DETAILED ACTION
This Office Action is in response to the communication filed on 04/25/2022.
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .
As per instant Amendment, submitted on 04/25/2022, independent claims 1, 9, and 15 have been amended.
Claims 1-22 are pending; claims 1, 11, and 15 are independent claims.  
Continued Examination Under 37 CFR 1.114
A request for continued examination under 37 CFR 1.114, including the fee set forth in 37 CFR 1.17(e), was filed in this application after final rejection.  Since this application is eligible for continued examination under 37 CFR 1.114, and the fee set forth in 37 CFR 1.17(e) has been timely paid, the finality of the previous Office action has been withdrawn pursuant to 37 CFR 1.114.  Applicant’s submission filed on 04/25/2022 has been entered.
Response to Arguments
Applicant’s arguments with respect prior-art rejections to claims 1-22, filed on 04/25/2022, have been considered but are moot because the arguments do not apply to any of the references being used in the current rejection.
Applicants’ arguments in the instant Amendment, filed on 04/25/2022, with respect to the prior-art rejections to claims 1-22, and limitations listed below, have been fully considered but they are not persuasive.
Applicant’s arguments: As to independent claims 1, 9 and 15, the Applicant submits that  Rowe does not the limitation, “checking each access claim of the access token for invalidity; and if no invalid claims are found, accepting the authorization request,” that is addressed in the rejection (Applicant Arguments/Remarks, 04/25/2022, page 8)
The Examiner disagrees with the Applicants. The Examiner respectfully submits that Rowe reference teaches the addressed limitation. The claim limitation does not refine capturing any algorithm/process of validity checking, but a generic checking. As addressed in the rejection Rowe teaches of a process where teaches of token associated with the one or claims of the users. A record of the user claims and access/authentication information are managed associated with token, and the records are updated as needed [i.e. valid claims associated with valid tokens are permitted, implies that invalid claims are not permitted] (Rowe: pars 0076-0082). Therefore, broadly interpreted Rowe teaches the claim limitations.
Applicant’s arguments: Additionally, as to the dependent claims 2-8, 10-14, and 16-22, the Applicant argues that the claims are allowable at least based on their dependency from the allowable base claim (Applicant Arguments/Remarks, 04/25/2022, page 9).
The Examiner disagrees with the Applicants. The Examiner respectfully submits that the dependent claims 2-8, 10-14, and 16-22 are rejected at least based on the rationale and response presented to the argument for their respective base claims, and the reference applied to the claims 2-8, 10-14, and 16-22.
Claim Rejections - 35 USC § 103
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102 of this title, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains.  Patentability shall not be negated by the manner in which the invention was made.

This application currently names joint inventors. In considering patentability of the claims the examiner presumes that the subject matter of the various claims was commonly owned as of the effective filing date of the claimed invention(s) absent any evidence to the contrary.  Applicant is advised of the obligation under 37 CFR 1.56 to point out the inventor and effective filing dates of each claim that was not commonly owned as of the effective filing date of the later invention in order for the examiner to consider the applicability of 35 U.S.C. 102(b)(2)(C) for any potential 35 U.S.C. 102(a)(2) prior art against the later invention.
Claims 1-22 are rejected under 35 U.S.C. 103 as being unpatentable over Gupta et al (“Gupta,” US 2020/0136825, filed on 10/31/2018), in view of Maria et al (“Maria,” US 2019/0372962, fled on 10/18/2018), and further in view of Rowe et al (“Rowe,” US 2019/0097802, published on 03/28/2019).
As to claim 1, Gupta teaches a method of validating an authorization request (Gupta: pars 0014-0016, 0042, 0044-0045, a method of system for authentication by validation an identity token, permitting communication between a client device and another device and providing resource access) comprising:
receiving, from a user, an access token (Gupta: pars 0044-0045, an identity server receives a request to authenticate including an identity token from a client device), the access token being issued by an identity provider, and the user being associated with the identity provider (Gupta: pars 0044-0045, the client device previously received the token from and identity provider in response to sending credentials to the identity provider);
validating the access token using keys obtained from a JSON Web Token (JWT) key set of the identity provider (Gupta: pars 0044-0045, 0065, the identity token includes a JavaScript Object Notation ("JSON") web token ("JWT"). The identity server receives a private key from the client device or the identity provider, and validate the signature of the identity token using the private key and the algorithm); and
extracting an identity provider identifier from the access token, and further validating the access token by using the identity provider information in the access token as a key in a database to determine the identity provider is a known identity provider (Gupta: pars 0044-0046, 0065; Fig 2, the identity server receives a private key from the client device or the identity provider, and validate the signature of the identity token using the private key and the algorithm. Authenticate the client device for multiple services, wherein each of the multiple identity tokens is authenticated for a different service of the multiple services, based the access/identity information mapped to the data center).
Gupta does not explicitly teach checking each access claim of the access token for invalidity; and if no invalid claims are found, accepting the authorization request.
However, in an analogous art, Rowe teaches checking each access claim of the access token for invalidity; and if no invalid claims are found, accepting the authorization request (Rowe: pars 0076-0082, teaches of token associated with the one or claims of the users. A record of the user claims and access/authentication information are managed associated with token, and the records are updated as needed).
Therefore, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to combine the teachings of Rowe with the method/system of Gupta for the benefit of providing a user with a means for using one or more claims associating with access tokens for the system to authenticate user access by verifying and validating a token and associated claims for the system to efficiently and securely managing multiple tokens and authentication process (Rowe: pars 0076-0082). 
As to claim 1, Gupta teaches a method of validating an authorization request (Gupta: pars 0014-0016, 0042, 0044-0045, a method of system for authentication by validation an identity token, permitting communication between a client device and another device and providing resource access) comprising: 
receiving, from a user, an access token (Gupta: pars 0044-0045, an identity server receives a request to authenticate including an identity token from a client device), the access token having being issued by an identity provider and provided to the user (Gupta: pars 0044-0045, the client device previously received the token from and identity provider in response to sending credentials to the identity provider);
extracting an identity provider identifier from the access token; and validating the access token (Gupta: pars 0044-0045, 0065, the identity token includes a JavaScript Object Notation ("JSON") web token ("JWT"). The identity server receives a private key from the client device or the identity provider, and validate the signature of the identity token using the private key and the algorithm).
Gupta does not explicitly teach [validating] by using the identity provider identifier as a key in a database to confirm the identity provider is a known identity provider; further validating the access token using keys obtained from a JSON Web Token (JWT) key set of the known identity provider.
However, in an analogous art, Maria teaches [validating] by using the identity provider identifier as a key in a database to confirm the identity provider is a known identity provider; further validating the access token using keys obtained from a JSON Web Token (JWT) key set of the known identity provider (Maria: pars 0005-0006, teaches a techniques for providing session management functionalities using an access token. Where an additional token JavaScript Object Notation (JSON) “JWT” Web Token, is created associated with the session token. The additional token stores a session identifier [i.e. identifier as a key in a database] of the session being created and may be stored along with a session cookie associated with the access token issuer (e.g., an OAuth server), is validated for authenticity of the token associated with the token issuer); 
Therefore, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to combine the teachings of Maria with the method/system of Gupta for the benefit of providing a user with a means for using an identifier that is stored to verify the authenticity of the token and the token issuer to approve the related “JWT” Web Token for the communication (Rowe: pars 0076-0082). 
Gupta or Maria does not explicitly teach checking each access claim of the access token for invalidity; and if no invalid claims are found, accepting the authorization request.
However, in an analogous art, Rowe teaches checking each access claim of the access token for invalidity; and if no invalid claims are found, accepting the authorization request (Rowe: pars 0076-0082, teaches of token associated with the one or claims of the users. A record of the user claims and access/authentication information are managed associated with token, and the records are updated as needed [i.e. valid claims associated with valid tokens are permitted, implies that invalid claims are not permitted]).
Therefore, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to combine the teachings of Rowe with the method/system of Gupta and Maria for the benefit of providing a user with a means for using one or more claims associating with access tokens for the system to authenticate user access by verifying and validating a token and associated claims for the system to efficiently and securely managing multiple tokens and authentication process (Rowe: pars 0076-0082). 
As to claim 2, the combination of Gupta, Maria and Rowe teaches the method of claim 1, 
Gupta and Rowe further teaches further comprising: if any of the access claims are invalid, failing authorization request (Gupta: pars 0014-0016, 0042, 0044-0045, a method of system for authentication by validation an identity token, permitting communication between a client device and another device and providing resource access [i.e. not positive authentication will not provide access]. Rowe: pars 0076-0082, teaches of token associated with the one or claims of the users. Allowing the claims to a resource based on the access/authentication information are associated with claims).
As to claim 3, the combination of Gupta, Maria and Rowe teaches the method of claim 1, 
Gupta and Rowe further teaches further comprising: if a first access claim of the access claims is invalid and the second access claim of the access claims is valid, accepting authorization for access associated with the second access claim (Gupta: pars 0044-0046, 0065; Fig 2, authenticate the client device for multiple services, wherein each of the multiple identity tokens is authenticated for a different service of the multiple services, based the access/identity information mapped to the data center. Rowe: pars 0076-0082, teaches of token associated with the one or claims of the users. For each claim, an allowing decision of the claim to a specific resource is made based on the authentication of information are associated with the claim and the token).
As to claim 4, the combination of Gupta, Maria and Rowe teaches the method of claim 1,
Gupta further teaches wherein the identity provider is provided control over only a predetermined subset of all data elements and organizations (Gupta: pars 0044-0046, 0065; Fig 2, authenticate the client device for multiple services, wherein each of the multiple identity tokens is authenticated for a different service of the multiple services, based the access/identity information mapped to the data center).
As to claim 5, the combination of Gupta, Maria and Rowe teaches the method of claim 4,
Gupta and Rowe further teaches wherein the access token is invalid if any access claim of the access token falls outside the predetermined subset of all data elements and organizations available to the identity provider (Gupta: pars 0044-0046, 0065; Fig 2, authenticate the client device for multiple services, wherein each of the multiple identity tokens is authenticated for a different service of the multiple services, based the access/identity information mapped to the data center. Rowe: pars 0076-0082, teaches of token associated with the one or claims of the users. For each claim, an allowing decision of the claim to a specific resource is made based on the authentication of information are associated with the claim and the token [i.e. any claim access is not positively authenticated to associated resource, not allowed]).
As to claim 6, the combination of Gupta, Maria and Rowe teaches the method of claim 1,
Gupta and Rowe further teaches wherein a validated access claim provides access to less than all data elements under control of the identity provider (Gupta: pars 0044-0046, 0065; Fig 2, authenticate the client device for multiple services, wherein each of the multiple identity tokens is authenticated for a different service of the multiple services, based the access/identity information mapped to the data center. Rowe: pars 0076-0082, teaches of token associated with the one or claims of the users. For each claim, an allowing decision of the claim to a specific resource is made based on the authentication of information are associated with the claim and the token).
As to claim 7, the combination of Gupta, Maria and Rowe teaches the method of claim 1, 
Rowe further teaches further comprising: checking an expiration time in the access token is a future time (Rowe: pars 0076-0082, record of the user claims and access/authentication information are managed associated with token are updated as needed; expired claims are deleted as part of the claim/token management).
As to claim 8, the combination of Gupta, Maria and Rowe teaches the method of claim 1, 
Gupta and Rowe further teaches wherein the authorization request is associated with real-time location services provision (Gupta: pars 0017, 0037, uses location/zone information for the network management).
As to claim 9, Gupta teaches a computer-implemented method for validating an authorization request (Gupta: pars 0014-0016, 0042, 0044-0045, a method of system for authentication by validation an identity token, permitting communication between a client device and another device and providing resource access), the method comprising:
receiving, from a user, an access token (Gupta: pars 0044-0045, an identity server receives a request to authenticate including an identity token from a client device), the access token having being issued by an identity provider and provided to the user (Gupta: pars 0044-0045, the client device previously received the token from and identity provider in response to sending credentials to the identity provider);
extracting an identity provider identifier from the access token; and validating the access token (Gupta: pars 0044-0045, 0065, the identity token includes a JavaScript Object Notation ("JSON") web token ("JWT"). The identity server receives a private key from the client device or the identity provider, and validate the signature of the identity token using the private key and the algorithm).
Gupta does not explicitly teach [validating] by using the identity provider identifier as a key in a database to confirm the identity provider is a known identity provider; further validating the access token using keys obtained from a JSON Web Token (JWT) key set of the known identity provider.
However, in an analogous art, Maria teaches [validating] by using the identity provider identifier as a key in a database to confirm the identity provider is a known identity provider; further validating the access token using keys obtained from a JSON Web Token (JWT) key set of the known identity provider (Maria: pars 0005-0006, teaches a techniques for providing session management functionalities using an access token. Where an additional token JavaScript Object Notation (JSON) “JWT” Web Token, is created associated with the session token. The additional token stores a session identifier [i.e. identifier as a key in a database] of the session being created and may be stored along with a session cookie associated with the access token issuer (e.g., an OAuth server), is validated for authenticity of the token associated with the token issuer); 
Therefore, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to combine the teachings of Maria with the method/system of Gupta for the benefit of providing a user with a means for using an identifier that is stored to verify the authenticity of the token and the token issuer to approve the related “JWT” Web Token for the communication (Rowe: pars 0076-0082). 
Gupta or Maria does not explicitly teach checking each access claim of the access token for invalidity; and if no invalid claims are found, accepting the authorization request.
However, in an analogous art, Rowe teaches checking each access claim of the access token for invalidity; and if no invalid claims are found, accepting the authorization request (Rowe: pars 0076-0082, teaches of token associated with the one or claims of the users. A record of the user claims and access/authentication information are managed associated with token, and the records are updated as needed [i.e. valid claims associated with valid tokens are permitted, implies that invalid claims are not permitted]).
Therefore, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to combine the teachings of Rowe with the method/system of Gupta for the benefit of providing a user with a means for using one or more claims associating with access tokens for the system to authenticate user access by verifying and validating a token and associated claims for the system to efficiently and securely managing multiple tokens and authentication process (Rowe: pars 0076-0082). 
As to claim 10, the combination of Gupta, Maria and Rowe teaches the computer-implemented method of claim 9, 
Gupta and Rowe further teaches further comprising: if any of the access claims are invalid, failing authorization request (Gupta: pars 0014-0016, 0042, 0044-0045, a method of system for authentication by validation an identity token, permitting communication between a client device and another device and providing resource access [i.e. not positive authentication will not provide access]. Rowe: pars 0076-0082, teaches of token associated with the one or claims of the users. Allowing the claims to a resource based on the access/authentication information are associated with claims).
As to claim 11, the combination of Gupta, Maria and Rowe teaches the computer-implemented method of claim 9, 
Gupta and Rowe further teaches further comprising: if a first access claim of the access claims is invalid and the second access claim of the access claims is valid, accepting authorization for access associated with the second access claim (Gupta: pars 0044-0046, 0065; Fig 2, authenticate the client device for multiple services, wherein each of the multiple identity tokens is authenticated for a different service of the multiple services, based the access/identity information mapped to the data center. Rowe: pars 0076-0082, teaches of token associated with the one or claims of the users. For each claim, an allowing decision of the claim to a specific resource is made based on the authentication of information are associated with the claim and the token).
As to claim 12, the combination of Gupta, Maria and Rowe teaches the computer-implemented method of claim 9, 
Gupta and Rowe further teaches wherein a validated access claim provides access to less than all data elements under control of the identity provider (Gupta: pars 0044-0046, 0065; Fig 2, authenticate the client device for multiple services, wherein each of the multiple identity tokens is authenticated for a different service of the multiple services, based the access/identity information mapped to the data center. Rowe: pars 0076-0082, teaches of token associated with the one or claims of the users. For each claim, an allowing decision of the claim to a specific resource is made based on the authentication of information are associated with the claim and the token).
As to claim 13, the combination of Gupta, Maria and Rowe teaches the computer-implemented method of claim 9, 
Gupta and Rowe further teaches further comprising: checking an expiration time in the access token is a future time (Rowe: pars 0076-0082, record of the user claims and access/authentication information are managed associated with token are updated as needed; expired claims are deleted as part of the claim/token management).
As to claim 14, the combination of Gupta, Maria and Rowe teaches the computer-implemented method of claim 9, 
Gupta and Rowe further teaches wherein the authorization request is associated with real-time location services provision Gupta: pars 0017, 0037, uses location/zone information for the network management).
As to claim 15, Gupta teaches a services provision system comprising at least one processor and a memory coupled to the at least one processor (Gupta: pars 0014-0016, 0042, 0044-0045, a method of system for authentication by validation an identity token, permitting communication between a client device and another device and providing resource access), the at least one processor configured to:
receive, from a user, an access token (Gupta: pars 0044-0045, an identity server receives a request to authenticate including an identity token from a client device), the access token having been being issued by an identity provider and provided to the user (Gupta: pars 0044-0045, the client device previously received the token from and identity provider in response to sending credentials to the identity provider);
extract an identity provider identifier from the access token; and validate the access token (Gupta: pars 0044-0045, 0065, the identity token includes a JavaScript Object Notation ("JSON") web token ("JWT"). The identity server receives a private key from the client device or the identity provider, and validate the signature of the identity token using the private key and the algorithm).
Gupta does not explicitly teach [validating] by using the identity provider identifier as a key in a database to confirm the identity provider is a known identity provider; further validate the access token using keys obtained from a JSON Web Token (JWT) key set of the known identity provider.
However, in an analogous art, Maria teaches [validating] by using the identity provider identifier as a key in a database to confirm the identity provider is a known identity provider; further validate the access token using keys obtained from a JSON Web Token (JWT) key set of the known identity provider (Maria: pars 0005-0006, teaches a techniques for providing session management functionalities using an access token. Where an additional token JavaScript Object Notation (JSON) “JWT” Web Token, is created associated with the session token. The additional token stores a session identifier [i.e. identifier as a key in a database] of the session being created and may be stored along with a session cookie associated with the access token issuer (e.g., an OAuth server), is validated for authenticity of the token associated with the token issuer); 
Therefore, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to combine the teachings of Maria with the method/system of Gupta for the benefit of providing a user with a means for using an identifier that is stored to verify the authenticity of the token and the token issuer to approve the related “JWT” Web Token for the communication (Rowe: pars 0076-0082). 
Gupta or Maria does not explicitly teach check each access claim of the access token for invalidity; and if no invalid claims are found, accept the authorization request.
However, in an analogous art, Rowe teaches check each access claim of the access token for invalidity; and if no invalid claims are found, accept the authorization request (Rowe: pars 0076-0082, teaches of token associated with the one or claims of the users. A record of the user claims and access/authentication information are managed associated with token, and the records are updated as needed [i.e. valid claims associated with valid tokens are permitted, implies that invalid claims are not permitted]).
Therefore, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to combine the teachings of Rowe with the method/system of Gupta for the benefit of providing a user with a means for using one or more claims associating with access tokens for the system to authenticate user access by verifying and validating a token and associated claims for the system to efficiently and securely managing multiple tokens and authentication process (Rowe: pars 0076-0082).
As to claim 16, the combination of Gupta, Maria and Rowe teaches the services provision system of claim 15, 
Gupta and Rowe further teaches wherein the at least one processor is further configured to: if any of the access claims are invalid, fail authorization request (Gupta: pars 0014-0016, 0042, 0044-0045, a method of system for authentication by validation an identity token, permitting communication between a client device and another device and providing resource access [i.e. not positive authentication will not provide access]. Rowe: pars 0076-0082, teaches of token associated with the one or claims of the users. Allowing the claims to a resource based on the access/authentication information are associated with claims).
As to claim 17, the combination of Gupta, Maria and Rowe teaches the services provision system of claim 15, 
Gupta and Rowe further teaches wherein the at least one processor is further configured to: if a first access claim of the access claims is invalid and the second access claim of the access claims is valid, accept authorization for access associated with the second access claim (Gupta: pars 0044-0046, 0065; Fig 2, authenticate the client device for multiple services, wherein each of the multiple identity tokens is authenticated for a different service of the multiple services, based the access/identity information mapped to the data center. Rowe: pars 0076-0082, teaches of token associated with the one or claims of the users. For each claim, an allowing decision of the claim to a specific resource is made based on the authentication of information are associated with the claim and the token).
As to claim 18, the combination of Gupta, Maria and Rowe teaches the services provision system of claim 15, 
Gupta and Rowe further teaches wherein the identity provider is provided control over only a predetermined subset of all data elements and organizations (Gupta: pars 0044-0046, 0065; Fig 2, authenticate the client device for multiple services, wherein each of the multiple identity tokens is authenticated for a different service of the multiple services, based the access/identity information mapped to the data center).
As to claim 19, the combination of Gupta, Maria and Rowe teaches the services provision system of claim 18, 
Gupta and Rowe further teaches wherein the access token is invalid if any access claim of the access token falls outside the predetermined subset of all data elements and organizations available to the identity provider (Gupta: pars 0044-0046, 0065; Fig 2, authenticate the client device for multiple services, wherein each of the multiple identity tokens is authenticated for a different service of the multiple services, based the access/identity information mapped to the data center. Rowe: pars 0076-0082, teaches of token associated with the one or claims of the users. For each claim, an allowing decision of the claim to a specific resource is made based on the authentication of information are associated with the claim and the token [i.e. any claim access is not positively authenticated to associated resource, not allowed]).
As to claim 20, the combination of Gupta, Maria and Rowe teaches the services provision system of claim 15, 
Gupta and Rowe further teaches wherein a validated access claim provides access to less than all data elements under control of the identity provider (Gupta: pars 0044-0046, 0065; Fig 2, authenticate the client device for multiple services, wherein each of the multiple identity tokens is authenticated for a different service of the multiple services, based the access/identity information mapped to the data center. Rowe: pars 0076-0082, teaches of token associated with the one or claims of the users. For each claim, an allowing decision of the claim to a specific resource is made based on the authentication of information are associated with the claim and the token).
As to claim 21, the combination of Gupta, Maria and Rowe teaches the services provision system of claim 15, 
Gupta and Rowe further teaches wherein the at least one processor is further configured to: check an expiration time in the access token is a future time (Rowe: pars 0076-0082, record of the user claims and access/authentication information are managed associated with token are updated as needed; expired claims are deleted as part of the claim/token management).
As to claim 22, the combination of Gupta, Maria and Rowe teaches the services provision system of claim 15, 
Gupta and Rowe further teaches wherein the authorization request is associated with real-time location services provision Gupta: pars 0017, 0037, uses location/zone information for the network management).
Conclusion
Any inquiry concerning this communication or earlier communications from the examiner should be directed to Jahangir Kabir whose telephone number is (571) 270-3355.  The examiner can normally be reached on 9:00- 5:00 Mon-Thu.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Luu Pham can be reached on (571) 270-5002.  The fax number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system.  Status information for published applications may be obtained from either Private PAIR or Public PAIR.  Status information for unpublished applications is available through Private PAIR only.  For more information about the PAIR system, see http://pair-direct.uspto.gov. Should you have questions on access to the Private PAIR system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative or access to the automated information system, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.

/JAHANGIR KABIR/             Primary Examiner, Art Unit 2439