DETAILED ACTION
This Office Action is in response to the application 16/890,531 filed on 06/02/2020.
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .
Claims 1-20 have been examined and are pending in this application. Claims 1, 10, and 15 are independent.
Claim Rejections - 35 USC § 103
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102 of this title, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains.  Patentability shall not be negated by the manner in which the invention was made.

Claims 1-20 are rejected under 35 U.S.C. 103 as being unpatentable over D et al (“D,” US 2019/0007421, published on 01/03/2019), in view of Kitchen et al (“Kitchen,” US 10,171,446, patented on 0101/2019).
As to claim 1, D teaches a non-transitory computer readable medium having program instructions stored thereon that are capable of causing a server system to perform operations (D: pars 0006-0007, method, system, and computer program product, for performing operation of token validation and refreshing token plurality of application instances for accessing resource provided by a resource server) comprising:
receiving, by a first of a plurality of instances of an application executing on the server system, a request to provide content to [ ] a client device (D: pars 0006, 0007, 0025-0027; Fig 1, a client device uses a one of plurality of application instances to initiate access to a resource provided at a resource server);
determining, by the first application instance, that an authentication token useable to provide the content has expired (D: pars 0006, 0007, 0025-0027; Fig 1, the requesting application instances uses an access token [i.e. an authentication token] to request the resource), wherein the authentication token is maintained in a storage accessible to the plurality of application instances (D: pars 0006, 0007, 0025-0027; Fig 1, the access token [i.e. the authentication token] is stored in a data repository [i.e. storage]. The valid token(s) are shared [i.e. accessible] across all of application instances);
sending, by the first application instance, a refresh request for the authentication token to an authentication service (D: pars 0006, 0007, 0025-0027, the system receives a request for the refresh token, and an authorization system validates if an existing access token being valid).
D does not explicitly teach a browser of a client device; and in response to the authentication service denying the refresh request, waiting, by the first application instance, for a particular period of time before checking the storage to determine whether another instance of the plurality of instances of the application has refreshed the authentication token.
(Kitchen: col 3, lines 33-50, a web browser on a client device is used to request access to resources hosted on a server, over a network); and in response to the authentication service denying the refresh request, waiting, by the first application instance, for a particular period of time before checking the storage to determine whether another instance of the plurality of instances of the application has refreshed the authentication token (Kitchen: col 2, lines53-67,col 8, line 65-67, col 9, lines 1-43; Fig 2C, 4, discloses a predetermined time need to be reached, before a refresh token is valid. Also where two or more request for a resource can be made to the server for authentication and resource access).
Therefore, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to combine the teachings of Kitchen with the method/system of D for the benefit of providing a user with a means for wanting a preset time period to check if there is any refresh token that has been requested by another application instance and is shareable by multiple applicant instances, that can be used once a predetermined time has elapsed and the refresh token become valid to access resources (Kitchen: col 2, lines53-67,col 8, line 65-67, col 9, lines 1-43). 
As to claim 2, the combination of D and Kitchen teaches the non-transitory computer readable medium of claim 1, 
D and Kitchen further teaches wherein the operations further comprise: in response to determining that the authentication token has been refreshed by another instance of the plurality of instances of the application: retrieving, by the first application instance, the refreshed authentication token from the storage; sending, by the first (Kitchen: col 2, lines53-67,col 8, line 65-67, col 9, lines 1-43; Fig 2C, 4, two or more request for a resource can be made to the server for authentication and resource access, and predetermined time need to be reached, before a refresh token is valid. D: pars 0006-0007, method, system, and computer program product, for performing operation of token validation and refreshing token plurality of application instances for accessing resource provided by a resource server).
As to claim 3, the combination of D and Kitchen teaches the non-transitory computer readable medium of claim 1, 
D further teaches wherein the operations further comprise: prior to the first application instance receiving the request, receiving the request at a load balancer of the server system; and determining, by the load balancer, to distribute the request to the first application instance for processing (D: pars 0006, 0007, 0009, 0025-0027; Fig 1, the access token [i.e. the authentication token] is stored in a data repository, and the valid token(s) are shared across all of application instances. Provides sharing of valid token(s) among multiple application instances in a dynamically scalable environment, which decreases a chance of application failure, supports scalable environments, increases throughput and decreases turnaround time, avoids heavy loads  [i.e. load balancing] on an OAuth server and unnecessary computing, and prevents wasting computing resources).
As to claim 4, the combination of D and Kitchen teaches the non-transitory computer readable medium of claim 1, 
(Kitchen: col 2, lines53-67,col 8, line 65-67, col 9, lines 1-43; Fig 2C, 4, discloses a predetermined time need to be reached, before a refresh token is valid. Also where two or more request for a resource can be made to the server for authentication and resource access. D: pars 0006, 0007, 0025-0027; Fig 1, the access token is stored in a data repository [i.e. storage]. The valid token(s) are shared across all of application instance for accessing requested resource).
As to claim 5, the combination of D and Kitchen teaches the non-transitory computer readable medium of claim 4, 
D further teaches wherein sending the refresh request includes: presenting, to the authentication service, the refresh token maintained in the storage accessible to the plurality of application instances (D: pars 0006, 0007, 0025-0027; Fig 1, the access token [i.e. the authentication token] is stored in a data repository [i.e. storage]. The valid token(s) are shared [i.e. accessible] across all of application instances).
As to claim 6, the combination of D and Kitchen teaches the non-transitory computer readable medium of claim 1, 
D further teaches wherein the operations further comprise: refreshing, by a second of the plurality of application instances, the authentication token from the authentication service; saving, by the second application instance, the refreshed authentication token to a memory external to the storage accessible to the plurality of application instances; and replacing, by the second application instance, the authentication token in the storage with the authentication token in the memory external to the storage (D: pars 0006, 0007, 0025-0027, 0141; Fig 1, the access token [i.e. the authentication token] is stored in a data repository [i.e. storage] that is outside of client device. The valid token(s) are shared [i.e. accessible] across all of application instances).
As to claim 7, the combination of D and Kitchen teaches the non-transitory computer readable medium of claim 1, 
D and Kitchen further teaches further comprising: in response to determining that the authentication token has not been refreshed, performing, by the first application instance, one or more retries to check the storage to determine whether the authentication token has been refreshed, wherein the performing includes scheduling the one or more retries based on a variable waiting period between the retries (D: pars 0006, 0007, 0025-0027, 0141; Fig 1, the access token [i.e. the authentication token] is stored in a data repository [i.e. storage] The valid token(s) are shared [i.e. accessible] across all of application instance. Kitchen: col 2, lines53-67,col 8, line 65-67, col 9, lines 1-43; Fig 2C, 4, discloses a predetermined time need to be reached, before a refresh token is valid. Also where two or more request for a resource can be made to the server for authentication and resource access).
As to claim 8, the combination of D and Kitchen teaches the non-transitory computer readable medium of claim 7, 
D further teaches further comprising: in response to determining that the authentication token has not been refreshed after performing the one or more retries, returning, by the first application instance, a failure to the browser of the client device for the request to provide content (D: pars 0023, causing application failure if there is a limit in a number of tokens that can be issued per refresh token).
As to claim 9, the combination of D and Kitchen teaches the non-transitory computer readable medium of claim 1, 
D further teaches further comprising: in response to determining that the authentication token in the storage is not expired, sending, by a third of the plurality of application instances, the authentication token in the storage with a request for content from the browser of the client device to a backend server; and providing, by the third application instance, the requested content from the backend server to the browser of the client device (D: pars 0006, 0007, 0025-0027; Fig 1, the access token is stored in a data repository [i.e. storage]. The valid token(s) are shared across all of application instance for accessing requested resource).
As to claim 10, D teaches a non-transitory computer readable medium having program instructions stored thereon that are capable of causing a server system to perform operations (D: pars 0006-0007, method, system, and computer program product, for performing operation of token validation and refreshing token plurality of application instances for accessing resource provided by a resource server) comprising:
instantiating a plurality of instances of an application that are operable to serve content to a [ ] client device communicating with the server system (D: pars 0006, 0007, 0025-0027; Fig 1, a client device uses a one of plurality of application instances to initiate access to a resource provided at a resource server);
determining, by a first of the plurality of application instances, whether an authentication token usable by the plurality of application instances to obtain content from a database has expired (D: pars 0006, 0007, 0025-0027; Fig 1, the requesting application instances uses an access token [i.e. an authentication token] to request the resource), wherein the authentication token is maintained in a storage accessible to the plurality of application instances (D: pars 0006, 0007, 0025-0027; Fig 1, the access token [i.e. the authentication token] is stored in a data repository [i.e. storage]. The valid token(s) are shared [i.e. accessible] across all of application instances); and
in response to determining that the authentication token has expired, sending, by the first application instance, a refresh request for the authentication token to an authentication service (D: pars 0006, 0007, 0025-0027, the system receives a request for the refresh token, and an authorization system validates if an existing access token being valid).
D does not explicitly teach a browser of a client device; and in response to determining that the authentication token has not been refreshed by the authentication 
However, in an analogous art, Kitchen teaches a browser of a client device (Kitchen: col 3, lines 33-50, a web browser on a client device is used to request access to resources hosted on a server, over a network); and in response to determining that the authentication token has not been refreshed by the authentication service, checking the storage to determine whether another instance of the plurality of instances of the application has stored a refreshed authentication token in the storage (Kitchen: col 2, lines53-67,col 8, line 65-67, col 9, lines 1-43; Fig 2C, 4, discloses a predetermined time need to be reached, before a refresh token is valid. Also where two or more request for a resource can be made to the server for authentication and resource access).
Therefore, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to combine the teachings of Kitchen with the method/system of D for the benefit of providing a user with a means for wanting a preset time period to check if there is any refresh token that has been requested by another application instance and is shareable by multiple applicant instances, that can be used once a predetermined time has elapsed and the refresh token become valid to access resources (Kitchen: col 2, lines53-67,col 8, line 65-67, col 9, lines 1-43). 
As to claims 11-14, the claims are similar to the claims 2 and 5-7, respectively and in combination, and are rejected for the same reasons set forth above for claims 2 and 5-7.
As to claim 15, D teaches a method (D: pars 0006-0007, method, system, and computer program product, for performing operation of token validation and refreshing token plurality of application instances for accessing resource provided by a resource server) comprising:
receiving, by a first of a plurality of instances of an application executing on a server system, a request to perform a service from a [ ] client device (D: pars 0006, 0007, 0025-0027; Fig 1, a client device uses a one of plurality of application instances to initiate access to a resource provided at a resource server);
determining, by the first application instance, that an authentication token useable to provide the service has expired (D: pars 0006, 0007, 0025-0027; Fig 1, the requesting application instances uses an access token [i.e. an authentication token] to request the resource), wherein the authentication token is maintained in a storage accessible to the plurality of application instances (D: pars 0006, 0007, 0025-0027; Fig 1, the access token [i.e. the authentication token] is stored in a data repository [i.e. storage]. The valid token(s) are shared [i.e. accessible] across all of application instances); and 
sending, by the first application instance, a refresh request for the authentication token to an authentication service (D: pars 0006, 0007, 0025-0027, the system receives a request for the refresh token, and an authorization system validates if an existing access token being valid).
D does not explicitly teach a browser of a client device; and in response to the authentication service denying the refresh request, determining, by the first application 
However, in an analogous art, Kitchen teaches a browser of a client device (Kitchen: col 3, lines 33-50, a web browser on a client device is used to request access to resources hosted on a server, over a network); and in response to the authentication service denying the refresh request, determining, by the first application instance, whether another instance of the plurality of instances of the application has refreshed the authentication token by checking the storage (Kitchen: col 2, lines53-67,col 8, line 65-67, col 9, lines 1-43; Fig 2C, 4, discloses a predetermined time need to be reached, before a refresh token is valid. Also where two or more request for a resource can be made to the server for authentication and resource access).
Therefore, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to combine the teachings of Kitchen with the method/system of D for the benefit of providing a user with a means for wanting a preset time period to check if there is any refresh token that has been requested by another application instance and is shareable by multiple applicant instances, that can be used once a predetermined time has elapsed and the refresh token become valid to access resources (Kitchen: col 2, lines53-67,col 8, line 65-67, col 9, lines 1-43). 
As to claims 16-20, the claims are similar to the claims 2, 3, 6, 7, and 9, respectively and in combination, and are rejected for the same reasons set forth above for claims 2, 3, 6, 7, and 9.
Conclusion
Any inquiry concerning this communication or earlier communications from the examiner should be directed to Jahangir Kabir whose telephone number is (571) 270-3355.  The examiner can normally be reached on 9:00- 5:00 Mon-Thu.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Luu Pham can be reached on (571) 270-5002.  The fax number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system.  Status information for published applications may be obtained from either Private PAIR or Public PAIR.  Status information for unpublished applications is available through Private PAIR only.  For more information about the PAIR system, see http://pair-direct.uspto.gov. Should you have questions on access to the Private PAIR system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative or access to the automated information system, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.

/JAHANGIR KABIR/             Primary Examiner, Art Unit 2439