TECHNIQUES FOR INTER-CLIENT AUTHORIZATION

Notice of Pre-AIA or AIA Status The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions. In the event the determination of the status of the application as subject to AIA 35 U.S.C. 102 and 103 (or as subject to pre-AIA 35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status. DETAILED ACTION Claims 1-20 are pending in this office action. Priority No foreign priority is claimed. Specification The lengthy specification has not been checked to the extent necessary to determine the presence of all possible minor errors. Applicant's cooperation is requested in correcting any errors of which applicant may become aware in the specification. Claim Rejections - 35 USC § 102 The following is a quotation of the appropriate paragraphs of 35 U.S.C. 102 that form the basis for the rejections under this section made in this Office action: A person shall be entitled to a patent unless – (a)(1) the claimed invention was patented, described in a printed publication, or in public use, on sale or otherwise available to the public before the effective filing date of the claimed invention. (a)(2) the claimed invention was described in a patent issued under section 151, or in an application for patent published or deemed published under section 122(b), in which the patent or application, as the case may be, names another inventor and was effectively filed before the effective filing date of the claimed invention. Claims 1-13 and 15-20 are rejected under 35 U.S.C. 102(a)(1), 102(a)(2) as being anticipated by Dietrich et al. (US 2014/0215589 A1, Dietrich hereinafter). For claim 1, Dietrich teaches a computer-implemented method for establishing sessions via one or more authorization servers (see Abstract; para 0015), comprising: performing a first authorization procedure to establish a first session for a user at a source client (para 0016-0017 - user authorization based on identification using secret key used to establish a first cryptographically secure connection), the first authorization procedure being performed via a first authorization server of the one or more authorization servers (para 0016-0017, 0032-0033 - certificate used for connection authorization is provided by certificate authority or certificates provided via one of the servers or authorities); receiving, from the first authorization server based at least in part on the first authorization procedure, an identity token comprising at least an identifier of the user and an indication of one or more authentication methods associated with the first authorization procedure (para 0015-0016, 0020, 0035 - access token and/or secret keys based on identifier of the client and authorization entity with associated algorithm or procedure are received for establishment of the first connection); and transmitting, to a target client, an inter-client token that is based at least in part on the identity token, wherein the inter-client token is usable for establishing a second session for the user at the target client (para 0017, 0020, 0089, 0110, 0117 - OTP is transmitted which is used in second/third connection establishments). For claim 2, Dietrich teaches the claimed subject matter as discussed above. Dietrich further teaches further comprising: generating the inter-client token based at least in part on the identity token, wherein transmitting the inter-client token is in accordance with the generating and wherein the inter-client token comprises at least the identifier of the user and the indication of the one or more authentication methods (para 0017, 0020-0022, 0059, 0111 - OTP is generated based on algorithm and transmitted, wherein identifier is associated therewith). For claim 3, Dietrich teaches the claimed subject matter as discussed above. Dietrich further teaches wherein receiving the identity token comprises: receiving the identity token based at least in part on a user operation at the source client (para 0015-0016, 0020, 0035 - access token and/or secret keys based on identifier of the client and authorization entity with associated algorithm or procedure are received for establishment of the first connection, wherein the key exchange is based on user request for operation). For claim 4, Dietrich teaches the claimed subject matter as discussed above. Dietrich further teaches the method of claim 3, wherein receiving the identity token comprises: receiving the identity token and one or more of a session token, an actor token, or a refresh token based at least in part on the user operation at the source client (para 0015-0016, 0020, 0022, 0035 - access token and/or secret keys based on identifier of the client and authorization entity with associated algorithm or procedure are received for establishment of the first connection, wherein the key exchange is based on user request for operation followed by receiving of OTP pertaining to session as a session token with limited session validity). For claim 5, Dietrich teaches the claimed subject matter as discussed above. Dietrich further teaches wherein the inter-client token further comprises one or more of an indication of an expiration of the inter-client token, an identifier of the inter-client token to be stored at a second authorization server after use of the inter-client token, or an identifier of the target client (para 0017, 0020, 0089, 0110, 0117 - OTP is transmitted which is used in second/third connection establishments, wherein OTP has inherent one time use and expiration indication within the same). For claim 6, Dietrich teaches the claimed subject matter as discussed above. Dietrich further teaches wherein the identity token includes a signature based at least in part on the identity token being cryptographically signed via the first authorization server, and wherein establishing the second session is based at least in part on the signature being valid (para 0017, 0020, 0089, 0110, 0117 - OTP is transmitted which is used in second/third connection establishments; para 0003, 0026-0027, 0036, 0076 - signature associated with token and ciphertext, wherein token validation is based on decryption). For claim 7, Dietrich teaches the claimed subject matter as discussed above. Dietrich further teaches wherein the indication of the one or more authentication methods comprises a plurality of values associated with the one or more authentication methods (para 0021, 0027, 0067, 0080 - authentication with associated algorithms and/or attributes as plurality of values). For claim 8, Dietrich teaches the claimed subject matter as discussed above. Dietrich further teaches wherein the inter-client token comprises a one-time use token (para 0017, 0020, 0089, 0110, 0117 - OTP is transmitted). For claim 9, Dietrich teaches the claimed subject matter as discussed above. Dietrich further teaches wherein the inter-client token is usable for establishing the second session via the first authorization server or a second authorization server of the one or more authorization servers, and wherein the inter-client token is usable for establishing the second session according to the first authorization procedure or a second authorization procedure para (para 0016-0017, 0020, 0032-0033, 0089, 0110 - certificate used for connection authorization is provided by certificate authority or certificates provided via one of the servers or authorities, and OTP is transmitted which is used in second/third connection establishments). For claim 10, Dietrich teaches the claimed subject matter as discussed above. Dietrich further teaches wherein the source client comprises a first application on a first device and the target client comprises a second application on the first device or a second device (para 0011, 0017, 0020-0022, 0035-0036, 0100 - application layer and service/applications on it). For claim 11, Dietrich teaches the claimed subject matter as discussed above. Dietrich further teaches the method of claim 10, wherein the first application comprises a first type of application and the second application comprises a second type of application that is different from the first type of application (Fig. 4-5; para 0011, 0017, 0020-0022, 0035-0036, 0100 - application layer and different service/applications on it). For claim 12, Dietrich teaches a computer-implemented method for establishing sessions via one or more authorization servers (see Abstract; para 0015), comprising: receiving, from a source client, an inter-client token comprising at least an identifier of a user and an indication of a first set of authentication methods associated with a first authorization procedure between the source client and a first authorization server of the one or more authorization servers, wherein the inter-client token is usable for establishing a session for the user at a target client (para 0016-0017, 0020, 0089, 0110, 0117 - OTP is transmitted which is used in second/third connection establishments, wherein user authorization based on identification using secret key used to establish a first cryptographically secure connection; para 0017, 0020-0022, 0059, 0111 - OTP is generated based on algorithm and transmitted, wherein identifier is associated therewith; para 0015-0016, 0020, 0035 - access token and/or secret keys based on identifier of the client and authorization entity with associated algorithm or procedure are received for establishment of the first connection); transmitting the inter-client token to a second authorization server of the one or more authorization servers, and establishing, based at least in part on the inter-client token, the session for the user at the target client and via the second authorization server, wherein the session is established in accordance with a second authorization procedure between the target client and the second authorization server (para 0017, 0020-0022, 0059, 0089, 0110-0111, 0117 - OTP is transmitted which is used in second/third connection establishments; OTP is generated based on algorithm and transmitted based on cryptographic authorization associated with the secret keys used in encrypted connection). For claim 13, Dietrich teaches the claimed subject matter as discussed above. Dietrich further teaches further comprising: receiving, from the second authorization server and in response to a user operation at the target client, a second inter-client token comprising at least the identifier of the user and an indication of a second set of authentication methods, wherein the second set of authentication methods is associated with the first authorization procedure and the second authorization procedure (para 0016-0017, 0020, 0089, 0110, 0117 - one or more OTPs are transmitted which are used in second/third connection establishments, wherein user authorization based on identification using secret keys used to establish a first cryptographically secure connection; para 0017, 0020-0022, 0059, 0111 - OTPs are generated based on algorithm and transmitted, wherein identifiers are associated therewith). For claim 15, Dietrich teaches the claimed subject matter as discussed above. Dietrich further teaches wherein the indication of the first set of authentication methods comprises a plurality of values associated with the first set of authentication methods (para 0021, 0027, 0067, 0080 - authentication with associated algorithms and/or attributes as plurality of values). For claim 16, Dietrich teaches the claimed subject matter as discussed above. Dietrich further teaches receiving, with the inter-client token, one or more of an indication of an expiration of the inter-client token, an identifier of the inter-client token to be stored at the second authorization server after use of the inter-client token, or an indication of the target client (para 0017, 0020, 0089, 0110, 0117 - OTP is transmitted which is used in second/third connection establishments, wherein OTP has inherent one time use and expiration indication within the same). For claim 17, Dietrich teaches the claimed subject matter as discussed above. Dietrich further teaches wherein the inter-client token includes a signature based at least in part on the inter-client token being cryptographically signed via the first authorization server, and wherein establishing the session is based at least in part on the signature being valid (para 0017, 0020, 0089, 0110, 0117 - OTP is transmitted which is used in second/third connection establishments; para 0003, 0026-0027, 0036, 0076 - signature associated with token and ciphertext, wherein token validation is based on decryption). For claim 18, Dietrich teaches the claimed subject matter as discussed above. Dietrich further teaches wherein establishing the session is further based at least in part on a trust relationship between the first authorization server and the second authorization server (para 0008-0009, 0027, 0034). For claim 19, Dietrich teaches an apparatus for establishing sessions via one or more authorization servers, comprising: one or more memories storing processor-executable code; and one or more processors coupled with the one or more memories and individually or collectively operable to execute the code to cause the apparatus to (see Abstract; Fig. 5; para 0015-0016, 0081, 0086), comprising: perform a first authorization procedure to establish a first session for a user at a source client (para 0016-0017 - user authorization based on identification using secret key used to establish a first cryptographically secure connection), the first authorization procedure being performed via a first authorization server of the one or more authorization servers (para 0016-0017, 0032-0033 - certificate used for connection authorization is provided by certificate authority or certificates provided via one of the servers or authorities); receive, from the first authorization server based at least in part on the first authorization procedure, an identity token comprising at least an identifier of the user and an indication of one or more authentication methods associated with the first authorization procedure (para 0015-0016, 0020, 0035 - access token and/or secret keys based on identifier of the client and authorization entity with associated algorithm or procedure are received for establishment of the first connection); and; transmit, to a target client, an inter-client token that is based at least in part on the identity token, wherein the inter-client token is usable for establishing a second session for the user at the target client (para 0017, 0020, 0089, 0110, 0117 - OTP is transmitted which is used in second/third connection establishments). For claim 20, Dietrich teaches the claimed subject matter as discussed above. Dietrich further teaches wherein, to transmit the inter-client token to the target client, the one or more processors are individually or collectively operable to execute the code to cause the apparatus to: transmit the inter-client token to the target client via a uniform resource locator (URL) redirect, an application deep link, a BLUETOOTH link, a near field communication (NFC) app-to-app exchange, a quick response (QR) code, a local transmission control protocol (TCP) or internet protocol (IP), or any combination thereof (para 0024, 0078, 0111 - QR code for OTP transmission). Allowable Subject Matter Claim 14 is objected to as being dependent upon a rejected base claim, but would be allowable if rewritten in independent form including all of the limitations of the base claim and any intervening claims in addition to overcoming the above-mentioned rejections associated with their parent claims. Conclusion Any inquiry concerning this communication or earlier communications from the examiner should be directed to JAYESH JHAVERI whose telephone number is (571)270-7584. The examiner can normally be reached on Mon-Fri 9 AM to 5 PM. Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, Applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice. If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Jeffrey Pwu can be reached on (571)272-6798. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300. Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system. Status information for published applications may be obtained from either Private PAIR or Public PAIR. Status information for unpublished applications is available through Private PAIR only. For more information about the PAIR system, see http://pair-direct.uspto.gov. Should you have questions on access to the Private PAIR system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative or access to the automated information system, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000. /JAYESH M JHAVERI/Primary Examiner, Art Unit 2433