Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .


Claim Rejections - 35 USC § 103
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.


Claims 1, 4, 5, 9, 10 , 11, 14, 17 is/are rejected under 35 U.S.C. 103 as being unpatentable over Jeong US 2016/0241405 in view of Hagmeier US 2006/0264202.


As per claim 1. Jeong teaches One or more non-transitory computer-readable media storing computer-executable instructions of a server application that upon execution cause one or more processors to perform acts comprising: receiving, at the server application, an application instance public key of a client application instance, the application instance public key belonging to an application instance public-private key pair of the client application instance; generating, at the server application, an authentication token request that includes the application instance public key of the client application instance and is signed with a server application private key of a server application public-private key pair that belongs to the server application; and sending, 

Hagmeier teaches ; generating, at the server application, an authentication token request that includes the application instance public key of the client application instance and is signed with a server application private key of a server application public-private key pair that belongs to the server application; [0049]  (Hagmeier teaches sending on a request from a server that is additionally signed, thus 2 digital signatures are added to the certificate request).
It would have been obvious to use the system of Hagmeier with Jeong because it provides additional security.As per claim 4. Jeong teaches The one or more non-transitory computer-readable media of claim 1, wherein the authentication token includes the application instance public key of the client application instance and is signed with an identity provider private key of an identity provider public-private key pair that belongs to the authentication token provider.  [0055][0057]  (certificate signed by CA, and includes public key)As per claim 5. Jeong teaches The one or more non-transitory computer-readable media of claim 4, wherein the authentication token is used by the client application instance to obtain a secure service from a secure service provider. [0072][0074] (certificate is presented to obtain services)As per claim 9. Jeong teaches A computer-implemented method, comprising: receiving, at an authentication token provider, an authentication token request from a server application, the authentication token request including an application instance public key of an application instance public-private key pair that belongs to a client application instance, and is signed with a server application private key of a server application public-private key pair that belongs to the server application; validating, at the authentication token provider, the authentication token request via a server application public key of the server application public-private key pair; in response to determining that the authentication token request is valid, sending from the authentication token provider to the server application an authentication token that includes the application instance public key of the client application instance; and in response to determining 

Hagmeier teaches ; validating a request is valid via a server application public key of the private key pair and in response to determining the request is invalid sending a denial of the authentication token request; [0049]  (Hagmeier teaches sending on a request from a server that is additionally signed, thus 2 digital signatures are added to the certificate request, and validated in order to grant or deny service).
It would have been obvious to use the system of Hagmeier with Jeong because it provides additional security.As per claim 10. Jeong teaches The computer-implemented method of claim 9, wherein the authentication token is signed with an identity provider private key of an identity provider public-private key pair that belongs to the authentication token provider. [0055][0057]  (certificate signed by CA, and includes public key)As per claim 11. Hagmeier teaches The computer-implemented method of claim 10, further comprising signing the authentication token, the signing including: calculating, at the server application, a digital signature for at least a body of the authentication token that includes the application instance public key of the client application instance, the digital signature being 



It would have been obvious to use the system of Hagmeier with Jeong because it provides additional security.



Claims 2, 3 13, 18, 19 is/are rejected under 35 U.S.C. 103 as being unpatentable over Jeong US 2016/0241405 in view of Hagmeier US 2006/0264202 in view of Everett US 6,328,217.
As per claim 2.  Everett teaches The one or more non-transitory computer-readable media of claim 1, wherein the acts further comprise sending a server application public key of the server application public-private key pair to the authentication token provider during a registration of the server application with the authentication token provider. (Column 6 lines 19-25)
Jeong teaches registration with the token provider [0049][0050]

It would have been obvious at the time the invention was filed to use the registration of Everett with the previous combination because it improves security.
As per claim 3. Hagmeier teaches The one or more non-transitory computer-readable media of claim 2, wherein the acts further comprise signing the authentication token request, the signing including: calculating, at the server application, a digital signature for at least a body of the authentication token request that includes the application instance public key of the client application instance, the digital signature being verified by the authentication token provider via the server application public key to validate the authentication token request. [0049]  (verifies double signature)
As per claim 13. Everett teaches The computer-implemented method of claim 9, further comprising receiving the server application public key from the server application during a registration of the server application with the authentication token provider. (Column 6 lines 19-25) 
Jeong teaches registration with the token provider [0049][0050]
As per claim 18. Everett teaches The server of claim 17, wherein the actions further comprise sending a server application public key of the server application public-private key pair to the authentication token provider during a registration of the server application with the authentication token provider. (Column 6 lines 19-25)
Jeong teaches registration with the token provider [0049][0050]

As per claim 19.  Hagmeier teaches The server of claim 18, wherein the acts further comprise signing the authentication token request, the signing including: calculating, at the server application, a digital signature for at least a body of the authentication token request that includes the application instance public key of the client application instance, the digital signature being decrypted by the authentication token provider via the server application public key to validate the authentication token request. [0049]  (verifies double signature)

Claims 6, 12, 20 is/are rejected under 35 U.S.C. 103 as being unpatentable over Jeong US 2016/0241405 in view of Hagmeier US 2006/0264202 in view of Hamber US 2003/0120610.

As per claim 6. Hamber teaches The one or more non-transitory computer-readable media of claim 5, wherein the secure service provider is in possession of an identity provider public key that is a counterpart to the identity provider private key of the authentication token provider, and wherein the identity provider public key is used by the secure service provider to validate the authentication token for providing the secure service to the client application instance. [0066][0067] (teaches authentication of certificate with public key)
It would have been obvious to one of ordinary skill in the art at the time the invention was filed to use the system of Hamber with the previous combination because using local encryption keys is more efficient.

As per claim 12. Hamber teaches The computer-implemented method of claim 11, wherein the digital signature is verified with the identity provider public key by the secure service provider to validate the authentication token. [0066][0067] (teaches authentication of certificate with public key)
As per claim 20. Hamber teaches The server of claim 17, wherein the authentication token includes the application instance public key of the client application instance and is signed with an identity provider private key of an identity provider public-private key pair that belongs to the authentication token provider, and wherein the secure service provider is in possession of an identity provider public key that is a counterpart to the identity provider private key of the 


Claims 7, 15 is/are rejected under 35 U.S.C. 103 as being unpatentable over Jeong US 2016/0241405 in view of Hagmeier US 2006/0264202 in view of Jerdonek US 6,983,381.

As per claim 7. Jerdonek teaches The one or more non-transitory computer-readable media of claim 5, wherein the authentication token is used in combination with an additional token that is signed with an application instance private key of the application instance public-private key pair that belongs to the client application instance to obtain the secure service from the secure service provider. (Column 7 lines 5-40) (sends signed OTP and certificate to the server in order to be authenticated)
It would have been obvious to one of ordinary skill in the art at the time the invention was filed to use the tokens of Jerdonek with the previous system because it improves security.

As per claim 15. Jerdonek teaches The computer-implemented method of claim 14, wherein authentication token is used in combination with an additional token that is signed with an application instance private key of the application instance public-private key pair that belongs to the client application instance to obtain the secure service from the secure service provider. (Column 7 lines 5-40) (sends signed OTP and certificate to the server in order to be authenticated)

Claims 8, 16 is/are rejected under 35 U.S.C. 103 as being unpatentable over Jeong US 2016/0241405 in view of Hagmeier US 2006/0264202 in view of Tran US 10,735,425

As per claim 8. Tran teaches The one or more non-transitory computer-readable media of claim 5, wherein the authentication token is further encapsulated in a nested token that is signed with an application instance private key of the application instance public-private key pair that belongs to the client application instance. (Column 3 line 62 to Column 4 line 11, Column 6 lines 8-27)  (teaches the authentication token is encapsulated in further tokens/signatures from applications)
It would have been obvious to one of ordinary skill in the art at the time the invention was filed to use the nested token of Tran with the prior system because it increases security 
As per claim 16. Tran teaches The computer-implemented method of claim 14, wherein the authentication token is further encapsulated in a nested token that is signed with an application instance private key of the application instance public-private key pair that belongs to the client application instance. (Column 3 line 62 to Column 4 line 11, Column 6 lines 8-27)  (teaches the authentication token is encapsulated in further tokens/signatures from applications)


Conclusion

Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Luu Pham can be reached on (571) 270-5002.  The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system.  Status information for published applications may be obtained from either Private PAIR or Public PAIR.  Status information for unpublished applications is available through Private PAIR only.  For more information about the PAIR system, see https://ppair-my.uspto.gov/pair/PrivatePair. Should you have questions on access to the Private PAIR system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative or access to the automated information system, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.






/CHRISTOPHER J BROWN/Primary Examiner, Art Unit 2439