DETAILED ACTION
Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .
Continued Examination Under 37 CFR 1.114
A request for continued examination (RCE) under 37 CFR 1.114, including the fee set forth in 37 CFR 1.17(e), was filed in this application after final rejection.  Since this application is eligible for continued examination under 37 CFR 1.114, and the fee set forth in 37 CFR 1.17(e) has been timely paid, the finality of the previous Office action has been withdrawn pursuant to 37 CFR 1.114.  Applicant's submission filed on September 28, 2020 has been entered.
 Response to Amendments
	This office action is responsive to application 15/937,643 where the Applicant filed an RCE on October 21, 2020 for the corresponding amendments filed on September 28, 2020.  Claims 1, 8, and 21 were amended, and claims 1-14 and 21-26 remain pending in the application.
Response to Arguments
	The Applicant’s arguments filed in association with the RCE have been fully considered, and the Examiner responds as provided below.
	Regarding the Applicant’s response at pages 9-12 of the Remarks that concerns the § 103 rejection of the pending claims, the Applicant’s arguments in conjunction with the claim amendments are persuasive, and consequently the Examiner conducted a new prior art search. The Applicant’s arguments are now moot with respect to the 
Claim Rejections - 35 USC § 103
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.

(NOTE: within the Examiner’s parenthetical explanations below, material within quotation marks is language quoted from the prior art reference, underlined material is language quoted from the claims, and material within brackets is material altered from either a prior art reference or a claim.  Regarding the reconstruction of the claims, a numbered footnote indicates a primary phrase to be first moved upwards to the first cited reference, while a lettered footnote indicates a secondary phrase to be moved after the movement of the primary phrase from which it was lifted.  Or more succinctly, move numbered material first, lettered material last.)
A.	Claims 1-14 and 21-26 are rejected under 35 U.S.C. 103 as being unpatentable over D et al. (US 2019/0007421, “D”) in view of Vangpat et al. (US 2012/0144501, “Vangpat”).
Regarding Claim 1
D discloses A system (abstract, Fig. 1) in at least one server (Fig. 1, ¶¶ [0025]-[0026], i.e., “authorization server 102” and “resource server 112”) for managing access to…1 (Fig. 1, ¶¶ [0025]-[0028], e.g., “authorization server 102 employs refresh token rotation by , comprising: 
one or more memory devices (Fig. 7, ¶ [0160], “memory 704” and/or “storage unit 712”) configured to store program logic (Fig. 7, ¶ [0158], “program code 714”); and 
one or more processors (Fig. 7, ¶ [0157], “CPU 702”) operable to access the one or more memory devices and to execute the program logic (¶¶ [0157]-[0160], “Program code 714 is then downloaded into client computers (e.g., computer 102) that will execute program code 714.”), 
the program logic (Fig. 7, ¶ [0158]) comprising: 
an authorization manager configured (Fig. 7, ¶¶ [0157]-[0160], i.e., this is a means-plus-function format where the functionality is achieved by the structure comprising the memory and processors recited within the claim, and this structure is taught by D to execute software that acts as an authorization manager to achieve the recited functionality; the authorization manager is configured to function within the structure associated with the “authorization server 102” at Fig. 1, ¶ [0025]) to receive a first request (Fig. 6, ¶¶ [0129]-[0136], i.e., step 614) from a client (Figs. 1 & 6, ¶¶ [0025], [0129], “client 106”), 
the first request including an authorization token (Fig. 6, ¶¶ [0129]-[0136], i.e., the combination of a “username” and “password” create an authorization token, noting that credential within these claims are equivalent to a “token” within D), and 
to determine whether an application (Figs 1 & 6, ¶¶ [0026], [0127], i.e., “app instance 604”) in the client…2 (Figs. 1 & 6); and 
a shared access credential generator (Fig. 7, ¶¶ [0157]-[0160], i.e., this is a means-plus-function format where the functionality is achieved by the structure comprising the memory and processors recited within the claim, and this structure is taught by D to execute software that acts as an shared access credential generator to achieve the recited functionality; the shared access credential generator is configured to function within the structure associated with the “authorization server 102” at Fig. 1, ¶ [0026]) configured to, in response to determining the application to be authorized to access the stored object based on the authorization token (as disclosed by Vangpat Fig. 2 ¶ [0056] below), 
generate a replacement shared access credential (Fig. 6, ¶ [0137], “authorization server 102 generates the requested two access and refresh token pairs;” Fig. 1, ¶ [0026], “ Authorization system 104 supports an OAuth 2.0 framework along with an extension to the framework that ensures that valid token(s) [that act as a credential] are shared across all of application instances 110-1, . . . , 110-N;” and Fig. 2B, ¶¶ [0053]-[0054], i.e., the generation of a new token in step 224 if a token is found to be expired as step 222, and thus the token is a replacement … credential) to replace a prior-generated shared access credential associated with the stored object (Fig. 2B, ¶¶ [0053]-[0054]) and 
configured to be presented by the application to enable access to the stored object (Fig. 6, ¶ [0144], “In step 628, resource server 112 sends to first app instance 604 a response to the request sent in step 626, where the response authorizes stored object of Vangpat below] provided by resource server 112.”), 
each shared access credential (at least Fig. 6, ¶ [0137]) being shareable (Fig. 1, ¶¶ [0025]-[0028], i.e., shareable amongst the “application instances 110-1,…, 110-N”) in that any entity having a user account and possessing the shared access credential is enabled to access the stored object (Fig. 6, ¶¶ [0129]-[0136], i.e., by means of any entity having a user account associated with the individual possessing a “username” and “password,” the generated “tokens”/credentials enable access [to] the stored object within “resource server 112”), 
associate the replacement shared access credential with the stored object (Fig. 2, ¶ [0039], “In step 214, based on the access and refresh token [or credential] pairs being [associate[d] with accessible resources/stored objects and being] sent in step 208, application instances 110-1, . . . , 110-N (see FIG. 1) access respective computing resources provided by resource server 112 (see FIG. 1) by using the access and refresh token pairs received in step 212;” see also Vangpat ¶ [0056], “The second access token [or credential] is considered to be one that is associated with expanded, enhanced, or increased data access capabilities granted to the client module 202.”), and 
provide the replacement shared access credential to the client (Fig. 6, ¶¶ [0138]-[0140], “In step 618, authorization server 102 sends to client 106 a response to the request received in step 614, where the response includes the first and second pairs of access and refresh tokens [or credential].”).
D doesn’t disclose
1 … a stored object,
	2 …is authorized to access the stored object (of Vangpat) based upon the authorization token;
Vangpat, however, discloses
	1 … a stored object (Fig. 2, ¶¶ [0050]-[0052], “The resource server 206 is suitably designed to host the protected data [as a stored object] and to provide access to the protected data in accordance with certain data access attributes associated with access tokens received from the client module 202.”),
	2 …is authorized to access the stored object based upon the authorization token (Fig. 2, ¶ [0056], “The server module 204 processes the client credentials [such as the username and password disclosed in D] and/or the assertion to validate the client module 202.”);
	Regarding the combination of D and Vangpat, it would have been obvious for one of ordinary skill in the art before the effective filing date of the claimed invention to have modified the credential system of D to have included the authentication system of Vangpat to access stored objects. One of ordinary skill in the art would have been motivated to incorporate the authentication system of Vangpat because D teaches the use of a username and password, see D ¶¶ [0135]-[0136], but D is silent to how they are used for authentication; it would be obvious to one skilled in the art to authorize the access to stored objects based upon a username and password to access resources as explicitly taught by Vangpat.  
Regarding Claim 2
D in view of Vangpat (“D-Vangpat”) discloses the system of claim 1, and D further discloses 
wherein the program logic (Fig. 7, ¶ [0158]) further comprises: 
a storage access manager (Fig. 7, ¶¶ [0157]-[0160], i.e., this is a means-plus-function format where the functionality is achieved by the structure comprising the memory and processors recited within the claim 1, and this structure is taught by D to execute software that acts as an storage access manager to achieve the recited functionality; the storage access manager is configured to function within the structure associated with the “resource server 112” at Fig. 1, ¶ [0026]) configured to receive a second request from the client (Fig. 6, ¶ [0143], “In step 626, first app instance 604 sends a GET /resource/1 request [that acts as a second request from the client] to resource server 112…”), 
the second request including the replacement shared access credential and attempting to access the stored object (Fig. 6, ¶ [0143], “In step 626, first app instance 604 sends a GET /resource/1 request to resource server 112 to obtain access to a first resource provided by resource server 112, where the request indicates token 1,” i.e., “token 1” acts as the credential that is included in the “1 request” to access the stored object that is located in the “resource server 112”);AMENDMENT AND REPLYPage 3 
Serial No. 15/937,643Attorney Docket No.: 403792-US-NPFiling Date: March 27, 2018Title: SYSTEM AND METHOD FOR MANAGING ACCESS TO STORED OBJECTSdetermine the application is authorized to access the stored object based on the replacement shared access credential received in the second request (Fig. 6, ¶ [0144], “In step 628, resource server 112 sends to first app instance 604 a response to the request sent in step 626, where the response authorizes first app instance 604 to access the aforementioned first resource provided by resource server 112,” i.e., the determin[ation that] the application is authorized to access the stored object); and 
enable access to the stored object by the application at the client (Fig. 6, ¶ [0144], “… authorizes first app instance 604 to access [and thereby enable] the aforementioned first resource provided by resource server 112.”).  
Regarding Claim 3
D-Vangpat discloses the system of claim 2, and D further discloses 
wherein the storage access manager (Figs. 1 & 7, ¶¶ [0026], [0157]-[0160]) is further configured to: 
receive a third request from the client (Fig. 6, ¶ [0147], “In step 634, second app instance 606 sends a GET /resource/1 request [as a third request] to resource server 112…”), 
the third request including the replacement shared access credential and attempting to access the stored object (Fig. 6, ¶ [0147], “In step 634, second app instance 606 sends a GET /resource/1 request [as a third request] to resource server 112 to obtain access to a second resource provided by resource server 112, where the request indicates token 2 [as the replacement shared access credential];” and Fig. 1, ¶ [0025], “FIG. 1 is a block diagram of a system 100 for sharing valid token(s) across multiple application instances in a dynamically scalable environment;” i.e., “token 1” and “token 2” can be a “shar[ed] valid[] token,” in which case the two tokens represent the same replacement shared access credential); 
determine the application is authorized to access the stored object based on the replacement shared access credential received in the third request (Fig. 6, ¶ [0148], “In determin[ation that] the application is authorized to access the stored object); and 
enable access to the stored object by the application at the client (Fig. 6, ¶ [0148], “…authorizes second app instance 606 to access [and thereby enable] the aforementioned second resource provided by resource server 112”).  
Regarding Claim 4
D-Vangpat discloses the system of claim 2, and D further discloses 
wherein the authorization manager (Figs. 1 & 7, ¶¶ [0025], [0157]-[0160]) is further configured to: 
determine from the authorization token one or more conditions for the replacement shared access credential (¶ [0139], i.e., at step 618, a response is created by the authorization server that includes ““expires_in”:3600” as a time condition established for the “tokens”/replacement shared access credential that was determined from the authorization token, which was previously received in step 614); and 
provide the one or more conditions to the storage access manager (Fig. 6, ¶ [0143], i.e., “token 1” that acts as a replacement shared access credential is provide[d] in “step 626” to the storage access manager whose functionality is implemented by the processors and memory within the “resource server 112”).  
Regarding Claim 5
D-Vangpat discloses the system of claim 4, and D further discloses 
wherein the one or more conditions include at least one of: 
a time interval for which the replacement shared access credential is valid (¶ [0139], i.e., ““expires_in”:3600”, noting only one element need be taught with the limitation of at least one of), 
a permission granted by the replacement shared access credential for access to the stored object, 
a network address from which the stored object may be accessed using the replacement shared access credential, or 
a communication protocol by which the stored object may be accessed using the replacement shared access credential.  
Regarding Claim 6
D-Vangpat discloses the system of claim 4, and D further discloses 
wherein the storage access manager (Figs. 1 & 7, ¶¶ [0026], [0157]-[0160]) is configured to:
receive the second request from the application at the client (Fig. 6, ¶ [0143], “In step 626, first app instance 604 [at the client or “client 106”] sends a GET /resource/1 request [that acts as a second request from the client] to resource server 112…”), 
the second request including the replacement shared access credential (Fig. 6, ¶ [0143], “…where the request indicates token 1” that acts as the replacement shared access credential); 
evaluate the one or more conditions to determine whether the application is authorized to access the stored object (¶ [0139], i.e., if the time of “expires_in” is exceeded, then the token is no longer valid and the application will not be authorized to access the stored object; see also Fig. 4, ¶ [086], i.e., where tokens can be revoked and authoriz[ation] will fail).  
Regarding Claim 7
D-Vangpat discloses the system of claim 1, and D further discloses
wherein the shared access credential generator (Figs. 1 & 7, ¶¶ [0025], [0157]-[0160]) is configured to: 
receive a second request from the client (Figs. 2A & 2B, ¶¶ [0034], [0051],  i.e., step 218 represents a second request where the first request is received at step 204), 
the second request including the authorization token (¶ [0052], “In step 220, authorization system 104 (see FIG. 1) validates an existing access token which is bound [via the authorization token that relates to user account information] to a refresh token.”); 
generate a second replacement shared access credential for the stored object to replace the prior-generated replacement shared access credential (Figs. 2A & 2B, ¶¶ [0053]-[0054], “In step 224, authorization system 104 (see FIG. 1) generates a new access token” that serves as a second replacement shared access credential); and 
provide the second replacement shared access credential to the client (¶ [0054], “In step 226, authorization system 104 (see FIG. 1) sends the new access token to client 106 (see FIG. 1).”).
Regarding Independent Claim 8 and Dependent Claims 9-10 and 12-14
With respect to independent claim 8 and dependent claims 9-10 and 12-14, a corresponding reasoning as given earlier for independent claim 1 dependent claims 2-3 and 5-7 applies, mutatis mutandis, to the subject matter of claims 8-10 and 12-14. 
Regarding Claim 11
D-Vangpat discloses the method of claim 8, and D further discloses
further comprising: determining from the authorization token one or more conditions for the replacement shared access credential (¶ [0139], i.e., at step 618, a response is created by the authorization server that includes ““expires_in”:3600” as a time condition established for the “tokens”/replacement shared access credential that was determined from the authorization token, which was previously received in step 614); and 
maintaining the one or more conditions at the at least one server (Fig. 2B, ¶ [0058], “Returning to step 222, authorization system 104 (see FIG. 1) determines that the existing access token is valid (i.e., determines that the existing access token is not expired)…,” i.e., if the “token is valid,” then the condition involving time has been maintained for either or both of the “authorization server 102” or the “resource server 112”).
Regarding Independent Claim 21 and Dependent Claims 22-23 and 25-26
With respect to independent claim 21 and dependent claims 22-23 and 25-26, a corresponding reasoning as given earlier for independent claim 1 dependent claims 2-3 and 5-6 applies, mutatis mutandis, to the subject matter of claims 21-23 and 25-26. Therefore, claims 21-23 and 25-26 are rejected, for similar reasons, under the grounds set forth for claims 1-3 and 5-6. 

Regarding Dependent Claim 24
With respect to dependent claim 24, a corresponding reasoning as given earlier for dependent claim 11 applies, mutatis mutandis, to the subject matter of claim 24. Therefore, claim 24 is rejected, for similar reasons, under the grounds set forth for claim 11.
Additional Prior Art References
	The Examiner makes of record US 10,044,723 to Fisher et al. and US 2019/0132317 to Berezin et al. because each discloses the use of an authorization server that manages authorization tokens/credentials for remote servers.
Conclusion
Any inquiry concerning this communication or earlier communications from the examiner should be directed to D'ARCY WINSTON STRAUB whose telephone number is (303)297-4405.  The examiner can normally be reached on Monday-Friday 8:00-5:00 MT.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, ASHOKKUMAR B PATEL can be reached on (571)272-3972.  The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.




/D'Arcy Winston Straub/Examiner, Art Unit 2491                                                                                                                                                                                                        


/ASHOKKUMAR B PATEL/Supervisory Patent Examiner, Art Unit 2491