DETAILED ACTION
Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .

1. The following is a non-Final Office Action in response to applicant’s arguments/filing filed on January 21, 2021

Claims 19, 21, and 23 are cancelled
Claims 1-18, 20, and 22 are pending
 
Foreign Priority
 	Acknowledgment is made of applicant's claim for foreign priority under 35 U.S.C. 119(a)-(d).  The certified copy has been filed in the instant Application filed on 1/21/2021

 

Information Disclosure Statement
The information disclosure statement (IDS) submitted on 1/21/2021 was filed prior to the mailing date of the first office action on 4/25/2022.  The submission is in compliance with the provisions of 37 CFR 1.97.  Accordingly, the information disclosure statement is being considered by the examiner.

Drawings
Acknowledgment is made of applicant’s drawings submitted on 1/21/2021.

Oath/Declaration
Acknowledgment is made of applicant’s oath submitted on 1/21/2021

Application Data Sheet
Acknowledgment is made of applicant’s application data sheet submitted on 1/21/2021.



Claim Rejections - 35 USC § 102
The following is a quotation of the appropriate paragraphs of 35 U.S.C. 102 that form the basis for the rejections under this section made in this Office action:
A person shall be entitled to a patent unless –
In the event the determination of the status of the application as subject to AIA  35 U.S.C. 102 and 103 (or as subject to pre-AIA  35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status.
(a)(1) the claimed invention was patented, described in a printed publication, or in public use, on sale or otherwise available to the public before the effective filing date of the claimed invention.


1.) Claims 1-3, 6-12, and 15-18 are rejected under 35 U.S.C. 102(a)(1) as being anticipated by IDS supplied reference, 3GPP TS (initial publication: 10/2017), hereinafter, Huawei

 	In regards to claim 1, Huawei discloses a method for revoking authorization for an Application Program Interface (API) invoker in a first apparatus, comprising: 
sending, to a second apparatus, a request for revoking authorization of an API for the API invoker with an API invoker ID, an API Exposing Function (AEF) identifier and at least one API identifier(Huawei, section 8.23.1, pg. 54 and 58, where an AEF implicitly sends a request to the CAPIF to revoke an API invoker authorization for an API, wherein the API invoker includes identity information and the API includes an service API identification[Table 8.23.2.1-1]. Moreover, since the API invoker to the AEF is specific to an API[section 8.17.2.1, pg. 51], it’s implicit that an identifier for an AEF may be defined that is also specific to an API such as in the API exposing[AEF] identity described in Table 8.19.2.1-1[pg.54]); and 
receiving a response to the request from the second apparatus(Huawei, section 8.23.2.2, where an API invoker authorization response is received from the CAPIF); 
wherein the API identified by the at least one API identifier is part of all APIs authorized for the API invoker(Huawei, Table 8.23.2.3-1, pg. 58, where each API is associated with API identity information for which an API is authorized).  

 	In regards to claim 2, Huawei discloses the method according to claim 1, wherein the first apparatus is an AEF and the second apparatus is an authorization server(Huawei, section 8.23.1 and section 9.3, 2nd sentence, where an AEF implicitly sends a request to the CAPIF core function to revoke an API invoker authorization for an API, wherein the CAPIF core function is a server).  

 	In regards to claim 3, Huawei discloses the method according to claim 1, wherein the first apparatus is an authorization server and the second apparatus is an AEF(Huawei, Figure 8.23.3-1 and section 9.3, 2nd sentence, where a response message[step 4] originates from the CAPIF Core function[server, 1st apparatus] and sent to the AEF[i.e. 2nd apparatus], wherein the CAPIF Core function is a server).  

 	In regards to claim 6, Huawei discloses the method according to claim 2, wherein the AEF comprises: a Service Capability Exposure Function[[,]] (SCEF); a Network Exposure Function (NEF) (Huawei, table B.2.1-1 pg. 80, NEF [5GS network exposure]); or a Broadcast Multicast Service Center (BMSC); and the authorization server comprises a Common API Framework (CAPIF) Core function(Huawei, section 9.3, 2nd , where the CAPIF may be a server).
  
 	In regards to claim 7, Huawei discloses the method according to claim 2, further comprising: 3/8invalidating the authorization of the API indicated by the at least one API identifier with the AEF for the API invoker(Huawei, section 8.23.1, pg. 58, where an AEF implicitly sends a request to the CAPIF to revoke an API invoker authorization for an API, wherein the API invoker includes identity information and the API includes an service API identification[Table 8.23.2.1-1]).  

 	In regards to claim 8, Huawei discloses the method according to claim 3, further comprising: notifying the API invoker of revocation of the authorization of API identified by the at least one API identifier with the AEF(Huawei, section 8.23.1, pg. 58, step 6, where the API invoker receives a notification of revocation).  

 	In regards to claim 9, Huawei discloses the method according to claim 1, wherein the response to the request from the second apparatus comprises an acknowledge message for the request(Huawei, section 8.8.2.4, pg. 37, where an event notification acknowledgement is provided).  

 	In regards to claim 10, Huawei discloses a method for revoking authorization for an Application Program Interface (API} invoker in a second apparatus, comprising: receiving, from a first apparatus, a request for revoking authorization of an API for the API invoker with an API invoker ID, an API Exposing Function (AEF) identifier and at least one API identifier(Huawei, section 8.23.1, pg. 54 and 58, where an AEF implicitly sends a request to the CAPIF to revoke an API invoker authorization for an API, wherein the API invoker includes identity information and the API includes an service API identification[Table 8.23.2.1-1]. Moreover, since the API invoker to the AEF is specific to an API[section 8.17.2.1, pg. 51], it’s implicit that an identifier for an AEF may be defined that is also specific to an API such as in the API exposing[AEF] identity described in Table 8.19.2.1-1[pg.54]); and sending a response to the request to the first apparatus(Huawei, fig. 8.23.3-1, where an AEF receives a response to the request sent to the CAPIF Core function); wherein the API identified by the at least one API identifier is part of all(Huawei, Table 8.23.2.3-1, pg. 58, where each API is associated with API identity information for which an API is authorized).  

 	In regards to claim 11, Huawei discloses the method according to claim 10, wherein the first apparatus is an AEF and the second apparatus is an authorization server(Huawei, section 8.23.1 and section 9.3, 2nd sentence, where an AEF implicitly sends a request to the CAPIF core function to revoke an API invoker authorization for an API, wherein the CAPIF core function is a server).  

 	In regards to claim 12, Huawei discloses the method according to claim 10, wherein the first apparatus is an authorization server and the second apparatus is an AEF(Huawei, Figure 8.23.3-1 and section 9.3, 2nd sentence, where a response message[step 4] originates from the CAPIF Core function[server, 1st apparatus] and sent to the AEF[i.e. 2nd apparatus], wherein the CAPIF Core function is a server).  

 	In regards to claim 15, Huawei teaches the method according to claim 11, wherein the AEF comprises: a Service Capability Exposure Function (SCEF); a Network Exposure Function(NEF) (Huawei, table B.2.1-1 pg. 80, NEF [5GS network exposure]); or a Broadcast Multicast Service Center(BMSC); and the authorization server comprises a Common API Framework(CAPIF) Core function(Huawei, section 9.3, 2nd , where the CAPIF may be a server). 
 
 	In regards to 16, Huawei discloses the method according to claim 11, further comprising: invalidating the authorization of the API indicated by the at least one API identifier with the AEF for the API invoker(Huawei, section 8.23.1, pg. 58, where an AEF implicitly sends a request to the CAPIF to revoke an API invoker authorization for an API, wherein the API invoker includes identity information and the API includes an service API identification[Table 8.23.2.1-1]). 
 
 	In regards to claim 17, Huawei discloses the method according to claim 11, further comprising: notifying the API invoker of revocation of the authorization of API identified by the at least one API identifier with the AEF(Huawei, section 8.23.1, pg. 58, step 6, where the API invoker receives a notification of revocation). 
  	In regards to claim 18, Huawei discloses the method according to claim 10, wherein the response to the request to the first apparatus comprises an acknowledge message for the request(Huawei, section 8.8.2.4, pg. 37, where an event notification acknowledgement is provided).  





Claim Rejections - 35 USC § 103
In the event the determination of the status of the application as subject to AIA  35 U.S.C. 102 and 103 (or as subject to pre-AIA  35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status.
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102 of this title, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains.  Patentability shall not be negated by the manner in which the invention was made.

2.) Claims 4, 5, 13, and 14 are rejected under 35 U.S.C. 103 as being unpatentable over IDS supplied reference, 3GPP TS (initial publication: 10/2017), hereinafter, Huawei in view of US 20090252159, Lawson

 	In regards to claim 4, Huawei teaches the method according to claim 1. Huawei does not teach wherein the request is sent, via an HTTP POST message containing the API invoker ID, the AEF identifier and the at least one API identifier, to an URI on the second apparatus 	However, Lawson teaches wherein the request is sent, via an HTTP POST message containing the API invoker ID, the AEF identifier and the at least one API identifier, to an URI on the second apparatus (see US 20090252159, Lawson, para. 0020, where a request is sent to a server/URI via an HTTP POST).   	It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to modify the teaching of Huawei with the teaching of Lawson because a user would have been motivated to use a URI to designate an address destination and an API for issuing an HTTP command, taught by Lawson, for transmitting an API revocation message, taught by Huawei, in order to process API revocation messages(see Lawson, para. 0017)

 	In regards to claim 5, the combination of Huawei and Lawson teach the method according to claim 4, wherein the HTTP POST message further contains a cause for revoking the authorization of the API identified by the at least one API identifier for the API invoker(Huawei, Figure 8.23.1 and Table 8.23.2.1[pg. 58], where the AEF or CAPIF may revoke the API invoker authorization based on a usage limit triggering event and wherein the revoke API invoker authorization request specifies the cause for revoking the SPI invoker authorization).  

 	In regards to claim 13, Huawei teaches the method according to claim 10. Huawei does not teach wherein the request is received, via an HTTP POST message containing the API invoker ID, the AEF identifier and the at least one API identifier 	However, Lawson teaches wherein the request is received, via an HTTP POST message containing the API invoker ID, the AEF identifier and the at least one API identifier(see US 20090252159, Lawson, para. 0020, where a request is sent to a server/URI via an HTTP POST). 	It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to modify the teaching of Huawei with the teaching of Lawson because a user would have been motivated to use a URI to designate an address destination and an API for issuing an HTTP command, taught by Lawson, for transmitting an API revocation message, taught by Huawei, in order to process API revocation messages(see Lawson, para. 0017)  

 	In regards to claim 14, the combination of Huawei and Lawson teach the method according to claim 13, wherein the HTTP POST message further contains a cause for revoking the authorization of the API identified by the at least one API identifier for the API invoker(Huawei, Figure 8.23.1 and Table 8.23.2.1[pg. 58], where the AEF or CAPIF may revoke the API invoker authorization based on a usage limit triggering event and wherein the revoke API invoker authorization request specifies the cause for revoking the SPI invoker authorization). 


3.) Claims 20 and 22 are rejected under 35 U.S.C. 103 as being unpatentable over IDS supplied reference, 3GPP TS (initial publication: 10/2017), hereinafter, Huawei in view of US 20210160247, Gaddam

  	In regards to claim 20, Huawei teaches a first apparatus for revoking authorization of an Application Program Interface (API) invoker, comprising: one or more memories comprising computer program which, when executed by the one or more processors, cause the first apparatus to: send, to a second apparatus, a request for revoking authorization of an API for the API invoker with an API invoker ID, an API Exposing Function (AEF) identifier and at least one API identifier; and receive a response to the request from the second apparatus(Huawei, section 8.23.1, pg. 54 and 58, where an AEF implicitly sends a request to the CAPIF to revoke an API invoker authorization for an API, wherein the API invoker includes identity information and the API includes an service API identification[Table 8.23.2.1-1]. Moreover, since the API invoker to the AEF is specific to an API[section 8.17.2.1, pg. 51], it’s implicit that an identifier for an AEF may be defined that is also specific to an API such as in the API exposing[AEF] identity described in Table 8.19.2.1-1[pg.54]); wherein the API identified by the at least one API identifier is part of all APIs authorized for the API invoker(Huawei, Table 8.23.2.3-1, pg. 58, where each API is associated with API identity information for which an API is authorized) 	Huawei does not teach one or more processors; and one or more memories comprising computer program which, when executed by the one or more processors, cause the first apparatus to perform operations;
 	However, Gaddam teaches one or more processors(see US 20210160247, Gaddam, para. 0009, where a resource access system comprises a processor); and one or more memories comprising computer program which, when executed by the one or more processors, cause the first apparatus to perform operations(see US 20210160247, Gaddam, para. 0009, where the processor is coupled to a medium for executing code to perform operations).   	It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to modify the teaching of Huawei with the teaching of Gaddam because a user would have been motivated to apply code executed by a processor, taught by Gaddam, in order to control access to entities by executing the revocation operations, taught by Huawei, to revoke an API authorization to perform functions(see Gaddam, para. 0001)

 	In regards to claim 22, Huawei teaches a second apparatus for revoking authorization of an Application Program Interface (API) invoker, comprising: one or more memories comprising computer program which, when executed by the one or more processors, cause the second apparatus to: receive, from a first apparatus, a request for revoking authorization of an API for the API invoker with an API invoker ID, an API Exposing Function (AEF) identifier and at least one API identifier(Huawei, section 8.23.1, pg. 54 and 58, where an AEF implicitly sends a request to the CAPIF to revoke an API invoker authorization for an API, wherein the API invoker includes identity information and the API includes an service API identification[Table 8.23.2.1-1]. Moreover, since the API invoker to the AEF is specific to an API[section 8.17.2.1, pg. 51], it’s implicit that an identifier for an AEF may be defined that is also specific to an API such as in the API exposing[AEF] identity described in Table 8.19.2.1-1[pg.54]); and send a response to the request to the first apparatus(Huawei, fig. 8.23.3-1, where an AEF receives a response to the request sent to the CAPIF Core function); wherein the API identified by the at least one API identifier is part of all APIs authorized for the API invoker(Huawei, Table 8.23.2.3-1, pg. 58, where each API is associated with API identity information for which an API is authorized) 	Huawei does not teach one or more processors; and one or more memories comprising computer program which, when executed by the one or more processors, cause the second apparatus to perform an operation: 
 	However, Gaddam teaches one or more processors(see US 20210160247, Gaddam, para. 0009, where a resource access system comprises a processor); and one or more memories comprising computer program which, when executed by the one or more processors(see US 20210160247, Gaddam, para. 0009, where the processor is coupled to a medium for executing code), cause the second apparatus to perform an operation.  	It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to modify the teaching of Huawei with the teaching of Gaddam because a user would have been motivated to apply code executed by a processor, taught by Gaddam, in order to control access to entities by executing the revocation operations, taught by Huawei, to revoke an API authorization to perform functions(see Gaddam, para. 0001).  

CONCLUSION
Any inquiry concerning this communication or earlier communications from the examiner should be directed to GREGORY LANE whose telephone number is (571)270-7469.  The examiner can normally be reached on 571 270 7469 from 8:00 AM to 6:00 PM.
If attempts to reach the examiner by telephone are unsuccessful, the examiner's supervisor, Taghi Arani, can be reached on 571 272 3787.  The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system.  Status information for published applications may be obtained from either Private PAIR or Public PAIR.  Status information for unpublished applications is available through Private PAIR only.  For more information about the PAIR system, see http://pair-direct.uspto.gov. Should you have questions on access to the Private PAIR system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free).
/GREGORY A LANE/      Examiner, Art Unit 2438                                                                                                                                                                                                  


/TAGHI T ARANI/Supervisory Patent Examiner, Art Unit 2438