DETAILED ACTION
Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .
Response to Arguments
Applicant’s arguments, see remarks, filed 9/23/2021, with respect to claims over prior art have been fully considered and are persuasive, see for example page 10 paragraph 1-3.  The 35 U.S.C. 103 rejection(s) of claims 1-20 has been withdrawn. 
Allowable Subject Matter
Claims 1-20 allowed.
The following is an examiner’s statement of reasons for allowance: 
The prior art, Feijoo et al
The prior art, Hardt (“The OAuth 2.0 Authorization Framework”), discloses an authorization framework that enables a third party application to obtain limited access to service on behalf of the owner, an interacting resource owner or by allowing an application to obtain access on its own. 
The prior art, Hardt et al (US 2018/0316657), discloses an identity provider receives a request to configure authentication for enabling single sign-on to a service provider. The identity provider identifies the authentication protocols supported by the service provider and determines whether it is compatible with these authentication protocols. As a result of the identity provider being compatible with at least some of the authentication protocols, the identity provider generates configuration information that is usable by the service provider to configure the authentication. The identity provider transmits, to a computer system, a response that causes the computer system to be redirected to the service provider in order to provide information usable by the service provider to obtain the configuration information.
The prior art, Mukherjee (US 20160259936), discloses a method that grants a token to authenticate a user requesting access to an application in a domain is disclosed. The method includes receiving a response from an identity (ID) provider in a second domain responsive to a first request from a user to access an application provided by an application server in a first domain, the response indicating the authenticity of the user in the second domain, randomly selecting a first key and a second key from a key store, generating a secret by randomly permuting the first key and the second key, generating a signature by signing user information associated with the user using the secret, generating an authentication token including the signature, determining whether the authentication token is valid, and responsive to 
However, the prior art, either alone or in combination does not expressly disclose providing a first id token to a resource provider computer system, wherein the first id token includes an expiration indicator reflecting when the first id token expires, and the first id token further includes a first policy check interval defining how often the resource provider computer system is to communicate with the identity provider computer system to inquire about conditional access policy that is to be implemented against the entity; and that due to expiration of the first policy check interval, send a first refresh token from the resource provider computer system to the identity provider computer system; and receive, from the identity provider computer system, a new id token, wherein the identity provider computer system is further configured to evaluate the conditional access policy for the entity and provide the new id token and a new refresh token to the resource provider as a result of determining that the conditional access policy for the entity has been met.
Any comments considered necessary by applicant must be submitted no later than the payment of the issue fee and, to avoid processing delays, should preferably accompany the issue fee.  Such submissions should be clearly labeled “Comments on Statement of Reasons for Allowance.”
EXAMINER’S AMENDMENT
An examiner’s amendment to the record appears below. Should the changes and/or additions be unacceptable to applicant, an amendment may be filed as provided by 37 CFR 
Authorization for this examiner’s amendment was given in an interview with Levi Brown on 9/28/2021.
PLEASE AMEND CLAIM 16 AS FOLLOWS:
16. (Currently Amended) A computing system comprising: 
an identity provider computer system comprising at least one processor and one or more hardware storage devices that store instructions that  when executed 
provide a first id token to a resource provider computer system, wherein the first id token includes an expiration indicator reflecting when the first id token expires, and the first id token further includes a first policy check interval defining how often the resource provider computer system is to communicate with the identity provider computer system to inquire about conditional access policy that is to be implemented against the entity; and 
the resource provider computer system, which comprises least one processor an one or more hardware storage devices that store instructions that when executed 
due to expiration of the first policy check interval, send a first refresh token from the resource provider computer system to the identity provider computer system; and receive, from the identity provider computer system, a new id token, wherein the .
Conclusion
The prior art made of record and not relied upon is considered pertinent to applicant's disclosure. 
Logan et al (US 2012/0260322): discloses a flexible authentication system is that fluidly switches between a federated authentication model and a local short-lived token model that does not require sophisticated authentication infrastructure at the relying party site. Upon detecting an event that causes the identity provider to be unavailable for authentication, the relying party switches to a temporary token model. The system generates a bearer token or challenge associated with the user's identity and (optionally) associated with time data that limits the period during which the token is valid. The relying party communicates the short-lived token to the user using contact information associated with the user and already stored by the relying party. Upon receiving the short-lived token, the user provides the short-lived token to the relying party, and the relying party processes the token to validate the user's identity and then allows the user to access the relying party's online services. 
Mohamad Abdul et al (US 2019/0238598) discloses a service instance client, associated with a service instance, is created in a first tenancy. A template client is created, based on a security blueprint, in a second tenancy. A registration client is 
Any inquiry concerning this communication or earlier communications from the examiner should be directed to KENDALL DOLLY whose telephone number is (571)270-1948.  The examiner can normally be reached on Monday-Thursday 7am-4pm(EST) and Friday 7am-11am(EST).
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Shewaye Gelagay can be reached on (571)272-4219.  The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system.  Status information for published applications may be obtained from either Private PAIR or Public PAIR.  Status information for unpublished 
/KENDALL DOLLY/             Primary Examiner, Art Unit 2436