Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .

	DETAILED ACTION
Response to Amendment
This action is in response to an amendment filed October 1, 2021. Claims 1,-2 and 5-7 have been amended. Claims 1-7 remain pending in this application.

Claim Objections
Claim 6 is objected to because of the following informalities:  Token is misspelled as “toke” in limitation “verify effectiveness of the…”.  Appropriate correction is required.

Response to Arguments
Applicant's arguments filed October 1, 2021 have been fully considered but they are not persuasive. Applicants are arguing in substance the following:

Arguments to Claims 1 and 6-7:
a) Applicant(s) contend Zhou does not explicitly teach “receive a new refresh token and the access token from the authentication server”.

Response to argument a:
The Examiner respectfully disagrees. In paragraph [0133], Zhou discloses an account management server which regenerates a new refresh key and a new 


The examiner has addressed arguments directed to claim limitations as stated only. Arguments not directed towards claim limitations have not been addressed. Applicant(s) is/are urged to direct arguments for claim limitations recited, because arguments not directed to claim limitations and statements are not given value since they do not appear in the claim. As to any claims not specifically discussed, the applicant(s) argued that it was patentable for one of the reasons discussed above. Please see response to above arguments for unspecified discussions. 

Claim Rejections - 35 USC § 102
The following is a quotation of the appropriate paragraphs of 35 U.S.C. 102 that form the basis for the rejections under this section made in this Office action:
A person shall be entitled to a patent unless –

(a)(1) the claimed invention was patented, described in a printed publication, or in public use, on sale, or otherwise available to the public before the effective filing date of the claimed invention.

Claim(s) 1-2 and 5-7 is/are rejected under 35 U.S.C. 102(a)(1) as being anticipated by Zhou et al. (US 2017/0337361 A1).

With respect to claim 1, Zhou discloses an information processing apparatus comprising:
a memory configured to store, in an associated form, management information and a refresh token, the management information associated with a user (Abstract, [0023], [0027], and [0070]-[0072], user ID, authorization key, and refresh key are stored in storage module of terminal device), the refresh token serving as second qualification information that is used to acquire an access token serving as first qualification information for use of a web service ([0073]-[0074] and [0110], refresh key has longer valid period of authorization key and used for verifying user to app resource server); and
a processor configured to
accept the management information ([0007] and [0015]-[0016], user ID is verified),
transmit the refresh token to an authentication server, wherein the refresh token is associated with the management information and stored on the memory ([0080], terminal transmits ticket refresh which includes user ID and refresh key to account management server),
receive a new refresh token and the access token from the authentication server as a result of the authentication server verifying that the refresh token transmitted to the authentication server is effective (Figure 6 and [0132]-[0133]; terminal device requests new authorization key using user ID and refresh key previously received; account management server then issues new refresh and access tokens and returns a new authentication ticket to the terminal device), and

With respect to claim 2, Zhou discloses the information processing apparatus according to Claim 1, wherein the processor is further configured to, 
if the refresh token associated with the management information is not stored on the memory, cause a display to display a screen that requests the user to enter authentication information for the authentication server to authenticate the user ([0067]-[0068], when authentication ticket is invalid, user name and password are inputted by the user),
accept the authentication information ([0069], authentication ticket is received),
transmit the accepted authentication information to the authentication server ([0069], authentication ticket is received by account management server),
receive the access token and the refresh token that are transmitted by the authentication server if the authentication server has successfully authenticated the user in accordance with the transmitted authentication information( [0080]-[0082], if refresh key is in valid period, account management server sends authentication ticket to terminal),
cause the memory to store in an associated form the accepted management information, the accepted authentication information, and the refresh token received from the authentication server (Abstract, [0023], [0027], and [0070]-[0072], user ID, authorization key, and refresh key are stored in storage module of terminal device), and

With respect to claim 5, Zhou discloses the information processing apparatus according to Claim 1,
wherein the authentication server issues access tokens to use the web service on a per web service basis ([0013] and [0033], authentication ticket is returned to terminal for use with an app resource server), and 
wherein the processor is further configured to 
transmit the refresh token and information to identify the web service specified by the user to the authentication server ([0080], terminal transmits ticket refresh which includes user ID and refresh key to account management server), 
receive the new refresh token and the access token for use of the web service specified by the user and transmitted by the authentication server if the authentication server has verified that the refresh token transmitted to the authentication server is effective ([0132]-[0133], returning a new authentication ticket which includes a new refresh key and new authorization key; [0080]-[0082], determining whether refresh key is in a valid period for use with app resource server and provide authentication ticket if so), and
use the web service, specified by the user, with the access token ([0013] and [0033], the app resource server is accessed using received authentication ticket).
With respect to claim 6, Zhou discloses an information processing system comprising:
an information processing apparatus ([0060] and Figure 1, terminal device); and
an authentication server ([0060] and [0183], account management server 120),
wherein the information processing apparatus includes a first memory and a first processor ([0060] and Figure 1, terminal device) and the authentication server includes a second processor (Figure 1, 120, account management server),
wherein the first memory stores, in an associated form, management information and a refresh token, the management information being associated with a user (Abstract, [0023], [0027], and [0070]-[0072], user ID, authorization key, and refresh key are stored in storage module of terminal device), the refresh token serving as second qualification information used to acquire an access token, the access token serving as first qualification information for use of a web service ([0073]-[0074] and [0110], refresh key has longer valid period of authorization key and used for verifying user to app resource server);
wherein the first processor is configured to
accept the management information ([0007] and [0015]-[0016], user ID is verified), and
transmit the refresh token to the authentication server, wherein the refresh token is associated with the management information and stored on the first memory ([0080], terminal transmits ticket refresh which includes user ID and refresh key to account management server),
wherein the second processor is configured to

verify effectiveness of the refresh token after the refresh toke is received ([0080]-[0082], determining whether refresh key is in a valid period for use with app resource server), and
transmit a new refresh token and the access token to the information processing apparatus after verification of the refresh token ([0132]-[0133], returning a new authentication ticket which includes a new refresh key and new authorization key; [0080]-[0082], if refresh key is in valid period, account management server sends authentication ticket to terminal), and
wherein the first processor is further configured to
receive the new refresh token and the access token from the authentication server ([0013], [0033], and [0133], authentication ticket is returned to terminal for use with an app resource server), and
use the web service with the received access token ([0013] and [0033], the app resource server is accessed using received authentication ticket).
With respect to claim 7, Zhou discloses a non-transitory computer readable medium storing a program causing a computer to execute a process for processing information, the computer including a memory, the process comprising:
causing the memory to store, in an associated form, management information and a refresh token, the management information being associated with a user (Abstract, [0023], [0027], and [0070]-[0072], user ID, authorization key, and refresh key , the access token serving as first qualification information for use of a web service ([0073]-[0074] and [0110], refresh key has longer valid period of authorization key and used for verifying user to app resource server);
accepting the management information ([0007] and [0015]-[0016], user ID is verified);
transmitting the refresh token to an authentication server, wherein the refresh token associated with the management information and stored on the memory ([0080], terminal transmits ticket refresh which includes user ID and refresh key to account management server);
receiving a new refresh token and the access token from the authentication server as a result of the authentication server verifying that the refresh token transmitted to the authentication server is effective (Figure 6 and [0132]-[0133]; terminal device requests new authorization key using user ID and refresh key previously received; account management server then issues new refresh and access tokens and returns a new authentication ticket to the terminal device); and
using the web service with the received access token ([0013] and [0033], the app resource server is accessed using received authentication ticket).

Claim Rejections - 35 USC § 103
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:


Claims 3-4 is/are rejected under 35 U.S.C. 103 as being unpatentable over Zhou et al. (US 2017/0337361 A1), in view of Canavor et al. (US 2018/0026968 A1).

With respect to claim 3, Zhou discloses the information processing apparatus according to Claim 1, but does not explicitly teach wherein the processor is further configured to delete the access token from the information processing apparatus if the user has logged out from the information processing apparatus;
However, Canavor discloses the processor is further configured to delete the access token from the information processing apparatus if the user has logged out from the information processing apparatus ([0059], security credentials maintained ephemerally in a client’s memory is erased when client logs out and exits a browser);
Therefore, it would have been obvious to one of ordinary skill in the art, at the time the invention was filed, to combine the teachings of Zhou with the teachings of Canavor and delete an access token from an apparatus when a user logs out, in order to prevent potential thief of the user’s credentials by removing the credentials from the device upon a session ending.
With respect to claim 4, Zhou discloses the information processing apparatus according to Claim 2, but does not explicitly teach wherein the processor is further configured to delete the access token from the information processing apparatus if the user has logged out from the information processing apparatus;

Therefore, it would have been obvious to one of ordinary skill in the art, at the time the invention was filed, to combine the teachings of Zhou with the teachings of Canavor and delete an access token from an apparatus when a user logs out, in order to prevent potential thief of the user’s credentials by removing the credentials from the device upon a session ending.

Conclusion
Applicant's amendment necessitated the new ground(s) of rejection presented in this Office action.  Accordingly, THIS ACTION IS MADE FINAL.  See MPEP § 706.07(a).  Applicant is reminded of the extension of time policy as set forth in 37 CFR 1.136(a).  
A shortened statutory period for reply to this final action is set to expire THREE MONTHS from the mailing date of this action.  In the event a first reply is filed within TWO MONTHS of the mailing date of this final action and the advisory action is not mailed until after the end of the THREE-MONTH shortened statutory period, then the shortened statutory period will expire on the date the advisory action is mailed, and any extension fee pursuant to 37 CFR 1.136(a) will be calculated from the mailing date of the advisory action.  In no event, however, will the statutory period for reply expire later than SIX MONTHS from the date of this final action. 

Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Kevin T. Bates can be reached on 571-272-3980.  The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system.  Status information for published applications may be obtained from either Private PAIR or Public PAIR.  Status information for unpublished applications is available through Private PAIR only.  For more information about the PAIR system, see https://ppair-my.uspto.gov/pair/PrivatePair. Should you have questions on access to the Private PAIR system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative or access to the automated information system, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.
/ESTHER B. HENDERSON/Primary Examiner, Art Unit 2458                                                                                                                                                                                                        December 29, 2021