Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .
DETAILED ACTION

Continued Examination Under 37 CFR 1.114
A request for continued examination under 37 CFR 1.114, including the fee set forth in 37 CFR 1.17(e), was filed in this application after final rejection.  Since this application is eligible for continued examination under 37 CFR 1.114, and the fee set forth in 37 CFR 1.17(e) has been timely paid, the finality of the previous Office action has been withdrawn pursuant to 37 CFR 1.114.  Applicant's submission filed on 7/26/21 has been entered.
 
Claims 1, 11, and 17 have been amended.  Claims 1-9 and 11-20 are pending.



Response to Arguments
Applicant's arguments filed 7/9/21 have been fully considered but they are not persuasive.  Applicant contends the prior art does not teach the newly incorporated limitations.  After careful review of the prior art, the Examiner finds the prior art to teach/suggest each of the limitations as outlined below.   Examiner is interpreting the limitation “without requiring another authentication of the mobile device” to mean that .  


Claim Rejections - 35 USC § 103

In the event the determination of the status of the application as subject to AIA  35 U.S.C. 102 and 103 (or as subject to pre-AIA  35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status.  
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.

	Claims 1-6, 9 and 17-19 are rejected under 35 U.S.C. 103 as being unpatentable over Ahmed et al. (US 20170134223 A1, hereinafter, Ahmed) and in view of Hayton et al. (US 20140331060 A1, hereinafter, Hayton). 
Ahmed teaches a method for providing comprehensive remote authorized access to a plurality of pieces of equipment in a datacenter, the method comprising: ([0001] This disclosure generally relates to information handling systems, and more particularly relates to a system and method for providing a wireless device connection in a server rack of a data center.)
receiving a mobile device security credential; ([0019] Wireless management modules 114, 134, 144, and 154 include various security features to ensure that the connection between mobile device 170 and management network 160 is secure and that the user of the mobile device is authorized to access the resources of the management network (i.e. receive mobile device credential).
authenticating the mobile device security credential; ([0019] Wireless management modules 114, 134, 144, and 154 include various security features to ensure that the connection between mobile device 170 and management network 160 is secure and that the user of the mobile device is authorized to access the resources of the management network (i.e. authenticate the mobile device security credential).
configuring access information on the authenticated mobile device, (; ([0045] Management controller 210 operates to provide and maintain the BLE beacon data, content, and pass keys in wireless management module 240 (i.e. configure access information on the mobile device.)
Ahmed doesn’t explicitly teach:
the configured access information including a different scope of authority;
mapping the configured access information to the pieces of equipment; 
receiving an access token and receiving encryption keys from each piece of the equipment; 
sending the access token and encryption keys to the mobile device, wherein the mobile device uses the access token and encryption keys to simultaneously access the pieces of equipment, and to manage the accessed equipment based on the configured access information,  wherein the managing of the accessed equipment includes a threshold on a number of times that the mobile device is accessing the equipment without requiring another authentication;
detecting that the mobile device is offline; re-establishing communication with the mobile device after the mobile device has been offline; in response to the re-establishing communication, determining whether the threshold on the number of times has been exceeded; and in response to the threshold on the number of times not being exceeded, granting parallel access of the equipment without requiring another authentication of the mobile device.
Hayton from analogues endeavor teaches the configured access information including a different scope of authority. ([1001] the second authentication request may be made via the same client application used to make the first authentication request, or with a different client application. For instance, the first authentication request may be a login attempt made with a receiver application 404, and the second authentication request may be made by a separate client application 410 (e.g., email client 410, web browser 410, etc.) to access specific enterprise resources or services. //examiner remarks: this the mobile device accessing separate applications (i.e. different scope of authority) in the second access to the network resources.)
mapping the configured access information to the pieces of equipment; ([1001] the second authentication request may be made via the same client application used to make the first authentication request, or with a different client application. For instance, the first authentication request may be a login attempt made with a receiver application 404, and the second authentication request may be made by a separate client application 410 (e.g., email client 410, web browser 410, etc.) to access specific enterprise resources or services. //examiner remarks: this the mobile device accessing separate applications (i.e. different scope of authority) in the second access to the network resources.)
receiving an access token and receiving encryption keys from each piece of the equipment; ([0098 end of ¶] The authentication device 358 in this example also creates an access token 715 including the key identifier 701 and the cryptographic key 705 used to encrypt the validation data 710. In step 505, the access token 715 may be transmitted by the authentication device 358 to the client device 302.)
sending the access token and encryption keys to the mobile device, ([0098 end of ¶] The authentication device 358 in this example also creates an access token 715 including the key identifier 701 and the cryptographic key 705 used to encrypt the validation data 710. In step 505, the access token 715 may be transmitted by the authentication device 358 to the client device 302.)
wherein the mobile device uses the access token and encryption keys to simultaneously access the pieces of equipment, and ([0089] Referring now to FIG. 5, an example method is shown in which a client device (e.g., mobile device 302 and/or 402), and an authentication device (e.g., authentication service 358 and/or cloud gateway 406) communicate to authenticate (i.e., validate based on access token and access keys) a user of the enterprise system and enable the validated user to access the resources and services of the enterprise system.  to manage the accessed equipment based on the configured access information.  [0098-100] discloses the mobile devices plurality of resource and service accesses in the network (i.e. simultaneous access of the equipment)).
wherein the managing of the accessed equipment includes a threshold on a number of times that the mobile device is accessing the equipment. without requiring another authentication.   ([0111] In some cases, access tokens and/or user secrets may have associated time periods or expiration dates, which may be stored within the enterprise system. In such cases, the authentication device 358 may retrieve the associated time period or expiration date after receiving an authentication request containing an access token. If the access token is valid and has not yet expired, the user may be granted access to the requested resources or services of the enterprise system (i.e. setting a time threshold to limit a mobile access device access to network). ([0103] In such examples, the access token may be retrieved and submitted to the authentication device 358 without any explicit action by the user, or even without the user's knowledge (i.e. access without requiring another authentication.);
detecting that the mobile device is offline [just prior to second authentication request to the system; 0101]; 
re-establishing communication with the mobile device after the mobile device has been offline [0101]; 
in response to the re-establishing communication, determining whether the threshold on the number of times has been exceeded [0106: valid and 0111: within time threshold]; and 
in response to the threshold on the number of times not being exceeded, granting parallel access of the equipment without requiring another authentication of the mobile device [0105; validated without user action 0103].
Therefore, it would have been obvious to a person having ordinary skills in the art, before the effective filing date of the claimed invention, to incorporate the teachings of Hayton in to the teachings Ahmed because an access token and encryption key method offers a more secure and dynamic control of changes related to equipment access attributes and privileges assigned to each user. Furthermore access token provides more flexible control a user’s equipment access attributes and privileges, as taught by Hayton [0006-0007, 0092].  Additionally, it will improve the collection of security and performance data related to equipment access and usage, as taught Hayton, [0057].
The combining of the teachings would have yielded predictable results to one of ordinary skills in the art. 
Regarding to claim 1, it is rejected on same rational as claim 17. 
Regarding to claim 2, the combination of Ahmed and Hayton teaches the method of claim 1. Ahmed doesn’t explicitly teach wherein the simultaneous access includes parallel access of the equipment on a next accessing instance without requiring another authentication.  Hayton further teaches wherein the simultaneous access includes parallel access of the equipment on a next accessing instance without requiring another authentication.   ([0102-0103] discloses subsequent access to a second resource not requiring authentication. In such examples, the access token may be retrieved and submitted to the authentication device 358 without any explicit action by the user, or even without the user's knowledge.)
Therefore, it would have been obvious to a person having ordinary skills in the art, before the effective filing date of the claimed invention, to incorporate the teaching of Hayton into the teachings of Ahmed because it is more simple and secure not to enter the user credential for each and subsequent access of an equipment in the same enterprise network, as taught by Hayton [0102].
Regarding to claim 3 (currently amended), the combination of Ahmed and Hayton teaches the method of Ahmed doesn’t explicitly teach wherein the configured access information includes a different scope of authority at the next accessing instance.
Hayton teaches wherein the configured access information includes a different scope of authority at the next accessing instance. ([1001] the second authentication request may be made via the same client application used to make the first authentication request, or with a different client application. For instance, the first authentication request may be a login attempt made with a receiver application 404, and the second authentication request may be made by a separate client application 410 (e.g., email client 410, web browser 410, etc.) to access specific enterprise resources or services. //examiner remarks: this the mobile device accessing separate applications (i.e. different scope of authority) in the second access to the network resources.)
Therefore, it would have been obvious to a person having ordinary skills in the art, before the effective filing date of the claimed invention, to incorporate the teaching of Hayton into the teachings of Ahmed to provide better access control of users that may be authorized to access some resources and services, but might not be authorized to access others, depending Hayton [0092].
Regarding to claim 4, the combination of Ahmed and Hayton teaches the method of claim 1.  Ahmed teaches wherein the configured access information corresponds to the authenticated mobile device security credential.  ([0045] In establishing Bluetooth-based (i.e. Short-range wireless interface) management network 700, wireless management module 240 is configured as a Bluetooth controller in accordance with a Bluetooth Core Specification, and can connect a single mobile device 710 to management system 200. Management controller 210 operates to provide and maintain the BLE beacon data, content, and pass keys in wireless management module 240 (i.e. configure access information on the mobile device.)
Regarding to claim 5, the combination of Ahmed and Hayton teaches the method of claim 1.  Ahmed further teaches wherein the configuring of the access information is performed by management system module (MSM)-datacenter equipment.  ([0007] FIGS. 4 and 5 are block diagrams of various embodiments of wireless WiFi-based management networks on the management system of FIG. 2. (i.e. the management system that supports the plurality of equipment in a datacenter))
Regarding to claim 6, the combination of Ahmed and Hayton teach the method of claim 5.  Ahmed further teaches wherein the receiving of the mobile device security credential by the MSM-datacenter equipment is performed using a short-range wireless interface.  ([0018] Wireless management modules 114, 134, 144, and 154 can also include Bluetooth wireless interfaces in accordance with one or more Bluetooth specifications, including Bluetooth Low Energy (BLE))
Regarding to claim 9, the combination of Ahmed and Hayton teaches the method of claim 1. Ahmed further teaches wherein the simultaneous accessing of the equipment utilizes a Wi-Fi interface.  ([0018] For example, wireless management modules 114, 134, 144, and 154 can include WiFi wireless interfaces in accordance with one or more IEEE 802.11 specifications for high-speed data communication between mobile device 170 and the wireless management modules.)
Regarding to claim 18, the combination of Ahmed and Hayton teaches the method of claim 17.  Ahmed teaches wherein the receiving of the mobile device security credential, the configuring of the access information, and the are performed using a short-range wireless interface.  ([0028] in a particular embodiment, wireless transceiver module 270 represents an off-the-shelf device to provide WiFi and Bluetooth wireless (i.e. Short-range wireless interface) communications with mobile device 290)
Ahmed don’t explicitly teach sending of the access token and the encryption keys.
Hayton teaches sending of the access token and the encryption keys. ([0098 end of ¶] The authentication device 358 in this example also creates an access token 715 including the key identifier 701 and the cryptographic key 705 used to encrypt the validation data 710. In step 505, the access token 715 may be transmitted by the authentication device 358 to the client device 302.)
	Therefore, it would have been obvious to a person having ordinary skills in the art, before the effective filing date of the claimed invention, to incorporate the teaching of Hayton into the teachings of Ahmed with motivation so enterprise system security also may be Hayton [0088].
Regarding to claim 19, it is rejected on same rational as claim 9.

Claims 7 and 8 are rejected under 35 U.S.C. 103 as being unpatentable over Ahmed and Hayton as applied to claim 1, and further in view of L. A. Ramalho et al. ("Development of an Intelligent Platform Management controller for the Pulsar IIb," 2015 IEEE Nuclear Science Symposium and Medical Imaging Conference (NSS/MIC), San Diego, CA, 2015, pp. 1-2, doi: 10.1109/NSSMIC.2015.7581788, hereinafter Ramalho).
Regarding to claim 7, the combination of Ahmed and Hayton teaches the method of claim 1.  Ahmed as modified by Hayton teaches wherein the mapping of the configured access information is performed through a private virtual local access network (VLAN).  
Ramalho from analogues endeavor teaches a private virtual local access network (VLAN) ([Sec. IV, Fig. 4 and Fig.5] teaches a management system using a private VLAN based network to connect to management system with managed equipment.)
Therefore, it would have been obvious to a person having ordinary skills in the art, before the effective filing date of the claimed invention, to incorporate the teaching of Ramalho into the teachings of Ahmed as modified, in order to create a layer 2 virtual network to separate and restrict user accesses to their respective equipment by assigning VLANs and Ramalho [Sec. IV]).  The combining of the teachings of Ramalho would have yielded predictable results to one of ordinary skills in the art since VLAN (802.1Q or 802.1ad) is a standardized protocol that are widely used in the industry.
Regarding to claim 8, the combination of Ahmed, Hayton and Ramalho teach claim 7. Ahmed as modified by Hayton teaches wherein the access token and the encryption keys are received through  and sent to the mobile device through a short-range wireless interface.  ([0028] in a particular embodiment, wireless transceiver module 270 represents an off-the-shelf device to provide WiFi and Bluetooth wireless (i.e. Short-range wireless interface) communications with mobile device 290)
Ahmed and Hayton don’t explicitly teach the private VLAN.
Ramalho teaches the private VLAN ([Sec. IV, Fig. 4 and Fig.5] teaches a management system using a private VLAN based network to connect to management system with managed equipment.) 
	Therefore, it would have been obvious to a person having ordinary skills in the art, before the effective filing date of the claimed invention, to incorporate the teaching of Ramalho into the teachings of Ahmed as modified, in order to create a layer 2 virtual network to separate and restrict user accesses to their respective equipment by assigning VLANs and configuring network switches as shown at Fig. 5.), as taught by Ramalho [Sec. IV]).  The combining of the teachings of Ramalho would have yielded predictable results to one of ordinary skills in the art since VLAN (802.1Q or 802.1ad) is a standardized protocol that are widely used in the industry. 
s 20 is rejected under 35 U.S.C. 103 as being unpatentable over Ahmed and Hayton) as applied to claim 17, and further in view of Guglani (US 20160092696 A1, hereinafter, Guglani).
Regarding to claim 20, the combination of Ahmed and Hayton teaches the information handling system of claim 17.  The combination of Ahmed, Hayton do not teach wherein the access token is generated by using a JSON Web Token standard. 
Guglani from analogues endeavor teaches wherein the access token is generated by using a JSON Web Token standard. ([00777] For example, the MAP computer 140 may send a cryptogram, (e.g. an encoded string, a user identity token or a JSON Web Token (JWT)) to the mobile application 111 that asserts the identity of the user 101. The MAP computer 140 may provide multiple cryptograms to the mobile application 111. Each cryptogram may be associated with a piece of sensitive user data such as an account number, a social security number, an identification number, etc.) 
Therefore, it would have been obvious to a person having ordinary skills in the art, before the effective filing date of the claimed invention, to incorporate the teachings of Guglani to the teachings of Ahmed and Hayton because JWT is a standards based protocol that is compatible with X.509 key certificate.  JWT is also compact and easier to process on user's devices, especially mobile devices.  The combining of the teachings of Guglani would have yielded predictable results to one of ordinary skills in the art since JWT (RFC 7519) is a standardized protocol that are widely used in the industry.

	Claims 11 – 15 are rejected under 35 U.S.C. 103 as being unpatentable over Ahmed in Hayton and in view of Ramalho.

	Regarding to claim 11 (currently amended), Ahmed teaches an information handling system for providing comprehensive remote authorized access to a plurality of equipment in a datacenter, ([0001] This disclosure generally relates to information handling systems, and more particularly relates to a system and method for providing a wireless device connection in a server rack (i.e. plurality of equipment) of a data center).
the information handling system comprising: a baseboard management controller configured to: ([0026] Embedded controller 220 represents an integrated device or devices that is utilized to provide out-of-band management functions to the information handling system that includes management system 200, and can include a BMC (i.e. baseboard management controller) , an IDRAC, or another device that operates according to the IPMI specification.)receive through a short-range wireless interface a mobile device security credential; [0018] discloses wireless management modules providing connectivity using Wi-Fi and Bluetooth wireless interfaces in accordance with one or more Bluetooth specifications (i.e. Short-range wireless interface). [0019] Wireless management modules 114, 134, 144, and 154 include various security features to ensure that the connection between mobile device 170 and management network 160 is secure and that the user of the mobile device is authorized to access the resources of the management network. (I.e. receive mobile device credential)) authenticate the mobile device security credential; ([0019] Wireless management modules 114, 134, 144, and 154 include various security features to ensure that the connection between mobile device 170 and management network 160 is secure and that the user of the mobile device is authorized to access the resources of the management network. (i.e. authenticate the mobile device security credential) configure access information on the mobile device using the short-range wireless interface; ([0045] In establishing Bluetooth-based (i.e. Short-range wireless interface) management network 700, wireless management module 240 is configured as a Bluetooth controller in accordance with a Bluetooth Core Specification, and can connect a single mobile device 710 to management system 200. Management controller 210 operates to provide and maintain the BLE beacon data, content, and pass keys in wireless management module 240… (i.e.  Configure access information on the mobile device.)simultaneously access the equipment using a long-range wireless interface ([0018] For example, wireless management modules 114, 134, 144, and 154 can include WiFi wireless interfaces in accordance with one or more IEEE 802.11 specifications for high-speed data communication between mobile device 170 and the wireless management modules. //examiner remarks: the mobile device can have simultaneous access to the plurality of eqpt in the server rack.)
Ahmed doesn’t explicitly teach:
map the configured access information to the equipment using a private virtual local access network (VLAN); 
receive an access token and receive encryption keys from each one of the equipment through the private VLAN; 
send the access token and the encryption keys to the mobile device using the short-range wireless interface, wherein the mobile device utilizes the access token and encryption keys (wherein the managing of the accessed equipment includes a threshold on a number of times that the mobile device is accessing the equipment without requiring another authentication;
detecting that the mobile device is offline; re-establishing communication with the mobile device after the mobile device has been offline; in response to the re-establishing communication, determining whether the threshold on the number of times has been exceeded; and in response to the threshold on the number of times not being exceeded, granting parallel access of the equipment without requiring another authentication of the mobile device.

Hayton teaches map the configured access information to the equipment (([0088] Additionally, increased flexibility may be provided for user authentication and resource access control functionality, whereby specific authentication credentials and/or authentication requests may be associated with specific enterprise services and resources and/or specific time periods.//remarks: this is mapping the configured access information on the equipment based on the access credential of the user.)receive an access token and receive encryption keys from each one of the equipment (;)  ([0089] Referring now to FIG. 5, an example method is shown in which a client device (e.g., mobile device 302 and/or 402), and an authentication device (e.g., authentication service 358 and/or cloud gateway 406) communicate to authenticate (i.e., validate) a user of the enterprise system and enable the validated user to access the resources and services of the enterprise system.  [0098-100] discloses the mobile devices plurality of resource and service accesses in the network (i.e. simultaneous access of the equipment).
send the access token and the encryption keys to the mobile device using the short-range wireless interface,  ([0098 end of ¶] The authentication device 358 in this example also creates an access token 715 including the key identifier 701 and the cryptographic key 705 used to encrypt the validation data 710. In step 505, the access token 715 may be transmitted by the authentication device 358 to the client device 302.)wherein the mobile device utilizes the access token and encryption keys to simultaneously access the equipment (, ([0089] Referring now to FIG. 5, an example method is shown in which a client device (e.g., mobile device 302 and/or 402), and an authentication device (e.g., authentication service 358 and/or cloud gateway 406) communicate to authenticate (i.e., validate based on access token and access keys) a user of the enterprise system and enable the validated user to access the resources and services of the enterprise system.  and to manage the accessed equipment based on the configured access information. ([0098-100] discloses the mobile devices accessing plurality of resource and service in the network (i.e. simultaneous access of plurality of equipment.)
wherein the managing of the accessed equipment includes a threshold on a number of times that the mobile device is accessing the equipment without requiring another authentication.   ([0111] In some cases, access tokens and/or user secrets may have associated time periods or expiration dates, which may be stored within the enterprise system. In such cases, the authentication device 358 may retrieve the associated time period or expiration date after receiving an authentication request containing an access token. If the access token is valid and has not yet expired, the user may be granted access to the requested resources or services of the enterprise system (i.e. setting a time threshold to limit a mobile access device access to network). ([0103] In such examples, the access token may be retrieved and submitted to the authentication device 358 without any explicit action by the user, or even without the user's knowledge (i.e. access without requiring another authentication.);
detecting that the mobile device is offline [just prior to second authentication request to the system; 0101]; 
re-establishing communication with the mobile device after the mobile device has been offline [0101]; 
in response to the re-establishing communication, determining whether the threshold on the number of times has been exceeded [0106: valid and 0111: within time threshold]; and 
in response to the threshold on the number of times not being exceeded, granting parallel access of the equipment without requiring another authentication of the mobile device [0105; validated without user action 0103].

Therefore, it would have been obvious to a person having ordinary skills in the art, before the effective filing date of the claimed invention, to incorporate the teachings of Hayton in to the teachings Ahmed because an access token and encryption key method offers a more dynamic and secure control of changes related to equipment access attributes and privileges assigned to each user. Since it’s efficient to manage access token control which in turn control a user’s assign attributes and privileges related to the equipment being accessed. Furthermore, Hayton [0006-0007, 0092].  Additionally, it will improve the collection of security and performance data related to equipment access and usage, as taught Hayton, [0057].
The combining of the teachings would have yielded predictable results to one of ordinary skills in the art. 
Ahmed and Hayton don’t explicitly teach using private Virtual network (VLAN); through the private VLAN.
Ramalho teaches using private Virtual network (VLAN) ([Sec. IV, Fig. 4 and Fig.5] teaches a management system using a private VLAN based network to connect to management system with managed equipment.)
Therefore, it would have been obvious to a person having ordinary skills in the art, before the effective filing date of the claimed invention, to incorporate the teachings of Ramalho into the teachings of Ahmed and Hayton because it provides creating a layer 2 virtual network to separate and restrict user accesses to their respective equipment by assigning VLANs and configuring network switches as shown at Fig. 5.), as taught by Ramalho [Sec. IV]).  The combining of the teachings of Ramalho would have yielded predictable results to one of ordinary skills in the art since VLAN (802.1Q or 802.1ad) is a standardized protocol that are widely used in the art.
Regarding to claim 12, the combination of Ahmed, Hayton and Ramalho teaches the information handling system of claim 11.  Ahmed teaches wherein the security credential includes user identification, a media access control address, an internet protocol address, or a unique identifier, of the mobile device.  ([0037 – 0038] user and mobile device security credentials such as IP addresses … username and password verification (i.e. unique identifier), via a hardware device authentication (i.e. MAC address authentication), or another mechanism for providing security and authentication, as needed or desired.)
Regarding to claim 13, the combination of Ahmed, Hayton and Ramalho teaches the information handling system of claim 11.  Ahmed doesn’t explicitly teach wherein the access information includes different scope of authority for each accessed equipment.
Hayton further teaches wherein the configured access information includes a different scope of authority at the next accessing instance. ([1001] the second authentication request may be made via the same client application used to make the first authentication request, or with a different client application. For instance, the first authentication request may be a login attempt made with a receiver application 404, and the second authentication request may be made by a separate client application 410 (e.g., email client 410, web browser 410, etc.) to access specific enterprise resources or services. //examiner remarks: this the mobile device accessing separate applications (i.e. different scope of authority) in the second access to the network resources.)
Therefore, it would have been obvious to a person having ordinary skills in the art, before the effective filing date of the claimed invention, to incorporate further teachings of Hayton into the teachings of Ahmed as modified to provide better access control of users that may be authorized to access some resources and services, but might not be authorized to access others, depending on the user's permissions in the enterprise system, as taught by Hayton [0092].
Regarding to claim 14, the combination of Ahmed, Hayton and Ramalho teaches the Ahmed doesn’t explicitly teach, wherein the simultaneous access includes a parallel access of the equipment on a next accessing instance without requiring another authentication.
Hayton further wherein the simultaneous access includes a parallel access of the equipment on a next accessing instance without requiring another authentication.   ([0102-0103] discloses subsequent access to a second resource not requiring authentication. In such examples, the access token may be retrieved and submitted to the authentication device 358 without any explicit action by the user, or even without the user's knowledge.)
Therefore, it would have been obvious to a person having ordinary skills in the art, before the effective filing date of the claimed invention, to incorporate further teachings of Hayton into the teachings of Ahmed as modified because it is more simple and secure not to enter the user credential for each and subsequent access of an equipment in the same enterprise network, as taught by Hayton [0102].
Regarding to claim 15, the combination of Ahmed, Hayton and Ramalho teaches the information handling system of claim 11.  Ahmed teaches wherein the simultaneous accessing of the equipment utilizes a Wi-Fi interface. ([0018] For example, wireless management modules 114, 134, 144, and 154 can include WiFi wireless interfaces in accordance with one or more IEEE 802.11 specifications for high-speed data communication between mobile device 170 and the wireless management modules.)

	Claim 16 is rejected under 35 U.S.C. 103 as being unpatentable over Ahmed, Hayton Ramalho as applied to claim 11, and further in view of Guglani (US 20160092696 A1, hereinafter, Guglani).
Regarding to claim 16, the combination of Ahmed, Hayton and Ramalho teaches the information handling system of claim 11.  Ahmed, Hayton and Ramalho don’t explicitly teach wherein the access token is generated by using a JSON Web Token standard.
Guglani teaches wherein the access token is generated by using a JSON Web Token standard. ([00777] For example, the MAP computer 140 may send a cryptogram, (e.g. an encoded string, a user identity token or a JSON Web Token (JWT)) to the mobile application 111 that asserts the identity of the user 101. The MAP computer 140 may provide multiple cryptograms to the mobile application 111. Each cryptogram may be associated with a piece of sensitive user data such as an account number, a social security number, an identification number, etc.) 
Therefore, it would have been obvious to a person having ordinary skills in the art, before the effective filing date of the claimed invention, to incorporate the teaching of Guglani into the teachings of Ahmed as modified by Hayton and Ramahlo because JWT is compact and easier to process on user's devices, especially on mobile devices.  The combining of the teachings of Guglani would have yielded predictable results to one of ordinary skills in the art since JWT (RFC 7519) is a standardized protocol that are widely used in the industry and compatible with X.509 standard compliant certificate.




Conclusion
The prior art made of record and not relied upon is considered pertinent to applicant's disclosure. 
USP Application Publication 2017/0126685 teaches a token that has a usage limit that gets updated each time it is used to connect to a resource.

Any inquiry concerning this communication or earlier communications from the examiner should be directed to MICHAEL R. VAUGHAN whose telephone number is 
Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system.  Status information for published applications may be obtained from either Private PAIR or Public PAIR.  Status information for unpublished applications is available through Private PAIR only.  For more information about the PAIR system, see http://pair-direct.uspto.gov. Should you have questions on access to the Private PAIR system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative or access to the automated information system, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.

/MICHAEL R VAUGHAN/
Primary Examiner, Art Unit 2431