DETAILED ACTION
This Office Action is in response to the Amendment and the communication filed on 10/11/2021.
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .
In the instant Amendment, filed on 10/11/2021, claim 15 has been amended. 
Claims 1-22 have been examined and are pending in this application. Claims 1, 9, and 15 are independent. This Action is made FINAL.
Response to Arguments/Remarks
As to the rejections to claims 15-22, rejected under 35 U.S.C. § 101, the rejections are withdrawn as the claims have been amended.
Applicants’ arguments in the instant Amendment, filed on 10/11/2021, with respect to the prior-art rejections to claims 1-22, and limitations listed below, have been fully considered but they are not persuasive.
Applicant’s Remarks: As to independent claims 1, 9 and 15 he Applicant submits that at applied prior at  does not teach the claim limitations. At least applied prior art refernce Rowe does not teach the limittaions addred in the rejections. The paragraps, recited in the rejections, or the other paragraphs of Rowe do not address the above-recited features. To the extent that Rowe has any disclosure relevant to validation, that disclosure simply refers to validation of an authorization token. (See e.g., Rowe, [0127] stating “composite identity server 408 may determine whether the authorization  (Applicant Arguments/Remarks, 10/11/2021, pages 7-10).
The Examiner disagrees with the Applicants. The Examiner respectfully submits that Rowe reference teaches the addressed limitation. The addressed claim recites checking token invalidity of each access claims, and based on the check if there is no invalidity, accept the authorization request, where the scope of the limitation is captured in a negative recitation. The positive recitation of the same claim cope can be recited, for instance, checking token validity of each access claims, and based on the check if all are valid, accept the authorization request.  Rowe teaches, as Applicant admitted, validation of an authorization token. Row teaches of token associated with the one or claims of the users. A record of the user claims and access/authentication information are managed associated with token, and the records are updated as needed (Rowe: pars 0076-0082). Validation of a token, as taught by Rowe, is to allow an access request based on the outcome of the authorization token. Even though, Rowe does not recite the word “invalidity,” the meaning of the teaching is the same, in a positive format of the claimed scope. Therefore, broadly interpreted Rowe teaches the claim limitations, and the combination of the references is proper.
Additionally, as to the dependent claims 2-8, 10-14, and 16-22, the Applicant submits that the claims are patentable at least based on of their dependency from the allowable base claim (Applicant Arguments/Remarks, 10/11/2021, page 10).

Claim Rejections - 35 USC § 103
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102 of this title, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains.  Patentability shall not be negated by the manner in which the invention was made.

This application currently names joint inventors. In considering patentability of the claims the examiner presumes that the subject matter of the various claims was commonly owned as of the effective filing date of the claimed invention(s) absent any evidence to the contrary.  Applicant is advised of the obligation under 37 CFR 1.56 to point out the inventor and effective filing dates of each claim that was not commonly owned as of the effective filing date of the later invention in order for the examiner to consider the applicability of 35 U.S.C. 102(b)(2)(C) for any potential 35 U.S.C. 102(a)(2) prior art against the later invention.
Claims 1-22 are rejected under 35 U.S.C. 103 as being unpatentable over Gupta et al (“Gupta,” US 2020/0136825, filed on 10/31/2018), in view of Rowe et al (“Rowe,” US 2019/0097802, published on 03/28/2019).
As to claim 1, Gupta teaches a method of validating an authorization request (Gupta: pars 0014-0016, 0042, 0044-0045, a method of system for authentication by validation an identity token, permitting communication between a client device and another device and providing resource access) comprising:
receiving, from a user, an access token (Gupta: pars 0044-0045, an identity server receives a request to authenticate including an identity token from a client device), the access token being issued by an identity provider, and the user being associated with the identity provider (Gupta: pars 0044-0045, the client device previously received the token from and identity provider in response to sending credentials to the identity provider);
validating the access token using keys obtained from a JSON Web Token (JWT) key set of the identity provider (Gupta: pars 0044-0045, 0065, the identity token includes a JavaScript Object Notation ("JSON") web token ("JWT"). The identity server receives a private key from the client device or the identity provider, and validate the signature of the identity token using the private key and the algorithm); and
extracting an identity provider identifier from the access token, and further validating the access token by using the identity provider information in the access token as a key in a database to determine the identity provider is a known identity provider (Gupta: pars 0044-0046, 0065; Fig 2, the identity server receives a private key from the client device or the identity provider, and validate the signature of the identity token using the private key and the algorithm. Authenticate the client device for multiple services, wherein each of the multiple identity tokens is authenticated for a different service of the multiple services, based the access/identity information mapped to the data center).

However, in an analogous art, Rowe teaches checking each access claim of the access token for invalidity; and if no invalid claims are found, accepting the authorization request (Rowe: pars 0076-0082, teaches of token associated with the one or claims of the users. A record of the user claims and access/authentication information are managed associated with token, and the records are updated as needed).
Therefore, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to combine the teachings of Rowe with the method/system of Gupta for the benefit of providing a user with a means for using one or more claims associating with access tokens for the system to authenticate user access by verifying and validating a token and associated claims for the system to efficiently and securely managing multiple tokens and authentication process (Rowe: pars 0076-0082). 
As to claim 2, the combination of Gupta and Rowe teaches the method of claim 1, 
Gupta and Rowe further teaches further comprising: if any of the access claims are invalid, failing authorization request (Gupta: pars 0014-0016, 0042, 0044-0045, a method of system for authentication by validation an identity token, permitting communication between a client device and another device and providing resource access [i.e. not positive authentication will not provide access]. Rowe: pars 0076-0082, teaches of token associated with the one or claims of the users. Allowing the claims to a resource based on the access/authentication information are associated with claims).
As to claim 3, the combination of Gupta and Rowe teaches the method of claim 1, 
Gupta and Rowe further teaches further comprising: if a first access claim of the access claims is invalid and the second access claim of the access claims is valid, accepting authorization for access associated with the second access claim (Gupta: pars 0044-0046, 0065; Fig 2, authenticate the client device for multiple services, wherein each of the multiple identity tokens is authenticated for a different service of the multiple services, based the access/identity information mapped to the data center. Rowe: pars 0076-0082, teaches of token associated with the one or claims of the users. For each claim, an allowing decision of the claim to a specific resource is made based on the authentication of information are associated with the claim and the token).
As to claim 4, the combination of Gupta and Rowe teaches the method of claim 1,
Gupta further teaches wherein the identity provider is provided control over only a predetermined subset of all data elements and organizations (Gupta: pars 0044-0046, 0065; Fig 2, authenticate the client device for multiple services, wherein each of the multiple identity tokens is authenticated for a different service of the multiple services, based the access/identity information mapped to the data center).
As to claim 5, the combination of Gupta and Rowe teaches the method of claim 4,
Gupta and Rowe further teaches wherein the access token is invalid if any access claim of the access token falls outside the predetermined subset of all data elements and organizations available to the identity provider (Gupta: pars 0044-0046, 0065; Fig 2, authenticate the client device for multiple services, wherein each of the multiple identity tokens is authenticated for a different service of the multiple services, based the access/identity information mapped to the data center. Rowe: pars 0076-0082, teaches of token associated with the one or claims of the users. For each claim, an allowing decision of the claim to a specific resource is made based on the authentication of information are associated with the claim and the token [i.e. any claim access is not positively authenticated to associated resource, not allowed]).
As to claim 6, the combination of Gupta and Rowe teaches the method of claim 1,
Gupta and Rowe further teaches wherein a validated access claim provides access to less than all data elements under control of the identity provider (Gupta: pars 0044-0046, 0065; Fig 2, authenticate the client device for multiple services, wherein each of the multiple identity tokens is authenticated for a different service of the multiple services, based the access/identity information mapped to the data center. Rowe: pars 0076-0082, teaches of token associated with the one or claims of the users. For each claim, an allowing decision of the claim to a specific resource is made based on the authentication of information are associated with the claim and the token).
As to claim 7, the combination of Gupta and Rowe teaches the method of claim 1, 
Rowe further teaches further comprising: checking an expiration time in the access token is a future time (Rowe: pars 0076-0082, record of the user claims and access/authentication information are managed associated with token are updated as needed; expired claims are deleted as part of the claim/token management).
As to claim 8, the combination of Gupta and Rowe teaches the method of claim 1, 
Gupta and Rowe further teaches wherein the authorization request is associated with real-time location services provision (Gupta: pars 0017, 0037, uses location/zone information for the network management).
As to claim 9, Gupta teaches a computer-implemented method for validating an authorization request (Gupta: pars 0014-0016, 0042, 0044-0045, a method of system for authentication by validation an identity token, permitting communication between a client device and another device and providing resource access), the method comprising:
receiving, from a user, an access token (Gupta: pars 0044-0045, an identity server receives a request to authenticate including an identity token from a client device), the access token being issued by an identity provider, and the user being associated with the identity provider (Gupta: pars 0044-0045, the client device previously received the token from and identity provider in response to sending credentials to the identity provider);
validating the access token using keys obtained from a JSON Web Token (JWT) key set of the identity provider (Gupta: pars 0044-0045, 0065, the identity token includes a JavaScript Object Notation ("JSON") web token ("JWT"). The identity server receives a private key from the client device or the identity provider, and validate the signature of the identity token using the private key and the algorithm); and
extracting an identity provider identifier from the access token, and further validating the access token by using the identity provider information in the access token as a key in a database to determine the identity provider is a known identity provider (Gupta: pars 0044-0046, 0065; Fig 2, the identity server receives a private key from the client device or the identity provider, and validate the signature of the identity token using the private key and the algorithm. Authenticate the client device for multiple services, wherein each of the multiple identity tokens is authenticated for a different service of the multiple services, based the access/identity information mapped to the data center).
Gupta does not explicitly teach checking each access claim of the access token for invalidity; and if no invalid claims are found, accepting the authorization request.
However, in an analogous art, Rowe teaches checking each access claim of the access token for invalidity; and if no invalid claims are found, accepting the authorization request (Rowe: pars 0076-0082, teaches of token associated with the one or claims of the users. A record of the user claims and access/authentication information are managed associated with token, and the records are updated as needed).
Therefore, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to combine the teachings of Rowe with the method/system of Gupta for the benefit of providing a user with a means for using one or more claims associating with access tokens for the system to authenticate user access by verifying and validating a token and associated claims for the system to efficiently and securely managing multiple tokens and authentication process (Rowe: pars 0076-0082). 
As to claim 10, the combination of Gupta and Rowe teaches the computer-implemented method of claim 9, 
Gupta and Rowe further teaches further comprising: if any of the access claims are invalid, failing authorization request (Gupta: pars 0014-0016, 0042, 0044-0045, a method of system for authentication by validation an identity token, permitting communication between a client device and another device and providing resource access [i.e. not positive authentication will not provide access]. Rowe: pars 0076-0082, teaches of token associated with the one or claims of the users. Allowing the claims to a resource based on the access/authentication information are associated with claims).
As to claim 11, the combination of Gupta and Rowe teaches the computer-implemented method of claim 9, 
Gupta and Rowe further teaches further comprising: if a first access claim of the access claims is invalid and the second access claim of the access claims is valid, accepting authorization for access associated with the second access claim (Gupta: pars 0044-0046, 0065; Fig 2, authenticate the client device for multiple services, wherein each of the multiple identity tokens is authenticated for a different service of the multiple services, based the access/identity information mapped to the data center. Rowe: pars 0076-0082, teaches of token associated with the one or claims of the users. For each claim, an allowing decision of the claim to a specific resource is made based on the authentication of information are associated with the claim and the token).
As to claim 12, the combination of Gupta and Rowe teaches the computer-implemented method of claim 9, 
Gupta and Rowe further teaches wherein a validated access claim provides access to less than all data elements under control of the identity provider (Gupta: pars 0044-0046, 0065; Fig 2, authenticate the client device for multiple services, wherein each of the multiple identity tokens is authenticated for a different service of the multiple services, based the access/identity information mapped to the data center. Rowe: pars 0076-0082, teaches of token associated with the one or claims of the users. For each claim, an allowing decision of the claim to a specific resource is made based on the authentication of information are associated with the claim and the token).
As to claim 13, the combination of Gupta and Rowe teaches the computer-implemented method of claim 9, 
Gupta and Rowe further teaches further comprising: checking an expiration time in the access token is a future time (Rowe: pars 0076-0082, record of the user claims and access/authentication information are managed associated with token are updated as needed; expired claims are deleted as part of the claim/token management).
As to claim 14, the combination of Gupta and Rowe teaches the computer-implemented method of claim 9, 
Gupta and Rowe further teaches wherein the authorization request is associated with real-time location services provision Gupta: pars 0017, 0037, uses location/zone information for the network management).
As to claim 15, Gupta teaches a services provision system comprising at least one processor and a memory coupled to the at least one processor (Gupta: pars 0014-0016, 0042, 0044-0045, a method of system for authentication by validation an identity token, permitting communication between a client device and another device and providing resource access), the at least one processor configured to:
receive, from a user, an access token (Gupta: pars 0044-0045, an identity server receives a request to authenticate including an identity token from a client device), the access token being issued by an identity provider, and the user being associated with the (Gupta: pars 0044-0045, the client device previously received the token from and identity provider in response to sending credentials to the identity provider);
validate the access token using keys obtained from a JSON Web Token (JWT) key set of the identity provider (Gupta: pars 0044-0045, 0065, the identity token includes a JavaScript Object Notation ("JSON") web token ("JWT"). The identity server receives a private key from the client device or the identity provider, and validate the signature of the identity token using the private key and the algorithm); and
extract an identity provider identifier from the access token, and further validate the access token by using the identity provider information in the access token as a key in a database to determine the identity provider is a known identity provider (Gupta: pars 0044-0046, 0065; Fig 2, the identity server receives a private key from the client device or the identity provider, and validate the signature of the identity token using the private key and the algorithm. Authenticate the client device for multiple services, wherein each of the multiple identity tokens is authenticated for a different service of the multiple services, based the access/identity information mapped to the data center).
Gupta does not explicitly teach check each access claim of the access token for invalidity; and if no invalid claims are found, accept the authorization request.
However, in an analogous art, Rowe teaches check each access claim of the access token for invalidity; and if no invalid claims are found, accept the authorization request (Rowe: pars 0076-0082, teaches of token associated with the one or claims of the users. A record of the user claims and access/authentication information are managed associated with token, and the records are updated as needed).
before the effective filing date of the claimed invention to combine the teachings of Rowe with the method/system of Gupta for the benefit of providing a user with a means for using one or more claims associating with access tokens for the system to authenticate user access by verifying and validating a token and associated claims for the system to efficiently and securely managing multiple tokens and authentication process (Rowe: pars 0076-0082).
As to claim 16, the combination of Gupta and Rowe teaches the services provision system of claim 15, 
Gupta and Rowe further teaches wherein the at least one processor is further configured to: if any of the access claims are invalid, fail authorization request (Gupta: pars 0014-0016, 0042, 0044-0045, a method of system for authentication by validation an identity token, permitting communication between a client device and another device and providing resource access [i.e. not positive authentication will not provide access]. Rowe: pars 0076-0082, teaches of token associated with the one or claims of the users. Allowing the claims to a resource based on the access/authentication information are associated with claims).
As to claim 17, the combination of Gupta and Rowe teaches the services provision system of claim 15, 
Gupta and Rowe further teaches wherein the at least one processor is further configured to: if a first access claim of the access claims is invalid and the second access claim of the access claims is valid, accept authorization for access associated with the second access claim (Gupta: pars 0044-0046, 0065; Fig 2, authenticate the client device for multiple services, wherein each of the multiple identity tokens is authenticated for a different service of the multiple services, based the access/identity information mapped to the data center. Rowe: pars 0076-0082, teaches of token associated with the one or claims of the users. For each claim, an allowing decision of the claim to a specific resource is made based on the authentication of information are associated with the claim and the token).
As to claim 18, the combination of Gupta and Rowe teaches the services provision system of claim 15, 
Gupta and Rowe further teaches wherein the identity provider is provided control over only a predetermined subset of all data elements and organizations (Gupta: pars 0044-0046, 0065; Fig 2, authenticate the client device for multiple services, wherein each of the multiple identity tokens is authenticated for a different service of the multiple services, based the access/identity information mapped to the data center).
As to claim 19, the combination of Gupta and Rowe teaches the services provision system of claim 18, 
Gupta and Rowe further teaches wherein the access token is invalid if any access claim of the access token falls outside the predetermined subset of all data elements and organizations available to the identity provider (Gupta: pars 0044-0046, 0065; Fig 2, authenticate the client device for multiple services, wherein each of the multiple identity tokens is authenticated for a different service of the multiple services, based the access/identity information mapped to the data center. Rowe: pars 0076-0082, teaches of token associated with the one or claims of the users. For each claim, an allowing decision of the claim to a specific resource is made based on the authentication of information are associated with the claim and the token [i.e. any claim access is not positively authenticated to associated resource, not allowed]).
As to claim 20, the combination of Gupta and Rowe teaches the services provision system of claim 15, 
Gupta and Rowe further teaches wherein a validated access claim provides access to less than all data elements under control of the identity provider (Gupta: pars 0044-0046, 0065; Fig 2, authenticate the client device for multiple services, wherein each of the multiple identity tokens is authenticated for a different service of the multiple services, based the access/identity information mapped to the data center. Rowe: pars 0076-0082, teaches of token associated with the one or claims of the users. For each claim, an allowing decision of the claim to a specific resource is made based on the authentication of information are associated with the claim and the token).
As to claim 21, the combination of Gupta and Rowe teaches the services provision system of claim 15, 
Gupta and Rowe further teaches wherein the at least one processor is further configured to: check an expiration time in the access token is a future time (Rowe: pars 0076-0082, record of the user claims and access/authentication information are managed associated with token are updated as needed; expired claims are deleted as part of the claim/token management).
As to claim 22, the combination of Gupta and Rowe teaches the services provision system of claim 15, 
Gupta: pars 0017, 0037, uses location/zone information for the network management).
Conclusion

THIS ACTION IS MADE FINAL.  Applicant is reminded of the extension of time policy as set forth in 37 CFR 1.136(a).  
A shortened statutory period for reply to this final action is set to expire THREE MONTHS from the mailing date of this action.  In the event a first reply is filed within TWO MONTHS of the mailing date of this final action and the advisory action is not mailed until after the end of the THREE-MONTH shortened statutory period, then the shortened statutory period will expire on the date the advisory action is mailed, and any extension fee pursuant to 37 CFR 1.136(a) will be calculated from the mailing date of the advisory action.  In no event, however, will the statutory period for reply expire later than SIX MONTHS from the mailing date of this final action. 
Any inquiry concerning this communication or earlier communications from the examiner should be directed to Jahangir Kabir whose telephone number is (571) 270-3355.  The examiner can normally be reached on 9:00- 5:00 Mon-Thu.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Luu Pham can be reached on (571) 270-5002.  The fax number for the organization where this application or proceeding is assigned is 571-273-8300.


/JAHANGIR KABIR/             Primary Examiner, Art Unit 2439