Notice of Pre-AIA  or AIA  Status

The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .

Response to Amendment

The amendment filed on 2/23/2022 is entered and acknowledged by the Examiner. Claims 1, 3, 10, 13-15, 18 and 20 have been amended.  Claim 12 has been cancelled.  Claim 21 have been added.  Claims 10-11 and 13-17 are allowed.  Claims 1-11 and 13-21 are currently pending in the instant application. 


Response to Arguments

Applicant’s arguments with respect to claim 1 and 18 have been considered but are moot because the arguments do not apply to any of the references being used in the current rejection.


Information Disclosure Statement

The information disclosure statement (IDS) was submitted on 2/23/2022.  The submission is in compliance with the provisions of 37 CFR 1.97.  Accordingly, the information disclosure statement is being considered by the examiner.


Allowable Subject Matter

Claim 3-6, and 20 objected to as being dependent upon a rejected base claim, but would be allowable if rewritten in independent form including all of the limitations of the base claim and any intervening claims, provided that all other rejections under 35 USC 101/112 (if any) are obviated upon upcoming amendments/arguments without raising new issue that necessitate further consideration/searches.


Claim Rejections - 35 USC § 103


The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102 of this title, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains.  Patentability shall not be negated by the manner in which the invention was made.

The factual inquiries set forth in Graham v. John Deere Co., 383 U.S. 1, 148 USPQ 459 (1966), that are applied for establishing a background for determining obviousness under 35 U.S.C. 103 are summarized as follows:
1. Determining the scope and contents of the prior art.
2. Ascertaining the differences between the prior art and the claims at issue.
3. Resolving the level of ordinary skill in the pertinent art.
4. Considering objective evidence present in the application indicating obviousness or nonobviousness.

Claims 1, 7-9, 18 and 21 are rejected under 35 U.S.C. 103 as being unpatentable over Schefenacker et al Pub. No.: (US 2017/0250812 A1) (hereinafter “Schefenacker”) in view of Abbott et al Pat. No.: (US 8,504,824 B1) (hereinafter "Abbott”), further in view of Kikkoji et al Pub. No.: (US 2007/0071418) (hereinafter "Kikkoji”).

With respect to claim 1: Schefenacker discloses one or more devices comprising: one or more processors; and one or more computer-readable media storing instructions that, when executed by the one or more processors, cause the one or more processors to perform operations comprising: 
determining a first duration associated with authenticating a user device during a first session (the first server provides a first authentication token of a few seconds [0054], [0061],  
receiving credentials associated with a user account (the user logs into the first server with a ID and password to receive a first authentication token, the first identification token is transmitted to the second server [0064], [0076-0078], [0086-0087]); 
authenticating the user device for a second session based at least in part on the credentials (the second server receives the authentication token and sets a validity period and returns a second authentication token back to the client [0086-0087], [0090])
receiving information associated with an environment of the user device (a client uses an ID and password for the initial login [0064], [0076]. Additionally, access for client within the enterprise boundaries may have a longer session time [0055], therefore environmental information are received from the client device);
determining, based at least in part on the information, a second duration associated with authenticating the user device (the second server receives the authentication token and sets a validity period and returns a second authentication token back to the client which indicates a session time [0076-0078], [0086-0087], [0090].  The second validity may be a default to the same time as the first authentication token [0070] );
generating data representing at least the second duration (a second authentication token with a different duration then the first authentication token [0069], [0087]);
sending the data to the user device (second server send the second authentication token back to the client [0090]);
However, Schefenacker does not explicitly disclose determining a second duration associated with authenticating the user device during the second session;
determining a second duration by increasing or decreasing the first session, the second duration associated with authenticating the user device during the second session;
Abbott discloses determining t second duration associated with authenticating the user device during the second session (when entity interacting with the session during the predetermined time period, the session token will be extended by the predetermined time [Col 8 lines 51-67]);
Therefore, it would have been obvious to a person of ordinary skill in the art before the effective filing date of the claimed invention to modify Schefenacker in view of Abbott in order to determine a second duration associated with authenticating a user during the second session; 
One of ordinary skill in the art would have been motivated because it would prevent hijacking of the network session by implementing token that expires and extending it during the session [Abbott: Abstract];
However, However, Schefenacker-Abbot does not explicitly disclose determining, based at least in part on the information, a second duration by increasing or decreasing the first session;
Kikkoji discloses determining, based at least in part on the information, a second duration by increasing or decreasing the first session (the effective period of the authentication session is extended by the authentication processing section [0272-0275], [0278]);
Therefore, it would have been obvious to a person of ordinary skill in the art before the effective filing date of the claimed invention to modify Schefenacker-Abbot in view of Kikkoji in order to determine a second duration by increasing or decreasing the first session;
One of ordinary skill in the art would have been motivated because it would extend the authentication session in order for the client to have access to data [Kikkoji: 0187-0190] 

With respect to claim 7: Schefenacker-Abbott-Kikkoji discloses the one or more devices as recited in claim 1 as set forth above, wherein the information is first information and the data is first data, and wherein the operations further comprise:
Schefenacker discloses receiving second information associated with the environment of the user device (receiving authentication token from the second server in association with the client ID and password for the initial login [0064], [0086-0087], [0090].  Also, different predefined session tie for each client system having different security status [0055]);
determining the first duration based at least in part on a set duration and the second information (different predefined session tie for each client system having different security status [0055])
generating second data representing the first duration (second authentication token having equal session time as received from the first token [0062], [0065]);
sending the second data to the user device (the second server receives the authentication token and sets a validity period and returns a second authentication token back to the client which indicates a session time [0076-0078], [0086-0087], [0090]).

With respect to claim 8: Schefenacker-Abbott-Kikkoji discloses the one or more devices as recited in claim 1 as set forth above, wherein the information is first information, and wherein the operations further comprise:
Schefenacker discloses during the second duration, receiving second information associated with the environment of the user device (while communication with the second serve, the second server responds with the token authentication for the client [0076-0078], [0086-0087], [0090]);
However, Schefenacker does not explicitly disclose determining that the second information indicates a triggering event; and
determining to reauthenticate the user device based at least in part on the second information indicating the triggering event;
Abbott discloses determining that the second information indicates a triggering event (token are generated based on third party entity identifying information, which has a “time to live”, when that time has expired, it is triggered to re-authenticate [Col 8 lines 51-65]);
determining to reauthenticate the user device based at least in part on the second information indicating the triggering event (token are generated based on third party entity identifying information, which has a “time to live”, when that time has expired, it is triggered to re-authenticate [Col 8 lines 51-65]);
Therefore, it would have been obvious to a person of ordinary skill in the art before the effective filing date of the claimed invention to modify Schefenacker in view of Abbott in order to determine a second information and re-authenticate the user device based on the second information; 
One of ordinary skill in the art would have been motivated because it would prevent hijacking of the network session by implementing tokens with “time to live” [Abbott: Abstract].

With respect to claim 9: Schefenacker-Abbott-Kikkoji discloses the one or more devices as recited in claim 1 as set forth above, wherein the information associated with the environment indicates at least one of:
Schefenacker discloses a unique device identifier associated with the user device;
hardware associated with the user device;
software installed on the user device;
one or more applications that are active on the user device;
central processing unit usage associated with the user device;
memory usage associated with the user device;
an Internet Protocol address;
power consumption associated with the user device;
a type of network connection associated with the user device; or
sensor data representing a user of the user device (a client uses an ID and password for the initial login [0064]);

With respect to claims 18, they do not teach or further define over the limitations in claims 1, respectively. Therefore claims 18 is rejected for the same reasons as set forth in claims 1.

With respect to claim 21, they do not teach or further define over the limitations in claim 7, respectively. Therefore claim 21 is rejected for the same reasons as set forth in claim 7.


Claims 2 and 19 are rejected under 35 U.S.C. 103 as being unpatentable over Schefenacker et al Pub. No.: (US 2017/0250812 A1) (hereinafter “Schefenacker”) in view of Abbott et al Pat. No.: (US 8,504,824 B1) (hereinafter "Abbott”) and Kikkoji et al Pub. No.: (US 2007/0071418) (hereinafter "Kikkoji”) as applied to claims 1, 7-9, 18 and 21 above, further in view of Mackens et al Pub. No.: (US 2017/0250812 A1) (hereinafter “Mackens”).

With respect to claim 2: Schefenacker-Abbott-Kikkoji discloses the one or more devices as recited in claim 1 as set forth above, the operations further comprising: 
Schefenacker discloses sending an authentication request associated with the second session (client sends authentication token to the second server [0086-0087]);
receiving a response to the authentication request (second server responds with a validity time of the authentication token [0078], [0090]);
However, Schefenacker-Abbott-Kikkoji does not explicitly disclose verifying the response for the authentication request, and wherein authenticating the user device for the second session is further based at least in part on verifying the response;
Mackens discloses verifying the response for the authentication request, and wherein authenticating the user device for the second session is further based at least in part on verifying the response (verifying the response from the client in order to authenticate the client [0021], [0028]);
Therefore, it would have been obvious to a person of ordinary skill in the art before the effective filing date of the claimed invention to modify Schefenacker-Abbott-Kikkoji in view of Mackens in order to verify the response for the authentication request, and wherein authenticating the user device for the second session is further based at least in part on verifying the response;
One of ordinary skill in the art would have been motivated because it would provide a more secured network.

With respect to claims 19, they do not teach or further define over the limitations in claims 2, respectively. Therefore claims 19 are rejected for the same reasons as set forth in claims 2.


Conclusion

The prior art made of record and not relied upon is considered pertinent to applicant’s disclosure.

Grigg et al. Pub. No.: (US 2015/0227727 A1).  The subject matter disclosed therein is pertinent to that of claims 1-11 and 13-21 (e.g., Determining user authentication requirements based on the current location of the user in comparison to the users normal boundary of location).
Wetterwald et al. Pub. No.: (US 2022/0046014 A1).  The subject matter disclosed therein is pertinent to that of claims 1-11 and 13-21 (e.g., Techniques for device to device authentication).
Shetty et al. Pub. No.: (US 2021/0211422 A1).  The subject matter disclosed therein is pertinent to that of claims 1-11 and 13-21 (e.g., Voice skill session lifetime management).


Applicant's amendment necessitated the new ground(s) of rejection presented in this Office action.  Accordingly, THIS ACTION IS MADE FINAL.  See MPEP § 706.07(a).  Applicant is reminded of the extension of time policy as set forth in 37 CFR 1.136(a).


THIS ACTION IS MADE FINAL.  Applicant is reminded of the extension of time policy as set forth in 37 CFR 1.136(a).  
A shortened statutory period for reply to this final action is set to expire THREE MONTHS from the mailing date of this action.  In the event a first reply is filed within TWO MONTHS of the mailing date of this final action and the advisory action is not mailed until after the end of the THREE-MONTH shortened statutory period, then the shortened statutory period will expire on the date the advisory action is mailed, and any extension fee pursuant to 37 CFR 1.136(a) will be calculated from the mailing date of the advisory action.  In no event, however, will the statutory period for reply expire later than SIX MONTHS from the mailing date of this final action. 

Any inquiry concerning this communication or earlier communications from the examiner should be directed to THAO DUC DUONG whose telephone number is (571)272-2350.  The examiner can normally be reached on M-F 9-5.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Brian Gillis can be reached on 571-272-7952.  The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system.  Status information for published applications may be obtained from either Private PAIR or Public PAIR.  Status information for unpublished applications is available through Private PAIR only.  For more information about the PAIR system, see https://ppair-my.uspto.gov/pair/PrivatePair. Should you have questions on access to the Private PAIR system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative or access to the automated information system, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.






/T.D.D/Examiner, Art Unit 2446                                                                                                                                                                                                        


/MICHAEL A KELLER/Primary Patent Examiner, Art Unit 2446