DETAILED ACTION


Notice of Pre-AIA  or AIA  Status

The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .

In the event the determination of the status of the application as subject to AIA  35 U.S.C. 102 and 103 (or as subject to pre-AIA  35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status.  

Information Disclosure Statement

1.	The information disclosure statement (IDS) submitted on 10/30/2018 was filed.  The submission is in compliance with the provisions of 37 CFR 1.97.  Accordingly, the information disclosure statement is being considered by the examiner.





Claim Rejections - 35 USC § 103

The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.


2.	Claim 1, 5-8, 10, 14-16, 18 are rejected under 35 U.S.C. 103 as being unpatentable over Pub.No.: US 2005/0060548 A1 to Allen in view of Patent No.: US 9,525,684 B1 to Brandwine.
Regarding claim 1, Allen discloses “a computer-implemented method comprising: receiving an access token request from an application”(receive session token request from web client application [Fig.7 item 710]), “the access token request including information identifying a session created prior to generation of the access token request”(receiving a user identifier that identifies a user and session state token information [Fig.7/item 710] prior to generation of session state token [Fig.7/item 712 ) ; “determining, using the session information, that the session is valid” (User identification and logon validation session information is checked by a Server by generating a mathematically Session-State token comprising identifier information [par.0044] which is verified for a match at figure 7/item 714) “and generating an access token in response to the determining that the session is valid”(generate session token and determine validity to allow access [Fig.7/item 714-716] see also par.0044]), “wherein the access token provides the application with access to a protected resource”(access is allowed [Fig.7/item 716]). 
Allen does not explicitly disclose “based on the information identifying the session, retrieving session information stored for the session.”  
However, Brandwine discloses “based on the information identifying the session, retrieving session information stored for the session” (information for the client device/session information is obtained/identified/retrieved fig.3/310 from data store, Brandwine [Col.7/lines 23-33]).
Therefore, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to modify the invention of Allen’s Session state Manager that creates an access token with Brandwine’s Token authentication process. One of ordinary skill in the art would have been motivated to combine because Allen teaches a tokens that receives an identifier within a session state prior to generating the access token, Brandwine discloses a token authentication process in which information identifies a token session, and authentication and both are from the same field of endeavor.
Regarding claim 5 in view of claim 1, the references combined disclose “wherein determining that the session is valid comprises: determining, based on the session information” at 304 the validation request includes information to validate request Such as by comparing the username and password combination to a set of username-password pairs stored in a data store for a resource or content provider Brandwine[Col.6/line 67 –Col.7/line 4]), “a session expiration time and a timeout duration”(time limits and other restrictions are imposed on session Brandwine [Col.3/lines 24-30]) ; “and determining that the session expiration time has not yet been reached and that the session has not timed out” (time limits and other restrictions are imposed on session Brandwine [Col.3/lines 24-30]).
Regarding claim 6 in view of claim 1, the references combined disclose “further comprising: identifying a server that created the session” (receiving a user identifier that identifies a user of a client of a server of a session state token Allen [Fig.7/item 710]); “and retrieving the session information through the server” (getting a user identifier session information of a client of the a server Allen [Fig.5/item 512]).
Regarding claim 7 in view of claim 1, the references combined disclose “wherein the server is part of a cluster in a data center, and wherein the server is identified using a cluster identifier associated with the cluster” (data store utilizes a distributed cluster environment Brandwine [Col.8/lines 45-50]).
Regarding claim 8 in view of claim 7, the references combined disclose “further comprising: determining the cluster identifier from the access token request” (data store utilizes a distributed cluster environment [Col.8/lines 45-50] comprising an access identifier Brandwine [Col.4/lines 40-48]).
Regarding claim 10  Allen discloses “a computer system(clients A,B,C,[Fig.2]) comprising: one or more processors(multiple processor computing systems[Fig.2]) ; (multiple memory coupled to processor systems [Fig.2]), the memory storing instructions that, when executed by the one or more processors, cause the one or more processors to: receive an access token request from an application” (receive session token request from web client application [Fig.710]), “the access token request including information identifying a session created prior to generation of the access token request” (receiving a user identifier that identifies a user and session state token information [Fig.7/item 710] prior to generation of session state token [Fig.7/item 712 ):  “determine, using the session information, that the session is valid” (User identification and logon validation session information is checked by a Server by generating a mathematically Session-State token comprising identifier information [par.0044] which is verified for a match at figure 7/item 714); “and generate an access token in response to the determining that the session is valid” (generate session token and determine validity to allow access [Fig.7/item 714-716] see also par.0044]), “wherein the access token provides the application with access to a protected resource” (access is allowed [Fig.7/item 716]).
Allen does not explicitly disclose “based on the information identifying the session, retrieve session information stored for the session.”
However, Brandwine discloses “based on the information identifying the session, retrieving session information stored for the session” (information for the client device/session information is obtained/identified/retrieved fig.3/310 from data store, Brandwine [Col.7/lines 23-33]).

Regarding claim 14 in view of claim 10, the references combined disclose “wherein determining that the session is valid comprises: determining, based on the session information” (at 304 the validation request includes information to validate request Such as by comparing the username and password combination to a set of username-password pairs stored in a data store for a resource or content provider Brandwine[Col.6/line 67 –Col.7/line 4]), “a session expiration time and a timeout duration” (time limits and other restrictions are imposed on session [Col.3/lines 24-30]); and determining that the session expiration time has not yet been reached and that the session has not timed out”(time limits and other restrictions are imposed on session [Col.3/lines 24-30]).
Regarding claim 15 in view of claim 10, the references combined disclose “wherein the instructions further cause the one or more processors to: identify a server that created the session” (receiving a user identifier that identifies a user of a client of a server of a session state token Allen[Fig.7/item 710]), “wherein the server is  (data store utilizes a distributed cluster environment Brandwine[Col.8/lines 45-50])., and wherein the server is identified using a cluster identifier associated with the cluster” (data store utilizes a distributed cluster environment [Col.8/lines 45-50] comprising an access identifier Brandwine[Col.4/lines 40-48]); and retrieve the session information through the server.” (getting user identifier session information of a client of the server Allen [Fig.5/item 512]).
Regarding claim 16 in view of claim 15, the references combined disclose “wherein the instructions further cause the one or more processors to: determine the cluster identifier from the access token request.” (data store utilizes a distributed cluster environment Brandwine [Col.8/lines 45-50] comprising an access identifier Brandwine [Col.4/lines 40-48]).
Regarding claim 18,  Allen discloses a non-transitory computer-readable storage medium storing instructions that, when executed by one or more processors of a computer system” (multiple memory coupled to processor systems [Fig.2]),“cause the one or more processors to perform processing comprising: receiving an access token request from an application” (receive session token request from web client application [Fig.710]), “the access token request including information identifying a session created prior to generation of the access token request” (receiving a user identifier that identifies a user and session state token information [Fig.7/item 710] prior to generation of session state token [Fig.7/item 712 ); “determining, using the session information, that the session is valid” (User identification and logon validation session information is checked by a Server by generating a mathematically Session-State token comprising identifier information [par.0044] which is verified for a match at figure 7/item 714):“and generating an access token in response to the determining that the session is valid” (generate session token and determine validity to allow access [Fig.7/item 714-716] see also par.0044]) “wherein the access token provides the application with access to a protected resource”(access is allowed [Fig.7/item 716]).
Allen does not explicitly disclose “based on the information identifying the session, retrieving session information stored for the session.”
However, Brandwine discloses “based on the information identifying the session, retrieving session information stored for the session” (information for the client device/session information is obtained/identified/retrieved fig.3/310 from data store, Brandwine [Col.7/lines 23-33]).
Therefore, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to modify the invention of Allen’s Session state Manager that creates an access token with Brandwine’s Token authentication process. One of ordinary skill in the art would have been motivated to combine because Allen teaches a tokens that receives an identifier within a session state prior to generating the access token, Brandwine discloses a token authentication process in which information identifies a token session, and authentication and both are from the same field of endeavor.
 
	Claims 2-4, 9, 11-13, 17, and 19-20 are rejected under 35 U.S.C. 103 as being unpatentable over Pub.No.: US 2005/0060548 A1 to Allen, in view of  Patent No.: US 9,525,684 B1 to Brandwine, in further view of Pub.No.: US 2017/0331829 A1 to LANDER (hereafter referenced as Lander).
Regarding claim 2 in view of claim 1, neither Allen nor Brandwine explicitly disclose “wherein the access token request includes a user identity token, the user identity token comprising the information identifying the session and information identifying a user.”
However, Lander in an analogous art discloses “wherein the access token request includes a user identity token” (microservice request access token and identity token Lander [par.0175]), “the user identity token comprising the information identifying the session and information identifying a user.”(identity token maps user authenticated identity Lander [par.0176]).
Therefore, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to modify the invention of Allen’s Session state Manager that creates an access token and Brandwine’s Token authentication process with Lander’s Multi-tent security token for a cloud service. One of ordinary skill in the art would have been motivated to combine because Allen teaches a token that receives an identifier within a session state prior to generating the access token, Brandwine discloses a token authentication process in which information identifies a token session, Lander discloses a user identity token used for validation and authentication and all are from the same field of endeavor.
claim 3  in view of claim 2, the references combined disclose “wherein determining that the session is valid comprises: identifying, based on the session information” receiving a user identifier that identifies a user of a client of a server of a session state token Allen[Fig.7/item 710], “a user associated with the session” (the component can analyze the token to ensure that the token includes valid information (e.g., for a valid session for the user associated with the request Brandwine[Col.2/lines 60-61]) ; “and determining that the user identified in the user identity token matches the user associated with the session.” (determine a match, based on the request, a tenancy of the client, a tenancy of the user, and a tenancy of the resource Lander [Fig.13/item 1304]).
Regarding claim 4 in view of claim 2, the references combined disclose “wherein the user identity token is a JavaScript Object Notation (JSON) Web Token” (token implemented according JSON functionality Lander [par.0145]).
Regarding claim 9, neither Allen nor Brandwine explicitly disclose “wherein the session is a single sign-on (SSO) session, and wherein the access token is an Open Authorization (OAuth) access token.”
However, Lander discloses “wherein the session is a single sign-on (SSO) session” (login/SSO service [Fig.1/item 128]), “and wherein the access token is an Open Authorization (OAuth) access token.”(API token Service Oauth [Fig.1/item 132]).

Regarding claim 11 in view of claim 10, the references combined disclose “wherein the instructions further cause the one or more processors to: store, as part of the session information, an association between the session and a user” (Session-state information of the user Allen [par.0025]).
Neither Allen nor Brandwine explicitly disclose “send a user identity token to the application, the user identity token comprising the information identifying the session and information identifying the user; and receive the user identity token in the access token request” 
However, Lander in an analogous art discloses “send a user identity token to the application” (microservice request access token and identity token Lander[par.0175]), “the user identity token comprising the information identifying the session and information identifying the user; and receive the user identity token in the  (identity token maps and comprises user authenticated identity Lander[par.0176]). 
Therefore, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to modify the invention of Allen’s Session state Manager that creates an access token and Brandwine’s Token authentication process with Lander’s Multi-tent security token for a cloud service. One of ordinary skill in the art would have been motivated to combine because Allen teaches a token that receives an identifier within a session state prior to generating the access token, Brandwine discloses a token authentication process in which information identifies a token session, Lander discloses a user identity token used for validation and authentication and all are from the same field of endeavor.
Regarding claim 12 in view of claim 11, the references combined discloses “wherein the user identity token is sent to the application in a header of a token response or in a session cookie” (application sends a message to authenticate a user ' s credentials and get a session cookie in return Lander[par.0092]).
Regarding claim 13 in view of claim 11, the references combined discloses “wherein determining that the session is valid comprises: identifying, based on the session information” (component can analyze the token to ensure that the token includes valid session information Brandwine[Col.2/lines 60-61]), “the user associated with the session” (the component can analyze the token to ensure that the token includes valid information (e.g., for a valid session for the user associated with the request Brandwine[Col.2/lines 60-61]); “and determining that (determine a match, based on the request , a tenancy of the client , a tenancy of the user , and a tenancy of the resource Lander [Fig.13/item 1304]).
Regarding claim 17 in view of claim 10, neither Allen nor Brandwine explicitly disclose “wherein the session is a single sign-on (SSO) session, and wherein the access token is an Open Authorization (OAuth) access token.”
However, Lander discloses “wherein the session is a single sign-on (SSO) session” (login/SSO service [Fig.1/item 128]), “and wherein the access token is an Open Authorization (OAuth) access token.”(API token Service Oauth [Fig.1/item 132]).
Therefore, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to modify the invention of Allen’s Session state Manager that creates an access token and Brandwine’s Token authentication process with Lander’s Multi-tent security token for a cloud service. One of ordinary skill in the art would have been motivated to combine because Allen teaches a token that receives an identifier within a session state prior to generating the access token, Brandwine discloses a token authentication process in which information identifies a token session, Lander discloses a user identity token used for validation and authentication and all are from the same field of endeavor.
Regarding claim 19 in view of claim 18, the references combined disclose “wherein the instructions further cause the one or more processors to perform (Session-state information can be stored at any one of, or any combination of user three tiers Allen[par.0025]).
Neither Allen nor Brandwine explicitly disclose “sending a user identity token to the application, the user identity token comprising the information identifying the session and information identifying the user; and receiving the user identity token in the access token request.”
However, Lander in an analogous art discloses “sending a user identity token to the application” (microservice request access token and identity token Lander[par.0175]), “the user identity token comprising the information identifying the session and information identifying the user; and receiving the user identity token in the access token request” (identity token maps and comprises user authenticated identity Lander[par.0176]). 
Therefore, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to modify the invention of Allen’s Session state Manager that creates an access token and Brandwine’s Token authentication process with Lander’s Multi-tent security token for a cloud service. One of ordinary skill in the art would have been motivated to combine because Allen teaches a token that receives an identifier within a session state prior to generating the access token, Brandwine discloses a token authentication process in which information identifies a token session, Lander discloses a user identity token used for validation and authentication and all are from the same field of endeavor.
 claim 20 in view of claim 18, neither Allen nor Brandwine explicitly disclose “wherein the session is a single sign-on (SSO) session, and wherein the access token is an Open Authorization (OAuth) access token.”
However, Lander discloses “wherein the session is a single sign-on (SSO) session” (login/SSO service [Fig.1/item 128]), “and wherein the access token is an Open Authorization (OAuth) access token.”(API token Service Oauth [Fig.1/item 132]).
Therefore, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to modify the invention of Allen’s Session state Manager that creates an access token and Brandwine’s Token authentication process with Lander’s Multi-tent security token for a cloud service. One of ordinary skill in the art would have been motivated to combine because Allen teaches a token that receives an identifier within a session state prior to generating the access token, Brandwine discloses a token authentication process in which information identifies a token session, Lander discloses a user identity token used for validation and authentication and all are from the same field of endeavor.

Conclusion

Any inquiry concerning this communication or earlier communications from the examiner should be directed to MICHAEL D ANDERSON whose telephone number is (571)270-5159.  The examiner can normally be reached on Mon-Fri 9am-6pm.

If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Jeffrey Nickerson can be reached on (469) 295-9235.  The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system.  Status information for published applications may be obtained from either Private PAIR or Public PAIR.  Status information for unpublished applications is available through Private PAIR only.  For more information about the PAIR system, see https://ppair-my.uspto.gov/pair/PrivatePair. Should you have questions on access to the Private PAIR system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative or access to the automated information system, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.






/MICHAEL D ANDERSON/Examiner, Art Unit 2432                                                                                                                                                                                                        
/MORSHED MEHEDI/Primary Examiner, Art Unit 2432