Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .
DETAILED ACTION
The instant application having Application No. 16/292,786 is presented for examination by the examiner.  Claims 1-16, 18, and 20-24 have been amended.  Claims 1-24 are pending.

Response to Amendment


Claim Rejections - 35 USC § 101
Rejections under this statute have been overcome by amendment.

Claim Rejections - 35 USC § 112


Claim Rejections - 35 USC § 112
The following is a quotation of 35 U.S.C. 112(b):
(B)  CONCLUSION.—The specification shall conclude with one or more claims particularly pointing out and distinctly claiming the subject matter which the inventor or a joint inventor regards as the invention.





As per claims 1, 8, 15, and 21 the service request is defined twice (once in the preamble and again in the body of the claim, rendering the claim indefinite. 

Response to Arguments
Applicant’s arguments with respect to claim(s) 1, 8, 15, and 21 have been considered but are moot because the new ground of rejection does not rely on any reference applied in the prior rejection of record for any teaching or matter specifically challenged in the argument.


Claim Rejections - 35 USC § 103
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having 

Claims 1-3, 8-10, 13, 15-17, 19, 21, and 22 are rejected under 35 U.S.C. 103 as being unpatentable over USP Application Publication 2005/0132060 to Mo et al., Mo in view of USP Application Publication 2020/0119586 to Russo et al., hereinafter Russo.

As per claims 1 and 8, Mo teaches a system/method for authorizing a service request between two services in a network environment, the system comprising:

a target service configured to run a recurring background process occurring  between a request service [requestor uses agent or registry service] and the target service [gateway], the recurring background process including:
obtaining, at the target service, a pre-authorization token from the request service, the pre-authorization token including a signature of the request service (0094), 

confirming at the target service the pre-authorization token from the request service, the pre-authorization token was issued by the service specified in the signature (0099), 
in response to the target service confirming that the pre-authorization token was issued by the request service specified in the signature, generating, at the second service, an acknowledgement of the pre-authorization token (0100), 

 and wherein separate from the recurring background process: 

in response to receiving a service request from the request service including the pre-authorization token at an instance of the target service, confirming, at the instance of the target service, the pre-authorization token (Fig. 6, 627 and Fig. 6B, 633 ), and, in response to the confirmation, authorizing the service request (messages are relayed; 0073).
Mo is silent in explicitly teaching storing the acknowledged pre-authorization token for access by any instance of the second service; and comparing the received token to the stored token.  Mo verifies tokens as they arrived.  Mo teaches reusing tokens multiple times within their time allotment (0084).  Russo teaches a way in which tokens are authenticated by comparing received tokens to pre-authorized tokens that were stored in a data record (0072).  Since the tokens have limited lifetimes saving tokens and comparing them is faster computationally than verifying individual cryptographic data within every time a user reuses the same token.  Therefore, one of ordinary skill in the art would have known tokens can be authentication by comparison to pre-authenticated tokens and such a substitution would yield predictable results.  The claim is obvious because one of ordinary skill in the art can substitute known methods which do not produce unpredictable results.  The end result is the same; a request with a valid supplied token would be granted.  

As per claims 15 and 21, Mo teaches a method for authorizing a service request between two services in a network environment, the method comprising: 
in a recurring background process occurring  between a first service and a second service: 
generating, at a first service [requester using agent/registry], a pre-authorization token including a signature of the first service (0090), 
publishing, by the first service, the pre-authorization token [adds to message; 0090], 
validating, at the second service, that the pre-authorization token was issued by the first service specified in the signature (0099), and in response to validating the pre-authorization token, generating, at the second service, an  acknowledgment acknowledging validation of the pre-authorization token as being issued by the first service specified in the signature in the pre-authorization token (0100), and 
separate from the recurring background process: 
transmitting, by the first service, a service request including the acknowledged pre-authorization token to the second service (0073, 0090, and 0094); and 
receiving, at the first service, an authorization, from the second service, for the service request (0100, step 629).
Mo is silent in explicitly teaching storing, by the second service, the acknowledged pre-authorization token for access by the first service.  Mo teaches reusing tokens multiple times within their time allotment (0084).  Russo teaches a way in which tokens are authenticated by comparing received tokens to pre-authorized tokens that were stored in a data record (0072).  Since the tokens have limited lifetimes saving tokens and comparing them is faster computationally than verifying individual cryptographic data within every time a user reuses the same token.  Therefore, one of ordinary skill in the art would have known tokens can be authentication by comparison to pre-authenticated tokens and such a substitution would yield predictable results.  The claim is obvious because one of ordinary skill in the art can substitute known methods which do not produce unpredictable results.  The end result is the same; a request with a valid supplied token would be granted.  

As per claims 2 and 9, Mo teaches in response to receiving the service request from the first service including the pre-authorization token at the instance of the second service and not confirming the pre- authorization token matches a stored, acknowledged pre-authorization token, indicating the service request is unauthorized [0100 and last sentence of 0101].
As per claims 3, 10, 16, and 22, Mo teaches the second service includes a plurality of instances of the second service [0096], and wherein the pre-authorization token is configured for validation by a predetermined one of the plurality of target services (0097; appropriate path selected to authenticate the type of token received).
As per claims 13 and 19, the combination of Mo and Russo teaches storing the acknowledged pre-authorization token for access by any instance of the second service includes storing the acknowledged pre-authorization token for a set duration [because token are only valid for certain amounts of time and Mo explicitly teaches discarding message that come with an out-of-date token (0094), it is apparent the token stored in the combination of Mo as modified by Russo would not need to extend past their respective lifetimes.  The suggestion is that they would be deleted from storage upon expiration].
As per claim 17, Mo teaches the signature includes a signed cryptographic value (0081, 0084, and 0099).

Allowable Subject Matter
Claims 4-7, 11, 12, 14, 18, 20, 23, and 24 objected to as being dependent upon a rejected base claim, but would be allowable if rewritten in independent form including all of the limitations of the base claim and all intervening claims.  The rejection under 35 USC §112 would also have to be corrected.


Conclusion

Applicant's amendment necessitated the new ground(s) of rejection presented in this Office action.  Accordingly, THIS ACTION IS MADE FINAL.  See MPEP § 706.07(a).  Applicant is reminded of the extension of time policy as set forth in 37 CFR 1.136(a).  
A shortened statutory period for reply to this final action is set to expire THREE MONTHS from the mailing date of this action.  In the event a first reply is filed within TWO MONTHS of the mailing date of this final action and the advisory action is not mailed until after the end of the THREE-MONTH shortened statutory period, then the shortened statutory period will expire on the date the advisory action is mailed, and any extension fee pursuant to 37 CFR 1.136(a) will be calculated from the mailing date of the advisory action.  In no event, however, will the statutory period for reply expire later than SIX MONTHS from the date of this final action. 

Any inquiry concerning this communication or earlier communications from the examiner should be directed to MICHAEL R. VAUGHAN whose telephone number is (571)270-7316.  The examiner can normally be reached on Monday - Thursday, 7:30am - 5:00pm, EST. If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Lynn Feild can be reached on (571) 272-2092.  The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system.  Status information for 

/MICHAEL R VAUGHAN/
Primary Examiner, Art Unit 2431