DETAILED ACTION
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .
This office action is in response to communication filed on 09/08/2021.
Status of claims in the instant application:
Claims 1-20 are pending.
Election/Restrictions
No claim restrictions warranted at the applicant’s initial time of filing for patent.
Priority
This application is a CON of 16/177,233 filed on 10/31/2018 now PAT 11140169.
Information Disclosure Statement
Information Disclosure Statements (IDS) filed on 09/08/2021 have been considered, and a signed copies of the IDS forms have been attached to this office action.
Drawings
Drawings filed on 09/08/2021 have been inspected, and it’s in compliance with MPEP 608.02.
Specification
Specification filed on 09/08/2021 has been inspected and it’s in compliance with MPEP 608.01.
Claim Objections
No claim objection warranted at the applicant’s initial time of filing for patent.
Claim Interpretation
It is in the Examiner’s opinion that no claim interpretation is warranted under 35 U.S.C. 112(f).
	Examiner further notes that, although the claims recite limitations like “an interface configured to …”, “a processor configured to …”, but terms “interface and processor” are known in the art, and therefore do not invoke interpretation of claims under 35 USC 112f.
Claim Rejections - 35 USC § 112
No claim rejection is warranted at the applicant’s initial time of filing for patent.
Claim Rejections - 35 USC § 101
35 U.S.C. 101 reads as follows:
Whoever invents or discovers any new and useful process, machine, manufacture, or composition of matter, or any new and useful improvement thereof, may obtain a patent therefor, subject to the conditions and requirements of this title.

Claims 1-18 are rejected under 35 U.S.C. 101 because the claimed invention is directed to non-statutory subject matter. The claims do not fall within at least one of the four categories of patent eligible subject matter because the claims are directed to a “software per se”
 	Applicant claims a system in each of the claims 1-18. But the claims do not positively recite any hardware element[s]. Although Applicant claims “an interface” and “a processor”, but the terms “interface” and “processor” are generally understood to include software. Therefore claims 1-18 are directed to software which is not a patent eligible subject matter, and hence rejected as “software per se”.
	Appropriate correction required.
	**** Note: Applicant can recite a “hardware processor”, if supported by the specification or other hardware element to overcome the above rejections.
	**** Examiner further notes that the claims do not recite any abstract ideas.
Double Patenting
The nonstatutory double patenting rejection is based on a judicially created doctrine grounded in public policy (a policy reflected in the statute) so as to prevent the unjustified or improper timewise extension of the “right to exclude” granted by a patent and to prevent possible harassment by multiple assignees. A nonstatutory double patenting rejection is appropriate where the conflicting claims are not identical, but at least one examined application claim is not patentably distinct from the reference claim(s) because the examined application claim is either anticipated by, or would have been obvious over, the reference claim(s). See, e.g., In re Berg, 140 F.3d 1428, 46 USPQ2d 1226 (Fed. Cir. 1998); In re Goodman, 11 F.3d 1046, 29 USPQ2d 2010 (Fed. Cir. 1993); In re Longi, 759 F.2d 887, 225 USPQ 645 (Fed. Cir. 1985); In re Van Ornum, 686 F.2d 937, 214 USPQ 761 (CCPA 1982); In re Vogel, 422 F.2d 438, 164 USPQ 619 (CCPA 1970); In re Thorington, 418 F.2d 528, 163 USPQ 644 (CCPA 1969).
A timely filed terminal disclaimer in compliance with 37 CFR 1.321(c) or 1.321(d) may be used to overcome an actual or provisional rejection based on nonstatutory double patenting provided the reference application or patent either is shown to be commonly owned with the examined application, or claims an invention made as a result of activities undertaken within the scope of a joint research agreement. See MPEP § 717.02 for applications subject to examination under the first inventor to file provisions of the AIA  as explained in MPEP § 2159. See MPEP § 2146 et seq. for applications not subject to examination under the first inventor to file provisions of the AIA . A terminal disclaimer must be signed in compliance with 37 CFR 1.321(b). 
The USPTO Internet website contains terminal disclaimer forms which may be used. Please visit www.uspto.gov/patent/patents-forms. The filing date of the application in which the form is filed determines what form (e.g., PTO/SB/25, PTO/SB/26, PTO/AIA /25, or PTO/AIA /26) should be used. A web-based eTerminal Disclaimer may be filled out completely online using web-screens. An eTerminal Disclaimer that meets all requirements is auto-processed and approved immediately upon submission. For more information about eTerminal Disclaimers, refer to www.uspto.gov/patents/process/file/efs/guidance/eTD-info-I.jsp.
Claims 1-20 are rejected  on the ground of nonstatutory double patenting as being unpatentable over claims 1-21 of Patent US 11140169 B1. Although the claims at issue are not identical, they are not patentably distinct from each other because the claims of the instant application are just broader version of claims of the issued patent US 11140169 B1 that make the claims of the instant application obvious.
Instant Application
Reference Patent (11140169)
1. A system for gaining secure access, comprising: an interface configured to receive, at an application routing platform, an API call for an application platform comprising a signed tenant token; a processor configured to: determine that the signed tenant token is valid; determine an application platform token for the application platform; associate a root certificate with the application platform token; determine routing information to the application platform based at least in part on the API call; and provide the application platform the API call and the application platform token using the routing information to enable access to the application platform, wherein the application platform determines whether the application platform token is valid using the root certificate and executes the API call in response to a determination that the application platform token is valid.
12. The system of claim 1, wherein the root certificate is received by the application platform from the application routing platform associated with the application platform token.
16. The system of claim 1, wherein the signed tenant token is determined based at least in part on a tenant token and a key.
17. The system of claim 16, wherein the tenant token is received from a tenant process.
1. A system for gaining secure access, comprising: an interface configured to receive a request for access, wherein the request for access is received from a user; a tenant authentication hardware processor configured to: provide a tenant token request to a tenant process associated with the request; receive a tenant token from the tenant process; determine a signed tenant token based at least in part on the tenant token and a key; and provide the signed tenant token for access to an application routing platform; and an application routing processor of the application routing platform configured to: receive an API call comprising the signed tenant token; determine that the signed tenant token is valid; determine an application platform token; associate a root certificate with the application platform token; determine routing information to an application platform based at least in part on the API call; and provide the application platform the API call and the application platform token using the routing information to gain access to the application platform, wherein the application platform determines whether the application platform token is valid using the root certificate, and executes the API call in response to a determination that the application platform token is valid.
4. The system of claim 1, wherein a tenant authentication processor is configured to determine a tenant authentication server associated with the request and the signed tenant token.
2. The system of claim 1, wherein the tenant authentication processor is additionally configured to determine a tenant authentication server associated with the request.
5. The system of claim 4, wherein the tenant authentication server is determined based at least in part on user login information, a user email address, or a user domain.
3. The system of claim 2, wherein the tenant authentication server is determined based at least in part on user login information, a user email address, or a user domain.
6. The system of claim 5, wherein the tenant authentication server comprises a virtual tenant authentication server.
16. The system of claim 4, wherein the tenant authentication system comprises a virtual tenant authentication system.
7. The system of claim 1, wherein a tenant process determines a tenant token, wherein determining the tenant token comprises authenticating a user and generating the tenant token.
6. The system of claim 1, wherein the tenant process determines the tenant token, wherein determining the tenant token comprises authenticating the user and generating the tenant token.
8. The system of claim 7, wherein authenticating the user comprises authenticating the user using a username and password authentication or a security assertion markup language authentication.
7. The system of claim 6, wherein authenticating the user comprises authenticating the user using a username and password authentication or a security assertion markup language authentication.
9. The system of claim 1, wherein the application routing platform is part of an application routing system.
9. The system of claim 1, wherein the application routing processor is part of an application routing system.
10. The system of claim 9, wherein the application routing system comprises a virtual application routing system.
18. The system of claim 9, wherein the application routing system comprises a virtual application routing system.
11. The system of claim 1, wherein the application platform determines whether the platform token is valid without authenticating the user.
15. The system of claim 1, wherein the application platform determines whether the platform token is valid without authenticating the user.
13. The system of claim 1, wherein the application routing platform receives the root certificate from a certificate provision server.
12. The system of claim 1, wherein the application routing platform receives the root certificate from a certificate provision server.
14. The system of claim 1, wherein the application platform provides API call results via the application routing processor.
13. The system of claim 1, wherein the application platform provides API call results to the user via the application routing processor.
15. The system of claim 1, wherein the application platform comprises a virtual application system.
19. The system of claim 14, wherein the application system comprises a virtual application system.
18. The system of claim 16, wherein the key comprises a daily key.
8. The system of claim 1, wherein the key comprises a daily key.
19. A method for gaining secure access, comprising: receiving, at an application routing platform, an API call for an application platform comprising a signed tenant token; determining, using a processor, that the signed tenant token is valid; determining an application platform token for the application platform; associating a root certificate with the application platform token; determining routing information to the application platform based at least in part on the API call; and providing the application platform the API call and the application platform token using the routing information to enable access to the application platform, wherein the application platform determines whether the application platform token is valid using the root certificate and executes the API call in response to a determination that the application platform token is valid.
20. A method for gaining secure access, comprising: receiving a request for access, wherein the request for access is received from a user; providing, using a hardware processor, a tenant token request to a tenant process associated with the request; receiving a tenant token from the tenant process; determining a signed tenant token based at least in part on the tenant token and a key; providing the signed tenant token for access to an application routing platform; receiving an API call comprising the signed tenant token; determining that the signed tenant token is valid; determining an application platform token; associating a root certificate with the application platform token; determining routing information to an application platform based at least in part on the API call; and providing the application platform the API call and the application platform token using the routing information to gain access to the application platform, wherein the application platform determines whether the application platform token is valid using the root certificate, and executes the API call in response to a determination that the application platform token is valid.
20. A computer program product for gaining secure access, the computer program product being embodied in a non-transitory computer readable storage medium and comprising computer instructions for: receiving, at an application routing platform, an API call for an application platform comprising a signed tenant token; determining, using a processor, that the signed tenant token is valid; determining an application platform token for the application platform; associating a root certificate with the application platform token; determining routing information to the application platform based at least in part on the API call; and providing the application platform the API call and the application platform token using the routing information to enable access to the application platform, wherein the application platform determines whether the application platform token is valid using the root certificate and executes the API call in response to a determination that the application platform token is valid.
21. A computer program product for gaining secure access, the computer program product being embodied in a tangible non-transitory computer readable storage medium and comprising computer instructions for: receiving a request for access, wherein the request for access is received from a user; providing a tenant token request to a tenant process associated with the request; receiving a tenant token from the tenant process; determining a signed tenant token based at least in part on the tenant token and a key; providing the signed tenant token for access to an application routing platform; receiving an API call comprising the signed tenant token; determining that the signed tenant token is valid; determining an application platform token; associating a root certificate with the application platform token; determining routing information to an application platform based at least in part on the API call; and providing the application platform the API call and the application platform token using the routing information to gain access to the application platform, wherein the application platform determines whether the application platform token is valid using the root certificate, and executes the API call in response to a determination that the application platform token is valid.


Claim Rejections - 35 USC § 102
No claim rejection is warranted at the applicant’s initial time of filing for patent.
Claim Rejections - 35 USC § 103
No claim rejection is warranted at the applicant’s initial time of filing for patent.
Allowable Subject Matter
Claims 1-20 allowed over prior arts based on prior art search for the instant application and also the parent application that the instant application is claiming priority to.
Claims 1-20 would be allowed provided Applicant files appropriate Terminal Disclaimers as outlined in the Double Patenting section.
As allowable subject matter has been indicated, applicant's reply must either comply with all formal requirements or specifically traverse each requirement not complied with (such as 101 rejection).  See 37 CFR 1.111(b) and MPEP § 707.07(a).
Reasons for allowance will be furnished upon allowance.
Pertinent Prior Arts
The following prior arts made of record and not relied upon are considered pertinent to applicant's disclosure.
Koottayi et al., [US PGPUB: 20200007531 A1]: this is considered the closest prior art of the instant application, that generally teaches access control, and more particularly, to techniques for seamless transition between world wide web (WEB) resource access and application programming interface (API) resource access on an enterprise network with security restrictions. One technique includes receiving a request for access to a first resource, determining the first resource is a WEB resource, creating an authentication cookie and a bearer token that are tied together using a common identifier, and providing access to the WEB resource based on the authentication cookie. The technique may further include receiving a call for access to a second resource, where the call includes the bearer token in a header of the call, determining the second resource is an API resource, initiating a token exchange of the bearer token for an access token; and providing access to the API resource based on the access token.
Koottayi’s disclosure relates generally to access control, and more particularly, to techniques for seamless transition between world wide web (WEB) resource access and application programming interface (API) resource access on an enterprise network with single sign-on, or on various other service systems with security restrictions.
Blasi (PGPUB: US 20170346807 A1): Blasi discloses technologies for token-based access authorization to an application program interface (API) including an access management server to receive a service request message from an application executed by a remote computing device. The service request message includes a digitally signed license token previously generated by the access management server and distributed to the remote computing device. The service request message also includes a request from the executed application to access data or a service of the resource server via an exposed API. The access management server verifies the digital signature of the digitally signed license token and generates a digitally signed Security Assertion Markup Language (SAML) token. The digitally signed SAML token is transmitted to the resource server for verification and local caching. The resource server receives the service request message and determines whether access to the requested data or service is authorized based on the locally-cached SAML token.
Embodiments of Blasi discloses technologies that relate, in general, to the field of authentication and authorization of computing devices and resources thereof. More particularly, the technologies relate to the field of using signed custom tokens as a root credential for authenticating and authorizing distributed computing devices and resources.
Ahmed et al. (PGPUB: US 20100198730 A1): Ahmed discloses An extensible servicing hosting platform is provided that supports the design, build and concurrent deployment of multiple web accessible services on a services hosting platform. The services hosting platform comprises a services hosting framework capable of hosting multiple service applications, each of which may be shared by multiple tenants that each customize their use of a particular application service by extending the application service to exploit run time platform services within a service execution pipeline. The services hosting framework may easily be leveraged by applications to decrease the time associated with developing, deploying and maintaining high quality services in a cost effective manner.
The application service comprises program code associated with one or more services that can each be invoked over a Internet using a publicly exposed Application Programming Interface (API). Application services include host services developed by a host provider and hosted on the platform, partner services developed by a third party via a suite and hosted on the platform, and extended services comprising third party ISP services that extend existing host services and are hosted on the platform.
Akselrod et al. (PGPUB: US 20200099691 A1): Akselrod disclosure relates to an approach to secure API access for distinct types of users. A request for access to an API from a user is initiated and followed by sending a request for a login credential to the user based on a type of API requested: Data API or Interaction API. The login credential is received along with the network location of the user. Authenticating the login credential and create an API specific token. Assigning the API specific token to a user activity and granting the user access to the specific API.
Halageri (US PGPUB: 20140013409 A1): Halageri discloses systems and methods for single sign on to a cloud. The system includes a cloud service provider and a tenant. The cloud service provider has a consumer unit and a portal. The consumer unit provides an interface for a user to connect to the cloud service provider. The portal providing a cloud service to the user, the portal has a first authentication system that issues a security token request and that is connected to the consumer unit. The tenant includes the user and a second authentication system. The second authentication system signs the security token request. The consumer unit is adapted to communicate with the first authentication system using a first protocol and adapted to communicate with the second authentication system using a second protocol.
Conclusion
Any inquiry concerning this communication or earlier communications from the examiner should be directed to MAHABUB S AHMED whose telephone number is (571)272-0364.  The examiner can normally be reached on 9AM-5PM EST M-F.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Kambiz Zand can be reached on (571)272-3811.  The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system.  Status information for published applications may be obtained from either Private PAIR or Public PAIR.  Status information for unpublished applications is available through Private PAIR only.  For more information about the PAIR system, see http://pair-direct.uspto.gov. Should you have questions on access to the Private PAIR system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative or access to the automated information system, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.



/MAHABUB S AHMED/Examiner, Art Unit 2434
/KAMBIZ ZAND/Supervisory Patent Examiner, Art Unit 2434