DETAILED ACTION
Information Disclosure Statement
The IDS filed 9/15/2020 has been considered and entered.

Drawings
The drawings filed 5/15/2020 are accepted.
Specification
The specification filed 5/15/2020 is accepted.

Claim Rejections - 35 USC § 112
The following is a quotation of 35 U.S.C. 112(b):
(b)  CONCLUSION.—The specification shall conclude with one or more claims particularly pointing out and distinctly claiming the subject matter which the inventor or a joint inventor regards as the invention.


The following is a quotation of 35 U.S.C. 112 (pre-AIA ), second paragraph:
The specification shall conclude with one or more claims particularly pointing out and distinctly claiming the subject matter which the applicant regards as his invention.


Claims 1-13 and 20-25  rejected under 35 U.S.C. 112(b) or 35 U.S.C. 112 (pre-AIA ), second paragraph, as being indefinite for failing to particularly point out and distinctly claim the subject matter which the inventor or a joint inventor (or for applications subject to pre-AIA  35 U.S.C. 112, the applicant), regards as the invention.
For example:
In claim 1:
a client token is introduced more than once
it is unclear is one or more client tokens includes the client token
it is unclear is the 'one for each one or more client applications' includes the client application
it is unclear if the client tokens includes the client token or is pare of the one or more client tokens
it is unclear if the client applications includes the client applications or the one or more client applications


In claim 9:
it is unclear what is meant by receiving an authentication response with a redirect response.  Are these two messages or one message with two components?

In claim 12:
a task is introduced for a second time

Claims 2-13 are rejected because they depend from a rejected claim.
Claims 20-25 are rejected for similar reasons. 

Claim Rejections - 35 USC § 103
In the event the determination of the status of the application as subject to AIA  35 U.S.C. 102 and 103 (or as subject to pre-AIA  35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status.  
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.

The factual inquiries for establishing a background for determining obviousness under 35 U.S.C. 103 are summarized as follows:

1. Determining the scope and contents of the prior art.
2. Ascertaining the differences between the prior art and the claims at issue.
3. Resolving the level of ordinary skill in the pertinent art.
4. Considering objective evidence present in the application indicating obviousness or nonobviousness.

This application currently names joint inventors. In considering patentability of the claims the examiner presumes that the subject matter of the various claims was commonly owned as of the effective filing date of the claimed invention(s) absent any evidence to the contrary.  Applicant is advised of the obligation under 37 CFR 1.56 to point out the inventor and effective filing dates of each claim that was not commonly owned as of the effective filing date of the later invention in order for the examiner to consider the applicability of 35 U.S.C. 102(b)(2)(C) for any potential 35 U.S.C. 102(a)(2) prior art against the later invention.


Claims  1-13 and 20-25 are rejected under pre-AIA  35 U.S.C. 103 as being unpatentable over Leicher et al (US 2013/0191884 hereinafter Leicher)
  .







As to claim 1,   
Leicher discloses a method of distributed authorization of one or more client applications to one or more 
                                       connected devices, comprising:

			receiving  
[0085] The local Op may redirect the user agent with the token to 
 	the client endpoint.
see also Fig  6 608 in view of  [0071] an authorization request

at a connected device,  Fig 1 UE 100 / Fig 6 600  in view of [0071] a user / UE 600
from a browser Fig 1 106  / Fig 10 1004 BA
executing a client application, Fig 1 104 Local Op
a client token    [0085] access token
and an access request,   Fig  6 608 in view of  [0071] an authorization request

wherein the client token has been provided to the client application by a process comprising: 
generating one or more client tokens, one for each of one or more client applications, 
[0085] the local OP may create an access token

wherein a client token [0085] access token
defines permissions 
[0086] the service provider may use the access token to retrieve user 
information …..the service provider may verify token validity
for a client application 
and a domain hosting the client application, 
	[0053] contents of the example token, iss, user_id, etc.
	in view of  [0090] the local Op may in enrolled in the domain of the 
OPSF
signing the client tokens with a private key of a client token issuer, 
	[0085] The local OP may create an ID token and may sign the token
and distributing the client tokens to the client applications; 
	[0120] client 1006 may request user data using the requested token 
see Fig 10 1034

verifying a signature of the client token using a public key of the client token issuer; 
	[0085] the service provider may want to verify the token signature

determining whether the client token grants the client application permission for the access request 
	[0087] the user info endpoint may verify that the token was issued by a valid 
and authorized local OP

and, if permission is granted: 
[0087] upon verification, the user info endpoint may return the requested 
attributers to the service provider

replying to the browser Fig 10 1004 BA
with a redirect response Fig 10 1022 re-direct
including 
an access token Fig 10 1022 re-direct including Token
[[granting permission ]]    
 [0120] client 1006 may request user data using token 1034
for the client application Fig 1 104 Local Op
to access [0120] 1036 residing on 1002 may return the request user data to the connected device 
Fig 1 UE 100 / Fig 6 600  in view of [0071] a user / UE 600

and identification of the domain hosting the client application from the client token; 
[0053] contents of the example token, iss, user_id, etc.
in view of  [0090] the local Op may in enrolled in the domain 
of the OPSF

and executing the redirect response with the browser Fig 10 1022 re-direct
to make the access token available Fig 10 1022 re-direct including Token
to the client application for use by the client application 
[0120] client 1006 may request user data using token 1034
when requesting the connected device to perform a task.
		Fig 10 1034 Request User data


Before the effective filing date, it would have been obvious to a person having ordinary skill in the art that
 Leicher teaches/suggests
replying to the browser with a redirect response including an access token granting permission     
for the client application to access  

because  in [0120] Leicher states client 1006 may request user data using token 1034  and further in [0120] 
Leicher states 1036 residing on 1002 may return the request user data.   Therefore because the request for data using the token that results in the return of the requested data, it would be obvious that the token includes the information for granting permission.  Especially in view of [0085] wherein token signature is verified, and [0120] 'validate token request message'.
 




As to claim 2,   
Leicher discloses wherein executing the redirect response comprises 
fetching receiving and responding to message shown Fig 10 1034 
a further response Fig 10 1034 and 1038
from the domain hosting the client application defined in the client token.
[0053] contents of the example token, iss, user_id, etc.
in view of  [0090] the local Op may in enrolled in the domain of the OPSF






As to claim 3,   
Leicher discloses   executing the further response to:
 pass a message Fig 10 1034
comprising the access token Fig 10 1034 request user data using Access Token
to the client application
Fig 1 104 Local Op
in view of [0120] 1036 residing on 1002 (i.e. part of UE 1000 corresponding to Fig 1 100)
		
		
As to claim 4,   
Leicher discloses  w herein executing the redirect response comprises 
fetching receiving and responding to message shown Fig 10 1034
a further response Fig 10 1034 and 1038
from a redirect URL [0119] a location (e.g., URL)

and passing the access token Fig 10 1034 request user data using Access Token
to the domain hosting the client application 
[0053] contents of the example token, iss, user_id, etc.
in view of  [0090] the local Op may in enrolled in the domain of the OPSF
defined in the client token 
[0119] a location (e.g., URL) that corresponds to the location of the user info endpoint 
that is associated with the access token
in view of  [0120] an access token may carry information about the location of the user 
info endpoint 1036, such as the location of trusted module 1002 that hosts the user info endpoint 1036


Claim 5 is rejected on the basis in art provided in the rejection of claim 4 above.  In other words, the URL of [0119] – [0121 ]is used to access user endpoint data within user info endpoint 1036 which is contained by the connected device as fully explained in  [0119] – [0121]


As to claim 6,   
Leicher discloses  
wherein the redirect response [0119] a location (e.g., URL)
includes a fragment  [0072] the response body includes the token
comprising the access token Fig 10 1034 request user data using Access Token 

As to claim 7,   
Leicher discloses  
wherein the connected device does not communicate with the client token issuer 
to perform 
	[0087] validity may be completed by verifying the JWS signature on the token

the determining of whether the client token grants the client application permission for the requested access
[0087] the user info endpoint may verify that the token was issued by a valid 
and authorized local OP


As to claim 8,   
Leicher discloses  
determining whether a user is locally present at the connected device to determine whether permission for the access request is granted.
	Fig 2 212 local operation e.g. user authentication
	in view of  [0034] at 212 the user of the UE may be authenticated with the UE
	in view of  [0037]  user supplied identifier
	see also [0071], [0084] user may enter an email address


As to claim 9,   
Leicher discloses  
replying to the browser Fig 10 1004 BA
with an additional redirect response  Fig 10 1012
 to redirect the browser Fig 10 1014
to a authentication service; Fig 10 1002 Trusted module (authentication software therein)

receiving
 an authentication response Fig 10 1022 including Token
from the authentication service 
Fig 10 1002 Trusted module (authentication software therein)

with a redirect response Fig 10 1022 Re-direct to service
to redirect Fig 10 1024 – 1034 inclusive of all messages
the browser Fig 10 1004 BA
to the connected device; Fig 10 1000 UE

and validating the authentication response  Fig 10 1016, 1018, and 1020
prior to messages 1016, 1018, and 1020 occur before 1022
replying to Fig 10 1022
the browser Fig 10 1004 BA
with the redirect response Fig 10 1022 Re-direct to service
 including the access token. Fig 10 1022 including Token

As to claim 10,   
Leicher discloses  
determining Fig 10 1016, 1018
using the authentication service
Fig 10 1002 Trusted module (authentication software therein)
whether a user is locally present at the connected device
Fig 2 212 local operation e.g. user authentication
	in view of  [0034] at 212 the user of the UE may be authenticated with the UE
	in view of  [0037]  user supplied identifier
	see also [0071], [0084] user may enter an email address

As to claim 11,   
Leicher discloses  
signing the access token Fig 10 1020
by the connected device  
	Fig 10 1000
in view of Fig 1 UE 100 / Fig 6 600  in view of [0071] a user / UE 600

As to claim 12,   
Leicher discloses  
sending  Fig 10 1034
the access token Fig 10 1034 Access Token
to the connected device 
Fig 10 1000 UE
in view of Fig 1 UE 100 / Fig 6 600  in view of [0071] a user / UE 600

with a request to perform a task, Fig 10 1034 Request User data
and verifying the access token Fig 10 1030
prior to performing the task. Fig 10 1038  



As to claim 13,   
Leicher discloses  
the connected device 
Fig 10 1000
in view of Fig 1 UE 100 / Fig 6 600  in view of [0071] a user / UE 600
see also [0128] WTRU 1402 may include a UE

comprises a whiteboard image capture device [0145] 1428 touchpad / [0148] 1438 camera


and wherein the access request 
Fig  6 608 in view of  [0071] an authorization request
comprises a request to access an image [0110] user info: claims {text fields, picture}
captured by the whiteboard image capture device [0145] 1428 touchpad / [0148] 1438 camera

and/or wherein the task Fig 10 1034 - 1038  
comprises sending an image [0110] user info: claims {text fields, picture}
from the whiteboard image capture device [0145] 1428 touchpad / [0148] 1438 camera
to the client application. Fig 1 104 Local Op


Claim 20 is rejected on the basis previously presented in the rejection of claim 1.
Claim 21 is rejected on the basis previously presented in the rejection of claim 9.
Claim 22 is rejected on the basis previously presented in the rejection of claim 1.
Claim 23 is rejected on the basis previously presented in the rejection of claim 9.
Claim 24 is rejected on the basis previously presented in the rejection of claim 10.
Claim 25 is rejected on the basis previously presented in the rejection of claim 2.







Conclusion

	
Any inquiry concerning this communication or earlier communications from the examiner should be directed to RICHARD A MCCOY whose telephone number is (313)446-6520.  The examiner can normally be reached on M - F 10 - 6.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Lynn Feild can be reached on 571 272 2092.  The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system.  Status information for published applications may be obtained from either Private PAIR or Public PAIR.  Status information for unpublished applications is available through Private PAIR only.  For more information about the PAIR system, see http://pair-direct.uspto.gov. Should you have questions on access to the Private PAIR system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative or access to the automated information system, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.





/RICHARD A MCCOY/Examiner, Art Unit 2431