DETAILED ACTION

Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .

Information Disclosure Statement
The information disclosure statements (IDS) submitted are in compliance with the provisions of 37 CFR 1.97.  Accordingly, the information disclosure statement is being considered by the examiner.

EXAMINER’S AMENDMENT
An examiner’s amendment to the record appears below to fix antecedent basis errors.  Should the changes and/or additions be unacceptable to applicant, an amendment may be filed as provided by 37 CFR 1.312. To ensure consideration of such an amendment, it MUST be submitted no later than the payment of the issue fee.
The application has been amended as follows: 11. (Currently Amended) The method of claim 8, further comprising:
generating, at a server hosting the authentication service, the ephemeral private key and the ephemeral public key in memory of the server hosting the authentication service, the generated ephemeral private key and the ephemeral public key having a finite lifespan;
determining, at the server hosting the authentication service, whether the finite lifespan has expired; and

regenerating another ephemeral private key and another ephemeral public key in the memory of the server.

12. (Currently Amended) The method of claim 8, further comprising:
generating, at a server hosting the authentication service, the ephemeral private key and the ephemeral public key in memory of the server hosting the authentication service;
transmitting, from the server to the security server a request for the digital signature of the ephemeral public key; and
receiving, from the security server, a copy of the generated ephemeral public key with the digital signature generated using the private key stored at the security server.13. (Currently Amended) The method of claim 8, further comprising:
generating, at a server hosting the authentication service, the ephemeral private key and the ephemeral public key in memory of the server hosting the authentication service, the generated ephemeral private key and the ephemeral public key having a finite lifespan;
determining, at the server hosting the authentication service, whether the finite lifespan has expired; and
in response to determining that the finite lifespan has expired,
regenerating another ephemeral private key and another ephemeral public key in the memory of the server;
transmitting, from the server to the security server a request for a digital signature of the regenerated ephemeral public key; and


Allowable Subject Matter
Claims 1-20 are allowed.
The following is an examiner’s statement of reasons for allowance:

The closest prior art teachings of Glozman et al, U.S. Patent 10,686,779 discloses of proof of possession of an ephemeral private key is provided by signing shared information between a first computing device and a second computing with the using the ephemeral private key, see column 5, lines 41-45.  The signature is included in a connection request that acts as a unique authorization token, see column 5, lines 53-56.  A connection establishing application is responsible for generating ephemeral private and public keys, see column 17, line 66 though column 18, line 2.
In another close prior art teaching, Martynov, US 2020/0059360 (cited on the PTO 1449, dated July 23, 2021) is relied upon for disclosing of an authentication token that is signed by a service using the service’s private key, and the token has a limited lifespan, see paragraph 0005.
As per claim 1, it was not found to be taught in the prior art of receiving, at an authentication service, a request from a first computing service for a security token that is configured to authenticate a first computing service to a second computing service, transmitting, to the first computing service, a data package including: a security token requesting by the first computing service; a first digital signature of the security token generated using an ephemeral private key of the authentication service; and an ephemeral public key corresponding to the ephemeral private key of the authentication service with a second digital signature of the ephemeral public key generated using the private key stored at a security server of a distributed computing system; and in response to receiving the request, at the 
As per claim 8, it was not found to be taught in the prior art of in response to receiving a request for the security token at an authentication service, generating the requested security token; creating a digital signature of the generated security token using an ephemeral private key of the authentication service; and transmitting, to a computing service, a data package as a response to the received request, the data package including: the generated security token; the digital signature of the generated security token created using the ephemeral private key of the authentication service; and an ephemeral public key corresponding to the ephemeral private key of the authentication service, the ephemeral public key including a digital signature of the ephemeral public key generated using the private key stored at a security server, wherein the security token that is configured to authenticate the computing service to another computing service in a distributed computing system.
As per claim 17, it was not found to be taught in the prior art of a computing device receiving a request for performing an operation along a data package from another computing service having: a security token of the another computing service; a first digital signature of the security token generated using an ephemeral private key of an authentication service; and an ephemeral public key corresponding to the ephemeral private key of the authentication service with a second digital signature of the ephemeral public key generated using the private key stored at a security server of a distributed computing system; and in response to receiving the request, at the computing device, validate the second digital signature using a public key corresponding to the private key stored at the security server; upon validating the second digital signature, validate, using the ephemeral public key included in the .

Any comments considered necessary by applicant must be submitted no later than the payment of the issue fee and, to avoid processing delays, should preferably accompany the issue fee.  Such submissions should be clearly labeled “Comments on Statement of Reasons for Allowance.”

Conclusion
The prior art made of record and not relied upon is considered pertinent to applicant's disclosure.
Laing et al, US 2021/0209220 is relied upon for disclosing of upon requesting access to a service, a token is signed using a private key that is related to an ephemeral identity, see paragraph 0031.
Wilson et al, US 2017/0034168 is relied upon for disclosing of a credential provider signing a challenged with a private key of a short lived certificate, see paragraph 0066.
Nix, US 2019/0356482 is relied upon for disclosing of signing network credentials with an ephemeral private key of a responder, see paragraph 0237.
Alwen et al, US 2021/0075587 is relied upon for disclosing of a signed ephemeral public key that is used by each party for peer to peer communications, see paragraph 0038.
Stahl, WO 2019/179608 is relied upon for disclosing of generating a master session key from a shared secret established using an ephemeral public key of an authentication server and a private key related to an ephemeral public key of a communications device, see abstract.

Kishimoto, US 2020/0076791 is relied upon for disclosing of an access token that is signed with a key held an authorization/authentication server.  A resource server can verify the signature of the access token by using a public key, see paragraph 0035.
Kelley et al, U.S. Patent 8,997,198 is relied upon for disclosing of an access request includes a token that is encrypted with a data server's ephemeral key, see column 8, lines 22-24.
Any inquiry concerning this communication or earlier communications from the examiner should be directed to CHRISTOPHER A REVAK whose telephone number is (571)272-3794. The examiner can normally be reached 5:30am - 3:00pm.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, LYNN FEILD can be reached on 571-272-2092. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. Visit https://www.uspto.gov/patents/apply/patent-center for more information about Patent Center and https://www.uspto.gov/patents/docx for information about filing in DOCX format. For additional 























/CHRISTOPHER A REVAK/Primary Examiner, Art Unit 2431