DETAILED ACTION
Notice of Pre-AIA or AIA Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .
Response to Amendment
This Office action is in response to communications filed on 12/24/2025.
Claims 1, 4-5, and 7-9 have been amended.
Claim 6 has been cancelled.
Claims 1-5 and 7-9 are pending.
Response to Arguments
Applicant's arguments filed 12/24/2025 have been fully considered but they are not fully persuasive. However, upon reconsideration, the examiner agrees that Sato does not teach all of the claimed limitations (see argument (c), below). In the response filed, applicant argues, in substance:
a) In page 8 of the response filed, applicant argues that Sato et al. (US 20150029533 A1, hereinafter Sato) fails to “describe that an access token to be [sic] obtained by using an application” (interpreted by the examiner as failing to describe the limitation “obtaining an access token from the server by executing the application”) because in Sato, ¶[0094], “the authorization server cooperation client 400 receives a client ID and a client secret from the authorization server 200 as a client registration response (authentication result)” (emphasis by applicant). Therefore, applicant argues that Sato discloses “that a client ID and a client secret are sent from the authorization server 200.”
In response to argument (a), the examiner respectfully disagrees.
The limitations recite “obtaining an access token from the server by executing the application”.
During patent examination, the pending claims must be "given their broadest reasonable interpretation consistent with the specification." The Federal Circuit's en banc decision in Phillips v. AWH Corp., 415 F.3d 1303, 75 USPQ2d 1321 (Fed. Cir. 2005) expressly recognized that the USPTO employs the "broadest reasonable interpretation" standard.
Although claims of issued patents are interpreted in light of the specification, prosecution history, prior art and other claims, this is not the mode of claim interpretation to be applied during examination. During examination, the claims must be interpreted as broadly as their terms reasonably allow. In re American Academy of Science Tech Center, 367 F.3d 1359, 1369, 70 USPQ2d 1827, 1834 (Fed. Cir. 2004) (The USPTO uses a different standard for construing claims than that used by district courts; during examination the USPTO must give claims their broadest reasonable interpretation in light of the specification). This means that the words of the claim must be given their plain meaning unless the plain meaning is inconsistent with the specification. In re Zletz, 893 F.2d 319, 321, 13 USPQ2d 1320, 1322 (Fed. Cir. 1989) (discussed below); Chef America, Inc. v. Lamb-Weston, Inc., 358 F.3d 1371, 1372, 69 USPQ2d 1857 (Fed. Cir. 2004).
The structure of an “access token” is not explicitly defined by the claims nor the specification. Therefore, under the broadest reasonable interpretation standard, an “access token” may include any information that can be used to “access” resources.
Similarly, the word “obtain” can be interpreted as, for example, “receive”.
Sato discloses obtain an access token from the server because ¶[0110] recites that the authorization server 200 “sends the authorized token ID” along with related information to authorization server cooperation client 400 (an application of an image forming apparatus, see Fig. 7, elements 300 and 400 and ¶[0064]), meaning the authorization server cooperation client 400 receives the token ID and related information. This “authorized token ID” sent along with the related information constitutes a token (note in ¶[0111], S717, the authorization server cooperation client 400 stores the authorized token ID and the remaining information in a table. This is labeled, in Fig. 7, element S717, as “STORE PARENT TOKEN”). Therefore, the authorization server cooperation client 400 effectively received a token from the server.
Moreover, Sato discloses that the parent token is an “access token” (¶[0041], a parent token enables access to “resources and services”).
Therefore, Sato discloses obtain an access token from the server.
Furthermore, the step of obtaining the access token is performed “by executing the application using the authorization code” as claimed, because in Sato the authorization server 200 only generates the parent token after it is requested by the authorization server cooperation client 400 (¶[0108], "The authorization server cooperation client 400 having received the authorization response sends a token request to the authorization server 200” and ¶[0109], “The authorization server 200 having received the token request performs the following verification, and if verified to be correct, the authorization server 200 generates a parent token (S715)”) using an authorization code (¶[0110], “The token request includes the authorized token ID of the authorization code acquired by the authorization response”).
Therefore, Sato discloses “obtain an access token from the server by executing the application using the authorization code” as claimed.
b) In pages 8-9 of the response filed, applicant argues that Sato (US 20150029533 A1) fails to teach or disclose the limitations “store, in the storage, setting items when obtaining the information on the server by executing the application” because Sato describes that a client ID and a client secret are sent from the authorization server as a client registration response.
In response to argument (b), the examiner respectfully disagrees.
The limitation recites “store, in the storage, setting items when obtaining the information on the server by executing the application.”
The examiner has interpreted the term “setting items” as “the client ID, the client secret, the client name, the client description, and the redirect URL” of ¶[0094] of Sato.
The term “when obtaining information on the server” is interpreted as referring back to the step of “obtain information on the server” which was mapped to obtaining the URL from table 1600 in Sato (¶[0094] and ¶[0104]), here, “obtain” can refer to the moment the table is populated and this table is populated by the authorization server cooperation client 400.
At the time the URL is obtained, the authorization server cooperation client 400 of Sato stores “the client ID, the client secret, the client name, the client description, and the redirect URL, and stores the generated device management table 1600 in the external memory 303 (step S610)”, i.e., the setting items are also stored.
Therefore Sato discloses “store, in the storage, setting items when obtaining the information on the server by executing the application” as claimed.
c) In page 9 of the response filed, applicant argues that the “registration of the authorization code, the registration of the token ID, the authorization code, and the expiration date and time, and the registration of the client ID and the user ID, is executed by the authorization server 200 […] but not the image forming apparatus 300 […] Thus Sato does not describe retaining setting items by an application in the information processing apparatus, reading the settings out of the application, and transmitting the response indicating redirection to the setting items”
In response to argument (c), the examiner respectfully disagrees.
The claimed subject matter does not preempt an external server from processing information. It only requires the information to be processed by the application executing on the image forming apparatus.
That is, if information is created by an external server, and received and used by an application in the image forming apparatus, then the limitations are met.
In Sato, the information generated by the server 200 is provided to the “authorization server cooperation client 400” which is an application in the image forming apparatus of Sato (see Fig. 7, elements 300 and 400 and ¶[0064]).
In fact, the claim limitations require the authorization code and the access token to be received from the server (i.e., “obtain an authorization code from the server” and “obtain an access token from the server”.
Applicant is correct to say that information such as the setting items are received from the server 200, however, those setting items are received by and acted upon by the authorization server cooperation client 400. In particular, the authorization server cooperation client 400 stores the setting items (¶[0094], “the authorization server cooperation client 400 generates the device management table 1600 as shown in FIG. 4B using the client ID, the client secret, the client name, the client description, and the redirect URL, and stores the generated device management table 1600 in the external memory 303 (step S610)”).
Finally, the setting items are “read” from the storage “based on information indicating the redirection target”. That is, in Sato, “the authorization server 200 makes an authorization response (redirect request) to the Web browser 900 such that the response is redirected to the redirect URL to which the authorized token ID of the authorization code has been given” (¶[0107]), that is the authorization server 200 provides “information indicating the redirection target”. Here the target is defined by “the redirect URL”.
In response to the information indicating the redirection target, the authorization server cooperation client 400 “sends a token request to the authorization server 200 (S714). The token request includes the authorized token ID of the authorization code acquired by the authorization response, and the client ID 1601, the client secret 1602, and the redirect URL 1607 in the device management table 1600”, that is, the authorization server cooperation client 400 and not the server 200 reads the setting items which have been stored in table 1600 which would have been necessary to populate the token request, as the token request is generated from the authorization server cooperation client 400 and not the server 200.
However, upon reconsideration, the examiner agrees that Sato fails to disclose “that a redirection to the setting items is performed”.
Claim Rejections - 35 USC § 112
The following is a quotation of the first paragraph of 35 U.S.C. 112(a):
(a) IN GENERAL.—The specification shall contain a written description of the invention, and of the manner and process of making and using it, in such full, clear, concise, and exact terms as to enable any person skilled in the art to which it pertains, or with which it is most nearly connected, to make and use the same, and shall set forth the best mode contemplated by the inventor or joint inventor of carrying out the invention.
The following is a quotation of the first paragraph of pre-AIA 35 U.S.C. 112:
The specification shall contain a written description of the invention, and of the manner and process of making and using it, in such full, clear, concise, and exact terms as to enable any person skilled in the art to which it pertains, or with which it is most nearly connected, to make and use the same, and shall set forth the best mode contemplated by the inventor of carrying out his invention.
Claims 5 is rejected under 35 U.S.C. 112(a) or 35 U.S.C. 112 (pre-AIA ), first paragraph, as failing to comply with the written description requirement. The claim(s) contains subject matter which was not described in the specification in such a way as to reasonably convey to one skilled in the relevant art that the inventor or a joint inventor, or for applications subject to pre-AIA 35 U.S.C. 112, the inventor(s), at the time the application was filed, had possession of the claimed invention.
Regarding claim 5, the limitations recite "cause the user to select another one of the plurality of servers."
Claim 5 depends on claim 1, which recites "a server that issues an access token."
The term "another one of the plurality of servers" has been interpreted as selecting a server that is not the server of claim 1.
There is no support, in the specification as filed, for selecting a server that is different than the server that is communicating with the client.
That is, while the specification supports selecting one of a plurality of servers (¶[0107] of specification, as published), the server that is selected is the server that is used for the OAuth authentication (¶[0108], "the user selects a selectable provider in the list box, the provider to be used in the OAuth authentication (authorization server 20) is determined") and not some other server different than the one selected by the user.
Therefore, claim 5 is rejected as being directed to new matter.
Allowable Subject Matter
Claims 1-4 and 7-9 are allowed.
REASONS FOR ALLOWANCE
The following is an examiner’s statement of reasons for allowance:
The prior art of record fails to teach, neither singly nor in combination, the claimed limitations of “store, in the storage, setting items when obtaining the information on the server by executing the application” with “read the setting items from the storage based on the information indicating the redirection target, such that a redirection to the setting items is performed” as recited in claim 1 and similarly stated in claim(s) 8 and 9. These limitations, in conjunction with other limitations in the independent claim(s), are not specifically disclosed or remotely suggested in the prior art of record. A review of claim(s) 1-4 and 7-9 indicates claim(s) 1-4 and 7-9 are allowable over the prior art of record.
Conclusion
Applicant's amendment necessitated the new ground(s) of rejection presented in this Office action. Accordingly, THIS ACTION IS MADE FINAL. See MPEP § 706.07(a). Applicant is reminded of the extension of time policy as set forth in 37 CFR 1.136(a).
A shortened statutory period for reply to this final action is set to expire THREE MONTHS from the mailing date of this action. In the event a first reply is filed within TWO MONTHS of the mailing date of this final action and the advisory action is not mailed until after the end of the THREE-MONTH shortened statutory period, then the shortened statutory period will expire on the date the advisory action is mailed, and any nonprovisional extension fee (37 CFR 1.17(a)) pursuant to 37 CFR 1.136(a) will be calculated from the mailing date of the advisory action. In no event, however, will the statutory period for reply expire later than SIX MONTHS from the mailing date of this final action.
Any inquiry concerning this communication or earlier communications from the examiner should be directed to BORIS D GRIJALVA LOBOS whose telephone number is (571)272-0767. The examiner can normally be reached M-F 10:30AM to 6:30PM EST.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Brian Gillis can be reached at 571-272-7952. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. Visit https://www.uspto.gov/patents/apply/patent-center for more information about Patent Center and https://www.uspto.gov/patents/docx for information about filing in DOCX format. For additional questions, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.
/BORIS D GRIJALVA LOBOS/ Primary Patent Examiner, Art Unit 2446