DETAILED ACTION
Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .
In the instant Amendment, claims 1, 7-8, 14-15 and 20 have been amended; and claims 1, 8 and 15 are independent claims.  Claims 1-20 have been examined and are pending.  This Action is made FINAL.

Response to Arguments
Applicants’ arguments in the instant Amendment, filed on 10/08/2021, with respect to limitations listed below, have been fully considered but they are not persuasive.
Applicant’s arguments: “Huang fails to disclose, "receiving, by a processing device, an identity token from a first network server; identifying, based on the identity token, a second network server that provides a service; providing a request to the service provided by the second network server based on the identity token; receiving, from the second network server, additional information from the service associated with the identity token in response to providing the request; and modifying, by the processing device, the identity token with the additional information."” 
The Examiner disagrees with the Applicants. The Examiner respectfully submits that Huang discloses receiving, by a processing device, an identity token from a first network server (Huang: ¶0073 the resource service [first network server] may then generate 410 an authentication challenge and may transmit the authentication challenge to the receiver of the client device [processing device] [...] the authentication challenge includes an initial token. The initial token may include [...] the user identity); identifying, based on the identity token, a second network server that provides a service associated with the identity token (Huang: ¶0073 the initial token may include [...] the action/resource being requested); providing a request to the service provided by the second network server based on the identity token (Huang: ¶0075 upon receipt of the authentication challenge, the receiver may detect the authentication parameters included in the authentication challenge and may generate 412 an authentication request [...] and transmit the authentication request to at least one authentication service [second network server] identified in the authentication challenge in accordance with the parameters set forth in the authentication challenge); and receiving, from the second network server, additional information from the service associated with the identity token in response to providing the request (Huang: ¶0076 after execution of the authentication scheme, the authentication service [second network server] may include [...] its own assertion that is indicative of the status [...] of the authentication scheme). Furthermore, Huang discloses the resource service may identify 408 one or more authentication services that may be required for executing the authentication schemes [0072] and the authentication challenge and/or the initial assertion [additional information] may also include authentication parameters for executing the identified authentication protocol. The authentication parameters may include information relating to the authentication schemes included in the identified authentication protocol, locations (e.g., uniform resource locators, IP addresses, or the like) and/or identification of the authentication services that may be required for executing the identified authentication schemes included in the identified authentication protocol [0073]. Chastain: ¶0030 the secure element 108 can generate or otherwise provide the modified secure token by adding additional information to the secure token such as a user ID, a times tamp, and/or a digital signature). Therefore as the metes and bounds of the limitation of been met as noted above; the examiner finds this argument not persuasive.
The newly added limitations into claims 1, 8 and 15 have been addressed in rejection below.

Claim Rejections - 35 USC § 103
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102 of this title, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person.


This application currently names joint inventors. In considering patentability of the claims the examiner presumes that the subject matter of the various claims was commonly owned as of the effective filing date of the claimed invention(s) absent any evidence to the contrary.  Applicant is advised of the obligation under 37 CFR 1.56 to point out the inventor and effective filing dates of each claim that was not commonly owned as of the effective filing date of the later invention in order for the examiner to consider the applicability of 35 U.S.C. 102(b)(2)(C) for any potential 35 U.S.C. 102(a)(2) prior art against the later invention.

Claims 1-3, 8-10 and 15-17 are rejected under 35 U.S.C. 103 as being unpatentable over Huang et al. (“Huang,” US 2018/0367526) published on December 20, 2018, in view of Chastain et al. (“Chastain,” US 2015/0100788), published on April 9, 2015.

Regarding claim 1: Huang discloses a method comprising:
receiving, by a processing device, an identity token from a first network server (Huang: ¶0073 the resource service [first network server] may then generate 410 an authentication challenge and may transmit the authentication challenge to the receiver of the client device [processing device] [...] the authentication challenge includes an initial token. The initial token may include [...] the user identity);
identifying, based on the identity token, a second network server that provides a service associated with the identity token (Huang: ¶0073 the initial token may include [...] the action/resource being requested);
providing a request to the service provided by the second network server based on the identity token (Huang: ¶0075 upon receipt of the authentication challenge, the receiver may detect the authentication parameters included in the authentication challenge and may generate 412 an authentication request [...] and transmit the authentication request to at least one authentication service [second network server] identified in the authentication challenge in accordance with the parameters set forth in the authentication challenge);
receiving, from the second network server, additional information from the service associated with the identity token in response to providing the request (Huang: ¶0076 after execution of the authentication scheme, the authentication service [second network server] may include [...] its own assertion [additional information] that is indicative of the status [...] of the authentication scheme).
Huang does not explicitly disclose modifying, by the processing device, the identity token with the additional information.
However, Chastain discloses modifying, by the processing device, the identity token with the additional information (Chastain: ¶0030 the secure element 108 can generate or otherwise provide the modified secure token by adding additional information to the secure token such as a user ID, a times tamp, and/or a digital signature).
Therefore, it would have been obvious to a person of ordinary skill in the art, before the effective filing date of the claimed invention to combine the teachings of Chastain with the system/method of Huang to include modifying, by the processing device, the identity token with the additional information.
One would have been motivated to providing modified form of token that contains information used to verify the authenticity and validity of the secure token. This additional information can reduce the chance of fraudulent use after the secure token has been rendered for consumption (Chastain: ¶0042).

Regarding claim 2: Huang in view Chastain discloses the method of claim 1.
Huang further discloses using the identity token with the additional information to provide access to a service for a device associated with the identity token (Huang: ¶0079 the resource service may then review the assertions included in the token [...] if the user authentication is determined to be successful (424: YES), the resource service may grant 426 access to the requested resource).

Regarding claim 3: Huang in view Chastain discloses the method of claim 1.
Huang further discloses identifying a reference to a network location of the service that is specified in the identity token (Huang: ¶0075 transmit the authentication request to at least one authentication service identified in the authentication challenge in accordance with the parameters set forth in the authentication challenge), wherein the request to the service is transmitted to the network location (Huang: ¶0075 the receiver may transmit the authentication request to the authentication services in the order specified in the authentication challenge).

Regarding claim 8: Huang discloses a system comprising:
a memory (Huang: fig. 2 item 212); and
a processing device (Huang: fig. 2 item 206), operatively coupled with the memory, to:
receive an identity token from a first network server (Huang: ¶0073 the resource service [first network server] may then generate 410 an authentication challenge and may transmit the authentication challenge to the receiver of the client device [processing device] [...] the authentication challenge includes an initial token. The initial token may include [...] the user identity);
identify, based on the identity token, a second network server that provides a service associated with the identity token (Huang: ¶0073 the initial token may include [...] the action/resource being requested);
Huang: ¶0075 upon receipt of the authentication challenge, the receiver may detect the authentication parameters included in the authentication challenge and may generate 412 an authentication request [...] and transmit the authentication request to at least one authentication service [second network server] identified in the authentication challenge in accordance with the parameters set forth in the authentication challenge);
receive, from the second network server, additional information from the service associated with the identity token in response to providing the request (Huang: ¶0076 after execution of the authentication scheme, the authentication service [second network server] may include [...] its own assertion [additional information] that is indicative of the status [...] of the authentication scheme).
Huang does not explicitly disclose modify the identity token with the additional information.
However, Chastain discloses modify the identity token with the additional information (Chastain: ¶0030 the secure element 108 can generate or otherwise provide the modified secure token by adding additional information to the secure token such as a user ID, a times tamp, and/or a digital signature).
Therefore, it would have been obvious to a person of ordinary skill in the art, before the effective filing date of the claimed invention to combine the teachings of Chastain with the system/method of Huang to include modifying, by the processing device, the identity token with the additional information.
One would have been motivated to providing modified form of token that contains information used to verify the authenticity and validity of the secure token. This Chastain: ¶0042).

Regarding claims 9-10: Claims 9-10 are similar in scope to claims 2-3, respectively, and are therefore rejected under similar rationale.

Regarding claim 15: Huang discloses a non-transitory computer readable medium comprising instructions that, when executed by a processing device, cause the processing device to perform operations comprising:
receiving an identity token from a first network server (Huang: ¶0073 the resource service [first network server] may then generate 410 an authentication challenge and may transmit the authentication challenge to the receiver of the client device [processing device] [...] the authentication challenge includes an initial token. The initial token may include [...] the user identity);
identifying, based on the identity token, a second network server that provides a service associated with the identity token (Huang: ¶0073 the initial token may include [...] the action/resource being requested);
providing a request to the service provided by the second network server based on the identity token (Huang: ¶0075 upon receipt of the authentication challenge, the receiver may detect the authentication parameters included in the authentication challenge and may generate 412 an authentication request [...] and transmit the authentication request to at least one authentication service [second network server] identified in the authentication challenge in accordance with the parameters set forth in the authentication challenge);
Huang: ¶0076 after execution of the authentication scheme, the authentication service [second network server] may include [...] its own assertion [additional information] that is indicative of the status [...] of the authentication scheme).
Huang does not explicitly disclose modifying the identity token with the additional information.
However, Chastain discloses modifying the identity token with the additional information (Chastain: ¶0030 the secure element 108 can generate or otherwise provide the modified secure token by adding additional information to the secure token such as a user ID, a times tamp, and/or a digital signature).
Therefore, it would have been obvious to a person of ordinary skill in the art, before the effective filing date of the claimed invention to combine the teachings of Chastain with the system/method of Huang to include modifying, by the processing device, the identity token with the additional information.
One would have been motivated to providing modified form of token that contains information used to verify the authenticity and validity of the secure token. This additional information can reduce the chance of fraudulent use after the secure token has been rendered for consumption (Chastain: ¶0042).

Regarding claims 16-17: Claims 16-17 are similar in scope to claims 2-3, respectively, and are therefore rejected under similar rationale.

Claims 4-7, 11-14 and 18-20 are rejected under 35 U.S.C. 103 as being unpatentable over Huang et al. (“Huang,” US 2018/0367526) published on December 20, 2018, in view of Chastain et al. (“Chastain,” US 2015/0100788), published on April 9, 2015 and Kolbe et al. (“Kolbe,” US 2018/0302479), published on October 18, 2018.

Regarding claim 4: Huang discloses the method of claim 1.
Huang does not explicitly disclose wherein the additional information specifies a characteristic of a device associated with the identity token.
However, Kolbe discloses wherein the additional information specifies a characteristic of a device associated with the identity token (Kolbe: ¶0042 the token information and/or the modified token information comprises [...] ¶0045 device identification information of the user equipment).
Therefore, it would have been obvious to a person of ordinary skill in the art, before the effective filing date of the claimed invention to combine the teachings of Kolbe with the system/method of Huang and Chastain to include the additional information specifies a characteristic of a device associated with the identity token.
One would have been motivated to improved handling of at least one communication exchange between a telecommunications network and at least one user equipment (Kolbe: ¶0002).




Regarding claim 5: Huang in view of Kolbe discloses the method of claim 4.
Kolbe: ¶0051 an indication related to one or a plurality of user equipment capability related parameters associated with the user equipment).
The motivation is the same that of claim 4 above.

Regarding claim 6: Huang discloses the method of claim 1.
Huang does not explicitly disclose identifying a reference to the service in the identity token and replacing the reference to the service with the additional information received from the service.
However, Kolbe discloses identifying a reference to the service in the identity token (Kolbe: ¶0042 the token information and/or the modified token information comprises [...]; ¶0043 IP address information, especially corresponding to the IP address used by the user equipment); and
replacing the reference to the service with the additional information received from the service (Kolbe: ¶0044 hash value information of IP address information, especially corresponding to the IP address used by the user equipment).
Therefore, it would have been obvious to a person of ordinary skill in the art, before the effective filing date of the claimed invention to combine the teachings of Kolbe with the system/method of Huang and Chastain to include replacing the reference to the service with the additional information.
One would have been motivated to improved handling of at least one communication exchange between a telecommunications network and at least one user equipment (Kolbe: ¶0002).

Regarding claim 7: Huang discloses the method of claim 1.
Huang does not explicitly disclose wherein the identity token is received from an identity service associated with a first network server and the request for the additional information is provided to a second network server.
However, Kolbe discloses wherein the identity token is received from an identity service associated with a first network server and the request for the additional information is provided to a second network server (Kolbe: ¶0022 the communication exchange is enabled by performing an attachment procedure of the user equipment to the telecommunications network involving the first gateway entity; ¶0023 the at least one subsequent data packet being received by the second gateway entity instead of the first gateway entity, wherein the at least one subsequent data packet comprises the token information or modified token information).
Therefore, it would have been obvious to a person of ordinary skill in the art, before the effective filing date of the claimed invention to combine the teachings of Kolbe with the system/method of Huang and Chastain to include the identity token is received from an identity service associated with a first network server.
One would have been motivated to improved handling of at least one communication exchange between a telecommunications network and at least one user equipment (Kolbe: ¶0002).
Regarding claims 11-14: Claims 11-14 are similar in scope to claims 4-7, respectively, and are therefore rejected under similar rationale.

Regarding claim 18: Huang discloses the non-transitory computer readable medium of claim 15.
Huang does not explicitly disclose wherein the additional information specifies a hardware characteristic or a software characteristic of a device associated with the identity token.
However, Kolbe discloses wherein the additional information specifies a hardware characteristic or a software characteristic of a device associated with the identity token (Kolbe: ¶0042 the token information and/or the modified token information comprises [...] ¶0045 device identification information of the user equipment; ¶0051 an indication related to one or a plurality of user equipment capability related parameters associated with the user equipment).
Therefore, it would have been obvious to a person of ordinary skill in the art, before the effective filing date of the claimed invention to combine the teachings of Kolbe with the system/method of Huang and Chastain to include the additional information specifies a hardware characteristic or a software characteristic of a device associated with the identity token.
One would have been motivated to improved handling of at least one communication exchange between a telecommunications network and at least one user equipment (Kolbe: ¶0002).

Regarding claims 19-20: Claims 19-20 are similar in scope to claims 6-7, respectively, and are therefore rejected under similar rationale.


Conclusion
Applicant's amendment necessitated the new ground(s) of rejection presented in this Office action.  Accordingly, THIS ACTION IS MADE FINAL.  See MPEP § 706.07(a).  Applicant is reminded of the extension of time policy as set forth in 37 CFR 1.136(a).  
A shortened statutory period for reply to this final action is set to expire THREE MONTHS from the mailing date of this action.  In the event a first reply is filed within TWO MONTHS of the mailing date of this final action and the advisory action is not mailed until after the end of the THREE-MONTH shortened statutory period, then the shortened statutory period will expire on the date the advisory action is mailed, and any extension fee pursuant to 37 CFR 1.136(a) will be calculated from the mailing date of the advisory action.  In no event, however, will the statutory period for reply expire later than SIX MONTHS from the date of this final action. 
Any inquiry concerning this communication or earlier communications from the examiner should be directed to Fahimeh Mohammadi whose telephone number is (571)270-7857. The examiner can normally be reached Monday - Friday 9:00 - 5:00.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Luu Pham can be reached on 5712705002. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.






/FAHIMEH MOHAMMADI/ Examiner, Art Unit 2439          


/LUU T PHAM/Supervisory Patent Examiner, Art Unit 2439