Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .  This is in reply to papers filed on 12/09/2019. Claims 1-20 are pending. Claims 1, 8, and 16 is/are independent.

Information Disclosure Statement
	The information disclosure statement(s) (IDS) submitted on 11/15/2019 is/are in compliance with the provisions of 37 CFR 1.97. Accordingly, the information disclosure statement(s) is/are being considered by the examiner.
	
	
Claims Recite Eligible Subject Matter
Examiner notes that the claims recite eligible subject matter because there is an improvement to the authentication process. The improvement is that the first authentication token (token to access a session) is modified based on a second authentication token, which provides an improved authentication token with the content (e.g., claims) generated from the individual tokens. Further, the improved composite identity token is provided to the server, thereby providing notification of the content (e.g., claims) available with the composite identity token to the server providing the session. This modified token permits a user to use services secured by different relying parties and identity providers and associated with different issued tokens while maintaining a single sign-on experience.  See Specification para 0003 and 0005.  

	
Claim Rejections - 35 USC § 103
	The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:


	The factual inquiries set forth in Graham v. John Deere Co., 383 U.S. 1, 148 USPQ 459 (1966), that are applied for establishing a background for determining obviousness under 35 U.S.C. 103 are summarized as follows:
1. Determining the scope and contents of the prior art.
2. Ascertaining the differences between the prior art and the claims at issue.
3. Resolving the level of ordinary skill in the pertinent art.
4. Considering objective evidence present in the application indicating obviousness or nonobviousness.
	
	This application currently names joint inventors. In considering patentability of the claims the examiner presumes that the subject matter of the various claims was commonly owned as of the effective filing date of the claimed invention(s) absent any evidence to the contrary.  Applicant is advised of the obligation under 37 CFR 1.56 to point out the inventor and effective filing dates of each claim that was not commonly owned as of the effective filing date of the later invention in order for the examiner to consider the applicability of 35 U.S.C. 102(b)(2)(C) for any potential 35 U.S.C. 102(a)(2) prior art against the later invention.

	
Claims 1-2, 4, 8-9, 11-12, and 16-17 is/are rejected under 35 U.S.C. 103 as being unpatentable over Gao et al. U.S. Publication 20110030047 (hereinafter “Gao”) in view of Wadley et al. U.S. Publication 20170076366 (hereinafter “Wadley”), further in view of Johnson et al. U.S. Publication 20060259776 (hereinafter “Johnson”).
As per claim 1, Gao discloses a method comprising: 
receiving a request to access a resource from a user device, 
(See Gao figure 2, steps 205, 209 [a method comprising:]
user device]
figure 1 mobile terminal[user device]
Para. [0034]
In step 205, in response to receiving an authentication request from the user, [the request is received at resource = mobile service platform ] authenticating is performed on the user

the user device configured to access a session with a first authentication token, and 
(See Gao Para. [0034]
In step 205, in response to receiving an authentication request from the user, authenticating is performed on the user, wherein the authentication request includes the first token obtained from the application by the user.[ user device configured to access a session with a first authentication token; 2 ways to map this, 1st, there is a session with a first authentication token with the third-party application, and the user device is configured to access that session with the third-party application; 2nd, there is a session with the mobile service platform, and the user device is configured to provide the 1st authentication token to the mobile service platform. ]
………, and the user obtains the first token from the third-party application[ user device configured to access a session with a first authentication token; this is a session with the third-party application]. 
[0037]
In step 207, in response to the user passing the authentication, …… generates related massage, for example, the massage can be “an application xxx requests to access your friends numbers temporarily, do you agree?”, and send this massage to the user, so as to request a confirmation from the user.[ a session; this is a session with the mobile service platform]
)

the requested resource being accessible with another token other than the first authentication token; 
(See Gao Para. [0040]
…..the third-party application may make a second request for accessing the user information to the mobile service platform …….the second request including the second token [another token = second token ]and indicating its access has been confirmed by the user. In response to the second request, the mobile service platform checks the second token and allows the application to access the user information temporally[requested resource being accessible with another token other than the first authentication token;]..
)

retrieving, based on information in the request, a second authentication token;
(See Gao Para. 0021]
generating a second token in response to the user's confirmation of the first request; 
[0038] in response to the user confirming the first request for allowing the application to access the user information, a second token is generated)
	
However, Gao does not expressly disclose 
modifying the first authentication token with use of the second authentication token to generate a composite identity token; and 
transmitting the composite identity token to a server providing the session.

Wadley discloses modifying the first authentication token with use of the second authentication token to generate a composite identity token; and 
(See Wadley figure 1, element 110 [combine first token with second token]
authentication token because the user presents the token to authenticate that they have the right to enter a transaction with the account associated with the token. See, e.g., para. 22]
Wadley Para. [0045]
any number of customers may combine any number of their respective tokens into a single token through this system. For example, a first customer may combine a single token with a second customer's single token, and with a third customer's two tokens
Wadley  [0040] restructure one or more of the 
accounts associated with the third token to grant access to both the first and 
second customer.  For example, the first customer may have previously owned a 
first account outright and had sole access to the account, but after combining 
the first and second tokens[authentication token] into the third token, the system may …… grant the second customer access to the first account.  
Wadley [0057]
the system has combined the first and second tokens into a third token,
Wadley [0053] granting full access to these accounts through the third token. 
).
It would have been obvious to a person having ordinary skill in the art before the effective filing date of the claimed invention to have modified Gao with the technique for generating a combination token from two individual tokens of Wadley to include 
modifying the first authentication token with use of the second authentication token to generate a composite identity token; and 

One of ordinary skill in the art would have made this modification to improve the ability of the system to generate a single token that has the access capabilities of two single tokens. This allows for greater access capabilities for an entity that presents the combination token. The 

	However, the combination of Gao and Wadley does not expressly disclose 
transmitting the composite identity token to a server providing the session.
Johnson discloses transmitting the composite identity token to a server providing the session.
(See Johnson Para. [0025]
STS-IP 115 is configured to provide security tokens to multiple resource providers. As shown in FIG. 1, a particular resource provider 141 may request a user to be authenticated by information from identity provider 111 before the user is granted access [server providing the session] to resources. STS-IP 115 is configured to provide security information about the user in the form of a security token to resource providers 141-142. STS-IP 115 is configured to receive the security information in the form of claims from account stores 113. The claims from account stores 113 are typically in an intermediate format.
[This is a composite identity token because the claims stored in the generated token are received from various account stores and transformed to a canonical format, see para. 18 claims transformed from intermediate format to federated format and provided in a security token]
Johnson [0054]
claim may be incorporated in a security token for sending to a STS-RP.
).
It would have been obvious to a person having ordinary skill in the art before the effective filing date of the claimed invention to have modified the combination of Gao and Wadley with the technique for transmitting a token with claims combined from multiple sources of Johnson to include 
transmitting the composite identity token to a server providing the session.
One of ordinary skill in the art would have made this modification to improve the ability of the system to provide a composite token to a server with combined privileges of individual tokens. The system (e.g. mobile service platform 500) of the primary reference can be modified so that the mobile service platform can provide the modified token to the third-party application. The third-party application may store the combined token and provide such token to the user when the user requires it for use, such as when the additional privileges afforded by the modified token are required by the user. 

As per claim 2, the rejection of claim 1 is incorporated herein. 
	However, Gao does not expressly disclose wherein the modification of the first authentication token includes transformation of one or more claims of the first authentication token based on the second authentication token.
Wadley discloses transformation of the first authentication token based on the second authentication token.
(See Wadley figure 1, element 110 combine first token with second token. [The Wadley token is an authentication token because the user presents the token to authenticate that they have the right to enter a transaction with the account associated with the token. See, e.g., para. 22]
 Para. [0045]
any number of customers may combine any number of their respective tokens into a single token through this system. For example, a first customer may combine a single token with a second customer's single token, and with a third customer's two tokens[combining a token with another token  would transform both tokens]
  [0040] restructure one or more of the 
accounts associated with the third token to grant access to both the first and 

first account outright and had sole access to the account, but after combining 
the first and second tokens[authentication token] into the third token, the system may …… grant the second customer access to the first account.  
[0057]
the system has combined the first and second tokens into a third token,
[0053] granting full access to these accounts through the third token. 
).
For the reasons discussed with respect to claim 1, it would have been obvious to a person having ordinary skill in the art before the effective filing date of the claimed invention to have modified Gao with the technique for combining a 1st token with a 2nd token of Wadley to include transformation the first authentication token based on the second authentication token.

	However, the combination of Gao and Wadley does not expressly disclose 
wherein the modification of the first authentication token includes transformation of one or more claims of the first authentication token based on the second authentication token.
Johnson discloses combining claims from multiple sources to generate a token with multiple claims from different sources and transforming the claims to canonical form for placing in the security token
(See Johnson Para. 0025]
. STS-IP 115 is configured to provide security information about the user in the form of a security token to resource providers 141-142. STS-IP 115 is configured to receive the security information in the form of claims from account stores 113. The claims from account stores 113 are typically in an intermediate format. 
Johnson [0018]  Security claims associated with the account are 
retrieved where the security claims are provided by an account store.  Each 
transformed from an intermediate format to a federated format 
recognized by the resource provider.  The transformed security claims are 
provided in a security token to the resource provider. 
Johnson [0026]
extensibility modules 123 extend the available account stores that STS-IP 115 may use. … to populate claims from an account store 
Johnson [0029]
STS-IP 115 is configured to perform transformation to obtain claims in federated formats that are recognized by resource providers 141-142. …… transform security claims provided by account stores 113. ……. transform intermediate claims provided by account stores 113 to a federated format recognized by STS-RP 145. 
).
It would have been obvious to a person having ordinary skill in the art before the effective filing date of the claimed invention to have modified the combination of Gao and Wadley with the technique for combining claims from multiple sources and transforming the claims to canonical form for placing in the security token of Johnson to include wherein the modification of the first authentication token includes transformation of one or more claims of the first authentication token based on the second authentication token.
One of ordinary skill in the art would have made this modification to improve the ability of the system to generate a token with claims from different sources, such as different tokens, which allows for using the token with the different claims indicating various privileges and assertions, and allowing for providing the token with integrated claims in canonical form to a resource provider. The system (e.g. mobile service platform 500) of the primary reference can be modified to combine claims from different tokens, as taught in the Wadley reference, transforming the claims from various sources into a canonical form and placing them in a token, as taught in the Johnson reference.


As per claim 4, the rejection of claim 1 is incorporated herein. 
The combined teaching of Gao, Wadley, and Johnson discloses 
prior to the transmission of the composite identity token to the server providing the session: 
sending an authorization code to the user device; and 
receiving the authorization code from the server providing the session.
 (See Gao Para.
[0021] generating a second token[authorization code= second token] in 
response to the user's confirmation of the first request; transmitting the 
second token to the user; associating the second token with the user; receiving 
a second request for accessing the user information from the application, the 
second request including the second token obtained from the user by the 
application[the server providing the session= third-party application]; 
)


As per claim 8, the claim(s) is/are directed to a computing device with limitations which correspond to limitations of claim 1, and is/are rejected for the reasons detailed with respect to claim 1.  In addition, claim 8 recites
A computing device comprising: a memory; and processor coupled to the memory and configured to: 
Gao discloses computing device comprising memory
(See Gao Para. [0070]
computer readable recording medium. The computer program includes software code section which is executed, when run on a computer, to implement the emulation method …… Examples of a computer readable medium ….., hard drive, 
)
However, Gao does not expressly disclose A computing device comprising: a memory; and processor coupled to the memory and configured to: 
Wadley discloses A computing device comprising: a memory; and processor coupled to the memory and configured to:
(See Wadley Para.    
[0019] 
software modules (also referred to herein as 
computer-readable code portions) executed by a processor or processing device 
and configured for performing certain functions, or in a combination of the 
two.  A software module may reside in RAM memory, flash memory, ….. a hard disk, …..
……., the processing device and the storage medium may reside as 
discrete components in a computing device.  
).
It would have been obvious to a person having ordinary skill in the art before the effective filing date of the claimed invention to have modified Gao with the computing device with processor coupled to the memory of Wadley to include A computing device comprising: a memory; and processor coupled to the memory and configured to: 
One of ordinary skill in the art would have made this modification to improve the ability of the system to be reprogrammed to execute instructions using the processor coupled to the memory. The system (e.g. mobile service platform 500) of the primary reference can be 

As per claim 9, the claim(s) is/are directed to a computing device with limitations which correspond to limitations of claim 2, and is/are rejected for the reasons detailed with respect to claim 2.  

As per claim 11, the claim(s) is/are directed to a computing device with limitations which correspond to limitations of claim 4, and is/are rejected for the reasons detailed with respect to claim 4.  

As per claim 12, the rejection of claim 8 is incorporated herein. 
However, Gao does not expressly disclose wherein the composite identity token comprises: one or more transformed claims of the second authentication token; and one or more claims of the first authentication token.
Wadley discloses combining 2 authentication tokens
(See Wadley figure 1, element 110 [combine first token with second token]
[The Wadley token is an authentication token because the user presents the token to authenticate that they have the right to enter a transaction with the account associated with the token. See, e.g., para. 22]
Wadley Para. [0045]
any number of customers may combine any number of their respective tokens into a single token through this system. For example, a first customer may combine a single token with a second customer's single token, and with a third customer's two tokens
Wadley  [0040] restructure one or more of the 
accounts associated with the third token to grant access to both the first and 
second customer.  For example, the first customer may have previously owned a 
first account outright and had sole access to the account, but after combining 
the first and second tokens[authentication token] into the third token, the system may …… grant the second customer access to the first account.  
Wadley [0057]
the system has combined the first and second tokens into a third token,
Wadley [0053] granting full access to these accounts through the third token. 
).
For the reasons discussed with respect to claim 1, it would have been obvious to a person having ordinary skill in the art before the effective filing date of the claimed invention to have modified Gao with the technique for combining two tokens of Wadley to include the composite identity token.

.
However, the combination of Gao and Wadley does not expressly disclose wherein the composite identity token comprises: one or more transformed claims of the second authentication token; and one or more claims of the first authentication token
Johnson discloses retrieving claims from multiple sources, transforming some of the claims to canonical form, and placing the claims in a token
(See Johnson Para. 0025]
STS-IP 115 is configured to provide security information about the user in the form of a security token to resource providers 141-142. STS-IP 115 is configured to receive the security information in the form of claims from account stores 113. The claims from account stores 113 are typically in an intermediate format. 
Johnson [0018]  Security claims associated with the account are 
retrieved where the security claims are provided by an account store.  Each 
transformed from an intermediate format to a federated format 
recognized by the resource provider.  The transformed security claims are 
provided in a security token to the resource provider. 
Johnson [0026]
extensibility modules 123 extend the available account stores that STS-IP 115 may use. … to populate claims from an account store 
Johnson [0029]
STS-IP 115 is configured to perform transformation to obtain claims in federated formats that are recognized by resource providers 141-142. …. transform security claims provided by account stores 113. …….transform intermediate claims provided by account stores 113 to a federated format recognized by STS-RP 145. 
).
It would have been obvious to a person having ordinary skill in the art before the effective filing date of the claimed invention to have modified the combination of Gao and Wadley with the technique for retrieving claims from multiple sources, transforming some of the claims to canonical form, and placing the claims in a token of Johnson to include 
wherein the composite identity token comprises: one or more transformed claims of the second authentication token; and one or more claims of the first authentication token. 
One of ordinary skill in the art would have made this modification to improve the ability of the system to generate a combined token that includes the claims of the individual tokens. By transforming and combining claims for placement in a token according to the well-known technique taught in the Johnson reference, the system may generate the combination tokens that include claims from individual tokens. The system (e.g. mobile service platform 500) of the primary reference may thus be modified to combine claims from tokens using the technique for integrating claims from multiple sources and placing the claims in a token as taught in Johnson reference.
  In addition, claim 16 recites
A computing platform comprising: one or more processors; and memory storing instructions that, when executed by the one or more processors, cause the computing platform to: 
Gao discloses computing platform comprising memory and memory storing instructions that are executed
(See Gao Para. [0070]
recording a computer program in a computer readable recording medium. The computer program includes software code section which is executed, when run on a computer, to implement the emulation method …… Examples of a computer readable medium ….., hard drive, 
)
However, Gao does not expressly disclose A computing platform comprising: one or more processors; and memory storing instructions that, when executed by the one or more processors, cause the computing platform to: 
Wadley discloses A computing platform comprising: one or more processors; and memory storing instructions that, when executed by the one or more processors, cause the computing platform to: 
(See Wadley Para.    
[0019] 
software modules (also referred to herein as 
computer-readable code portions) executed by a processor or processing device 
and configured for performing certain functions, or in a combination of the 
two.  A software module may reside in RAM memory, flash memory, ….. a hard disk, …..

discrete components in a computing device.  
).
It would have been obvious to a person having ordinary skill in the art before the effective filing date of the claimed invention to have modified Gao with the computing device with processor coupled to the memory of Wadley to include A computing platform comprising: one or more processors; and memory storing instructions that, when executed by the one or more processors, cause the computing platform to:
One of ordinary skill in the art would have made this modification to improve the ability of the system to be reprogrammed to execute instructions using the processor coupled to the memory. The system (e.g. mobile service platform 500) of the primary reference can be modified to utilize a processor coupled to a memory as taught in the Wadley reference to execute instructions. 
As per claim 17, the claim(s) is/are directed to a computing platform with limitations which correspond to limitations of claim 2, and is/are rejected for the reasons detailed with respect to claim 2.  



Claims 3, 10, and 18 is/are rejected under 35 U.S.C. 103 as being unpatentable over Gao in view of Wadley, in view of Johnson, further in view of Hubner et al. European patent application EP2323308 (hereinafter “Hubner”).
As per claim 3, the rejection of claim 1 is incorporated herein. 
However, the combination of Gao and Wadley does not expressly disclose 
wherein the modification of the first authentication token includes addition of a claim indicative of authentication with one or more of a biometric measurement and an access code to the first authentication token.
Johnson discloses wherein the modification of the first authentication token includes addition of a claim indicative of an access code to the first authentication token.
(See Johnson Para. 0023]
security information ….. may include ……, user name, password, [access code]
[0024]
security information provided by account stores 113 is organized in the form of claims. 
).
It would have been obvious to a person having ordinary skill in the art before the effective filing date of the claimed invention to have modified the combination of Gao and Wadley with the technique for adding claims that indicate username and password of Johnson to include 
wherein the modification of the first authentication token includes addition of a claim indicative of an access code to the first authentication token.
One of ordinary skill in the art would have made this modification to improve the ability of the system to store access data in the token, so that the token can be used to grant access to the user based on the access information stored in the token. The system (e.g. mobile service platform 500) of the primary reference can be modified to add username and password data to claims in a token. 

	However, the combination of Gao, Wadley, and Johnson does not expressly disclose 
wherein the modification of the first authentication token includes addition of a claim indicative of authentication with one or more of a biometric measurement and an access code to the first authentication token.
Hubner discloses storing biometric data in a security token and that a security token may include a cryptographic function such as authentication
(See Hubner Para. A 'security token' as understood herein encompasses any portable physical device that includes a cryptographic function, such as for the purposes of authentication, ……. Such physical devices include …., authentication tokens,
assigning a secret to a security token comprising receiving first biometrical data of a biometrical feature of a person by the security token, storing the first biometrical data in the security token, 
).
It would have been obvious to a person having ordinary skill in the art before the effective filing date of the claimed invention to have modified the combination of Gao, Wadley, and Johnson with the technique for storing biometric data in a token of Hubner to include 
wherein the modification of the first authentication token includes addition of a claim indicative of authentication with one or more of a biometric measurement and an access code to the first authentication token.
One of ordinary skill in the art would have made this modification to improve the ability of the system to generate tokens that store biometric data for authentication. The system (e.g. mobile service platform 500) of the primary reference can be modified to modify tokens, including new tokens, to include claims that include biometric measurements, in order to store biometric data in a token as taught in the Hubner reference.
As per claim 10, the claim(s) is/are directed to a computing device with limitations which correspond to limitations of claim 3, and is/are rejected for the reasons detailed with respect to claim 3.  
  In addition, claim 18 recites generate, instead of the word adding, however, the rejection remains analogous to the rejection of claim 3, since the token claims are generated for the token after retrieving the security information from the account stores, with the claims indicating username and password as taught in Johnson para. 23-24.

Claims 5, 13, and 20 is/are rejected under 35 U.S.C. 103 as being unpatentable over Gao in view of Wadley, in view of Johnson, further in view of Lee et al. U.S. Publication 20190073842 (hereinafter “Lee”).
As per claim 5, the rejection of claim 1 is incorporated herein. 
However, the combination of Gao and Wadley does not expressly disclose 
receiving a subsequent request from the server to update the composite identity token; updating one or more claims of the composite identity token; and transmitting the updated composite identity token to the server in response to the subsequent request.
Johnson discloses updating one or more claims of the composite identity token; 
 (See Johnson Para. [0018]
The transformed security claims are provided in a security token to the resource provider.
[0001] These XML tokens utilize formats, such as 
Security Assertion Markup Language (SAML) or Extensible Rights Markup Language 
(XrML), and contain rich authorization claims in addition to identity data.  
Para. 0025]
 STS-IP 115 is configured to provide security information about the user in the form of a security token to resource providers 141-142. STS-IP 115 is configured to receive the security information in the form of claims from account stores 113. 
extend the available account stores that STS-IP 115 may use. … to populate claims from an account store 
[Johnson describes a generated token includes claims and claims are retrieved from multiple sources. it’s a composite token because claims are retrieved from different sources; as the claims are added to the token the claims are updated.
).
It would have been obvious to a person having ordinary skill in the art before the effective filing date of the claimed invention to have modified the combination of Gao and Wadley with the technique for generating a token with claims and providing the generated token of Johnson to include 
updating one or more claims of the composite identity token; 
One of ordinary skill in the art would have made this modification to improve the ability of the system to update claims in a token, such as when the token expires and the token needs to be regenerated/renewed. The system (e.g. mobile service platform 500) of the primary reference can be modified to generate a token with claims from multiple sources, and thereby updating the claims of the token. 

However, the combination of Gao, Wadley, and Johnson does not expressly disclose 
receiving a subsequent request from the server to update the composite identity token; and transmitting the updated composite identity token to the server in response to the subsequent request.
Lee discloses receiving request to update a token, updating the token, and transmitting the updated token to the requesting party
(See Lee Para.    [0229] 
……, the update 
token may be used to update the authentication token.  When or before the 

authentication token with a new authentication token.  …., a new authentication token may be issued 
   [0260] terminal 2000 may transmit the update token to 
the authentication server 1000 to make a request to update the authentication 
token. [Discloses receiving request to update a token]
[0427] the authentication server 1000 may transmit the updated authentication token to which the timestamp is recorded to the user terminal 2000a. [Discloses transmitting the updated token to the requesting party]
[Because a new authentication token is generated in Lee during the process of updating the authentication token, the new authentication token can be generated and populated with claims as taught in the Johnson reference, which would involve updating the claims so that the newly generated token has updated claims  ]
).
It would have been obvious to a person having ordinary skill in the art before the effective filing date of the claimed invention to have modified the combination of Gao, Wadley, and Johnson with the technique for receiving a request to update a token, updating the token, and returning the updated token to the requesting party of Lee to include 
receiving a subsequent request from the server to update the composite identity token; and transmitting the updated composite identity token to the server in response to the subsequent request.
One of ordinary skill in the art would have made this modification to improve the ability of the system to respond to requests for updated tokens by generating replacement tokens. The system (e.g. mobile service platform 500) of the primary reference can be modified to generate a replacement token in response to a request to update the token, and utilizing the technique of Johnson to add claims to the token thereby updating the claims of the token.	 

  As per claim 20, the claim(s) is/are directed to a computing platform with limitations which correspond to limitations of claim 5, and is/are rejected for the reasons detailed with respect to claim 5. 
Claims 6-7, 14-15, and 19 is/are rejected under 35 U.S.C. 103 as being unpatentable over Gao in view of Wadley, in view of Johnson, further in view of Gupta et al. U.S. Publication 20130054968 (hereinafter “Gupta”).
As per claim 6, the rejection of claim 1 is incorporated herein. 
	However, the combination of Gao, Wadley, and Johnson does not expressly disclose 
wherein the retrieving of the second authentication token comprises: redirecting, based on the information in the request, the user device to an identity provider associated with the resource; and receiving, from the identity provider, the second authentication token.
Gupta discloses 
wherein the retrieving of the second authentication token comprises: redirecting, based on the information in the request, the user device to an identity provider associated with the resource; and receiving, from the identity provider, the second authentication token.
 (See Gupta 
   [0038] FIG. 2B …… service 
provider (SP) receives an authentication request from the user system.  In step 
234, the SP sends an OAuth login page for a data source (identity provider) to 
the user system, redirecting the user to the identity provider.  In step 236, 
the SP receives a post OAuth access code and a user passcode from the user for 
obtaining a refresh token from the identity provider (which may be a data 
source) (identity provider).  In step 238, the SP sends the OAuth access code 
and user passcode to obtain the access token and refresh tokens from the 
identity provider.  In step 240, the SP receives the access and refresh tokens 
from the identity provider.  [receiving, from the identity provider, the second authentication token.]
)

wherein the retrieving of the second authentication token comprises: redirecting, based on the information in the request, the user device to an identity provider associated with the resource; and receiving, from the identity provider, the second authentication token.
One of ordinary skill in the art would have made this modification to improve the ability of the system to interact with an identity provider to obtain a token for the user from the identity server. The system (e.g. mobile service platform 500) of the primary reference can be modified to redirect the mobile terminal to an identity provider and receive a token from the identity provider, as taught in the Gupta reference.

As per claim 7, the rejection of claim 6 is incorporated herein. 
	However, the combination of Gao, Wadley, and Johnson does not expressly disclose 
prior to receipt of the second authentication token: receiving, from the user device, an authorization code; and transmitting, to the identity provider, the authorization code.
Gupta discloses prior to receipt of the second authentication token: receiving, from the user device, an authorization code; and transmitting, to the identity provider, the authorization code.
(See Gupta 
   [0038] FIG. 2B …… service 
provider (SP) receives an authentication request from the user system.  In step 
234, the SP sends an OAuth login page for a data source (identity provider) to 
the user system, redirecting the user to the identity provider.  In step 236, 
receives a post OAuth access code [authorization code ]and a user passcode [authorization code ]from the user for 
obtaining a refresh token from the identity provider (which may be a data 
source) (identity provider).  In step 238, the SP sends the OAuth access code 
and user passcode[transmitting, to the identity provider, the authorization code] to obtain the access token and refresh tokens from the 
identity provider.  In step 240, the SP receives the access and refresh tokens 
from the identity provider.  
)
For the reasons discussed with respect to claim 6, it would have been obvious to a person having ordinary skill in the art before the effective filing date of the claimed invention to have modified the combination of Gao, Wadley, and Johnson with the technique for receiving access code and user passcode from user device and forwarding the codes to identity provider of Gupta to include prior to receipt of the second authentication token: receiving, from the user device, an authorization code; and transmitting, to the identity provider, the authorization code.
As per claim 14, the claim(s) is/are directed to a computing device with limitations which correspond to limitations of claim 6, and is/are rejected for the reasons detailed with respect to claim 6.  
As per claim 15, the claim(s) is/are directed to a computing device with limitations which correspond to limitations of claim 7, and is/are rejected for the reasons detailed with respect to claim 7.  
As per claim 19, the claim(s) is/are directed to a computing platform with limitations which correspond to limitations of claim 6, and is/are rejected for the reasons detailed with respect to claim 6.  


Conclusion
Any inquiry concerning this communication or earlier communications from the examiner should be directed to HOWARD H LOUIE whose telephone number is 571-272-0036.  The examiner can normally be reached on Monday-Friday 9 AM-5 PM EST.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Jung W. Kim can be reached on 571-272-3804.  The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system.  Status information for published applications may be obtained from either Private PAIR or Public PAIR.  Status information for unpublished applications is available through Private PAIR only.  For more information about the PAIR system, see http://pair-direct.uspto.gov. Should you have questions on access to the Private PAIR system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative or access to the automated information system, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.






/HOWARD H. LOUIE/Examiner, Art Unit 2494                                                                                                                                                                                                        
/JUNG W KIM/Supervisory Patent Examiner, Art Unit 2494