DETAILED ACTION

Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .

Information Disclosure Statement
The information disclosure statement (IDS) submitted on November 8, 2021 is in compliance with the provisions of 37 CFR 1.97.  Accordingly, the information disclosure statement is being considered by the examiner.

Response to Arguments
In response to applicant's argument that the references fail to show certain features of applicant’s invention, it is noted that the features upon which applicant relies (i.e., “the invention is directed towards a solution where the key pair is generated by a client and the public key of the key pair is received by the authentication server in a second message”) are not recited in the rejected claims.  Although the claims are interpreted in light of the specification, limitations from the specification are not read into the claims.  See In re Van Geuns, 988 F.2d 1181, 26 USPQ2d 1057 (Fed. Cir. 1993).
Applicant’s arguments filed with respect to the rejections of the claims have been fully considered and are persuasive.  The Examiner agrees with the Applicant’s assertion that Yamanakajima et al fails to disclose of the client failing to send a second message with the first access token and public key value to the authentication server, and then storing the public key value in association with the first access token.  Therefore, the rejection has been withdrawn.  However, upon further consideration, a 

Claim Rejections - 35 USC § 103
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.

Claims 1, 8, and 15 are rejected under 35 U.S.C. 103 as being unpatentable over Yamanakajima et al, U.S. Patent 10,785,204 in view of Donsomsakunkij et al, US 2021/0058242.

As per claim 1, it is taught by Yamanakajima et al of a computer-implemented secure token refresh method (col. 13, lines 4-6), the method comprising:
by an authentication service (authorization server), receiving a first message from a client with a first access token request (client is initially registered to establish identifying information tied to the client, which then proceeds to request a token using the registered data, col. 9, lines 22-23 and col. 13, lines 1-3) and, in response, sending a message that includes a first access token to the client (col. 13, lines 4-6).  
Although the teachings the Yamanakajima et al verifying the token using a registered client ID and private key, however the teachings fail to disclose of receiving a second message that includes the first access token and a public key value by the authentication service; and in response to receiving the second message, storing the public key value in association with the first access token.

It would have been obvious to a person of ordinary skill in the art at the effective filing date of the claimed invention to have been motivated to securely transfer associated information together in a secure manner to be stored at a remote location.  The teachings of Donsomsakunkij et al disclose of using the using the client token to identify the client, and for enabling the remote server computer to identify the client public key pair which maintains those values for future comparison of the client computer (paragraph 0066, lines 9-12 and paragraph 0068, lines 1-8).  Although the teachings of Yamanakajima et al disclose of processing token requests, the teachings of Donsomsakunkij et al offer an alternative wherein the client device is responsible for generating a public key pair that is associated with a requested token that can be effectively validated later by the server that holds the associated data.
As per claim 8, it is disclosed by Yamanakajima et al of a system for secure token refresh (col. 13, lines 4-6), the system comprising:
one or more processors (col. 6, lines 40-44); and
one or more memory devices in communication with the one or more processors (col. 6, lines 40-44), the memory devices having computer-readable instructions stored thereupon that, when executed by the processors, cause the processors to perform a method for secure token refresh (col. 13, lines 4-6), the method comprising:
by an authentication service (authorization server), receiving a first message from a client with a first access token request (client is initially registered to establish identifying information tied to the client, which then proceeds to request a token using the registered data, col. 9, lines 22-23 and col. 13, 
Although the teachings the Yamanakajima et al verifying the token using a registered client ID and private key, however the teachings fail to disclose of receiving a second message that includes the first access token and a public key value by the authentication service; and in response to receiving the second message, storing the public key value in association with the first access token.
In a related teaching, Donsomsakunkij et al teaches of receiving a second message that includes the first access token and a public key value by the authentication service (remote computer server)(paragraph 0067, lines 1-9); and in response to receiving the second message, storing the public key value in association with the first access token (paragraph 0068, lines 1-8).
It would have been obvious to a person of ordinary skill in the art at the effective filing date of the claimed invention to have been motivated to securely transfer associated information together in a secure manner to be stored at a remote location.  The teachings of Donsomsakunkij et al disclose of using the using the client token to identify the client, and for enabling the remote server computer to identify the client public key pair which maintains those values for future comparison of the client computer (paragraph 0066, lines 9-12 and paragraph 0068, lines 1-8).  Although the teachings of Yamanakajima et al disclose of processing token requests, the teachings of Donsomsakunkij et al offer an alternative wherein the client device is responsible for generating a public key pair that is associated with a requested token that can be effectively validated later by the server that holds the associated data.
As per claim 15, it is taught by Yamanakajima et al of one or more computer storage media having computer executable instructions stored thereon which, when executed by one or more processors, cause the processors to execute a secure token refresh method (col. 13, lines 4-6), the method comprising:

Although the teachings the Yamanakajima et al verifying the token using a registered client ID and private key, however the teachings fail to disclose of receiving a second message that includes the first access token and a public key value by the authentication service; and in response to receiving the second message, storing the public key value in association with the first access token.
In a related teaching, Donsomsakunkij et al teaches of receiving a second message that includes the first access token and a public key value by the authentication service (remote computer server)(paragraph 0067, lines 1-9); and in response to receiving the second message, storing the public key value in association with the first access token (paragraph 0068, lines 1-8).
It would have been obvious to a person of ordinary skill in the art at the effective filing date of the claimed invention to have been motivated to securely transfer associated information together in a secure manner to be stored at a remote location.  The teachings of Donsomsakunkij et al disclose of using the using the client token to identify the client, and for enabling the remote server computer to identify the client public key pair which maintains those values for future comparison of the client computer (paragraph 0066, lines 9-12 and paragraph 0068, lines 1-8).  Although the teachings of Yamanakajima et al disclose of processing token requests, the teachings of Donsomsakunkij et al offer an alternative wherein the client device is responsible for generating a public key pair that is associated with a requested token that can be effectively validated later by the server that holds the associated data.

Allowable Subject Matter
Claims 2-7, 9-14, and 16-20 are objected to as being dependent upon a rejected base claim, but would be allowable if rewritten in independent form including all of the limitations of the base claim and any intervening claims.

Conclusion
The prior art made of record and not relied upon is considered pertinent to applicant's disclosure.
Ajitomi et al, US 2020/0092101 is relied upon for disclosing of issuing access tokens to clients using OAuth 2.0 (see paragraph 0100), and the tokens include a public key generated by the client (see paragraph 0092.
Kitagata, US 2020/0336494 is relied upon for disclosing of obtaining a public key from a client of which a token request has originated from, see paragraph 0061.
Nosseir et al, WO 2018/223125 A1 is relied upon for disclosing of an issuer network node that receives a request that includes a communication device public key in order to issue a credential for the communication device, see paragraph 0005 on page 2.
Any inquiry concerning this communication or earlier communications from the examiner should be directed to CHRISTOPHER A REVAK whose telephone number is (571)272-3794. The examiner can normally be reached 5:30am - 3:00pm.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.

Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. Visit https://www.uspto.gov/patents/apply/patent-center for more information about Patent Center and https://www.uspto.gov/patents/docx for information about filing in DOCX format. For additional questions, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.












/CHRISTOPHER A REVAK/Primary Examiner, Art Unit 2431