DETAILED ACTION
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .
The amendment filed 2/3/2021 has been placed of record in the file.
Claims 1, 11, 13, and 23 have been amended.
Claims 12 and 24 have been canceled.
Claims 1-11 and 13-23 are now pending.
The double patenting rejection remains of record.
The applicant’s arguments with respect to claims 1-11 and 13-23 have been considered but are moot in view of the following new grounds of rejection.

Continued Examination Under 37 CFR 1.114
A request for continued examination under 37 CFR 1.114, including the fee set forth in 37 CFR 1.17(e), was filed in this application after final rejection.  Since this application is eligible for continued examination under 37 CFR 1.114, and the fee set forth in 37 CFR 1.17(e) has been timely paid, the finality of the previous Office action has been withdrawn pursuant to 37 CFR 1.114.  Applicant's submission filed on 2/3/2021 has been entered.

Claim Rejections - 35 USC § 103
9.	In the event the determination of the status of the application as subject to AIA  35 U.S.C. 102 and 103 (or as subject to pre-AIA  35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status.  

A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.

11.	Claims 1-11 and 13-23 are rejected under 35 U.S.C. 103 as being unpatentable over Yanacek et al. (U.S. Patent Number 9,569,634), hereinafter referred to as Yanacek, in view of Odenheimer et al. (U.S. Patent Application Publication Number 2019/0379663), hereinafter referred to as Odenheimer.
Yanacek disclosed techniques for implementing fine-grained data access using federated identity.  In an analogous art, Odenheimer disclosed techniques for mediated authentication using service-specific tokens.  Both systems are directed to authentication and authorization for user access to services.
Regarding claim 1, Yanacek discloses a method of authenticating a client and authorizing the client to access a service of a service provider, comprising: receiving, at a processor of a central authority separate from the client and the service provider, an access request from the client, the access request identifying at least one of a client user and a client process (column 4, lines 37-42, application client requests access from delegation service); evaluating, by the processor, the access request to determine that the at least one of the client user and the client process complies with an access policy for the service provider (column 4, lines 37-42, determines whether to issue access credential, and column 4, lines 23-26, delegation policy); in response to determining that the at least one of the client user and the client process complies with the access policy, generating, by the processor, a credential including a key (column 4, lines 49-51, delegated access credential); sending, by the processor, the credential to 
Yanacek does not explicitly state in response to the validating, identifying, by the processor, a service provider access key that triggers the service provider to provide the client with access to the service, and sending the message including the service provider access key to the client, wherein the client is configured to provide the service provider access key in a subsequent request to the service.  However, granting additional service-specific access tokens to a user in such a fashion was well known in the art as evidenced by Odenheimer.  Since the inventions encompass the same field of endeavor, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to modify the system of Yanacek by adding the ability for in response to the validating, identifying, by the processor, a service provider access key that triggers the service provider to provide the client with access to the service, and sending the message including the service provider access key to the client, wherein the client is configured to provide the service provider access key in a subsequent request to the service as provided by Odenheimer (see paragraph 29, authenticates user via SSO token, and paragraph 31, grants cloud token, and paragraph 32, cloud token passed to browser and browser sends second request for service including cloud token).  One of ordinary skill in the art would have recognized the benefit that managing access through a trusted provider would 
Regarding claim 2, the combination of Yanacek and Odenheimer discloses wherein the access request further identifies the service provider from among a plurality of service providers associated with the central authority (Yanacek, column 9, lines 9-19, multiple application providers maintain data in system).
Regarding claim 3, the combination of Yanacek and Odenheimer discloses wherein each of the plurality of service providers has a different access policy (Yanacek, column 9, lines 27-37, application providers create delegation profiles).
Regarding claim 4, the combination of Yanacek and Odenheimer discloses wherein: the client user is one of a plurality of client users associated with the client; and at least two of the plurality of client users have different access policies for the service provider (Yanacek, column 19, lines 54-64, different delegation policy).
Regarding claim 5, the combination of Yanacek and Odenheimer discloses wherein: the client process is one of a plurality of client processes associated with the client; and at least two of the plurality of client processes have different access policies for the service provider (Yanacek, column 19, lines 54-64, different delegation policy).
Regarding claim 6, the combination of Yanacek and Odenheimer discloses registering, by the processor, the service provider, the registering comprising establishing the central authority as an authentication and access authority for the service provider (Yanacek, column 19, lines 54-56, application provider establishes delegation policies).
Regarding claim 7, the combination of Yanacek and Odenheimer discloses establishing, by the processor, the access policy (Yanacek, column 4, lines 23-32, delegation service maintains delegation policies).
Regarding claim 8, the combination of Yanacek and Odenheimer discloses wherein establishing the access policy includes specifying at least one policy rule (column 19, lines 42-45, different authorizations) and at least one allowed client user and/or at least one allowed client process (Yanacek, column 19, lines 42-45, different application clients).
Regarding claim 9, the combination of Yanacek and Odenheimer discloses wherein the evaluating includes determining that the at least one of the client user and the client process is an allowed client user and/or an allowed client process as specified by the access policy (Yanacek, column 5, lines 8-17, specific client application).
Regarding claim 10, the combination of Yanacek and Odenheimer discloses wherein the evaluating includes determining that the client complies with at least one policy rule as specified by the access policy (Yanacek, column 5, lines 8-17, access operations).
Regarding claim 11, the combination of Yanacek and Odenheimer discloses wherein the client is further configured to provide the credential in the subsequent request to the service (Yanacek, column 19, lines 34-38, subsequent access requests include same delegated access credential).
Regarding claim 13, Yanacek discloses a system for authenticating a client and authorizing the client to access a service of a service provider, comprising: a transceiver configured to communicate with a client and a service provider (column 4, lines 23-26, application client and application provider); and a processor in communication with the transceiver, the processor being configured to perform processing comprising: receiving, by the 
Yanacek does not explicitly state in response to the validating, identifying a service provider access key that triggers the service provider to provide the client with access to the service, and sending the message including the service provider access key to the client, wherein the client is configured to provide the service provider access key in a subsequent request to the service.  However, granting additional service-specific access tokens to a user in such a fashion was well known in the art as evidenced by Odenheimer.  Since the inventions encompass the same field of endeavor, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to modify the system of Yanacek by adding the ability for in response to the validating, identifying a service provider access key that triggers the 
Regarding claim 14, the combination of Yanacek and Odenheimer discloses wherein the access request further identifies the service provider from among a plurality of service providers associated with the central authority (Yanacek, column 9, lines 9-19, multiple application providers maintain data in system).
Regarding claim 15, the combination of Yanacek and Odenheimer discloses wherein each of the plurality of service providers has a different access policy (Yanacek, column 9, lines 27-37, application providers create delegation profiles).
Regarding claim 16, the combination of Yanacek and Odenheimer discloses wherein: the client user is one of a plurality of client users associated with the client; and at least two of the plurality of client users have different access policies for the service provider (Yanacek, column 19, lines 54-64, different delegation policy).
Regarding claim 17, the combination of Yanacek and Odenheimer discloses wherein: the client process is one of a plurality of client processes associated with the client; and at least two of the plurality of client processes have different access policies for the service provider (Yanacek, column 19, lines 54-64, different delegation policy).
Regarding claim 18, the combination of Yanacek and Odenheimer discloses wherein the processing further comprises registering the service provider, the registering comprising establishing the central authority as an authentication and access authority for the service provider (Yanacek, column 19, lines 54-56, application provider establishes delegation policies).
Regarding claim 19, the combination of Yanacek and Odenheimer discloses wherein the processing further comprises establishing the access policy (Yanacek, column 4, lines 23-32, delegation service maintains delegation policies).
Regarding claim 20, the combination of Yanacek and Odenheimer discloses wherein establishing the access policy includes specifying at least one policy rule (column 19, lines 42-45, different authorizations) and at least one allowed client user and/or at least one allowed client process (Yanacek, column 19, lines 42-45, different application clients).
Regarding claim 21, the combination of Yanacek and Odenheimer discloses wherein the evaluating includes determining that the at least one of the client user and the client process is an allowed client user and/or an allowed client process as specified by the access policy (Yanacek, column 5, lines 8-17, specific client application).
Regarding claim 22, the combination of Yanacek and Odenheimer discloses wherein the evaluating includes determining that the client complies with at least one policy rule as specified by the access policy (Yanacek, column 5, lines 8-17, access operations).
Regarding claim 23, the combination of Yanacek and Odenheimer discloses wherein the client is further configured to provide the credential in the subsequent request to the service (Yanacek, column 19, lines 34-38, subsequent access requests include same delegated access credential).

Conclusion
12.	Any inquiry concerning this communication or earlier communications from the examiner should be directed to Victor Lesniewski whose telephone number is (571)272-2812.  The examiner can normally be reached on Monday thru Friday, 9am to 5pm.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Carl Colin can be reached on 571-272-3862.  The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system.  Status information for published applications may be obtained from either Private PAIR or Public PAIR.  Status information for unpublished applications is available through Private PAIR only.  For more information about the PAIR system, see https://ppair-my.uspto.gov/pair/PrivatePair. Should you have questions on access to the Private PAIR system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative or access to the automated information system, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.




/Victor Lesniewski/Primary Examiner, Art Unit 2493