DETAILED ACTION
This Office Action is in response to the Amendment filed on October 18th, 2021.
In the event the determination of the status of the application as subject to AIA  35 U.S.C. 102 and 103 (or as subject to pre-AIA  35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status.
In the instant Amendment, claims 1, 10 & 18 are independent. Claims 1-20 have been examined and are pending.

Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .

Response to Arguments
Applicant’s arguments in the instant Amendment, filed on 10/18/2021, with to limitations listed below, have been fully considered but they are not persuasive.
On pages 7-8 of Applicant’s Remarks, Applicants submit that the pending claims include features that remove the claims from the category of mental processes, as the pending claims do not recite concepts performed solely in the human mind (Emphasis added).
The examiner respectfully disagrees. The claims reciting the limitations “receiving, by a first service operating within a computing system, a modified identity data object from a second service operating within the computing system, wherein the modified identity data object includes at least one identifier associated with a client of the computing system; determining, by the first service, that the second service performed a first action on an identity data object to generate the modified identity data object; and validating the modified identity data object based on whether the second service is authorized to perform the first action” are directed to an abstract idea as the claims recite mental processes. The steps of receiving, determining, and validating can be performed by human mind. For instance; a piece of information or data or content for a service or an operation can be sent or received between a user A and a user B within a community or a network; a community or a network can be considered as a computing system because computing system is not necessarily required a computing device or hardware; the user A and user B can be considered as a client of the community or the network; the piece of information or data or content can be modified, edited or changed or determined or validated or verified by the user A and user B before exchanging. It’s noted that the claims recite additional element(s) (i.e., a first service, a second service, a client, a computing system).  However, said additional element is recited at a high-level of generality (i.e., as a generic processor performing a generic computer function of receiving/determining/validating) such that it amounts no more than mere instructions to apply the exception using a generic computer component. Accordingly, this additional element does not integrate the abstract idea into a practical application because it does not impose any meaningful limits on practicing the abstract idea.  Therefore, the claims are not integrated into a practical application. Generic computer components recited as performing generic computer functions that are well understood, routine and conventional activities amount to no more than implementing the abstract idea with a computerized system. Because the claims are directed to an abstract idea at step one of 
On pages 8-9 of Applicant’s Remarks, Applicants submit that the claimed approach is directed towards the practical application of enabling edge network devices to orchestrate the use and modification of a single identity data object within a distributed computing system (Emphasis added).
The examiner respectfully disagrees. Though lengthy an numerous, the claims do not go beyond requiring the collection, analysis, and display of available information in a particular field, stating those functions in general terms, without limiting them to technical means for performing the functions that are arguably an advance over conventional computer and network technology. The claims, defining a desirable information-based result and not limited to inventive means of achieving the result, fail under §101. Because the claims are directed to an abstract idea at step one of the patent-eligibility inquiry, the claims are thus directed towards an abstract idea, and as such directed to non-statutory subject matter. The claims do not include additional elements that are sufficient to amount to significantly more than the judicial exception because the additional elements when considered both individually and as an ordered combination do not amount to significantly more than the abstract idea. As mentioned above, although the claims recite additional element, said element taken individually or as a combination, do not result in the claim amounting to significantly more than the abstract idea because as the additional elements perform generic computer content distributing functions routinely used in information technology field. Validating the modified identity data object based on whether the second service is authorized to perform the first action is conventional, well know routing in view of 
On pages 9-11 of Applicant’s Remarks, Applicants submitted that Frei does not teach or suggest “determining, by the first service, that the second service performed a first action on an identity data object to generate the modified data object” as claim 1 expressly recites (Emphasis added).
The Examiner disagrees with the Applicants. As described in pars. [0052]-[0056] and illustrated in fig. 1 in Frei’s optimized token-based proxy authentication, the first service 118 requests the token generator 120 for generating a converted version of user authentication token 136, referred to as a proxy token 138. The first service 118 is considered as the first service and the proxy token 138 is considered as a modified data identity. The proxy token 138 is used to gain authorization for access to second service 122 by first service 118 on behalf of the user. It is clearly seen that Frei is not silent about the second service processing, which is using the proxy token 138 to gain access to the second service 122 by first service 118. In addition, the proxy token 138 is used to determine whether the first service 118 is allowed to access the second service 122 or not. It is clear seen that Frei is neither silent about the second service determining that the first service caused the generation of the proxy token. Thus, Frei does disclose the limitations argued above.
On pages 9-11 of Applicant’s Remarks, Applicants submitted that Frei is silent about the “second service determining that the first service caused the generation of the proxy token” as claim 1 expressly recites (Emphasis added).



Claim Rejections - 35 USC § 101
35 U.S.C. 101 reads as follows: 
Whoever invents or discovers any new and useful process, machine, manufacture, or composition of matter, or any new and useful improvement thereof, may obtain a patent therefor, subject to the conditions and requirements of this title.

Claims 1-20 are rejected under 35 U.S.C. 101 as being directed to non-statutory subject matter.
Regarding claims 1, 10 and 18; claims 1, 10 and 18 are/is rejected under 35 USC 101 because the claims are/is directed to an abstract idea without being integrated into a practical application nor being significantly more.
“receiv[ing] a modified identity data object,” “determin[ing] that the second service performed a first action on an identity data object” and “validat[ing] the modified identity data object based on whether the second service is authorized to perform the first action” are directed to an abstract idea as the claims recite mental processes. Accordingly, the claims recite an abstract idea.  This judicial exception is not integrated into a practical application.  It’s noted that the claims recite additional element(s) (i.e., a first service, a second service, a client).  However, said additional element is recited at a high-level of generality (i.e., as a generic processor performing a generic computer function of receiving/determining/validating) such that it amounts no more than mere instructions to apply the exception using a generic computer component. Accordingly, this additional element does not integrate the abstract idea into a practical application because it does not impose any meaningful limits on practicing the abstract idea.  Therefore, the claims are not integrated into a practical application.
The claims do not include additional elements that are sufficient to amount to significantly more than the judicial exception because the additional elements when considered both individually and as an ordered combination do not amount to significantly more than the abstract idea. As mentioned above, although the claims recite additional element, said element taken individually or as a combination, do not result in the claim amounting to significantly more than the abstract idea because as the additional elements perform generic computer content distributing functions routinely used in information technology field. Validating the modified identity data object based on whether the second service is authorized to perform the first action is conventional, well know routing in view of Berkeeimer memo here. Generic computer components recited as performing generic 
Regarding claims 2-9, 11-17 and 19-20; claims 2-9, 11-17 and 19-20 are also rejected under 35 U.S.C 101 as being directed to non-statutory subject matter for the same reasons addressed above as the claims are directed to abstract idea without being integrated into a practical application nor being significantly more.

Claim Rejections - 35 USC § 102
The following is a quotation of the appropriate paragraphs of 35 U.S.C. 102 that form the basis for the rejections under this section made in this Office action:
A person shall be entitled to a patent unless –

(a)(1) the claimed invention was patented, described in a printed publication, or in public use, on sale or otherwise available to the public before the effective filing date of the claimed invention.

Claims 1-20 are rejected under 35 U.S.C. 102(a)(1) as being anticipated by Frei et al. (Frei), U.S. Pub. Number 2016/0142409.
Regarding claim 1; Frei discloses a computer-implemented method, comprising:
receiving, by a first service operating within a computing system, a modified identity data object from a second service operating within the computing system (par. 0056; generates a converted version of user authentication token 136; the converted version of user authentication token 136 referred to as a proxy token 138, may be used to gain authorization for access to second device 122 by first service 118 on behalf of the user.), wherein the modified identity data object includes at least one identifier associated with a client of the (par. 0058; authentication request 134 includes proxy token 138, and may additionally include information about the user (e.g., login credentials).);
determining, by the first service, that the second service performed a first action on an identity data object to generate the modified identity data object (pars. 0052 & 0055; authentication token 136 may be used to authenticate the user for first service 118; first service 118 may determine that second service 122 needs to be accessed to perform subsequent service on behalf of app 144 and the user; the act of the second service for receiving the authentication request from the first service implies that a first action has been performed for the authentication request.); and
validating the modified identity data object based on whether the second service is authorized to perform the first action (par. 0058; server 106 may authenticate the user based on the received proxy token 138.).
Regarding claim 2; Frei discloses the computer-implemented method of claim 1, further comprising: generating, by the first service, the identity data object that includes the at least one identifier, wherein the second service performs the first action to modify the at least one identifier in order to generate the modified identity data object (par. 0108; generate proxy token from the user authentication token for second service 122 in a modified fashion where the second and third nonces are included).
Regarding claim 3; Frei discloses the computer-implemented method of claim 2, further comprising: receiving, by the first service from a client device associated with the client, a first authentication token (); and extracting, by the first service, a first identifier from the first authentication token, wherein the at least one identifier includes the first identifier (par. 00732; client device 102 may forward user authentication token 136 (extracted from authentication token response 130) through network 110 in authentication request 132 to server 104.).
Regarding claim 4; Frei discloses the computer-implemented method of claim 3, further comprising modifying, based on the modified identity data object, the first authentication token to generate a second authentication token (par. 0108; generate proxy token from the user authentication token for second service 122 in a modified fashion where the second and third nonces are included.).
Regarding claim 5; Frei discloses the computer-implemented method of claim 1, wherein the modified identity data object includes: a first set of identifiers associated with the client; and a second set of identifiers associated with a client device, wherein the at least one identifier is included in the first set of identifiers, or the second set of identifiers (par. 0117; identifiers can be transmitted to a network service to identify users and equipment.).
Regarding claim 6; Frei discloses the computer-implemented method of claim 1, further comprising comparing, by the first service, the first action to a first list of authorized actions, wherein the first action is valid only when the first action matches at least one action included in the first list of authorized actions (par. 0059; a service-to-service user authorization is enabled in a secure and communication efficient manner.).
Regarding claim 7; Frei discloses the computer-implemented method of claim 1, further comprising determining, by the first service, that the second service is included in a first list of authorized services, wherein the first action is valid only when the second service is included in the first list of authorized services (par. 0059; fewer communications are made to enable the service-to-service authorization relative to delegation token and token exchange techniques.)
Regarding claim 8; Frei discloses the computer-implemented method of claim 1, wherein the second service performs the first action on the identity data object by: receiving the identity data object; receiving a first message that includes information not included in the identity data object; generating a first request that includes: a first portion based on data extracted from the identity data object, and a second portion based on data extracted from the information included in the first message; receiving a first response to the first request; and modifying the at least one identifier based on data included in the first response (par. 0063; identity provider 112 receives authentication token request 128 (e.g.,. from client device 102); authentication request is a request for a token to be used to enable a user of the client device to access a service, such as first service; authentication token request may be transmitted and received as a signal.).
Regarding claim 2; Frei discloses the computer-implemented method of claim 1, further comprising: identifying a first key used by the second service to perform the first action; and determining that the second service is authorized to use the first key to perform the first action (par. 0063; authentication token request may include information such as an identifier for the user (e.g., user name or login name), a password or other credentials corresponding to the user identifier, an identifier for the service desired to be accessed, and identifier for the client device, and/or other information.).
Regarding claims 10-17
Regarding claims 18-20; Claims 18-20 are directed to one or more non-transitory computer-readable media which have similar scope as claims 1-9. Therefore, claims 18-20 remain un-patentable for the same reasons.


Conclusion
THIS ACTION IS MADE FINAL.  Applicant is reminded of the extension of time policy as set forth in 37 CFR 1.136(a).  
A shortened statutory period for reply to this final action is set to expire THREE MONTHS from the mailing date of this action.  In the event a first reply is filed within TWO MONTHS of the mailing date of this final action and the advisory action is not mailed until after the end of the THREE-MONTH shortened statutory period, then the shortened statutory period will expire on the date the advisory action is mailed, and any extension fee pursuant to 37 CFR 1.136(a) will be calculated from the mailing date of the advisory action.  In no event, however, will the statutory period for reply expire later than SIX MONTHS from the mailing date of this final action.
Any inquiry concerning this communication or earlier communications from the examiner should be directed to KHOI V LE whose telephone number is (571)270-5087.  The examiner can normally be reached on 9:00 AM - 5:00 PM EST.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.

Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system.  Status information for published applications may be obtained from either Private PAIR or Public PAIR.  Status information for unpublished applications is available through Private PAIR only.  For more information about the PAIR system, see http://pair-direct.uspto.gov. Should you have questions on access to the Private PAIR system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative or access to the automated information system, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.


/KHOI V LE/
Primary Examiner, Art Unit 2436