Notice of Pre-AIA  or AIA  Status
The present application is being examined under the pre-AIA  first to invent provisions. 
DETAILED ACTION
This office action is in response to the communication filed on 10/22/2018.
Claims 1-48 have been examined.

Information Disclosure Statement
The information disclosure statements (IDS) submitted on 10/22/2018 in compliance with the provisions of 37 CFR 1.97.  Accordingly, the information disclosure statement is being considered by the examiner.

Specification
Applicant is reminded of the proper language and format for an abstract of the disclosure.

The abstract should be in narrative form and generally limited to a single paragraph on a separate sheet within the range of 50 to 150 words.  The form and legal phraseology often used in patent claims, such as "means" and "said," should be avoided.  The abstract should describe the disclosure sufficiently to assist readers in deciding whether there is a need for consulting the full patent text for details.

The language should be clear and concise and should not repeat information given in the title.  It should avoid using phrases which can be implied, such as, "The disclosure concerns," "The disclosure defined by this invention," "The disclosure describes," etc.

The abstract of the disclosure is objected to because it contains phrases which can be implied (“This system provides”).  Correction is required.  See MPEP § 608.01(b).


The claims recite the following or similar claim language:
“receive information from the at least one client device via the network, the information comprising a user authorization and a device authorization, wherein the device authorization corresponds to a security rating of the at least one client device, the security rating of the at least one client device being based on security specifications of software and hardware of the at least one client device; evaluate the information according to at least one predetermined criterion;” (Claims 1 and 34)
“the at least one client device contains a secure system clock configured to prevent altering of system time by the user” (Claims 3 and 36)
“at least one client device has access to at least one enhanced capability after a confirmation of the presence of the secure system clock.” (Claims 4 and 37)
“at least one security certificate is used for communication of information related to the at least one of: content key, a session key, a token, content usage parameters, a user authorization, device authorization, status of content previously sent, content owned or purchased by user, or a status of the content requested” (Claims 7 and 40)
“at least one content key is embedded with the content” (Claims 9 and 41)
“at least one content usage parameter is embedded with the content” (Claims 10 and 42)
“the at least one client device is at least one of: a game console, a digital video recorder, a television, a satellite television receiver, a cable television receiver, a digital camera, a computer, a content storage device, a radio receiver, a telephony device, an optical storage 
“the user authorization specifies at least one of: information related to content previously sent to the user, user subscription information, information related to user authorization for additional content, or at least one user permission related to content access” (Claims 15 and 45)
“the device authorization specifies at least one of: the at least one client device has a proper security rating and is registered to a valid user domain, the at least one client device has a proper security rating and contains a secure system clock, or the at least one client device has a proper security rating and is registered to the user” (Claims 16 and 46)
“the content provider sends the data to update the public/private key pair associated with the at least one client device” (Claim 24) 
“the at least one client device uses at least one algorithm to calculate at least one public key-private key encryption pair for the at least one client device based upon at least one of: a time that data is sent from the content provider, a predetermined schedule, or at least one security requirement” (Claim 25)
“the content further comprises at least one of: content that is purchased by a user, content that is rented by the user, or content that is part of a subscription associated with the user” (Claims 26 and 43)

The examiner has looked to the instant specification as well as the specifications of the parent applications and can find no support for such specific claim language.  As such, the specification is objected to for failing to provide proper antecedent basis for the claims. 
.
Drawings
The drawings are objected to under 37 CFR 1.83(a).  The drawings must show every feature of the invention specified in the claims.  Therefore, the receipt of and evaluation of a security rating which is based on security specifications of software and hardware of the client device must be shown or the feature(s) canceled from the claim(s).  All of the features discussed above with regards to the specification lacking antecedent basis are also missing from the drawings and must be shown or canceled from the claims.  No new matter should be entered.
Corrected drawing sheets in compliance with 37 CFR 1.121(d) are required in reply to the Office action to avoid abandonment of the application. Any amended replacement drawing sheet should include all of the figures appearing on the immediate prior version of the sheet, even if only one figure is being amended. The figure or figure number of an amended drawing should not be labeled as “amended.” If a drawing figure is to be canceled, the appropriate figure must be removed from the replacement sheet, and where necessary, the remaining figures must be renumbered and appropriate changes made to the brief description of the several views of the drawings for consistency. Additional replacement sheets may be necessary to show the renumbering of the remaining figures. Each drawing sheet submitted after the filing date of an application must be labeled in the top margin as either “Replacement Sheet” or “New Sheet” pursuant to 37 CFR 1.121(d). If the changes are not accepted by the examiner, the applicant will be notified and informed of any required corrective action in the next Office action. The objection to the drawings will not be held in abeyance.




Claim Rejections - 35 USC § 112
The following is a quotation of the first paragraph of 35 U.S.C. 112(a):
(a) IN GENERAL.—The specification shall contain a written description of the invention, and of the manner and process of making and using it, in such full, clear, concise, and exact terms as to enable any person skilled in the art to which it pertains, or with which it is most nearly connected, to make and use the same, and shall set forth the best mode contemplated by the inventor or joint inventor of carrying out the invention.

The following is a quotation of the first paragraph of pre-AIA  35 U.S.C. 112:
The specification shall contain a written description of the invention, and of the manner and process of making and using it, in such full, clear, concise, and exact terms as to enable any person skilled in the art to which it pertains, or with which it is most nearly connected, to make and use the same, and shall set forth the best mode contemplated by the inventor of carrying out his invention.

Claims 1-48 are rejected under 35 U.S.C. 112(a) or 35 U.S.C. 112 (pre-AIA ), first paragraph, as failing to comply with the written description requirement. The claim(s) contains subject matter which was not described in the specification in such a way as to reasonably convey to one skilled in the relevant art that the inventor or a joint inventor, or for applications subject to pre-AIA  35 U.S.C. 112, the inventor(s), at the time the application was filed, had possession of the claimed invention.
The claims recite the following or similar claim language:
“receive information from the at least one client device via the network, the information comprising a user authorization and a device authorization, wherein the device authorization corresponds to a security rating of the at least one client device, the security rating of the at least one client device being based on security specifications of software and hardware of the at least one client device; evaluate the information according to at least one predetermined criterion;” (Claims 1 and 34)
“the at least one client device contains a secure system clock configured to prevent altering of system time by the user” (Claims 3 and 36)
“at least one client device has access to at least one enhanced capability after a confirmation of the presence of the secure system clock.” (Claims 4 and 37)
“at least one security certificate is used for communication of information related to the at least one of: content key, a session key, a token, content usage parameters, a user authorization, device authorization, status of content previously sent, content owned or purchased by user, or a status of the content requested” (Claims 7 and 40)
“at least one content key is embedded with the content” (Claims 9 and 41)
“at least one content usage parameter is embedded with the content” (Claims 10 and 42)
“the at least one client device is at least one of: a game console, a digital video recorder, a television, a satellite television receiver, a cable television receiver, a digital camera, a computer, a content storage device, a radio receiver, a telephony device, an optical storage device, a set-top box, or a digital media player” (Claims 14 and 44 – The specification seems to only support a digital camera being the source of content, not the recipient/client device)
“the user authorization specifies at least one of: information related to content previously sent to the user, user subscription information, information related to user authorization for additional content, or at least one user permission related to content access” (Claims 15 and 45)
“the device authorization specifies at least one of: the at least one client device has a proper security rating and is registered to a valid user domain, the at least one client device has a proper security rating and contains a secure system clock, or the at least one client device has a proper security rating and is registered to the user” (Claims 16 and 46)
“the content provider sends the data to update the public/private key pair associated with the at least one client device” (Claim 24) 
“the at least one client device uses at least one algorithm to calculate at least one public key-private key encryption pair for the at least one client device based upon at least one of: a time that data is sent from the content provider, a predetermined schedule, or at least one security requirement” (Claim 25)
“the content further comprises at least one of: content that is purchased by a user, content that is rented by the user, or content that is part of a subscription associated with the user” (Claims 26 and 43)
The examiner has looked to the instant specification as well as the specifications of the parent applications and can find no support for such specific claim language.  As such, the person having ordinary skill in the art would not be able to ascertain whether or not the applicants, at the effective filing date, were in possession of the invention as claimed.  As such, the claims are rejected for failing to meet the written description requirement.  Any claim not specifically detailed above is rejected by virtue of their dependence upon one of the above described claims.
The examiner requests the applicants show evidence of how these limitations are supported by the originally filed specification by providing support with page and line numbers used for reference to the claim limitations.
Claims 1-48 are rejected under 35 U.S.C. 112(a) or 35 U.S.C. 112 (pre-AIA ), first paragraph, as failing to comply with the enablement requirement.  The claim(s) contains subject 
With respect to claims 1 and 34, it is recited that the license server is configured to “receive information from the at least one client device via the network, the information comprising a user authorization and a device authorization, wherein the device authorization corresponds to a security rating of the at least one client device, the security rating of the at least one client device being based on security specifications of software and hardware of the at least one client device; evaluate the information according to at least one predetermined criterion;”.
Based on the lack of disclosure of the above limitations in the instant specification, it is unclear what the security rating is, how it is created, how it is based upon security specifications of software and hardware, what the security specifications of the hardware or software of the client device entail, how these security specifications are used to create a security rating, or how the information including the security rating is evaluated based upon a criterion.  
With respect to claims 3 and 36, it is recited that “the at least one client device contains a secure system clock configured to prevent altering of system time by the user”.
Based on the lack of disclosure of the above limitations in the instant specification, it is unclear how to prevent altering of system time by the user.
Regarding claims 4 and 37, it is recited that “at least one client device has access to at least one enhanced capability after a confirmation of the presence of the secure system clock.” 
Based on the lack of disclosure of the above limitations in the instant specification, it is unclear how presence of a secure system clock is confirmed.

Based on the lack of disclosure of the above limitations in the instant specification, it is unclear how to embed a content key in the content.
Regarding claims 10 and 42, it is recited that “at least one content usage parameter is embedded with the content”.
Based on the lack of disclosure of the above limitations in the instant specification, it is unclear how to embed a content usage parameter in the content.
Regarding claims 14 and 44, it is recited that “the at least one client device is at least one of: a game console, a digital video recorder, a television, a satellite television receiver, a cable television receiver, a digital camera, a computer, a content storage device, a radio receiver, a telephony device, an optical storage device, a set-top box, or a digital media player”.
Based on the lack of disclosure of the above limitations in the instant specification, it is unclear how a digital camera can be a client which receives encrypted content in the manner of claim 1.
Regarding claims 15 and 45, it is recited that “the user authorization specifies at least one of: information related to content previously sent to the user, user subscription information, information related to user authorization for additional content, or at least one user permission related to content access”.
Based on the lack of disclosure of the above limitations in the instant specification, it is unclear how the client device sends user subscription information to the license server and how the license server evaluates such subscription information.
device authorization specifies at least one of: the at least one client device has a proper security rating and is registered to a valid user domain, the at least one client device has a proper security rating and contains a secure system clock, or the at least one client device has a proper security rating and is registered to the user”.
Based on the lack of disclosure of the above limitations in the instant specification, it is unclear what constitutes a security rating, and what would make it proper, how to register the client device to a user domain, and what makes a user domain valid vs invalid, or how to perform user registration for a client device, or how to perform validation of any of the above information.
Regarding claim 24, it is recited that “the content provider sends the data to update the public/private key pair associated with the at least one client device”.  
Based on the lack of disclosure of the above limitations in the instant specification, it is unclear what data is provided by the content provider in order to update a public/private key pair, or how to use such data to update a public/private key pair. 
Regarding claims 25, it is recited that “the at least one client device uses at least one algorithm to calculate at least one public key-private key encryption pair for the at least one client device based upon at least one of: a time that data is sent from the content provider, a predetermined schedule, or at least one security requirement”.
Based on the lack of disclosure of the above limitations in the instant specification, it is unclear how to use a time that data is sent from a content provider to update a public/private key pair.

While the level of ordinary skill in the art (D) was fairly high, and the level of predictability in the art (E) was also fairly high, the complete lack of description or direction provided in the specification (F) and the complete lack of the existence of working examples (G) would lead the person having ordinary skill in the art to require undue experimentation to practice the claimed invention.  As such, the claims are rejected for failing to meet the enablement requirement of 35 USC 112.


The following is a quotation of 35 U.S.C. 112(b):
(b)  CONCLUSION.—The specification shall conclude with one or more claims particularly pointing out and distinctly claiming the subject matter which the inventor or a joint inventor regards as the invention.


The following is a quotation of 35 U.S.C. 112 (pre-AIA ), second paragraph:
The specification shall conclude with one or more claims particularly pointing out and distinctly claiming the subject matter which the applicant regards as his invention.


Claims 4, 6, 24, 25, and 39 are rejected under 35 U.S.C. 112(b) or 35 U.S.C. 112 (pre-AIA ), second paragraph, as being indefinite for failing to particularly point out and distinctly claim the subject matter which the inventor or a joint inventor, or for pre-AIA  the applicant regards as the invention.
Claim 4 depends from itself.
Claim 4 recites “the multimedia system” which lacks antecedent basis in the claim.
Claim 4 recites “the at least one client” which lacks antecedent basis in the claim.
Claim 4 recites “the presence” which lacks antecedent basis in the claim.
Claim 4 recites “the secure system clock” which lacks antecedent basis in the claim.

Claim 24 depends from itself.
Claim 24 recites “the multimedia system” which lacks antecedent basis in the claim.
Claim 24 recites “the content provider” which lacks antecedent basis in the claim.
Claim 24 recites “the data” which lacks antecedent basis in the claim.
Claim 24 recites “the public/private key pair” which lacks antecedent basis in the claim.
Claim 24 recites “the at least one client device”, which lacks antecedent basis in the claim.
Claim 25 depends from claim 24.
Claim 39 recites “the content usage parameters” which lacks antecedent basis in the claim.
Claim Rejections - 35 USC § 103
In the event the determination of the status of the application as subject to AIA  35 U.S.C. 102 and 103 (or as subject to pre-AIA  35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status.  
The following is a quotation of pre-AIA  35 U.S.C. 103(a) which forms the basis for all obviousness rejections set forth in this Office action:
(a) A patent may not be obtained though the invention is not identically disclosed or described as set forth in section 102 of this title, if the differences between the subject matter sought to be patented and the prior art are such that the subject matter as a whole would have been obvious at the time the invention was made to a person having ordinary skill in the art to which said subject matter pertains.  Patentability shall not be negatived by the manner in which the invention was made.


Claims 1, 2, 5-15, 17-20, 23, 24, 26, 28-32, 34, 35, 38-45, and 47 are rejected under pre-AIA  35 U.S.C. 103(a) as being unpatentable over Peinado et al. (US 2003/0078853 Al) .

Regarding claim 1,  Peinado disclosed a multimedia system (Peinado Abstract - DRM), comprising: at least one control server (Peinado Fig. 1, Content Server 22) configured to receive a request for content from at least one client device (Peinado Fig. 1, Computing Device 14) via a network (Peinado Paragraphs 0107-0110); at least one content server configured to send the content to the at least one client device via the network (Peinado Paragraphs 0107-0110); specific content server providing content is modifiable according to predetermined criterion (Peinado does not forbid modification of the content server according to predetermined criterion); and at least one license server (Peinado Fig. 1, License Server 24) configured to: receive a request from the at least one client device for a content license (Peinado Paragraph 0092), via the network, the content license comprising at least a content key (Peinado Paragraph 0032), the request being based upon a determination by the at least one client device that the content is protected (Peinado  Paragraph 0032) and requires a content license (Peinado Paragraph 0044), the request further comprising a public key associated with the at least one client device (Peinado Paragraphs 0142-0143); receive information from the at least one client device via the network, the information comprising a user authorization and a device authorization (Peinado Paragraphs 0159 and 0092); evaluate the information according to at least one predetermined criterion (Peinado Paragraph 0151); encrypt the content key with the public key (Peinado Paragraph 0163); and send, the content license to the at least one client device via the network (Peinado Paragraph 0167).
Peinado did not explicitly disclose encrypt the content license, with the public key.

It would have been obvious to a person with ordinary skill in the art at the time the invention to employ the teachings of Hatano into Peinado by encrypting the license with the public key of the black box.  This would have been obvious because the person having ordinary skill in the art would have been motivated to protect the license from illicit access and/or alteration.
Peinado further did not disclose that the device authorization corresponds to a security rating of the at least one client device, the security rating of the at least one client device being based on security specifications of software and hardware of the at least one client device.
However, Medvinsky taught wherein the device authorization corresponds to a security rating of the at least one client device, the security rating of the at least one client device being based on security specifications of software and hardware of the at least one client device (page 1, [0004]: the security levels of a device based on details of the hardware and software processing of the device). 
It would have been obvious to a person with ordinary skill in the art at the time the invention to incorporate the teachings of Medvinsky in the system of Peinado by evaluating the security rating of the user computing device in order to allow decrypting the content.  This would have been obvious because the person having ordinary skill in the art would have been motivated to ensure that the content would be protected from illicit exposure by the user computing device.
Regarding claim 34, Peinado, Hatano, and Medvinsky taught decrypting, in the at least one client device, the content license using a private key associated with the at least one client device (Peinado Paragraphs 0181-0182 and the rejection of claim 1 above); and decrypting, in 

Regarding claims 2 and 35, Peinado, Hatano, and Medvinsky taught the at least one client device has an interactive program guide with a graphical user interface; and the interactive program guide is configured to display the content available in a consolidated format and to provide a search to locate the content (Peinado Paragraph 0110 for example). 
Regarding claims 5 and 38, Peinado, Hatano, and Medvinsky taught that the at least one client device contains a security algorithm which uses data within at least one of: the software or the hardware, for use in determination of the user authorization and the device authorization (Medvinsky Paragraph 0004). 
Regarding claims 6 and 39, Peinado, Hatano, and Medvinsky taught that the at least one client device uses a security algorithm with data from at least one of: the software or the hardware, of the at least one client device, to derive information used to implement the content usage parameters (Peinado Paragraph 0120). 
Regarding claims 7 and 40, Peinado, Hatano, and Medvinsky taught that at least one security certificate is used for communication of information related to the at least one of: content key, a session key, a token, content usage parameters, a user authorization, device authorization, status of content previously sent, content owned or purchased by user, or a status of the content requested (Medvinsky Paragraph 0013). 
Regarding claim 8, Peinado, Hatano, and Medvinsky taught that the content license comprises at least one content key and at least one content usage parameter (Peinado Fig. 8 and Paragraph 0011 for example). 

Regarding claims 10 and 42, Peinado, Hatano, and Medvinsky taught that at least one content usage parameter is embedded with the content (Peinado Fig. 3 for example). 
Regarding claim 11, Peinado, Hatano, and Medvinsky taught that at least one communication between the at least one client device and the license server is encrypted (Hatano Paragraph 0055 for example and the rejection of claim 1 above). 
Regarding claim 12, Peinado, Hatano, and Medvinsky taught that the at least one communication is encrypted via an asymmetrical encryption Peinado, Hatano, and Medvinsky taught. 
Regarding claim 13, Peinado, Hatano, and Medvinsky taught that the asymmetrical encryption employs public key-private key encryption (Hatano Paragraph 0055 for example and the rejection of claim 1 above). 
Regarding claims 14 and 44, Peinado, Hatano, and Medvinsky taught that the at least one client device is at least one of: a game console, a digital video recorder, a television, a satellite television receiver, a cable television receiver, a digital camera, a computer, a content storage device, a radio receiver, a telephony device, an optical storage device, a set-top box, or a digital media player (Peinado Fig. 1 and Paragraph 0101 for example). 
Regarding claims 15 and 45, Peinado, Hatano, and Medvinsky taught that the user authorization specifies at least one of: information related to content previously sent to the user, user subscription information, information related to user authorization for additional content, or at least one user permission related to content access (Peinado Paragraphs 0004-0005 for example). 

Regarding claim 18, Peinado, Hatano, and Medvinsky taught that the at least one client device comprises a computing device and a software executable configured to graphically display the content (Peinado Paragraphs 0110 and 0114 for example). 
Regarding claim 19, Peinado, Hatano, and Medvinsky taught that the at least one client device comprises a computing device configured to store content, the content being transmitted via a network, from a source located locally or remotely (Peinado Paragraphs 0108-0109). 
Regarding claim 20, Peinado, Hatano, and Medvinsky taught that the computing device is configured to store the content license, the content license being transmitted via a network, from a source located locally or remotely (Peinado Paragraphs 0092 and 0126). 
Regarding claim 23, Peinado, Hatano, and Medvinsky taught that a content provider updates data within at least one of: the software and the hardware, of the at least one client device (Peinado Paragraph 0098). 
Regarding claim 24, Peinado, Hatano, and Medvinsky taught that the content provider sends the data to update the public/private key pair associated with the at least one client device (Peinado Paragraph 0174). 
Regarding claims 26 and 43, Peinado, Hatano, and Medvinsky taught that the content further comprises at least one of: content that is purchased by a user, content that is rented by the user, or content that is part of a subscription associated with the user (Peinado Paragraph 0073). 
Regarding claim 28, Peinado, Hatano, and Medvinsky taught that the video is previously recorded video (Peinado Paragraph 0114). 

Regarding claim 30, Peinado, Hatano, and Medvinsky taught that at least one communication between the at least one client device and the content server is encrypted (Peinado Paragraph 0112). 
Regarding claim 31, Peinado, Hatano, and Medvinsky taught that the content is encrypted via symmetrical encryption (Peinado Paragraph 0046). 
Regarding claims 32 and 47, Peinado, Hatano, and Medvinsky taught that the network is a wide area network (Peinado Paragraph 0040 for example). 


Claims 3, 4, 16, 36, 37 and 46 are rejected under pre-AIA  35 U.S.C. 103(a) as being unpatentable over Peinado in view of Hatano and Medvinsky, and further in view of Peterson, Jr. (US 5,825,876).
Peinado, Hatano, and Medvinsky did not explicitly teach that the device authorization specifies at least one of: the at least one client device has a proper security rating and is registered to a valid user domain, the at least one client device has a proper security rating and contains a secure system clock, or the at least one client device has a proper security rating and is registered to the user. 
However, Peterson, Jr. discloses wherein the device authorization specifies at least one of: the at least one client device has a proper security rating and is registered to a valid user domain, the at least one client device has a proper security rating and contains a secure system 
It would have been obvious to a person with ordinary skill in the art at the time the invention was made to incorporate the feature of Peterson, Jr. into Peinado by ensuring both a proper security rating as well as a secure system clock in order to allow access to the content.  This would have been obvious because the person having ordinary skill in the art would have been motivated to secure time-based availability to content by utilizing a secure clock at a client synchronized with a master clock at a server to prevent the tampering of time values at the client device.

Claims 21-22 are rejected under pre-AIA  35 U.S.C. 103(a) as being unpatentable over Peinado in view of Hatano and Medvinsky, and further in view of Meffert et al. (US 2002/0059144 A1) (hereinafter Meffert).
Regarding claim 21, Peinado, Hatano, and Medvinsky did not explicitly teach that the computing device is further configured to allow detachment from the network after the content and content license are stored on the computing device. 
However, Meffert discloses wherein the computing device is further configured to allow detachment from the network (Meffert Paragraph 0070: the local machine holds a complete user profile, including validated, hashed certificate passphrase and private keys; a secured environment now exists for offline access to encrypted content; & Paragraph 0100: offline DRM is also provided via the local agent, thereby opening up "super-distribution" opportunities as 
It would have been obvious to a person with ordinary skill in the art at the time the invention was made to incorporate the feature of Meffert into Peinado enable “super distribution” of content while still providing and enforcing license files on a device.  This would have been obvious because the person having ordinary skill in the art would have been motivated to enable devices that are unable to fully attach to a network to continue to access their content.
Regarding claim 22, Peinado, Hatano, Medvinsky, and Meffert taught that the computing device is further configured to allow content usage, while detached from the network, based at least upon at least one usage parameter (Meffert Paragraphs 0070, 0100, and 0106, and the rejection of claim 21 above). 

Claim 25 is rejected under pre-AIA  35 U.S.C. 103(a) as being unpatentable over Peinado in view of Hatano and Medvinsky, and further in view of Downs (US 6,226,618 B1) (hereinafter Downs).
Peinado as modified further discloses at least one public-private key pair for the at least one client device based upon at least one of: a time when data is sent from an external content provider, a predetermined schedule, or at least one security requirement (Peinado: Paragraph 
Peinado as modified does not explicitly disclose wherein the at least one client device uses at least one algorithm to calculate at least one public-private key pair. 
However, Downs discloses wherein the at least one client device uses at least one algorithm to calculate at least one public-private key pair (Downs Col. 13, lines 19-47; & Col. 80, lines 20-28: as part of the installation, a Public/Private Key pair is created for the End-User Device for use in protecting Order and License).
It would have been obvious to a person with ordinary skill in the art at the time the invention was made to incorporate the feature of Downs into Peinado because Peinado discloses using a public/private key pair to render digital content (abstract) and Downs further suggests create a public/private key pair on a client device according to a known algorithm (Downs Col. 80, lines 20-28). 
One of ordinary skill in the art would be motivated to utilize the teachings of Downs in the Peinado system in order to circumvent man-in-the-middle attacks on private keys that are transmitted over networks by ensuring that the generation of a public/private key pair is performed utilizing well-known, secure algorithms performed directly on a client device.

Claims 27, 33, and 48 are rejected under pre-AIA  35 U.S.C. 103(a) as being unpatentable over Peinado in view of Hatano and Medvinsky, and further in view of de Jong (US 2004/0139207 A1).

However, de Jong discloses wherein the at least one control server device is further configured to authenticate a user with data received from the at least one client device, the data comprising at least one of: a radio frequency identification device, alphanumeric input received from a user (De Jong FIG. 3: message 350; Paragraph 0125: provisioner manager is configured to receive a digital content request and communicate with content rights database to determine whether the user that made the request is authorized to access the digital content associated with the request; provisioner manager is also configured to communicate with user device to obtain user authentication data such as a password, PIN, biometric data or the like), alphanumeric and password input received from a user, or biometric information related to a user (De Jong Paragraph 0125 : provisioner manager is configured to receive a digital content request and communicate with content rights database to determine whether the user that made the request is authorized to access the digital content associated with the request; provisioner manager is also configured to communicate with user device to obtain user authentication data such as a password, PIN, biometric data or the like). 
It would have been obvious to a person with ordinary skill in the art at the time the invention was made to incorporate the feature of de Jong into Peinado because Peinado discloses distributing digital content to user’s computing device (abstract) and de Jong further suggests to authenticate a user based on a password (page 6, [0125]). 


Double Patenting
The nonstatutory double patenting rejection is based on a judicially created doctrine grounded in public policy (a policy reflected in the statute) so as to prevent the unjustified or improper timewise extension of the “right to exclude” granted by a patent and to prevent possible harassment by multiple assignees. A nonstatutory double patenting rejection is appropriate where the claims at issue are not identical, but at least one examined application claim is not patentably distinct from the reference claim(s) because the examined application claim is either anticipated by, or would have been obvious over, the reference claim(s). See, e.g., In re Berg, 140 F.3d 1428, 46 USPQ2d 1226 (Fed. Cir. 1998); In re Goodman, 11 F.3d 1046, 29 USPQ2d 2010 (Fed. Cir. 1993); In re Longi, 759 F.2d 887, 225 USPQ 645 (Fed. Cir. 1985); In re Van Ornum, 686 F.2d 937, 214 USPQ 761 (CCPA 1982); In re Vogel, 422 F.2d 438, 164 USPQ 619 (CCPA 1970); and In re Thorington, 418 F.2d 528, 163 USPQ 644 (CCPA 1969).
A timely filed terminal disclaimer in compliance with 37 CFR 1.321(c) or 1.321(d) may be used to overcome an actual or provisional rejection based on a nonstatutory double patenting ground provided the reference application or patent either is shown to be commonly owned with this application, or claims an invention made as a result of activities undertaken within the scope of a joint research agreement. See MPEP § 717.02 for applications subject to examination under the first inventor to file provisions of the AIA  as explained in MPEP § 2159.  See MPEP §§ 706.02(l)(1) - 706.02(l)(3) for applications not subject to examination under the first inventor to 
The USPTO Internet website contains terminal disclaimer forms which may be used. Please visit www.uspto.gov/forms/. The filing date of the application in which the form is filed  determines what form (e.g., PTO/SB/25, PTO/SB/26, PTO/AIA /25, or PTO/AIA /26) should be used. A web-based eTerminal Disclaimer may be filled out completely online using web-screens. An eTerminal Disclaimer that meets all requirements is auto-processed and approved immediately upon submission. For more information about eTerminal Disclaimers, refer to http://www.uspto.gov/patents/process/file/efs/guidance/eTD-info-I.jsp.
Claims 1-48 are rejected on the ground of nonstatutory double patenting as being unpatentable over claims 1-52 of U.S. Patent No. 10,127,363.  Although the claims at issue are not identical, they are not patentably distinct from each other because the patent claims essentially anticipate the instant claims.
Claims 1-48 are rejected on the ground of nonstatutory double patenting as being unpatentable over claims 1-52 of U.S. Patent No. 9,805,174. Although the claims at issue are not identical, they are not patentably distinct from each other because the patent claims essentially anticipate the instant claims.
Claims 1-48 are rejected on the ground of nonstatutory double patenting as being unpatentable over claims 1-43 of U.S. Patent No. 9,398,321. Although the claims at issue are not identical, they are not patentably distinct from each other because the patent claims essentially anticipate the instant claims.
Conclusion
Claims 1-48 have been rejected.


Any inquiry concerning this communication or earlier communications from the examiner should be directed to MATTHEW T HENNING whose telephone number is (571)272-3790.  The examiner can normally be reached on Monday- Thursday 9AM-5PM EST.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Ashok Patel can be reached on (571)272-3972.  The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system.  Status information for published applications may be obtained from either Private PAIR or Public PAIR.  Status information for unpublished applications is available through Private PAIR only.  For more information about the PAIR system, see https://ppair-my.uspto.gov/pair/PrivatePair. Should you have questions on access to the Private PAIR system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative or access to the automated information system, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.