DETAILED ACTION
This is a non-final Office action in response to communications received on 6/12/2020.  Claims 1-20 are pending.  A provisional restriction (see below) was made to prosecute claims 1-14.  Claims 1-14 are examined.  The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .

Election/Restrictions
Restriction to one of the following inventions is required under 35 U.S.C. 121:
I. Claims 1-14, drawn to a method and a device, classified in H04L 9/3213.
II. Claims 15-20, drawn to a method, classified in H04L 63/0815.
During a telephone conversation with on Yongmei Michelle Zhang a provisional election was made without traverse to prosecute the invention of Group 1, comprising claims 1-14.  Affirmation of this election must be made by applicant in replying to this Office action.  Claims 15-20 are withdrawn from further consideration by the examiner, 37 CFR 1.142(b), as being drawn to a non-elected invention.
The examiner has required restriction between product or apparatus claims and process claims. Where applicant elects claims directed to the product/apparatus, and all product/apparatus claims are subsequently found allowable, withdrawn process claims that include all the limitations of the allowable product/apparatus claims should be considered for rejoinder. All claims directed to a nonelected process invention must include all the limitations of an allowable product/apparatus claim for that process invention to be rejoined. 
In the event of rejoinder, the requirement for restriction between the product/apparatus claims and the rejoined process claims will be withdrawn, and the rejoined process claims will be fully examined for patentability in accordance with 37 CFR 1.104. Thus, to be allowable, the rejoined claims must meet all criteria for patentability including the requirements of 35 U.S.C. 101, 102, 103 and 112. Until all claims to the elected product/apparatus are found allowable, an otherwise proper restriction requirement between product/apparatus claims and process claims may be maintained. Withdrawn process claims that are not commensurate in scope with an allowable product/apparatus claim will not be rejoined. See MPEP § 821.04. Additionally, in order for rejoinder to occur, applicant is advised that the process claims should be amended during prosecution to require the limitations of the product/apparatus claims. Failure to do so may result in no rejoinder. Further, note that the prohibition against double patenting rejections of 35 U.S.C. 121 does not apply where the restriction requirement is withdrawn by the examiner before the patent issues. See MPEP § 804.01.

Drawings
The drawings filed 6/12/2020 are acknowledged.
Priority
Priority to 8/17/2017 is recognized.

Objections
Claims 1 and 8 are objected to because the claim language is unclear.  Specifically, the claim phrase “providing, by the computing device, the first authentication token to the enterprise server in response to receipt of the second authentication token” is unclear because there is no limitation disclosing “receiving the second authentication token”.  Also, the claim limitation appears to be performed “by the computing device”, but the second authentication token is only disclosed as being provided to the enterprise server rather than the computing device.  The claim limitation “provide, via the communication interface, the first authentication token to the enterprise server in response to receipt of the second authentication token” is objected to for similar reasons.  The Examiner suggests amending the second line of the claim to specify “providing, by the computing device, a second authentication token which is received [[by]] an enterprise server” or amending the third line of the claim to specify “in response to receipt by the enterprise server of the second authentication token”.  Appropriate clarification/correction is required.
Claim 5 discloses “the token store”, but a token store is only introduced in claim 3 and claim 5 is dependent on claims 1 and 4.  Did Applicant intend to make claim 5 dependent upon claim 3 instead?
Claim 12 discloses “the token store”, but a token store is only introduced in claim 10 and claim 12 is dependent on claims 8 and 11.  Did Applicant intend to make claim 12 dependent upon claim 10 instead?

Claim Rejections - 35 USC § 103
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102 of this title, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains.  Patentability shall not be negated by the manner in which the invention was made.


	The factual inquiries set forth in Graham v. John Deere Co., 383 U.S. 1, 148 USPQ 459 (1966), that are applied for establishing a background for determining obviousness under 35 U.S.C. 103 are summarized as follows:
1.	Determining the scope and contents of the prior art.
2.	Ascertaining the differences between the prior art and the claims at issue.
3.	Resolving the level of ordinary skill in the pertinent art.
4.	Considering objective evidence present in the application indicating obviousness or nonobviousness.


This application currently names joint inventors. In considering patentability of the claims the examiner presumes that the subject matter of the various claims was commonly owned as of the effective filing date of the claimed invention(s) absent any evidence to the contrary.  Applicant is advised of the obligation under 37 CFR 1.56 to point out the inventor and effective filing dates of each claim that was not commonly owned as of the effective filing date of the later invention in order for the examiner to consider the applicability of 35 U.S.C. 102(b)(2)(C) for any potential 35 U.S.C. 102(a)(2) prior art against the later invention.
In the event the determination of the status of the application as subject to AIA  35 U.S.C. 102 and 103 (or as subject to pre-AIA  35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status.   
Claims 1-2, and 8-9 are rejected under 35 U.S.C. 103 as being unpatentable over Hardt (US 2018/0316657) in view of Bodi (US 2013/0036455).  
   Regarding claim 1, Hardt discloses the limitations of claim 1 substantially as follows:
	A method comprising: 
	receiving, by a computing device, a first authentication token from an identity provider, the first authentication token configured to enable access to a set of resources of the identity provider (paras. [0016], [0020], [0029], [0033], [0041], [0047], [0068]: receive by a computer of a service provider an initial access token and nonce from an identity provider, wherein processing of the initial access token and nonce enables access to the identity provider’s tenant-specific information (i.e. set of resources of the identity provider));
	providing, by the computing device, a second authentication token to an enterprise server, the second authentication token configured to assert identities of users within an computing environment hosted by the enterprise server (paras. [0017], [0035], [0041]-[0042], [0053]: sending to computer of the service provider the refresh and access tokens to be used for identifying authorized users in future subsequent communications with the enterprise server and identity provider, and subsequently sending exchanging the nonce again with the identity provider); and
	providing, by the computing device, to the enterprise server in response to receipt of the second authentication token so that the enterprise server enables access to a third-party system using the set of resources (paras. [0029], [0033], [0035], [0066]: receiving by a computer of the enterprise system in response to receiving the fresh and access tokens (i.e. in response to receipt of the second authentication token) access to third-party services based on establishing a federated handshake between the enterprise server and the identity provider using the identity provider’s tenant-specific information (i.e. using the set of resources))
Hardt does not explicitly disclose the remaining limitations of claim 1 as follows:
	providing, by the computing device, the first authentication token to the enterprise server in response to receipt of the second authentication token
However, in the same field of endeavor, Bodi discloses the remaining limitations of claim 1 as follows:
	providing, by the computing device, the first authentication token to the enterprise server in response to receipt of the second authentication token (paras. [0080], [0083], [0088], [0091] Fig. 6: providing, by the requesting service on the user’s computer, based on having received the second access token T.sub.C, a third access request to the service provider, where the third access request received by the service provider comprises the first access token T.sub.U (i.e. first authentication token));
Bodi and Hardt are combinable because both are from the same field of endeavor of exchanging tokens using the OAuth protocol.  It would have been obvious to one of ordinary skill in the art at the time of the invention to integrate Bodi’s method of sending the first authentication token and second authentication token to the service provider after having received the second authentication token with the system of Hardt in order to strengthen the security of the system by enabling verification of both the first and second authentication tokens prior to granting access to the requested resources.

	Regarding claim 2, Hardt and Bodi disclose the limitations of claim 1.
Hardt discloses the limitations of claim 2 as follows:
	The method of claim 1, further comprising: 
	initiating a refresh of the first authentication token with a federated identity service provided by a federated identity provider server to obtain a refreshed authentication token (Hardt, paras. [0029], [0041], [0068]: identity provider converts/refreshes the nonce (i.e. first authentication token)) with the federated identity service provided communications with the OAuth token endpoint to obtain a refresh token and access token); and 
	sending, to the enterprise server, the refreshed authentication token, wherein sending the refreshed authentication token to the enterprise server enables user devices managed by the enterprise server to access the set of resources (Hardt, paras. [0017], [0041]-[0042], [0053]: sending, via the interface, to the service provider the refresh and access tokens for future subsequent communications, wherein sending the refresh and access tokens enables the tenants/end users managed by the service provider to access using single-sign on resources designated for use by the entity/third party using the federation relationship).

	Regarding claim 8, Hardt discloses the limitations substantially as follows:
An enterprise identity provider server device, comprising: 
	at least one processor; 
	a communication interface; 
	memory storing instructions that, when executed by the at least one processor, cause the server device to: 
	receive, via the communication interface, a first authentication token from an identity provider, the first authentication token configured to enable access to a set of resources of the identity provider (paras. [0016], [0020], [0029], [0033], [0041], [0047], [0068]: receive by a computer of a service provider an initial access token and nonce from an identity provider, wherein processing of the initial access token and nonce enables access to the identity provider’s tenant-specific information (i.e. set of resources of the identity provider)); 
	provide, via the communication interface, a second authentication token to an enterprise server, the second authentication token configured to assert identities of users within an computing environment hosted by the enterprise server (paras. [0017], [0035], [0041]-[0042], [0053]: sending to computer of the service provider the refresh and access tokens to be used for identifying authorized users in future subsequent communications with the enterprise server and identity provider, and subsequently sending exchanging the nonce again with the identity provider); and 
	provide, via the communication interface, the first authentication token to the enterprise server in response to receipt of the second authentication token so that the enterprise server enables access to a third-party system using the set of resources (paras. [0029], [0033], [0035], [0066]: receiving by a computer of the enterprise system in response to receiving the fresh and access tokens (i.e. in response to receipt of the second authentication token) access to third-party services based on establishing a federated handshake between the enterprise server and the identity provider using the identity provider’s tenant-specific information (i.e. using the set of resources)).
Hardt does not explicitly disclose the remaining claim 8 limitations as follows:
	provide the first authentication token to the enterprise server in response to receipt of the second authentication token
However, in the same field of endeavor, Bodi discloses the remaining limitations of claim 8 as follows:
	provide the first authentication token to the enterprise server in response to receipt of the second authentication token (paras. [0080], [0083], [0088], [0091] Fig. 6: providing, by the requesting service on the user’s computer, based on having received the second access token T.sub.C, a third access request to the service provider, where the third access request received by the service provider comprises the first access token T.sub.U (i.e. first authentication token));
Bodi and Hardt are combinable because both are from the same field of endeavor of exchanging tokens using OAuth protocol.  It would have been obvious to one of ordinary skill in the art at the time of the invention to integrate Bodi’s method of sending the first authentication token and second authentication token to the service provider after having received the second authentication token with the system of Hardt in order to strengthen the security of the system by enabling verification of both the first and second authentication tokens prior to granting access to the requested resources.

	Regarding claim 9, Hardt and Bodi disclose the limitations of claim 8.
Hardt discloses the limitations of claim 9 as follows:
	The enterprise identity provider server device of claim 8, wherein the memory stores additional instructions that, when executed by the at least one processor, cause the server device to: 
	initiate a refresh of the first authentication token with a federated identity service provided by a federated identity provider server to obtain a refreshed authentication token (Hardt, paras. [0029], [0041], [0068]: identity provider converts/refreshes the nonce (i.e. first authentication token)) with the federated identity service provided communications with the OAuth token endpoint to obtain a refresh token and access token); and 
	send, to the enterprise server, the refreshed authentication token, wherein sending the refreshed authentication token to the enterprise server enables user devices managed by the enterprise server to access the set of resources (Hardt, paras. [0017], [0041]-[0042], [0053]: sending, via the interface, to the service provider the refresh and access tokens for future subsequent communications, wherein sending the refresh and access tokens enables the tenants/end users managed by the service provider to access using single-sign on resources designated for use by the entity/third party using the federation relationship).

Claims 3, 5, 7, 10, 12 & 14 are rejected under 35 U.S.C. 103 as being unpatentable over Hardt (US 2018/0316657) in view of Bodi (US 2013/0036455), as applied to claims 1 and 8, further in view of Matsugashita (US 2017/0171201).
	Regarding claim 3, Hardt and Bodi disclose the limitations of claim 1.
Neither Hardt or Bodi discloses the limitations of claim 3 as follows:
	The method of claim 1, further comprising: 
	storing, in a token store, the second authentication token and a reference associating the second authentication token with the first authentication token.
However, in the same field of endeavor, Matsugashita discloses the limitations of claim 3 as follows:
	The method of claim 1, further comprising: 
storing, in a token store, the second authentication token and a reference associating the second authentication token with the first authentication token (paras. [0090]-[0092], [0127], Fig. 6, Table 8, storing in the table of tokens (i.e. token store) the second authorization token and a user ID and client ID (i.e. reference) associating the first authorization token with the second authorization token).
Matsugashi is combinable with Hardt and Bodi because they are from the same field of endeavor of sending tokens to a client in order to enable the client to access resources stored remotely.  It would have been obvious to one of ordinary skill before the effective filing date of the claimed invention to integrate Matsugashita’s method of storing the second authorization token with the first authorization token in order to save time and resources by avoiding the necessity of having to look up information about each token separately by storing information about tokens together so that they can be accessed at the same time in one query.

	Regarding claim 5, Hardt and Bodi disclose the limitations of claim 1.
Neither Hardt or Bodi discloses the limitations of claim 5 as follows:
	The method of claim 4, further comprising: 
	updating a token store with the refreshed authentication token and a reference associating the refreshed authentication token with the second authentication token
However, in the same field of endeavor, Matsugashita discloses the limitations of claim 5 as follows:
	The method of claim 4, further comprising: 
updating a token store with the refreshed authentication token and a reference associating the refreshed authentication token with the second authentication token (paras. [0090]-[0092], [0127], Figs. 6, 9, Tables 5-6 & 8: update the table with the refresh token (i.e. refreshed authentication token) which is stored along with a user ID and client ID (i.e. reference) in common with /associating the refresh token with the first authorization token with the second authorization token).
Matsugashi is combinable with Hardt and Bodi because they are from the same field of endeavor of sending tokens to a client in order to enable the client to access resources stored remotely.  It would have been obvious to one of ordinary skill before the effective filing date of the claimed invention to integrate Matsugashita’s method of storing the second authorization token with the first authorization token in order to save time and resources by avoiding the necessity of having to look up information about each token separately by storing information about tokens together so that they can be accessed at the same time in one query.

	Regarding claim 7, Hardt and Bodi disclose the limitations of claim 1.
Neither Hardt or Bodi discloses the limitations of claim 7 as follows:
The method of claim 1, further comprising: 
	retrieving, from a token store, the first authentication token based on a reference associating the first authentication token with the second authentication token
However, in the same field of endeavor, Matsugashita discloses the limitations of claim 7 as follows:
	The method of claim 1, further comprising: 
	retrieving, from a token store, the first authentication token based on a reference associating the first authentication token with the second authentication token (paras. [0090]-[0092], [0127], Fig. 6, Table 8: retrieving from the table of tokens, the second authorization token/refresh token based on a client ID, secret ID that is in common with the first authorization token for verification).
Matsugashi is combinable with Hardt and Bodi because they are from the same field of endeavor of sending tokens to a client in order to enable the client to access resources stored remotely.  It would have been obvious to one of ordinary skill before the effective filing date of the claimed invention to integrate Matsugashita’s method of storing the second authorization token with the first authorization token in order to save time and resources by avoiding the necessity of having to look up information about each token separately by storing information about tokens together so that they can be accessed at the same time in one query.

	Regarding claim 10, Hardt and Bodi disclose the limitations of claim 8.
Neither Hardt or Bodi discloses the limitations of claim 10 as follows:
	The enterprise identity provider server device of claim 8, wherein the memory stores additional instructions that, when executed by the at least one processor, cause the server device to: 
	store, in a token store, the first authentication token and a reference associating the first authentication token with the second authentication token.
However, in the same field of endeavor, Matsugashita discloses the limitations of claim 10 as follows:
	The enterprise identity provider server device of claim 8, wherein the memory stores additional instructions that, when executed by the at least one processor, cause the server device to: 
	store, in a token store, the first authentication token and a reference associating the first authentication token with the second authentication token (paras. [0090]-[0092], [0127], Fig. 6, Table 8, storing in the table of tokens (i.e. token store) the second authorization token and a user ID and client ID (i.e. reference) associating the first authorization token with the second authorization token).
Matsugashi is combinable with Hardt and Bodi because they are from the same field of endeavor of sending tokens to a client in order to enable the client to access resources stored remotely.  It would have been obvious to one of ordinary skill before the effective filing date of the claimed invention to integrate Matsugashita’s method of storing the second authorization token with the first authorization token in order to save time and resources by avoiding the necessity of having to look up information about each token separately by storing information about tokens together so that they can be accessed at the same time in one query.

	Regarding claim 12, Hardt and Bodi disclose the limitations of claim 8.
Neither Hardt or Bodi discloses the limitations of claim 12 as follows:
	The enterprise identity provider server device of claim 11, wherein the memory stores additional instructions that, when executed by the at least one processor, cause the server device to: 
	update a token store with the refreshed authentication token and a reference associating the refreshed authentication token with the second authentication token.
However, in the same field of endeavor, Matsugashita discloses the limitations of claim 12 as follows:
	The enterprise identity provider server device of claim 11, wherein the memory stores additional instructions that, when executed by the at least one processor, cause the server device to: 
	update a token store with the refreshed authentication token and a reference associating the refreshed authentication token with the second authentication token (paras. [0090]-[0092], [0127], Figs. 6, 9, Tables 5-6 & 8: update the table with the refresh token (i.e. refreshed authentication token) which is stored along with a user ID and client ID (i.e. reference) in common with /associating the refresh token with the first authorization token with the second authorization token).
Matsugashi is combinable with Hardt and Bodi because they are from the same field of endeavor of sending tokens to a client in order to enable the client to access resources stored remotely.  It would have been obvious to one of ordinary skill before the effective filing date of the claimed invention to integrate Matsugashita’s method of storing the second authorization token with the first authorization token in order to save time and resources by avoiding the necessity of having to look up information about each token separately by storing information about tokens together so that they can be accessed at the same time in one query.

	Regarding claim 14, Hardt and Bodi disclose the limitations of claim 8.
Neither Hardt or Bodi discloses the limitations of claim 14 as follows:
	The enterprise identity provider server device of claim 8, wherein the memory stores additional instructions that, when executed by the at least one processor, cause the server device to: 
	retrieve, from a token store, the first authentication token based on a reference associating the first authentication token with the second authentication token.
However, in the same field of endeavor, Matsugashita discloses the limitations of claim 14 as follows:
	The enterprise identity provider server device of claim 8, wherein the memory stores additional instructions that, when executed by the at least one processor, cause the server device to: 
	retrieve, from a token store, the first authentication token based on a reference associating the first authentication token with the second authentication token (paras. [0090]-[0092], [0127], Fig. 6, Table 8: retrieving from the table of tokens, the second authorization token/refresh token based on a client ID, secret ID that is in common with the first authorization token for verification).
Matsugashi is combinable with Hardt and Bodi because they are from the same field of endeavor of sending tokens to a client in order to enable the client to access resources stored remotely.  It would have been obvious to one of ordinary skill before the effective filing date of the claimed invention to integrate Matsugashita’s method of storing the second authorization token with the first authorization token in order to save time and resources by avoiding the necessity of having to look up information about each token separately by storing information about tokens together so that they can be accessed at the same time in one query.

Claims 4 and 11 are rejected under 35 U.S.C. 103 as being unpatentable over Hardt (US 2018/0316657) in view of Bodi (US 2013/0036455), as applied to claims 1 and 8, further in view of Kariv (US 2011/0307947).
	Regarding claim 4, Hardt and Bodi disclose the limitations of claim 1.
Neither Hardt or Bodi discloses the limitations of claim 4 as follows:
	The method of claim 1, further comprising: 
	sending a request to a federated identity provider server to regenerate the first authentication token, wherein the federated identity provider server generates a refreshed authentication token; and 
	receiving the refreshed authentication token from the federated identity provider server.
However, in the same field of endeavor, Kariv discloses the limitations of claim 4 as follows:
	The method of claim 1, further comprising: 
sending a request to a federated identity provider server to regenerate the first authentication token, wherein the federated identity provider server generates a refreshed authentication token; and receiving the refreshed authentication token from the federated identity provider server (paras. [0022], [0031], [0033], [0041], Fig. 3: access gateway/enterprise STS sends a request to the “the entity that redirected the user” (cloud STS) (i.e. federated identity provider server) to obtain/regenerate the security token (i.e. the second authentication token), wherein the cloud STS generates a new security token (i.e. refreshed authentication token), which is sent back to the access gateway and enterprise STS).
Kariv is combinable with Hardt and Bodi because they are from the same field of endeavor of sending tokens to a client in order to enable the client to access resources stored remotely.  It would have been obvious to one of ordinary skill before the effective filing date of the claimed invention to integrate Kariv’s method of sending a request to and having the federated identity provider server regenerate the token with the system of Hardt and Bodi in order to “provide[] for controlling access to resources hosted in a cloud without duplicating an enterprise’s identity management and access policy infrastructure to the cloud (Kariv, para. [0021]).  

	Regarding claim 11, Hardt and Bodi disclose the limitations of claim 8.
Neither Hardt or Bodi discloses the limitations of claim 11 as follows:
	The enterprise identity provider server device of claim 8, wherein the memory stores additional instructions that, when executed by the at least one processor, cause the server device to: 
	send, via the communication interface, a request to a federated identity provider server to regenerate the first authentication token, wherein the federated identity provider server generates a refreshed authentication token; and 
	receive, via the communication interface, the refreshed authentication token from the federated identity provider server.
However, in the same field of endeavor, Kariv discloses the limitations of claim 11 as follows:
	The method of claim 1, further comprising: 
sending a request to a federated identity provider server to regenerate the first authentication token, wherein the federated identity provider server generates a refreshed authentication token; and receiving the refreshed authentication token from the federated identity provider server (paras. [0022], [0031], [0033], [0041], Fig. 3: access gateway/enterprise STS sends a request to the “the entity that redirected the user” (cloud STS) (i.e. federated identity provider server) to obtain/regenerate the security token (i.e. the second authentication token), wherein the cloud STS generates a new security token (i.e. refreshed authentication token), which is sent back to the access gateway and enterprise STS).
Kariv is combinable with Hardt and Bodi because they are from the same field of endeavor of sending tokens to a client in order to enable the client to access resources stored remotely.  It would have been obvious to one of ordinary skill before the effective filing date of the claimed invention to integrate Kariv’s method of sending a request to and having the federated identity provider server regenerate the token with the system of Hardt and Bodi in order to “provide[] for controlling access to resources hosted in a cloud without duplicating an enterprise’s identity management and access policy infrastructure to the cloud (Kariv, para. [0021]).  

Claims 6 and 13 are rejected under 35 U.S.C. 103 as being unpatentable over Hardt (US 2018/0316657) in view of Bodi (US 2013/0036455), as applied to claims 1 and 8, further in view of Sondhi (US 2017/0302655).
	Regarding claim 6, Hardt and Bodi disclose the limitations of claim 1.
Neither Hardt or Matsugashita discloses the limitations of claim 6 as follows:
The method of claim 1, further comprising: 
	redirecting a request from the enterprise server to a federated identity service provided by a federated identity provider server.
However, in the same field of endeavor, Sondhi discloses the limitations of claim 6 as follows:
	The method of claim 1, further comprising: 
	redirecting a request from the enterprise server to a federated identity service provided by a federated identity provider server (para. [0047]: redirect the request from the resource server to the authorization services provided by authorization server (i.e. federated identity provider server)).
Sondhi is combinable with Hardt and Bodi because they are from the same field of endeavor of sending tokens to a client in order to enable the client to access resources stored remotely.  It would have been obvious to one of ordinary skill before the effective filing date of the claimed invention to integrate Sondhi’s method of redirecting a request from an OAuth/enterprise server to a federated server with the system of Hardt and Bodi in order to delegate authentication and authorization analyses to the identity server and therein “free[] a resource server from the responsibilities of an OAuth authorization server.” (Sondhi, para. [0015]).  

	Regarding claim 13, Hardt and Bodi disclose the limitations of claim 8.
Neither Hardt or Bodi discloses the limitations of claim 13 as follows:
	The enterprise identity provider server device of claim 8, wherein the memory stores additional instructions that, when executed by the at least one processor, cause the server device to:
	 redirect, via the communication interface, a request from the enterprise server to a federated identity service provided by a federated identity provider server.
However, in the same field of endeavor, Sondhi discloses the limitations of claim 13 as follows:
	The enterprise identity provider server device of claim 8, wherein the memory stores additional instructions that, when executed by the at least one processor, cause the server device to:
	 redirect, via the communication interface, a request from the enterprise server to a federated identity service provided by a federated identity provider server (para. [0047]: redirect the request from the resource server to the authorization services provided by authorization server (i.e. federated identity provider server))..
Sondhi is combinable with Hardt and Bodi because they are from the same field of endeavor of sending tokens to a client in order to enable the client to access resources stored remotely.  It would have been obvious to one of ordinary skill before the effective filing date of the claimed invention to integrate Sondhi’s method of redirecting a request from an OAuth/enterprise server to a federated server with the system of Hardt and Bodi in order to delegate authentication and authorization analyses to the identity server and therein “free[] a resource server from the responsibilities of an OAuth authorization server.” (Sondhi, para. [0015]).  

Conclusion
For the above-stated reasons, claims 1-14 are rejected.
Prior art considered but not relied upon includes:
1) Burch (US 2017/0223009) discloses generating a late binding token in association with an OAuth token where the user identity is incorporated into the tokens and sending the tokens to enable an access to a requested resource.  
Any inquiry concerning this communication or earlier communications from the examiner should be directed to SHARON S LYNCH whose telephone number is (571)272-4583.  The examiner can normally be reached on 10AM-6PM.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Taghi T Arani can be reached on 571-272-3787.  The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system.  Status information for published applications may be obtained from either Private PAIR or Public PAIR.  Status information for unpublished applications is available through Private PAIR only.  For more information about the PAIR system, see http://pair-direct.uspto.gov. Should you have questions on access to the Private PAIR system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative or access to the automated information system, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.
/SHARON S LYNCH/Primary Examiner, Art Unit 2438