DETAILED ACTION

Claims 1-20 are presented for examination.

Notice of Pre-AIA  or AIA  Status 
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA . 
Information Disclosure Statement
The Information Disclosure Statement(s) submitted by applicant on 04/08/2021, 08/10/2020, and 02/12/2020 has/have been considered. The submission is in compliance with the provisions of 37 CFR § 1.97. Form PTO-1449 signed and attached hereto.

	Notice of Pre-AIA  or AIA  Status

The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA . 
In the event the determination of the status of the application as subject to AIA  35 U.S.C. 102 and 103 (or as subject to pre-AIA  35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status.  
Claim Rejections - 35 USC § 103

The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102 of this title, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains.  Patentability shall not be negated by the manner in which the invention was made.


Claims1-9 and 11-20are rejected under 35 U.S.C. 103 as being unpatentable over Jones et al. (US Patent Application No. 20180302391) (Hereinafter Jones) in view of Feijoo et al. (US Patent Application No. 20190058706) (Hereinafter Feijoo).

	
As per claim 1, Jones discloses a system for implementing a dual layer authentication for identity authentication or access control, comprising: a processor implemented server system communicably coupled with a primary identity authentication server, the server system comprising a plurality of resource servers and a secondary identity authentication server, wherein said server system is configured to: 
receive at a first resource server within the server system, a request for a first processor implemented service implemented by said first resource server (fig 4-5, para 39, request the desired resource from the resource server);  
receive at the first resource server, a primary access token generated by the primary identity authentication server corresponding to an identity of a requestor that 
receive at the first resource server, validation information transmitted by the primary identity authentication server, said validation information corresponding to the primary access token (fig 4-5, para 39, resource server forwards the token for validation ); 
 responsive to the received validation information confirming validity of the primary access token service (fig 4-5, para 39, resource server forwards the token for validation ). 
Jones does not disclose transmit from the first resource server to the secondary identity authentication server, a request for generation of a secondary access token corresponding to the identity of the requestor that has generated the request for the first processor implemented service; receive at the first resource server, the secondary access token requested from and generated by the secondary identity authentication server; and implement one or more processes associated with the first processor implemented service requested from the first resource server, wherein said one or more processes includes transmitting to a second resource server within the server system, a request for a second processor implemented service implemented by said second resource server. 
However, Feijoo discloses transmit from the first resource server to the secondary identity authentication server (fig 8A-8D, para 121,  redirecting the request), a request for generation of a secondary access token corresponding to the identity of 
receive at the first resource server, the secondary access token requested from and generated by the secondary identity authentication server (fig 8A-8D, para 124,140; sends the second authentication token ); and 
implement one or more processes associated with the first processor implemented service requested from the first resource server, wherein said one or more processes includes transmitting to a second resource server within the server system, a request for a second processor implemented service implemented by said second resource server (fig 8A-8D, para 124,140, he third party system may grant access to the services and resources provided by the third party system using the federated authentication service).  It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to combine the teachings of Jones and Feijoo. The motivation would have been to provide solutions for security over a computer network using Federated identity provider.
 
As per claim 2, claim is rejected for the same reasons as claim 1, above. In addition, Feijoo discloses  wherein the server system is configured such that: the first resource server transmits to the second resource server: 
the request for the second processor implemented service implemented by said 
second resource server (fig 8A-8D, para 124,140, he third party system may grant access to the services and resources provided by the third party system using the federated authentication service); and 

receives validation information transmitted by the secondary identity authentication server, said validation information corresponding to the secondary access token(fig 8A-8D, para 124,140, he third party system may grant access to the services and resources provided by the third party system using the federated authentication service based on second token);  and 
	responsive to the received validation information confirming validity of the secondary access token, implements one or more processes associated with the second processor implemented service requested from the second resource server (fig 8A-8D, para 124,140, he third party system may grant access to the services and resources provided by the third party system using the federated authentication service). 
 
As per claim 3, claim is rejected for the same reasons as claim 1, above. In addition, Feijoo discloses wherein each of the plurality of resource servers comprises a processor implemented instance of a logical server configured to implement a discrete logical application (para 144, virtual machine). 
 
As per claim 4, claim is rejected for the same reasons as claim 1, above. In addition, Jones discloses  wherein the first resource server is configured to receive the request for the first processor implemented service from a terminal device communicably coupled to the system (fig 4-5, para 39, request the desired resource from the resource server). 

As per claim 5, claim is rejected for the same reasons as claim 1, above. In addition, Feijoo discloses wherein the validation information corresponding to the primary access token is received by the first resource server in response to a first validation request sent to the primary identity authentication server from the first resource server (fig 8A-8D, para 124,140, he third party system may grant access to the services and resources provided by the third party system using the federated authentication service). 
 
As per claim 6, claim is rejected for the same reasons as claim 1, above. In addition, Feijoo discloses  wherein the request for generation of the secondary access token transmitted from the first resource server to the secondary identity authentication server is accompanied by transmission of the primary access token from the first resource server to the secondary identity authentication server(fig 8A-8D, para 124,140, he third party system may grant access to the services and resources provided by the third party system using the federated authentication service). 
 
As per claim 7, claim is rejected for the same reasons as claim 1, above. In addition, Feijoo discloses wherein the secondary access token is generated by the secondary identity authentication server responsive to the secondary identity authentication server receiving from primary identity authentication server, confirmation of validity of the primary access token (fig 8A-8D, para 124,140, he third party system 
 
As per claim 8, claim is rejected for the same reasons as claim 1, above. In addition, Feijoo discloses  wherein the confirmation of validity of the primary access token is received from the primary identity authentication server at the secondary identity authentication server, in response to a second validation request sent to the primary identity authentication server from the second identity authentication server (para 110, fig 8D, para 5) . 
 
As per claim 9, claim is rejected for the same reasons as claim 1, above. In addition, Feijoo discloses wherein the primary identity authentication server is external to the server system and is communicably coupled with the server system (fig 8D). 
 
As per claim 11, claim is rejected for the same reasons as claim 1, above. In addition, Jones discloses wherein the secondary access token defines one or more secondary token access permissions that are identical to or based on one or more primary token access permissions defined by the primary access token (fig 2B, para 28, 58, request is coming from the same user based on clients to permitted API scopes based on the user's roles and permissions). Feijoo discloses secondary access token (fig 8A-8D).
 
As per claim 12, claim is rejected for the same reasons as claim 1, above. 

As per claim 13, claim is rejected for the same reasons as claim 2, above. 

As per claim 14, claim is rejected for the same reasons as claim 3, above. 

As per claim 15, claim is rejected for the same reasons as claim 4, above. 

As per claim 16, claim is rejected for the same reasons as claim 5, above. 

As per claim 17, claim is rejected for the same reasons as claim 6, above. 

As per claim 18, claim is rejected for the same reasons as claim 7, above. 

As per claim 19, claim is rejected for the same reasons as claim 8, above. 

As per claim 20, claim is rejected for the same reasons as claim 1, above. 

Claim 10 is rejected under 35 U.S.C. 103 as being unpatentable over Jones et al. (US Patent Application No. 20180302391) (Hereinafter Jones) in view of Feijoo et al. (US Patent Application No. 20190058706) (Hereinafter Feijoo) in further view of Bauban (US Patent Application No.2006/0174332) (Hereinafter Bauban).

As per claim 10,  Feijoo  does not disclose  wherein: the data throughput rate between the secondary identity authentication server and one or more of the plurality of resource servers within the server system is higher than the data throughput rate between the primary identity authentication server and the one or more of the plurality of resource servers within the server system;  or the maximum data transmission rate between the secondary identity authentication server and one or more of the plurality of resource servers within the server system is higher than the maximum data transmission rate between the primary identity authentication server and the one or more of the plurality of resource servers within the server system. Bauban discloses  the data throughput rate between the secondary identity authentication server and one or more of the plurality of resource servers within the server system is higher than the data throughput rate between the primary identity authentication server (para 25, high data rate packet transmission network RP to which the authentication server SA is connected). It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to combine the teachings of Jones and Feijoo with Bauban. The motivation would have been to select authentication server.


Conclusion

Please see the attached PTO-892 for the prior art made of record and not relied upon is considered pertinent to applicant's disclosure.

Any inquiry concerning this communication or earlier communications from the examiner should be directed to MOHAMMAD A SIDDIQI whose telephone number is (571)272-3976.  The examiner can normally be reached on Monday-Friday.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Carl G Colin can be reached on 571-272-3862.  The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system.  Status information for published applications may be obtained from either Private PAIR or Public PAIR.  Status information for unpublished applications is available through Private PAIR only.  For more information about the PAIR system, see https://ppair-my.uspto.gov/pair/PrivatePair. Should you have questions on access to the Private PAIR system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative or access to the automated information system, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.