DETAILED ACTION
Claims 1, 3-11 & 13-20 
Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .
Response to Arguments
Applicant’s arguments have been considered but are moot because the new ground of rejection does not rely on any reference applied in the prior rejection of record for any teaching or matter specifically challenged in the argument.

Claim Rejections - 35 USC § 103
In the event the determination of the status of the application as subject to AIA  35 U.S.C. 102 and 103 (or as subject to pre-AIA  35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status.  

The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102 of this title, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains.  Patentability shall not be negated by the manner in which the invention was made.


s 1, 11 & 18, 3-7, 9, 11, 14, 16 & 18 are rejected under 35 U.S.C 103 as being unpatentable over Van Till et al. (US 2014/0282993), referred to as Van, in view of Sondhi et al. (US 2015/0089623), hereon referred to as Sondhi, in view of Heiman et al. (US 2017/0111345), hereon referred to as Heiman.  
	In regards to claims 1, 11 & 18, Van discloses validate the token based on the combination; after validating the token, receive the at least one request for service from the user (Managing access to physical resources by linking the tokens to the electronic identities; translating the tokens to the appropriate physical token type based on infrastructure services available at the point of service; validating tokens at the physical resource; tracking and conveying usage information; and making use of social group relationships and other data defined by individual usage to, among other things; Abs.); and permit access to the at least one service by the user, in response to the at least one request for service from the user and based on validating the token (Authentication and validation of the token(s) allows user access to the resource; Paragraphs 0042-0046). 
	However, Van does not disclose before receiving at least one request for service from a user with an identifier, receive a token that is different from the identifier, based on service usage information relating to usage by the user of at least one service hosted by at least one server.  In an analogous art Sondhi discloses before receiving at least one request for service from a user with an identifier, receive a token that is different from the identifier, based on service usage information relating to usage by the user of at least one service hosted by at least one server (A computer-implemented method for generating authorization tokens for different applications executing in the context of separate isolated identity domains in a multi-identity domain cloud-based computing environment. The method involves receiving a request from a client application executing within an identity domain, selecting a service profile and determining based on the service profile whether the client application is permitted to .
	At the time the invention was filed it would have been obvious to an ordinary skill in the art to combine the teachings disclosed by Van, with the teachings disclosed by Sondhi regarding before receiving at least one request for service from a user with an identifier, receive a token that is different from the identifier, based on service usage information relating to usage by the user of at least one service hosted by at least one server. The suggestion/motivation of the combination would have been to improve security by ensuring that access to resources stored on those resource servers is limited to access to which the resource owner consents. (Sondhi; Abs.).  
	However, the combination of Van and Sondhi does not disclose, the token identifying a combination of the user device and service usage information. In an analogous art Heiman discloses the token identifying a combination of the user device and service usage information (The user interface allows access tokens, records, tokens that include device identifiers, tokens that include usage history and the like; Paragraphs 0044; 0076-0077). 
	At the time the invention was filed it would have been obvious to an ordinary skill in the art to combine the teachings disclosed by the combination of Van and Sondhi, with the teachings disclosed by Heiman regarding the token identifying a combination of the user device and service usage information. The suggestion/motivation of the combination would have been to improve security by tokenization of sensitive personal data, such as user identification information, for use in transactions (Heiman; Paragraph 0001).
	In regards to claims 3, 13 & 20, Sondhi discloses wherein the service usage information identifies the user and the at least one service (The user profile and request identifies the user and service; Paragraphs 0073; 0087-0089; 0096). 
	In regards to claim 4, Sondhi discloses wherein the service usage information identifies a time associated with the user (The OAuth framework additionally may provide, to such customers, programming contracts or programmatic interfaces that permit policies to be created at the time of token issuance; Paragraph 0049; 0171).
	In regards to claim 5, Sondhi discloses wherein the service usage information identifies a location associated with the user (OAuth authorization server stores configuration information that indicates the 
	In regards to claim 6 & 14, Sondhi discloses wherein access is allowed to the at least one service, in response to the at least one request for service being received from the user, without waiting for the token to be validated (The OAuth framework additionally may provide, to such customers, programming contracts or programmatic interfaces that permit policies to be created at the time of token issuance. These programmatic contracts or programmatic interfaces allow customers to plug their own custom programmatic code into the OAuth framework. Using these programmatic interfaces, a customer can wire its existing infrastructure into the OAuth system; Paragraph 0049). 
	In regards to claim 7, Van discloses; in response to the another request for service from the user, determine whether the token has been validated in connection with the another service; and if it is determined that the token has not been validated in connection with the another service, sending the identifier for requesting the token so that the token can be validated (Managing access to physical resources by linking the tokens to the electronic identities; translating the tokens to the appropriate physical token type based on infrastructure services available at the point of service; validating tokens at the physical resource; tracking and conveying usage information; and making use of social group relationships and other data defined by individual usage to, among other things; Abs.).
	However, Van does not disclose receive another request for service from the user in connection with another service hosted by the at least one server. In an analogous art Sondhi discloses receive another request for service from the user in connection with another service hosted by the at least one server (The method involves receiving a request from a client application executing within an identity domain, selecting a service profile and determining based on the service profile whether the client application is permitted to access a resource server. Paragraphs 0073; 0087-0089; 0096).
	In regards to claims 9 &16, Sondhi discloses wherein the one or more processors execute the instructions to: receive the identifier in connection with at least one failed request for service that failed due to a lack of token validation (A computer-implemented method for generating authorization tokens for different applications executing in the context of separate isolated identity domains in a multi-identity domain cloud-based computing environment. The method involves receiving a request from a client application executing within an identity domain, selecting a service profile and determining based on the service profile whether the client application is permitted to access a resource server. If access is permitted, the OAuth authorization server generates a token based on scope information obtained from the resource server; Paragraphs 0073; 0087-0089; 0096).
	
	 
Claims 2, 10, 12, 17 & 19 are rejected under 35 U.S.C 103 as being unpatentable over the combination of Van , Sondhi and Heiman, in view of Palmeri et al. (US 2015/0074407),hereon referred to as Palmeri. 
	In regards to claims 2, 12 & 19, the combination of Van , Sondhi and Heiman does not disclose wherein the identifier includes a universally unique identifier (UUID). However, in an analogous art Palmeri discloses wherein the identifier includes a universally unique identifier (UUID) (A UUID is generated for the user; Paragraphs 0078-0080). 
	At the time the invention was filed it would have been obvious to an ordinary skill in the art to combine the teachings disclosed by the combination of Van , Sondhi and Heiman, with the teachings disclosed by Palmeri regarding wherein the identifier includes a universally unique identifier (UUID). The suggestion/motivation of the combination would have been to provide improved security in data processing with remote applications on servers (Palmeri; Paragraph 0002). 
	In regards to claims 10 & 17, the combination of Van , Sondhi and Heiman does not disclose wherein the one or more processors execute the instructions to: validate the token based on the at least one service in the indication matching the service identified by the at least one request. However, in an analogous art, Palmeri discloses wherein the one or more processors execute the instructions to: validate the token based on the at least one service in the indication matching the service identified by the at least one request (Wherein the encryption key is known at the server computer; validating the identity token and obtaining the user identifier therein; creating and storing a session token that is uniquely associated with the client computer and that includes a session identifier, the user identifier, and a binding to the secure socket connection; Abs).

	 
Claims 8 & 15 are rejected under 35 U.S.C 103 as being unpatentable over the combination of Van , Sondhi and Heiman, in view of Tatourian et al (US 20160191512),hereon referred to as Tatourian. 
	In regard to claim 8 & 15, the combination of Van , Sondhi and Heiman does not disclose wherein the one or more processors execute the instructions to: validate the token based on a prediction that the user will access the at least one service, the prediction generated using the service usage information. However, in an analogous art Tatourian discloses wherein the one or more processors execute the instructions to: validate the token based on a prediction that the user will access the at least one service, the prediction generated using the service usage information (To provide access to resources, in which case the predictive user authentication system may track and immediately unlock access to resources needed (Paragraphs 0044-0046). 
	At the time the invention was filed it would have been obvious to an ordinary skill in the art to combine the teachings disclosed by the combination of Van and Sondhi, with the teachings disclosed by Tatourian regarding wherein the one or more processors execute the instructions to: validate the token based on a prediction that the user will access the at least one service, the prediction generated using the service usage information. The suggestion/motivation of the combination would have been to provide improved security by including predicted user authentication system to exclude candidate . 

Conclusion

Applicant's amendment necessitated the new ground(s) of rejection presented in this Office action.  Accordingly, THIS ACTION IS MADE FINAL.  See MPEP § 706.07(a).  Applicant is reminded of the extension of time policy as set forth in 37 CFR 1.136(a).  
A shortened statutory period for reply to this final action is set to expire THREE MONTHS from the mailing date of this action.  In the event a first reply is filed within TWO MONTHS of the mailing date of this final action and the advisory action is not mailed until after the end of the THREE-MONTH shortened statutory period, then the shortened statutory period will expire on the date the advisory action is mailed, and any extension fee pursuant to 37 CFR 1.136(a) will be calculated from the mailing date of the advisory action.  In no event, however, will the statutory period for reply expire later than SIX MONTHS from the date of this final action. 



Any inquiry concerning this communication or earlier communications from the examiner should be directed to SHARIF E ULLAH whose telephone number is (571)272-5453.  The examiner can normally be reached on Mon-Fri 7:00-5:30.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.

Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system.  Status information for published applications may be obtained from either Private PAIR or Public PAIR.  Status information for unpublished applications is available through Private PAIR only.  For more information about the PAIR system, see https://ppair-my.uspto.gov/pair/PrivatePair. Should you have questions on access to the Private PAIR system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative or access to the automated information system, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.






/SHARIF E ULLAH/Primary Examiner, Art Unit 2495