DETAILED ACTION
This Office Action is in response to the application 17/081,666 filed on October 27th, 2020.
In the event the determination of the status of the application as subject to AIA  35 U.S.C. 102 and 103 (or as subject to pre-AIA  35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status.
Claims 1-20 are pending and herein considered.

Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .

Information Disclosure Statement
The information disclosure statement (IDS), submitted on 10/27/2020, is in compliance with the provisions of 37 CRR 1.97. Accordingly, the information disclosure statement is being considered by the examiner.

Claim Rejections - 35 USC § 103
The following is a quotation of 35 U.S.C. 103(a) which forms the basis for all obviousness rejections set forth in this Office action:
(a) A patent may not be obtained though the invention is not identically disclosed or described as set forth in section 102 of this title, if the differences between the subject matter sought to be patented and the prior art are such that the subject matter as a whole would have been obvious at the time the invention was made to a person having ordinary skill in the art to which said subject matter pertains.  Patentability shall not be negatived by the manner in which the invention was made.

Claim 1-20 are rejected under 35 U.S.C 103(a) as being unpatentable over Unnikrishnan et al. (Unnikrishnan), U.S. Pub. Number 2016/0094531, in view of Kroehling, U. S. Patent Number 11,102,188.
Regarding claim 1; Unnikrishnan discloses a system (pars. 0003 & 0016; fig. 1; a system 100.) comprising:
one or more hardware processors (pars. 0003 & 0017; a processor; processing device such as a processor or micro-processor.); and
a memory (pars. 0003 & 0017; a memory.), accessible by the one or more hardware processors, storing computer readable code that, when executed by the one or more hardware processors, causes the one or more hardware processors to perform actions comprising:
receiving, from a computational instance, a provision to access an application (par. 0020; a client 102 of the system 100 seeks access to a network resource, an access request is sent to the authentication component 104 to authenticate the client 102 to access the network resource.), wherein the provision comprises one or more parameters of an authentication record stored on the computational instance (pars. 0020 & 0031; generating a challenge to send back to the client 102 usable to authenticate the client 102; the challenge may be a challenge to authenticate a client device; the challenge may be used to authenticate any aspect of the client 102 component as the authentication protocol may flexibly apply different challenge criteria to a challenge issued to the client 102; parameters of the authentication challenge may vary depending on the application that the client 102 is running or the type of authentication the authentication protocol is determining; the challenge contains information about the requested enforcement criteria to aid the client 102 in determining an authentication credential being requested by the authentication component 104; the challenge includes information that would allow the client 102 to easily locate the authentication credential required to authenticate the client 102 such as data related to an issuer of an authentication credential.);
extracting the one or more parameters of the authentication record from the received provision (par. 0052; the authentication component 104 extracts the authentication credential from the response; extraction of authentication credential includes extracting an object of the authentication credential (i.e., certificate or device thumbprint) and key data associated with the authentication credential.);
transmitting, to the computational instance, a representational state transfer (REST) message comprising the one or more parameters of the authentication record (para. 0020 & 0058; the authentication component 104 transmits the validation result to the client 102.);
receiving, from the computational instance, a response to the REST message indicating that the system is authorized to access the application (pars. 0020 & 0058; upon receiving the response, the authentication component 104 evaluates and processes the response; if the client 102 is authenticated, the authentication component 104 may issue a security authorization to the client 102 to allow access to a secured network resource such as network resource 112; the client 102 may present the security authorization to a network resource to be granted access to the network resource.); and
accessing the application (pars. 0020 & 0058; the client 102 may present the security authorization to a network resource to be granted access to the network resource.).
Unnikrishnan fails to explicitly disclose a representational state transfer (REST) message.
However, in the same field of endeavor, Kroehling discloses multi-tenant enterprise application management comprising a representational state transfer (REST) message (col. 4, line 65 – col. 5, line 7; the service component 116 ensures that the operations being requested are allowed based on the data provided by the authentication component 108; the service component 116 may include a Representational State Transfer (REST) server.).
Therefore, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to combine the teaching of Kroehling into the systems and methods of Unnikrishnan comprising a representational state transfer (REST) message to manage such multi-tenant enterprise applications to avoid such errors (col. 1, lines 40-41).
Regarding claim 2; Unnikrishnan and Kroehling disclose the system of claim 1, wherein Unnikrishnan further discloses the provision comprises a Uniform Resource Locator (URL) (Unnikrishnan: par. 0040; the client 102 may sign the challenge response in accordance with signing specifications of the authentication protocol; for instance, the client 102 may construct a URL-safe means of representing claims to be transferred between multiple parties.).
Regarding claim 3; Unnikrishnan and Kroehling disclose the system of claim 1, wherein Kroehling further discloses the REST message comprises user identification information (Kroehling: col. 5, lines 19-22; the service API 114 may provide the framework for the service component 116 to obtain additional information such as the user identifier.).
Regarding claim 4; Unnikrishnan and Kroehling disclose the system of claim 1, wherein Unnikrishnan further discloses the REST message comprises a nonce value comprising expiration information associated with the authentication record (Unnikrishnan: par. 0056; validate the “nonce” field in the authentication response against a nonce value persisted in context parameter maintained by the authentication component 104.).
Regarding claim 5; Unnikrishnan and Kroehling disclose the system of claim 1, wherein Unnikrishnan further discloses the provision is generated by the computational instance based on user identification information or a nonce value, or both (Unnikrishnan: par. 0067; challenge required data may include a nonce value for validating the client; the client includes the authentication credential, the challenge required data, and signs the response.).
Regarding claim 6; Unnikrishnan and Kroehling disclose the system of claim 1, wherein Unnikrishnan further discloses the authentication record is stored in an authentication table within the computational instance (Unnikrishnan: par. 0031; the parameters that may be included in authentication challenge are highlighted in Table 1.1.).
Regarding claim 7; Unnikrishnan and Kroehling disclose the system of claim 6, wherein Unnikrishnan further discloses the authentication record stored in the authentication table within the computational instance is updated by the computational instance based on the received REST message (Unnikrishnan: par. 0058; the authentication component 104 updates the opaque data/authentication session cookie and may transmit the updated opaque data/authentication session cookie to the client 102 as authentication artifact identifying that the authentication component 104 has provided a level of authentication for the client device 102.).
Regarding claims 8-13; Claims 8-13 are directed to method which have similar scope as claims 1-7. Therefore, claims 8-13 remain un-patentable for the same reasons.
Regarding claims 14-20; Claims 14-20 are directed to non-transitory computer readable medium which have similar scope as claims 1-7. Therefore, claims 14-20 remain un-patentable for the same reasons.

Conclusion
Any inquiry concerning this communication or earlier communications from the examiner should be directed to KHOI V LE whose telephone number is (571)270-5087. The examiner can normally be reached 9:00 AM - 5:00 PM EST.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Shewaye Gelagay can be reached on 571-272-4219. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. Visit https://www.uspto.gov/patents/apply/patent-center for more information about Patent Center and https://www.uspto.gov/patents/docx for information about filing in DOCX format. For additional questions, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.


/KHOI V LE/Primary Examiner, Art Unit 2436