DETAILED ACTION


Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .

EXAMINER’S AMENDMENT

An examiner’s amendment to the record appears below. Should the changes and/or additions be unacceptable to applicant, an amendment may be filed as provided by 37 CFR 1.312. To ensure consideration of such an amendment, it MUST be submitted no later than the payment of the issue fee.
Authorization for this examiner’s amendment was given in a telephone interview with James J. Barta on 01/19/2022.

This listing of claims will replace all prior versions and listings of claims in the application:

IN THE CLAIMS:
1. (Currently Amended)	A system for implementing a dual layer authentication for identity authentication or access control, comprising:
a processor implemented server system communicably coupled with a primary identity authentication server, the server system comprising a plurality of resource servers and a secondary identity authentication server, wherein said server system communicates with the primary identity authentication server for initial verification of a primary access token while subsequent verification is implemented through the secondary identity authentication server, and is configured to:
	receive, at a first resource server within the server system, a request for a first processor implemented service implemented by said first resource server; 
	receive, at the first resource server, the [[a]] primary access token generated by the primary identity authentication server corresponding to an identity of a requestor that has generated the request for the first processor implemented service; 
	receive, at the first resource server, validation information transmitted by the primary identity authentication server, said validation information corresponding to the primary access token;
	responsive to the received validation information confirming validity of the primary access token, transmit, from the first resource server to the secondary identity authentication server, a request for generation of a secondary access token corresponding to the identity of the requestor that has generated the request for the first processor implemented service;
	receive, at the first resource server, the secondary access token requested from and generated by the secondary identity authentication server; and 
		transmit, to a second resource server within the server system, a request for a second processor implemented service implemented by said second resource server, the request comprising the secondary access token, wherein the secondary identity authentication server uses the secondary access token to verify the identity of the requestor,
wherein a data throughput rate between the secondary identity authentication server and one or more of the plurality of resource servers within the server system is higher than a data throughput rate between the primary identity authentication server and the one or more of the plurality of resource servers within the server system.

2. (Original)	The system as claimed in claim 1, wherein the server system is configured such that:
	the first resource server transmits to the second resource server:
	the request for the second processor implemented service implemented by said second resource server; and
	the secondary access token;
	the second resource server: 
	receives validation information transmitted by the secondary identity authentication server, said validation information corresponding to the secondary access token; and
	responsive to the received validation information confirming validity of the secondary access token, implements one or more processes associated with the second processor implemented service requested from the second resource server.

3. (Currently Amended)	The system as claimed in claim 1, wherein each of the plurality of resource servers comprises a processor implemented instance of a logical server configured to implement a discrete logical application

4. (Original)	The system as claimed in claim 1 wherein the first resource server is configured to receive the request for the first processor implemented service from a terminal device communicably coupled to the system.



6. (Original)	The system as claimed in claim 1, wherein the request for generation of the secondary access token transmitted from the first resource server to the secondary identity authentication server is accompanied by transmission of the primary access token from the first resource server to the secondary identity authentication server. 

7. (Currently Amended)	The system as claimed in claim 1, wherein the secondary access token is generated by the secondary identity authentication server responsive to the secondary identity authentication server receiving, from the primary identity authentication server, confirmation of validity of the primary access token. 

8. (Currently Amended)	The system as claimed in claim 7, wherein the confirmation of validity of the primary access token is received from the primary identity authentication server at the secondary identity authentication server[[,]] in response to a second validation request sent to the primary identity authentication server from the second identity authentication server.

9. (Original)	The system as claimed in claim 1, wherein the primary identity authentication server is external to the server system and is communicably coupled with the server system.

10. (Currently Amended)	The system as claimed in claim 1, wherein instances of the server system are configured for at least one of: load balancing, load distribution, servicing local data centers, servicing local data clusters, servicing localized network regions.
	
	
	
11. (Original)	The system as claimed in claim 1, wherein the secondary access token defines one or more secondary token access permissions that are identical to or based on one or more primary token access permissions defined by the primary access token.

12. (Currently Amended)	A method for implementing a dual layer authentication for identity authentication or access control, wherein a server system communicates with a primary identity authentication server for initial verification of a primary access token while subsequent verification is implemented through a secondary identity authentication server, the method comprising:
	receiving, at a first resource server within the [[a]] server system, a request for a first processor implemented service implemented by said first resource server, the server system comprising a plurality of resource servers and the [[a]] secondary identity authentication server; 
	receiving, at the first resource server, the [[a]] primary access token generated by the [[a]]primary identity authentication server corresponding to an identity of a requestor that has generated the request for the first processor implemented service, wherein the primary identity authentication server is communicably coupled with the server system; 
	receiving, at the first resource server, validation information transmitted by the primary identity authentication server, said validation information corresponding to the primary access token;
	responsive to the received validation information confirming validity of the primary access token, transmitting, from the first resource server to the secondary identity authentication server within the server system, a request for generation of a secondary 
	receiving, at the first resource server, the secondary access token requested from and generated by the secondary identity authentication server; and 
	transmitting, to a second resource server within the server system, a request for a second processor implemented service implemented by said second resource server, the request comprising the secondary access token, wherein the secondary identity authentication server uses the secondary access token to verify the identity of the requestor,
	wherein a maximum data transmission rate between the secondary identity authentication server and one or more of the plurality of resource servers within the server system is higher than a maximum data transmission rate between the primary identity authentication server and the one or more of the plurality of resource servers within the server system.

13. (Original)	The method as claimed in claim 12, wherein:	
	the first resource server transmits to the second resource server:
	the request for the second processor implemented service implemented by said second resource server; and
	the secondary access token;
	and
	the second resource server: 
	receives validation information transmitted by the secondary identity authentication server, said validation information corresponding to the secondary access token; and 
	responsive to the received validation information confirming validity of the secondary access token, implements one or more processes associated with the second processor implemented service requested from the second resource server.



15. (Currently Amended)	The method as claimed in claim 12, wherein the first resource server is configured to receive the request for the first processor implemented service from a terminal device communicably coupled to the server system.

16. (Original)	The method as claimed in claim 12, wherein the validation information corresponding to the primary access token is received by the first resource server in response to a first validation request sent to the primary identity authentication server from the first resource server.

17. (Original)	The method as claimed in claim 12, wherein the request for generation of the secondary access token transmitted from the first resource server to the secondary identity authentication server is accompanied by transmission of the primary access token from the first resource server to the secondary identity authentication server. 

18. (Currently Amended)	The method as claimed in claim 12, wherein the secondary access token is generated by the secondary identity authentication server responsive to the secondary identity authentication server receiving, from the primary identity authentication server, confirmation of validity of the primary access token. 

19. (Original)	The method as claimed in claim 18, wherein the confirmation of validity of the primary access token is received from the primary identity authentication server at the secondary identity authentication server, in response to a second validation request sent to the primary identity authentication server from the second identity authentication server.

in which a server system communicates with a primary identity authentication server for initial verification of a primary access token while subsequent verification is implemented through a secondary identity authentication server, the computer-executable instructions 
	receive, at a first resource server within the [[a]] server system, a request for a first processor implemented service implemented by said first resource server, the server system comprising a plurality of resource servers and the [[a]] secondary identity authentication server; 
	receive, at the first resource server, the [[a]] primary access token generated by the primary identity authentication server corresponding to an identity of a requestor that has generated the request for the first processor implemented service; 
	receive, at the first resource server, validation information transmitted by the primary identity authentication server, said validation information corresponding to the primary access token;
	responsive to the received validation information confirming validity of the primary access token, transmit, from the first resource server to the secondary identity authentication server, a request for generation of a secondary access token corresponding to the identity of the requestor that has generated the request for the first processor implemented service;
	receive, at the first resource server, the secondary access token requested from and generated by the secondary identity authentication server; and 
	transmit, to a second resource server within the server system, a request for a second processor implemented service implemented by said second resource server, the request comprising the secondary access token, wherein the secondary identity authentication server uses the secondary access token to verify the identity of the requestor,
wherein a data throughput rate between the secondary identity authentication server and one or more of the plurality of resource servers within the server system is higher than a data throughput rate between the primary identity authentication server and the one or more of the plurality of resource servers within the server system.

Allowable Subject Matter

Claims 1-20 are allowed.

This communication warrants No Examiner's Reason for Allowance, applicant's reply make evident the reasons for allowance, satisfying the “record as a whole” proviso of the rule 37 CFR 1.104(e). Specifically, the substance of applicant’s remarks filed on 11/30/2021 and examiner amendments are persuasive, as such the reasons for allowance are in all probability evident from the record and no statement is deemed necessary (see MPEP 1302.14).
    
Any comments considered necessary by applicant must be submitted no later than the payment of the issue fee and, to avoid processing delays, should preferably accompany the issue fee. Such submissions should be clearly labeled "Comments on Statement of Reasons for Allowance.

	Conclusion

Any inquiry concerning this communication or earlier communications from the examiner should be directed to MOHAMMAD A SIDDIQI whose telephone number is (571)272-3976. The examiner can normally be reached Monday-Friday.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an 
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Carl G Colin can be reached on 571-272-3862. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. Visit https://www.uspto.gov/patents/apply/patent-center for more information about Patent Center and https://www.uspto.gov/patents/docx for information about filing in DOCX format. For additional questions, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.





/MOHAMMAD A SIDDIQI/Primary Examiner, Art Unit 2493