DETAILED ACTION
Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .
This communication is in response to the application filed on 06/25/2020. Claims 1-20 are currently pending.)
Suggestions on how to overcome any objection(s) and rejection(s) raised in this office action are found at the end of such sections. 
Information Disclosure Statement
The information disclosure statement (IDS) submitted on 06/25/2020 and 07/29/2021 was filed before the mailing date of the office correspondence on 05/03/2022.  The submission is in compliance with the provisions of 37 CFR 1.97.  Accordingly, the information disclosure statement is being considered by the examiner.
Claim Rejections - 35 USC § 102
The following is a quotation of the appropriate paragraphs of 35 U.S.C. 102 that form the basis for the rejections under this section made in this Office action:
A person shall be entitled to a patent unless –
(a)(1) the claimed invention was patented, described in a printed publication, or in public use, on sale, or otherwise available to the public before the effective filing date of the claimed invention.
(a)(2) the claimed invention was described in a patent issued under section 151, or in an application for patent published or deemed published under section 122(b), in which the patent or application, as the case may be, names another inventor and was effectively filed before the effective filing date of the claimed invention.


Claim(s) 1, 3-7, and 16 are rejected under 35 U.S.C. 102(a)(1) as being anticipated by U.S. PGPub No. 20140189346 to CURETON; Kevin (hereinafter CURETON).
Regarding claim 1, CURETON discloses a method comprising: providing, by a first service (license request, ¶0026) executing on at least one first computing device, (225, Fig. 2) authentication information (235, ¶0026) that is associated with the first service to an authentication provider service (authorization provision, ¶0026) executing on at least one authentication provider computing device (205, ¶0026); 
receiving, by the first service, access information (240, ¶0026) from the authentication provider service in response to providing the authentication information (¶0026); 
utilizing, by the first service, a secure shell (SSH) client (as a result of SSH tunnel 245, ¶0032) executing on the at least one first computing device (¶0032) to provide the access information to an SSH server (SSH application running on server 210, ¶0032, Fig. 2) executing on at least one second computing device (210, Fig. 2);
 and utilizing, by the first service, the SSH client to send information to or receive information from a second service (authorization service, ¶0033) executing on the at least one second computing device (¶0033-34) via a service-to-service SSH session (¶0033, in view of SSH tunnel 250) established between the SSH client and the SSH server in response to at least the providing of the access information to the SSH server (¶0033). 
 Regarding claim 3, CURETON discloses the method of claim 1, wherein the authentication information comprises an identifier and a secret; (set of credentials 235, ¶0026 wherein the username is the identifier and the password is the secret)
 and wherein the access information comprises an access token (set of temporary credentials, 240, ¶0030).
Regarding claim 4, CURETON discloses the method of claim 1, wherein the authentication provider service comprises an OAuth endpoint (HTTPS, ¶0016. NB, using a set temporary credentials (tokens) over HTTPS is a version of Oauth)  

Regarding claim 5, CURETON discloses the method of claim 1, further comprising: 408328-US-NP- 38 - configuring the at least one second computing device to authenticate the first service based on the access information; (¶0026 wherein the license management server 205 uses a set of credentials 235 provided with the request to determine whether the user 225 is authorized to use the license).
verifying, by the at least one second computing device, the access information provided by the first service; (¶0026 wherein the license management server 205 may check a license management data store 265 to determine whether the set of credentials 235 provided by the user 225 matches with the set of credentials stored at the license management data store 265-verification of access information). 
and establishing the service-to-service SSH session based, at least in part, on the verification of the access information (¶0028 wherein the user 225 sets up a secure communication tunnel 245 that can be used to access a license server based on verification of the access information).  
Regarding claim 6, CURETON discloses the method of claim 5, wherein at least one operating system of the at least one second computing device (¶0028 computing device of license  management server) is configured with a username associated with the first service (¶0028 username associated with a user account) and a pluggable authentication module (PAM) (authentication module 305, Fig. 3) to log in the username associated with the first service for the service-to-service SSH session by verifying the access information (¶0058 wherein the secure communication tunnel establishing module 315 creates the secure communication tunnel between the client device and the license server after verification of access information of the user)
Regarding claim 7, CURETON discloses the method of claim 1, wherein the at least one first computing device comprises at least one computing device in a private network (PN) operated by a client ((¶0019 Fig. 1 network 120 of the client which may be of various types, including a LAN, WAN, and internet) and wherein the at least one second computing device comprises at least one cloud computing server providing a cloud computing service (205, Fig. 2.  ¶0023 license management server that manages provision of licenses to users). 
Claims 17-20 are rejected under 35 U.S.C. 102(a)(2) as being anticipated by U.S. PGPub No. 20200320199 to Sheth et al. (hereinafter Sheth).
Regarding claim 17, Sheth discloses a method comprising: initiating a secure shell (SSH) session between an SSH client and an SSH server (Fig. 5A, ¶0091); based, at least in part, on providing, receiving or validating authentication information (¶0092-0094); 
and maintaining security during the SSH session (Fig 5A, ¶0090) based, at least in part, on providing, receiving or validating periodic reauthentication information (Fig 5A, ¶0098)  
Regarding claim 18, Sheth discloses the method of claim 17, further comprising: terminating the SSH session, at least if the reauthentication information is not periodically received or is not periodically validated (¶0098 wherein the session is terminated if the integrity data is not provided or untrusted)    

 Regarding claim 19, Sheth discloses the method of claim 17, wherein the SSH session is a service-to-service SSH session (Fig. 5A, ¶0092, SSH client 501 service and SSH server 502 service)   
Regarding claim 20, Sheth discloses the method of claim 17, further comprising: initiating the SSH session (Fig. 5A, ¶0091) based, at least in part, by providing, receiving or validating a token provided by an authorization provider service (¶0091 wherein the SSH client receives SSH server credentials e.g. pubkey or certificate which the examiner equates to token) and maintaining the security during the SSH session (¶0097 maintaining the encrypted network session) based, at least in part, on providing, receiving or validating (¶0097 authenticate) a token (¶0097 integrity data) periodically (¶0097 at any point of the process of establishing and maintaining the encrypted network session) provided by the authorization provider service (¶0097 SSH server 502). 
Claim 12 is rejected under 35 U.S.C. 102(a)(1) as being anticipated by EP 1746802 to Rossi et al. (hereinafter Rossi).
Regarding claim 12, Rossi discloses a method comprising: maintaining security during a secure shell (SSH) session by periodically: (Fig. 2A, ¶0037 wherein authentication is a form of security provision) determining, by an SSH server (security protocol server, ¶0080) executing on at least one second computing device, whether SSH session reauthorization information is received from an SSH client (user, ¶0080) executing on at least one first computing device within a periodic time interval (Fig. 6a steps 603, 605, and 606 ¶0080/0081 (Reauthentication will lead to reauthorization information being provided));  
408328-US-NP-40 –determining whether the SSH session reauthorization information received during the periodic time interval is verified or unverified (Fig. 6a steps 607-608 ¶0081);  
maintaining the SSH session if the session reauthorization information is received within the periodic time interval and is verified (Fig. 6a step 604, ¶0081)  
and terminating the SSH session if the session reauthorization information is not provided within the periodic time interval or is not verified (Fig. 6a step 609 ¶0081).   

Claim Rejections - 35 USC § 103
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.
The factual inquiries for establishing a background for determining obviousness under 35 U.S.C. 103 are summarized as follows:
1. Determining the scope and contents of the prior art.
2. Ascertaining the differences between the prior art and the claims at issue.
3. Resolving the level of ordinary skill in the pertinent art.
4. Considering objective evidence present in the application indicating obviousness or nonobviousness.
Claims 9-10 are rejected under 35 U.S.C. 103 as being unpatentable over U.S. PGPub No. 20140189346 to CURETON; Kevin (hereinafter CURETON) in view of U.S. PGPub No. 20200320199 to Sheth et al. (hereinafter Sheth).
Regarding claim 9 CURETON discloses the method of claim 1. However, CURETON fails to explicitly disclose the following limitation taught by Sheth: further comprising: maintaining security during the service-to-service SSH session by periodically: providing, by the first service, the authentication information to the authentication provider service; receiving periodic access information from the authentication provider in response to providing the authentication information; 408328-US-NP- 39 - providing the periodic access information over the service-to-service SSH session; determining whether the periodic access information is verified or unverified; and maintaining the service-to-service SSH session if the periodic access information is verified.  
Sheth discloses maintaining security during the service-to-service SSH session (FIG. 5A, ¶0090) 
by periodically (¶0098 “Some of the integrity-related data may be continuously provided by the SSH server 502 while a session is alive, either periodically or on demand (e.g., SSH client re-ask or SSH rekey interval”): providing, by the first service, (the SSH client 501, ¶0094) the authentication information (login credentials ¶0094) to the authentication provider service (¶0094 SSH server 502); 
receiving periodic access information from the authentication provider in response to providing the authentication information; (¶0093/0094, Fig.5 steps 520A, 520B, and 509-510) 408328-US-NP- 39 - 
providing the periodic access information over the service-to-service SSH session (¶0095, Fig. 5 step 513A);
determining whether the periodic access information is verified or unverified: (¶0100 408328-US-NP- 39 –“decides on whether the SSH client 501 is allowed to connect to the network”-wherein deciding whether to allow connection to the network is a form of verification) 
and maintaining the service-to-service SSH session if the periodic access information is verified 408328-US-NP- 39 -(¶0100 “the SSH server 502 can validate the integrity data of the SSH client 501 and decides on whether the SSH client 501 is allowed to connect to the network and proceed with authentication and/or continue to be connected to the network”).  
Thus, one of ordinary skill in the art would have been motivated before the effective filing date of the claimed invention to modify the method of claim 9 to include termination of the SSH session if the periodic access information is not provided or verified as disclosed by Sheth and be motivated in so because it provides a utilization for verification of integrity data on an SSH session- Sheth ¶0099.  
Regarding claim 10, CURETON in view of Sheth discloses the method of claim 9. 
Sheth further discloses the method of claim 9 comprising: terminating the service-to-service SSH session if the periodic access information is not provided within a periodic time interval or if the periodic access information is not verified. (¶0098 “the session can be terminated immediately if the SSH server 502 fails to provide integrity data or the integrity data provided does not indicate trustworthiness”)  
	Thus, one of ordinary skill in the art would have been motivated before the effective filing date of the claimed invention to modify the method of claim 9 to include termination of the SSH session if the periodic access information is not provided or verified as disclosed by Sheth and be motivated in so because it provides a utilization for verification of integrity data on an SSH session- Sheth ¶0099. 


Claims 2 is rejected under 35 U.S.C. 103 as being unpatentable over U.S. PGPub No. 20140189346 to CURETON; Kevin (hereinafter CURETON) in view of U.S. PGPub No. 2003005178 to Hemsath, David (hereinafter Hemsath).
Regarding claim 2, CURETON discloses the method of claim 1. However, CURETON does not explicitly disclose the following limitation taught by Hemsath: registering the first service with the authentication provider service; 
receiving the authentication information in response to the registration; 
and configuring the first service to provide the authentication information to the authentication provider service to initiate the service-to-service SSH session. 
Hemsath discloses registering (user registry 22, Fig. 1, ¶0033) the first service with the authentication provider service (user authentication service 12´ Fig. 3, ¶0033);
 receiving the authentication information in response to the registration (username, domain name, host name, etc. Fig. 3, ¶0033);
and configuring the first service to provide the authentication information to the authentication provider service to initiate the service-to-service SSH session (Fig. 3, ¶0033 “This mapped ID is submitted (G) to an Authentication Service (30”)  
Thus, one of ordinary skill in the art would have been motivated before the effective filing date of the claimed invention to modify the method CURETON to include registering the user/client with the authentication provider as disclosed by Hemsath and be motivated in so because it provides a utilization that allows the system administration to set permissions to access or use a particular secured system resources for each user-Hemsath abstract. 
Claim 8 is rejected under 35 U.S.C. 103 as being unpatentable over U.S. PGPub No. 20140189346 to CURETON; Kevin (hereinafter CURETON) in view of EP 1746802 to Rossi et al. (hereinafter Rossi).
Regarding claim 8, CURETON discloses the method of claim 7. 
However, CURETON does not explicitly disclose the following limitation taught by Rossi: further comprising: providing secure remote access to the PN for at least one remote user associated with the client from at least one computing device used by the at least one remote user through the at least one second computing device over the service-to- service SSH session to the at least one first computing device in the PN.  
 Rossi discloses providing secure remote access to the PN for at least one remote user associated with the client from at least one computing device used by the at least one remote user through the at least one second computing device over the service-to- service SSH session to the at least one first computing device in the PN (FIG. 5, steps 512-516, ¶0073). 
Thus, one of ordinary skill in the art would have been motivated before the effective filling date of the claimed invention to modify CURETON method and incorporate the provision of remote access to users as disclosed by Rossi and be motivated in doing so because it provides a utilization that initiates authentication procedure of the security protocol with the remote node vial a data packet -connection Rossi abstract.
Claim 16 is rejected under 35 U.S.C. 103 as being unpatentable over EP 1746802 to Rossi et al. (hereinafter Rossi) in view of U.S. PGPub No. 20140189346 to CURETON; Kevin (hereinafter CURETON) 
Regarding claim 16, ROSSI discloses the method of claim 12. However, ROSSI does not explicitly disclose the following limitation taught by CURETON: further comprising: receiving, by the SSH server, the session reauthorization information over an SSH command channel.  CURETON discloses further comprising: receiving, by the SSH server (license management server 205) the session reauthorization information (¶0031 temporary username and temporary public key) over an SSH command channel (250, Fig. 2 ¶0031). Checking whether the public key and username included in the connection request matches with the temporary public key and temporary username stored at the license management data store 265 for the user 225 is form of reauthorization.
Thus, one of ordinary skill in the art would have been motivated before the effective filing date of the claimed invention to modify the method of Rossi to include receiving the session reauthorization information over an SSH command channel as disclosed by CURETON because it provides a utilization that enable the client to obtains license from the license server (CURETON abstract). 


Claims 13 is rejected under 35 U.S.C. 103 as being unpatentable over EP 1746802 to Rossi et al. (hereinafter Rossi) in view of U.S. PGPub No. 20200320199 to Sheth et al. (hereinafter Sheth).
 Regarding claim 13, Rossi discloses the method of claim 12.
However, Rossi does not explicitly disclose the following limitation taught by Sheth: wherein the SSH session is a service-to-service SSH session.  
Sheth discloses SSH a service-to-service SSH session (Fig. 5A, ¶0092, SSH client 501 service and SSH server 502 service).   
Thus, one of ordinary skill in the art would have been motivated before the effective filing date of the claimed invention to modify the method of claim 12 to include service-to-service SSH session as disclosed by Sheth and be motivated in so because it provides a utilization for verification of integrity data on an SSH session- Sheth ¶0099. 
Claims 14-15 are rejected under 35 U.S.C. 103 as being unpatentable over EP 17446802 to Rossi et al. (hereinafter Rossi) in view of U.S. PGPub No 20200320199 to Sheth et al. (hereinafter Sheth) and further in view of U.S PGPub No. 20140189346 to CURETON; Kevin (hereinafter CURETON).
Regarding claim 14, Rossi in view of Sheth discloses the method of claim 13. However, Rossi in view of Sheth does not explicitly disclose the following limitation taught by CURETON: establishing the service-to-service SSH session by: providing, by a first service executing on the at least one first computing device, authentication information that is associated with the first service to an authentication provider service executing on at least one authentication provider computing device; receiving, by the first service, access information from the authentication provider service in response to providing the authentication information; providing the access information by the SSH client to the SSH server; and verifying, by the at least one second computing device, the access information; and establishing, by the SSH server, the service-to-service SSH session based on the verification. 
CURETON discloses further comprising: establishing the service-to-service SSH session (¶0015) by: providing, by a first service (license request, ¶0026) executing on the at least one first computing device, (225, Fig. 2) authentication information (235, ¶0026) that is associated with the first service to an authentication provider service (authorization provision, ¶0026) executing on at least one authentication provider computing device (205, ¶0026); receiving, by the first service, access information (240, ¶0026)  from the authentication provider service in response to providing the authentication information (¶0026);  providing the access information by the SSH client to the SSH server; (as a result of SSH tunnel 245, ¶0032)  and verifying, by the at least one second computing device (210, Fig. 2); the access information (240, ¶0026);
 and establishing, by the SSH server, the service-to-service SSH session based on the verification (¶0032 “If the license management server 205 identifies the set of temporary credentials 240, the license management server 205 creates a secure communication tunnel 245 on a pre-determined port of the client device 225”). 
	Thus, one of ordinary skill in the art would have been motivated before the effective filing date of the claimed invention to modify the method of Rossi and Sheth to include provision of authentication information to the authentication provider service by the first service in order to have access information to establish an SSH session as disclosed by CURETON because it provides a utilization that enable the client to obtains license from the license server (CURETON abstract). 
Regarding claim 15, Rossi in view of Sheth and further in view of CURETON discloses the method of claim 14. CURETON further discloses wherein the authentication provider comprises an OAuth endpoint; (¶0031 “wherein the license management server 205 can use various authentication techniques to determine whether the user is authorized to use the license”. (OAUTH is one of the authentication techniques)   
 wherein the access information comprises an access token (set of temporary credentials, 240, ¶0030) issued by the OAuth endpoint;
and wherein each periodic session reauthorization information comprises an access token issued by the OAuth endpoint (¶0031 wherein determining whether a public key and a username included in the connection request matches with the temporary public key and the temporary username associated with the user 225 is a form of reauthorization and the token is the temporary username or temporary public key);  
Thus, one of ordinary skill in the art would have been motivated before the effective filing date of the claimed invention to modify the method of Rossi and Sheth to include the teaching of OAUTH endpoint as disclosed by CURETON because it provides a utilization that enable the client/user to communicate securely with license management server when requesting for a license. (CURETON ¶0026). 


Claims 11 is rejected under 35 U.S.C. 103 as being unpatentable over U.S PGPub No. 20140189346 to CURETON; Kevin (hereinafter CURETON) in view of U.S. PGPub No 20200320199 to Sheth et al. (hereinafter Sheth) and further in view of EP 17446802 to Rossi et al. (hereinafter Rossi)  
 Regarding claim 11, CURETON in view of Sheth discloses the method of claim 10. wherein the determining whether the periodic access information is verified or unverified comprises: determines whether the periodic access information (integrity data ¶0093) is received within the periodic time interval (Fig. 5A, steps 520A and 520B ¶0093 wherein integrity data can be carried between two protocol parties at regular intervals); 
determines whether the periodic access information is verified or unverified (¶0098 wherein the SSH client 501 and /or SSH server 502 review the integrity data to decide whether to continue or reject SSH session establishment or not) -Review to continuing or rejecting SSH session is a verification process); 
terminates the service-to-service SSH session if the periodic access information is not provided within the periodic time interval or if the periodic access information is not verified (¶0098 “the session can be terminated immediately if the SSH server 502 fails to provide integrity data or the integrity data provided does not indicate trustworthiness”);  
 and maintains the service-to-service SSH session if the periodic access information is provided within the periodic time interval and the periodic access information is verified (¶0100 “the SSH server 502 can validate the integrity data of the SSH client 501 and decides on whether the SSH client 501 is allowed to connect to the network and proceed with authentication and/or continue to be connected to the network”).  
However, CURETON in view of Sheth does not explicitly discloses the following limitation taught by Rossi: running a force command.
Rossi discloses running a force command (Fig. 8, ¶0095-¶0097 wherein the client or the server can send a command to perform some actions either at the server or client sides).
	Thus, one of ordinary skill in the art would have been motivated before the effective filing date of the claimed invention to modify the method of CURETON and Sheth in claim 10 to include running a force command as disclosed by Rossi and be motivated in doing so because it provides a utilization that facilitates exchange of keys and secret between the client and the server. 

Conclusion
The prior art made of record and not relied upon is considered pertinent to applicant's disclosure U.S. 20090279703, U.S 20090300721, U.S. 20180270066, and U.S 10097523
Any inquiry concerning this communication or earlier communications from the examiner should be directed to MUDASIRU K OLAEGBE whose telephone number is (571)272-2082. The examiner can normally be reached MON-FRI. 7.30AM-5.30PM.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Farid Homayounmehr can be reached on 5712723739. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. Visit https://www.uspto.gov/patents/apply/patent-center for more information about Patent Center and https://www.uspto.gov/patents/docx for information about filing in DOCX format. For additional questions, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.





/MUDASIRU K OLAEGBE/Examiner, Art Unit 2495 

/FARID HOMAYOUNMEHR/Supervisory Patent Examiner, Art Unit 2495