Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .

DETAILED ACTION
Claims 1-20 are presented for examination.
This is a first action on the merits based on Applicant’s claims submitted 5/31/2021.      

Priority
Receipt is acknowledged of applicant's claim for foreign priority under 35 U.S.C. 119(a)-(d), which papers have been placed of record in the file.

Claim Objections
Claim 4, 12, 17 are objected to because of the following informalities:  Appropriate correction is required.
For claims 4 and 12, the limitation reading “wherein setting an endpoint at the ….” seems to be further limiting the claim limitation on the independent claim in which it depends (i.e. claim 1 and claim 9).  The Examiner suggests, for clarity purposes, the claim limitation to refer back to the positively recited limitation to avoid any ambiguity.  The limitation should be corrected as follows: “wherein setting the endpoint at the ….”.
For claim 17, the limitation reading “A system comprising: memory; and at least one processor…” seems to be alluding to the fact that the system comprises a memory and a processor.  It is known in the art that memory and processors are coupled together in order to perform functions.  The claim limitation however, does not couple them together.  For clarity purposes, Examiner suggests the following correction to convey clarity of the components comprising such system and how these interact with one another: “A system comprising: memorycoupled with at least one processor…”

Claim Rejections - 35 U.S.C. 112
The following is a quotation of 35 U.S.C. 112(b):
(b)  CONCLUSION.—The specification shall conclude with one or more claims particularly pointing out and distinctly claiming the subject matter which the inventor or a joint inventor regards as the invention.
The following is a quotation of 35 U.S.C. 112 (pre-AIA ), second paragraph:
The specification shall conclude with one or more claims particularly pointing out and distinctly claiming the subject matter which the applicant regards as his invention.

Claim 1, 9 rejected under 35 U.S.C. 112(b) or 35 U.S.C. 112 (pre-AIA ), second paragraph, as being indefinite for failing to particularly point out and distinctly claim the subject matter which the inventor or a joint inventor, or for pre-AIA  the applicant regards as the invention.
Claim 1, the limitation reading “from the first management entity to the second management entity using the second account” lacks proper antecedent basis.  The underlined term has not been positively recited previously, therefore it is not clear to what element or claim limitation this underlined term is referring to.  Examiner notes that the term “a corresponding second account” has been positively recited.  However, Examiner cannot determine if these are same terms.  Appropriate correction is required.
Claim 9, the claim limitation reciting “an authentication endpoint a the second management entity…” is unclear as to what the inventor regards as the invention.  The limitation is not clear as the limitation is incomplete in conveying what the authentication endpoint is or performs in relation to the second management entity.  Appropriate correction is required.

Allowable Subject Matter
Claims 17-20 are allowed:
Claims 1-16 would be allowable if rewritten to overcome the rejection(s) under 35 U.S.C. 112, 2nd paragraph, set forth in this Office action.
Prior art of record teaches the following:
Young et al. (WO 2014/143640 A1) teaches to make a trusted web service call, a client application sends a series of messages to obtain tokens that allow service requests to pass through a service relay. The user obtains a first security token by providing the user's credentials. A second token is obtained from a trust broker that validates the first token. Both tokens are then sent with a service request to a service relay. The service relay validates the second token and then passes the first token and the service request to a connector service. The connector service validates the first token and passes the service request to a target back end service. The connector service acts as the user when communicating with the back end service. Service responses are routed back to the user through the connector service and the service relay.

Gharout et al. (WO 2014/029939 A1) teaches a method for activating a second profile, a first active profile being stored in a security module (10), in which the first profile is associated with a first entity (11), said second profile being associated with a second entity (13), the security module comprising a first security domain (10-1) controlled by the first entity. The method comprises the following steps carried out by the security module: a step (E20, E107) in which a second security domain (10-2) receives an activation request for activation of the second profile, sent by a trusted entity (12), said request comprising an activation authorisation token received by the trusted entity from the first entity; a step (E22, E109) in which the token is verified by the first security domain; and, in the case of a positive verification, a step (E24, E111) in which the second profile is activated by the first security domain.

Karjala et al. (US 2009/0271847 A1) teaches an apparatus may include a processor configured to receive a request for an access token from a remote entity, wherein the request includes an indication of a requested service. The processor may be further configured to determine a request type, wherein the request type may be a user identification and password combination, a request token exchange, or an access token exchange. The processor may be additionally configured to extract one or more parameters included in the request based upon the determined request type and to perform one or more security checks based at least in part upon the one or more extracted parameters. The processor may be further configured to create an access token based at least in part upon the results of the one or more security checks and to provide the access token to the remote entity.

Chadwick et al. (NPL: Adding Federated Identity Management to OpenStack) teaches OpenStack is an open source cloud computing project that is enjoying wide popularity. While many cloud deployments may be stand-alone, it is clear that secure federated community clouds, i.e., inter-clouds, are needed. Hence, there must be methods for federated identity management (FIM) that enable authentication and authorisation to be flexibly enforced across federated environments. Since there are many different FIM protocols either in use or in development today, this paper addresses the goal of adding protocol independent federated identity management to the OpenStack services. After giving a motivating example for secure cloud federation, and describing the conceptual design for protocol independent federated access, a detailed federated identity protocol sequence is presented. The paper then describes the implementation of the protocol independent system components, along with the incorporation of two different FIM protocols, namely SAML and Keystone proprietary. Finally performance measurements of the protocol independent components, and the two different protocols dependent components are presented, before the paper concludes with the current limitations.

Solapurkar (NPL: Building Secure Healthcare Services Using OAuth 2.0 and JSON Web Token in IOT Cloud Scenario) teaches OAuth 2.0 is a delegated authorization framework enabling secure authorization for applications running on various kinds of platforms. In healthcare services, OAuth allows the patient (resource owner) seeking real time clinical care to authorize automatic monthly payments from his bank account (resource server) without the patient being required to supply his credentials to the clinic (client app). OAuth 2.0 achieves this with the help of tokens issued by an authorization server which enables validated access to a protected resource. To ensure security, access tokens have an expiry time and are short-lived. So the clinical app may use a refresh token to obtain a new access token to cash monthly payments for rendering real time health care services. Refresh tokens need secure storage to ensure they are not leaked, since any malicious party can use them to obtain new access and refresh tokens. Since OAuth 2.0 has dropped signatures and relies completely on SSL/TLS, it is vulnerable to phishing attack when accessing interoperable APIs. In this paper, we develop an approach that combines JSON web token (JWT) with OAuth 2.0 to request an OAuth access token from authorization server when a client wishes to utilize a previous authentication and authorization. Experimental evaluation confirms that the proposed scheme is practically efficient, removes secure storage overhead by removing the need to have or store refresh token, uses signature and prevents different security attacks which is highly desired in health care services using an IOT cloud platform.

	However, none of the prior art of record teach by themselves or in any combination nor would have anticipated nor render obvious by combination the claimed invention of the present invention at or before the time it was filed.  The prior art of record is silent on "setting an endpoint at a first management entity as an authentication endpoint for a second management entity, wherein the first management entity uses a first token-based authentication mechanism and the second management entity uses a second token-based authentication mechanism; 
creating a first account in the first management entity and a corresponding second account in the second management entity; 
acquiring a first security token at the first management entity using the first account to access the second management entity; 
acquiring a second security token from a token exchange service at the first management entity in exchange for the first security token; 
sending a request with the second security token from the first management entity to the second management entity using the second account; 
in response to the request, retrieving a public key from the first management entity by the second management entity using the authentication endpoint; 
validating the second security token using the public key at the second management entity; 
after validating the second security token, processing the request at the second management entity; and 
after processing the request, sending a response to the request back to the first management entity from the second management entity.", in combination with all other claim limitations, as it has been recited in independent claims 1, 9 and 17.  

Conclusion
The prior art made of record and not relied upon is considered pertinent to applicant's disclosure. See PTO-892 Notice of References Cited.

Any inquiry concerning this communication or earlier communications from the examiner should be directed to LIZBETH TORRES-DIAZ whose telephone number is (571)272-178772-1787.  The examiner can normally be reached on 9:00a-4:30p.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Farid Homayounmehr, can be reached on (571)272-3739.  The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system.  Status information for published applications may be obtained from either Private PAIR or Public PAIR.  Status information for unpublished applications is available through Private PAIR only.  For more information about the PAIR system, see http://pair-direct.uspto.gov. Should you have questions on access to the Private PAIR system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative or access to the automated information system, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.


/LIZBETH TORRES-DIAZ/Examiner, Art Unit 2495                                                                                                                                                                                                        
/October 7, 2022/
/ltd/