Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .
DETAILED ACTION

This office action is in response to the application filed on or reply to the remarks of  6/28/2022. The instant application has claims 1-20 pending. The system, method and medium for providing an access token for resource server. There a total of 20 claims.

Election/Restrictions

Applicant’s election without traverse of Group I(Claims 1-4, 6-8, 14-17, 19-20) in the reply filed on 6/28/2022  is acknowledged.

Information Disclosure Statement
The information disclosure statement (IDS) submitted is in compliance with the provisions of 37 CFR 1.97.  Accordingly, the information disclosure statement is being considered by the examiner.

Drawings
The drawing filed on 6/30/2020 has been accepted and in compliance of 37 CFR 1.83 & 37 CFR 1.84.
Specification
The disclosure filed on 6/30/2020 is accepted.

Claim Rejections - 35 USC § 103
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.

The factual inquiries for establishing a background for determining obviousness under pre-AIA  35 U.S.C. 103(a) are summarized as follows:
1. Determining the scope and contents of the prior art.
2. Ascertaining the differences between the prior art and the claims at issue.
3. Resolving the level of ordinary skill in the pertinent art.
4. Considering objective evidence present in the application indicating obviousness or nonobviousness.

Claims 1-4, 6-8,14-17,19-20 is/are rejected under 35 U.S.C. 103 as being unpatentable over US Patent Pub 2011/0239283 to Chern  in view of A Dynamic Mobile Services Access and Payment Platform with Reusable Tickets for Mobile Communication Networks to Tsai.

Regarding claim 1, 14,  Chern discloses A device comprising: a processor; and a memory in communication with the processor, the memory storing executable instructions that, when executed by the processor, cause the device to perform functions of: generating a session key for a communication session between the device and a resource server (Fig. 7 item S706, the session key generate for each service provider); deriving a nonce from the session key; transmitting a request to an identity platform to authenticate the device for accessing the resource server, the request including the nonce(Fig. 7 item S706, the session key with salt); upon confirmation of authentication, receiving an access token from the identity platform, the access token including information that confirms authentication of the device(Fig. 6 item S602, S603 the access token being sent to client); and transmitting the access token to the resource server to enable access to the resource server, wherein the access token includes the nonce(Fig. 6 item S604, S607, the valid access token used to service).  

But Chern does not disclose the nonce calculated from session key.
In the same field of endeavor as the claimed invention, Tsai discloses the nonce calculated from session key(Page 2 Paragraph starting “The protocol starts…” & Paragraph starting  “Next, V choose a random nonce…”, the nonce generated from session key  and retrieved from ticket).

It would have been obvious to one of ordinary skill in the art before the effective filing date of claimed invention to modify  Chern  invention to incorporate nonce generated form session key for the advantage of  to be included in ticket as taught in Tsai see Page Paragraph starting “ Next, V chooses a random nonce…”

Regarding claim 2, 15, the combined method/system/medium of Chern  and Tsai, Chern discloses  The device of claim 1, wherein the resource server is a virtual private network (VPN)(Par. 0060, the service provider includes phot shop server, or other server access).  

Regarding claim  3, 16,  the combined method/system/medium of Chern  and Tsai, Chern discloses  The device of claim 1, wherein the access token includes information identifying the device(Par. 0035, the necessary credentials associated with client being inserted into access token).  

Regarding claim 4, 17,  the combined method/system/medium of Chern  and Tsai, Chern discloses  The device of claim 1, wherein the access token includes information confirming that the device is an authorized device(Par. 00356, the information about the client for access).  

Regarding claim 6, 19, the combined method/system/medium of Chern  and Tsai, Chern discloses  The device of claim 1, wherein the executable instructions when executed by the processor further cause the device to perform functions of: transmitting a first part of the session key to the resource server(Fig. 7 item S708the presalt); receiving a second part of the session key from the resource server(Fig. 7 item S708, the postsalt); generating the session key from the first part and the second part of the session key; and transmitting the nonce to the identity platform(Fig. 7 item S710, the blob having session key, presalt and postsalt & Par. 0008, Session Key = H(Salt1 + Salt2)).  

Regarding claim 7, 20,  the combined method/system/medium of Chern  and Tsai, Chern discloses  The device of claim 1, wherein the nonce is derived from the session key by generating a hash of the session key(Fig. 7 item  S705, the hash of the session key).  

Regarding claim  8, Chern discloses  A method for generating an access token for providing access to a resource server, the method comprising: receiving a request from a device to provide an access token to the device, the access token for use in accessing the resource server, for a communication session between the device and the resource server(Fig. 7 item S706, the session key generate for each service provider); determining if the device is authorized to access the resource server(Fig. 6 item S605, the token is valid); responsive to determining that the device is authorized to access the resource server, generating the access token(Fig. 6 item S602, S603, the token being generated for submission  to service provider); including the nonce in the access token; and transmitting the access token to the device(Fig. 7 item S712, the access token being provided to client).  

But Chern does not disclose the nonce calculated from session key.
In the same field of endeavor as the claimed invention, Tsai discloses the nonce calculated from session key(Page 2 Paragraph starting “The protocol starts…” & Paragraph starting  “Next, V choose a random nonce…”, the nonce generated from session key  and retrieved from ticket).

It would have been obvious to one of ordinary skill in the art before the effective filing date of claimed invention to modify  Chern  invention to incorporate nonce generated form session key for the advantage of  to be included in ticket as taught in Tsai see Page Paragraph starting “ Next, V chooses a random nonce…”
.

	Conclusion	

The prior art made of record and not relied upon is considered pertinent to applicant's disclosure.

US Patent Pub 2015/0215128 to Pal,. Which discloses the tickets being granted for resource access.

A token-based user authentication mechanism for  data exchange in RESTful API to Huan which discloses the token being used for RESTful API.

Portable Tunnel Establishment with A Strong Authentication Design for Secure Private Cloud to Lu which discloses the secured tunnels using session keys.

Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool, i.e. Microsoft Teams. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at https://www.uspto.gov/interviewpractice.

Any inquiry concerning this communication or earlier communications from the examiner should be directed to Venkat Perungavoor whose telephone number is (571)272-7213.  The examiner can normally be reached on Monday-Friday, 9:00 AM- 5:00 PM. If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Saleh Najjar can be reached on 571-272-4006.  The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300. 

Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system.  Status information for published applications may be obtained from either Private PAIR or Public PAIR.  Status information for unpublished applications is available through Private PAIR only.  For more information about the PAIR system, see http://pair-direct.uspto.gov. Should you have questions on access to the Private PAIR system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative or access to the automated information system, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.

/VENKAT PERUNGAVOOR/Primary Examiner, Art Unit 2492                                                                                                                                                                                                        Email: venkatanarayan.perungavoor@uspto.gov