DETAILED ACTION
Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .

Continued Examination Under 37 CFR 1.114
A request for continued examination under 37 CFR 1.114, including the fee set forth in 37 CFR 1.17(e), was filed in this application after final rejection.  Since this application is eligible for continued examination under 37 CFR 1.114, and the fee set forth in 37 CFR 1.17(e) has been timely paid, the finality of the previous Office action has been withdrawn pursuant to 37 CFR 1.114.  Applicant's submission filed on 02/12/2021 has been entered.
 
Response to Amendment
The amendment filed on 02/12/2021 has been entered and fully considered.

EXAMINER’S AMENDMENT
An examiner’s amendment to the record appears below. Should the changes and/or additions be unacceptable to applicant, an amendment may be filed as provided by 37 CFR 1.312. To ensure consideration of such an amendment, it MUST be submitted no later than the payment of the issue fee.
Authorization for this examiner’s amendment was given in an electronic communication with James M. Nachtwey (Registration Number 71,524) on March 10, 2021.

Please replace the claims as follows:


storing, by one or more nodes in a cluster, a list of revoked security tokens; 
receiving, by the one or more nodes, an indication of invalidating a user security token associated with a user device, wherein: 
the user security token is generated by the one or more nodes in the cluster in response to starting a session between the user device and the cluster, the session including requests from the user device to the one or more nodes in the cluster, the user security token being used by the one or more nodes to verify the requests; and
the indication is sent by the user device immediately after the user device stops using the user security token at end of the session; and
in response to the receiving, adding, by the one or more nodes, the user security token to the list of revoked security tokens[[.]], the user security token being encrypted using an authenticated encryption;
upon a restart of the cluster, generating, by the one or more nodes, a key to be used for the authenticated encryption, the key being generated based on a shared secret between the one or more nodes of the cluster.

7. (Canceled) 

8. (Canceled) 

9. (Canceled) 

      10. (Currently Amended) The method of claim [[7]]1, further comprising upon the restart of the cluster, invalidating, by the one or more nodes, previously issued user security tokens. 

    11. (Currently Amended) A system for invalidating user security tokens, the system comprising a cluster including one or more nodes comprising a processor and a memory being configured to store programmable instructions, wherein upon executing by the processor the programmable instructions, the one or more nodes are configured to: 
store a list of revoked security tokens; 

the user security token is generated by the one or more nodes in the cluster in response to starting a session between the user device and the cluster, the session including requests from the user device to the one or more nodes in the cluster, the user security token being used by the one or more nodes to verify the requests; and
the indication is sent by the user device immediately after the user device stops using the user security token at end of the session; and
in response to the receiving the indication, add, by the one or more nodes, the user security token to the list of revoked security tokens[[.]], the user security token being encrypted using an authenticated encryption;
upon a restart of the cluster, generating, by the one or more nodes, a key to be used for the authenticated encryption, the key being generated based on a shared secret between the one or more nodes of the cluster.
  

17. (Canceled) 

18. (Canceled) 

19. (Currently Amended) The system of claim [[17]]11, wherein, upon the restart of the cluster, the one or more nodes are further configured to invalidate previously issued security tokens. 

20. (Currently Amended) A non-transitory computer-readable storage medium having embodied thereon instructions, which when executed by at least one processor, perform steps of a method, the method comprising:
storing, by one or more nodes in a cluster, a list of revoked security tokens; 
receiving, by the one or more nodes, an indication of invalidating a user security token associated with a user device, wherein:
the user security token is generated by the one or more nodes in the cluster in response to starting a session between the user device and the cluster, the session including requests 
the indication is sent by the user device immediately after the user device stops using the user security token at end of the session; and
in response to the receiving the indication, adding, by the one or more nodes, the user security token to the list of revoked security tokens[[.]], the user security token being encrypted using an authenticated encryption;
upon a restart of the cluster, generating, by the one or more nodes, a key to be used for the authenticated encryption, the key being generated based on a shared secret between the one or more nodes of the cluster.

Allowable Subject Matter
Claims 1-6, 10-16 and 19-20 are allowed.
The following is a statement of reasons for the indication of allowable subject matter:  In interpreting the currently amended claims, in light of the specification as well arguments presented in the responses to the Office actions, the Examiner finds the claimed invention to be patentably distinct from the prior art of record.

Nagasundaram, U.S. Pub. Number 2015/0112870 A1, teaches a transaction token may be de-authorized or revoked so that the transaction token may not be used in the future. And the de-authorization could include inputting a data value into the transaction token format that informs downstream entities that the token has been de-authorized or is invalid. Alternatively, a message could be sent to the token issuer or token verifier to de-authorize the transaction token or to include the transaction token on a blacklist or revocation list.



Newly cited reference, Fu et al., U.S. Pub. Number 2003/0037234 A1, teaches centralizing a certificate revocation list (CRL) in a certificate authority cluster of servers. 

Newly cited reference, Karangutkar et al., U.S. Pub. Number 2017/0353444 A1, teaches the authentication token is associated with a log-on session; and the authentication token is invalidated when the log-on session ends. 

Although, the combination of all the references above discloses a methods and systems to invalidate a token using a revocation list for authentication within a cluster. What is missing from the prior art is a teaching, motivation, or suggestion to receive an indication of invalidating a user security token associated with a user device and a indication is sent by the user device immediately after the user device stops using the user security token at end of the session; and in response to the receiving the indication, add, by the one or more nodes, the user security token to the list of revoked security tokens, the user security token being encrypted using an authenticated encryption; upon a restart of the cluster, generating, by the one or more nodes, a key to be used for the authenticated encryption, the key being generated based on a shared secret between the one or more nodes of the cluster, without the usage of impermissible hindsight reasoning. 
	Thus the prior art, when taken individually or in combination, does not fairly teach or suggest the limitations as a whole set forth in claims 1, 11, and 20, and thus these claims are considered 
Any comments considered necessary by applicant must be submitted no later than the payment of the issue fee and, to avoid processing delays, should preferably accompany the issue fee.  Such submissions should be clearly labeled “Comments on Statement of Reasons for Allowance.”
Any inquiry concerning this communication or earlier communications from the examiner should be directed to VU V TRAN whose telephone number is (571)270-1708.  The examiner can normally be reached on M-F, 8 AM- 4 PM.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Ashok Patel can be reached on 571-272-3972.  The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system.  Status information for published applications may be obtained from either Private PAIR or Public PAIR.  Status information for unpublished applications is available through Private PAIR only.  For more information about the PAIR system, see http://pair-direct.uspto.gov. Should you have questions on access to the Private PAIR system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative or access to the automated information system, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.
/VU V TRAN/Examiner, Art Unit 2491                                                                                                                                                                                                        
/ALEXANDER LAGOR/Primary Examiner, Art Unit 2491