DETAILED ACTION
This communication responsive to the Application No. 17/253,190 filed on December 17,
2020. A preliminary amendment has been filed on 12/17/2020 in which claims 1-34 have been canceled, and claims 35-54 have been added new. Claims 35-54 are pending and are directed towards SECURITY MANAGEMENT FOR SERVICE ACCESS IN A COMMUNICATION SYSTEM.

Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .

Information Disclosure Statement
The information disclosure statements (IDS) submitted on 12/17/2020 and 04/26/2022 were Acknowledge. The submission is in compliance with the provisions of 37 CFR 1.97.  Accordingly, the information disclosure statements are being considered by the examiner.


Claim Rejections - 35 USC § 101
35 U.S.C. 101 reads as follows:
Whoever invents or discovers any new and useful process, machine, manufacture, or composition of matter, or any new and useful improvement thereof, may obtain a patent therefor, subject to the conditions and requirements of this title.

Claims 35-54 are rejected under 35 U.S.C. 101 because the claimed invention is directed to non-statutory subject matter. In particular, claims are directed to a judicial exception (abstract idea) without significantly more.  
  When considering subject matter eligibility under 35 U.S.C. 101, it must be determined whether the claim is directed to one of the four statutory categories of invention, i.e., process, machine, manufacture, or composition of matter.  If the claim does fall within one of the statutory categories, it must then be determined whether the claim is directed to a judicial exception (i.e., law of nature, natural phenomenon, and abstract idea), and if so, it must additionally be determined whether the claim is a patent-eligible application of the exception.  If an abstract idea is present in the claim, any element or combination of elements in the claim must be sufficient to ensure that the claim amounts to significantly more than the abstract idea itself. Examples of abstract ideas include mental processes; certain methods of organizing human activities; and mathematical relationships/formulas.  Alice Corporation Pty. Ltd. v. CLS Bank International, et al., 573 U.S. ____ (2014).
Analysis has been updated based on the new 2019 Patent Eligibility Guidance (2019 PEG).
Claims 35-54 are rejected under 35 U.S.C. 101 because the claimed invention is directed to an abstract idea without significantly more.
Claim 1 (exemplary) recites a series of steps for obtaining and sending an access token based on a received access request. 
The claim is directed to a method, which is a statutory category of invention.
The claim is then analyzed to determine whether it is directed to a judicial exception. The claim recites the limitations of receiving a request from a service consumer for access to a given service type; obtaining an access token that identifies a plurality of service producers for the given service type; and sending the access token to the service consumer; and (in claims 42 and 46 ) selecting one of the plurality of service producers from the access token based on one or more selection criterion. 
The claimed method simply describes series of steps for for obtaining and sending an access token based on a received access request. These limitations, as drafted, are processes that, under its broadest reasonable interpretation, covers performance of the limitations via granting an access token based on a request, but for the recitation of generic computer components. That is, other than reciting authorization entity, a service consumer, and service producers in a communication system comprising a service based architecture, and (proxy element in claim 46) nothing in the claim precludes the limitations from practically being performed by organizing human activity. For example, without the structure elements language, the claim encompasses the activities that can be performed manually between the users and a third party. These limitations are directed to an abstract idea because they are managing personal behavior or relationships or interactions between people (including social activities, teaching, and following rules or instructions) that falls within the enumerated group of “certain methods of organizing human activity” in the 2019 PEG.
Next, the claim is analyzed to determine if it is integrated into a practical application. The claim recites additional elements of using authorization entity, a service consumer, and service producers in a communication system comprising a service based architecture, and (proxy element in claim 46) to perform the steps. The additional elements in the steps are recited at a high level of generality, i.e., as a generic processor performing a generic computer function of processing data. This generic processor limitation is no more than mere instructions to apply the exception using generic computer component. Also, these limitation are an attempt to limit the abstract idea to a particular technological environment. Accordingly, these additional elements do not integrate the abstract idea into a practical application because they do not impose any meaningful limits on practicing the abstract idea. The claim is directed to the abstract idea.
Next, the claim is analyzed to determine if there are additional claim limitations that individually, or as an ordered combination, ensure that the claim amounts to significantly more than the abstract ideas (whether claim provides inventive concept). As discussed above, the recitation of the claimed limitations amounts to mere instructions to implement the abstract idea on a processor (using the authorization entity, a service consumer, and service producers in a communication system comprising a service based architecture, and (proxy element in claim 46) as a tools to implement the abstract idea). Taking the additional elements individually and in combination, the additional elements at each step of the process performs purely generic computer functions. As such, there is no inventive concept sufficient to transform the claimed subject matter into a patent-eligible application The same analysis applies here, i.e., mere instructions to apply an exception using a generic computer component cannot integrate a judicial exception into a practical application at or provide an inventive concept. 
Viewing the limitations as an ordered combination does not add anything further than looking at the limitations individually. When viewed either individually, or as an ordered combination, the additional limitations do not amount to a claim as a whole that is significantly more than the abstract idea itself. Therefore, the claim does not amount to significantly more than the recited abstract idea. Therefore, the claim is not patent eligible.
The analysis above applies to all statutory categories of invention including claims 35, 42 and 46.  Furthermore, the dependent claims 35-41, 43-45 and 47-54 do not resolve the issues raised in the independent claims. The dependent claims do not add limitations that meaningfully limit the abstract idea. The dependent claims do not impart patent eligibility to the abstract idea of the independent claims. Therefore none of the dependent claims alone or as an ordered combination add limitations that qualify as integrating the abstract idea into a practical application.
Lastly, dependent claims do not include additional elements that are sufficient to amount to significantly more than the judicial exception because the additional elements are simply steps performed by a generic computer. The claim merely amounts to the application or instructions to apply the abstract idea on a processor, and is considered to amount to nothing more than requiring a generic server to merely carry out the abstract idea itself.
Accordingly, claims 35-54 are rejected as ineligible for patenting under 35 U.S.C. 101 based upon the same analysis.  
The instant claims are rejected under 35 USC 101 in view of The Decision in Alice Corporation Ply. Ltd. v. CLS Bank International, et al. in a unanimous decision, the Supreme Court held that the patent claims in Alice Corporation Pty. Ltd. v. CLS Bank International, el al. ("Alice Corp. ") are not patent-eligible under 35 U.S.C. § 101. 

Claim Rejections - 35 USC § 102
In the event the determination of the status of the application as subject to AIA  35 U.S.C. 102 and 103 (or as subject to pre-AIA  35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status.  
The following is a quotation of the appropriate paragraphs of 35 U.S.C. 102 that form the basis for the rejections under this section made in this Office action:
A person shall be entitled to a patent unless –

(a)(1) the claimed invention was patented, described in a printed publication, or in public use, on sale, or otherwise available to the public before the effective filing date of the claimed invention.


Claim(s) 35-37, 39 and 42-54 are rejected under 35 U.S.C. 102(a)(1) as being anticipated by Bemmel et al. US 2006/0041669 A1 (hereinafter “Bemmel”).

As per claim 35, Bemmel teaches a method comprising: 
receiving at an authorization entity in a communication system comprising a service-based architecture a request from a service consumer in the communication system for access to a given service type (a Web Service based upon a service request may be discovered by the Web Service security module. Bemmel, para [0026][0027]) (a method for securing a Web Service includes receiving a service request at block 500, by the web server 115, in accordance with one embodiment of the present invention. At block 505, a first access controller element 375 and a smartUDDI 385 may be used by a requester 305 to discover a service and obtain a signed access token. Bemmel, para [0050]); 
obtaining at the authorization entity an access token that identifies a plurality of service producers for the given service type (the UDDI registry generates a service ticket. Bemmel, para [0029]) (the smartUDDI 385 generates a token. The smartUDDI 385 signs the token, encoding the identity in block 415. As shown in block 420, the requestor 305 passes the token in service invocation to the deployed services 390. The access controller 375, in block 425, examines the token and enforces access policies for the deployed service 390. Bemmel, para [0046]) (The smartUDDI 385, at block 515, may encode the identity and access policy information in a signed access token. Bemmel, para [0050]); and 
sending the access token from the authorization entity to the service consumer (returns it with discovered service list to the Web Service requestor. Bemmel, para [0029])(the requestor 305 may pass the signed access token to the access controller 375 to reuse authentication and access policy calculations. Bemmel, para [0051]).

As per claim 36, Bemmel teaches the method of claim 35, further comprising the authorization entity authenticating the service consumer in a discovery step prior to receiving an access token request from the service consumer (The web-services security architecture advantageously employs a combination of authentication with service discovery, evaluation of access policies, and capturing the result of this process in a signed, security token allowing efficient processing for each service request. Bemmel, para [0023]) (While the access controller 375 may authenticate and enforce the access policy 125, the policy engine 380 may evaluate access policies and encode its decision in a security token. More specifically, the smartUDDI 385 authenticates, authorizes, applies policy, achieves load balance by tracking dynamic information of each service instance and return response. While the Web Service security module 120 authenticates and provides service, the client application 310 authenticates and makes requests. Bemmel, para [0026]).

As per claim 37, Bemmel teaches the method of claim 35, wherein the obtaining step further comprises retrieving from storage the access token generated during a discovery step (the UDDI registry generates a service ticket, returns it with discovered service list to the Web Service requestor (e.g., the requestor client 105). Bemmel, para [0029]) (the requestor 305 discovers a service before sending one or more service invocations to that service. The token is returned at block 435 and the access controller 375 issues a proxy request to the smartUDDI 385 for the requestor 305 in block 440. The access controller 375 caches token information from the smartUDDI 445 for the requestor 305 at block 445. Bemmel, para [0047]).

As per claim 39, Bemmel teaches the method of claim 35, wherein the access token comprises an identifier and an address for each of the plurality of service producers identified therein (The web-services security architecture advantageously employs a combination of authentication with service discovery, evaluation of access policies, and capturing the result of this process in a signed, security token allowing efficient processing for each service request. A policy engine connected to a smart Universal Description, Discovery and Integration (UDDI) element evaluates access policies and encodes its decision in the security token. Bemmel, para [0023])( The identity and access policy information may be encoded in a security token based on the pre-computed policy. The Web Service security module 120 may capture the security token in a signed security token for use with each subsequent service request. Bemmel, para [0032]).

As per claim 42, Bemmel teaches a method comprising: 
sending from a service consumer in a communication system comprising a service-based architecture to an authorization entity in the communication system a request for access to a given service type (a Web Service based upon a service request may be discovered by the Web Service security module. Bemmel, para [0026][0027]) (a method for securing a Web Service includes receiving a service request at block 500, by the web server 115, in accordance with one embodiment of the present invention. At block 505, a first access controller element 375 and a smartUDDI 385 may be used by a requester 305 to discover a service and obtain a signed access token. Bemmel, para [0050]); 
receiving at the service consumer an access token from the authorization entity, wherein the access token identifies a plurality of service producers in the communication system for the given service type (the UDDI registry generates a service ticket. Bemmel, para [0029]) (the smartUDDI 385 generates a token. The smartUDDI 385 signs the token, encoding the identity in block 415. As shown in block 420, the requestor 305 passes the token in service invocation to the deployed services 390. The access controller 375, in block 425, examines the token and enforces access policies for the deployed service 390. Bemmel, para [0046]) (The smartUDDI 385, at block 515, may encode the identity and access policy information in a signed access token. Bemmel, para [0050]); and 
selecting one of the plurality of service producers from the access token based on one or more selection criterion (for Web Service discovery and selection, the Web Service registration proceeds as in a regular UDDI case having periodic updates with dynamic service load information. The Web Service requestor, the requestor client 105, connects with a UDDI registry which may be part of a UDDI module (as shown in FIGS. 3 and 4) and authenticates. The Web Service requestor sends registry service discovery criteria. The UDDI registry factors in search criteria along with authenticated identity and applies policies (e.g., the access policy 125) in the Web Service security module. Bemmel, para [0027]) (back-office channels may be used for the Web Service discovery and selection process. A back-office channel communication may contain the same information as in the ticket. Bemmel, para [0031]).

As per claim 43, Bemmel teaches the method of claim 42, further comprising the service consumer sending a service request to the selected service producer, wherein the service request comprises the access token (after the UDDI registry factors in search criteria along with authenticated identity and applies policies, the UDDI registry returns the list of discovered services to the Web Service requester. The Web Service requestor connects to the Web Service and makes requests. The Web Service applies local policies, or connects to the UDDI registry over back-office channels, and requests treatment information. In this manner, requests are processed and responses are returned. Bemmel, para [0031]) (The Web Service security module 120 may capture the security token in a signed security token for use with each subsequent service request. Bemmel, para [0032]).

As per claim 44, Bemmel teaches the method of claim 43, wherein the service request comprises an application programming interface service request (The requestor client 105 may comprise a requester 305 capable of running a client application 310 on an application server using a client Application Programming Interface (API) 320. Bemmel, para [0033]).

As per claim 45, Bemmel teaches the method of claim 42, further comprising: subsequently selecting another service producer from the same access token; and sending a service request to the selected other service producer, wherein the service request comprises the access token (The Web Service security module 120 may capture the security token in a signed security token for use with each subsequent service request. Bemmel, para [0032]) (after the UDDI registry factors in search criteria along with authenticated identity and applies policies, the UDDI registry returns the list of discovered services to the Web Service requester. The Web Service requestor connects to the Web Service and makes requests. The Web Service applies local policies, or connects to the UDDI registry over back-office channels, and requests treatment information. In this manner, requests are processed and responses are returned. Bemmel, para [0031]).

As per claim 46, Bemmel teaches a method comprising: 
receiving an access token at a proxy element in a communication system comprising a service- based architecture, wherein the access token identifies a plurality of service producers in the communication system for a given service type generated by an authorization entity in the communication system in response to a request by a service consumer in the communication system for access to the given service type (a Web Service based upon a service request may be discovered by the Web Service security module. Bemmel, para [0026][0027])( The client application 310 may send a service request from the requestor 305 to the intelligent services gateway 370 over the communication network 350 via the client API 320. The service capability server 365 may provide the interface and functionality to interact with the network elements 335. Bemmel, para [0041]) (a method for securing a Web Service includes receiving a service request at block 500, by the web server 115, in accordance with one embodiment of the present invention. At block 505, a first access controller element 375 and a smartUDDI 385 may be used by a requester 305 to discover a service and obtain a signed access token. Bemmel, para [0050]) (the UDDI registry generates a service ticket. Bemmel, para [0029]) (the smartUDDI 385 generates a token. The smartUDDI 385 signs the token, encoding the identity in block 415. As shown in block 420, the requestor 305 passes the token in service invocation to the deployed services 390. The access controller 375, in block 425, examines the token and enforces access policies for the deployed service 390. Bemmel, para [0046]) (The smartUDDI 385, at block 515, may encode the identity and access policy information in a signed access token. Bemmel, para [0050]); and 
selecting at the proxy element one of the plurality of service producers from the access token based on one or more selection criterion (for Web Service discovery and selection, the Web Service registration proceeds as in a regular UDDI case having periodic updates with dynamic service load information. The Web Service requestor, the requestor client 105, connects with a UDDI registry which may be part of a UDDI module (as shown in FIGS. 3 and 4) and authenticates. The Web Service requestor sends registry service discovery criteria. The UDDI registry factors in search criteria along with authenticated identity and applies policies (e.g., the access policy 125) in the Web Service security module. Bemmel, para [0027]) (the intelligent services gateway 370 may provide a set of Open Services Architecture (OSA) methods for the server API 395 to provide secure access to the underlying network resources. Bemmel, para [0041]).

As per claim 47, Bemmel teaches the method of claim 46, further comprising, when the proxy element resides between the authorization entity and the service consumer, the proxy element sending the service consumer identifying information for the selected service producer (The intelligent services gateway 370 may provide a standard way for carriers to open their network resources (the protocols 330 and the network elements 335) to the application service provider 360 or third-party client application developers. In this manner, the intelligent services gateway 370 may hide the details of the underlying network resources and shield the application developers from the complexities of the communication network 350. Bemmel, para [0040]).

As per claim 48, Bemmel teaches the method of claim 46, further comprising, when the proxy element resides between the authorization entity and the service consumer, the proxy element subsequently selecting another service producer from the access token based on a change in at least one of the one or more selection criterion (The Web Service security module 120 may capture the security token in a signed security token for use with each subsequent service request. Bemmel, para [0032]) (The intelligent services gateway 370 may comprise a server Application Programming interface (API) 395 coupled to a cache 397. While the server API 395 may enable communications with the client application 310, the cache 397 may store identity and access policy information. Bemmel, para [0038]) (for Web Service discovery and selection, the Web Service registration proceeds as in a regular UDDI case having periodic updates with dynamic service load information. The Web Service requestor, the requestor client 105, connects with a UDDI registry which may be part of a UDDI module (as shown in FIGS. 3 and 4) and authenticates. The Web Service requestor sends registry service discovery criteria. The UDDI registry factors in search criteria along with authenticated identity and applies policies (e.g., the access policy 125) in the Web Service security module. Bemmel, para [0027]).

As per claim 49, Bemmel teaches the method of claim 48, further comprising the proxy element sending the service consumer identifying information for the subsequently selected service producer (The intelligent services gateway 370 may provide a standard way for carriers to open their network resources (the protocols 330 and the network elements 335) to the application service provider 360 or third-party client application developers. In this manner, the intelligent services gateway 370 may hide the details of the underlying network resources and shield the application developers from the complexities of the communication network 350 […] the intelligent services gateway 370 may provide a set of Open Services Architecture (OSA) methods for the server API 395 to provide secure access to the underlying network resources. The server API 395 may be defined by OSA standard in one embodiment. The client application 310 may send a service request from the requestor 305 to the intelligent services gateway 370 over the communication network 350 via the client API 320. The service capability server 365 may provide the interface and functionality to interact with the network elements 335.. Bemmel, para [0040]-[0041]).

As per claim 50, Bemmel teaches the method of claim 46, further comprising, when the proxy element resides between the service consumer and one or more of the service producers, the proxy element sending the service consumer identifying information for the selected service producer (The intelligent services gateway 370 may provide a standard way for carriers to open their network resources (the protocols 330 and the network elements 335) to the application service provider 360 or third-party client application developers. In this manner, the intelligent services gateway 370 may hide the details of the underlying network resources and shield the application developers from the complexities of the communication network 350 […] the intelligent services gateway 370 may provide a set of Open Services Architecture (OSA) methods for the server API 395 to provide secure access to the underlying network resources. The server API 395 may be defined by OSA standard in one embodiment. The client application 310 may send a service request from the requestor 305 to the intelligent services gateway 370 over the communication network 350 via the client API 320. The service capability server 365 may provide the interface and functionality to interact with the network elements 335.. Bemmel, para [0040]-[0041]).

As per claim 51, Bemmel teaches the method of claim 50, further comprising, when the proxy element resides between the service consumer and one or more of the service producers, the proxy element subsequently selecting another service producer from the access token based on a change in at least one of the one or more selection criterion (for Web Service discovery and selection, the Web Service registration proceeds as in a regular UDDI case having periodic updates with dynamic service load information. Bemmel, para [0027]) (the smartUDDI 385 authenticates, authorizes, applies policy, achieves load balance by tracking dynamic information of each service instance and return response. Bemmel, para [0036])(The intelligent services gateway 370 may provide a standard way for carriers to open their network resources (the protocols 330 and the network elements 335) to the application service provider 360 or third-party client application developers. In this manner, the intelligent services gateway 370 may hide the details of the underlying network resources and shield the application developers from the complexities of the communication network 350 […] the intelligent services gateway 370 may provide a set of Open Services Architecture (OSA) methods for the server API 395 to provide secure access to the underlying network resources. The server API 395 may be defined by OSA standard in one embodiment. The client application 310 may send a service request from the requestor 305 to the intelligent services gateway 370 over the communication network 350 via the client API 320. The service capability server 365 may provide the interface and functionality to interact with the network elements 335. Bemmel, para [0040]-[0041]) (for Web Service discovery and selection, the Web Service registration proceeds as in a regular UDDI case having periodic updates with dynamic service load information. The Web Service requestor, the requestor client 105, connects with a UDDI registry which may be part of a UDDI module (as shown in FIGS. 3 and 4) and authenticates. The Web Service requestor sends registry service discovery criteria. The UDDI registry factors in search criteria along with authenticated identity and applies policies (e.g., the access policy 125) in the Web Service security module. Bemmel, para [0027]).

As per claim 52, Bemmel teaches the method of claim 51, further comprising the proxy element sending the service consumer identifying information for the subsequently selected service producer (The intelligent services gateway 370 may provide a standard way for carriers to open their network resources (the protocols 330 and the network elements 335) to the application service provider 360 or third-party client application developers. In this manner, the intelligent services gateway 370 may hide the details of the underlying network resources and shield the application developers from the complexities of the communication network 350 […] the intelligent services gateway 370 may provide a set of Open Services Architecture (OSA) methods for the server API 395 to provide secure access to the underlying network resources. The server API 395 may be defined by OSA standard in one embodiment. The client application 310 may send a service request from the requestor 305 to the intelligent services gateway 370 over the communication network 350 via the client API 320. The service capability server 365 may provide the interface and functionality to interact with the network elements 335. Bemmel, para [0040]-[0041]).

As per claim 53, Bemmel teaches the method of claim 48, wherein the selection criterion in which the change occurs comprises one or more of: a load balancing criterion; an availability criterion; and a maintenance criterion (for Web Service discovery and selection, the Web Service registration proceeds as in a regular UDDI case having periodic updates with dynamic service load information. Bemmel, para [0027]) (the smartUDDI 385 authenticates, authorizes, applies policy, achieves load balance by tracking dynamic information of each service instance and return response. Bemmel, para [0036]).

As per claim 54, Bemmel teaches the method of claim 46, wherein the proxy element receives the access token from one of the authorization entity and the service consumer (the requestor 305 discovers a service before sending one or more service invocations to that service. The token is returned at block 435 and the access controller 375 issues a proxy request to the smartUDDI 385 for the requestor 305 in block 440. The access controller 375 caches token information from the smartUDDI 445 for the requestor 305 at block 445. Bemmel, para [0047]).

Claim Rejections - 35 USC § 103
In the event the determination of the status of the application as subject to AIA  35 U.S.C. 102 and 103 (or as subject to pre-AIA  35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status.  
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.

The factual inquiries for establishing a background for determining obviousness under 35 U.S.C. 103 are summarized as follows:
1. Determining the scope and contents of the prior art.
2. Ascertaining the differences between the prior art and the claims at issue.
3. Resolving the level of ordinary skill in the pertinent art.
4. Considering objective evidence present in the application indicating obviousness or nonobviousness.

Claim 38 is rejected under 35 U.S.C. 103 as being unpatentable over Bemmel et al. US 2006/0041669 A1 (hereinafter “Bemmel”) in view of Lee et al. US 2018/0270877 A1 (hereinafter “Lee”).

As per claim 38, Bemmel teaches the method of claim 35. Bemmel does not explicitly teach wherein the authorization entity is a network function repository function, the service consumer is a first network function, and the plurality of service producers are two or more other network functions.
However, Lee teaches wherein the authorization entity is a network function repository function, the service consumer is a first network function, and the plurality of service producers are two or more other network functions (The vNF may be a network slice selection function for administrating network slices of the VPLMN or a network repository function for administrating network nodes of the VPLMN. Lee, para [0138])(the vNRF that has received the NF discovery request message at step 3 communicates with the hNRF to acquire the hSMF(s) information and sends the AMF an NF discovery response message including the vSMF(s) information and hSMF(s) information. Lee, para [0147]) (the network entity may be a RAN, AMF, vNRF, vSMF, hSMF, hNRF, hNF, etc. Lee, para [0156] Figs 11-12)
Therefore, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention, to modify the teaching of Bemmel in view of Lee. One would be motivated to do so, to enhance the security of the system.

Claim(s) 40-41 are rejected under 35 U.S.C. 103 as being unpatentable over Bemmel et al. US 2006/0041669 A1 (hereinafter “Bemmel”) in view of Murugesan et al. US 2018/0083977 A1 (hereinafter “Murugesan”).

As per claim 40, Bemmel teaches the method of claim 35. Bemmel does not explicitly teach wherein the access token comprises a JavaScript Object Notation Web Token format. 
However, Murugesan teaches wherein the access token comprises a JavaScript Object Notation Web Token format (Interactive web-based and native applications leverage standard browser-based OpenID Connect flow to request user authentication, receiving standard identity tokens that are JavaScript Object Notation (“JSON”) Web Tokens (“JWTs”) conveying the user's authenticated identity. Murugesan, para [0082]).
Therefore, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention, to modify the teaching of Bemmel in view of Murugesan. One would be motivated to do so, to enhance the security of the system.

As per claim 41, Bemmel and Murugesan teach the method of claim 40. Bemmel does not explicitly teach wherein the plurality of service producers for the given service type are identified in an audience claim field of the JavaScript Object Notation Web Token format.
However, Murugesan teaches wherein the plurality of service producers for the given service type are identified in an audience claim field of the JavaScript Object Notation Web Token format (Browser 1102 sends AZ Code to Cloud Gate 1104, and Cloud Gate 1104 sends a REST POST to OAuth2 microservice 1110 to request the access token and the identity token. Both tokens are scoped to OAuth microservice 1110 (indicated by the audience token claim). Cloud Gate 1104 receives the tokens from OAuth2 microservice. Murugesan, para [0179][0149])
Therefore, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention, to modify the teaching of Bemmel in view of Murugesan. One would be motivated to do so, to enhance the security of the system.

Conclusion
The prior art made of record and not relied upon is considered pertinent to applicant's disclosure. 
A. RYU et al. US 2019/0021064 A1 directed to method for managing registration in wireless communication system.
B. Leicher et al. US 2015/0295905 A1 directed to identity management with generic bootstrapping architecture.
C. China Mobile “Security of service based architecture of 5G phase 1” published on 21-25 May 2018
Any inquiry concerning this communication or earlier communications from the examiner should be directed to KHALID M ALMAGHAYREH whose telephone number is (571)272-0179. The examiner can normally be reached Monday - Thursday 8AM-5PM EST & Friday variable.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, SALEH NAJJAR can be reached on (571)272-4006. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. Visit https://www.uspto.gov/patents/apply/patent-center for more information about Patent Center and https://www.uspto.gov/patents/docx for information about filing in DOCX format. For additional questions, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.



Respectfully Submitted

/KHALID M ALMAGHAYREH/Examiner, Art Unit 2492