DETAILED ACTION

Claims 1-20 are presented for examination.

Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .

Information Disclosure Statement
The Information Disclosure Statement(s) submitted by applicant on 07/18/2019 has/have been considered. The submission is in compliance with the provisions of 37 CFR § 1.97. Form PTO-1449 signed and attached hereto.

	Notice of Pre-AIA  or AIA  Status

The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA . 
In the event the determination of the status of the application as subject to AIA  35 U.S.C. 102 and 103 (or as subject to pre-AIA  35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status.  
Claim Rejections - 35 USC § 103

The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102 of this title, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains.  Patentability shall not be negated by the manner in which the invention was made.


Claims1-2, 15-16, and 18-20 are rejected under 35 U.S.C. 103 as being unpatentable over Ericson et al. (US Patent Application No.20200213298) (Hereinafter Ericson) in view of Harada et al. (US Patent Application No. 20090183250) (Hereinafter Harada).

As per claim 1,  Ericson discloses a token management apparatus, comprising: 
a reception unit that receives, from a first user who has an access token (para 20, “A token may be issued to the device of the user for their respective personal account, where the token may include data (which may be encrypted) allowing the 
service provider to identify the user and their account and authenticate the user”) for accessing a service providing server that provides a service (para 28, “A token may be issued to the device of the user for their respective personal account”,), a permission condition for permitting a second user for a conditional use of an access token of the first user, the second user being differential from the first user and not having the 
an issuance unit that issues a conditional access token that permits the conditional use of the service within a range of the permission condition (para 28. “second user device  is within range of first user device Authentication application”), to the second user in a case where the second user requests the conditional use of the access token of the first user, and the request for the conditional use satisfies the permission condition (para 28, “The request may therefore ask a user using second user device 120 to determine whether they can identify the authorized user in proximity to them.  If the user using second user device 120 affirmatively identifies the user, such as the user using first user device 110, then authentication application 112 may receive confirmation of the identity, and may provide the requested access to the device, process, account, and/or service”). Ericson discloses sharing an access token by two user device used by same user. However, two different user devices can be used by two different users, for example, Harada discloses transferring token from first user to the second user (fig 16, para 19, 57, 79, token transfer condition to utilizing right transaction server 200 (Step A10) The token transfer condition includes a transfer period during which the token is transferred). It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to combine the teachings of Ericson and Harada. The motivation would have been to transfer/share token from one user to other user by providing increased security solutions by identity confirmation. 


As per claim 2, claim is rejected for the same reasons as claim 1, above. In addition, Harada discloses a storage unit that stores the conditional access token (fig 5); and 
a control unit performs control to request the use of the service to the service providing server in a case where the conditional use of the service is requested from the second user, in a case where the conditional access token is received, and the received conditional access token matches the conditional access token stored in the storage unit (para 82, “Transfer command receiving unit 210 verifies the token transfer condition and the content utilizing condition managed by service utilizing condition receiving unit 240 for a match.  When the token transfer condition and the content utilizing condition corresponding to the token do match, transfer command receiving unit 210 notifies validation unit 260 of a request to inquire validity of the token”). 

As per claim 15, claim is rejected for the same reasons as claim 1, above. In addition, Harada discloses wherein the issuance unit notifies the second user of the permission condition in a case where the second user requests the conditional use of the access token of the first user and the request of the conditional use does not satisfy the permission condition (para 99, “utilizing right transaction server 200 judges whether or not "user attribute information Un" of user Un satisfies the "content utilizing 
condition" of the "transfer token" selected by user Un in Step B1 and the 
"token transfer condition" (Step B3)”). 

As per claim 16, claim is rejected for the same reasons as claim 2, above. In addition, Harada discloses wherein the issuance unit notifies the second user of the permission condition in a case where the second user requests the conditional use of the access token of the first user and the request of the conditional use does not satisfy the permission condition (para 83, “the token transfer condition does not satisfy the 
content utilizing condition” ). 

As per claim 18, claim is rejected for the same reasons as claim 1, above. In addition, Harada discloses wherein the issuance unit notifies the first user to permit the use of the service requested by the second user in a case where the second user requests the conditional use of the access token of the first user and the request for the conditional use does not satisfy the permission condition (para 83, “the token transfer condition does not satisfy the content utilizing condition…notifies user U1 of the mismatch and controls utilizing right transaction server”). 
 
As per claim 19, claim is rejected for the same reasons as claim 1, above. In addition, Harada discloses wherein the issuance unit requests the first user to log in in a case where the second user requests the conditional use of the access token of the first user, and issues the conditional access token in a case where the first user logs in (para 12, provide increased security through instituting the identity confirmation for all logins or access requests or the owner of the device/account may require the identity confirmation to provide the increased security). 

As per claim 20, claim is rejected for the same reasons as claim 1, above. In addition, Ericson discloses A non-transitory computer readable medium storing a token management program for causing a computer to function as each unit of the token management apparatus according to claim 1 (para 70).

Claims 3-14 and 17are rejected under 35 U.S.C. 103 as being unpatentable over Ericson et al. (US Patent Application No.20200213298) (Hereinafter Ericson) in view of Harada et al. (US Patent Application No. 20090183250) (Hereinafter Harada)  in further view of Kong et al. (US Patent Application No. 20180191700) (Hereinafter Kong).

As per claim 3, Ericson in view of Harada does not disclose  wherein the control unit deletes the conditional access token from the storage unit in a case where a predetermined deletion condition is satisfied. Kong discloses  wherein the control unit deletes the conditional access token from the storage unit in a case where a predetermined deletion condition is satisfied (para 9,15,”the first access 
token has expired or is about to expire”). It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to combine the teachings of Ericson and Harada with Kong. The motivation would have been to set expiration conditions of token to provide increased security of resources in the system. 


As per claim 4, claim is rejected for the same reasons as claim 3, above. In addition, Kong discloses wherein the deletion condition is satisfied in a case where deletion of the conditional access token is instructed from the first user or the second user (para 17,“delete or cause the first web resource to delete the grant token from a 
Memory”). 

As per claim 5, claim is rejected for the same reasons as claim 3, above. In addition, Kong discloses wherein the deletion condition is satisfied in a case where a predetermined time period is elapsed from issuance or most recent use of the conditional access token or from start of use or most recent use of the service (para 10, “an expiration time of the first access Token”). 

As per claim 6, claim is rejected for the same reasons as claim 3, above. In addition, Kong discloses wherein the deletion condition is satisfied in a case where a predetermined time period is elapsed from occurrence of an event related to the service (para 10, “an expiration time of the first access Token”). 


As per claim 7, claim is rejected for the same reasons as claim 6, above. In addition, Harada discloses wherein the control unit notifies the second user that the event occurs (para 83, “the token transfer condition does not satisfy the content utilizing condition…notifies user U1 of the mismatch and controls utilizing right transaction server”).  

As per claim 8, claim is rejected for the same reasons as claim 6, above. In addition, Kong discloses wherein the service providing server is a document management server that manages a document, and the occurrence of the event is update of the document (fig3, para 6, 59, document/ record management well known in the art , access to web resource can be for any purpose such as delete, update, read and write). 

As per claim 9, claim is rejected for the same reasons as claim 7, above. In addition, Kong discloses wherein the service providing server is a document management server that manages a document (document/ record management well known in the art), and the occurrence of the event is update of the document (para 40, hosted services may provide access to documents) . 

As per claim 10, claim is rejected for the same reasons as claim 5, above. In addition, Kong discloses wherein the control unit notifies the second user at a predetermined timing before the predetermined time period is elapsed (para 15, “When the first access token has expired or is about to expire, the endpoint device(s) will receive a re-authentication request”). 

As per claim 11, claim is rejected for the same reasons as claim 6, above. In addition, Kong discloses the control unit notifies the second user at a predetermined timing before the predetermined time period is elapsed (para 15, “When the first access 


As per claim 12, claim is rejected for the same reasons as claim 7, above. In addition, Harada discloses, wherein the control unit notifies the second user at a predetermined timing before the predetermined time period is elapsed (para 15, “When the first access token has expired or is about to expire, the endpoint device(s) will receive a re-authentication request”). 

As per claim 13, claim is rejected for the same reasons as claim 8, above. In addition, Harada discloses wherein the control unit notifies the second user at a predetermined timing before the predetermined time period is elapsed (para 83, “the token transfer condition does not satisfy the content utilizing condition…notifies user U1 of the mismatch and controls utilizing right transaction server”). 

As per claim 14, claim is rejected for the same reasons as claim 9, above. In addition, Harada discloses wherein the issuance unit notifies the second user of the permission condition in a case where the second user requests the conditional use of the access token of the first user and the request of the conditional use does not satisfy the permission condition (para 99, “utilizing right transaction server 200 judges whether or not "user attribute information Un" of user Un satisfies the "content utilizing 
condition" of the "transfer token" selected by user Un in Step B1 and the 
"token transfer condition" (Step B3)”). 

As per claim 17, claim is rejected for the same reasons as claim 3, above. In addition, Harada discloses wherein the issuance unit notifies the second user of the permission condition in a case where the second user requests the conditional use of the access token of the first user and the request of the conditional use does not satisfy the permission condition (para 83, “the token transfer condition does not satisfy the 
content utilizing condition…notifies user U1 of the mismatch and controls utilizing right transaction server”). 

Conclusion

Please see the attached PTO-892 for the prior art made of record and not relied upon is considered pertinent to applicant's disclosure. 
 
Any inquiry concerning this communication or earlier communications from the examiner should be directed to MOHAMMAD A SIDDIQI whose telephone number is (571)272-3976.  The examiner can normally be reached on Monday-Friday.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.

Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system.  Status information for published applications may be obtained from either Private PAIR or Public PAIR.  Status information for unpublished applications is available through Private PAIR only.  For more information about the PAIR system, see https://ppair-my.uspto.gov/pair/PrivatePair. Should you have questions on access to the Private PAIR system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative or access to the automated information system, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.






/MOHAMMAD A SIDDIQI/Primary Examiner, Art Unit 2493