DETAILED ACTION
1.	This office action is in response to the communication filed on 02/10/2021.

Notice of Pre-AIA  or AIA  Status
2.	The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .  

Allowable Subject Matter
3.	Claims 1-24 are allowed.

4.	The following is an examiner’s statement of reasons for allowance: 
The present invention is directed toward a method to protect sensitive information during a single sign-on (SSO) process flow initiated from a client and directed to an authorization server configured to issue an access token upon verification of a credential.  Independent claims 1, 9 and 17 identify the uniquely distinct features for receiving a message that includes an access token having been issued by an authorization server upon verification of a credential associated with a client user; replacing the access token with a data string to create a modified message in response to receiving the message; forwarding the modified message to the client; saving the data string and the access token; subsequently receiving from the client a response to the modified message, the response including the data string; and responsive to receiving the response, identifying the data string as being associated with the access token, replacing the data string with the access token to create a modified response, in combination with the remaining limitations of the independent claims are not found in and/or are not obvious in view of the closest recorded prior arts.
One of the closest prior art, Sanganabhatla (US 20180212956 A1), discloses a method to use an anonymous token for authentication to protect user sensitive information, wherein a browser retrieves the user data associated with the anonymous token, and automatically logs in the user when detecting a user session associated with the anonymous token to be initiated. The other closest prior art, Spaulding et al. (US 20170155655 A1), discloses a method for replacing a token with a mask value, wherein the mask value is transmitted to a client device rather than the token. However, either singularly or in combination, Sanganabhatla and/or Spaulding et al. do/does not disclose the above uniquely distinct features taken in combination with the remaining limitations of the independent claim(s).
Therefore, claims 1, 9, 17, and the respective dependent claims 2-8, 10-16, 18-24 are in condition for allowance.

Conclusion
Any comments considered necessary by applicant must be submitted no later than the payment of the issue fee and, to avoid processing delays, should preferably accompany the issue fee.  Such submissions should be clearly labeled “Comments on Statement of Reasons for Allowance”.

If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, KRISTINE KINCAID, can be reached on 571-272-4063.  The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system.  Status information for published applications may be obtained from either Private PAIR or Public PAIR.  Status information for unpublished applications is available through Private PAIR only.  For more information about the PAIR system, see http://pair-direct.uspto.gov. Should you have questions on access to the Private PAIR system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative or access to the automated information system, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000. 

/HUAN V DOAN/Primary Examiner, Art Unit 2437