DETAILED ACTION
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA . 
Claims 2, 5, 11, 14, and 20 have been canceled. 
Claims 1, 3-4, 6-10, 12-13, 15-19 are pending. 
Response to Arguments and Amendments
Applicant’s arguments, see (page 2-3 on the remarks), filed 02/09/2021, with respect to the rejection(s) of claim(s) 1, 3-4, 6-10, 12-13, 15-19 under 103 rejection have been fully considered and are persuasive.  Therefore, the rejection has been withdrawn.  However, upon further consideration, a new ground(s) of rejection is made in view of Christopher Jurgen von Krogh (US 9398003).

Claim Rejections - 35 USC § 103

In the event the determination of the status of the application as subject to AIA  35 U.S.C. 102 and 103 (or as subject to pre-AIA  35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status.  
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102 of this title, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains.  Patentability shall not be negated by the manner in which the invention was made.

5.	Claims 1, 3, 4, 8-9, 11-13, 17-19 are rejected under 35U.S.C 103 as being unpatentable over Marco Sonnega (US 20090235069), in view of Trevin M Chow (US 8341718), hereinafter Chow.

	Regarding claim 1:
	Sonnega discloses establishing a secure transport layer security connection with a server that provides a web service using the secured transport layer security connection create a secure channel between a digital service and a client: i.e., the digital service supported by a server 6, e.g. a webserver, a client 2(n) and the security server 4 (Sonnega, paragraph 42).
And communicating data with the web service using a web service token that is signed and encrypted according to the identified at least one cryptographic key the subject's identity and the certificate's integrity (no tampering) have been verified. The certificate is typically combined with a signed message or signed executable file, and the public key is used to verify the signatures (. . .). The subject's public key may also be used to provide a secure key exchange in order to have an encrypted two-way communications session (...). . . . (Sonnega, paragraph 28), and further the security server 4 is provided with suitable software such that the security server 4 can securely communicate with the server 6, e.g., using a SSL digital certificate or other secure network communication protocol (Sonnega, paragraph 43). However, Sonnega fails to teach transmitting a credential for the client to the server; receiving a first web service token for the web service corresponding to the credential from the web service; exchanging security certificates with the web service using the first web service token to identify at least one cryptographic key, second web service token; communicate the data between the client and the server without retransmitting the credential to the server to create a new transport layer security connection. 
Chow teaches transmitting a credential for the client to the server authentication service 102(m) may receive a bundled request from a client 104(1) seeking authentication (e.g., a token 122(q)) and a certificate 124(r). Authentication service 102(m) verifies client credentials 120 (p) of a client 104(1). The client credentials 120(p), for example, may be a user name and password Supplied by the client 104(1) (Chow, column 5, [lines 49-54]); receiving a first web service token for the web service upon verification of client credentials 120(p), authentication module 116(m) may generate a token 122(g) to communicate to client 104(1), which may be used by the client 104(1) for proof of identity at one or more service providers 112(s). Certification module 118(m), in response to the same request, generates a certificate 124(r) to communicate to client 104(1) that is used in conjunction with secure sharing (e.g., via sharing module 110) (Chow, column 5, [lines 57-64]), and further authentication service 102(m) integrates functionality for authentication, token issuance and certificate issuance in response to a single request from a client 104(1)-104(n) (Chow, column 6, [lines 4-7]), TLS/SSL authenticates and secures data transactions using certificates and encryption. TLS/SSL, for instance, may utilize symmetric and/or asymmetric key encryption based upon public keys provided in certificates. Using these or other protocols, a secure communications channel (e.g., a TLS/SSL session) is established between clients using the certificates (Chow, column 7, [lines 19-25]). Therefore, it would have been obvious to someone skilled in the art before the effective filling date of claimed invention to combine the teaching of Sonnega with that of Chow in order to authenticate a client and issues to the client a token and a certificate. The token may be provided by a client seeking access to resources from a plurality of service providers, such that, the token serves as proof of identity at each of the plurality of service providers. The certificate may be used by the client to establish secure communications with other clients. 


Regarding claim 3:
Sonnega and Chow disclose wherein identifying at least one cryptographic key comprises identifying a client private key and a server public key and wherein communicating with the server using the second web service token sharing module 110 may be executed to create secure transactions between clients using Secure Channel protocols (Schannel). Schannel implements Transport Layer Security (TLS) and Secure Sockets Layer (SSL) collectively, which is referred to as “TLS/SSL. TLS/SSL authenticates and secures data transactions using certificates and encryption. TLS/SSL, for instance, may utilize symmetric and/or asymmetric key encryption based upon public keys provided in certificates (Chow, column 7, [lines 10-20]). Therefore, it would have been obvious to someone skilled in the art before the effective filling date of claimed invention to combine the teaching of Sonnega with that of Chow in order to authenticate a client and issues to the client a token and a certificate. The token may be provided by a client seeking access to resources from a plurality of service providers, such that, the token serves as proof of identity at each of the plurality of service providers. The certificate may be used by the client to establish secure communications with other clients.



	Regarding claim 4:
Sonnega and Chow disclose wherein identifying at least one cryptographic key comprises identifying a client public key and a server private key and wherein communicating with the server using the second web service token sharing module 110 may be executed to create secure transactions between clients using Secure Channel protocols (Schannel). Schannel implements Transport Layer Security (TLS) and Secure Sockets Layer (SSL) collectively, which is referred to as “TLS/SSL. TLS/SSL authenticates and secures data transactions using certificates and encryption. TLS/SSL, for instance, may utilize symmetric and/or asymmetric key encryption based upon public keys provided in certificates (Chow, column 7, [lines 10-20]). Therefore, it would have been obvious to someone skilled in the art before the effective filling date of claimed invention to combine the teaching of Sonnega with that of Chow in order to authenticate a client and issues to the client a token and a certificate. The token may be provided by a client seeking access to resources from a plurality of service providers, such that, the token serves as proof of identity at each of the plurality of service providers. The certificate may be used by the client to establish secure communications with other clients.


Regarding claim 8:
Sonnega and Chow disclose a computer configured to perform the method of claim 1 FIG. 2 shows a schematic overview of a computer arrangement in general. Such a computer arrangement can be used as client 2(n) but also the security server 4 and the serve 6 may have most of the components of the computer arrangement shown in FIG. 2. Each one of the clients 2(n), the security server 4 and the server 6 will have at least a processor and some form of memory storing data and instructions to let the processor run a predetermined program to perform functionality in accordance with the invention (Sonnega, paragraph 45).

Regarding claim 9:
Sonnega and Chow disclose a computer-readable medium storing instructions that, when executed by a computer, perform the method of claim 1 FIG. 2 shows a schematic overview of a computer arrangement in general. Such a computer arrangement can be used as client 2(n) but also the security server 4 and the serve 6 may have most of the components of the computer arrangement shown in FIG. 2. Each one of the clients 2(n), the security server 4 and the server 6 will have at least a processor and some form of memory storing data and instructions to let the processor run a predetermined program to perform functionality in accordance with the invention (Sonnega, paragraph 45).

Regarding claim 10:
Claim 10 is rejected under the same reason set forth in rejection of claim 1.

Regarding claim 12:
Claim 12 is rejected under the same reason set forth in rejection of claim 3.

Regarding claim 13:
Claim 13 is rejected under the same reason set forth in rejection of claim 4.

Regarding claim 17:
Sonnega and Chow disclose a computer configured to perform the method of claim 10 FIG. 2 shows a schematic overview of a computer arrangement in general. Such a computer arrangement can be used as client 2(n) but also the security server 4 and the serve 6 may have most of the components of the computer arrangement shown in FIG. 2. Each one of the clients 2(n), the security server 4 and the server 6 will have at least a processor and some form of memory storing data and instructions to let the processor run a predetermined program to perform functionality in accordance with the invention (Sonnega, paragraph 45).

Regarding claim 18:
Sonnega and Chow disclose a computer-readable medium storing instructions that, when executed by a computer, perform the method of claim 10 FIG. 2 shows a schematic overview of a computer arrangement in general. Such a computer arrangement can be used as client 2(n) but also the security server 4 and the serve 6 may have most of the components of the computer arrangement shown in FIG. 2. Each one of the clients 2(n), the security server 4 and the server 6 will have at least a processor and some form of memory storing data and instructions to let the processor run a predetermined program to perform functionality in accordance with the invention (Sonnega, paragraph 45).

Regarding claim 19:
Claim 19 is rejected under the same reason set forth in rejection of claim 1.

6.	Claims 6-7, 15, 16 are rejected under 35U.S.C 103 as being unpatentable over Marco Sonnega (US 20090235069), in view of Trevin M Chow (US 8341718), and further in view of Andreas Leicher (US 20130191884), hereinafter Leicher.

Regarding claim 6:
	Sonnega and Chow disclose the security server 4 is provided with suitable software such that the security server 4 can securely communicate with the server 6, e.g., using a SSL digital certificate or other secure network communication protocol (Sonnega, paragraph 43)., but fail to disclose wherein the second web service token comprises a signed and encrypted JavaScript Object Notation (JSON) web service token (JWT). However, Leicher teaches AJSON web key document may comprise a URL of the provider's JSON web key (JWK) document. The JWK document may be in a JSON structure that may provide a set of public keys. Such keys may be used to sign the JSON Web Tokens (e.g., the ID token) (Leicher, paragraph 38), and the ID token may be in a JWT format in accordance with an example implementation of an OpenID Connect protocol. A JWT may comprise JSON attributes, for example, of the actual authentication of the user (Leicher, paragraph 45). It would have been obvious to someone skilled in the art before the effective filling date of claimed invention to combine the teaching of Sonnega and Leicher in order to generate the access token in response to receiving a request for user data.

	Regarding claim 7:
	Sonnega, Krogh, and Leicher disclose wherein the JWT uses a JSON Web Signing (JWS) format and a JSON web encryption (JWE) format the data format of an ID token may be JWT which may comprise JSON (Leicher, paragraph 43), and token may be signed and/or may be encrypted using JSON Web Signature (JWS) and/or JSON Web Encryption (JWE). Keys used for signing and/or encrypting may be JSON Web Keys (Leicher, paragraph 54). ). It would have been obvious to someone skilled in the art before the effective filling date of claimed invention to combine the teaching of Sonnega and Leicher in order to generate the access token in response to receiving a request for user data.

Regarding claim 15:
Claim 15 is rejected under the same reason set forth in rejection of claim 6.

Regarding claim 16:
Claim 16 is rejected under the same reason set forth in rejection of claim 7.

Conclusion

Applicant's amendment necessitated the new ground(s) of rejection presented in this Office action.  Accordingly, THIS ACTION IS MADE FINAL.  See MPEP § 706.07(a).  Applicant is reminded of the extension of time policy as set forth in 37 CFR 1.136(a).  

Any inquiry concerning this communication or earlier communications from the examiner should be directed to Thanh Le whose telephone number is 571-272-8556.  The examiner can normally be reached on Monday-Friday 8:00a.m to 5p.m. EST.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Nickerson Jeffrey can be reached on 469-295-9235.  The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300. Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system.  Status information for published applications may be obtained from either Private PAIR or Public PAIR.  Status information for unpublished applications is available through Private PAIR only.  For more information about the PAIR system, see http://pair-direct.uspto.gov. Should you have questions on access to the Private PAIR system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative or access to the automated information system, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.
/THANH H LE/             Examiner, Art Unit 2432                                                                                                                                                                                           
/Kevin Bechtel/             Primary Examiner, Art Unit 2491