CTFR 18/893,079 CTFR 84401 DETAILED ACTION This Office Action has been issued in response to Applicant's Amendments filed March 13, 2023. Claims 21-24 and 26-40 have been amended. Claims 21-40 have been examined and are pending. 07-03-aia AIA 15-10-aia The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA. Response to Arguments Applicant's arguments filed March 13, 2023 have been fully considered but they are moot in view of the new grounds of rejection. Claim Rejections - 35 USC § 112 07-30-01 AIA The following is a quotation of the first paragraph of 35 U.S.C. 112(a): (a) IN GENERAL.—The specification shall contain a written description of the invention, and of the manner and process of making and using it, in such full, clear, concise, and exact terms as to enable any person skilled in the art to which it pertains, or with which it is most nearly connected, to make and use the same, and shall set forth the best mode contemplated by the inventor or joint inventor of carrying out the invention. The following is a quotation of the first paragraph of pre-AIA 35 U.S.C. 112: The specification shall contain a written description of the invention, and of the manner and process of making and using it, in such full, clear, concise, and exact terms as to enable any person skilled in the art to which it pertains, or with which it is most nearly connected, to make and use the same, and shall set forth the best mode contemplated by the inventor of carrying out his invention. Claims 26, 33, and 40 are rejected under 35 U.S.C. 112(a) or 35 U.S.C. 112 (pre-AIA), first paragraph, as failing to comply with the written description requirement. The claim(s) contains subject matter which was not described in the specification in such a way as to reasonably convey to one skilled in the relevant art that the inventor or a joint inventor, or for applications subject to pre-AIA 35 U.S.C. 112, the inventor(s), at the time the application was filed, had possession of the claimed invention. The claims recite the signature value is calculated based on a timestamp. Examiner was unable to find support for this in the specification. Claim Rejections - 35 USC § 103 07-06 AIA 15-10-15 In the event the determination of the status of the application as subject to AIA 35 U.S.C. 102 and 103 (or as subject to pre-AIA 35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis (i.e., changing from AIA to pre-AIA) for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status. 07-20-aia AIA The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action: A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made. 07-23-aia AIA The factual inquiries for establishing a background for determining obviousness under 35 U.S.C. 103 are summarized as follows: 1. Determining the scope and contents of the prior art. 2. Ascertaining the differences between the prior art and the claims at issue. 3. Resolving the level of ordinary skill in the pertinent art. 4. Considering objective evidence present in the application indicating obviousness or nonobviousness. 07-20-02-aia AIA This application currently names joint inventors. In considering patentability of the claims the examiner presumes that the subject matter of the various claims was commonly owned as of the effective filing date of the claimed invention(s) absent any evidence to the contrary. Applicant is advised of the obligation under 37 CFR 1.56 to point out the inventor and effective filing dates of each claim that was not commonly owned as of the effective filing date of the later invention in order for the examiner to consider the applicability of 35 U.S.C. 102(b)(2)(C) for any potential 35 U.S.C. 102(a)(2) prior art against the later invention. 07-21-aia AIA Claim s 21-26, 28-38, and 40 are rejected under 35 U.S.C. 103 as being unpatentable over US Pub. No. 2019/0230081 to Singh et al. (hereinafter “Singh”) and further in view of US Pat. No. 10078537 to Nanda et al. (hereinafter “Nanda”) and further in view of US Pub. No. 2022/0391523 to Kwong et al. (hereinafter “Kwong”) . As to Claim 21, Singh discloses a non-transitory computer-readable storage medium comprising instructions that upon execution cause a system to: intercept, in a first virtual compute node, a first request to access a first secured data source for a requester, and a second request to access a second secured data source for the requester, the first virtual compute node being one of a plurality of virtual compute nodes of a compute cluster in a virtual data processing environment (Paragraph [0030] of Singh discloses a current call from a client to a third-party vendor's API is identified. Paragraph [0018] of Singh discloses FIG. 1 depicts the system 100 with three virtual machines 136-140, which may be referred to as the nodes 136-140, the system 100 may include any number of virtual machines 136-140) , the first secured data source being secured with a first authentication technology, and the second secured data source being secured with a second authentication technology different from the first authentication technology (Paragraph [0006] of Singh discloses the authentication mechanism required for a call made to the third-party vendor's API. Examples of authentication mechanisms include Oauth2, basic authentication, token based authentication, and configuration based custom authentication) ; forward, by the first virtual compute node, the first and second requests to a first data daemon outside the first virtual compute node (Paragraph [0027] of Singh discloses the executor service 132, which may be in or separate from the first virtual machine 136, uses credentials in the credential storage 126 and the configuration file from the configuration storage 124 to create a third-party vendor-understandable authentication call that requests a copy of a refreshed D&B authorization token from the D&B API) ; validate, by the first data daemon [with a credential authority], a first credential associated with the first request and a second credential associated with the second request (Paragraph [0027] of Singh discloses a node can request a copy of a refreshed authorization token from the third-party vendor's API, based on token expiration logic. Token expiration logic can be a set of principals in a computer that specify the validity duration) ; based on successfully validating the first and second credentials : authenticate the requester by the first data daemon with the first secured data source using the first authentication technology, and generate, [by the first data daemon], a first delegation token comprising a first signature value [ calculated by the first data daemon] based on an authentication secret of the first secured data source (Paragraph [0028] of Singh discloses after requesting a copy of a refreshed authorization token from the third-party vendor's API, the requesting node can store the copy of the refreshed authorization token in a shared token storage. For example, the executor service 132, which may be in or separate from the first virtual machine 136, stores the copy of the refreshed D&B authorization token in the shared token storage 134 that is shared by the virtual machines 136-140) ; authenticate the requester by the first data daemon with the second secured data source using the second authentication technology, and generate, [by the first data daemon], a second delegation token comprising a second signature value calculated [by the first data daemon] based on an authentication secret of the second secured data source (Paragraph [0028] of Singh discloses after requesting a copy of a refreshed authorization token from the third-party vendor's API, the requesting node can store the copy of the refreshed authorization token in a shared token storage. For example, the executor service 132, which may be in or separate from the first virtual machine 136, stores the copy of the refreshed D&B authorization token in the shared token storage 134 that is shared by the virtual machines 136-140) send , from the first data daemon, the first and second delegation tokens to a second virtual compute node of the plurality of virtual compute nodes for use in authentications with the first and second secured data sources in response to requests from the second virtual computer node (Paragraph [0028] of Singh discloses the executor service 132, which may be in or separate from the first virtual machine 136, stores the copy of the refreshed D&B authorization token in the shared token storage 134 that is shared by the virtual machines 136-140. Another node can provide another copy of the refreshed authorization token in the shared token storage to another client making the other call to the third-party vendor's API. For example, the third virtual machine 140 provides another copy of the refreshed D&B authorization token, from the shared token storage 134 that is shared by the virtual machines 136-140, to the laptop computer 104 that is making another call to the D&B API) . Singh does not explicitly disclose with a credential authority. However, Nanda discloses this. Column 12 lines 40-50 of Nanda disclose a given workspace automatically deployed in the analytics platform utilizing the controller 310 comprises a data scientist workbench implemented as a Hadoop system comprising multi-node virtual machines with Kerberos security included. Where Kerberos security is understood to include a KDC (key distribution center/credential authority). It would have been obvious to one of ordinary skill in the art before the effective filing of the invention to combine the authentication system as disclosed by Singh, with using Kerberos as disclosed by Nanda. One of ordinary skill in the art would have been motivated to combine to apply a known technique to a known device ready for improvement to yield predictable results. Singh and Nanda are directed toward authentication systems and as such it would be obvious to use the techniques of one in the other. The teachings of Nanda would improve Singh’s security. Paragraph [0006] of Singh discloses authentication mechanisms include token based authentication and Kerberos is a token based authentication. Singh does not explicitly disclose generated and calculated by the first data daemon. However, Kwong discloses this. Paragraph [0052] of Kwong discloses a portion of first token 300 (e.g., a signature section 520 shown in FIG. 5) is cryptographically signed using a private key corresponding to tenant A01 202 or a signature generated using the private key and other portions of first token 300. It would have been obvious to one of ordinary skill in the art before the effective filing of the invention to combine the authentication system as disclosed by Singh, with using generating the token on the tenant systems as disclosed by Kwong. One of ordinary skill in the art would have been motivated to combine to apply a known technique to a known device ready for improvement to yield predictable results. Singh and Kwong are directed toward authentication systems and as such it would be obvious to use the techniques of one in the other. The teachings of Nanda would improve Singh’s security. Paragraph [0067] of Kwong discloses is able to authenticate the request by cryptographically authenticating signature section 520 with cloud-to-cloud interface service 140 and verifying membership of tenant B01 204 in tenant group A 200 with tenant group module 150. As to Claim 22, Singh-Nanda-Kwong discloses the non-transitory computer-readable storage medium of claim 21, send, by the second virtual compute node, the delegation token to a second data daemon for a second request to access the secured data source intercepted in the second virtual compute node (Paragraph [0028] of Singh discloses another node can provide another copy of the refreshed authorization token in the shared token storage to another client making the other call to the third-party vendor's API. For example, the third virtual machine 140 provides another copy of the refreshed D&B authorization token, from the shared token storage 134 that is shared by the virtual machines 136-140, to the laptop computer 104 that is making another call to the D&B API) ; validate, by the second data daemon, the delegation token from the second virtual compute node (Paragraph [0027] of Singh discloses a node can request a copy of a refreshed authorization token from the third-party vendor's API, based on token expiration logic. Token expiration logic can be a set of principals in a computer that specify the validity duration) ; and based on validating the delegation token, authenticate, by the second data daemon, with the secured data source for a requester that initiated the second request (Paragraph [0028] of Singh discloses another node can provide another copy of the refreshed authorization token in the shared token storage to another client making the other call to the third-party vendor's API. For example, the third virtual machine 140 provides another copy of the refreshed D&B authorization token, from the shared token storage 134 that is shared by the virtual machines 136-140, to the laptop computer 104 that is making another call to the D&B API) (Paragraph [0006] of Singh discloses the authentication mechanism required for a call made to the third-party vendor's API. Examples of authentication mechanisms include Oauth2, basic authentication, token based authentication, and configuration based custom authentication) . As to Claim 23, Singh-Nanda-Kwong discloses the non-transitory computer-readable storage medium of claim 21, wherein the first authentication technology for the first secured data source uses a first type of authentication secret, and the second security authentication technology for the second secured data source uses a second type of authentication secret different from the first type of authentication secret (Paragraph [0006] of Singh discloses the authentication mechanism required for a call made to the third-party vendor's API. Examples of authentication mechanisms include Oauth2, basic authentication, token based authentication, and configuration based custom authentication) . As to Claim 24, Singh-Nanda-Kwong discloses the non-transitory computer-readable storage medium of claim 21, wherein the first request is intercepted by a first data agent in the first virtual compute node, the first data agent implements an API (Application Programming Interface), and the first request to access the secured data source is made via the API (Paragraph [0030] of Singh discloses a current call from a client to a third-party vendor's API is identified) . As to Claim 25, Singh-Nanda-Kwong discloses the non-transitory computer-readable storage medium of claim 24, wherein the API includes a Hadoop Distributed File System (HDFS) API (Column 12 lines 40-50 of Nanda disclose a given workspace automatically deployed in the analytics platform utilizing the controller 310 comprises a data scientist workbench implemented as a Hadoop system comprising multi-node virtual machines with Kerberos security included) . Examiner recites the same rationale to combine used for claim 21. As to Claim 26, Singh-Nanda-Kwong discloses the non-transitory computer-readable storage medium of claim 21, wherein the first signature value is calculated by the first data daemon further based on a first timestamp, and the second signature value is calculated by the first data daemon further based on a second timestamp (Paragraph [0027] of Singh discloses a node can request a copy of a refreshed authorization token from the third-party vendor's API, based on token expiration logic. Token expiration logic can be a set of principals in a computer that specify the validity duration) . As to Claim 27, Singh-Nanda-Kwong discloses the non-transitory computer-readable storage medium of claim 21 wherein the first signature value is calculated by the first data daemon further based on an identifier of the first secured data source, and the second signature value is calculated by the first data daemon further based on an identifier of the second secured data source (Paragraph [0052] of Kwong discloses a portion of first token 300 (e.g., a signature section 520 shown in FIG. 5) is cryptographically signed using a private key corresponding to tenant A01 202 or a signature generated using the private key and other portions of first token 300) . Examiner recites the same rationale to combine used for claim 21. As to Claim 28, Singh-Nanda-Kwong discloses the non-transitory computer-readable storage medium of claim 21, further comprising instructions that when executed cause the system to: request the first credential from the credential authority and receive the first credential at the first virtual compute node (Column 12 lines 40-50 of Nanda disclose a given workspace automatically deployed in the analytics platform utilizing the controller 310 comprises a data scientist workbench implemented as a Hadoop system comprising multi-node virtual machines with Kerberos security included. Where Kerberos security is understood to include a KDC (key distribution center/credential authority) . Examiner recites the same rationale to combine used for claim 21. As to Claim 29, Singh-Nanda-Kwong discloses the non-transitory computer-readable storage medium of claim 28, wherein the first credential is a Kerberos credential, and the credential authority is a Kerberos Key Distribution Center (KDC) (Column 12 lines 40-50 of Nanda disclose a given workspace automatically deployed in the analytics platform utilizing the controller 310 comprises a data scientist workbench implemented as a Hadoop system comprising multi-node virtual machines with Kerberos security included. Where Kerberos security is understood to include a KDC (key distribution center/credential authority) . Examiner recites the same rationale to combine used for claim 21. As to Claim 30, Singh-Nanda-Kwong discloses the non-transitory computer-readable storage medium of claim 21, wherein the first virtual compute node includes a container or a virtual machine (Paragraph [0018] of Singh discloses FIG. 1 depicts the system 100 with three virtual machines 136-140, which may be referred to as the nodes 136-140, the system 100 may include any number of virtual machines 136-140) . As to Claim 31, Singh discloses a method comprising: intercepting, in a first virtual compute node, a first request to access a first secured data source for a requester, and a second request to access a second secured data source for the requester, the first virtual compute node being one of a plurality of virtual compute nodes of a compute cluster in a virtual data processing environment (Paragraph [0030] of Singh discloses a current call from a client to a third-party vendor's API is identified. Paragraph [0018] of Singh discloses FIG. 1 depicts the system 100 with three virtual machines 136-140, which may be referred to as the nodes 136-140, the system 100 may include any number of virtual machines 136-140) , the first secured data source being secured with a first authentication technology, and the second secured data source being secured with a second authentication technology different from the first authentication technology (Paragraph [0006] of Singh discloses the authentication mechanism required for a call made to the third-party vendor's API. Examples of authentication mechanisms include Oauth2, basic authentication, token based authentication, and configuration based custom authentication) ; forwarding, by the first virtual compute node, the first and second requests to a first data daemon outside the first virtual compute node (Paragraph [0027] of Singh discloses the executor service 132, which may be in or separate from the first virtual machine 136, uses credentials in the credential storage 126 and the configuration file from the configuration storage 124 to create a third-party vendor-understandable authentication call that requests a copy of a refreshed D&B authorization token from the D&B API) ; validating, by the first data daemon [with a credential authority], a first credential associated with the first request and a second credential associated with the second request (Paragraph [0027] of Singh discloses a node can request a copy of a refreshed authorization token from the third-party vendor's API, based on token expiration logic. Token expiration logic can be a set of principals in a computer that specify the validity duration) ; based on successfully validating the first and second credentials : authenticate the requester by the first data daemon with the first secured data source using the first authentication technology, and generate, [by the first data daemon], a first delegation token comprising a first signature value calculated [by the first data daemon] based on an authentication secret of the first secured data source (Paragraph [0028] of Singh discloses after requesting a copy of a refreshed authorization token from the third-party vendor's API, the requesting node can store the copy of the refreshed authorization token in a shared token storage. For example, the executor service 132, which may be in or separate from the first virtual machine 136, stores the copy of the refreshed D&B authorization token in the shared token storage 134 that is shared by the virtual machines 136-140) ; authenticate the requester by the first data daemon with the second secured data source using the second authentication technology, and generate, [by the first data daemon], a second delegation token comprising a second signature value calculated [by the first data daemon] based on an authentication secret of the second secured data source (Paragraph [0028] of Singh discloses after requesting a copy of a refreshed authorization token from the third-party vendor's API, the requesting node can store the copy of the refreshed authorization token in a shared token storage. For example, the executor service 132, which may be in or separate from the first virtual machine 136, stores the copy of the refreshed D&B authorization token in the shared token storage 134 that is shared by the virtual machines 136-140) sending the first and second delegation tokens from the first data daemon to a second virtual compute node of the plurality of virtual compute nodes for use in authentications with the first and second secured data sources in response to requests from the second virtual computer node (Paragraph [0028] of Singh discloses the executor service 132, which may be in or separate from the first virtual machine 136, stores the copy of the refreshed D&B authorization token in the shared token storage 134 that is shared by the virtual machines 136-140. Another node can provide another copy of the refreshed authorization token in the shared token storage to another client making the other call to the third-party vendor's API. For example, the third virtual machine 140 provides another copy of the refreshed D&B authorization token, from the shared token storage 134 that is shared by the virtual machines 136-140, to the laptop computer 104 that is making another call to the D&B API) ; Singh does not explicitly disclose with a credential authority. However, Nanda discloses this. Column 12 lines 40-50 of Nanda disclose a given workspace automatically deployed in the analytics platform utilizing the controller 310 comprises a data scientist workbench implemented as a Hadoop system comprising multi-node virtual machines with Kerberos security included. Where Kerberos security is understood to include a KDC (key distribution center/credential authority). Examiner recites the same rationale to combine used for claim 21. Singh does not explicitly disclose generated and calculated by the first data daemon. However, Kwong discloses this. Paragraph [0052] of Kwong discloses a portion of first token 300 (e.g., a signature section 520 shown in FIG. 5) is cryptographically signed using a private key corresponding to tenant A01 202 or a signature generated using the private key and other portions of first token 300. Examiner recites the same rationale to combine used for claim 21. As to Claim 32, Singh-Nanda-Kwong discloses the method of claim 31, sending, by the second virtual compute node, the delegation token to a second data daemon for a second request to access the secured data source intercepted in the second virtual compute node (Paragraph [0028] of Singh discloses another node can provide another copy of the refreshed authorization token in the shared token storage to another client making the other call to the third-party vendor's API. For example, the third virtual machine 140 provides another copy of the refreshed D&B authorization token, from the shared token storage 134 that is shared by the virtual machines 136-140, to the laptop computer 104 that is making another call to the D&B API) ; validating, by the second data daemon, the delegation token from the second virtual compute node (Paragraph [0027] of Singh discloses a node can request a copy of a refreshed authorization token from the third-party vendor's API, based on token expiration logic. Token expiration logic can be a set of principals in a computer that specify the validity duration) ; and based on validating the delegation token, authenticate, by the second data daemon, with the secured data source for a requester that initiated the second request (Paragraph [0028] of Singh discloses another node can provide another copy of the refreshed authorization token in the shared token storage to another client making the other call to the third-party vendor's API. For example, the third virtual machine 140 provides another copy of the refreshed D&B authorization token, from the shared token storage 134 that is shared by the virtual machines 136-140, to the laptop computer 104 that is making another call to the D&B API) (Paragraph [0006] of Singh discloses the authentication mechanism required for a call made to the third-party vendor's API. Examples of authentication mechanisms include Oauth2, basic authentication, token based authentication, and configuration based custom authentication) . As to Claim 33, Singh-Nanda-Kwong discloses the method of claim 31, wherein the first signature value is calculated by the first data daemon further based on a first timestamp , and the second signature value is calculated by the first data daemon further based on a second timestamp (Paragraph [0027] of Singh discloses a node can request a copy of a refreshed authorization token from the third-party vendor's API, based on token expiration logic. Token expiration logic can be a set of principals in a computer that specify the validity duration) . As to Claim 34, Singh-Nanda-Kwong discloses the method of claim 31, wherein the first authentication technology for the first secured data source uses a first type of authentication secret, and the second authentication technology for the second secured data source uses a second type of authentication secret different from the first type of authentication secret (Paragraph [0006] of Singh discloses the authentication mechanism required for a call made to the third-party vendor's API. Examples of authentication mechanisms include Oauth2, basic authentication, token based authentication, and configuration based custom authentication) . As to Claim 35, Singh-Nanda-Kwong discloses the method of claim 31, wherein the first credential is a Kerberos credential, and the credential authority is a Kerberos Key Distribution Center (KDC) (Column 12 lines 40-50 of Nanda disclose a given workspace automatically deployed in the analytics platform utilizing the controller 310 comprises a data scientist workbench implemented as a Hadoop system comprising multi-node virtual machines with Kerberos security included. Where Kerberos security is understood to include a KDC (key distribution center/credential authority) . Examiner recites the same rationale to combine used for claim 21. As to Claim 36, Singh discloses a computing system comprising: a processor; and a non-transitory storage medium storing instructions executable on the processor to: intercept, in a first virtual compute node, a first request to access a first secured data source for a requester, and a second request to access a second secured data source for the requester, the first virtual compute node being one of a plurality of virtual compute nodes of a compute cluster in a virtual data processing environment (Paragraph [0030] of Singh discloses a current call from a client to a third-party vendor's API is identified. Paragraph [0018] of Singh discloses FIG. 1 depicts the system 100 with three virtual machines 136-140, which may be referred to as the nodes 136-140, the system 100 may include any number of virtual machines 136-140) , the first secured data source being secured with a first authentication technology, and the second secured data source being secured with a second authentication technology different from the first authentication technology (Paragraph [0006] of Singh discloses the authentication mechanism required for a call made to the third-party vendor's API. Examples of authentication mechanisms include Oauth2, basic authentication, token based authentication, and configuration based custom authentication) ; forward, by the first virtual compute node, the first and second requests to a first data daemon outside the first virtual compute node (Paragraph [0027] of Singh discloses the executor service 132, which may be in or separate from the first virtual machine 136, uses credentials in the credential storage 126 and the configuration file from the configuration storage 124 to create a third-party vendor-understandable authentication call that requests a copy of a refreshed D&B authorization token from the D&B API) ; validate, by the first data daemon [with a credential authority], a first credential associated with the first request and a second credential associated with the second request (Paragraph [0027] of Singh discloses a node can request a copy of a refreshed authorization token from the third-party vendor's API, based on token expiration logic. Token expiration logic can be a set of principals in a computer that specify the validity duration) ; based on successfully validating the first and second credentials : authenticate the requester by the first data daemon with the first secured data source using the first authentication technology, and generate, [by the first data daemon], a first delegation token comprising a first signature value calculated [by the first data daemon] based on an authentication secret of the first secured data source (Paragraph [0028] of Singh discloses after requesting a copy of a refreshed authorization token from the third-party vendor's API, the requesting node can store the copy of the refreshed authorization token in a shared token storage. For example, the executor service 132, which may be in or separate from the first virtual machine 136, stores the copy of the refreshed D&B authorization token in the shared token storage 134 that is shared by the virtual machines 136-140) ; authenticate the requester by the first data daemon with the second secured data source using the second authentication technology, and generate, [by the first data daemon], a second delegation token comprising a second signature value calculated [by the first data daemon] based on an authentication secret of the second secured data source (Paragraph [0028] of Singh discloses after requesting a copy of a refreshed authorization token from the third-party vendor's API, the requesting node can store the copy of the refreshed authorization token in a shared token storage. For example, the executor service 132, which may be in or separate from the first virtual machine 136, stores the copy of the refreshed D&B authorization token in the shared token storage 134 that is shared by the virtual machines 136-140) send , from the first data daemon, the first and second delegation tokens to a second virtual compute node of the plurality of virtual compute nodes for use in authentications with the first and second secured data sources in response to requests from the second virtual computer node (Paragraph [0028] of Singh discloses the executor service 132, which may be in or separate from the first virtual machine 136, stores the copy of the refreshed D&B authorization token in the shared token storage 134 that is shared by the virtual machines 136-140. Another node can provide another copy of the refreshed authorization token in the shared token storage to another client making the other call to the third-party vendor's API. For example, the third virtual machine 140 provides another copy of the refreshed D&B authorization token, from the shared token storage 134 that is shared by the virtual machines 136-140, to the laptop computer 104 that is making another call to the D&B API) . Singh does not explicitly disclose with a credential authority. However, Nanda discloses this. Column 12 lines 40-50 of Nanda disclose a given workspace automatically deployed in the analytics platform utilizing the controller 310 comprises a data scientist workbench implemented as a Hadoop system comprising multi-node virtual machines with Kerberos security included. Where Kerberos security is understood to include a KDC (key distribution center/credential authority). Examiner recites the same rationale to combine used for claim 21. Singh does not explicitly disclose generated and calculated by the first data daemon. However, Kwong discloses this. Paragraph [0052] of Kwong discloses a portion of first token 300 (e.g., a signature section 520 shown in FIG. 5) is cryptographically signed using a private key corresponding to tenant A01 202 or a signature generated using the private key and other portions of first token 300. Examiner recites the same rationale to combine used for claim 21. As to Claim 37, Singh-Nanda-Kwong discloses the computing system of claim 36, wherein the instructions are executable on the processor to: send, by the second virtual compute node, the delegation token to a second data daemon for a second request to access the secured data source intercepted in the second virtual compute node (Paragraph [0028] of Singh discloses another node can provide another copy of the refreshed authorization token in the shared token storage to another client making the other call to the third-party vendor's API. For example, the third virtual machine 140 provides another copy of the refreshed D&B authorization token, from the shared token storage 134 that is shared by the virtual machines 136-140, to the laptop computer 104 that is making another call to the D&B API) ; validate, by the second data daemon, the delegation token from the second virtual compute node (Paragraph [0027] of Singh discloses a node can request a copy of a refreshed authorization token from the third-party vendor's API, based on token expiration logic. Token expiration logic can be a set of principals in a computer that specify the validity duration) ; and based on validating the delegation token, authenticate, by the second data daemon, with the secured data source for a requester that initiated the second request (Paragraph [0028] of Singh discloses another node can provide another copy of the refreshed authorization token in the shared token storage to another client making the other call to the third-party vendor's API. For example, the third virtual machine 140 provides another copy of the refreshed D&B authorization token, from the shared token storage 134 that is shared by the virtual machines 136-140, to the laptop computer 104 that is making another call to the D&B API) (Paragraph [0006] of Singh discloses the authentication mechanism required for a call made to the third-party vendor's API. Examples of authentication mechanisms include Oauth2, basic authentication, token based authentication, and configuration based custom authentication) . As to Claim 38, Singh-Nanda-Kwong discloses the computing system of claim 36, wherein the first authentication technology for the first secured data source uses a first type of authentication secret, and the second authentication technology for the second secured data source uses a second type of authentication secret different from the first type of authentication secret (Paragraph [0006] of Singh discloses the authentication mechanism required for a call made to the third-party vendor's API. Examples of authentication mechanisms include Oauth2, basic authentication, token based authentication, and configuration based custom authentication) . As to Claim 40, Singh-Nanda-Kwong discloses the computing system of claim 36, wherein the first signature value is calculated by the first data daemon further based on a first timestamp and the second signature value is calculated by the first data daemont further based on a second timestamp (Paragraph [0027] of Singh discloses a node can request a copy of a refreshed authorization token from the third-party vendor's API, based on token expiration logic. Token expiration logic can be a set of principals in a computer that specify the validity duration) . 07-21-aia AIA Claim 39 are rejected under 35 U.S.C. 103 as being unpatentable over Singh-Nanda-Kwong and further in view of US Pub. No. 2013/0117567 to Chang et al. (hereinafter “Chang”) . As to Claim 39, Singh-Nanda-Kwong discloses the computing system of claim 37. Singh-Nanda-Kwong does not explicitly disclose wherein the validating of the delegation token by the second data daemon comprises: calculating, by the second data daemon, a signature value based on the authentication secret of the first secured data source, and comparing, by the second data daemon, the calculated signature value to the first signature value in the first delegation token. However, Chang discloses this. Paragraph [0086] of Chang discloses Issuer digital signature 445 includes a signature generated by the owner using the owner's private key for validating token integrity. The issuer digital signature is generated by hashing the expiration time of the token (or other elements thereof) and encrypting that hash with the issuer internal private key for the virtual node. The issuer public key provided above may be used to verify the token by decrypting the signature with the public key and comparing the result to a hash of the expiration time. If there is a difference, then the token may have been corrupted. It would have been obvious to one of ordinary skill in the art before the effective filing of the invention to combine the authentication system as disclosed by Singh, with validating signatures as disclosed by Chang. One of ordinary skill in the art would have been motivated to combine to apply a known technique to a known device ready for improvement to yield predictable results. Singh and Chang are directed toward authentication systems and as such it would be obvious to use the techniques of one in the other. Implementing the techniques of Chang in Singh would improve security by identifying corrupted tokens. Conclusion 07-40 AIA Applicant's amendment necessitated the new ground(s) of rejection presented in this Office action. Accordingly, THIS ACTION IS MADE FINAL . See MPEP § 706.07(a). Applicant is reminded of the extension of time policy as set forth in 37 CFR 1.136(a). A shortened statutory period for reply to this final action is set to expire THREE MONTHS from the mailing date of this action. In the event a first reply is filed within TWO MONTHS of the mailing date of this final action and the advisory action is not mailed until after the end of the THREE-MONTH shortened statutory period, then the shortened statutory period will expire on the date the advisory action is mailed, and any nonprovisional extension fee (37 CFR 1.17(a)) pursuant to 37 CFR 1.136(a) will be calculated from the mailing date of the advisory action. In no event, however, will the statutory period for reply expire later than SIX MONTHS from the mailing date of this final action. Any inquiry concerning this communication or earlier communications from the examiner should be directed to Kevin S Mai whose telephone number is (571)270-5001. The examiner can normally be reached Monday to Friday 9AM to 5PM. Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice. If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Philip Chea can be reached at 5712723951. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300. Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. Visit https://www.uspto.gov/patents/apply/patent-center for more information about Patent Center and https://www.uspto.gov/patents/docx for information about filing in DOCX format. For additional questions, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000. /KEVIN S MAI/Primary Examiner, Art Unit 2499 Application/Control Number: 18/893,079 Page 2 Art Unit: 2499 Application/Control Number: 18/893,079 Page 3 Art Unit: 2499 Application/Control Number: 18/893,079 Page 4 Art Unit: 2499 Application/Control Number: 18/893,079 Page 5 Art Unit: 2499 Application/Control Number: 18/893,079 Page 6 Art Unit: 2499 Application/Control Number: 18/893,079 Page 7 Art Unit: 2499 Application/Control Number: 18/893,079 Page 8 Art Unit: 2499 Application/Control Number: 18/893,079 Page 9 Art Unit: 2499 Application/Control Number: 18/893,079 Page 10 Art Unit: 2499 Application/Control Number: 18/893,079 Page 12 Art Unit: 2499 Application/Control Number: 18/893,079 Page 13 Art Unit: 2499 Application/Control Number: 18/893,079 Page 14 Art Unit: 2499 Application/Control Number: 18/893,079 Page 15 Art Unit: 2499 Application/Control Number: 18/893,079 Page 16 Art Unit: 2499 Application/Control Number: 18/893,079 Page 17 Art Unit: 2499 Application/Control Number: 18/893,079 Page 18 Art Unit: 2499 Application/Control Number: 18/893,079 Page 19 Art Unit: 2499 Application/Control Number: 18/893,079 Page 21 Art Unit: 2499 Application/Control Number: 18/893,079 Page 22 Art Unit: 2499 Application/Control Number: 18/893,079 Page 23 Art Unit: 2499