Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .

	DETAILED ACTION
This action is in response to an application filed June 2, 2020. Claims 1-7 are pending in this application.

Claim Rejections - 35 USC § 102
The following is a quotation of the appropriate paragraphs of 35 U.S.C. 102 that form the basis for the rejections under this section made in this Office action:
A person shall be entitled to a patent unless –

(a)(1) the claimed invention was patented, described in a printed publication, or in public use, on sale, or otherwise available to the public before the effective filing date of the claimed invention.

Claim(s) 1-2 and 5-7 is/are rejected under 35 U.S.C. 102(a)(1) as being anticipated by Zhou et al. (US 2017/0337361 A1).

With respect to claim 1, Zhou discloses an information processing apparatus comprising:
a memory configured to store, in an associated form, management information and a refresh token, the management information associated with a user (Abstract, [0023], [0027], and [0070]-[0072], user ID, authorization key, and refresh key are stored in storage module of terminal device), the refresh token serving as second qualification information that is used to acquire an access token serving as first qualification 
a processor configured to
accept the management information ([0007] and [0015]-[0016], user ID is verified),
transmit to an authentication server the refresh token associated with the accepted management information and stored on the memory ([0080], terminal transmits ticket refresh which includes user ID and refresh key to account management server),
receive the access token that is transmitted from the authentication server if the authentication server has verified that the transmitted refresh token is effective ([0080]-[0082], if refresh key is in valid period, account management server sends authentication ticket to terminal), and
use the web service with the received access token ([0013] and [0033], the app resource server is accessed using received authentication ticket).
With respect to claim 2, Zhou discloses the information processing apparatus according to Claim 1, wherein the processor is further configured to, 
if the refresh token associated with the accepted management information is not stored on the memory, cause a display to display a screen that requests the user to enter authentication information for the authentication server to authenticate the user ([0067]-[0068], when authentication ticket is invalid, user name and password are inputted by the user),
accept the authentication information ([0069], authentication ticket is received),

receive the access token and the refresh token that are transmitted by the authentication server if the authentication server has successfully authenticated the user in accordance with the transmitted authentication information( [0080]-[0082], if refresh key is in valid period, account management server sends authentication ticket to terminal),
cause the memory to store in an associated form the accepted management information, the accepted authentication information, and the refresh token received from the authentication server (Abstract, [0023], [0027], and [0070]-[0072], user ID, authorization key, and refresh key are stored in storage module of terminal device), and
use the web service with the access token received from the authentication server ([0013] and [0033], the app resource server is accessed using received authentication ticket).
With respect to claim 5, Zhou discloses the information processing apparatus according to Claim 1,
wherein the authentication server issues an access token on a per web service basis to use the web service ([0013] and [0033], authentication ticket is returned to terminal for use with an app resource server), and 
wherein the processor is further configured to 
transmit to the authentication server the refresh token and information to identify the web service specified by the user ([0080], terminal transmits ticket refresh which includes user ID and refresh key to account management server), 

use the web service, specified by the user, with the received access token ([0013] and [0033], the app resource server is accessed using received authentication ticket).
With respect to claim 6, Zhou discloses an information processing system comprising:
an information processing apparatus ([0060] and Figure 1, terminal device); and
an authentication server ([0060] and [0183], account management server 120),
wherein the information processing apparatus includes a first memory and a first processor ([0060] and Figure 1, terminal device) and the authentication server includes a second processor (Figure 1, 120, account management server),
wherein the first memory stores, in an associated form, management information and a refresh token, the management information associated with a user (Abstract, [0023], [0027], and [0070]-[0072], user ID, authorization key, and refresh key are stored in storage module of terminal device), the refresh token serving as second qualification information that is used to acquire an access token serving as first qualification information for use of a web service ([0073]-[0074] and [0110], refresh key has longer valid period of authorization key and used for verifying user to app resource server);
wherein the first processor is configured to

transmit to the authentication server the refresh token associated with the accepted management information and stored on the first memory ([0080], terminal transmits ticket refresh which includes user ID and refresh key to account management server),
wherein the second processor is configured to
receive the refresh token transmitted from the information processing apparatus ([0080], account management server, upon receipt of refresh key, issues terminal a new refresh key),
verify effectiveness of the received refresh token ([0080]-[0082], determining whether refresh key is in a valid period for use with app resource server), and
if the received refresh token is effective, transmit the access token to the information processing apparatus ([0080]-[0082], if refresh key is in valid period, account management server sends authentication ticket to terminal), and
wherein the first processor is further configured to
receive the access token transmitted from the authentication server ([0013] and [0033], authentication ticket is returned to terminal for use with an app resource server), and
use the web service with the received access token ([0013] and [0033], the app resource server is accessed using received authentication ticket).
With respect to claim 7, Zhou discloses a non-transitory computer readable medium storing a program causing a computer to execute a process for processing 
accepting the management information ([0007] and [0015]-[0016], user ID is verified);
transmitting to an authentication server the refresh token associated with the accepted management information and stored on the memory ([0080], terminal transmits ticket refresh which includes user ID and refresh key to account management server);
receiving the access token that is transmitted by the authentication server if the authentication server has verified that the transmitted refresh token is effective ([0080]-[0082], if refresh key is in valid period, account management server sends authentication ticket to terminal); and
using the web service with the received access token ([0013] and [0033], the app resource server is accessed using received authentication ticket).

Claim Rejections - 35 USC § 103
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.

Claims 3-4 is/are rejected under 35 U.S.C. 103 as being unpatentable over Zhou et al. (US 2017/0337361 A1), in view of Canavor et al. (US 2018/0026968 A1).

With respect to claim 3, Zhou discloses the information processing apparatus according to Claim 1, but does not explicitly teach wherein the processor is further configured to delete the access token from the information processing apparatus if the user has logged out from the information processing apparatus;
However, Canavor discloses the processor is further configured to delete the access token from the information processing apparatus if the user has logged out from the information processing apparatus ([0059], security credentials maintained ephemerally in a client’s memory is erased when client logs out and exits a browser);
Therefore, it would have been obvious to one of ordinary skill in the art, at the time the invention was filed, to combine the teachings of Zhou with the teachings of Canavor and delete an access token from an apparatus when a user logs out, in order to prevent potential thief of the user’s credentials by removing the credentials from the device upon a session ending.
With respect to claim 4, Zhou discloses the information processing apparatus according to Claim 2, but does not explicitly teach wherein the processor is further configured to delete the access token from the information processing apparatus if the user has logged out from the information processing apparatus;
However, Canavor discloses the processor is further configured to delete the access token from the information processing apparatus if the user has logged out from the information processing apparatus ([0059], security credentials maintained ephemerally in a client’s memory is erased when client logs out and exits a browser);
Therefore, it would have been obvious to one of ordinary skill in the art, at the time the invention was filed, to combine the teachings of Zhou with the teachings of Canavor and delete an access token from an apparatus when a user logs out, in order to prevent potential thief of the user’s credentials by removing the credentials from the device upon a session ending.

Conclusion
Any inquiry concerning this communication or earlier communications from the examiner should be directed to ESTHER B. HENDERSON whose telephone number is (571)270-3807.  The examiner can normally be reached on Monday-Friday 6a-2p ET.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.

Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system.  Status information for published applications may be obtained from either Private PAIR or Public PAIR.  Status information for unpublished applications is available through Private PAIR only.  For more information about the PAIR system, see https://ppair-my.uspto.gov/pair/PrivatePair. Should you have questions on access to the Private PAIR system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative or access to the automated information system, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.
/ESTHER B. HENDERSON/Primary Examiner, Art Unit 2458                                                                                                                                                                                                        August 13, 2021