DETAILED ACTION
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .
The Amendment filed 01/26/2022 has been received and considered.
Claims 1, 3-6, 8-14 and 16-18 are pending.
This action is Final.
Response to Arguments
2.	Applicant's arguments filed 01/26/2022 have been fully considered but they are not persuasive. Applicant argues that regarding independent claims 1 and 14, Innes in view of Guarraci fails to teach “when prompted to provide the certificate to the application, the external server is configured to generate a second token that is signed with a second private key and to transmit the certificate in conjunction with the signed second token to the application”
	With respect to this argument, as disclosed below, Innes in paragraph [0163] discloses issuing a fresh SAML token and logon certificate from an identity provider (external server). In paragraph [0177], the token is received by the gateway server or application store and the digital signature it contains is verified. Paragraph [0179] discloses obtaining a time-limited (e.g., temporary) smart card class certificate for AD logon on a designated virtualization machine where negotiation of a new proof key is incorporated.
Applicant further argues that regarding independent claim 6, Innes in view of Guarraci fails to teach “receiving, in conjunction with the certificate, a second token that is generated by the second server and signed with a second private key.”
	With respect to this argument, as disclosed below, Innes in paragraph [0163] discloses issuing a fresh SAML token and logon certificate from an identity provider (external server). In paragraph [0177], the token is received by the gateway server or application store and the digital signature it contains is verified. In paragraph [0171], the identity provider, which comprises an external partner of the resource system, sends a confirmation token back to the client agent. Paragraph [0179] discloses obtaining a time-limited (e.g., temporary) smart card class certificate for AD logon on a designated virtualization machine where negotiation of a new proof key is incorporated. In paragraph [0182], authentication certificates are obtained with corresponding private keys. 
Therefore, Innes in view of Guarraci teaches the claimed limitations of amended claims 1, 6 and 14 and thereby the dependent claims. 
Applicant further argues that regarding claim 3, Innes in view of Guarraci fails to teach “each of the first private key and the second private key is never provided to the application.”
With respect to this argument, as disclosed below, Innes in paragraph [0128] discloses using hardware or software modules to protect the key as the provided certificate is bound to a derived credential and may be stored in a trusted environment at the client device.
Applicant further argues that regarding claims 8 and 9, Innes in view of Guarraci fails to teach “the signed second token.”
With respect to this argument, as disclosed below, Innes in paragraph [0266] discloses generating a signed claims statement, such as a SAML token which may be freshly generated. 
Therefore, Innes in view of Guarraci teaches the claimed limitations of dependent claims 3, 8 and 9.


Claim Rejections - 35 USC § 103
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.



3.	Claims 1, 3-6, 8-14 and 16-18 are rejected under 35 U.S.C. 103 as being unpatentable over US Pub No. US 2018/0007059 A1 to Innes, (hereinafter, “Innes”) in view of US Pub. No. US 2008/0256616 A1 to Guarraci, (hereinafter, “Guarraci”).
As per claims 1 and 14, Innes teaches a method and a computing apparatus, respectively, for facilitating a provision of a certificate that securely verifies an identification of an application, the computing apparatus comprising: 
a processor; a memory (Innes, para. [0040] “Each component 103, 105, 107, 109 may be any type of known computer, server, or data processing device. Data server 103, e.g., may include a processor 111 controlling overall operation of the data server 103. Data server 103 may further include random access memory (RAM) 113, read only memory (ROM) 115, network interface 117, input/output interfaces 119 (e.g., keyboard, mouse, display, printer, etc.), and memory 121.”); and a communication interface coupled to each of the processor and the memory, the method being implemented by at least one processor, the method comprising: 
receiving, from the application, a request for an identity of a target directory that relates to an external server, the request including a bootstrap identity that identifies the application at a time of invocation (Innes, para. [0167] “FIG. 12A depicts another illustrative system for federated logon…The system 1221 may initiate a setup phase. The application store 1225 may comprise a trusted device and be used to request, from a credential mapper 1229, domain (e.g., AD or directory service 1241) logon credentials for a user. The credentials may comprise a short-lived smart card class certificate (e.g., a virtual smart card certificate). The credential mapper 1229 may be trusted by certificate services 1231, such as a third party certificate service (e.g., MICROSOFT certificate services), to request short-lived smart card class certificates for AD users. The credential mapper 1229 may be used to create a virtual smart card for the user. The credential mapper 1229 may request the certificate from the certificate services 1231, and the certificate services 1231 may return, to the credential mapper 1229, a smart card class certificate for the user. The virtual smartcards may be stored (e.g., cached) at the credential mapper 1229.” And para. [0170] “The directory service 1241 may trust certificate services 1231 to issue smart card class certificates for user logon. This trust step may enable the virtual smartcard certificates to be used for, for example, Active Directory logon. A trust fabric may be in place to establish service-to-service identity and secure communications. Optionally, the credential mapper 1229 may cross-check SAML tokens issued by an identity provider (IdP) 1213.”); 
validating the bootstrap identity (Innes, para. [0170] “The directory service 1241 may trust certificate services 1231 to issue smart card class certificates for user logon. This trust step may enable the virtual smartcard certificates to be used for, for example, Active Directory logon. A trust fabric may be in place to establish service-to-service identity and secure communications. Optionally, the credential mapper 1229 may cross-check SAML tokens issued by an identity provider (IdP) 1213.” And para. [0171] “The system may initiate a runtime phase. Webview 1203 in the client agent 1201 may be used to handle IdP logon. The client agent 1201 may send credentials to the IdP 1213 for logon. Webview 1203 may also support standard security assertion markup language (SAML) protocol for SAML logon to the gateway server 1223 or application stores 1225. The gateway server 1223 may be a server or other resource that provides access to enterprise resources and/or cloud resources. During the logon process, the IdP 1213 may send an identity confirmation token (e.g., a SAML token) back to the client agent 1201. The SAML token may be used by the client agent 1201 as proof that it has authenticated with the identity system 1211, which may comprise an external partner of the resource system 1221.”); 
generating a first token that is signed with a first private key and transmitting the signed first token to the application (Innes, para. [0180] “A logon ticket may be issued and go in a remote display protocol (e.g., client agent) file. With the logon ticket approach, the logon ticket sent to the client agent 1201 may also be used to first encrypt the virtual smart card private key held by the credential mapping service 1229…The logon ticket may additionally or alternatively be used to encrypt a secure reference to the virtual smart card provided by the credential mapper 1229. In this example, the virtual smart card might only be recovered by the virtualization agent 1237 that is authorized by the delivery controller 1235 to use the virtual smart card. The encrypted virtual smart card reference may be sent from the application store 1225 to the delivery controller 1235 and then to the virtualization agent 1237, while the logon ticket is sent to the client agent 1201.”);
wherein when prompted to provide the certificate to the application, the external server is configured to generate a second token that is signed with a second private key and to transmit the certificate in conjunction with the signed second token to the application (Innes, [0163] “After the authentication with the IdP, the IdP may issue a confirmation token (e.g., a SAML token) to a named Relying Party (RP) or Service Provider, which may be used to process a service access request from the user. The RP may use a fresh SAML token from the IdP in order to be satisfied of the requesting user's identity, without needing to know all the authentication details or interact with the credentials directly. Instead of a SAML token, other token formats or identity confirmation mechanisms may be used, as long as the credential mapping service (discussed below) may be assured that the IdP has confirmed the user's identity. A virtual smart card credential (also referred to as a short duration logon certificate), may be issued based on the acceptance of the external authentication event (e.g., authentication by the IdP).” And para. [0171] “During the logon process, the IdP 1213 may send an identity confirmation token (e.g., a SAML token) back to the client agent 1201. The SAML token may be used by the client agent 1201 as proof that it has authenticated with the identity system 1211, which may comprise an external partner of the resource system 1221.” And para. [0177] “The client agent 1201 may send the SAML token to the gateway server 1223 and/or the application store 1225 when a full domain logon is to be requested. The gateway server 1223 and/or application store 1225 may communicate with the IdP 1213, such as by sending the SAML token (e.g., via a back channel), to verify that the client 1201 is authenticated with the identity system 1211. If the SAML token includes a time, such as a time period of validity, the IdP 1213 may verify that the current time is within the time period of validity. Additionally or alternatively, relying parties (components) may locally validate the SAML token by checking the digital signature it contains using a locally stored (e.g., trusted) copy of the IdP's signing certificate.” And para. [0179] “Once it is verified that the client 1201 is authenticated, the gateway 1223, application store 1225, and/or delivery controller 1235 (e.g., a Desktop Delivery Controller) may authorize the credential mapper 1229 to obtain a time-limited (e.g., temporary) smart card class certificate for AD logon on a designated virtualization machine. In other words, a temporary certificate may be created to emulate a smart card (e.g., one or more certificates in a smart card). Time-limited certificates may be valid for minutes, hours, days, or even shorter or longer. To support the authorization step, the store 1225/controller 1235 may present the original SAML token from the IdP 1213, for its validity to be verified again by the credential mapping service 1229. For example, the credential mapper 1229 may communicate with the IdP 1213 to verify the SAML token. This step can also facilitate transfer of proof key binding from the SAML token to the virtual smart card, or negotiation of a new proof key.”).
Innes teaches all the limitations of claims 1 and 14 above, however fails to explicitly teach, but Guarraci teaches:
receiving, from the external server after the signed first token has been received by the external server from the application, a request for a public key to be used for verifying the first private key (Guarraci, para. [0026] “the application server configuration can physically protect a certificate having a private key that can be used to identify the application server. In this regard, application server configurations can sign requests using the private key and the platform component 106 can have a corresponding public key to validate the request.” and para. [0037] “The application server component 302 can sign the request with a private encryption key to prove its identity to the platform component 106 on subsequent request. To facilitate this end, the application server component 302 can have registered with the platform component 106 at an earlier time providing it with a public key to decrypt its envelope. Because this configuration can be more trusted than the thick-client configuration, for example, the platform component 106 can accept the public key upon registration with little risk, for example. Using this public key, the platform component 106 (or the unified session authentication component 108, for example) can decrypt the envelope using the key; if the decryption is successful, session establishment can continue. If decryption fails, the request can be dropped and/or an error reported, etc.”); and 
transmitting, to the external server, the requested public key in order to prompt the external server to provide the certificate to the application (Guarraci, para. [0061] “the session token can be received and placed into an envelope, such as for submission to a platform, for example. The session token can comprise information relevant to the platform for use in authenticating/authorizing an application server and/or requesting entity in subsequent requests. Part of the information can be, for example, the MAC algorithm or shared secret provided in the request for the credential token, for example. In this regard, the platform need not keep information regarding application server(s) to verify communication; rather, the session token can be passed in subsequent requests to provide information regarding ensuring the integrity of data sent in the requests. For example, the MAC algorithm and/or shared secret can be extracted from the session token by the platform upon a request for data and applied to the request to compare with a MAC sent with the message to ensure the data was not tampered with en-route. At 708, the envelope can be signed and sent as a request to establish a session. This can be performed with respect to a platform or other service that exposes one or more methods (e.g. to access data), such as a web method, for example. The platform can decrypt the envelope; this can be done in a number of ways, for example extracting the token to determine an application identifier and matching such with a public decryption key. The platform can determine a result for the session establishment request and such can be received by the accessing entity or application server at 710.”)
Therefore, it would have been obvious to one of the ordinary skill in the art before the effective filing date of the claimed invention to combine the teachings of Guarraci’s authentication for web platforms into Innes’s dynamic access control to network resources, with a motivation for additional security and trust with application server configurations (Guarraci, para. [0006]). 
As per claims 3, 10 and 16, the combination of Innes and Guarraci teach the method of claim 1, the method of claim 8 and the computing apparatus of claim 14, respectively, wherein each of the first private key and the second private key is never provided to the application (Innes, para. [0128] “the certificate may be bound to a derived credential (e.g., a virtual smart card), which may use hardware and/or software modules to protect the key. The certificates in the derived credential may be stored at the client device 801 and may be accessed similar to the certificates on a physical smart card 817. The certificates from the derived credential may be stored in a trusted environment at the client device 801.”).
As per claims 4, 11 and 17,  the combination of Innes and Guarraci teach the method of claim 1, the method of claim 8 and the computing apparatus of claim 14, respectively, wherein at least one from among the signed first token and the signed second token uses a JavaScript Object Notation (JSON) Web Token (JWT) format (Innes, para. [0253] “With SSL/TLS, the labels (and/or an additional set of arbitrary attributes) may be expressed as properties in the client certificate itself, for example, as custom certificate issuance policy statements signed by the issuing certificate authority. With Web SSO/identity provider mediation, the labels may be learned by the identity provider using, for example, Kerberos or SSL/TLS authentication and then reflected as claims in the web SSO token, which may be based on SAML, JavaScript Object Notation ( JSON) Web Token ( JWT), or a similar format. In each case, the labels and/or attributes may be determined by an entry point component, such as a gateway server, an application store, an identity provider, and/or an attestation service that may be involved in user and/or device authentication, inspection, or status attestation.”).

As per claims 5, 12 and 18,  the combination of Innes and Guarraci teach the method of claim 1, the method of claim 8 and the computing apparatus of claim 14, respectively, wherein the external server is an Active Directory Federation Services (ADFS) server (Innes, para. [0055] “Server 206 may be configured as any type of server, as needed, e.g., a file server, an application server, a web server, a proxy server, an appliance, a network appliance, a gateway, an application gateway, a gateway server, a virtualization server, a deployment server, a Secure Sockets Layer (SSL) VPN server, a firewall, a web server, an application server or as a master application server, a server executing an active directory” and para. [0173] “The directory 1217 may comprise an identity store or account database or other directory that supports the IdP 1215. For example, the directory 1217 may be an instance of Active Directory in another company's network, or use another vendor's LDAP directory product.” And para. [0283] In step 1805, the federated authentication service credential provider 1824 may interact with the federated authentication service server (not shown) to obtain the user certificate and then pass it to the Kerberos authentication system 1826, along with other information that enables the Kerberos system 1826 to indirectly interact with the federated authentication service server to use the certificate as part of an active directory logon protocol.”).
As per claim 6, Innes teaches a method for obtaining a certificate that securely verifies an identification of an application, the method being implemented by at least one processor configured to execute the application, the method comprising: 
transmitting, by the at least one processor to a first server, a request for an identity of a target directory that relates to an second server configured to generate the certificate, the request including a bootstrap identity that identifies the application at a time of invocation (Innes, para. [0167] “FIG. 12A depicts another illustrative system for federated logon…The system 1221 may initiate a setup phase. The application store 1225 may comprise a trusted device and be used to request, from a credential mapper 1229, domain (e.g., AD or directory service 1241) logon credentials for a user. The credentials may comprise a short-lived smart card class certificate (e.g., a virtual smart card certificate). The credential mapper 1229 may be trusted by certificate services 1231, such as a third party certificate service (e.g., MICROSOFT certificate services), to request short-lived smart card class certificates for AD users. The credential mapper 1229 may be used to create a virtual smart card for the user. The credential mapper 1229 may request the certificate from the certificate services 1231, and the certificate services 1231 may return, to the credential mapper 1229, a smart card class certificate for the user. The virtual smartcards may be stored (e.g., cached) at the credential mapper 1229.” And para. [0170] “The directory service 1241 may trust certificate services 1231 to issue smart card class certificates for user logon. This trust step may enable the virtual smartcard certificates to be used for, for example, Active Directory logon. A trust fabric may be in place to establish service-to-service identity and secure communications. Optionally, the credential mapper 1229 may cross-check SAML tokens issued by an identity provider (IdP) 1213.”);
receiving, by the at least one processor from the first server, a first token that is signed with a first private key; transmitting, by the at least one processor to the second server, the signed first token (Innes, para. [0180] “A logon ticket may be issued and go in a remote display protocol (e.g., client agent) file. With the logon ticket approach, the logon ticket sent to the client agent 1201 may also be used to first encrypt the virtual smart card private key held by the credential mapping service 1229…The logon ticket may additionally or alternatively be used to encrypt a secure reference to the virtual smart card provided by the credential mapper 1229. In this example, the virtual smart card might only be recovered by the virtualization agent 1237 that is authorized by the delivery controller 1235 to use the virtual smart card. The encrypted virtual smart card reference may be sent from the application store 1225 to the delivery controller 1235 and then to the virtualization agent 1237, while the logon ticket is sent to the client agent 1201.”); and
receiving of the certificate includes receiving, in conjunction with the certificate, a second token that is generated by the second server and signed with a second private key (Innes, para. [0171] “During the logon process, the IdP 1213 may send an identity confirmation token (e.g., a SAML token) back to the client agent 1201. The SAML token may be used by the client agent 1201 as proof that it has authenticated with the identity system 1211, which may comprise an external partner of the resource system 1221.” And para. [0182] The credential mapper 1229 may interact with the certificate service 1231, which may comprise a certificate authority such as WINDOWS certificate services, to obtain smart card class user authentication certificates with corresponding private keys. That is, the credential mapper 1229 may be used as a registration authority (e.g., MICROSOFT Enrollment Agent) for users. The credential mapper 1229 may have a registration authority certificate to use as an authentication credential when sending requests to certificate services 1231. There may be a bootstrap process to obtain the credential the first time, after which renewal may happen automatically as needed to minimize manual steps.”).
Innes teaches all the limitations of claim 6 above, however fails to explicitly teach, but Guarraci teaches:
receiving the certificate from the second server after the second server has obtained a public key from the first server and used the public key to verify the signed first token (Guarraci, para. [0037] “The application server component 302 can sign the request with a private encryption key to prove its identity to the platform component 106 on subsequent request. To facilitate this end, the application server component 302 can have registered with the platform component 106 at an earlier time providing it with a public key to decrypt its envelope. Because this configuration can be more trusted than the thick-client configuration, for example, the platform component 106 can accept the public key upon registration with little risk, for example. Using this public key, the platform component 106 (or the unified session authentication component 108, for example) can decrypt the envelope using the key; if the decryption is successful, session establishment can continue. If decryption fails, the request can be dropped and/or an error reported, etc.” and para. [0061] “the session token can be received and placed into an envelope, such as for submission to a platform, for example. The session token can comprise information relevant to the platform for use in authenticating/authorizing an application server and/or requesting entity in subsequent requests. The platform can determine a result for the session establishment request and such can be received by the accessing entity or application server at 710.”).
Therefore, it would have been obvious to one of the ordinary skill in the art before the effective filing date of the claimed invention to combine the teachings of Guarraci’s authentication for web platforms into Innes’s dynamic access control to network resources, with a motivation for additional security and trust with application server configurations (Guarraci, para. [0006]). 
As per claim 8, the combination of Innes and Guarraci teach the method of claim 6, further comprising: transmitting, by the at least one processor to a third server configured to control access to a resource, a request that relates to the resource, the request including the certificate and the signed second token; and receiving a response to the request from the third server (Innes, para. [0266] “the determination and/or assertion of the user identity and labels may be made by the identity provider 1626 and/or the gateway server 1630. This may happen indirectly, e.g., by the identity provider 1626 and/or the gateway server 1630 generating a signed claims statement, such as a SAML token, that is conveyed to the federated authentication service 1634. The signed claims statement may be the SAML token provided in step 1602, which is conveyed to the application stores 1632 by the gateway server 1630 as evidence associated with the logon event. The signed claims statement may be conveyed by the application stores 1632 to the federated authentication service 1634 in step 1604. The signed claims statement may alternatively be freshly generated by the identity provider 1626 and/or the gateway service 1630 and conveyed by some other interaction, e.g., a federated logon interaction such as SAML or OpenID Connect, involving the client device 1622.”).
As per claim 9, the combination of Innes and Guarraci teach the method of claim 8, wherein the receiving of the response to the request occurs after the third server has obtained the public key from the second server and used the public key to verify the signed second token (Guarraci, para. [0037] “The application server component 302 can sign the request with a private encryption key to prove its identity to the platform component 106 on subsequent request. To facilitate this end, the application server component 302 can have registered with the platform component 106 at an earlier time providing it with a public key to decrypt its envelope. Because this configuration can be more trusted than the thick-client configuration, for example, the platform component 106 can accept the public key upon registration with little risk, for example. Using this public key, the platform component 106 (or the unified session authentication component 108, for example) can decrypt the envelope using the key; if the decryption is successful, session establishment can continue. If decryption fails, the request can be dropped and/or an error reported, etc.” and para. [0061] “the session token can be received and placed into an envelope, such as for submission to a platform, for example. The session token can comprise information relevant to the platform for use in authenticating/authorizing an application server and/or requesting entity in subsequent requests. The platform can determine a result for the session establishment request and such can be received by the accessing entity or application server at 710.”).
Therefore, it would have been obvious to one of the ordinary skill in the art before the effective filing date of the claimed invention to combine the teachings of Guarraci’s authentication for web platforms into Innes’s dynamic access control to network resources, with a motivation for additional security and trust with application server configurations (Guarraci, para. [0006]). 
As per claim 13, the combination of Innes and Guarraci teach the method of claim 8, wherein the third server includes a web application programming interface (API) (Innes, para. [0070] “Management server 410 may be configured to provide user interfaces through which cloud operators and cloud customers may interact with the cloud system. For example, the management server 410 may provide a set of application programming interfaces (APIs) and/or one or more cloud operator console applications (e.g., web-based on standalone applications) with user interfaces to allow cloud operators to manage the cloud resources, configure the virtualization layer, manage customer accounts, and perform other cloud administration tasks. The management server 410 also may include a set of APIs and/or one or more customer console applications with user interfaces configured to receive cloud computing requests from end users via client computers 411-414, for example, requests to create, modify, or destroy virtual machines within the cloud.” And para. [0115] “managed applications 610 may be allowed to access a certificate and private key via an API (example OpenSSL). Trusted managed applications 610 of an enterprise may be allowed to perform specific Public Key operations with an application's client certificate and private key.”).

Conclusion
4.	The prior art made of record and not relied upon is considered pertinent to applicant's disclosure. 
US 20190081798 A1 – Distributing attestation key and certificate.
US 20180091497 A1 – Digital certificate for verifying application purpose of data usage.
 THIS ACTION IS MADE FINAL.  Applicant is reminded of the extension of time policy as set forth in 37 CFR 1.136(a).  
A shortened statutory period for reply to this final action is set to expire THREE MONTHS from the mailing date of this action.  In the event a first reply is filed within TWO MONTHS of the mailing date of this final action and the advisory action is not mailed until after the end of the THREE-MONTH shortened statutory period, then the shortened statutory period will expire on the date the advisory action is mailed, and any extension fee pursuant to 37 CFR 1.136(a) will be calculated from the mailing date of the advisory action.  In no event, however, will the statutory period for reply expire later than SIX MONTHS from the mailing date of this final action. 
Any inquiry concerning this communication or earlier communications from the examiner should be directed to ZOHA P TAFAGHODI whose telephone number is (571)272-5199.  The examiner can normally be reached on 9AM-5PM EST M-F.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s acting supervisor, Kristine Kincaid can be reached on (571) 272-4063. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system.  Status information for published applications may be obtained from either Private PAIR or Public PAIR.  Status information for unpublished applications is available through Private PAIR only.  For more information about the PAIR system, see http://pair-direct.uspto.gov. Should you have questions on access to the Private PAIR system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative or access to the automated information system, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.
/ZOHA PIYADEHGHIBI TAFAGHODI/Examiner, Art Unit 2437                                                                                                                                                                                                        
/KRISTINE L KINCAID/Supervisory Patent Examiner, Art Unit 2437