Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .  

Second Non-Final Office Action
	This is a second non-final office action because Official Notice has been added to the claim rejections. 
Response to Amendment
This communication is in response to the amendment filed on 03/16/2021. The Examiner acknowledges amended claims 1-24. No claims have been cancelled or added. Claims 1-24 are pending and claims 1-24 are rejected.  Claims 1 and 17 is/are independent. 
Claim 13 has been amended without the proper claim underlining and strike-through or double brackets. For example, the previous version of the claim from July 6, 2020 included "hypertext transfer protocol-formatted request", which is not presented with strike-through in this set of updated claims. The new text of "API request" is not underlined. Examiner reminds applicant to include proper underlining and strike-through or double brackets.
Applicant's arguments/amendments have bee fully considered, but are moot in view of the new grounds of rejection. Applicant's amendments have necessitated new grounds of rejection.	
	
Response to Arguments
Applicant's arguments filed 03/16/2021 have been fully considered but they are moot in view of the new ground(s) of rejection.  Applicant argues (see pages 13-14 of Applicant's Remarks) that: 
Starosielsky refers to systems and methods for managing a personal data store for binding one or more identities of different types associated with a user. Starosielsky, Abstract. 

The trust system 20 can include various processes and techniques to safeguard the integrity and provenance of the attributes in the personal data store. For integrity, the trust system 20 has the Attribute Provider 58, i.e., the source of the attribute, add a signature to a payload that is inclusive of the attribute content. This can prevent tampering of the attribute value. Similarly, transactions involving input and output attributes are signed by the attribute provider to allow verification of provenance, which is a guide to authenticity or quality of the attribute. As described herein, an attribute is some form of data related to the user's identity. 
Starosielsky fails to disclose "determining whether data extracted from a non-pre- defined portion of an API request indicates a compromised API communication made by an unregistered network resource." Starosielsky does not describe what happens when a payload is received. 
For at least these reasons, amended claim 1 is distinguishable from Hazel and Starosielsky, and Applicant respectfully requests that the rejection of claim 1 be withdrawn and the claim allowed. Independent claim 17 includes recitations similar to  
those discussed above with respect to amended independent claim 1 and is allowable over Hazel and Starosielsky for reasons similar to those given above with respect to amended independent claim 1. 
Resch, Stone, Xu, Byers, Pan, Kosuga, Chu, Dill, and Salama also similarly fail to disclose or suggest "determining whether data extracted from a non-pre-defined portion of an API request indicates a compromised API communication made by an unregistered network resource," as recited in amended independent claim 1. 
Claims 2-16 and 18-24 depend from independent claims 1 and 17 and are allowable for at least the reason that they depend from an allowable claim. 


However, Liebl et al. U.S. Publication 20150288694 (hereinafter “Liebl”) teaches extracting signatures from a payload and verifying the extracted signatures (see Liebl para. 5).
Regarding applicant’s arguments with respect to corresponding independent claim 17, applicant’s amendments to the independent claims have necessitated a new ground of rejection with respect to the independent claims, thereby rendering applicant’s arguments moot. 
Regarding applicant’s arguments with respect to dependent claims 2-16 and 18-24, applicant’s amendments to the independent claims have necessitated a new ground of rejection with respect to the independent claims from which the dependent claims depend, thereby rendering applicant’s arguments moot. 
Accordingly, Applicant's argument is moot in view of the new ground(s) of rejection.
Claim Rejections - 35 USC § 103
	The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.

	The factual inquiries set forth in Graham v. John Deere Co., 383 U.S. 1, 148 USPQ 459 (1966), that are applied for establishing a background for determining obviousness under 35 U.S.C. 103 are summarized as follows:
1. Determining the scope and contents of the prior art.
2. Ascertaining the differences between the prior art and the claims at issue.
3. Resolving the level of ordinary skill in the pertinent art.
4. Considering objective evidence present in the application indicating obviousness or nonobviousness.
	
	This application currently names joint inventors. In considering patentability of the claims the examiner presumes that the subject matter of the various claims was commonly owned as of the effective filing date of the claimed invention(s) absent any evidence to the contrary.  Applicant is advised of the obligation under 37 CFR 1.56 to point out the inventor and effective filing dates of each claim that was not commonly owned as of the effective filing date of the later invention in order for the examiner to consider the applicability of 35 U.S.C. 102(b)(2)(C) for any potential 35 U.S.C. 102(a)(2) prior art against the later invention.

Claims 1, 10-13, 16-17, and 22-24 is/are rejected under 35 U.S.C. 103 as being unpatentable over Hazel et al. U.S. Patent No. 8355982 (hereinafter “Hazel”) in view of Starosielsky et al. U.S. Publication 20170237717 (hereinafter “Starosielsky”), further in view of Liebl et al. U.S. Publication 20150288694 (hereinafter “Liebl”), further in view of Official Notice.
As per claim 1, Hazel discloses a non-transitory computer readable medium including instructions that, when executed by at least one processor, cause the at least one processor to perform operations for identifying potentially compromised cloud-based access information, the operations comprising:
(See Hazel 
Hazel 77:18-21 “Computing system 900 can also include a main memory 908, preferably random access memory (RAM) …. for storing .. instructions to be executed by processor 904.”
Hazel 77:42-45 “information storage mechanism 910 [non-transitory computer readable medium] ….for allowing computer programs …instructions .. to be loaded into computing system 900.”
Hazel 29:29-36 “FIG. 7 ,…..authentication of the token 111 by detecting a signature associated with the data of that token. ….determine the signature of the token data which can be compared to a known signature for a given token to determine whether the token is authentic” [operations for identifying potentially compromised cloud-based access information].
)

providing a unique signature for insertion into application programming interface (API) communications to be sent from a network resource to a cloud application executable in a cloud environment, wherein the unique signature is associated with an access token that a particular identity can use to request access to the cloud application;
(

It is common knowledge in the art for distinct entities to rely on API communications to simplify/standardize how an entity can request services from another entity over a network.  Examiner takes Official Notice that distinct entities rely on API communications to simplify/standardize how an entity can request services from another entity over a network.  
It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to have modified Hazel to utilize API communications. A person having ordinary skill in the art would have been motivated to do so to enable communication for invoking operations at the server, for communications between the merchant terminal and a cloud server. The servers in the cloud must provide an interface for the merchant terminals to communicate with the servers to invoke operations with the servers, and the merchant terminals would be programmed to communicate with the servers via the interface of the servers. Thus, the use of API communications is applicable to the credit card transactions which involve merchant terminals or other computer communicating with the cloud network for processing credit card payments]
See Hazel 
31:59-61 “encrypted token data is packaged with the encrypted signature to allow these items to be provided for transaction processing” 
[unique signature is associated with an access token; unique signature for insertion into application programming interface (API) communications; transaction = application programming interface (API) communication].
Hazel 22:14-23 “access mechanisms … including, for example, an XML API that provides an interface for entities to extract critical reporting information from the secure transaction module. The reporting data available through the API can include information such as: vital statistics for the terminals, the security integrity of the terminals.” 
Hazel 70:33-38 “FIG. 37 …transaction-processing environment…gateway 120 is illustrated as receiving transactions from one or more terminals 114 [sent from a network resource] and appropriately routing the transactions to a transaction-processing network 123 “[cloud application executable in a cloud environment disclosed by gateway 120 and transaction-processing network 123].
Hazel 15:18-27 “the terminal 114 [network resource] can…be a card swipe terminal …. .. …. a token reader . computing device for.. internet purchases or for online banking.”
8:61-63 “in such a transaction network, the customer utilizes a charge card, credit card, debit card or other token as a symbol of his or her identity,”
See also 10:18-25 for examples of terminals which are network resources
Hazel 36:48-55 “... identify potentially fraudulent activities. … time stamp information in a transaction can be compared …. And out-of-date transactions rejected”
Hazel 29:31-35 “determine the signature of the token data which can be compared to a known signature for a given token”
[an access token that a particular identity can use to request access to the cloud application is disclosed since the tokens are used to request completion of a transaction in the cloud and the transaction can be rejected when fraudulent token/transaction is detected. When rejected, the user will not be able to access their account]
)

accessing a log associated with the cloud environment, the log identifying a first API communication sent to the cloud environment from the network resource;
(See Hazel 72:43-63
audit log ….. a transaction-by-transaction log of transactions occurring in real time or near real time. … a report such as this can be provided to an issuing bank for each transaction [API communication = transaction] involving an issuing bank's tokens [accessing a log]. …. A report can be provided to a merchant showing the merchant a log of transactions for that merchant's terminals [log of transactions = log identifying a first API communication sent to the cloud environment]. As a further example, a similar report can be provided to a cardholder illustrating a transaction log for that cardholder's bank card. Depending on the token network [cloud environment] and recipient of the report, the various elements illustrated in the report may or may not be provided to each of these entities. ….depending on the transaction process and environment to provide the merchant with the.., a gateway identification [cloud environment].”
Hazel 70:33-38 ‘FIG. 37 … gateway 120 is illustrated as receiving transactions from one or more terminals 114 and appropriately routing the transactions to a transaction-processing network 123” 
[first API communication sent to the cloud environment from the network resource].
)

identifying, from within the first API communication, the unique signature and the access token;
(See 
Hazel 31:59-61 “encrypted token data is packaged with the encrypted signature to allow these items to be provided for transaction processing.”
Hazel 31:25-29
“the token signature can also be detected and checked against a known or verified signature for that token to determine whether the token is an authentic token or whether it may be a fraudulent token such as, for example, a copy of the original token.”

“….. a transaction-by-transaction log of transactions occurring in real time or near real time. … a report such as this can be provided to an issuing bank for each transaction [API communication = transaction] involving an issuing bank's tokens…”
)

accessing a trusted validation resource storing signature information associated with the access token;
(See Hazel 32:64-65
“signature verifications can be accomplished in a single or separate location with a signature database” [trusted validation resource = signature database; accessing a trusted validation resource]
Hazel 29:47-48 “maintain a database or other infrastructure to support authentication of a large number of signatures.”
Hazel 31:25-27
“the token signature can also be detected and checked against a known or verified signature for that token”
)

determining, based on the trusted validation resource, whether the unique signature is valid; and
determining, based on whether the unique signature is valid, whether the access token is potentially compromised
(See Hazel 29:29-36

Hazel 32:64-65
“signature verifications can be accomplished in a single or separate location with a signature database” [trusted validation resource = signature database; accessing a trusted validation resource]
Hazel 31:25-29
“the token signature can also be detected and checked against a known or verified signature for that token to determine whether the token is an authentic token or whether it may be a fraudulent token [potentially compromised] such as, for example, a copy of the original token.”
Hazel 30:64-65 “a “fingerprint” or signature associated with the token can be used to authenticate the token.”
)

	However, Hazel does not expressly disclose the unique signature is inserted during execution of the cloud application which is an existing API architecture, and the unique signature is not a pre-defined portion of the API communications; .
determining whether data extracted from a non-pre-defined portion of an API request indicates a compromised API communication made by an unregistered network resource, comprising:

Starosielsky discloses
the unique signature is inserted during execution of the cloud application which is an existing API architecture, and the unique signature is not a pre-defined portion of the API communications; 
(See Starosielsky Para. [0108]
‘…. trust system 20 has the Attribute Provider 58, i.e., the source of the attribute, add a signature to a payload that is inclusive of the attribute content. This can prevent tampering of the attribute value. Similarly, transactions involving input and output attributes are signed by the attribute provider to allow verification of provenance, which is a guide to authenticity or quality of the attribute. …..’ [Adding the signature to the payload, the payload is not specifically predefined field for signature; it’s merely payload area;]
Starosielsky [0109]
‘……When an output is generated by the Attribute Provider 58, a transaction is generated containing all inputs, all outputs, and descriptive information about the Attribute Provider 58's process. That transaction can be signed using the Attribute Provider 58's private key. ….‘
Starosielsky [0031]
‘….caching of information from the Attribute Providers 58 can be done in the cloud resources 52 for agility in information exchanges. ‘
Starosielsky [0037] ‘In some cases, the trust framework system 10, namely the cloud resources 52 and/or the trust system 20 may need to query external information sources/verification systems in the attribute sources 58.’
[See also figure 2 which shows the attribute provider 58 communicating with the cloud 52 that includes the web service API 60]).
It would have been obvious to a person having ordinary skill in the art before the effective filing date of the claimed invention to have modified Hazel with the technique for inserting signature into payload area of Starosielsky to include 
the unique signature is inserted during execution of the cloud application which is an existing API architecture, and the unique signature is not a pre-defined portion of the API communications.
One of ordinary skill in the art would have made this modification to improve the ability of the system to adapt to various communication specifications. A system can transfer signature data to ensure the data has not been tampered with despite the specification of the communication not designating any specific field for signatures. The terminal 114 of the primary reference can be modified to insert signature data into a payload field not specifically designated for signatures.

However, the combination of Hazel and Starosielsky does not expressly disclose determining whether data extracted from a non-pre-defined portion of a request indicates a compromised communication made by an unregistered network resource, comprising:
Liebl discloses determining whether data extracted from a non-pre-defined portion of a request indicates a compromised communication made by an unregistered network resource, comprising:
(See Liebl
[0005] ‘receiving, from a credential application executing on a user device of the user, an encrypted payload that includes a plurality of signature entries, ……; obtaining results of a verification by successively verifying each of the plurality of signature entries until a scoring threshold associated with the resource is at least met;..’ 
).
It would have been obvious to a person having ordinary skill in the art before the effective filing date of the claimed invention to have modified the combination of Hazel and Starosielsky with the technique for extracting a signature from a payload and verifying the extracted signature of Liebl to include determining whether data extracted from a non-pre-defined portion of a request indicates a compromised communication made by an unregistered network resource, comprising: 
One of ordinary skill in the art would have made this modification to improve the ability of the system to detect compromised signatures in communications. The terminal or gateway of the system of the Hazel primary reference can be modified to perform the technique of verifying a signature extracted from a payload as taught in the Liebl reference. Furthermore, the Hazel primary reference discloses a process for accessing a database to retrieve token signature information to determine whether there is a compromised token, as argued above with respect to the Hazel primary reference. This Hazel process can be modified to incorporate the teaching of the technique for extracting and analyzing a signature from a payload as taught in the Liebl reference.
	
As per claim 10, the rejection of claim 1 is incorporated herein. 
Hazel in view of Starosielsky in view of Liebl in view of Official Notice discloses wherein the operations further comprise rejecting the first API communication when the access token is potentially compromised.
(See Hazel 32:9-10
“if the signature is not valid the transaction can be disapproved as illustrated by Step 266.”
)

As per claim 11, the rejection of claim 1 is incorporated herein. 
Hazel in view of Starosielsky in view of Liebl in view of Official Notice discloses wherein the operations further comprise generating an alert of potentially malicious activity associated with the access token when the access token is potentially compromised.

see also Hazel 69:55-59 “multiple copies of a token in existence and alert utilized to flag the activity”
see also Hazel 72:25-27
)

As per claim 12, the rejection of claim 1 is incorporated herein. 
Hazel in view of Starosielsky in view of Liebl in view of Official Notice discloses wherein the trusted validation resource is a secure network vault.
(See Hazel 32:35 and 65
“signature verifications can be accomplished in a single or separate location with a signature database”
)

As per claim 13, the rejection of claim 1 is incorporated herein. 
Hazel in view of Starosielsky in view of Liebl in view of Official Notice discloses wherein the unique signature is included in a field of the API request from the network resource to the cloud environment.
(See Hazel 
31:59-61 “encrypted token data is packaged with the encrypted signature to allow these items to be provided for transaction processing” 
[unique signature is associated with an access token; unique signature for insertion into application programming interface (API) communications; transaction = application programming interface (API) communication].
access mechanisms … including, for example, an XML API that provides an interface for entities to extract critical reporting information from the secure transaction module. The reporting data available through the API can include information such as: vital statistics for the terminals, the security integrity of the terminals.” 
[application programming interface (API); the technique of using API communications is applicable to the credit card transactions which involve merchant terminals or other computer communicating with the cloud network for processing credit card payments]
Hazel 70:33-38 “FIG. 37 …transaction-processing environment…gateway 120 is illustrated as receiving transactions from one or more terminals 114 [ from a network resource] and appropriately routing the transactions to a transaction-processing network 123 “[ cloud environment disclosed by gateway 120 and transaction-processing network 123].
)

As per claim 16, the rejection of claim 1 is incorporated herein. 
Hazel in view of Starosielsky in view of Liebl in view of Official Notice discloses wherein the identity is a user account on the network resource.
(See Hazel 47:43-46 “in a step 422 the token data is read. In this example, the token data is the track data from a bank card or other like card. In a step 423 the designated portion of the account number is encrypted.”
Hazel 9:9-12 “examples of token 101 can include a charge card, … or other token that can be used to identify such items as the customers, their account”
)

As per claim 17, the claim(s) is/are directed to a method with limitations which correspond to limitations of claim 1, and is/are rejected for the reasons detailed with respect to 

As per claim 22, the rejection of claim 17 is incorporated herein. 
Hazel in view of Starosielsky in view of Liebl in view of Official Notice discloses automatically generating a forensics report regarding activity associated with the access token when the access token is potentially compromised. 
(See Hazel 
Hazel 72:9-12 “Fraudulent transactions summary report 1204 can be used to report information such as, for example, replay attacks 1220, compromised terminals 1222, and skimmed or unauthenticated cards 1224.”
See also Hazel 72:49-53 “a report such as this can be provided to an issuing bank for each transaction involving an issuing bank's tokens. ..such a report can be provided to a merchant showing the merchant a log of transactions for that merchant's terminals.”
)

As per claim 23, the rejection of claim 22 is incorporated herein. 
Hazel in view of Starosielsky in view of Liebl in view of Official Notice discloses wherein the forensics report is based on data from the log. 
(See Hazel 
72:9-12 “Fraudulent transactions summary report 1204 can be used to report information such as, for example, replay attacks 1220, compromised terminals 1222, and skimmed or unauthenticated cards 1224.”
Hazel 72:13-21 “these various incidents are reported by showing the number of transactions in each category 1226, and the date and time of the last occurrence 1228. Replay attacks 1220 might be used in one embodiment to highlight a situation where previously used token data (for example, credit-card track data) is copied and reused in a subsequent transaction. For example, if a counter value is expected to be incremented and it is not incremented, or if a time stamp is the same as the time stamp in a previous transaction [this is log data].”
See also Hazel 72:49-53 “a report such as this can be provided to an issuing bank for each transaction involving an issuing bank's tokens. As another example, such a report can be provided to a merchant showing the merchant a log of transactions for that merchant's terminals.”
)

As per claim 24, the rejection of claim 22 is incorporated herein. 
Hazel in view of Starosielsky in view of Liebl in view of Official Notice discloses wherein the forensics report is based on data from a secure credential vault.
(See Hazel 
Hazel 72:9-12 “Fraudulent transactions summary report 1204 can be used to report information such as, for example, replay attacks 1220, compromised terminals 1222, and skimmed or unauthenticated cards 1224.”
See also Hazel 72:49-53 “a report such as this can be provided to an issuing bank for each transaction involving an issuing bank's tokens. As another example, such a report can be provided to a merchant showing the merchant a log of transactions for that merchant's terminals.”
Hazel 33:35-38 “With a secure database, in one embodiment, the database might be made accessible to multiple entities, allowing a clearing place for authentication while maintaining a measure of security in the token data.”
)


Claim 2 is/are rejected under 35 U.S.C. 103 as being unpatentable over Hazel in view of Starosielsky, further in view of Liebl, in view of Official Notice, in view of Resch et al. U.S. Patent No. 8627114 (hereinafter “Resch”).
As per claim 2, the rejection of claim 1 is incorporated herein.
	However, the combination of Hazel, Starosielsky, Liebl, and Official Notice does not expressly disclose, but 
Resch discloses wherein the unique signature is provided to the network resource as part of a process that generated the access token.
(See Resch 
Resch 13:32-39 “the processing module generates a signature for the authentication token… the processing module generates an authentication token by aggregating the permissions, the token expiration, and the signature.”
Resch 17:46-50 “determines whether a signature associated with the authentication token is valid (e.g., indicating valid when a comparison of a decrypted signature to a hash of the authentication token indicates that they are substantially the same)….”
)
It would have been obvious to a person having ordinary skill in the art before the effective filing date of the claimed invention to have modified the combination of Hazel, Starosielsky, Liebl, and Official Notice with the process for generating signature and token of Resch to include wherein the unique signature is provided to the network resource as part of a process that generated the access token.
One of ordinary skill in the art would have made this modification to reduce the likelihood of a signature or token being replaced by a fraudulent signature or token since the token and signature are generated with the same process. The computing system of the primary reference .

Claim 3 is/are rejected under 35 U.S.C. 103 as being unpatentable over Hazel in view of Starosielsky, in view of Liebl, in view of Official Notice, further in view of Stone et al. U.S. Patent No. 7865931 (hereinafter “Stone”).
As per claim 3, the rejection of claim 1 is incorporated herein. 
	However, the combination of Hazel, Starosielsky, Liebl, and Official Notice does not expressly disclose wherein the unique signature is provided to the network resource after the identity has been authenticated to the cloud environment and after the access token has been generated.
Stone discloses wherein the unique signature is provided to the network resource after the identity has been authenticated to the cloud environment and after the access token has been generated.
(See Stone 8:38-39 “when the user is authenticated at web server 103.”
8:60-62 “Signing utility 114a in utilities 114 generates at least one message signature for requests using a signing token associated with the application.”
)
It would have been obvious to a person having ordinary skill in the art before the effective filing date of the claimed invention to have modified the combination of Hazel, Starosielsky, Liebl, and Official Notice with the technique for authenticating and generating token and signature of Stone to include wherein the unique signature is provided to the network resource after the identity has been authenticated to the cloud environment and after the access token has been generated.
One of ordinary skill in the art would have made this modification to improve the ability of the system to authenticate the user in circumstances where the signature capability may not be .

Claims 4-8 and 18 is/are rejected under 35 U.S.C. 103 as being unpatentable over Hazel in view of Starosielsky, in view of Liebl, in view of Official Notice, further in view of Xu et al. U.S. Publication 20170141926 (hereinafter “Xu”).
As per claim 4, the rejection of claim 1 is incorporated herein. 
Hazel discloses 
accessing the log associated with the cloud environment, the log identifying a second API communication sent to the cloud environment from the network resource;
(See Hazel 72:43-63
“FIG. 40 is a diagram illustrating …. audit log ….. a transaction-by-transaction log of transactions [multiple transactions, including a second API communication] occurring in real time or near real time. … a report such as this can be provided to an issuing bank for each transaction [API communication = transaction] involving an issuing bank's tokens [accessing a log]. …. A report can be provided to a merchant showing the merchant a log of transactions for that merchant's terminals [log of transactions = log identifying a second API communication sent to the cloud environment]. As a further example, a similar report can be provided to a cardholder illustrating a transaction log for that cardholder's bank card. Depending on the token network [cloud environment] … ….depending on the transaction process and environment to provide the merchant with the…….., a gateway identification” [cloud environment].
Hazel 70:33-38 “FIG. 37 … gateway 120 is illustrated as receiving transactions from one or more terminals 114 and appropriately routing the transactions to a transaction-second API communication sent to the cloud environment from the network resource].
)
determining, based on the second API communication not including the unique signature, that the access token is potentially compromised.
(See Hazel 69:19-25
“in addition to checking for possible unauthorized token duplications, .. identify replay attacks where multiple duplicate transactions are submitted…, a counter value can be used in various methodologies to ensure that each transaction from a given token is somehow unique.”
[No signature is required to determine that the token is compromised]
)
	However, the combination of Hazel, Starosielsky, Liebl, and Official Notice does not expressly disclose, but 
Xu discloses determining that the second API communication includes the access token but does not include the unique signature; and
(See Xu Para. [0182] “the service request 732 may include the authorization token (which may be encrypted) without the token signature, since the token signature has already been verified).”
)
It would have been obvious to a person having ordinary skill in the art before the effective filing date of the claimed invention to have modified the combination of Hazel, Starosielsky, Liebl, and Official Notice with the technique for token transmission without signature of Xu to include determining that the second API communication includes the access token but does not include the unique signature.


As per claim 5, the rejection of claim 4 is incorporated herein. 
Hazel in view of Starosielsky in view of Liebl in view of Official Notice in view of Xu discloses wherein the operations further comprise determining, based on an analysis of activity associated with the access token, information indicative of potentially malicious use of the access token.
(See Hazel
69:19-22 “in addition to checking for possible unauthorized token duplications, a metric module might be implemented to identify replay attacks where multiple duplicate transactions are submitted for processing.”
See also Hazel 73:21-23 “alert generated for the skimmed or copied card”
)

As per claim 6, the rejection of claim 5 is incorporated herein. 
Hazel in view of Starosielsky in view of Liebl in view of Official Notice in view of Xu discloses wherein the analysis identifies an attempted use of the access token by an unauthorized identity.
(See Hazel 73:21-23 “alert generated for the skimmed or copied card”
)


Hazel in view of Starosielsky in view of Liebl in view of Official Notice in view of Xu discloses wherein the analysis identifies an attempted use of the access token in an unauthorized operation.
(See Hazel 73:21-23 “alert generated for the skimmed or copied card”
Hazel 69:49-56 “where transaction data for a particular token is occurring with time stamps that do not correlate, possible fraudulent activity might be involved. ….multiple copies of a token are in existence and in use in the environment.”
See also Hazel 73:25 “replay attack”
)

As per claim 8, the rejection of claim 5 is incorporated herein. 
Hazel in view of Starosielsky in view of Liebl in view of Official Notice in view of Xu discloses wherein the analysis is based on information from a secure credential vault associated with the access token.
(See Hazel 32:64-65
“signature verifications can be accomplished in a single or separate location with a signature database” [secure credential vault = signature database]
Hazel 29:47-48 “maintain a database or other infrastructure to support authentication of a large number of signatures.”
)

As per claim 18, the claim(s) is/are directed to a method with limitations which correspond to limitations of claim 4, and is/are rejected for the reasons detailed with respect to claim 4.  


Claims 9 and 19 is/are rejected under 35 U.S.C. 103 as being unpatentable over Hazel in view of Starosielsky, in view of Liebl, in view of Official Notice, further in view of Byers et al. U.S. Publication 20160285891 (hereinafter “Byers”).
As per claim 9, the rejection of claim 1 is incorporated herein. 
	However, the combination of Hazel, Starosielsky, Liebl, and Official Notice does not expressly disclose, but 
Byers discloses intercepting, without reference to the log, a second API communication sent from the network resource and directed to the cloud environment; and
determining, based on whether data included in the intercepted second API communication is valid, whether the access token is potentially compromised.
(See Byers “figure 2, Internet cloud that the communications go through; Para. [0058] phone 110 may monitor the communications between agent console 120 and printer 130 in order to provide an auditing function. ….. to detect evidence of hacking, forged tokens”).
It would have been obvious to a person having ordinary skill in the art before the effective filing date of the claimed invention to have modified the combination of Hazel, Starosielsky, Liebl, and Official Notice with the technique for monitoring ongoing communications of Byers to include 
intercepting, without reference to the log, a second API communication sent from the network resource and directed to the cloud environment; and
determining, based on whether data included in the intercepted second API communication is valid, whether the access token is potentially compromised.
One of ordinary skill in the art would have made this modification to improve the ability of the system to detect attacks. The computing system of the primary reference can be modified so that the instructions and methods include the technique for monitoring ongoing communications of Byers.
.  

Claim 14 is/are rejected under 35 U.S.C. 103 as being unpatentable over Hazel in view of Starosielsky, in view of Liebl, in view of Official Notice, further in view of Kosuga et al. U.S. Publication 20050102499 (hereinafter “Kosuga”).
As per claim 14, the rejection of claim 1 is incorporated herein. 
	However, the combination of Hazel, Starosielsky, Liebl, and Official Notice does not expressly disclose wherein the unique signature is encrypted using a private key before the unique signature is provided to the network resource.
Kosuga discloses wherein the unique signature is encrypted using a private key before the unique signature is provided to the network resource.
(See Kosuga Para. [0033] “.when a mail arrives... If any virus is detected, the mail is immediately discarded (S403) and a warning mail is issued to the sender (S404). A warning mail signature, which is encrypted by using a time stamp signature generation private key 68, is attached to the warning mail before it is transmitted.”).
It would have been obvious to a person having ordinary skill in the art before the effective filing date of the claimed invention to have modified the combination of Hazel, Starosielsky, Liebl, and Official Notice with the technique for encrypting a signature using a private key before transmitting of Kosuga to include wherein the unique signature is encrypted using a private key before the unique signature is provided to the network resource.
One of ordinary skill in the art would have made this modification to improve the ability of the system to prevent unauthorized alteration of the signature during transmission. The computing system of the primary reference can be modified so that the instructions and .

Claim 15 is/are rejected under 35 U.S.C. 103 as being unpatentable over Hazel in view of Starosielsky, in view of Liebl, in view of Official Notice, further in view of Chu et al. U.S. Publication 20120060225 (hereinafter “Chu”).
As per claim 15, the rejection of claim 1 is incorporated herein. 
	However, the combination of Hazel, Starosielsky, Liebl, and Official Notice does not expressly disclose, but 
Chu discloses wherein the unique signature is provided to an agent running on the network resource, the agent being configured to insert the unique signature into the first communication.
(See Chu Para. [0006]
“The device 30 includes a DRM agent 40,” [agent running on the network resource]
Chu [0174] “DRM agent 40 may add the signature received from the SRM agent 60 to the rights object upgrade request message”
Chu [0173]
“DRM agent 40 transmits a rights object upgrade request message…”
)
It would have been obvious to a person having ordinary skill in the art before the effective filing date of the claimed invention to have modified the combination of Hazel, Starosielsky, Liebl, and Official Notice with the technique for inserting a received signature into a communication of Chu to include 
wherein the unique signature is provided to an agent running on the network resource, the agent being configured to insert the unique signature into the first API communication.
.


Claim 20 is/are rejected under 35 U.S.C. 103 as being unpatentable over Hazel in view of Starosielsky, in view of Liebl, in view of Official Notice, further in view of Dill et al. U.S. Publication 20150032626 (hereinafter “Dill”).
As per claim 20, the rejection of claim 17 is incorporated herein. 
	However, the combination of Hazel, Starosielsky, Liebl, and Official Notice does not expressly disclose nullifying the access token when the access token is potentially compromised.
Dill discloses nullifying the access token when the access token is potentially compromised. 
(See Dill [0045]
“when a token is compromised …., a token …can be deactivated…. A token can be deactivated by temporarily locking or suspending the token for a specific token requestor. A token can be cancelled to…prevent the token from being used in any future transactions.”
See also Dill para. [0160]
)
It would have been obvious to a person having ordinary skill in the art before the effective filing date of the claimed invention to have modified the combination of Hazel, Starosielsky, Liebl, and Official Notice with the technique for deactivating a compromise token of Dill to include 
nullifying the access token when the access token is potentially compromised.
One of ordinary skill in the art would have made this modification to improve the ability of the system to respond to detection of compromise token, so that the token cannot be used in a fraudulent transaction. The computing system of the primary reference can be modified so that the instructions and methods include the technique for deactivating a compromise token of Dill.

Claim 21 is/are rejected under 35 U.S.C. 103 as being unpatentable over Hazel in view of Starosielsky, in view of Liebl, in view of Official Notice, further in view of Salama et al. U.S. Patent No. 10248953 (hereinafter “Salama”).
As per claim 21, the rejection of claim 17 is incorporated herein. 
	However, the combination of Hazel, Starosielsky, Liebl, and Official Notice does not expressly disclose rotating the access token when the access token is potentially compromised.
Salama discloses rotating the access token when the access token is potentially compromised.
(See Salama “vault 146 may be configured to replace a compromised token on a device of user 110 (e.g., client device 104) with a “tracer” token.”).
It would have been obvious to a person having ordinary skill in the art before the effective filing date of the claimed invention to have modified the combination of Hazel, Starosielsky, Liebl, and Official Notice with the token replacement technique of Salama to include rotating the access token when the access token is potentially compromised.
One of ordinary skill in the art would have made this modification to improve the ability of the system to recover after detecting compromise tokens by replacing a compromised token with another token.  The computing system of the primary reference can be modified so that the instructions and methods include the token replacement technique of Salama.



Conclusion
Any inquiry concerning this communication or earlier communications from the examiner should be directed to HOWARD H LOUIE whose telephone number is 571-272-0036.  The examiner can normally be reached on Monday-Friday 9 AM-5 PM EST.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Jung W. Kim can be reached on 571-272-3804.  The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system.  Status information for published applications may be obtained from either Private PAIR or Public PAIR.  Status information for unpublished applications is available through Private PAIR only.  For more information about the PAIR system, see http://pair-direct.uspto.gov. Should you have questions on access to the Private PAIR system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative or access to the automated information system, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.






/HOWARD H. LOUIE/Examiner, Art Unit 2494                                                                                                                                                                                                        
/JUNG W KIM/Supervisory Patent Examiner, Art Unit 2494