DETAILED ACTION
This Office Action is in response to the application 16/949,292 filed on 10/23/2020.
Claims 1-20 have been examined and are pending in this application.


Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .


Election/Restrictions
For the record, the Examiner acknowledges that NO restrictions warranted at applicants initial time of filing for patent.

Priority
For the record, the Examiner acknowledges that NO foreign priority claimed at applicant’s initial time of filing for patent.


Information Disclosure Statement
The information disclosure statement (IDS), submitted on 10/23/2020, is in compliance with the provisions of 37 CFR 1.97.  Accordingly, the information disclosure statement is being considered by the examiner.

Oath/Declaration
For the record, the Examiner acknowledges that the Oath/Declaration submitted on 10/23/2020 has been accepted.

Drawings
For the record, the Examiner acknowledges that the drawings filed on 10/23/2020 has been accepted.

Specification
For the record, the Examiner acknowledges that the Applicant's specification filed on 10/23/2020 has been accepted.

Claim Objections
Claims 4 and 5 are objected to because of the following informalities: Claims 4 and 5, the acronyms GPS are used without spelling out in full at their first occurrences in the claims.  Appropriate correction is required.


Claim Rejections - 35 USC § 103
In the event the determination of the status of the application as subject to AIA  35 U.S.C. 102 and 103 (or as subject to pre-AIA  35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status.  
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.

Claims 1-20 are rejected under 35 U.S.C. 103 as being unpatentable over Nair et al. (hereinafter Nair), Pub. No.: US 2021/0234706 in view of Koottayi et al. (hereinafter Koottayi), Pub. No.: US 2020/0007531.

Referring to claim 1, Nair teaches a method for formulating access limitations to a network in a session using a formatted web token, comprising: 
creating a web token by a schema of a network server to generate a formatted web token to a client for user access to the network (paras. 0080-0083; home NRF (network repository function) generates JWT formatted access token); 
passing the formatted web token to a client at the computing device, for hosting at the client and for enabling user access to the data and resources of the network (paras. 0104-0105 and fig. 4A; step 414, provide access token/formatted JWT to the consumer); 
passing the formatted web token to a client at the computing device, for hosting at the client and for enabling user access to the data and resources of the network (paras. 0104-0105 and fig. 4A; step 414, provide access token/formatted JWT to the consumer).

Nair does not explicitly disclose receiving a log-in request for the user access to the network server via an app hosted by a computing device remotely located to the network server; in response to receipt of a user access request, creating the session by the network server with network limitations for user access to data and resources of the network; 
decoding payload data of the formatted web token at the client to authenticate the user access; and 
enabling the client with one or more access limitations based on decoded payload data contained in the formatted web token wherein the one or more access limitations of the client are based on policy documentation of the network for remote access to the network. 

Koottayi teaches receiving a log-in request for the user access to the network server via an app hosted by a computing device remotely located to the network server (paras. 0003, 0038 and fig. 2, log in request); in response to receipt of a user access request, creating the session by the network server with network limitations for user access to data and resources of the network (paras. 0003-0005, 0039-0040 and fig. 2, establish a session); 
decoding payload data of the formatted web token at the client to authenticate the user access (paras. 0052, 0057-0060 and fig. 4, decoding the bearer token/JWT); and 
enabling the client with one or more access limitations based on decoded payload data contained in the formatted web token wherein the one or more access limitations of the client are based on policy documentation of the network for remote access to the network (paras. 0052, 0059-0060 and fig. 4, initiating resource access).

Therefore, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention (AIA ) to combine the teachings of Nair with the method and system of Koottayi, wherein receiving a log-in request for the user access to the network server via an app hosted by a computing device remotely located to the network server; in response to receipt of a user access request, creating the session by the network server with network limitations for user access to data and resources of the network; decoding payload data of the formatted web token at the client to authenticate the user access; and enabling the client with one or more access limitations based on decoded payload data contained in the formatted web token wherein the one or more access limitations of the client are based on policy documentation of the network for remote access to the network to provide users with a means for seamless transition between world wide web (WEB) resource access and application programming interface (API) resource access on an enterprise network with single sign-on, or on various other service systems with security restrictions (Koottayi: para. 0001).

Referring to claim 2, Nair and Koottayi teach the method of claim 1. Koottayi further teaches comprising: configuring by an evaluation engine at the network server, data of a formatted web token payload via the schema to direct a set of rules for data usage by the client wherein data usage rules are based on policies stored at a policy database in communication with the network server (Koottayi: para. 0035- 0037 and fig. 1, para. 0114 and fig. 8; cloud infrastructure system 802).

Referring to claim 3, Nair and Koottayi teach the method of claim 2. Koottayi further teaches comprising: configuring a set of limitations to access data and resources contained at the network server by the client based on metadata derived from the formatted web token payload wherein the metadata is configured in the formatted web token payload by the schema implemented at the network server (Koottayi: paras. 0057 and fig. 4; payload detail/metadata).

Referring to claim 4, Nair and Koottayi teach the method of claim 3. Koottayi further teaches comprising:22UTILITY PATENT APPLICATION Docket No. 41916US (102.0433)configuring access by the client to the network server based on GPS data of a user wherein a user's GPS data is processed by the network server to limit user access when the user is within a vicinity of the client (Koottayi: para. 0131 and fig. 9, GPS receiver components).

Referring to claim 5, Nair and Koottayi teach the method of claim 4. Koottayi further teaches comprising: configuring access by the client to the network server based on GPS data of the user to enable a limited period of access when the user is physically outside a vicinity of the client (Koottayi: para. 0131 and fig. 9, GPS receiver components).

Referring to claim 6, Nair and Koottayi teach the method of claim 5. Koottayi further teaches comprising: configuring access by the client to network data based on evaluation results by evaluations of a network server of comparisons of a set of policy rules for data access in conjunction with profile data of the user (Koottayi: para. 0035- 0040 and fig. 2, compare the authorization policies to the user's identity).


Referring to claim 7, Nair and Koottayi teach the method of claim 6. Koottayi further teaches comprising: configuring access by the client to reduce an available set of network resources based on a set of rules set forth in a policy database in communication with the network server (Koottayi: para. 0035- 0037 and fig. 1, para. 0114 and fig. 8).

Referring to claim 8, Nair and Koottayi teach the method of claim 7. Koottayi further teaches comprising: sharing a same web token amongst a set of clients without having to make a new request by each client to the network server for another web token for network access of a different client amongst the set of clients (paras. 0052, 0057, a shared secret).

Referring to claim 9, Nair and Koottayi teach the method of claim 8. Nair further teaches wherein the formatted web token, is a structured web token comprising a JavaScript Object Notation (JSON) Web Token (JWT) (Nair: para. 0082, JWT formatted access token).

Referring to claim 10, This claim is similar in scope to claim 1, and is therefore rejected under similar rationale.

Referring to claim 11, This claim is similar in scope to claim 2, and is therefore rejected under similar rationale.

Referring to claim 12, This claim is similar in scope to claim 3, and is therefore rejected under similar rationale.

Referring to claim 13, This claim is similar in scope to claim 4, and is therefore rejected under similar rationale.

Referring to claim 14, This claim is similar in scope to claim 5, and is therefore rejected under similar rationale.

Referring to claim 15, This claim is similar in scope to claim 6, and is therefore rejected under similar rationale.

Referring to claim 16, This claim is similar in scope to claim 7, and is therefore rejected under similar rationale.

Referring to claim 17, Nair and Koottayi teach the non-transitory machine-readable storage medium of claim 10. Koottayi further teaches comprising: obtain a plurality of web token payloads wherein each of the plurality of web token payloads includes a set of one or more fields and a data item for each of those fields for use to configure network access of the client (Koottayi: para. 0070 and fig. 6).

Referring to claim 18, This claim is similar in scope to claim 8, and is therefore rejected under similar rationale.

Referring to claim 19, This claim is similar in scope to claim 1, and is therefore rejected under similar rationale.

Referring to claim 20, This claim is similar in scope to claims 2 and 3, and is therefore rejected under similar rationale.

Conclusion
The prior art made of record and not relied upon is considered pertinent to applicant's disclosure. Please see the attached PTO-892.
Any inquiry concerning this communication or earlier communications from the examiner should be directed to YONAS A BAYOU whose telephone number is (571)272-7610. The examiner can normally be reached Monday-Friday 7AM-4PM.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Philip Chea can be reached on 571-272-3951. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. Visit https://www.uspto.gov/patents/apply/patent-center for more information about Patent Center and https://www.uspto.gov/patents/docx for information about filing in DOCX format. For additional questions, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.





/YONAS A BAYOU/Primary Examiner, Art Unit 2499                                                                                                                                                                                                        07/14/2022