DETAILED ACTION
Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .

This office action is a response to an application filed 09/30/2019 wherein claims 1 – 20 are pending and ready for examination.  

Response to Arguments
Applicant's arguments filed 08/19/2021 have been fully considered but they are not persuasive. 
Rejections based on 35 USC § 102Applicant Asserts: Beginning with claim 1, Alen fails to disclose at least “transforming, by the
authorization server, the access token [that was previously granted by the authorization server into a single sign-on (SSO) link with a session token.” The Office uses Alen at [0068] and [0069] to purportedly anticipate this feature. At [0068] and [0069], Alen merely mentions generating an access token based on an email validation via a request and a response between an authorization module and email server. Although Alen classifies the authorization module as an SSO server at [0064] and [0079], this classification by Alen does not include any more detail other than using an email validation request and response. Using an email request and response, as discussed in Alen, does not disclose “transforming, by the authorization server, the access token [that was previously granted by the authorization server] into a single sign-on (SSO) link with a session token” because an email verification and request is not the same as transforming an access token into an SSO link.

Examiner Response:  First, the Examiner appreciates applicant representative work to advance the prosecution of this application on whose understanding was expedited by the Applicant Interview (see INTERVIEW SUNMMARY 08/19/2021).  However, the Examiner disagrees with the assertion that the prior art of record does not teach the claimed ‘‘transforming, by the
authorization server, the access token [that was previously granted by the authorization server into a single sign-on (SSO) link with a session token.”  The Examiner indeed maintains that Allen teaches the transformation since access is provided.  Allen teaches at location [0069] an access code submitted to the token module whereby the token module 216 creates a token.  The access code provides the redirect URL whereby is transformed into a token.  This token ultimately provides access to the claimed resource.  It is for this reason that the Examiner maintains the prior art rejection.

Applicant Asserts: Further, Alen also fails to anticipate at least “the SSO link causing the third-party application to redirect the user to the UX session corresponding to the SSO link.” The Office uses Alen at [0068] and [0069] to purportedly anticipate this feature. At these paragraphs, Alen merely discusses redirecting the authorization code and the access token from client to server, which does not disclose “redirect the user to the UX session corresponding to the SSO link.” In addition, since Alen is silent to this claim feature, this claim feature is not inherent in Alen’s redirection of the authorization code.

Examiner Response:  The Examiner disagrees with applicant representative that the prior art of record Alen does not anticipate that a SSO link causing the third-party application to redirect the user to the UX session corresponding to the SSO link because Alen at least at [0064] discloses:
For instance, the network client 116 of the communication device 108 opens the redirect URL and is directed to an authorization token module 216 or OAuth/SSO server (step S405). 

Here, the user is represented by the communications device 108.  If the communication device is being redirected then the user operating the communications device is being redirected.  Alen at the cited locations [0068] and [0069] in the previous Office Action cited the redirection and is the same redirection initialized at [0064]. 

Applicant Asserts:  In addition to being allowable based on its dependence, claim 3 has been amended to include “wherein the UX session is accessible by the third party application without a sign on requirement,” which is also not disclosed by Alen at least because Alen is silent to accessing a user experience session without a sign on requirement.

Examiner Response:  Respectfully, the Examiner does not find the amendment to claim 3 as being disclosed in the instant specification at the location cited by applicant at [0022].  The instant specification at the cited location discloses:
 [0022] Accordingly, the present disclosure provides technical solutions to the technical problem of how to transform authorization granted in one namespace "realm" to another realm. In some embodiments, the transformation is of the API authorization to a UX session without requiring a second sign on by the user. In some embodiments, the transformation is of the API authorization to an internal access token to obtain a response from an internal service. [Emphasis by Examiner]

Here, API authorization to a UX session without requiring a second sign on by the user  is not the same as amendment “wherein the UX session is accessible by the third party application without a sign on requirement” because the limitation does not include the user as a third party application as disclosed.  As such, it appears that this amendment to Claim 1 constitutes new matter. However, at location [0014] of the originally filed specification support can be found for the amendment.



Claim Rejections - 35 USC § 102
In the event the determination of the status of the application as subject to AIA  35 U.S.C. 102 and 103 (or as subject to pre-AIA  35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status.  
The following is a quotation of the appropriate paragraphs of 35 U.S.C. 102 that form the basis for the rejections under this section made in this Office action:
A person shall be entitled to a patent unless –

(a)(1) the claimed invention was patented, described in a printed publication, or in public use, on sale, or otherwise available to the public before the effective filing date of the claimed invention.


(a)(2) the claimed invention was described in a patent issued under section 151, or in an application for patent published or deemed published under section 122(b), in which the patent or application, as the case may be, names another inventor and was effectively filed before the effective filing date of the claimed invention.



Claims 1-5, 8-12, and 15-18 are rejected under 35 U.S.C. 102(a1)(a2) as being anticipated by Alen; Anand Bernard et al. US 20170264611, September 14, 2017, hereafter referred to as Alen.

            As to claim 1, Alen teaches a method – Alen [0063] FIG. 4 shows a diagram comprising:
            receiving, at an authorization server from a third-party application developed by a third-party, – Alen [0067]… The email server 124 may reply to the request with a response that either acknowledges that the email address is valid or invalid (step S411)…the response may be sent to authorization token module 216.  BRI, the claimed ‘receiving’ is taught by Alen as ‘may reply’ since the reply is based on the receiving of a request – the claimed  ‘third party’ is  a request to access a user experience (UX) session on behalf of a user – Alen [0027] the OAuth open standard for authorization providing secure delegated access to server resources on behalf of a resource owner, provided by these systems to log users into their own respective systems)   the request comprising an access token previously granted by the authorization server to the third-party application in response to consent by the user – Alen [0064] the network client 116 of the communication device 108 opens the redirect URL and is directed to an authorization token module 216 or OAuth /SSO server (step S405). The authorization token module 216 may present an authorization UI to the network client 116 of the communication device 108 (step S406)  BRI, the claimed ‘access token’ is taught by Alen as ‘authorization UI’ – the claimed ‘previously granted’ is taught by Alen as ‘Oauth/SSO’ since the Oauth protocol provides prior authorization to protected resources of the owner) to allow the third-party application to perform actions on behalf of the user - Alen [0027]… the OAuth open standard for authorization providing secure delegated access to server resources on behalf of a resource owner, provided by these systems to log users into their own respective systems),  
             in response to receiving the request and based on the access token, transforming, by the authorization server, the access token into a single sign on (SSO) link with a session token -  Alen [0068 and 0069] since at ‘68The authorization token module 216 may, depending on whether a validating response is received, verify and generate an authorization code. BRI, the claimed ‘access token’ is taught by Alen as ‘validating response’ because the response includes the credentials registered as OAuth step 403 – the claimed ‘transforming’ is taught by Alen as ‘generate’ whereas the claimed ‘session token’ is taught by Alen as ‘authorization code’ since at ’69 The authorization token module 216 may then redirect to the network site server 112 from a network client 116 with the authorization code (step S413). The network client 116 may then follow the redirect to the network site server 112. BRI, the claimed ‘SSO’ is taught by Alen as ‘redirect’ whereas the claimed ‘transforming’ is taught by Alen as ‘verify and generate’ because the SSO provides for downstream authorizations with OAuth); and
           transmitting, by the authorization server, the SSO link with the session token to the third-party application developed by the third-party – Alen [0069] The network client 116 may then follow the redirect to the network site server 112 … the network site server 112 may present the authorization code to the authorization token module 216 (step S415… in response to the network client 116 calling a protected resource with the access token (step S417), the network site server 112 may return the protected resource to the network client 116 (step S418). This process can allow a user to access restricted or protected resources of the network site server 112 via the network client 116 and the communication device 108 utilizing layered authorization protocols.  BRI – the claimed ‘transmitting and SSO Link’ is taught by Alen as ‘redirect’ because method step 403 performed the OAuth protocol service for SSO whereas the claimed ‘session token’ is taught by Alen as ‘access token’ because Alen [0030] teaches the token may correspond to one or more of a time associated with a single session – the claimed ‘third party application’ is taught by Alen as ‘network client 116’ which is the browser of device 108 hosting the third-party email application).

          As to claim 2, Alen teaches the method of claim 1, wherein the access token comprises embedded permissions that define resources to be accessed and operations performable on the resources for the user and the third-party application – Alen [0069] in response to the network client 116 calling a protected resource with the access token (step S417), the network site server 112 may return the protected resource to the network client 116 (step S418). This process can allow a user to access restricted or protected resources of the network site server 112 via the network client 116 and the communication device 108 utilizing layered authorization protocols), the method further comprising mapping the embedded permissions to UX permissions – Alen [0083] the access token may allow access to one or more restricted or protected resources of the server 112 during a time period associated with the access token. The restricted or protected resources may correspond to resources that are unavailable to a communication device 108 or user without identity (e.g., email address validation, etc.).

             As to claim 3, Alen teaches the method of claim 2, wherein transforming the access token into the SSO link with the session token comprises encapsulating the UX permissions within the session token - Alen [0069] This process can allow a user to access restricted or protected resources of the network site server 112 via the network client 116 and the communication device 108 utilizing layered authorization protocols. BRI, the claimed ‘encapsulating’ is taught by Alen as ‘layered’) and wherein the UX session is accessible by the third party application without a sign on requirement -  Alen [0027] It is worthwhile to note that social media systems such as Facebook®, LinkedIn®, and Twitter® not only use email addresses to log users into their own systems but several other third party applications use an authorization protocol, such as the OAuth open standard for authorization providing secure delegated access to server resources on behalf of a resource owner).

           As to claim 4, Alen teaches the method of claim 2, wherein the UX session is based on the UX permissions, the UX session providing access to a user interface or service authorized by the UX permissions – Alen [0069] Access may be provided for a period of time, a number of accesses, and/or on a conditional basis (e.g., when a user's email address or password changes, etc.) …in response to the network client 116 calling a protected resource with the access token (step S417), the network site server 112 may return the protected resource to the network client 116 (step S418). This process can allow a user to access restricted or protected resources of the network site server 112 via the network client 116 and the communication device 108 utilizing layered authorization protocols.  BRI, the claimed ‘UX session’ is taught by Alen as ‘period of time’ whereas the claimed ‘user interface/service’ is taught by Alen as ‘email’ which provides an authorization UI and service [0065] whereas the claimed ‘UX permissions’ is taught by Alen as ‘access token’ because the access token embodies the permissions authorized).

               As to claim 5, Alen teaches the method of claim 1, wherein the transforming eliminates a second factor authentication to access the UX session - Alen [0080] the communication device 108 of the user may be redirected, at least temporarily, from the server 112 to a different server or website to present the user's login credentials (e.g., for communications between the server 112 and the different server/website using OAuth, etc. BRI, the claimed ‘eliminates’ is taught by Alen as ‘OAuth’ because the protocol eliminates the need for additional factor authentication and supports SSO another authorizing protocol [0070]).

            As to claim 8, Alen teaches the method of claim 1, wherein the access token previously granted by the authorization server is an API authorization granted in response to an Open Authorization (OAuth) process – Alen [0049] the authorization token module 216 may analyze tokens issued under a particular authorization protocol (e.g., OAuth, etc.) for credential information or other identification information).

          As to claim 9, claim 9 is a system that is directed to the method of claim 1.  Therefore claim 9 is rejected for the reasons as set forth in claim 1.

          As to claim 10, claim 10 is a system that is directed to the method of claim 2.  Therefore claim 10 is rejected for the reasons as set forth in claim 2.

          As to claim 11, claim 11 is a system that is directed to the method of claim 3.  Therefore claim 11 is rejected for the reasons as set forth in claim 3.

          As to claim 12, claim 12 is a system that is directed to the method of claim 4.  Therefore claim 12 is rejected for the reasons as set forth in claim 4.

          As to claim 15, claim 15 is a machine-readable storage medium that is directed to the method of claim 1.  Therefore claim 15 is rejected for the reasons as set forth in claim 1.

           As to claim 16, claim 16 is a machine-readable storage medium that is directed to the method of claim 2.  Therefore claim 16 is rejected for the reasons as set forth in claim 2.

           As to claim 17, claim 17 is a machine-readable storage medium that is directed to the method of claim 3.  Therefore claim 17 is rejected for the reasons as set forth in claim 3.

           As to claim 18, claim 18 is a machine-readable storage medium that is directed to the method of claim 4.  Therefore claim 18 is rejected for the reasons as set forth in claim 4.

Claim Rejections - 35 USC § 103
In the event the determination of the status of the application as subject to AIA  35 U.S.C. 102 and 103 (or as subject to pre-AIA  35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status.  

A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.


Claims 6-7, 13-14, and 19-20 are rejected under 35 U.S.C. 103 as being unpatentable over Alen in view of Lander; Vadim et al., US 20170331832, November 16, 2017, hereafter referred to as Lander.

            As to claim 6, Alen teaches the method of claim 1.  ALEN DOES NOT TEACH wherein transforming the access token into the SSO link comprises transforming the access token into a SSO Uniform Resource Locator (URL), HOWEVER IN AN ANALAGOUS ART THAT IS DIRECTED TO THE SAME FIELD OF ENDEAVOR OF IDENTIFY AUTORIZATION LANDER TEACHES wherein transforming the access token into the SSO link comprises transforming the access token into a SSO Uniform Resource Locator (URL) – Lander [0091] the URL implements a microservice, and the resource portion of the URL implements an API. Accordingly, multiple APIs are aggregated under the same microservice).  The substitution of one known element such as the SSO URL for the SSO Link in Alen would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention since the substitution of the SSO URL shown in Alen would have yielded predictable results, namely, the ability to use a single sign-on that is recognizable by humans such as the host/sender in Alen’s Network Client 116 of the Device 108 instead of unintelligent bit stream or code). 

          As to claim 7, Alen teaches the method of claim 1.  ALEN DOES NOT TEACH further comprising:
        receiving an indication from the user to end the UX session; and responsive to            receiving the indication,
        redirecting the user back to the third-party application  HOWEVER IN AN ANALAGOUS ART THAT IS DIRECTED TO THE SAME FIELD OF ENDEAVOR LANDER TEACHES
         receiving an indication from the user to end the UX session; and responsive to receiving the indication, 
         redirecting the user back to the third-party application – Lander [0196] a user with an existing application session accesses Cloud Gate 1104 to initiate a logout. Alternatively, the user may have initiated the logout on the IDCS side. Cloud Gate 1104 terminates the application-specific user session, and initiates OAuth2 OpenID Provider ("OP") logout request against OAuth2 microservice 1110. OAuth2 microservice 1110 redirects to SSO microservice 1112 that kills the user's host SSO cookie.  BRI, the claimed ‘indication’ is taught y Lander as ‘initiate logout’ whereas the claimed ‘third-party application’ is taught by Lander as ‘SSO microservice 1112’ because the service is a third-party application under the Simple Mail Transfer Protocol.  Thus, it would have been recognized by one of ordinary skill in the art before the effective filing date of the claimed intention that applying the known technique of user terminating services as taught by Lander to the Network Client 116 of Alen would have yielded predicable results and resulted in an improved system, namely, a system capable of terminating micro-services hosted by the email service using Lander SMTP.  Alen’s browser is improved because of the user being able to terminate services and start new services without additional authentication being required based on the SSO OAuth protocol [0052]).          

          As to claim 13, claim 13 is a system that is directed to the method of claim 6.  Therefore claim 13 is rejected for the reasons as set forth in claim 6.

           As to claim 14, claim 14 is a system that is directed to the method of claim 7.  Therefore claim 14 is rejected for the reasons as set forth in claim 7.          

          As to claim 19, claim 19 is a machine-readable storage medium that is directed to the method of claim 6.  Therefore claim 19 is rejected for the reasons as set forth in claim 6.

          As to claim 20, claim 20 is a machine-readable storage medium that is directed to the method of claim 7.  Therefore claim 20 is rejected for the reasons as set forth in claim 7.Note:  The Examine further considered HAYTON et al, US 20110277027 A1 for SSO URL.

  THIS ACTION IS MADE FINAL.  Applicant is reminded of the extension of time policy as set forth in 37 CFR 1.136(a).  
A shortened statutory period for reply to this final action is set to expire THREE MONTHS from the mailing date of this action.  In the event a first reply is filed within TWO MONTHS of the mailing date of this final action and the advisory action is not mailed until after the end of the THREE-MONTH shortened statutory period, then the shortened statutory period will expire on the date the advisory action is mailed, and any extension fee pursuant to 37 CFR 1.136(a) will be calculated from the mailing date of the advisory action.  In no event, however, will the statutory period for reply expire later than SIX MONTHS from the mailing date of this final action. 

Conclusion
Any inquiry concerning this communication or earlier communications from the examiner should be directed to WILLIAM B. JONES whose telephone number is (571) 272-9637.  The examiner can normally be reached on Mon - Fri., 5:30 a.m. to 2:00 p.m.  If attempts to reach the examiner 
Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system.  Status information for published applications may be obtained from either Private PAIR or Public PAIR.  Status information for unpublished applications is available through Private PAIR only.  For more information about the PAIR system, see http://pair-direct.uspto.gov. Should you have questions on access to the Private PAIR system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative or access to the automated information system, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.
 /WILLIAM B JONES/Examiner, Art Unit 249111/13/2021
/ASHOKKUMAR B PATEL/Supervisory Patent Examiner, Art Unit 2491