to a device that facilitates providing the web service [(Michaelides Par 31 Lines 5-12; Fig 1 Items 19, 22, 23, 24, 27) where Michaelides teaches that the authentication token is sent from the authentication server to a web server that provides or facilitates the web service to the user].

Regarding Claim 8:
It is a system claim corresponding to the method claim of claim 1. Therefore, claim 8 is rejected with the same rationale as applied against claim 1 above.
In addition, Michaelides discloses:
a hardware processor; and a memory device, the memory device storing instructions, the instructions when executed causing the hardware processor to perform operations, the operations comprising [(Michaelides Abstract Lines 1-3; Fig 1 Items 21, 22, 27, 28) where Michaelides teaches multiple physical hardware components of the overall system, for example Item 22, for which it is inherent that a User Workstation would have both a hardware processor and a memory storing executable instructions, in order to provide a physical interface to the User Item 27, which is drawn as a person, and for example Item 21, for which it is inherent that a System Administrator Workstation with a graphical user interface would have both a hardware processor and a memory storing executable instructions, in order to provide a physical graphical user interface to the System Administrator Item 28, which is drawn as a person]:

Regarding Claim 9:
It is a system claim corresponding to the method claim of claim 2. Therefore, claim 9 is rejected with the same rationale as applied against claim 2 above.

Regarding Claim 10:
It is a system claim corresponding to the method claim of claim 3. Therefore, claim 10 is rejected with the same rationale as applied against claim 3 above.

Regarding Claim 11:
It is a system claim corresponding to the method claim of claim 4. Therefore, claim 11 is rejected with the same rationale as applied against claim 4 above.

Regarding Claim 14:
It is a system claim corresponding to the method claim of claim 7. Therefore, claim 14 is rejected with the same rationale as applied against claim 7 above.

Regarding Claim 15:
It is a medium claim corresponding to the method claim of claim 1.  Therefore, claim 15 is rejected with the same rationale as applied against claim 1 above.

Regarding Claim 16:
It is a medium claim corresponding to the method claim of claim 2.  Therefore, claim 16 is rejected with the same rationale as applied against claim 2 above.

Regarding Claim 17:
It is a medium claim corresponding to the method claim of claim 3.  Therefore, claim 17 is rejected with the same rationale as applied against claim 3 above.

Regarding Claim 18:
It is a medium claim corresponding to the method claim of claim 4.  Therefore, claim 18 is rejected with the same rationale as applied against claim 4 above.

Regarding Claim 21, most of the limitations of this claim have been noted in the rejection of Claim 1.  Applicant is directed to the rejection of Claim 1 above.  In addition, the combination of Michaelides and Rantapuska et al. discloses:
The method of claim 1, wherein the client device comprises a smartphone, an Internet appliance, a set top box, a home security system, a home management device, or vehicle electronics [(Rantapuska et al. Par 55 Lines 1-11) where Rantapuska et al. teaches the use of a mobile phone or smart phone capable of running a custom user application].

Regarding Claim 22, most of the limitations of this claim have been noted in the rejection of Claim 21.  Applicant is directed to the rejection of Claim 21 above.  In addition, the combination of Michaelides and Rantapuska et al. discloses:
The method of claim 21, wherein the client device further comprises a browser [(Michaelides Par 39 Lines 1-5; Fig 1 Items 19, 22, 23, 27, Fig 3, Fig 4) where Michaelides teaches the accessing by a user workstation or client decive of an URL at a third part application site or 3rd party web server, of which URLs or Web Browser Universal Resource Locaters are accessed via a web browser].

Regarding Claim 23:
It is a system claim corresponding to the method claim of claim 21. Therefore, claim 23 is rejected with the same rationale as applied against claim 21 above.

Regarding Claim 24:
It is a system claim corresponding to the method claim of claim 22. Therefore, claim 24 is rejected with the same rationale as applied against claim 22 above.

Regarding Claim 25:
It is a medium claim corresponding to the method claim of claim 21.  Therefore, claim 25 is rejected with the same rationale as applied against claim 21 above.

Regarding Claim 26:
It is a medium claim corresponding to the method claim of claim 22.  Therefore, claim 26 is rejected with the same rationale as applied against claim 22 above.

Response to Arguments
Applicant’s arguments filed 10/30/2020 have been fully considered but are not fully persuasive.

The Objections to the Claims have been removed by the examiner due to applicant’s amendments to the claims.

On Pages 7-10 of Applicant’s response, applicant argues that the cited prior art does not teach “closing the communications path in response to a detection that the authentication token has been received by the client device”, as taught in amended Independent Claims 1, 8, and 15.  Since additional new prior art has been added to demonstrate the teaching of this limitation, this argument by the applicant is rendered moot. 

Since 35 U.S.C. 103 rejections are maintained on Independent Claims 1, 8, and 15, they are also maintained on the dependent Claims 2-4, 7,  21-22, and 8-11, 14, 23-24, and 15-18, 25-26.

Conclusion
The prior art made of record and not relied upon is considered pertinent to applicant's disclosure.
Buer - US 2007/0118891: Buer teaches the use of a Universal Authentication Token for authenticating a device.
Silvester - US 2003/0172271: Silvester teaches wireless device setup and authentication procedures.

Applicant's amendment necessitated the new ground(s) of rejection presented in this Office action.  Accordingly, THIS ACTION IS MADE FINAL.  See MPEP § 706.07(a).  Applicant is reminded of the extension of time policy as set forth in 37 CFR 1.136(a).  
A shortened statutory period for reply to this final action is set to expire THREE MONTHS from the mailing date of this action.  In the event a first reply is filed within TWO MONTHS of the mailing date of this final action and the advisory action is not mailed until after the end of the THREE-MONTH shortened statutory period, then the shortened statutory period will expire on the date the advisory action is mailed, and any extension fee pursuant to 37 CFR 1.136(a) will be calculated from the mailing date of the advisory action.  In no event, however, will the statutory period for reply expire later than SIX MONTHS from the date of this final action.

Any inquiry concerning this communication or earlier communications from the examiner should be directed to BRADLEY HOLDER whose telephone number is 571-270-3789.  The examiner can normally be reached on Monday-Friday 10:00AM-7:00PM Eastern Time.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Yin-Chen Shaw can be reached on (571) 272-8593.  The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system.  Status information for published applications may be obtained from either Private PAIR or Public PAIR.  Status information for unpublished applications is available through Private PAIR only.  For more information about the PAIR system, see http://pair-direct.uspto.gov. Should you have questions on access to the Private PAIR system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative or access to the automated information system, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.

/BRADLEY W HOLDER/
Primary Examiner, Art Unit 2498