Notice of Pre-AIA  or AIA  Status

The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .

DETAILED ACTION

Claims 1 – 21 are pending.
Any references to applicant’s specification are made by way of applicant’s U.S. pre-grant printed patent publication.

Claim Rejections - 35 USC § 103

In the event the determination of the status of the application as subject to AIA  35 U.S.C. 102 and 103 (or as subject to pre-AIA  35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status.  
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.

Claims 1 – 4, 6 – 11, 13 – 18, 20, and 21 are rejected under 35 U.S.C. 103 as being unpatentable over Nair et al. (Nair), US 2017/0249393 A1 in view of Davidson et al. (Davidson), US 2019/0158532 A1.

Regarding claim 1, Nair discloses:
A method to authenticate a first plugin (e.g. Nair, par. 54, 55) to enable the first plugin to interact with a management server in a virtualized computing environment (e.g. Nair, par. 3, 87), the method comprising: 
using a session identification (ID) (e.g. Nair, par. 55), … associated with the first plugin, to obtain a session ticket (e.g. Nair, par. 55 – “token”).
Herein, Nair discloses a browser plugin that may use an associated session identifier to log into a management system.  However, Nair does not appear to explicitly illustrate that the session identifier is “uniquely”  associated with the plugin.  However, Davidson also teaches a plugin (i.e. “extension”) that uses a session identifier to login to a system.  Furthermore, Davidson illustrates that the session identifier is associated between the system and the plugin itself (i.e. thus “uniquely”), thereby enabling that particular plugin to log into the system (e.g. Davidson, par. 30).  This would have been obvious because one of ordinary skill would have been motivated by the advantage of improved security to only allow the associated plugin to login to the system.
Thus, the combination enables:
wherein the session ticket is uniquely associated with the first plugin and is configured with a finite validity (e.g. Nair, par. 55; Davidson, par. 30); 
and using the session ticket to authorize the first plugin to access the management server for a first session with the management server (e.g. Nair, par. 55),
wherein the finite validity prevents use of the session ticket, by the first plugin, for a second session with the management server (e.g. Nair, par. 55 – herein the session identifier is only valid for that identified session), 
and wherein the finite validity prevents use of the session ticket, by at least a second plugin, for authenticated sessions with the management server (e.g. Nair, par. 55 – herein, after the expiration of the session identifier, the session identifier may not be used to authenticate by a plugin, i.e. the first, a second, a third, etc. plugin).  

Regarding claim 2, the combination enables:
wherein the finite validity enables use of the session ticket for only the first session between the first plugin and the management server, and invalidates the session ticket for other sessions including the second session (e.g. Nair, par. 55 – herein the session identifier is valid only for the assigned session).

Regarding claim 3, the combination enables:
wherein the finite validity enables use of the session ticket for a finite duration and invalidates the session ticket after expiration of the finite duration, and wherein the finite duration includes at least one of: a time-based duration of the session ticket, a number of application program interface (API) calls permitted to be made by the first plugin during the first session, or a time-based duration of the first session (e.g. Nair, par. 55).

Regarding claim 4, the combination enables:
wherein the first session is a cloned session (e.g. Nair, par. 55 – herein the session token or cookie enables a “first” session to be established, i.e. “cloned”, based upon the session identifier of an original session).

Regarding claim 6, the combination enables:
6. The method of claim 1, wherein the session ID is further uniquely associated with the first session (e.g. Nair, par. 55; Davidson, par. 30).

Regarding claim 7, the combination enables:
wherein at least one of the session ID or the session ticket is provided by the management server (e.g. Nair, par. 55; Davidson, par. 30).

	Regarding claims 8 – 11, 13 – 18, 20, and 21, they are medium and apparatus claims essentially corresponding to the claims above, and they are rejected, at least, for the same reasons.  Furthermore, regarding the recitations of a medium, program, and processors, the examiner notes the corresponding teachings of Nair (e.g. par. 103-105).

Claims 5, 12, and 19 are rejected under 35 U.S.C. 103 as being unpatentable over Nair et al. (Nair), US 2017/0249393 A1 in view of Davidson et al. (Davidson), US 2019/0158532 A1 in view of Kottahachchi et al. (Kotta’), US 2017,0359327 A1.

Regarding claim 5, Nair fails to disclose, but Kotta’ does disclose, that the plugin resides at a plugin server and that the user communicates with the plugin using a reverse proxy (e.g. Kotta, :
wherein the first plugin resides at a plugin server (e.g. Kotta’, fig. 6:604; fig. 8:800; fig. 10:1002) and wherein a client communicates to the plugin server to use the first plugin and communicates to the management server for the first session via a reverse proxy (e.g. Kotta’, par. 40, 46).
It would have been obvious to one of ordinary skill in the art to employ the teachings of Kotta’ within the system of Nair and Davidson.  This would have been obvious because one of ordinary skill in the art would have been motivated by the teachings that a plugin framework, wherein plugins reside on a server and are accessed via a reverse proxy, enhances the ability to securely manage the access to backend systems by a multitude of users (e.g. Kotta’, par. 3, 22).

Regarding claims 12 and 19, they are medium and apparatus claims essentially corresponding to the claims above, and they are rejected, at least, for the same reasons.  Furthermore, regarding the recitations of a medium, program, and processors, the examiner notes the corresponding teachings of Nair (e.g. par. 103-105).

Conclusion

The prior art made of record and not relied upon is considered pertinent to applicant's disclosure:
See Notice of References Cited.	

Any inquiry concerning this communication or earlier communications from the examiner should be directed to JEFFERY L WILLIAMS whose telephone number is (571)272-7965.  The examiner can normally be reached on 7:30 am - 4:00 pm.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Farid Homayounmehr can be reached on 571-272-3739.  The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system.  Status information for published applications may be obtained from either Private PAIR or Public PAIR.  Status information for unpublished applications is available through Private PAIR only.  For more information about the PAIR system, see http://pair-direct.uspto.gov. Should you have questions on access to the Private PAIR system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative or access to the automated information system, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.




/JEFFERY L WILLIAMS/Primary Examiner, Art Unit 2495