Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .

	DETAILED ACTION
Response to Amendment
This action is in response to an after-final amendment filed March 8, 2022. Claims 3-20 have been amended. Claims 1-20 remain pending in this application. Applicant's request for reconsideration of the finality of the rejection of the last Office action is persuasive and, therefore, the finality of that action is withdrawn.

Response to Arguments
Applicant’s arguments, see Remarks, filed March 8, 2022, with respect to the rejection(s) of the claim(s) have been fully considered and are persuasive.  Therefore, the rejection has been withdrawn.  However, upon further consideration, a new ground(s) of rejection is made in view of Gan et al. (US 2016/0316368 A1).

Claim Objections
Claim 7 remains objected to because of the following informalities:  A comma is missing after the number in the preamble.  Appropriate correction is required.

Claim Rejections - 35 USC § 102
The following is a quotation of the appropriate paragraphs of 35 U.S.C. 102 that form the basis for the rejections under this section made in this Office action:


(a)(1) the claimed invention was patented, described in a printed publication, or in public use, on sale, or otherwise available to the public before the effective filing date of the claimed invention.

Claim(s) 1-3, 9-11, and 17 is/are rejected under 35 U.S.C. 102(a)(1) as being anticipated by Gan et al. (US 2016/0316368 A1).

With respect to claim 1, Gan discloses a method of dynamic authentication scheme selection in a distributed computing system executing instructions to provide multiple computing services including an authentication service (Abstract), the method comprising:
receiving, at the authentication service, data representing an authentication request from a computing service (Figure 2, [0007], and [0117], user equipment sends request including authentication algorithm to serving device); and
in response to receiving the authentication request, 
analyzing, at the authentication service, the received data representing the authentication request for an indicator of an authentication scheme that is supported by the computing service submitting the authentication request (Figure 2, [0008], and [0028], information about supported authentication algorithm is sent by UE to serving device); 
determining, at the authentication service, whether the authentication scheme of the indicator matches one of one or more authentication schemes supported by the authentication service (Figure 2, [0011], and [0013], wherein algorithm supported by both devices is selected by serving device and set as the selected algorithm for authentication); and

initiating, with the authentication service, an authentication process with the computing service according to the authentication scheme that is supported by both the computing service and the authentication service (Figure 2, [0013], [0019], providing an authentication vector to UE to authenticate the user after selection of authentication algorithm);
upon successful authentication, transmitting, from the authentication service, a security token to the computing service useful for authenticating the computing service to other computing services in the distributed computing system, thereby dynamically selecting the authentication scheme from ‘the’ one or more authentication schemes supported at the authentication service for providing the security token in response to the received authentication request ([0022] and [0131], wherein authentication vector includes a parameter used to authenticate UE);
With respect to claim 2, Gan discloses the method of claim 1, wherein accessing, with the authentication service, a database containing records of authentication configuration indicating the one or more authentication schemes supported by the authentication service ([0172]); and
wherein determining, at the authentication service, whether the authentication scheme of the indicator matches one of one or more authentication schemes supported 
With respect to claim 3, Gan discloses the method of claim 1, wherein receiving the data representing the authentication request from the computing service includes receiving the data representing the authentication request from the computing service at an authentication interface of the authentication service that is configured to facilitate the initiated authentication process with the computing service irrespective of the authentication scheme according to which the authentication process is initiated (Figure 3, [0011], and [0013]).
With respect to claim 9, Gan discloses the method of claim 1, 
the authentication request is a first authentication request (Figure 2); 
the authentication scheme is a first authentication scheme (Figure 2 and [0028]); 
the computing service is a first computing service (Figure 2); 
the method further includes, upon receiving a second authentication request from a second computing service, 
analyzing, at the authentication service, the received second authentication request for an indicator of a second authentication scheme that is supported by the second computing service, the second authentication scheme being different than the first authentication scheme (Figure 2, [0008], and [0028]);

in response to determining that the second authentication scheme is supported by the authentication service, initiating, with the authentication service, another authentication process with the second computing service according to the second authentication scheme ([0013] and [0019]); and
upon successful authentication, transmitting, from the authentication service,  another security token to the second computing service useful for authenticating the second computing service to other computing services in the distributed computing system ([0022] and [0131]); and 
	With respect to claim(s) 10-11 and 17, the computing device and method of claim(s) 10-11 and 17 does/do not limit or further define over the method of claim(s) 1 and 3. The limitations of claim(s) 10-11 and 17 is/are essentially similar to the limitations of claim(s) 1 and 3. Therefore, claim(s) 10-11 and 17 is/are rejected for the same reasons as claim(s) 1 and 3. Please see rejection above.	

Claim Rejections - 35 USC § 103
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.

Claims 4-5, 7-8, 12-13, 15-16, and 18-19 is/are rejected under 35 U.S.C. 103 as being unpatentable over Gan et al. (US 2016/0316368 A1), in view of James et al. (US 2010/0251345 A1), from Applicant(s)’ IDS.

With respect to claim 4, Gan discloses the method of claim 1, but does not explicitly teach wherein analyzing, at the authentication service,  the received data representing the authentication request includes:
parsing, at the authentication service,  a header of the authentication request;
determining, at the authentication service,  whether the parsed header contains a value representing an indication that Windows authentication is enabled; and
in response to determining that the parsed header contains a value representing an indication that Windows authentication is enabled, indicating, at the authentication service,  that the computing service supports Windows authentication;
However, James discloses analyzing, at the authentication service,  the received data representing the authentication request includes:
parsing, at the authentication service,  a header of the authentication request ([0027], parsing the HTTP authorization header containing scheme identifier);
determining, at the authentication service,  whether the parsed header contains a value representing an indication that Windows authentication is enabled ([0027], scheme identifier); and
in response to determining that the parsed header contains a value representing an indication that Windows authentication is enabled, indicating, at the authentication 
Therefore, it would have been obvious to one of ordinary skill in the art, at the time the invention was filed, to combine the teachings of Gan with the teachings of James and parse a header of an authentication request to indicate support for authentication, in order to obtain information on which authentication scheme is supported by the client device for performing authentication of the client device.
With respect to claim 5, Gan discloses the method of claim 1, but does not explicitly teach wherein analyzing, at the authentication service,  the received data representing the authentication request includes:
parsing, at the authentication service,  a header of the authentication request;
determining, at the authentication service,  whether the parsed header contains a value representing an indication that an authentication token is included with the authentication request; and 
in response to determining that the parsed header contains a value representing an indication that an authentication token is included with the authentication request, indicating, at the authentication service,  that the computing service supports bearer authentication;
However, James discloses wherein analyzing, at the authentication service,  the received data representing the authentication request includes:
parsing, at the authentication service,  a header of the authentication request ([0027], parsing the HTTP authorization header containing scheme identifier);

in response to determining that the parsed header contains a value representing an indication that an authentication token is included with the authentication request, indicating, at the authentication service,  that the computing service supports bearer authentication ([0027], determining support for authentication scheme);
Therefore, it would have been obvious to one of ordinary skill in the art, at the time the invention was filed, to combine the teachings of Gan with the teachings of James and parse a header of an authentication request to indicate support for authentication, in order to obtain information on which authentication scheme is supported by the client device for performing authentication of the client device.
With respect to claim 7, Gan discloses the method of claim 1, but does not explicitly teach wherein analyzing, at the authentication service, the received data representing the authentication request includes:
parsing, at the authentication service, a header of the authentication request;
determining, at the authentication service, whether the header of the authentication request contains an authentication scheme selected by the computing service; and 
in response to determining that the authentication request contains an authentication scheme selected by the computing service, indicating, at the authentication service, that the computing service supports the authentication scheme selected by the computing service;

parsing, at the authentication service, a header of the authentication request ([0027], parsing the HTTP authorization header containing scheme identifier);
determining, at the authentication service, whether the header of the authentication request contains an authentication scheme selected by the computing service ([0027], scheme identifier); and
in response to determining that the authentication request contains an authentication scheme selected by the computing service, indicating, at the authentication service, that the computing service supports the authentication scheme selected by the computing service ([0027], determining support for authentication scheme);
Therefore, it would have been obvious to one of ordinary skill in the art, at the time the invention was filed, to combine the teachings of Gan with the teachings of James and parse a header of an authentication request to indicate support for authentication, in order to obtain information on which authentication scheme is supported by the client device for performing authentication of the client device.
With respect to claim 8, Gan discloses the method of claim 1, but does not explicitly teach wherein the authentication request is formatted as a Hypertext Transport Protocol;
analyzing, at the authentication service, the received data representing the authentication request includes analyzing, at the authentication service, the received 
initiating, with the authentication service, the authentication process includes:
selecting, at the authentication service, an authentication handler corresponding to the authentication scheme that is supported by both the computing service and the authentication service; and
instructing the selected authentication handler to initiate the authentication process with the computing service;
However, James discloses the authentication request is formatted as a Hypertext Transport Protocol (HTTP) packet (Abstract and Figure 3, HTTP request);
analyzing, at the authentication service, the received data representing the authentication request includes analyzing, at the authentication service, the received HTTP packet of the authentication request with an HTTP listener of the authentication service ([0027]); and 
initiating, with the authentication service, the authentication process includes:
selecting, at the authentication service, an authentication handler corresponding to the authentication scheme that is supported by both the computing service and the authentication service (Figure 3, 310-316 negotiate authentication scheme); and
instructing the selected authentication handler to initiate the authentication process with the computing service (Figure 3).
Therefore, it would have been obvious to one of ordinary skill in the art, at the time the invention was filed, to combine the teachings of Gan with the teachings of 
	With respect to claim(s) 12-13, 15-16, and 18-19, the computing device and method of claim(s) 12-13, 15 and 18-19 does/do not limit or further define over the method of claim(s) 4-5 and 7-8. The limitations of claim(s) 12-13, 15-16, and 18-19 is/are essentially similar to the limitations of claim(s) 4-5 and 7-8. Therefore, claim(s) 12-13, 15-16, and 18-19 is/are rejected for the same reasons as claim(s) 4-5 and 7-8. Please see rejection above.	

Claims 6, 14, and 20 is/are rejected under 35 U.S.C. 103 as being unpatentable over Gan et al. (US 2016/0316368 A1), in view of Moreh et al. (US 2003/0046391 A1), from Applicant(s)’ IDS, and further in view of James et al. (US 2010/0251345 A1), from Applicant(s)’ IDS.

With respect to claim 6, Gan discloses the method of claim 1, but does not explicitly teach wherein analyzing the received data representing the authentication request includes:
….determining, at the authentication service,  whether the authentication request is digitally signed with a digital signature; and 
in response to determining that the authentication request is digitally signed with a digital signature, indicating that the computing service supports certificate authentication;

in response to determining that the authentication request is digitally signed with a digital signature, indicating that the computing service supports certificate authentication ([0067] and [0069], verification of digital certificates);
Therefore, it would have been obvious to one of ordinary skill in the art, at the time the invention was filed, to combine the teachings of Gan with the teachings of Moreh and digitally sign the authentication request, in order to add an additional layer of security to the system.
The combination of Gan and Moreh does not explicitly teach wherein analyzing, at the authentication service, the received data representing the authentication request includes:
parsing, at the authentication service, a payload of the authentication request; and
based on the parsed payload….; 
However, James discloses analyzing, at the authentication service,  the received data representing the authentication request includes parsing, at the authentication service,  a payload of the authentication request ([0027], parsing the HTTP authorization header containing scheme identifier);
based on the parsed payload….. ([0027], parsing header to obtain data associated with the request); and

With respect to claim(s) 14 and 20, the computing device and method of claim(s) 14 and 20 does/do not limit or further define over the method of claim(s) 6. The limitations of claim(s) 14 and 20 is/are essentially similar to the limitations of claim(s) 6. Therefore, claim(s) 14 and 20 is/are rejected for the same reasons as claim(s) 6. Please see rejection above.	


Conclusion
Any inquiry concerning this communication or earlier communications from the examiner should be directed to ESTHER B. HENDERSON whose telephone number is (571)270-3807.  The examiner can normally be reached on Monday-Friday 6a-2p ET.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Kevin T. Bates can be reached on 571-272-3980.  The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.

/ESTHER B. HENDERSON/Primary Examiner, Art Unit 2458                                                                                                                                                                                                        March 29, 2022