DETAILED ACTION
	This office action is in response to amendment filed on 01/29/2021. After the filed amendment has been considered and entered, the claims 1-20 are pending and being considered. Claim 15 is amended. Claims 1, 8 and 15 are independent.

Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .
In the event the determination of the status of the application as subject to AIA  35 U.S.C. 102 and 103 (or as subject to pre-AIA  35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status.  

Response to Arguments
Applicant’s arguments filed on 01/29/2021 have been fully considered and are persuasive.  All the previous rejections set forth in the previous office action has been withdrawn. 
Examiner Note: computer-readable media recited in the claims are interpreted as a non-transitory computer-readable media. [See Paragraph 0119, applicant’s published specification where computer-readable media excludes both communication media and propagating signals.]


Allowable Subject Matter
The following is an examiner’s statement of reasons for allowance: 
After further search and consideration, the claims 1-20 are allowed over the cited prior art(s) of record. 
The following references/prior arts disclose the general subject matter recited in the independent claims 1, 8 and 15 before/after the current amendment is submitted/made.

A.	Frei et al. (US 20160142409 A1; Provided by IDS) discloses to provide authentication of users in a service-to-service context. At a first service, a user authentication token is received from a client device that was obtained from an identity provider. The user authentication token was received to enable access to the first service by a user. The user is authenticated based on the user authentication token. A second service is determined to be needed to be accessed by the first service on behalf of the user. The user authentication token is converted into a proxy token that is not convertible back to the user authentication token. The proxy token is forwarded from the first service to the second service to enable access to the second service. A response is received by the first service from the second service due to the user having been authenticated based on the proxy token.

B.	DUNJIC et al. (US 20190372957 A1) discloses a security token service (and, by association, the authorization server) that returns a secure JavaScript Object Notation (JSON) Web token (JWT) object with an ID token, an access token, and/or an optional refresh token. In some embodiments, a public key may be saved in association with the tokens (e.g. ID token, access token) which were generated as a result of the request submitted by the client application in operation 518.

C.	Makoto Mihara (US 20180367544 A1) discloses to provide an authentication/authorization server association unit 351 transmits the received access token to the data transmission unit 352 (S406). The data transmission unit 352 transmits the access token and the data on the device 150 to the data reception unit 330 (S407). Examples of the data on the device 150 include a debug log, status information, and a 

D.	Leung et al. (US 20140282986 A1) discloses to provide an access or authorization token that may grant access to an object, file, resource, login session, etc. to the holder of the access or authorization token. In another embodiments, tokens may be bound together by including one token within another token, or one token may contain another token.

E.	Johnson et al. (US 20060235795 A1) discloses to provide the user input 780, the mobile module 705 will generate a challenge response 785 and return it to the client 710, which will generate and send a request security token response that includes, e.g., a SIM identifier, the challenge 770, and the challenge response 785. Typically, the client 710 will request that the mobile module 705 sign and/or encrypt the request security token response with the network security token 745, the shared secret key 740, or a SIM 705 specific key. Similar to above, the request security token response and the challenge response 785 therein can be validated using, e.g., the shared secret 740, or other mobile module 705 specific key. Note, as previously mentioned, that the request security token response may or may not be signed and/or encrypted by the same key used to generate the challenge response 785. In any event, if the mobile infrastructure 720 validates the challenge response 785 (i.e., the user credentials provided are proper), the mobile infrastructure 720 and/or authentication server 715 can respond by 

F.	Laurie et al. (US 20100325441 A1) discloses the process of generating an original token; modifying the original token to obtain a modified token; and providing the modified token to the IdP to obtain an access token for accessing the RP.

G.	Yeddula et al. (US 20190349360 A1) discloses to generate a single access token from two transferable access tokens, and transmit the generated single access token for authentication.
H.	Engan et al. (US 20190124070 A1) discloses a proof-of-possession (POP) token that is digitally signed with a client private key that corresponds to the client public key that is included in an authentication token; creating a request to send to a server to access a secure service on the server, the request including at least the authentication token and the POP token; and transmitting the request to the server to access the secure service. Wherein the client public key is embedded in the authentication token.

I.	See the other cited prior arts.


For this reason, the specific claim limitations such as “generating a second token, the second token including: an actor token, from the identity provider, that uniquely identifies a receiver in the system of the first token and that includes a public key, and a modified version of the first token having an encrypted value of the nonce in place of the nonce”, and “validating the authentication token, including: validating an actor token within the authentication token, the actor token uniquely identifying the first computing device and including a public key corresponding to the private key, and validating an origination token within the authentication token, the originating token including information associated with the request for data and being different from the actor token” recited in the independent claims 1 and 8, respectively, taken as whole are allowed.
The independent claim 15 is allowable for the same reason(s) as mentioned above for the independent claim 1.
The dependent claims 2-7, 9-14 and 16-20 which are dependent on the above independent claims being further limiting to the independent claim, definite and enabled by the specification are also allowed.
Furthermore, the applicant’s replies make evident the reasons for allowance, satisfying the “record as a whole” proviso of the rule 37 CFR 1.104(e). The grounds of claim rejection was reconsidered and withdrawn based on the substance of applicant’s amendments, remarks and arguments (see arguments/remarks, filed on 01/29/2021, pages 10-13), as such the reasons for allowance are in all probability evident from the record.	
Any comments considered necessary by applicant must be submitted no later than the payment of the issue fee and, to avoid processing delays, should preferably accompany the issue fee. Such submission should be clearly labeled “Comments on Statement of Reasons for 



Conclusion
Any inquiry concerning this communication or earlier communications from the examiner should be directed to ALI CHEEMA, whose contact number is 571-272-1239. The examiner can normally be reached on Mon-Fri: 8AM – 4PM. 
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Jeffrey Pwu can be reached on 571-272-6798. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300. 
Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system. Status information for published applications may be obtained from either Private PAIR or Public PAIR. Status information for unpublished applications is available through Private PAIR only. For more information about the PAIR system, see http://pair-direct.uspto.gov. Should you have questions on access to the Private PAIR system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free).If you would like assistance from a USPTO Customer Service Representative or access to the automated information system, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.


/ALI CHEEMA/
Examiner, Art Unit 2433