Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .

Information Disclosure Statement
The information disclosure statement (IDS) submitted on 5/28/2020 was filed after the mailing date of the application on5/28/2020.  The submission is in compliance with the provisions of 37 CFR 1.97.  Accordingly, the information disclosure statement is being considered by the examiner.

Claim Rejections - 35 USC § 103
In the event the determination of the status of the application as subject to AIA  35 U.S.C. 102 and 103 (or as subject to pre-AIA  35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status.  
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.

Claims 1-20 are rejected under 35 U.S.C. 103 as being unpatentable over Gustafsson (US patent Pub. 20170134429) in view of Genner (US patent Pub. 11,093,771).


As per claim 1:  A method comprising:
maintaining, at a server, a database identifying a plurality of authentication entities and a required communication protocol in association with each one of the plurality of authentication entities (Paragraph 18; The user may be prompted to enter a username and password for authentication and retrieval of the authorization rights associated with the user's account at the token authority server);
receiving at the server a first token from a terminal, wherein the first token is associated with a client device and the terminal transmitted the first token to the server in association with an authentication operation (Paragraph 4; receiving, from a first client device, a first request to access resources at the server, the first request including a first token generated at the token authority server for the client device);
analyzing, at the server, the first token to determine a subset of the plurality of authentication entities to contact (Paragraph 30; upon receipt of the request, and determining that the user is authorized to access the application services at the server 140);
generating a plurality of tokens, wherein each token meets the required communication protocol for at least one of the subset of the plurality of authentication entities (Paragraph 30; a token is generated and transmitted to the client device requesting the token. Each token generated includes an expiration time interval);
Gustafsson does not specifically disclose transmitting the plurality of tokens to the subset of the plurality of authentication entities, wherein each token is transmitted to only one of the subset of the plurality of authentication entities; receiving, at the server, an authentication entity message from each of the subset of the plurality of authentication entities; and transmitting, from the server to the terminal, a terminal message based on at least one of the authentication entity messages, wherein the terminal message is at least one of an approval or a rejection of the authentication operation.
Genner discloses wherein, in one embodiment, the server transmits an encryption authorization token (or other form of confirmation) to the device. If, however, the server determines, at step 412 in one embodiment, that the generated biometric hash and the stored biometric hash do not match (e.g., the user is not authorized to encrypt data using the device), then the server proceeds to step 416, wherein, in one embodiment, the server transmits an encryption rejection message to the device, logs the rejection, otherwise denies access to the device, or take another action (Col 11, lines 63-67 thru col 12, lines 1-14).
Therefore, it would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains, having the teachings of Gustafsson in view of Genner in it’s entirety, to modify the technique of Gustafsson for the request including the token and denies access to the resources at the application device based on the received token by adopting Genner's teaching for server transmits an encryption authorization token (or other form of confirmation) to the device. The motivation would have been to improve security token validation using partial policy validations.
As per claims 2 and 15:  The method of claim 1, wherein the first token masks information about the client device and the terminal (Paragraph 37; The first request includes a first token generated at the token authority server for the client device, where the first token is associated with a first expiration time interval).
As per claims 3 and 16:  The method of claim 1, wherein the first token includes an instruction to determine the subset of the plurality of authentication entities (Paragraph 38; a first subset of N tokens is revoked during a first period of time).
As per claims 4 and 17:  The method of claim 3, wherein the instruction was received at the terminal or the client device (Paragraph 38; a first subset of N tokens is revoked during a first period of time).
As per claims 5 and 18:  The method of claim 1, wherein: the server is configured to receive a communication from the client device; 
the communication includes at least one rule; and the server is configured to determine the subset of the plurality of authentication entities based on the at least one rule (Paragraph 38; Thus based on this revocation policy upon receipt (at block 220) of requests including current tokens from the client devices 110, the servers 140 are operative to deny access (at block 230) to a subset of N client devices at a time causing the revocation of an equal number N of tokens).

As per claims 6 and 19:  The method of claim 5, wherein the rule defines a ranking for the plurality of authentication entities (Paragraph 24; a revocation rate at which multiple tokens are to be removed over time).
As per claims 7 and 20:  The method of claim 5, wherein the rule excludes at least one of the plurality of authentication entities (Paragraph 4; receiving, from a first client device, a first request to access resources at the server, the first request including a first token generated at the token authority server for the client device).
As per claim 8:  The method of claim 1, wherein: the server includes a predictive model; and the predictive model is configured to determine the subset of the plurality of authentication entities (Paragraph 38; Thus based on this revocation policy upon receipt (at block 220) of requests including current tokens from the client devices 110, the servers 140 are operative to deny access (at block 230) to a subset of N client devices at a time causing the revocation of an equal number N of tokens).
As per claim 9:  The method of claim 8, wherein the predictive model is machine learning model which was trained using past authentication operation data (Paragraph 38; Thus based on this revocation policy upon receipt (at block 220) of requests including current tokens from the client devices 110, the servers 140 are operative to deny access (at block 230) to a subset of N client devices at a time causing the revocation of an equal number N of tokens).
As per claim 10:  The method of claim 9, wherein past authentication operation data includes data points for past authentication operations and authentication entities that were contacted for each past authentication operation.
As per claim 11:  The method of claim 1, further comprising:
in response to receiving at least one rejection authentication entity message from one of the subset of the plurality of authentication entities, transmitting a plurality of follow up tokens to a second subset of the plurality of authentication entities (Paragraph 25; a first subset of tokens is revoked during a first period of time, followed with a second step at which a second subset of tokens is revoked during a second period of time following the first period of time).
As per claim 12:  The method of claim 11, wherein a predictive model stored on the server is configured to determine the second subset of the plurality of authentication entities (Paragraph 25; a first subset of tokens is revoked during a first period of time, followed with a second step at which a second subset of tokens is revoked during a second period of time following the first period of time).
As per claim 13:  The method of claim 11, wherein the subset of the plurality of authentication entities is different from the second subset of the plurality of authentication entities (Paragraph 38; a first subset of N tokens is revoked during a first period of time).
As per claim 14:  A method comprising: 
syncing a client device with a terminal (Paragraph 26; The system 100 includes one or more client devices 110 coupled with one or more server(s) 140. The client devices 110 are further coupled with a token authority 130. The server(s) 140 are coupled with a Token revocation service 120, which is coupled with an admin service 150); 
generating a first token at the client device and transmitting the first token to the terminal, wherein: the first token 1s associated with the client device and the terminal is configured to transmit the first token to a server to request an authentication operation (Paragraph 4; receiving, from a first client device, a first request to access resources at the server, the first request including a first token generated at the token authority server for the client device); 
the server maintains a database identifying a plurality of authentication entities and a required communication protocol in association with each one of the plurality of authentication entities (Paragraph 18; The user may be prompted to enter a username and password for authentication and retrieval of the authorization rights associated with the user's account at the token authority server); 
the server is configured to analyze the first token to determine a subset of the plurality of authentication entities to contact (Paragraph 30; upon receipt of the request, and determining that the user is authorized to access the application services at the server 140); 
the server is configured to generate a plurality of tokens, wherein each token meets the required communication protocol for at least one of the subset of the plurality of authentication entities (Paragraph 30; a token is generated and transmitted to the client device requesting the token. Each token generated includes an expiration time interval); 
Gustafsson does not specifically disclose the server transmits the plurality of tokens to the subset of the plurality of authentication entities, wherein each token is transmitted to only one of the subset of the plurality of authentication entities; and the server is configured to receive an authentication entity message from each of the subset of the plurality of authentication entities; and receiving, from the terminal at the client device, a terminal message based on at least one of the authentication entity messages, wherein the terminal message is at least one of an approval or a rejection of the authentication operation.
Genner discloses wherein, in one embodiment, the server transmits an encryption authorization token (or other form of confirmation) to the device. If, however, the server determines, at step 412 in one embodiment, that the generated biometric hash and the stored biometric hash do not match (e.g., the user is not authorized to encrypt data using the device), then the server proceeds to step 416, wherein, in one embodiment, the server transmits an encryption rejection message to the device, logs the rejection, otherwise denies access to the device, or take another action (Col 11, lines 63-67 thru col 12, lines 1-14).
Therefore, it would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains, having the teachings of Gustafsson in view of Genner in it’s entirety, to modify the technique of Gustafsson for the request including the token and denies access to the resources at the application device based on the received token by adopting Genner's teaching for server transmits an encryption authorization token (or other form of confirmation) to the device. The motivation would have been to improve security token validation using partial policy validations.

Conclusion
Any inquiry concerning this communication or earlier communications from the examiner should be directed to ANTHONY D BROWN whose telephone number is (571)270-1472. The examiner can normally be reached 730-330pm.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Jeffrey Pwu can be reached on 571-272-6798. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. Visit https://www.uspto.gov/patents/apply/patent-center for more information about Patent Center and https://www.uspto.gov/patents/docx for information about filing in DOCX format. For additional questions, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.





/ANTHONY D BROWN/           Primary Examiner, Art Unit 2433