DETAILED ACTION

Claims 1-20 are presented for examination.

Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .


Information Disclosure Statement

The information disclosure statements (IDS) submitted on 06/11/2019 was filed before the first office action on the merits. The submission is in compliance with the provisions of 37 CFR 1.97. Accordingly, the information disclosure statement is being considered by the examiner.

	
	Notice of Pre-AIA  or AIA  Status

The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA . 
In the event the determination of the status of the application as subject to AIA  35 U.S.C. 102 and 103 (or as subject to pre-AIA  35 U.S.C. 102 and 103) is incorrect, any 

Claim Rejections - 35 USC § 103

The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102 of this title, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains.  Patentability shall not be negated by the manner in which the invention was made.


Claims1-20 are rejected under 35 U.S.C. 103 as being unpatentable over Nair et al. (US Patent Application No. 20200204542) (Hereinafter Nair) in view of Smith et al. (US Patent Application No. 20200084202) (Hereinafter Smith).

	
Nair disclose a computer-implemented method, comprising: 
monitoring, by one or more processors of a shared computing environment, issuance of access tokens by one or more applications (fig 5, para 13, 40, first application retrieves a token issued by a token provider); 
determining, by the one or more processors, that a portion of the issued access tokens comprise a set of access tokens that provide access to an application provided 
generating, by the one or more processors, a super token, wherein the generating comprises mapping the super token to the set of access tokens (fig 5, para 41, application session may generate a master token that the token engine  maps to or associates with the first token); 
storing, by the one or more processors, the super token in a repository (fig 5, para 32, the token database 194 may store tokens (e.g., master tokens and associated child tokens); and 
providing, by the one or more processors, the super token to authorized users requesting access to the application (fig 5, para 41, application session may generate a master token that the token engine  maps to or associates with the first token). Nair does not explicitly disclose shared computing environment such as Blockchain technology is in the shared-computing platform. However, Smith discloses shared computing environment (para 152,153). It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to combine the teachings of Nair and Smith. The motivation would have been to build the network that provide endpoint security solutions (both hardware and software based). 
 
As per claim 2, claim is rejected for the same reasons as claim 1, above. In addition, Smith discloses wherein the application provided as a service in the shared computing environment comprises a microservice (para 164, microservice based architecture). 

As per claim 3, claim is rejected for the same reasons as claim 1, above. In addition, Smith discloses wherein the set of access tokens comprises a minimum viable set of access tokens (para 160, tokens are associated expiration) required for the microservice to function for all designed purposes (para 219, microservices by ensuring that client applications provide valid access tokens). 

As per claim 4, claim is rejected for the same reasons as claim 1, above. In addition, Smith  discloses  further comprising: evaluating, by the one or more processors, each access token of the set of access tokens to determine validity of each token (para 33, validity of the token); and
 based on determining that one or more access tokens of the set of access tokens are invalid, refreshing, by the one or more processors, the one or more access tokens (para 33, where expiry of the token may trigger a re-attestation and subsequent re-issuance of the attestation token); and 
updating, by the one or more processors, the mapping (information associated with the token, para 218-219) to include the refreshed one or more access tokens and to exclude the invalid one or more access tokens (para 219, update the token). 

As per claim 5, claim is rejected for the same reasons as claim 1, above. In addition, Nair discloses  wherein the generating further comprises enriching the super token with elements to map the super token to the set of access tokens, the elements selected from the group comprising data, metadata, and pointers (fig 5, para 41, generate a master token that the token engine  maps to or associates with the first token). 

As per claim 6, claim is rejected for the same reasons as claim 1, above. In addition, Nair discloses further comprising: storing, by the one or more processors, the elements in the repository (fig 5. Para 40, token related information stored to map the tokens); and 
utilizing, by the one or more processors, the elements to facilitate linkages between the super token and the set of access tokens (fig 5, para 41, application session may generate a master token that the token engine maps to or associates with the first token, mapping requires linkage). 

As per claim 7, claim is rejected for the same reasons as claim 1, above. In addition, Smith discloses wherein the elements are selected from the group consisting of: time of capture, user, expiration date, data identifying validity, and term of validity (para 33, period of validity for the token, token metadata). 

As per claim 8, claim is rejected for the same reasons as claim 1, above. In addition, Nair discloses  wherein the mapping comprises mapping the super token to a predefined external application programming interface to access the set of access tokens (fig 5, para 41, application session may generate a master token that the token engine  maps to or associates with the first token). 

As per claim 9, claim is rejected for the same reasons as claim 1, above. In addition, Nair discloses  wherein the mapping comprises mapping the super token to the set of access tokens, wherein the set of access tokens was created by a user (fig 5, para 41, application session may generate a master token that the token engine  maps to or associates with the first token). 

As per claim 10, claim is rejected for the same reasons as claim 1, above. In addition, Smith discloses wherein the evaluating comprises continuously evaluating based on running an auto-discovery microservice in the shared computing environment (para 186, discovery process or is provisioned). 

As per claim 11, claim is rejected for the same reasons as claim 1, above. In addition, Smith discloses, wherein the monitoring the issuance of access tokens (para 33) is based on running the auto-discovery microservice in the shared computing environment (para 186, discovery process or is provisioned). 

As per claim 12, claim is rejected for the same reasons as claim 1, above.

As per claim 13, claim is rejected for the same reasons as claims 12 and 2, above.

As per claim 14, claim is rejected for the same reasons as claims 12 and 3, above.
As per claim 15, claim is rejected for the same reasons as claims 12 and 4, above.

As per claim 13, claim is rejected for the same reasons as claims 12 and 5, above.

As per claim 13, claim is rejected for the same reasons as claims 12 and 6, above.

As per claim 13, claim is rejected for the same reasons as claims 12 and 7, above.

As per claim 13, claim is rejected for the same reasons as claims 12 and 8, above.

As per claim 20, claim is rejected for the same reasons as claim 1, above.


Conclusion

Please see the attached PTO-892 for the prior art made of record and not relied upon is considered pertinent to applicant's disclosure. 
Any inquiry concerning this communication or earlier communications from the examiner should be directed to MOHAMMAD A SIDDIQI whose telephone number is (571)272-3976.  The examiner can normally be reached on Monday-Friday.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Carl G Colin can be reached on 571-272-3862.  The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system.  Status information for published applications may be obtained from either Private PAIR or Public PAIR.  Status information for unpublished applications is available through Private PAIR only.  For more information about the PAIR system, see https://ppair-my.uspto.gov/pair/PrivatePair. Should you have questions on access to the Private PAIR system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative or access to the automated information system, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.