DETAILED ACTION
Notice of Pre-AIA or AIA Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .
Response to Amendment
2. This communication is in response to the amendment filed on 10/23/2025. The Examiner has acknowledged the amended Claims 1-4 and 6-9. Claims 1-9 are pending and Claims 1-9 are rejected.
Response to Arguments
3. Applicant's Arguments (Remarks Pages: 6-9) filed 10/23/2025 have been fully considered, and they are persuasive. However, applicant’s arguments are now moot in view of a new reference applied Antipa et al. (US 2015/0312257 Al).
4. The objection to Claim 6 has been withdrawn in view of the applicant’s amendment.
5. Applicant's Arguments [Remarks Pages: 7-9] with respect to 35 USC 103 have been fully considered, and they are persuasive. Applicant’s arguments are based on the applicant’s amended features and they are now moot in view of a new reference applied Antipa et al. (US 2015/0312257 A1). Please see the 35 USC 103 rejection below.
Applicant’s arguments with respect to other independent claims (Claims 7-9) and the dependent claims (Claims 2-6) are based on the applicant’s arguments with respect to the independent Claim 1 and their respective dependency and are moot based on the new reference applied as discussed above.
Applicant’s amendment necessitated a new ground of rejection.
Claim Rejections - 35 USC § 103
6. The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.
7. The factual inquiries set forth in Graham v. John Deere Co., 383 U.S. 1, 148 USPQ 459 (1966), that are applied for establishing a background for determining obviousness under 35 U.S.C. 103 are summarized as follows:
1. Determining the scope and contents of the prior art.
2. Ascertaining the differences between the prior art and the claims at issue.
3. Resolving the level of ordinary skill in the pertinent art.
4. Considering objective evidence present in the application indicating obviousness or nonobviousness.
8. This application currently names joint inventors. In considering patentability of the claims the examiner presumes that the subject matter of the various claims was commonly owned as of the effective filing date of the claimed invention(s) absent any evidence to the contrary. Applicant is advised of the obligation under 37 CFR 1.56 to point out the inventor and effective filing dates of each claim that was not commonly owned as of the effective filing date of the later invention in order for the examiner to consider the applicability of 35 U.S.C. 102(b)(2)(C) for any potential 35 U.S.C. 102(a)(2) prior art against the later invention.
9. Claims 1-5 and 7-9 are rejected under 35 U.S.C. 103 as being unpatentable over Hoshino et al. (US 2019/0281037 A1, hereinafter Hoshino) in view of Antipa et al. (US 2015/0312257 Al, hereinafter Antipa).
Regarding Claim 1,
Hoshino discloses a federated authentication server configured to provide, in cooperation with an authentication server provide, a function of authenticating a user terminal to a resource server configured to provide a service to the user terminal (Hoshino: ¶ [0005] an apparatus for coupling through a network to an external authentication system that allows use of an external service and to a service providing system that provides a given service through authentication performed by the external authentication system,¶ [0024] an image - forming apparatus 10 , and a Web service apparatus 20 . The image - forming apparatus 10 and the Webservice apparatus 20 are communicably coupled to each other via a wide - area network N such as the Internet . The authentication system 1 is also communicably coupled to an external service 30 via the network N, ¶¶ [0025, 0063]), the federated authentication server comprising:
one or more processors (Hoshino: ¶ [0005] an apparatus for coupling through a network to an external authentication system that allows use of an external service and to a service providing system that provides a given service through authentication performed by the external authentication system, ¶ [0035] CPU 111 reads the programs, data, and setting information from the ROM 113, the NVRAM 114, and the HDD 115 to be loaded onto the RAM 112, and performs processes); and
one or more memories including instructions that, when executed by the one or more processors, causes the federated authentication server to (Hoshino: ¶ [0005] an apparatus for coupling through a network to an external authentication system that allows use of an external service and to a service providing system that provides a given service through authentication performed by the external authentication system, ¶ [0034] RAM 112 may be a volatile semiconductor memory (i.e., memory device), in which a program or data are temporarily held. In the NVRAM 114, for example, setting information is stored. The HDD 115 may be a non-volatile memory device, in which the browser 11, various programs, and data are stored, ¶ [0035]):
transmit authentication information about a user of the user terminal to the authentication server (Hoshino: ¶ [0005] web browser is configured to transmit to the external authentication system authentication credentials to be used for the authentication performed by the external authentication system in response to an input of the authentication credentials to request the authentication to be performed by the external authentication system, ¶ [0063] a user U operates the browser 11 of the image - forming apparatus 10 to open a login page of the Web service provided by the Web service apparatus 20 (step S501), ¶ [0075] user U enters a user ID in the user ID field 1201 and a password in the password field 1202 on the external Web service login page 1200 illustrated in FIG . 6, and then clicks the login button 1203 (step S508), ¶ [0078] the engine unit 12 transmits the authentication request to the external service 30 (step S510));
receive, from the authentication server, a token which is used for accessing the resource server from the user terminal (Hoshino: ¶ [0078] the external service 30 performs the authentication process based on the user ID and the password included in the authentication request (step S511)…., it is assumed that a result of the authentication process performed by the external service 30 indicates success in the authentication process, ¶ [0079] the external service 30 transmits to the engine unit 12 of the image-forming apparatus 10 the redirect instruction for redirecting the browser 11 to the callback destination URL. Note that the redirect instruction includes a temporary code generated by the external service 30 and an authentication ticket of the external Web service);
issue a code which is used for identifying an authentication success response and transmit the code to the resource server (Hoshino: ¶ [0005] apparatus includes a web browser…, web browser is configured to acquire from the external authentication system a first cookie indicating that the authentication credentials have been authenticated by the external authentication system in accordance with a successful result of the authentication that has been requested, ¶ [0078] Note that the redirect instruction includes a temporary code generated by the external service 30 and an authentication ticket of the external Web service. Such a temporary code may be referred to as an "authorization code", ¶ [0083] the engine unit 12 transmits to the Web service unit 22 of the Web service apparatus 20 a logout selection page acquisition request the logout selection page acquisition request includes the temporary code acquired from the external service 30 in step S511);
store the code and the token in association with each other (Hoshino: ¶ [0005] cause the storing unit to store the first cookie, ¶ [0080] the engine unit 12 first transmits to the authentication managing unit 13 an authentication ticket storing request for storing the authentication ticket (step S512), ¶ [0081] the authentication managing unit 13 stores the authentication ticket (i.e., authentication ticket of the external Web service) included in the authentication ticket storing…, the authentication ticket includes, for example, a ticket name, a value of the authentication ticket (i.e., Cookie value), and an expiring date, ¶ [0085]) before a token request including the code is transmitted from the resource server; and
transmit the token associated with the code to the resource server in a case where the token request is transmitted from the resource server (Hoshino: ¶ [0085] On receiving the temporary code verification request, the authenticating unit 23 transmits the temporary code verification request to the external service 30 (step S515)…, the external service 30 performs a verifying process on the temporary code included in the temporary code verification request (step S516), ¶ [0104] the engine unit 12 transmits to the Web service unit 22 of the Web service apparatus 20 an acquisition request for acquiring the Web service top page 1400 indicated by the callback destination URL (step S522). Note that the acquisition request includes the Web service authentication ticket, ¶ [0110]), wherein the token request indicates that the resource server requests the federated authentication server to transmit the token associated with the code.
Hoshino does not explicitly disclose:
store the code and the token in association with each other before a token request including the code is transmitted from the resource server; and
transmit the token associated with the code to the resource server in a case where a token request is transmitted from the resource server, wherein the token request indicates that the resource server requests the federated authentication server to transmit the token associated with the code.
However, Antipa from the same field of endeavor as the claimed invention discloses systems, methods, and computer storage media for facilitating user centric identity management (Antipa: [Abstract]), the identity provider 112 includes an authentication component 130, an authorization component 132, and a data provider component 134. The illustrated components may also have access to a data store (not shown). Such a data store may be configured to store data. In various embodiments, such information may include, without limitation, resources (e.g., user data), identity tokens, authentication codes, access tokens, and the like. In embodiments, the data store is configured to be searchable for one or more of the items stored in association therewith (Antipa: ¶ [0050]), the data provider component 134 (i.e. identity provider) is configured to facilitate data exchange or resource provisioning between the identity provider 112 and the service provider 114…, the data provider component 134 may receive a request for an access token from the service provider 114 (i.e. resource provider). Such an access token request may include an authorization code. Upon receiving the access token request and/or authorization code, the data provider component 134 can access, identify, determine, or generate an access token for providing to the service provider 114, (i.e. implies that the identity provider accesses a pre-stored token upon resource provider’s token request) for example, using the authorization code (Antipa: ¶ [0057], also see ¶ [0083]), and in response, the identity provider 112 can exchange the authorization code for an access token (Antipa: ¶ [0064]).
Thus, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to incorporate the teachings of Antipa in the teachings of Hoshino. A person having ordinary skill in the art would have been motivated to do so as it provides a lower latency, and the use of authorization codes will mitigate token interceptions, therefore increasing the security of the system.
Regarding Claim 2,
Claim 2 is dependent on Claim 1, and the combination of Hoshino and Antipa discloses all the limitations of Claim 1. Hoshino further discloses wherein the one or more memories further causes the federated authentication server to: provide the user terminal with an authentication screen via which the authentication information is input to the user terminal (Hoshino: ¶ [0063] a user U operates the browser 11 of the image - forming apparatus 10 to open a login page of the Web service provided by the Web service apparatus 20 (step S501), ¶ [0075] user U enters a user ID in the user ID field 1201 and a password in the password field 1202 on the external Web service login page 1200, and then clicks the login button 1203 (step S508), ¶ [0033] controller 110 includes a Central Processing Unit (CPU), , ¶ [0066] the input and output controlling unit 14 causes the operation panel 120 of the image-forming apparatus 10 to display, for example, a Web service login page 1100 illustrated in FIG. 6. The Web service login page 1100 illustrated in FIG. 6 is a screen display for logging into the Web service provided by the Web service apparatus 20, See Figs. 2, 10 ¶¶ [0034-0035, 0051, 0066, 0126, 0130-0131]).
Regarding Claim 3,
Claim 3 is dependent on Claim 2, and the combination of Hoshino and Antipa discloses all the limitations of Claim 2. Hoshino further discloses wherein the one or more memories further causes the federated authentication server to: receive an authentication request from the resource server, provide the authentication screen based on the receiving of the authentication request (Hoshino: ¶ [0065] On receiving the login page acquisition request for acquiring the login page , the engine unit 12 transmits the login page acquisition request to the Web service unit 22 of the Web service apparatus 20 (step S503). Then, the Web service unit 22 of the Web service apparatus 20 responds with screen information of the login page through the engine unit 12 of the image - forming apparatus 10 to the input and output controlling unit 14. Note that the engine unit 12 analyses the screen information of the login page that has been responded from the Web service unit 22, See also Fig. 10, ¶¶ [0034-0035, 0066, 0126]), and transmit the code to the resource server as a response to the receiving of the authentication request (Hoshino: ¶ [0005] apparatus includes a web browser…, web browser is configured to acquire from the external authentication system a first cookie indicating that the authentication credentials have been authenticated by the external authentication system in accordance with a successful result of the authentication that has been requested, ¶ [0081] that the authentication ticket includes, for example, a ticket name, a value of the authentication ticket (i.e., Cookie value), ¶ [0083] the engine unit 12 transmits to the Web service unit 22 of the Web service apparatus 20 a logout selection page acquisition request the logout selection page acquisition request includes the temporary code acquired from the external service 30 in step S511, ¶¶ [0055-0056, 0079]).
Regarding Claim 4,
Claim 4 is dependent on Claim 1, and the combination of Hoshino and Antipa discloses all the limitations of Claim 1. Hoshino further discloses wherein the federated authentication server transmits the code and the token on a basis of OpenID Connect (Hoshino: ¶ [0026] Web service apparatus 20 may be an information processing apparatus that provides Web services. The Web service apparatus 20 includes a server program 21 . The Web service apparatus 20 provides a Web service via the server program 21, in response to a request from the browser 11 . The Web service apparatus 20 authenticates an account of the Web service provided by the external service 30 (i.e., external authentication of, for example, OpenID), ¶ [0071] the engine unit 12 transmits to the external service 30 a login page acquisition request for acquiring the login page of the external Web service (step S507). Note that the login page acquisition request includes the callback destination URL, ¶ [0083] the engine unit 12 transmits to the Web service unit 22 of the Web service apparatus 20 a logout selection page acquisition request for acquiring the logout selection page 1300 indicated by the callback destination URL (step S513). Note that the logout selection page acquisition request includes the temporary code, ¶ [0098] the logout request for logging out of the
external Web service includes the Web service authentication ticket and the callback destination URL (i.e., URL embedded in the "Logout of External Web Service" button
1301). To be specific, the engine unit 12 transmits, for example, a logout request 2000 illustrated in FIG. 8 to a WebAPI (i.e., logout WebAPI) that is made available to the
public by the external service 30, ¶ [0114] in the case where the user U logs into the Web service through the external authentication such as OpenID, See Fig. 4— engine unit 12).
Regarding Claim 5,
Claim 5 is dependent on Claim 1, and the combination of Hoshino and Antipa discloses all the limitations of Claim 1. Hoshino further discloses wherein the token includes an identification (ID) token or a refresh token (Hoshino: ¶ [0081] that the authentication ticket includes, for example, a ticket name, a value of the authentication ticket (i.e., Cookie value), and an expiring date, ¶ [0100] a ticket name of the authentication ticket is specified and an expiring date, See also Fig. 7).
Regarding Claim 7,
Hoshino discloses a federated authentication method for providing, in cooperation with an authentication server, a function of authenticating a user terminal to a resource server configured to provide a service to the user terminal, the federated authentication method comprising (Hoshino: ¶ [0062] an external authentication process performed by the authentication system 1, ¶¶ [0024, 0125]), See also Claim 11), and discloses all the limitations of Claim 7, in combination with Antipa, as discussed in Claim 1. Therefore, Claim 7 is rejected using the same rationales as discussed in Claim 1.
Regarding Claim 8,
Hoshino discloses a non-transitory computer-readable storage medium storing a program for causing a federated authentication server to execute a federated authentication method for providing, in cooperation with an authentication server, a function of authenticating a user terminal to a resource server configured to provide a service to the user terminal, the federated authentication method comprising (Hoshino: ¶ [0034] RAM 112 may be a volatile semiconductor memory (i.e., memory device), in which a program or data are temporarily held. In the NVRAM 114,
for example, setting information is stored. The HDD 115 may be a non-volatile memory device, in which the browser 11, various programs, and data are stored, ¶ [0035] CPU 111 reads the programs, data, and setting information from the ROM 113, the NVRAM 114, and the HDD 115 to be loaded onto the RAM 112, and performs processes, ¶ [0062] an external authentication process performed by the authentication system 1, ¶ [0024] an image - forming apparatus 10, and a Web service apparatus 20 . The image - forming apparatus 10 and the Webservice apparatus 20 are communicably coupled to each other via a wide - area network N such as the Internet . The authentication system 1 is also communicably coupled to an external service 30 via the network N, ¶¶ [0005, 0025, 0035, 0063, Fig. 2-3 RAM, ROM]), and discloses all the limitations of Claim 8, in combination with Antipa, as discussed in Claim 1. Therefore, Claim 8 is rejected using the same rationales as discussed in Claim 1.
Regarding Claim 9,
Hoshino discloses a federated authentication system (Hoshino: ¶ [0024] The authentication system 1 illustrated in FIG. 1 includes an image-forming apparatus 10, and a Web service apparatus 20. The image-forming apparatus 10 and the Web service apparatus 20 are communicably coupled to each other via a wide-area network N such as the Internet. The authentication system 1 is also communicably coupled to an external service 30 via the network N) comprising:
an authentication server (Hoshino: ¶ [0024] The authentication system 1 illustrated in FIG. 1 includes … the authentication system 1 is also communicably coupled to an external service 30 via the network N); and
a federated authentication server configured to provide, in cooperation with the authentication server, a function of authenticating a user terminal to a resource server configured to provide a service to the user terminal (Hoshino: ¶ [0005] an apparatus for coupling through a network to an external authentication system that allows use of an external service and to a service providing system that provides a given service through authentication performed by the external authentication system,¶ [0024] an image - forming apparatus 10, and a Web service apparatus 20 . The image - forming apparatus 10 and the Webservice apparatus 20 are communicably coupled to each other via a wide - area network N such as the Internet . The authentication system 1 is also communicably coupled to an external service 30 via the network N, ¶¶ [0025, 0063]), wherein the federated authentication server includes:
one or more processors (Hoshino: ¶ [0005] an apparatus for coupling through a network to an external authentication system that allows use of an external service and to a service providing system that provides a given service through authentication performed by the external authentication system, ¶ [0035] CPU 111 reads the programs, data, and setting information from the ROM 113, the NVRAM 114, and the HDD 115 to be loaded onto the RAM 112, and performs processes); and
one or more memories including instructions that, when executed by the one or more processors, causes the federated authentication server to (Hoshino: ¶ [0005] an apparatus for coupling through a network to an external authentication system that allows use of an external service and to a service providing system that provides a given service through authentication performed by the external authentication system, ¶ [0034] RAM 112 may be a volatile semiconductor memory (i.e., memory device), in which a program or data are temporarily held. In the NVRAM 114, for example, setting information is stored. The HDD 115 may be a non-volatile memory device, in which the browser 11, various programs, and data are stored, ¶ [0035]), and discloses all the limitations of Claim 9, in combination with Antipa, as discussed in Claim 1. Therefore, Claim 9 is rejected using the same rationales as discussed in Claim 1.
10. Claim 6 is rejected under 35 U.S.C. 103 as being unpatentable over Hoshino et al. (US 2019/0281037 A1, hereinafter Hoshino) in view of Antipa et al. (US 2015/0312257 Al, hereinafter Antipa), and further in view of Jain et al. (US 2018/0025148 A1, hereinafter Jain).
Regarding Claim 6,
Claim 6 is dependent on Claim 1, and the combination of Hoshino and Antipa discloses all the limitations of Claim 1. It is noted that the combination of Hoshino and Antipa does not explicitly disclose: wherein the one or more memories further causes the federated authentication server to transmit a request for updating the token associated with the code to the authentication server and receive an updated token from the authentication server, and transmit the updated token to the resource server.
However, Jain from the same field of endeavor as the claimed invention discloses Risk - based decisions can be selectively implemented within existing authentication systems to strategically modify and supplement security if an unacceptable risk is detected (Jain: [Abstract], ¶ [0006]), an exemplary system providing a network architecture for an authentication system 100. Authentication system 100 includes a resource server 102 that hosts the various network resources including web pages and applications/information . User device 104 is configured as a terminal running an application requesting to access the various network resources including web pages and applications/information hosted by the resource server (Jain: ¶ [0022], See also [0023-0025]), the authorization server 106 (see FIG. 1 ) calls back end services , and , at step 404 , determines
whether the token has expired (Jain: ¶ [0039]), and if it is determined that the token has
expired at step 404 , then user profile and/or user device attributes are captured at step 408 . Then , after capturing the user and user device attributes, at step 410, the Risk Engine 110 of the device authentication server 112 proceeds to make a risk-based decision on whether to refresh the token or require another authentication/authorization to maintain access to the resource server 102 (i.e. implies that token is transmitted back) for the user device 104 . If the Risk Engine 110 determines the risk is acceptable, at step 412 , it refreshes the token (Jain: ¶ [0040]).
Thus, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to incorporate the teachings of Jain in the teachings of Hoshino. A person having ordinary skill in the art would have been motivated to do so because increasing
the efficiency at which the authentication system authenticates or reauthenticates the user device or user profile in order to grant access to the services and/or information, the user experience becomes more desirable (Jain: ¶ [0020]), and updated tokens allow users to access applications without having to log in frequently and further can help reduce the risk of access token theft because access tokens are short-lived and expire quickly.
Conclusion
11. The prior art made of record and not relied upon is considered pertinent to applicant's disclosure.
US-20160226855-A1
US-20170171201-A1
US-20110239283-A1
US-20180007059-A1
Applicant's amendment necessitated the new ground(s) of rejection presented in this Office action. Accordingly, THIS ACTION IS MADE FINAL. See MPEP § 706.07(a). Applicant is reminded of the extension of time policy as set forth in 37 CFR 1.136(a).
A shortened statutory period for reply to this final action is set to expire THREE MONTHS from the mailing date of this action. In the event a first reply is filed within TWO MONTHS of the mailing date of this final action and the advisory action is not mailed until after the end of the THREE-MONTH shortened statutory period, then the shortened statutory period will expire on the date the advisory action is mailed, and any extension fee pursuant to 37 CFR 1.136(a) will be calculated from the mailing date of the advisory action. In no event, however, will the statutory period for reply expire later than SIX MONTHS from the date of this final action.
Any inquiry concerning this communication or earlier communications from the examiner should be directed to SAMEERA WICKRAMASURIYA whose telephone number is (571)272-1507. The examiner can normally be reached on M-F 9:45am - 6:15pm.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Jung W. Kim can be reached on 571-272-3804. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system. Status information for published applications may be obtained from either Private PAIR or Public PAIR. Status information for unpublished applications is available through Private PAIR only. For more information about the PAIR system, see http://pair-direct.uspto.gov. Should you have questions on access to the Private PAIR system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative or access to the automated information system, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.
/SAMEERA WICKRAMASURIYA/
Examiner, Art Unit 2494
/JUNG W KIM/Supervisory Patent Examiner, Art Unit 2494