DETAILED ACTION
Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .

Continued Examination under 37 CFR 1.114
	A request for continued examination under 37 CFR 1.114, including the fee set forth in 37 CFR 1.17(e), was filed in this Application after Final Rejection. Since this Application is eligible for continued examination under 37 CFR 1.114, and the fee set forth in 37 CFR 1.17(e) has been timely paid, the finality of the previous Office Action has been withdrawn pursuant to 37 CFR 1.114. Applicant’s submission filed on 10/22/2021 has been entered. 

Information Disclosure Statement
The information disclosure statement (IDS) submitted on 11/03/2021 is in compliance with the provisions of 37 CFR 1.97.  Accordingly, the information disclosure statement is being considered by the examiner.

EXAMINER’S AMENDMENT
An Examiner’s amendment to the record appears below. Should the changes and/or additions be unacceptable to Applicant, an amendment may be filed as provided by 37 CFR 1.312. To ensure consideration of such an amendment, it MUST be submitted no later than the payment of the issue fee.


Amendments to the Claims:
This listing of claims will replace all prior versions and listing of the claims in the application.
Listing of Claims:

1 (Currently Amended). A computer-implemented method comprising:
	receiving, at a client system from a user device, a first access request comprising a first instruction to access a protected resource stored at a resource system;
	transmitting, from the client system to an authorisation system, a token request for an access token for accessing the protected resource, in response to the first access request;
	receiving, at the client system, the access token in response to the token request, the access token having a corresponding time to expire indicative of a time at which the access token will not be valid for obtaining the protected resource from the resource system;
	storing the access token at a token storage unit of the client system;
	receiving a rejection message, at the client system, indicating that the stored access token is not valid for receiving the protected resource;
	storing, at the token storage unit of the client system, an invalidation flag associated with the stored access token, in response to receiving the rejection message indicating that the stored access token is not valid for receiving the protected resource; 
;
in response to the token request, receiving and storing an expiry time indicator in association with the access token at the token storage unit; and
scheduling a predetermined time interval between adjacent executions of token storage maintenance steps performed at the client system,
wherein storing the invalidation flag comprises setting the stored expiry time indicator associated with the access token to indicate a time that is before a current time.

2 (Original). The computer-implemented method of claim 1 further comprising:
	transmitting the stored access token from the client system to the resource system and, in response, receiving the rejection message.

3 (Canceled).

4 (Currently Amended). The computer-implemented method of claim 1 
	
	wherein the expiry time indicator is indicative of a time at which the corresponding access token will not be valid.

5 (Cancelled).

6 (Currently Amended). The computer-implemented method according to claims 4 wherein the token storage maintenance steps comprise
	comparing the time indicated by the stored expiry time indicator with a current time;
	deleting the access token corresponding with the stored expiry time indicator, if the time indicated by the stored expiry time indicator is after the current time.

7 (Original). The computer-implemented method of claim 6 wherein the token storage maintenance steps are executed intermittently or according to a predetermined schedule.

8 (Cancelled).

9 (Previously Presented). The computer-implemented method of claim 1 further comprising:
	receiving, at the client system, a refresh token corresponding to the access token, the refresh token for obtaining a valid access token at the client system; and
	storing the refresh token at the token storage unit.

10 (Previously Presented). The computer-implemented method of claim 9 further comprising:
	receiving a rejection message, at the client system, indicating that the refresh token is not valid for obtaining a valid access token; and
	storing, at the token storage unit, an invalidation flag associated with the stored refresh token.

11 (Original). The computer-implemented method of claim 10 further comprising:
	determining that the stored refresh token is associated with the invalidation flag and, in response, preventing the stored refresh token from being transmitted to the authorisation system.

12 (Previously Presented). The computer-implemented method of claim 11 wherein storing the invalidation flag comprises:
	setting a stored expiry time indicator associated with the refresh token to indicate a time that is before a current time.

13 (Previously Presented). The computer-implemented method of claim 11 further comprising token storage maintenance steps performed at the client system comprising:
	comparing the time indicated by the stored expiry time indicator with a current time;
	deleting the refresh token corresponding with the stored expiry time indicator if the time indicated by the stored expiry time indicator is after the current time.

14 (Original). The computer-implemented method of claim 13 wherein the token storage maintenance steps are executed intermittently or according to a predetermined schedule.

15 (Previously Presented). The computer-implemented method of claim 14 wherein the predetermined schedule defines a time interval between adjacent executions of the token storage maintenance steps.

16 (Currently Amended). An article of manufacture comprising:
	a non-transitory computer processor readable medium; and
	instructions stored on the medium;
	wherein the instructions are configured to be readable from the medium by at least one computer processor and thereby cause the at least one computer processor to operate so as to:
		receive, at a client system from a user device, a first access request comprising a first instruction to access a protected resource stored at a resource system;
		transmit, from the client system to an authorisation system, a token request for an access token for accessing the protected resource, in response to the first access request;
		receive, at the client system, the access token in response to the token request, the access token having a corresponding time to expire indicative of a time at which the access token will not be valid for obtaining the protected resource from the resource system;
		store the access token at a token storage unit of the client system;
		receive a rejection message, at the client system, indicating that the stored access token is not valid for receiving the protected resource; 
		store, at the token storage unit of the client system, an invalidation flag associated with the stored access token, in response to receiving the rejection message indicating that the stored access token is not valid for receiving the protected resource; 
		determine that the stored access token is associated with the invalidation flag and, in response, prevent the stored access token from being transmitted to the resource system;
in response to the token request, receive and store an expiry time indicator in association with the access token at the token storage unit; and
schedule a predetermined time interval between adjacent executions of token storage maintenance steps,
wherein storing the invalidation flag comprises setting the stored expiry time indicator associated with the access token to indicate a time that is before a current time.

17 (Cancelled).

18 (Currently Amended). A non-transitory computer readable medium comprising instructions which, when executed by a computer, cause the computer to carry out the method of:
	receiving, at a client system from a user device, a first access request comprising a first instruction to access a protected resource stored at a resource system;
	transmitting, from the client system to an authorisation system, a token request for an access token for accessing the protected resource, in response to the first access request;
	receiving, at the client system, the access token in response to the token request, the access token having a corresponding time to expire indicative of a time at which the access token will not be valid for obtaining the protected resource from the resource system;
	storing the access token at a token storage unit of the client system;
	receiving a rejection message, at the client system, indicating that the stored access token is not valid for receiving the protected resource;
	storing, at the token storage unit of the client system, an invalidation flag associated with the stored access token, in response to receiving the rejection message indicating that the stored access token is not valid for receiving the protected resource; 
	determining that the stored access token is associated with the invalidation flag and, in response, preventing the stored access token from being transmitted to the resource system;
in response to the token request, receiving and storing an expiry time indicator in association with the access token at the token storage unit; and
scheduling a predetermined time interval between adjacent executions of token storage maintenance steps,
wherein storing the invalidation flag comprises setting the stored expiry time indicator associated with the access token to indicate a time that is before a current time.

19 (Currently Amended). A client system comprising processing circuitry configured to:
	receive, from a user device, a first access request comprising a first instruction to access a protected resource stored at a resource system;
	transmit, to an authorisation system, a token request for an access token for accessing the protected resource, in response to the first access request; and
	receive, at the client system, the access token in response to the token request, the access token having a corresponding time to expire indicative of a time at which the access token will not be valid for obtaining the protected resource from the resource system;
	wherein the client system comprises a token storage unit configured to store the access token; and
	the processing circuitry is further configured to:
	receive a rejection message, at the client system, indicating that the stored access token is not valid for receiving the protected resource;
	store, at the token storage unit of the client system, an invalidation flag associated with the stored access token, in response to receiving the rejection message indicating that the stored access token is not valid for receiving the protected resource; 
	determine that the stored access token is associated with the invalidation flag and, in response, preventing the stored access token from being transmitted to the resource system;
in response to the token request, receive and store an expiry time indicator in association with the access token at the token storage unit; and
schedule a predetermined time interval between adjacent executions of token storage maintenance steps,
wherein storing the invalidation flag comprises setting the stored expiry time indicator associated with the access token to indicate a time that is before a current time.

20 (Currently Amended). A client system comprising:
	a receiver configured to receive, from a user device, a first access request comprising a first instruction to access a protected resource stored at a resource system; and
	a transmitter configured to transmit, to an authorisation system, a token request for an access token for accessing the protected resource, in response to the first access request;
	wherein the receiver is configured to receive the access token in response to the token request, the access token having a corresponding time to expire indicative of a time at which the access token will not be valid for obtaining the protected resource from the resource system;
	wherein the client system further comprises a token storage unit configured to store the access token;
	wherein the receiver is configured to receive a rejection message, at the client system, indicating that the stored access token is not valid for receiving the protected resource;
wherein the token storage unit of the client system is configured to store an invalidation flag associated with the stored access token, in response to receiving the rejection message indicating that the stored access token is not valid for receiving the protected resource; 
wherein the client system is configured to determine that the stored access token is associated with the invalidation flag and, in response, to prevent the stored access token from being transmitted to the resource system;
wherein the client system is configured, in response to the token request, to receive and store an expiry time indicator in association with the access token at the token storage unit;
wherein the client system is configured to schedule a predetermined time interval between adjacent executions of token storage maintenance steps; and
wherein storing the invalidation flag comprises setting the stored expiry time indicator associated with the access token to indicate a time that is before a current time.


Allowable Subject Matter
After all amendments, 35 U.S.C. 103 Rejections of record are withdrawn.
Per MPEP 1302.14: I. Reasons for Allowance, the examiner’s actions and the applicant’s replies make evident the reasons for allowance, satisfying the "record as a whole" proviso of the rule. Applicant has fully complied with 37 CFR 1.111(b) and (c) and 37 CFR 1.133(b). Thus, the examiner’s actions clearly point out the reasons for rejection and the applicant’s reply explicitly presents reasons why claims are patentable over the reference, the reasons for allowance are in all probability evident from the record.
As such, claims 1-2, 4, 6-7, 9-16 and 18-20 are allowed.

Conclusion
Any comments considered necessary by Applicant must be submitted no later than the payment of the issue fee and, to avoid processing delays, should preferably accompany the issue fee. Such submissions should be clearly labeled “Comments on Statement of Reasons for Allowance.” 


Any inquiry concerning this communication or earlier communications from the examiner should be directed to AREZOO SHERKAT whose telephone number is (571)272-8533. The examiner can normally be reached Monday - Friday 8:30-5.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Jung Kim can be reached on 571 - 272 - 3804. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. Visit https://www.uspto.gov/patents/apply/patent-center for more information about Patent Center and https://www.uspto.gov/patents/docx for information about filing in DOCX format. For additional questions, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.





/AREZOO SHERKAT/Examiner, Art Unit 2494