Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .

EXAMINER’S AMENDMENT
An examiner’s amendment to the record appears below. Should the changes and/or additions be unacceptable to applicant, an amendment may be filed as provided by 37 CFR 1.312. To ensure consideration of such an amendment, it MUST be submitted no later than the payment of the issue fee.

The applicant’s representative John F Woodson, II Reg. No:.45, 236 on May 26, 2022 authorized the following examiner’s amendment to be entered.

Amendment to the Claims:
This listing of the claims will replace all prior versions and listings of claims in the application. 

Listing of Claims:
1. (Currently amended) A computing device comprising:
a memory and a processor connected to the memory, the processor for
obtaining from a device registration service and storing a bearer token in the memory including a device identity of the computing device and a public encryption key of the computing device and wherein the public encryption key is signed by the Root of Trust (RoT);
obtaining from an identity platform and storing an authentication token in the memory based upon the bearer token and including a user identity of a user and the device identity of the computing device, the authentication token having an expiration[[,]];
communicating the authentication token to a server[[,]];
responding to a challenge from the server to validate that the device identity from the authentication token is associated with the computing device based upon a device credential[[,]];
communicating a user credential to the server to validate that the user is associated with the user identity from the authentication token[[,]];
accessing a session via the server responsive to validation of the device identity and the user identity from the authentication token[[,]]; 
communicating with the identity platform ; and 
wherein the device credential comprises the public encryption key associated with the computing device. 

2. (Cancelled). 

3. (Previously presented) The computing device of claim 1 wherein the user credential is stored in the memory at the computing device. 

4. (Previously presented) The computing device of claim 1 wherein the user credential is stored in a virtual smart card with an authentication service. 

Claims 5-7 (Cancelled).

8. (Previously presented) The computing device of claim 1 wherein the user and device credentials are stored in different locations.

9. (Original) The computing device of claim 1 wherein the authentication token comprises a polymorphic authentication token.

10. (Original) The computing device of claim 1 wherein the session comprises at least one of a Web application session, Software as a Service (SaaS) application session, virtual application session, and a virtual desktop session. 

11. (Currently amended) A method comprising:
storing an authentication token for a computing device in a memory, the authentication token including a user identity of a user and a device identity of the computing device, and the authentication token having an expiration; and
at the computing device,
obtaining from a device registration service and storing a bearer token in the memory including a device identity of the computing device and a public encryption key of the computing device and wherein the public encryption key is signed by the Root of Trust (RoT);
communicating the authentication token to a server[[,]]
responding to a challenge from the server to validate that the device identity from the authentication token is associated with the computing device based upon a device credential[[,]]
communicating a user credential to the server for validating that the user is associated with the user identity from the authentication token[[,]]
accessing a session via the server responsive to validation of the device identity and the user identity from the authentication token[[,]]; 
communicating with the identity platform for renewing the authentication token after the expiration based upon the bearer token; and 
wherein the device credential comprises the public encryption key associated with the computing device. 

Claims 12-13 (Cancelled).

14. (Previously presented) The method of claim 11 wherein the computing device communicates with the server to access the sessions further based upon a connection lease assigned to the computing device.

15. (Previously presented) The method of claim 11 wherein the user and device credentials are stored in different locations.

Claims 16-20 (cancelled).

21. (Currently amended) A non-transitory computer- readable medium having computer-executable instructions for causing a computing device to perform steps comprising:
obtaining from a device registration service and storing a bearer token in the memory including a device identity of the computing device and a public encryption key of the computing device and  wherein the public encryption key is signed by the Root of Trust (RoT);
obtaining from an identity platform and storing an authentication token at the computing device including a user identity of a user and a device identity of the computing device;
communicating the authentication token to a server;
responding to a challenge from the server to validate that the device identity from the authentication token is associated with the computing device based upon a device credential;
communicating a user credential to the server to validate that the user is associated with the user identity from the authentication token;
accessing a session via the server responsive to validation of the device identity and the user identity from the authentication token; and
communicating with the identity platform for renewing the authentication token after the expiration based upon the bearer token; and 
wherein the device credential comprises the public encryption key associated with the computing device. 

22. (Previously presented) The non-transitory computer-readable medium of claim 21 wherein the user credential is stored at the computing device.

23. (Previously presented) The non-transitory computer-readable medium of claim 21 wherein the user credential is stored in a virtual smart card with an authentication service.

Claims 24-25 (Cancelled).

26. (Previously presented) The non-transitory computer-readable medium of claim 21 wherein the user and device credentials are stored in different locations.

27. (Previously presented) The non-transitory computer-readable medium of claim 21 wherein the authentication token comprises a polymorphic authentication token.

28. (Previously presented) The non-transitory computer-readable medium of claim 21 wherein the session comprises at least one of a Web application session, Software as a Service (SaaS) application session, virtual application session, and a virtual desktop session.

Reason for allowance
Claims 1, 3-4, 8-11, 14-15, 21-23 and 26-28 are allowed. The following is an examiner’s statement of reasons for allowance. After consideration of the applicant’s correspondence filed on May 16, 2022 in response to the Office Correspondence mailed on February 15, 2022, through examination of the claims with search and further proposed examiner’s amendment, the pertinent prior arts of record, either taken alone or in combination neither anticipates nor renders obvious the claimed subject matter of the instant application taken as a whole and the claims having the particular features have been found in condition for allowance.

Any comments considered necessary by applicant must be submitted no later than the payment of the issue fee and, to avoid processing delays, should preferably accompany the issue fee. Such submissions should be clearly labeled “Comments on Statement of Reasons for Allowance.”

Conclusion
The prior art made of record and not relied upon is considered pertinent to applicant's disclosure. See the notice of reference cited in form PTO-892 for additional prior art.

Contact Information
Any inquiry concerning this communication or earlier communications from the examiner should be directed to TECHANE GERGISO whose telephone number is (571)272-3784. The examiner can normally be reached 9:30am to 6:30pm.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, JUNG W KIM can be reached on 5712723804. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. Visit https://www.uspto.gov/patents/apply/patent-center for more information about Patent Center and https://www.uspto.gov/patents/docx for information about filing in DOCX format. For additional questions, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.





/TECHANE GERGISO/Primary Examiner, Art Unit 2494