DETAILED ACTION
Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .
Claim Rejections - 35 USC § 102
The following is a quotation of the appropriate paragraphs of 35 U.S.C. 102 that form the basis for the rejections under this section made in this Office action:
A person shall be entitled to a patent unless –

(a)(2) the claimed invention was described in a patent issued under section 151, or in an application for patent published or deemed published under section 122(b), in which the patent or application, as the case may be, names another inventor and was effectively filed before the effective filing date of the claimed invention.

Claim(s) 1-8, 10-17 and 19-26 is/are rejected under 35 U.S.C. 102(a)(2) as being anticipated by Koottayi et al. (US-20200007531).
a.	Referring to claims 1, 4, 10, 13, 19 and 22:
	Regarding claims 1, 4, 10, 13, 19 and 22, Koottayi teaches a method performed by a processor of a computing device for management of access credentials, comprising: receiving, from a client application support service, an authentication request to authenticate a client application (Para 48-51… authentication request); sending a response comprising an authentication token to the client application support service to authenticate the client application (Para 53…. authentication token); receiving, from the client application support service, a request for an access token to access a target system (Para 55… access token request); sending a response comprising the access token to the client application support service to enable the client application support service to access the target system using the access token on behalf of the client application (Para 59… access token for accessing the application).
a.	Referring to claims 2, 6, 11, 15, 20 and 24:
	Regarding claims 2, 6, 11, 15, 20 and 24, Koottayi teaches the method of claim 1, further comprising: determining whether an access token that is associated with the client application is found in a token store in response to the received request from the client application support service for the access token (Para 58… access token validation); and receiving the access token from the token store in response to determining that the access token that is associated with the client application is found (Para 59…. access token).
a.	Referring to claims 3, 12 and 21:
	Regarding claims 3, 12 and 21, Koottayi teaches the method of claim 2, further comprising: receiving client application credentials from a database in response to determining that the access token that is associated with the client application is not found (Para 58, 61 and 62…. …. invalid access token and initiating a fresh login flow requiring credentials); sending to the target system a token request using the received client application credentials (Para 58, 61 and 62….  received client credential); and receiving from the target system an access token in response to the token request using the received client application credentials (Para 58, 61 and 62…. access token in response to credential validation).
a.	Referring to claims 5, 14 and 23:
	Regarding claims 5, 14 and 23, Koottayi teaches the method of claim 1, wherein the authorization request comprises a username and a password (Para 61….  username/password).
a.	Referring to claims 7, 16 and 25:
	Regarding claims 7, 16 and 25, Koottayi teaches the method of claim 1, further comprising determining a time to live (TTL) for the access token and associating the TTL with the access token (Para 59…. expiration time of the access token).
a.	Referring to claims 8, 17 and 26:
	Regarding claims 8, 17 and 26, Koottayi teaches the method of claim 7, further comprising: determining that the TTL associated with the access token has expired; and sending to the target system an indication that the access token has expired (Para 59 and 60… validation of the access token based on its expiration).
Claim Rejections - 35 USC § 103
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.

Claim(s) 9, 18 and 27 is/are rejected under 35 U.S.C. 103 as being unpatentable over Koottayi et al. (US-20200007531), and further in view of Rinehart (US-11277415).
a.	Referring to claims 9,18 and 27:
	Regarding claims 9, 18 and 27, Koottayi teaches the method of claim 1 but fails to explicitly teach performing a security operation in response to determining that the credential associated with the client application, the authentication token, or the access token has been compromised. However, performing a security operation in response to the compromise of a credential is well known in the art and described by Rinehart in Para 50 and 51 (Table 4…... compromised credential and associated security action in response to the compromise). Therefore, it would have been obvious to one of ordinary skill before the effective filing date of the claimed invention to modify the teaching of Koottayi be performing a security action in response to a compromised credential as taught by Rinehart for the purpose of securing the system and ensuring that compromised credentials are not used on the system.
Conclusion
Any inquiry concerning this communication or earlier communications from the examiner should be directed to IZUNNA OKEKE whose telephone number is (571)270-3854. The examiner can normally be reached Mon - Fri 8 - 4 EST.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, ELENI SHIFERAW can be reached on (571) 272-3867. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. Visit https://www.uspto.gov/patents/apply/patent-center for more information about Patent Center and https://www.uspto.gov/patents/docx for information about filing in DOCX format. For additional questions, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.



/IZUNNA OKEKE/Primary Examiner, Art Unit 2497