Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .
This communication is in response to the application filed on 08/10/2022. Claims 1-5, and 7-21 are currently pending.

Claim Interpretation
Claim 17 was evaluated to determine if the computer-readable storage medium was directed to signal per se. However, applicant clearly stated in paragraph 97 of the specification that the term computer readable storage medium as used in the invention referred to physical hardware media such as the ones disclosed in FIG. 7 of the drawings. As such, the claim invention was not directed towards signal per se.

 
Response to Arguments
Applicant's arguments filed on 08/10/2022 have been fully considered but they are moot in view of the new rejection herein below.

Response to Amendment
Applicant’s amendments to independent claims 1, 12 and 17 and the addition of new claim 21 have changed the scope of the claimed invention and thus necessitate the new rejection hereinafter.
 
Claim Rejections - 35 USC § 103
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.
The factual inquiries for establishing a background for determining obviousness under 35 U.S.C. 103 are summarized as follows:
1. Determining the scope and contents of the prior art.
2. Ascertaining the differences between the prior art and the claims at issue.
3. Resolving the level of ordinary skill in the pertinent art.
4. Considering objective evidence present in the application indicating obviousness or nonobviousness.
Claims 1, 3-5, and 7 are rejected under 35 U.S.C. 103 as being unpatentable over U.S. PGPub. No. 20140189346 to CURETON; Kevin (hereinafter CURETON) in view of U.S. PGPub. No. 20160380988 to Goel; Vikas (hereinafter Goel)

Regarding claim 1, CURETON discloses a method comprising: 
providing, by a first service (license request for accessing an application on the client device 225, ¶0026) executing on at least one first computing device, (225, Fig. 2) authentication information (set of credential 235 provided with the request, ¶0026) that is associated with the first service to an authentication provider service (License management server that provides authorization to use a license to access an application, ¶0026) executing on at least one authentication provider computing device (FIG. 2, computing device of license management server 205, ¶0026), the first service (¶0026, “an application”) having a username associated therewith (¶0026,  “a username”, the username is used by the License management server to authorize the user to use the requested license to access an application at the license management server). 
receiving, by the first service, access information (FIG. 2, set of temporary credentials 240, ¶0028) from the authentication provider service (¶0028, license management server 205) in response to providing the authentication information (set of credentials 235 provided with the request, ¶0026); 
utilizing, by the first service, a secure shell (SSH) client (as a result of SSH tunnel 245, ¶0032) executing on the at least one first computing device (the client device 225, ¶0032) to provide the access information to an SSH server (SSH application running on server 210, ¶0032, Fig. 2) executing on at least one second computing device (device of license management server such as the first license server 210, Fig. 2), 
wherein at least one operating system of the at least one second computing device (operating system of the first license server 210 in FIG. 2) is configured with a username (¶0026, “a user name”) associated with the first service (¶0026, “an application”, the username is used by the License management server to authorize the user to use the requested license to access an application at the license management server)  and user authentication module (user authentication module 305, Fig. 3, ¶0038) to log in the username associated with the first service for a service-to-service SSH session between the SSH client and the SSH server by verifying the access information (¶0058, wherein the secure communication tunnel establishing module 315 creates the secure communication tunnel between the client device and the license server after verification of access information of the user by the user authentication module).
 
and utilizing, by the first service, the SSH client to send information to or receive information from a second service (sending and receiving messages via secure communication tunnels 245 and 250, ¶0033) executing on the at least one second computing device (first license server 210, ¶0033-34) via the service-to-service SSH session (¶0033, in view of SSH tunnel 250) established between the SSH client and the SSH server in response to at least the providing of the access information to the SSH server ( the license management server 205, ¶0033). 
 	However, CURETON even though discloses user authentication module that can authenticate user based on set of credentials in ¶0038, does not explicitly disclose a pluggable authentication module (PAM) to log in user.
	Goel discloses the pluggable authentication module (PAM) which may be used to determine whether the login request is authorized (¶0036, “… In response to receiving an indication indicating the given user exists as a user for the device 110, the pluggable authentication module (PAM) 140 may be notified to determine whether the login request is authorized”)
Thus, one of ordinary skill in the art would have found it obvious before the effective filing date of the claimed invention to modify the method of CURETON to include the concept of pluggable authentication module to authenticate users as disclosed by Goel and be motivated in doing so in order to a system administrator to add new authentication methods by installing new libraries-Goel ¶0037 in part.


Regarding claim 3, CURETON in view of Goel discloses the method of claim 1. CURETON further discloses wherein the authentication information comprises an identifier and a secret; (set of credentials 235, ¶0026 wherein the username is the identifier and the password is the secret)
 and wherein the access information comprises an access token (set of temporary credentials, 240, ¶0030).

Regarding claim 4, CURETON in view of Goel discloses the method of claim 1. CURETON further discloses wherein the authentication provider service comprises an OAuth endpoint (HTTPS, ¶0016. NB, using a set temporary credentials (tokens) over HTTPS is a version of Oauth).  

Regarding claim 5, CURETON in view of Goel discloses the method of claim 1. CURETON further discloses further comprising: 408328-US-NP- 38 - configuring the at least one second computing device to authenticate the first service based on the access information; (¶0026 wherein the license management server 205 uses a set of credentials 235 provided with the request to determine whether the user 225 is authorized to use the license).
verifying, by the at least one second computing device, the access information provided by the first service; (¶0026 wherein the license management server 205 may check a license management data store 265 to determine whether the set of credentials 235 provided by the user 225 matches with the set of credentials stored at the license management data store 265-verification of access information). 
and establishing the service-to-service SSH session based, at least in part, on the verification of the access information (¶0028 wherein the user 225 sets up a secure communication tunnel 245 that can be used to access a license server based on verification of the access information).  

Regarding claim 7, CURETON in view of Goel discloses the method of claim 1. CURETON further discloses wherein the at least one first computing device comprises at least one computing device in a private network (PN) operated by a client (¶0019 Fig. 1 network 120 of the client which may be of various types, including a LAN, WAN, and internet) and wherein the at least one second computing device comprises at least one cloud computing server providing a cloud computing service (205, Fig. 2.  ¶0023 license management server that manages provision of licenses to users). 

8.	Claims 12, and 21 are rejected under 35 U.S.C. 103 as being unpatentable over EP 1746802 to Rossi et al. (hereinafter Rossi) in view of U.S.  PGPub. No. 20080201765 to WALTER et al. (hereinafter WALTER). 

Regarding claim 12, Rossi discloses a method performed by a secure shell (SSH) server (Fig. 1, server at node 20, ¶0033) executing on at least one first computing device (Fig. 1, computing device at node 20), comprising:
receiving a force command (¶0095, Fig. 8, step 804, wherein the client sends command to the server, the command is a force command because the command is defined in the IEFT documentation relating to the Secure Shell protocol, and its execution will be limited within the definition) from an SSH client executing on at least one second computing device (client device at node 10 in Fig. 1), the force command comprising code to be executed by the SSH server (¶0095, “The specific structure of the command packet is defined, for example, in the IEFT documentation relating to the Secure Shell protocol”, wherein the code is embedded in the command packet as defined in IEFT documentation relating to the secure shell protocol) after initial verification of the SSH client (¶0095, “The command actually does not take effect before entire key exchange is over”, ¶0006-¶0008, wherein the client/user and server both authenticate each other after the initial key exchange); 
responsive to receiving the force command, executing the code (¶0095, “the server replies with a STATUS packet that contains information whether the command was successful or not”, the server must have executed the command before sending information whether the command was successful or not) to maintain security during an SSH session with the SSH client (¶0033, Fig. 1 “a security protocol session 30 between the client 10, and server 20”)  by periodically: 
determining, that SSH session reauthorization information is (Fig. 6a steps 603, 605, and 606 ¶0080/0081 (wherein provision of information for reauthentication will lead to provision of reauthorization information)) received from the SSH client (user, ¶0080) 
determining that the SSH session reauthorization information received is verified (Fig. 6a steps 607-608 ¶0081); 
and responsive to said determining that the SSH session reauthorization information is received from the SSH client and is verified, maintaining the SSH session (Fig. 6a step 604, ¶0081, “provide service in accordance with the state information”).
 However, Rossi does not explicitly disclose periodic reauthentication of SSH client.
WALTER discloses periodic reauthentication of a communication device (¶0033, “…in step 328 the authentication system 102 can be programmed to monitor restart times for submitting re-authentication requests to communication devices 108 (e.g., once per hour, once per day, once per week, etc.”)
Thus, one of ordinary skill in the art would have found it obvious before the effective filing date of the claimed invention to modify the method of Rossi to include periodic re-authentication of communication device as disclosed by WALTER and be motivated in doing so in order to reduce the likelihood of unauthorized usage of communication system by counterfeit communication devices-Walter ¶0033 in part.

Regarding claim 21, Rossi in view of WALTER discloses the method of claim 12. Rossi further discloses wherein the method further comprises: terminating the SSH session, at least if the reauthentication information is not validated (Fig. 6a step 609, ¶0081, “ignore service request”) 
and WALTER discloses (¶0033, wherein an authentication system periodic transmits reauthentication request to communication device, “the authentication system 102 can be programmed to monitor restart times for submitting re-authentication requests to communication devices 108 (e.g., once per hour, once per day, once per week, etc….”).

Thus, one of ordinary skill in the art would have found it obvious before the effective filing date of the claimed invention to modify the method of Rossi and Goel to include periodic transmission of re-authentication request to communication device as disclosed by WALTER and be motivated in doing so in order to reduce the likelihood of unauthorized usage of communication system by counterfeit communication devices-Walter ¶0033 in part.
 
 
9.	Claims 9-10 are rejected under 35 U.S.C. 103 as being unpatentable over U.S. PGPub No. 20140189346 to CURETON; Kevin (hereinafter CURETON) in view of U.S. PGPub. No. 20160380988 to Goel; Vikas (hereinafter Goel) and further in view of U.S. PGPub No. 20200320199 to Sheth et al. (hereinafter Sheth).

Regarding claim 9, CURETON in view of Goel discloses the method of claim 1. However, CURETON in view of Goel fails to explicitly disclose the following limitation taught by Sheth: further comprising: maintaining security during the service-to-service SSH session by periodically: providing, by the first service, the authentication information to the authentication provider service; 
receiving periodic access information from the authentication provider in response to providing the authentication information; 408328-US-NP- 39 – 
providing the periodic access information over the service-to-service SSH session; 
determining whether the periodic access information is verified or unverified;
 and maintaining the service-to-service SSH session if the periodic access information is verified.  

Sheth discloses maintaining security during the service-to-service SSH session (FIG. 5A, ¶0090, “attestation between a Secure Shell (SSH) client 501 and an SSH server 502 associated with establishing and maintaining a trustworthy encrypted network session”.) 
by periodically (¶0098 “Some of the integrity-related data may be continuously provided by the SSH server 502 while a session is alive, either periodically or on demand (e.g., SSH client re-ask or SSH rekey interval”): providing, by the first service, (the SSH client 501, ¶0094) the authentication information (login credentials ¶0094) to the authentication provider service (¶0094 SSH server 502); 
receiving periodic access information from the authentication provider in response to providing the authentication information; (¶0093/0094, Fig.5 steps 520A, 520B, and 509-510) 408328-US-NP- 39 - 
providing the periodic access information over the service-to-service SSH session (¶0095, Fig. 5 step 513A);
determining whether the periodic access information is verified or unverified: (¶0100 408328-US-NP- 39 –“decides on whether the SSH client 501 is allowed to connect to the network”-wherein deciding whether to allow connection to the network is a form of verification) 
and maintaining the service-to-service SSH session if the periodic access information is verified 408328-US-NP- 39 -(¶0100 “the SSH server 502 can validate the integrity data of the SSH client 501 and decides on whether the SSH client 501 is allowed to connect to the network and proceed with authentication and/or continue to be connected to the network”).  
Thus, one of ordinary skill in the art would have been motivated before the effective filing date of the claimed invention to modify the method of CURETON and Goel in claim 1 to include termination of the SSH session if the periodic access information is not provided or verified as disclosed by Sheth and be motivated in so because it provides a utilization for verification of integrity data on an SSH session- Sheth ¶0099.  

Regarding claim 10, CURETON in view of Goel, and further in view of Sheth discloses the method of claim 9. 
Sheth further discloses the method of claim 9 comprising: 
terminating the service-to-service SSH session if the periodic access information is not provided within a periodic time interval or if the periodic access information is not verified. (¶0098 “the session can be terminated immediately if the SSH server 502 fails to provide integrity data or the integrity data provided does not indicate trustworthiness”)  
	Thus, one of ordinary skill in the art would have been motivated before the effective filing date of the claimed invention to modify the method of CURETON, Goel, and Sheth in claim 9 to include termination of the SSH session if the periodic access information is not provided or verified as disclosed by Sheth and be motivated in so because it provides a utilization for verification of integrity data on an SSH session- Sheth ¶0099. 


10.	Claims 2 is rejected under 35 U.S.C. 103 as being unpatentable over U.S. PGPub No. 20140189346 to CURETON; Kevin (hereinafter CURETON) in view of U.S. PGPub. No. 20160380988 to Goel; Vikas (hereinafter Goel) and further in view of U.S. PGPub No. 2003005178 to Hemsath, David (hereinafter Hemsath).

Regarding claim 2, CURETON in view of Goel discloses the method of claim 1. 
However, CURETON in view of Goel does not explicitly disclose the following limitation taught by Hemsath: 
registering the first service with the authentication provider service; 
receiving the authentication information in response to the registration; 
and configuring the first service to provide the authentication information to the authentication provider service to initiate the service-to-service SSH session. 
Hemsath discloses registering (user registry 22, Fig. 1, ¶0033) the first service with the authentication provider service (user authentication service 12´ Fig. 3, ¶0033);
 receiving the authentication information in response to the registration (username, domain name, host name, etc. Fig. 3, ¶0033);
and configuring the first service to provide the authentication information to the authentication provider service to initiate the service-to-service SSH session (Fig. 3, ¶0033 “This mapped ID is submitted (G) to an Authentication Service (30”)  
Thus, one of ordinary skill in the art would have been motivated before the effective filing date of the claimed invention to modify the method CURETON and Goel to include registering the user/client with the authentication provider as disclosed by Hemsath and be motivated in so because it provides a utilization that allows the system administration to set permissions to access or use a particular secured system resources for each user-Hemsath abstract. 

11.	Claim 8 is rejected under 35 U.S.C. 103 as being unpatentable over U.S. PGPub No. 20140189346 to CURETON; Kevin (hereinafter CURETON) in view of U.S. PGPub. No. 20160380988 to Goel; Vikas (hereinafter Goel) and further in view of EP 1746802 to Rossi et al. (hereinafter Rossi).

Regarding claim 8, CURETON in view of Goel discloses the method of claim 7. 
However, CURETON in view of Goel does not explicitly disclose the following limitation taught by Rossi: further comprising: 
providing secure remote access to the PN for at least one remote user associated with the client from at least one computing device used by the at least one remote user through the at least one second computing device over the service-to- service SSH session to the at least one first computing device in the PN.  
 	Rossi discloses providing secure remote access to the PN for at least one remote user associated with the client from at least one computing device used by the at least one remote user through the at least one second computing device over the service-to- service SSH session to the at least one first computing device in the PN (FIG. 5, steps 512-516, ¶0073). 
Thus, one of ordinary skill in the art would have been motivated before the effective filling date of the claimed invention to modify CURETON and Goel method and incorporate the provision of remote access to users as disclosed by Rossi and be motivated in doing so because it provides a utilization that initiates authentication procedure of the security protocol with the remote node vial a data packet connection -Rossi abstract.

Claim 16 is rejected under 35 U.S.C. 103 as being unpatentable over EP 1746802 to Rossi et al. (hereinafter Rossi) in view of U.S.  PGPub. No. 20080201765 to WALTER et al. (hereinafter WALTER) and further in view of U.S. PGPub No. 20140189346 to CURETON; Kevin (hereinafter CURETON). 

Regarding claim 16, ROSSI in view of WALTER discloses the method of claim 12. However, ROSSI in view of WALTER does not explicitly disclose the following limitation taught by CURETON: 
further comprising: receiving, by the SSH server, the session reauthorization information over an SSH command channel.  
CURETON discloses further comprising: receiving, by the SSH server (license management server 205) the session reauthorization information (¶0031 temporary username and temporary public key) over an SSH command channel (“secure communication tunnel 250”, Fig. 2, ¶0032). Wherein checking whether the public key and username included in the connection request matches with the temporary public key and temporary username stored at the license management data store 265 for the user 225 is a form of reauthorization.
Thus, one of ordinary skill in the art would have been motivated before the effective filing date of the claimed invention to modify the method of Rossi and WALTER to include receiving the session reauthorization information over an SSH command channel as disclosed by CURETON because it provides a utilization that enable the client to obtains license from the license server (CURETON abstract). 


Claims 13 is rejected under 35 U.S.C. 103 as being unpatentable over EP 1746802 to Rossi et al. (hereinafter Rossi) in view of U.S.  PGPub. No. 20080201765 to WALTER et al. (hereinafter WALTER) and further in view of U.S. PGPub No. 20200320199 to Sheth et al. (hereinafter Sheth).

Regarding claim 13, Rossi in view of WALTER discloses the method of claim 12.
However, Rossi in view of WALTER does not explicitly disclose the following limitation taught by Sheth: 
wherein the SSH session is a service-to-service SSH session.  
Sheth discloses SSH a service-to-service SSH session (Fig. 5A, ¶0092, SSH client 501 service and SSH server 502 service).   
Thus, one of ordinary skill in the art would have been motivated before the effective filing date of the claimed invention to modify the method of Rossi and WALTER in claim 12 to include service-to-service SSH session as disclosed by Sheth and be motivated in so because it provides a utilization for verification of integrity data on an SSH session- Sheth ¶0099. 

Claims 17-20 are rejected under 35 U.S.C. 103 as being unpatentable over U.S. PGPub No. 20200320199 to Sheth et al. (hereinafter Sheth) in view of EP 1746802 to Rossi et al. (hereinafter Rossi) and further in view of U.S.  PGPub. No. 20080201765 to WALTER et al. (hereinafter WALTER).

Regarding claim 17, Sheth discloses a computer-readable storage medium (¶0146, “computer readable media”) having programming instructions encoded thereon that are executable by a processor to perform a method, the method comprising: 
initiating a secure shell (SSH) session between an SSH client and an SSH server (Fig. 5A, ¶0091, encrypted network session between SSH client 501 and SSH server 502) based, at least in part, on providing, receiving or validating authentication information (¶0092-0094, wherein the SSH client and SSH server exchange messages to initiate SSH session and authenticate each other); and 
maintaining security during the SSH session (Fig 5A, ¶0090, “establishing and maintaining a trustworthy encrypted network session”) based, at least in part, on providing, receiving or validating periodic reauthentication information (Fig 5A, ¶0098, “Some of the integrity-related data may be continuously provided by the SSH server 502 while a session is alive, either periodically or on demand (e.g., SSH client re-ask or SSH rekey interval..”)), 
However, Sheth even though discloses continuous provision of integrity related data periodically or on demand, does not explicitly disclose the following limitation:
wherein the maintaining security comprises performing by the SSH server: 
receiving a force command from the SSH client; and 
executing code of the force command to periodically:  
determine that the periodic reauthentication information is received from the SSH client within a periodic time interval; 
determine that the periodic reauthentication information received during the periodic time interval is verified; 
and responsive to determining that the periodic reauthentication information is received within the periodic time interval and is verified, maintain the SSH session.

Rossi discloses receiving a force command (¶0095, Fig. 8, step 804, wherein the client sends command to the server, the command is a force command because the command is defined in the IEFT documentation relating to the Secure Shell protocol, and its execution will be limited within the definition) from the SSH client (user, ¶0080); and
executing code of the force command to: (Fig. 8, step 809, ¶0096 “execute command”) and (¶0095, “The specific structure of the command packet is defined, for example, in the IEFT documentation relating to the Secure Shell protocol”, wherein the code is embedded in the command packet as defined in IEFT documentation relating to the secure shell protocol)
determine that the reauthentication information (Fig. 6a steps 603, 605, and 606 ¶0080/0081, information for reauthentication) is received from the SSH client (user, ¶0080) 
determine that the reauthentication information received during the is verified (Fig. 6a steps 607-608 ¶0081);
and responsive to determining that the reauthentication information is received and is verified, maintain the SSH session (Fig. 6a step 604, ¶0081, “provide service in accordance with the state information”).

Thus, one of ordinary skill in the art would have found it obvious before the effective filing date of the claimed invention to modify the method of Sheth by incorporating the teaching of SSH client sending a force command to SSH server to carry out some functions as disclosed by Rossi and be motivated in doing so because it facilitates key exchange negotiation between the client and the server- Rossi ¶0097 in parts.
However, Sheth in view of Rossi does not explicitly disclose periodic reauthentication of SSH client.
WALTER discloses periodic reauthentication of a communication device (¶0033, “…in step 328 the authentication system 102 can be programmed to monitor restart times for submitting re-authentication requests to communication devices 108 (e.g., once per hour, once per day, once per week, etc.”)
Thus, one of ordinary skill in the art would have found it obvious before the effective filing date of the claimed invention to modify the method of Sheth and Rossi to include periodic re-authentication of communication device as disclosed by WALTER and be motivated in doing so in order to reduce the likelihood of unauthorized usage of communication system by counterfeit communication devices-Walter ¶0033 in part.






Regarding claim 18, Sheth in view of Rossi and further in view of WALTER discloses the method of claim 17.
Sheth further discloses further comprising: terminating the SSH session, at least if the reauthentication information is not periodically received (¶0098, “…Some of the integrity-related data may be continuously provided by the SSH server 502 while a session is alive, either periodically or on demand (e.g., SSH client re-ask or SSH rekey interval) or is not periodically validated (¶0098 wherein the session is terminated if the integrity data is not provided or untrusted)    

 	Regarding claim 19, Sheth in view of Rossi and further in view of WALTER discloses the method of claim 17.
Sheth further discloses wherein the SSH session is a service-to-service SSH session (Fig. 5A, ¶0092, SSH client 501 service and SSH server 502 service)   
 
Regarding claim 20, Sheth in view Rossi and further in view of WALTER discloses the method of claim 17.
 Sheth further discloses further comprising: initiating the SSH session (Fig. 5A, ¶0091) based, at least in part, by providing, receiving or validating a token provided by an authorization provider service (¶0091 wherein the SSH client receives SSH server credentials e.g. pubkey or certificate which the examiner equates to token) and maintaining the security during the SSH session (¶0097, maintaining the encrypted network session) based, at least in part, on providing, receiving or validating (¶0097 authenticate) a token (¶0097 integrity data) periodically (¶0098, “either periodically or on demand”) provided by the authorization provider service (¶0097 SSH server 502).  





Claims 14-15 are rejected under 35 U.S.C. 103 as being unpatentable over EP 17446802 to Rossi et al. (hereinafter Rossi) in view of U.S.  PGPub. No. 20080201765 to WALTER et al. (hereinafter WALTER) and further in view of U.S. PGPub No 20200320199 to Sheth et al. (hereinafter Sheth) and further in view of U.S PGPub No. 20140189346 to CURETON; Kevin (hereinafter CURETON).

Regarding claim 14, Rossi in view of WALTER and further in view of Sheth discloses the method of claim 13. However, Rossi in view of WALTER and further in view of Sheth does not explicitly disclose the following limitation taught by CURETON: 
Further comprising establishing the service-to-service SSH session by:
 providing, by a first service executing on the at least one second computing device, authentication information that is associated with the first service to an authentication provider service executing on at least one authentication provider computing device; 
receiving, by the first service, access information from the authentication provider service in response to providing the authentication information; providing the access information by the SSH client to the SSH server; and 
verifying, by the at least one first computing device, the access information; and establishing, by the SSH server, the service-to-service SSH session based on the verification. 
CURETON discloses further comprising: establishing the service-to-service SSH session (¶0015) by: 
providing, by a first service (license request to access an application, ¶0026) executing on the at least one second computing device, (205, Fig. 2. License management server computing device) authentication information (235, ¶0026, “set of credentials”) that is associated with the first service to an authentication provider service (authorization provision, ¶0026) executing on at least one authentication provider computing device (205, ¶0026); 
receiving, by the first service, access information (240, ¶0026) from the authentication provider service in response to providing the authentication information (¶0026, set of credentials 235); 
 providing the access information by the SSH client to the SSH server; (as a result of SSH tunnel 245, ¶0032); and 
verifying, by the at least one first computing device (210, Fig. 2), the access information (240, set of temporary credentials, ¶0026);
 	and establishing, by the SSH server, the service-to-service SSH session based on the verification (¶0032 “If the license management server 205 identifies the set of temporary credentials 240, the license management server 205 creates a secure communication tunnel 245 on a pre-determined port of the client device 225”). 
	Thus, one of ordinary skill in the art would have been motivated before the effective filing date of the claimed invention to modify the method of Rossi, WALTER, and Sheth to include provision of authentication information to the authentication provider service by the first service in order to have access information to establish an SSH session as disclosed by CURETON because it provides a utilization that enable the client to obtains license from the license server (CURETON abstract). 

Regarding claim 15, Rossi in view of WALTER and further in view of Sheth and further in view of CURETON discloses the method of claim 14. 
CURETON further discloses: 
wherein the authentication provider comprises an OAuth endpoint (¶0031, “wherein the license management server 205 can use various authentication techniques to determine whether the user is authorized to use the license”. (OAUTH is one of the authentication techniques);   
 	wherein the access information comprises an access token (set of temporary credentials, 240, ¶0030) issued by the OAuth endpoint;
and wherein each periodic session reauthorization information comprises an access token issued by the OAuth endpoint (¶0031, wherein determining whether a public key and a username included in the connection request matches with the temporary public key and the temporary username associated with the user 225 is a form of reauthorization and the token is the temporary username or temporary public key);  
Thus, one of ordinary skill in the art would have been motivated before the effective filing date of the claimed invention to modify the method of Rossi, WALTER, Sheth, and CURETON in claim 14 to include the teaching of OAUTH endpoint as disclosed by CURETON because it provides a utilization that enable the client/user to communicate securely with license management server when requesting for a license. (CURETON ¶0026). 


Claims 11 is rejected under 35 U.S.C. 103 as being unpatentable over U.S PGPub No. 20140189346 to CURETON; Kevin (hereinafter CURETON) in view of U.S. PGPub. No. 20160380988 to Goel; Vikas (hereinafter Goel) and further in view of U.S. PGPub No 20200320199 to Sheth et al. (hereinafter Sheth) and further in view of EP 17446802 to Rossi et al. (hereinafter Rossi)  

Regarding claim 11, CURETON in view of Goel and further in view of Sheth discloses the method of claim 10. 
Sheth further discloses wherein the determining whether the periodic access information is verified or unverified comprises: 
determines whether the periodic access information (integrity data ¶0093) is received within the periodic time interval (Fig. 5A, steps 520A and 520B ¶0093 wherein integrity data can be carried between two protocol parties at regular intervals); 
determines whether the periodic access information is verified or unverified (¶0098, wherein the SSH client 501 and /or SSH server 502 review the integrity data to decide whether to continue or reject SSH session establishment or not, review to continuing or rejecting SSH session is a verification process); 
terminates the service-to-service SSH session if the periodic access information is not provided within the periodic time interval or if the periodic access information is not verified (¶0098 “the session can be terminated immediately if the SSH server 502 fails to provide integrity data or the integrity data provided does not indicate trustworthiness”);  
 	and maintains the service-to-service SSH session if the periodic access information is provided within the periodic time interval and the periodic access information is verified (¶0100 “the SSH server 502 can validate the integrity data of the SSH client 501 and decides on whether the SSH client 501 is allowed to connect to the network and proceed with authentication and/or continue to be connected to the network”).  
However, CURETON in view of Goel and further in view of Sheth does not explicitly discloses the following limitation taught by Rossi: running a force command.
Rossi discloses running a force command (Fig. 8, ¶0095-¶0097 wherein the client or the server can send a command to perform some actions either at the server or client sides, the command is a force command because the command is defined in the IEFT documentation relating to the Secure Shell protocol, and its execution will be limited within the definition).
	Thus, one of ordinary skill in the art would have been motivated before the effective filing date of the claimed invention to modify the method of CURETON, Goel, and Sheth in claim 10 to include running a force command as disclosed by Rossi and be motivated in doing so because it provides a utilization that facilitates exchange of keys and secret between the client and the server. 

Conclusion
Applicant's amendment necessitated the new ground(s) of rejection presented in this Office action.  Accordingly, THIS ACTION IS MADE FINAL.  See MPEP § 706.07(a).  Applicant is reminded of the extension of time policy as set forth in 37 CFR 1.136(a).  
A shortened statutory period for reply to this final action is set to expire THREE MONTHS from the mailing date of this action.  In the event a first reply is filed within TWO MONTHS of the mailing date of this final action and the advisory action is not mailed until after the end of the THREE-MONTH shortened statutory period, then the shortened statutory period will expire on the date the advisory action is mailed, and any extension fee pursuant to 37 CFR 1.136(a) will be calculated from the mailing date of the advisory action.  In no event, however, will the statutory period for reply expire later than SIX MONTHS from the date of this final action. 
Any inquiry concerning this communication or earlier communications from the examiner should be directed to MUDASIRU K OLAEGBE whose telephone number is (571)272-2082. The examiner can normally be reached MON-FRI. 7.30AM-5.30PM.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Farid Homayounmehr can be reached on 5712723739. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. Visit https://www.uspto.gov/patents/apply/patent-center for more information about Patent Center and https://www.uspto.gov/patents/docx for information about filing in DOCX format. For additional questions, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.





/MUDASIRU K OLAEGBE/Examiner, Art Unit 2495        

/FARID HOMAYOUNMEHR/Supervisory Patent Examiner, Art Unit 2495