Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .

In the event the determination of the status of the application as subject to AIA  35 U.S.C. 102 and 103 (or as subject to pre-AIA  35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status.

DETAILED ACTION
This is in response to Application #17/119,646 filed on 12/11/2020 in which Claims 1-18 are presented for examination.

Status of Claims
Claims 1-18 are pending, of which Claims 1-18 are considered allowable over prior art once all 35 U.S.C. 112(b) Rejections and Claim Objections described below are satisfactorily addressed.

Claim Objections
Regarding Claims 11-18, these claims are objected to for an apparent typographical error.  These claims recite “The computer-implemented system of claim 10” in Line 1.  However, in the preamble of Claim 10, Claim 10 is described as a “system”, not a “computer-implemented system”.

Appropriate correction is required.

Claim Rejections - 35 USC § 112
The following is a quotation of 35 U.S.C. 112(b):
(b)  CONCLUSION.—The specification shall conclude with one or more claims particularly pointing out and distinctly claiming the subject matter which the inventor or a joint inventor regards as the invention.


The following is a quotation of 35 U.S.C. 112 (pre-AIA ), second paragraph:
The specification shall conclude with one or more claims particularly pointing out and distinctly claiming the subject matter which the applicant regards as his invention.


Claim(s) 1-9 rejected under 35 U.S.C. 112(b) or 35 U.S.C. 112 (pre-AIA ), second paragraph, as being indefinite for failing to particularly point out and distinctly claim the subject matter which the inventor or a joint inventor (or for applications subject to pre-AIA  35 U.S.C. 112, the applicant), regards as the invention.

Claim 1 recites the limitation “delivering the private key and the client certificate that are installed in an environment of the client service application” in Line(s) 3-4.  There is insufficient antecedent basis for this limitation in the claim.  Although a private key and a client certificate have been referenced before the occurrence of this limitation in the claim, no mention of a private key and a client certificate that are installed in an environment of the client service application has yet to be referenced.

Claim 5 recites the limitation “the configuration information defined on the server” in Line(s) 3.  There is insufficient antecedent basis for this limitation in the claim.  Although configuration information associated with the server configuration identifier has been referenced before the occurrence of this limitation in the claim, no mention of any configuration information defined on the server has yet to be referenced.

Regarding Claim(s) 2-9, (they/it) (are/is) (a) dependent claim(s) dependent on Claim(s) 1, which have/has inherited the deficiencies of the parent claim and (have/has) not resolved the deficiencies. Therefore, (they/it) (are/is) rejected based on the same rationale as applied to the parent Claim(s) 1 above.

Allowable Subject Matter
Claims 1-18 are considered allowable over prior art.

The instant invention is directed to the automated authentication of client services.

The closest prior art, as recited, John US Patent Application Publication No. 2008/0288405 and Pandey et al. US Patent Application Publication No. 2018/0332016, are also generally directed to various aspects of providing the authentication of client services.  However, John or Pandey et al. does not teach or suggest, either singularly or in combination, the particular combination of steps or elements as recited in the independent claims 1, 10.  For example, none of the cited prior art teaches or suggests the steps of:
Regarding Claim 1:
defining, on the server, one or more authorized client operations for the client account, receiving, from the client service application on the server, the client certificate and a request to perform a requested client service, wherein the request comprises a server configuration identifier for the requested client service, verifying, on the server, the client certificate at an application layer, extracting a client account ID from the client certificate, determining whether the client account corresponding to the client service application is authorized to perform the requested client service, wherein the determining is based on the client account ID and configuration information associated with the server configuration identifier, upon determining that the client account is authorized to perform the requested client service, processing the request and sending the authorization to the client service application, and upon determining that the client account is not authorized to perform the requested client service, denying the requested client service
When combined with the additional limitations found in Claim 1.

Regarding Claim 10:
define, on the server computing environment, one or more authorized client operations for the client account, receive, from the client service application, the client certificate and a request to perform a requested client service, wherein the request comprises a server configuration identifier for the requested client service,  verify the client certificate at an application layer, extract a client account ID from the client certificate,  determine whether the client account corresponding to the client service application is authorized to perform the requested client service, wherein the determination is based on the client account ID and configuration information associated with the server configuration identifier, and upon a determination that the client account is authorized to perform the requested client service, process the request and send the result of the requested client service to the client service application, and upon a determination that the client is not authorized to perform the requested client service, deny the requested client service
When combined with the additional limitations found in Claim 10.

Therefore Claims 1-18 of the instant application are considered allowable over the cited prior art once all 35 U.S.C. 112 Rejections and Claim Objections described above are satisfactorily addressed.

Conclusion
The prior art made of record and not relied upon is considered pertinent to applicant's disclosure.
Champagne - US_7194761: Champagne teaches the automatic authentication of a client device to a server device.
Sun et al - US_20040078597: Sun et al. teaches automatic Client Authentication in a wireless network.

Any inquiry concerning this communication or earlier communications from the examiner should be directed to BRADLEY HOLDER whose telephone number is 571-270-3789.  The examiner can normally be reached on Monday-Friday 10:00AM-7:00PM Eastern Time.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Yin-Chen Shaw can be reached on (571) 272- 8878.  The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system.  Status information for published applications may be obtained from either Private PAIR or Public PAIR.  Status information for unpublished applications is available through Private PAIR only.  For more information about the PAIR system, see http://pair-direct.uspto.gov. Should you have questions on access to the Private PAIR system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative or access to the automated information system, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.

/BRADLEY W HOLDER/
Primary Examiner, Art Unit 2498