DETAILED ACTION
This Office Action is in response to the Amendment filed on March 30nd, 2022.
In the event the determination of the status of the application as subject to AIA  35 U.S.C. 102 and 103 (or as subject to pre-AIA  35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status.
In the instant Amendment, claims 1-2, 6-8, 10, 14 & 16-20 have been amended; and claims 1, 10 & 18 are independent. Claims 1-20 have been examined and are pending.

Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .

Continued Examination Under 37 CFR 1.114
A request for continued examination under 37 CFR 1.114, including the fee set forth in 37 CFR 1.17(e), was filed in this application after final rejection.  Since this application is eligible for continued examination under 37 CFR 1.114, and the fee set forth in 37 CFR 1.17(e) has been timely paid, the finality of the previous Office action has been withdrawn pursuant to 37 CFR 1.114.  Applicant’s submission filed on March 04th, 2022 has been entered.
 
Response to Arguments
Applicant’s arguments, see pages 8-10, filed 03/04/2022, with respect to the rejection(s) of claim(s) 1-20 under 35 U.S.C. 101 is withdrawn as claims have been amended.
Applicant’s arguments, see pages 11-12, filed 03/04/2022, with respect to the rejection(s) of claim(s) 1-20 under 35 U.S.C. 102(a)(1) has been fully considered and are persuasive.  Therefore, the rejection has been withdrawn. However, upon further consideration, a new ground(s) of rejection is made in view of Talur.

Claim Rejections - 35 USC § 103
The following is a quotation of 35 U.S.C. 103(a) which forms the basis for all obviousness rejections set forth in this Office action:
(a) A patent may not be obtained though the invention is not identically disclosed or described as set forth in section 102 of this title, if the differences between the subject matter sought to be patented and the prior art are such that the subject matter as a whole would have been obvious at the time the invention was made to a person having ordinary skill in the art to which said subject matter pertains.  Patentability shall not be negatived by the manner in which the invention was made.

Claims 1-5, 7, 9-13, 15, 17-18 and 20 are rejected under 35 U.S.C 103(a) as being unpatentable over Frei et al. (Frei), U.S. Pub. Number 2016/0142409, in view of Talur, U.S. Pub. Number 2019/0097987.
Regarding claim 1; Frei discloses a computer-implemented method, comprising:
receiving, by a first service operating within a computing system, a modified identity data object from a second service operating within the computing system (par. 0056; generates a converted version of user authentication token 136; the converted version of user authentication token 136 referred to as a proxy token 138, may be used to gain authorization for access to second device 122 by first service 118 on behalf of the user.), wherein the identity data object includes at least one identifier associated with a client of the computing system (par. 0058; authentication request 134 includes proxy token 138, and may additionally include information about the user (e.g., login credentials).);
comparing the identity data object to a previously-generated identity data object (par. 0078; fig. 6; compare the calculated hash to the hash receiving in digital signature of the authentication token 136.);
determining whether the second service is authorized to perform the first action (pars. 0082-0083; determines that the second service is to be accessed for the user for further services not available at first service.);
validating the modified identity data object when the second service is authorized to perform the first action (par. 0058; server 106 may authenticate the user based on the received proxy token 138.); or
invalidating the modified identity data object when the second service is not authorized to perform the first action (par. 0078; if the separately calculated hash does not match the hash in digital signature, the user may be considered to not be authenticated/invalidated and may not access first service 118.).
Frei fails to explicitly disclose upon determining that the identity data object is a modified identity data object, identifying, by the first service, a first action that the second service performed on the previously-generated identity data object to generate the modified identity data object.
However, in the same field on endeavor, Talur discloses two-factor authentication for a file system comprising upon determining that the identity data object is a modified identity data object (Talur: pars. 0054-0055; determines whether the operation modifies the data object of the file system; in response to determining that the operation that modifies the data object.), identifying, by the first service, a first action that the second service performed on the previously-generated identity data object to generate the modified identity data object (Talur: par. 0093; identify an operation/action requested by the client system to be performed on a data object of a file system.).
Therefore, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to combine the teaching of Talur into the method, systems, apparatuses, and computer program products of Frei comprising upon determining that the identity data object is a modified identity data object, identifying, by the first service, a first action that the second service performed on the previously-generated identity data object to generate the modified identity data object to prevent unauthorized actor acquiring the authentication factors (Talur: par. 0002).
Regarding claim 2; Frei and Talur disclose the computer-implemented method of claim 1, Frei further discloses comprising: generating, by the first service, the previously-generated identity data object that includes the at least one identifier, wherein the second service performs the first action to modify the at least one identifier in order to generate the modified identity data object (Frei: par. 0108; generate proxy token from the user authentication token for second service 122 in a modified fashion where the second and third nonces are included).
Regarding claim 3; Frei and Talur disclose the computer-implemented method of claim 2, Frei further discloses comprising: receiving, by the first service from a client device associated with the client, a first authentication token (); and extracting, by the first service, a first identifier from the first authentication token, wherein the at least one identifier includes the first identifier (Frei: par. 00732; client device 102 may forward user authentication token 136 (extracted from authentication token response 130) through network 110 in authentication request 132 to server 104.).
Regarding claim 4; Frei and Talur disclose the computer-implemented method of claim 3, Frei further discloses comprising modifying, based on the modified identity data object, the first authentication token to generate a second authentication token (Frei: par. 0108; generate proxy token from the user authentication token for second service 122 in a modified fashion where the second and third nonces are included.).
Regarding claim 5; Frei and Talur disclose the computer-implemented method of claim 1, wherein Frei further discloses the modified identity data object includes: a first set of identifiers associated with the client; and a second set of identifiers associated with a client device, wherein the at least one identifier is included in the first set of identifiers, or the second set of identifiers (Frei: par. 0117; identifiers can be transmitted to a network service to identify users and equipment.).
Regarding claim 7; Frei and Talur disclose the computer-implemented method of claim 1, Frei further discloses comprising determining, by the first service, that the second service is included in a first list of authorized services, wherein the second service is authorized to perform the first action only when the second service is included in the first list of authorized services (Frei: par. 0059; fewer communications are made to enable the service-to-service authorization relative to delegation token and token exchange techniques.).
Regarding claim 9; Frei and Talur disclose the computer-implemented method of claim 1, Frei further discloses comprising: identifying a first key used by the second service to perform the first action; and determining that the second service is authorized to use the first key to perform the first action (Frei: par. 0063; authentication token request may include information such as an identifier for the user (e.g., user name or login name), a password or other credentials corresponding to the user identifier, an identifier for the service desired to be accessed, and identifier for the client device, and/or other information.).
Regarding claims 10-13, 15 & 17; Claims 10-13, 15 & 17 are directed to computing system which have similar scope as claims 1-5, 7 & 9. Therefore, claims 10-13, 15 & 17 remain un-patentable for the same reasons.
Regarding claims 18 & 20; Claims 18 & 20 are directed to one or more non-transitory computer-readable media which have similar scope as claims 1-5, 7 & 9. Therefore, claims 18 & 20 remain un-patentable for the same reasons.

Allowable Subject Matter
Claim 6, 8, 14, 16 or 19 is objected to as being dependent upon a rejected base claim, but would be allowable if rewritten in independent form including all of the limitations of the base claim and any intervening claims.

Conclusion
Any inquiry concerning this communication or earlier communications from the examiner should be directed to KHOI V LE whose telephone number is (571)270-5087. The examiner can normally be reached 9:00 AM - 5:00 PM EST.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Shewaye Gelagay can be reached on 571-272-4219. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. Visit https://www.uspto.gov/patents/apply/patent-center for more information about Patent Center and https://www.uspto.gov/patents/docx for information about filing in DOCX format. For additional questions, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.


/KHOI V LE/
Primary Examiner, Art Unit 2436