Notice of Pre-AIA  or AIA  Status
This is a non-final Office action in response to communications received on 1/12/2021.  Claims 36, 40, 46, 51 and 55 were amended. Claims 39 and 50 were canceled. Claims 36-38, 40-49 and 51-55 are pending and are examined. 

	Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .

Continued Examination Under 37 CFR 1.114
A request for continued examination under 37 CFR 1.114, including the fee set forth in 37 CFR 1.17(e), was filed in this application after final rejection.  Since this application is eligible for continued examination under 37 CFR 1.114, and the fee set forth in 37 CFR 1.17(e) has been timely paid, the finality of the previous Office action has been withdrawn pursuant to 37 CFR 1.114.  Applicant's submission filed on 1/12/2021 has been entered.

Response to Arguments
Applicant’s arguments regarding the rejection under 35 U.S.C. 112 of claims 32 (a typographical error, hereinafter referred to as “claim 38”) and 53 have been considered, and are found unpersuasive.
Applicant argues on pages 6 and 7 of the Remarks, filed 1/12/2021, that claims 38 and 53 reciting “Bluetooth” is not indefinite in this context because “the term is used for products of multiple manufacturers and the owner of the trademark does not 35 U.S.C. 112(b)  or pre-AIA  35 U.S.C. 112, second paragraph. Ex parte Simpson, 218 USPQ 1020 (Bd. App. 1982). The claim scope is uncertain since the trademark or trade name cannot be used properly to identify any particular material or product. In fact, the value of a trademark would be lost to the extent that it became descriptive of a product, rather than used as an identification of a source or origin of a product. Thus, the use of a trademark or trade name in a claim to identify or describe a material or product would not only render a claim indefinite, but would also constitute an improper use of the trademark or trade name”. The claims recite “wherein the short-range wireless interface comprises a Bluetooth interface” which distinguishes the Bluetooth interface from the short-range wireless interfaces which it comprises. Examiner interprets this as the use of a trademark to identify or describe a product, as it further identifies the interface as having those certain specifications necessary to identify it as a Bluetooth interface, which would render the claim indefinite and also constitute an improper use of the trademark or trade name. Applicant argues that Bluetooth is a shorthand expression for 
Applicant’s arguments regarding the rejection under 35 U.S.C. 103 of the claims under Field-Eliot, Duane and Goel have been considered, and are found unpersuasive.
Applicant argues on page 7 of the Remarks, filed 1/12/2021, the cited prior art fail to teach or suggest “the access tokens forming a list” because “A list of identifiers is mentioned, but the outstanding rejection associates the access tokens of claim 36 with the application tokens of Field-Eliot, rather than the identifiers of Field-Eliot”. However, Examiner respectfully disagrees. The multiple identifiers and tokens, which is taught by Field-Eliot, and not solely the list of identifiers teaches the list of access tokens as claimed. The sequencing of the list (or multiple identifiers and tokens) is further taught by Duane.
Applicant’s arguments in the Remarks, filed 1/12/2021, with respect to the claims rejected under 103, regarding the filed amendments have been fully considered but are considered moot because the amendments to claims 36, 46 and 51 require new grounds of rejection necessitated by amendments.
The remaining arguments fail to comply with 37 C.F.R. 1.111(b) because they amount to a general allegation that the claims define a patentable invention without specifically pointing out how the language of the claims patentably distinguishes them from the references.
Consequently, the rejection of the claims under 35 U.S.C. 103 is sustained.

Claim Rejections - 35 USC § 112
The following is a quotation of 35 U.S.C. 112(b):
(b)  CONCLUSION.—The specification shall conclude with one or more claims particularly pointing out and distinctly claiming the subject matter which the inventor or a joint inventor regards as the invention.


The following is a quotation of 35 U.S.C. 112 (pre-AIA ), second paragraph:
The specification shall conclude with one or more claims particularly pointing out and distinctly claiming the subject matter which the applicant regards as his invention.


Claims 38 and 53 are rejected under 35 U.S.C. 112(b) or 35 U.S.C. 112 (pre-AIA ), second paragraph, as being indefinite for failing to particularly point out and distinctly claim the subject matter which the inventor or a joint inventor, or for pre-AIA  the applicant regards as the invention.
Regarding claims 38 and 53, the claim contains the trademark/trade name “Bluetooth” in line 2.  Where a trademark or trade name is used in a claim as a limitation to identify or describe a particular material or product, the claim does not comply with the requirements of 35 U.S.C. 112(b) or 35 U.S.C. 112 (pre-AIA ), second paragraph.  See Ex parte Simpson, 218 USPQ 1020 (Bd. App. 1982).  The claim scope is uncertain since the trademark or trade name cannot be used properly to identify any particular material or product.  A trademark or trade name is used to identify a source of goods, and not the goods themselves.  Thus, a trademark or trade name does not identify or describe the goods associated with the trademark or trade name.  In the present case, the trademark/trade name is used to identify/describe a commercial protocol for transmitting the data and, accordingly, the identification/description is indefinite. Applicant argues, in the Remarks filed 1/12/2021, that Bluetooth is a shorthand 

Claim Rejections - 35 USC § 103
In the event the determination of the status of the application as subject to AIA  35 U.S.C. 102 and 103 (or as subject to pre-AIA  35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status.  
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.

The factual inquiries set forth in Graham v. John Deere Co., 383 U.S. 1, 148 USPQ 459 (1966), that are applied for establishing a background for determining obviousness under 35 U.S.C. 103 are summarized as follows:
1. Determining the scope and contents of the prior art.
2. Ascertaining the differences between the prior art and the claims at issue.
3. Resolving the level of ordinary skill in the pertinent art.
4. Considering objective evidence present in the application indicating obviousness or nonobviousness.
Claims 36, 40-41, 44 and 46-47 are rejected under 35 U.S.C. 103 as being unpatentable over Field-Eliot (US 2014/0013396 A1), further in view of and Duane (US 8307210 B1), further in view of Srinivasan (US 2016/0028737 A1).
 Regarding claim 36, Field-Eliot teaches the limitations of claim 36 substantially as follows:
An apparatus comprising: at least one processing core, and at least one memory including computer program code, the at least one memory and the computer program code being configured to, with the at least one processing core, cause the apparatus at least to: (Field-Eliot; Paras. [0010] & [0014]: A system (i.e. apparatus) comprising at least one processor and memory computer-readable instructions (i.e. computer program code) to cause a processor to perform functions)
select a first access token from a list of access tokens, stored in the apparatus, (Field-Eliot; Paras. [0010], [0023], [0029], [0032]-[0034], [0043] & [0047]: selecting unique identifiers and user/application tokens (a first access token) from multiple identifiers or tokens (i.e. list of access tokens) stored in the memory of the system (i.e. stored in the apparatus))
access tokens in the list; (Field-Eliot; Paras. [0010], [0023], [0029], [0032]-[0034], [0043] & [0047]: multiple identifiers or tokens (i.e. list of access tokens))
decide, based at least partly on the first access token, whether to grant a user device access to the apparatus,  (Field-Eliot; Paras. [0040]-[0042], [0045] & [0048]: deciding, partly based upon the application token, whether to grant the user device access to the server of the system for the desired functionality)
cause the apparatus to receive a second list of access tokens from at least one of the user device and a second user device, and (Field-Eliot; Para. [0048]: The application server of the system (i.e. apparatus) receives multiple applications tokens (i.e. second list of tokens) for accessing the application server sent from the applications on the client device (i.e. from the user device))
Field-Eliot does not teach the limitations of claim 36 as follows:
each access token comprising cryptographic information, 
the selecting of the first access token being based, at least partly, on at least one of a current time and a sequence number indicating a sequence of access tokens store a plurality of lists of access tokens, 
each list of access tokens comprising access tokens that are usable in obtaining a different level of access to the apparatus, 
the second list comprising a second plurality of lists of access tokens. 
However, in the same field of endeavor, Duane discloses the limitations of claim 36 as follows:
the selecting of the first access token being based, at least partly, on at least one of a current time and a sequence number indicating a sequence of access tokens (Duane; Col. 3, Lines 4-30; Col. 6, Lines 26-45: Producing/validating a cryptographic token (i.e. selecting of the first access token) based on a current time and a sequence value/number which increments when used in the calculation for each token (i.e. indicating a sequence of access tokens))
Duane is combinable with Field-Eliot because both are from the same field of endeavor of authorizing access based on tokens. Therefore, it would have been obvious to one of 
Field-Eliot and Duane do not teach the limitations of claim 36 as follows:
each access token comprising cryptographic information, 
store a plurality of lists of access tokens, 
each list of access tokens comprising access tokens that are usable in obtaining a different level of access to the apparatus, 
the second list comprising a second plurality of lists of access tokens. 
However, in the same field of endeavor, Srinivasan discloses the limitations of claim 36 as follows:
each access token comprising cryptographic information, (Srinivasan; Paras. [0141]-[0143]: Client tokens (i.e. access tokens) comprising a first encrypted part (i.e. cryptographic information))
store a plurality of lists of access tokens, (Srinivasan; Para. [0010]: Storing a list of grants which allow client access pertaining to a user among users (i.e. store a plurality of lists of access tokens))
each list of access tokens comprising access tokens that are usable in obtaining a different level of access to the apparatus, (Srinivasan; Para. [0010]: A list of grants (i.e. each list of access tokens comprising access tokens) which allow client access pertaining to a user among users (i.e. different level of access to the apparatus))
the second list comprising a second plurality of lists of access tokens. (Srinivasan; Para. [0010]: A list of grants which allow client access pertaining to another user among users (i.e. second lists comprising a second plurality of lists of access tokens))
Srinivasan is combinable with Field-Eliot and Duane because all are from the same field of endeavor of authorizing access based on tokens. Therefore, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to have modified the system of Field-Eliot and Duane to incorporate encrypted parts into the tokens as in Srinivasan in order to improve the security of the system by securing specific information included in the access tokens.

Regarding claim 40, Field-Eliot, Duane and Srinivasan teach the limitations of claim 36.
Field-Eliot teaches the limitations of claim 40 as follows:
The apparatus according to claim 36 (Field-Eliot; Para. [0031]: The tokens in a multitude of tokens includes user employment position (i.e. corresponds to a distinct role a user may assume) in regards to the system)

Regarding claim 41, Field-Eliot, Duane and Srinivasan teach the limitations of claim 36.

The apparatus according to claim 36, wherein the at least one processing core is further configured to select the first access token based at least partly on the current time, (Duane; Col. 3, Lines 4-30; Col. 6, Lines 26-45: Producing/validating a cryptographic token (i.e. select of the first access token) based on a current time and a sequence value/number which increments when used in the calculation for each token (i.e. at least partly on the current time))
wherein each access token is associated with a validity time interval.  (Field-Eliot; Para. [0047]: The application token (i.e. access token) includes an indication of the duration for which the token is valid (i.e. associated with a validity time interval))
The same motivation to combine as in claim 36 is applicable to the instant claim.

Regarding claim 44, Field-Eliot, Duane and Srinivasan teach the limitations of claim 36.
Duane teaches the limitations of claim 44 as follows:
The apparatus according to claim 36, wherein the at least one processing core is further configured, with the at least one memory including computer program code, to cause the apparatus to advertise at least one of the current time and the sequence number.  (Duane; Col. 3, Lines 4-30; Col. 6, Lines 26-45: Producing (i.e. advertise) a current time or a sequence value (i.e. at least one of the current time and the sequence number))
The same motivation to combine as in claim 36 is applicable to the instant claim.

Regarding claim 46, Field-Eliot teaches the limitations of claim 46 substantially as follows:
An apparatus comprising at least one processing core, at least one memory including computer program code, the at least one memory and the computer program code being configured to, with the at least one processing core, cause the apparatus at least to: (Field-Eliot; Paras. [0010] & [0014]: A system (i.e. apparatus) comprising at least one processor and memory computer-readable instructions (i.e. computer program code) to cause a processor to perform functions)
obtain a list of access tokens, (Field-Eliot; Paras. [0023]-[0024]: generating application tokens for a list of applications (i.e. obtains a list of access tokens))
process information, the information comprising at least one of a sequence number and a current time indication, (Field-Eliot; Paras. [0033] & [0037]-[0038]: Matching (i.e. process information) received and stored application identification number (i.e. information comprising a sequence number))
select, based at least partly on the at least one of the sequence number, a first access token from the list of the access tokens and (Field-Eliot; Paras. [0033] & [0037]-[0038]: selecting an application token from the list of applications tokens received, based upon matching received and stored application identification number (i.e. based on a sequence number))
establish a connection with a first device based at least partly on the first access token, the first device being an access controlled device or a controller of the access controlled device, and  (Field-Eliot; Paras. [0040]-[0042], [0045] & [0048]: Grant the user device access to the server of the system for the desired functionality (i.e. establish a connection with a first device) based upon the application token (i.e. first access token, the first device being an access controlled device))
the apparatus comprising a user device. (Field-Eliot; Para. [0011]: The device may be a personal computing device (i.e. comprising a user device))
Field-Eliot does not teach the limitations of claim 46 as follows:
select, based at least partly on the at least one of the sequence number and the current time indication 
each access token comprising cryptographic information; 
obtaining, in the apparatus, a second list of access tokens, 
the second list comprising a plurality of lists of access tokens, 
each list of access tokens comprising access tokens that are usable in obtaining a different level of access to the first device, and 
providing the second list of access tokens to the first device, 
However, in the same field of endeavor, Duane discloses the limitations of claim 46 as follows:
select, based at least partly on the at least one of the sequence number and the current time indication (Duane; Col. 3, Lines 4-30; Col. 6, Lines 26-45: Producing/validating a cryptographic token (i.e. selecting of the first access token) based on a current time and a sequence value/number which increments when used in the calculation for each token (i.e. indicating a sequence of access tokens))

Field-Eliot and Duane do not teach the limitations of claim 46 as follows:
each access token comprising cryptographic information; 
obtaining, in the apparatus, a second list of access tokens, 
the second list comprising a plurality of lists of access tokens, 
each list of access tokens comprising access tokens that are usable in obtaining a different level of access to the first device, and 
providing the second list of access tokens to the first device, 
However, in the same field of endeavor, Srinivasan discloses the limitations of claim 46 as follows:
each access token comprising cryptographic information; (Srinivasan; Paras. [0141]-[0143]: Client tokens (i.e. access tokens) comprising a first encrypted part (i.e. cryptographic information))
obtaining, in the apparatus, a second list of access tokens, (Srinivasan; Para. [0010]: Storing a list of grants which allow client access pertaining to a user among users (i.e. store a plurality of lists of access tokens))
the second list comprising a plurality of lists of access tokens, (Srinivasan; Para. [0010]: A list of grants which allow client access pertaining to another user among users (i.e. second lists comprising a second plurality of lists of access tokens))
each list of access tokens comprising access tokens that are usable in obtaining a different level of access to the first device, and (Srinivasan; Para. [0010]: A list of grants (i.e. each list of access tokens comprising access tokens) which allow client access pertaining to a user among users (i.e. different level of access to the first device))
providing the second list of access tokens to the first device, (Srinivasan; Para. [0010]: Storing (i.e. providing) a list of grants which allow client access pertaining to another user among users (i.e. second list of access tokens to the first device))
Srinivasan is combinable with Field-Eliot and Duane because all are from the same field of endeavor of authorizing access based on tokens. Therefore, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to have modified the system of Field-Eliot and Duane to incorporate encrypted parts into the tokens as in Srinivasan in order to improve the security of the system by securing specific information included in the access tokens.

Regarding claim 47 Field-Eliot, Duane and Srinivasan teach the limitations of claim 46.
Field-Eliot and Duane teach the limitations of claim 47 as follows:
The apparatus according to claim 46, wherein the at least one memory and the computer program code are further configured to, with the at least one processing core, cause the apparatus to select the first access token based at least partly on the current time, (Duane; Col. 3, Lines 4-30; Col. 6, Lines 26-45: Producing/validating a cryptographic token (i.e. select of the first access token) based on a current time and a sequence value/number which increments when used in the calculation for each token (i.e. at least partly on the current time))
wherein each access token is associated with a validity time interval.  (Field-Eliot; Para. [0047]: The application token (i.e. access token) includes an indication of the duration for which the token is valid (i.e. associated with a validity time interval))
The same motivation to combine as in claim 46 is applicable to the instant claim.

Claims 37-38 are rejected under 35 U.S.C. 103 as being unpatentable over Field-Eliot (US 2014/0013396 A1), further in view of and Duane (US 8307210 B1), further in view of Srinivasan (US 2016/0028737 A1), as applied to claim 36, further in view of Dent (US 7114178 B2).
Regarding claim 37, Field-Eliot, Duane and Srinivasan teach the limitations of claim 36.
Field-Eliot and Duane teaches the limitations of claim 37 as follows:
The apparatus according to claim 36, wherein the at least one processing core is further configured, with the least one memory including computer program code, to cause the apparatus to receive the second list of access tokens (Field-Eliot; Para. [0048]: The application server of the system (i.e. apparatus) receives applications tokens (i.e. second list of access tokens) for accessing the application server)
Field-Eliot, Duane and Srinivasan do not teach the limitations of claim 37 as follows:
receive the access tokens over a short-range wireless interface.
However, in the same field of endeavor, Dent discloses the limitations of claim 37 as follows:
receive the access tokens over a short-range wireless interface.  (Dent; Col. 3, Lines 9-27: A wireless communication device is supplied (i.e. receive) authorization codes (i.e. access tokens) via a wireless Bluetooth interface (i.e. over a short-range wireless interface))
Dent is combinable with Field-Eliot, Duane and Srinivasan because all are from the same field of endeavor of maintaining credentials for authorizing access. Therefore, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to have modified the system of Field-Eliot, Duane and Srinivasan to incorporate the Bluetooth communication interface of Dent in order to expand the functionality of the system by allowing communication to occur through multiple types of communication interfaces.

Regarding claim 38, Field-Eliot, Duane, Srinivasan and Dent teach the limitations of claim 37.
Field-Eliot, Duane, Srinivasan and Dent teach the limitations of claim 38 as follows:
The apparatus according to claim 37, wherein the short-range wireless interface comprises a Bluetooth interface.  (Dent; Col. 3, Lines 9-27: A wireless communication device is supplied authorization codes via a wireless Bluetooth interface (i.e. short-range wireless interface comprises a Bluetooth interface))
The same motivation to combine as in claim 37 applies to claim 38.

Claims 42-43 and 48-49  are rejected under 35 U.S.C. 103 as being unpatentable over Field-Eliot (US 2014/0013396 A1), further in view of and Duane (US 8307210 B1), further in view of Srinivasan (US 2016/0028737 A1), as applied to claims 36 and 46, further in view of Valdivia (US 2014/0173695 A1).
Regarding claim 42, Field-Eliot, Duane and Srinivasan teach the limitations of claim 36.
Field-Eliot, Duane and Srinivasan teaches the limitations of claim 42 as follows:
The apparatus according to claim 36, wherein the at least one processing core is further configured, with the at least one memory including computer program code, to select the first access token based at least partly on the sequence number (Duane; Col. 3, Lines 4-30; Col. 6, Lines 26-45: Producing/validating a cryptographic token (i.e. select the first access token) based on a current time and a sequence value/number which increments when used in the calculation for each token (i.e. based at least partly on the sequence number))
The same motivation to combine as in 36 is applicable to the instant claim.
Field-Eliot, Duane and Srinivasan do not teach the limitations of claim 42 as follows:
by allowing each access token to be used a set number of times.  
However, in the same field of endeavor, Valdivia discloses the limitations of claim 42 as follows:
by allowing each access token to be used a set number of times.  (Valdivia; Para. [0021]: A token for login (i.e. access token) is allowed a fixed number of automatic logins (i.e. used a set number of times))
Valdivia is combinable with Field-Eliot, Duane and Srinivasan because all are from the same field of endeavor of maintaining credentials for authorizing access. Therefore, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to have modified the system of Field-Eliot, Duane and Srinivasan to incorporate the limited times of use of a key as in Valdivia in order to improve security of the system by retiring the use of a key which has been used multiple times and generating a new key.

Regarding claim 43, Field-Eliot, Duane and Srinivasan teach the limitations of claim 36.
Field-Eliot, Duane and Srinivasan teaches the limitations of claim 43 as follows:
The apparatus according to claim 36, wherein the at least one processing core is further configured, with the at least one memory including computer program code,
to select the first access token based at least partly on the sequence number, (Duane; Col. 3, Lines 4-30; Col. 6, Lines 26-45: Producing/validating a cryptographic token (i.e. select the first access token) based on a current time and a sequence value/number which increments when used in the calculation for each token (i.e. based at least partly on the sequence number))
wherein each access token is enabled for a preconfigured time duration (Field-Eliot; Para. [0047]: The application token (i.e. access token) includes an indication of the duration for which the token is valid (i.e. enabled for a preconfigured time duration))
The same motivation to combine as in claim 36 is applicable to the instant claim.
Field-Eliot, Duane and Srinivasan do not teach the limitations of claim 43 as follows:
wherein each access token is enabled, after which the sequence number used is incremented.
However, in the same field of endeavor, Valdivia discloses the limitations of claim 43 as follows:
wherein each access token is enabled, after which the sequence number used is incremented.  (Valdivia; Para. [0021]: Whenever a token for login (i.e. access token) is used (i.e. enabled) a counter (i.e. sequence number) is incremented)
Valdivia is combinable with Field-Eliot, Duane and Srinivasan because all are from the same field of endeavor of maintaining credentials for authorizing access. Therefore, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to have modified the system of Field-Eliot, Duane and Srinivasan to incorporate the counting of times a key has been used as in Valdivia in order to improve security of the system by counting how often a key has been used and retiring the key when it has been used more than a specific number of times.

Regarding claim 48, Field-Eliot, Duane and Srinivasan teach the limitations of claim 46.
Field-Eliot, Duane and Srinivasan teaches the limitations of claim 48 as follows:
The apparatus according to claim 46, wherein the at least one memory and the computer program code are further configured to, with the at least one processing core, cause the apparatus to select the first access token based at least partly on the sequence number, (Duane; Col. 3, Lines 4-30; Col. 6, Lines 26-45: Producing/validating a cryptographic token (i.e. select the first access token) based on a current time and a sequence value/number which increments when used in the calculation for each token (i.e. based at least partly on the sequence number))
The same motivation to combine as in claim 46 is applicable to the instant claim.
Field-Eliot, Duane and Srinivasan do not teach the limitations of claim 48 as follows:
each access token being allowed to be used a set number of times.  
However, in the same field of endeavor, Valdivia discloses the limitations of claim 48 as follows:
each access token being allowed to be used a set number of times.  (Valdivia; Para. [0021]: A token for login (i.e. access token) is allowed a fixed number of automatic logins (i.e. used a set number of times))
Valdivia is combinable with Field-Eliot, Duane and Srinivasan because all are from the same field of endeavor of maintaining credentials for authorizing access. Therefore, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to have modified the system of Field-Eliot, Duane and Srinivasan to incorporate the limited times of use of a key as in Valdivia in order to improve security of the system by retiring the use of a key which has been used multiple times and generating a new key.

Regarding claim 49, Field-Eliot, Duane and Srinivasan teach the limitations of claim 46.
Field-Eliot, Duane and Srinivasan teaches the limitations of claim 49 as follows:
The apparatus according to claim 46, wherein the at least one memory and the computer program code are further configured to, with the at least one processing core, cause the apparatus to select the first access token based at least partly on the sequence number, (Duane; Col. 3, Lines 4-30; Col. 6, Lines 26-45: Producing/validating a cryptographic token (i.e. select the first access token) based on a current time and a sequence value/number which increments when used in the calculation for each token (i.e. based at least partly on the sequence number))
wherein each access token is enabled for a preconfigured time duration  (Field-Eliot; Para. [0047]: The application token (i.e. access token) includes an indication of the duration for which the token is valid (i.e. enabled for a preconfigured time duration))
The same motivation to combine as in claim 46 is applicable to the instant claim.
Field-Eliot, Duane and Srinivasan do not teach the limitations of claim 49 as follows:
wherein each access token is enabled, after which the sequence number used is incremented. 
However, in the same field of endeavor, Valdivia discloses the limitations of claim 49 as follows:
wherein each access token is enabled, after which the sequence number used is incremented.  (Valdivia; Para. [0021]: Whenever a token for login (i.e. access token) is used (i.e. enabled) a counter (i.e. sequence number) is incremented)
Valdivia is combinable with Field-Eliot, Duane and Srinivasan because all are from the same field of endeavor of maintaining credentials for authorizing access. Therefore, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to have modified the system of Field-Eliot, Duane and Srinivasan to incorporate the counting of times a key has been used as in Valdivia in order to improve security of the system by counting how often a key has been used and retiring the key when it has been used more than a specific number of times.

Claim 45 is rejected under 35 U.S.C. 103 as being unpatentable over Field-Eliot (US 2014/0013396 A1), further in view of and Duane (US 8307210 B1), further in view of Srinivasan (US 2016/0028737 A1), as applied to claim 36, further in view of Gupta (US 2016/0006705 A1).
 Regarding claim 45, Field-Eliot, Duane and Srinivasan teach the limitations of claim 36.
Field-Eliot and Duane teach the limitations of claim 45 as follows:
The apparatus according to claim 36, wherein the at least one processing core is further configured, with the at least one memory including computer program code, to cause 
the second list of the access tokens (Field-Eliot; Para. [0048]: The application server of the system (i.e. apparatus) receives applications tokens for accessing the application server sent from the applications on the client device (i.e. second list of tokens))
Field-Eliot, Duane and Srinivasan do not teach the limitations of claim 45 as follows:
the apparatus to decrypt the access token, using an encryption key stored in the apparatus,
and to authenticate the access token based at least partly based on a result of the decrypting.  
However, in the same field of endeavor, Gupta discloses the limitations of claim 45 as follows:
the apparatus to decrypt the access token, using an encryption key stored in the apparatus, (Gupta; Paras. [0028], [0032], [0047], [0055]-[0056]: The service provider server (i.e. the apparatus) decrypts an encrypted data including a refresh token (i.e. access token) using a locally stored encryption key)
and to authenticate the access token based at least partly based on a result of the decrypting.  (Gupta; Paras. [0028], [0032], [0047], [0055]-[0056]: Decrypted data is validated and access is granted (i.e. authenticate the access token) based on a matching of the decrypted information (i.e. based on a result of the decrypting))
Gupta is combinable with Field-Eliot, Duane and Srinivasan because all are from the same field of endeavor of maintaining credentials for authorizing access. Therefore, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to have modified the system of Field-Eliot, Duane and Srinivasan to incorporate the decryption and authentication of the access information as .

Claims 51 and 54-55 are rejected under 35 U.S.C. 103 as being unpatentable over Field-Eliot (US 2014/0013396 A1), further in view of Duane (US 8307210 B1), further in view of Srinivasan (US 2016/0028737 A1), further in view of and Goel (US 2017/0155627 A1).
Regarding claim 51, Field-Eliot teaches the limitations of claim 51 substantially as follows:
A method comprising: 
- storing, in an apparatus, a list of access tokens, (Field-Eliot; Paras. [0010], [0033]-[0034]: Storing in the memory of the system multiple identifiers or tokens (i.e. list of access tokens))
- selecting a first access token from the list of the access tokens (Field-Eliot; Paras. [0023], [0029], [0032]-[0034], [0043] & [0047]: selecting unique identifiers and user/application tokens (a first access token) from multiple identifiers or tokens (i.e. list of access tokens))
access tokens in the list; (Field-Eliot; Paras. [0010], [0023], [0029], [0032]-[0034], [0043] & [0047]: multiple identifiers or tokens (i.e. list of access tokens))
- deciding, based at least partly on the first access token, whether to grant a user device access to an apparatus, and (Field-Eliot; Paras. [0040]-[0042], [0045] & [0048]: deciding, partly based upon the application token, whether to grant the user device access to the server of the system for the desired functionality)
- causing the apparatus to receive a second list of access tokens from at least one of the user device and a second user device, (Field-Eliot; Para. [0048]: The application server of the system (i.e. apparatus) receives applications tokens (i.e. second list of tokens) for accessing the application server sent from the applications on the client device (i.e. from the user device))
Field-Eliot does not teach the limitations of claim 51 as follows:
- storing an encryption key 
each access token comprising cryptographic information; 
- selecting a first access token from the list of the access tokens based, at least partly, on at least one of a current time and a sequence number indicating a sequence of access tokens 
wherein the storing comprises storing a plurality of lists of access tokens, 
each list of access tokens comprising access tokens that are usable in obtaining a different level of access to the apparatus, 
the second list comprising a second plurality of lists of access tokens. 
However, in the same field of endeavor, Duane discloses the limitations of claim 51 as follows:
- selecting a first access token from the list of the access tokens based, at least partly, on at least one of a current time and a sequence number indicating a sequence of access tokens (Duane; Col. 3, Lines 4-30; Col. 6, Lines 26-45: Producing/validating a cryptographic token (i.e. selecting of the first access token) based on a current time and a sequence value/number which increments when used in the calculation for each token (i.e. indicating a sequence of access tokens))
Duane is combinable with Field-Eliot because both are from the same field of endeavor of authorizing access based on tokens. Therefore, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to have modified the system of Field-Eliot to incorporate current time or sequence values associated with a cryptographic token as in Duane in order to improve the security of the system by only allowing a token to only be utilized at specific times or in a particular sequence.
Field-Eliot and Duane do not teach the limitations of claim 51 as follows:
- storing an encryption key 
each access token comprising cryptographic information; 
wherein the storing comprises storing a plurality of lists of access tokens, 
each list of access tokens comprising access tokens that are usable in obtaining a different level of access to the apparatus, 
the second list comprising a second plurality of lists of access tokens. 
However, in the same field of endeavor, Srinivasan discloses the limitations of claim 51 as follows:
each access token comprising cryptographic information; (Srinivasan; Paras. [0141]-[0143]: Client tokens (i.e. access tokens) comprising a first encrypted part (i.e. cryptographic information))
wherein the storing comprises storing a plurality of lists of access tokens, (Srinivasan; Para. [0010]: Storing a list of grants which allow client access pertaining to a user among users (i.e. store a plurality of lists of access tokens))
each list of access tokens comprising access tokens that are usable in obtaining a different level of access to the apparatus, (Srinivasan; Para. [0010]: A list of grants (i.e. each list of access tokens comprising access tokens) which allow client access pertaining to a user among users (i.e. different level of access to the apparatus))
the second list comprising a second plurality of lists of access tokens. (Srinivasan; Para. [0010]: A list of grants which allow client access pertaining to another user among users (i.e. second lists comprising a second plurality of lists of access tokens))
Srinivasan is combinable with Field-Eliot and Duane because all are from the same field of endeavor of authorizing access based on tokens. Therefore, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to have modified the system of Field-Eliot and Duane to incorporate encrypted parts into the tokens as in Srinivasan in order to improve the security of the system by securing specific information included in the access tokens.
Field-Eliot, Duane and Srinivasan do not teach the limitations of claim 51 as follows:
- storing an encryption key 
However, in the same field of endeavor, Goel discloses the limitations of claim 51 as follows:
- storing an encryption key (Goel; Para. [0038]: The system contains encryption keys (i.e. storing an encryption key))
Goel is combinable with Field-Eliot, Duane and Srinivasan because all are from the same field of endeavor of maintaining credentials for authorizing access. Therefore, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to have modified the system of Field-Eliot, Duane and Srinivasan to incorporate storing an encryption key as in Goel in order to improve the security of the system by using a stored encryption key for use in encrypting transmissions.

Regarding claim 54, Field-Eliot, Duane, Srinivasan and Goel teach the limitations of claim 51.
Field-Eliot teaches the limitations of claim 54 as follows:
The method according to claim 51, further comprising storing a plurality of lists of access tokens, (Field-Eliot; Paras. [0023], [0029], [0033]-[0034] & [0048]: Stored and received identifiers or tokens (i.e. plurality of lists of access tokens) stored in the memory of the system (i.e. storing))
each list of the access tokens comprising access tokens that are usable in obtaining a different level of access to the apparatus.  (Field-Eliot; Para. [0031]: The tokens in a plurality of tokens includes user security/access level (i.e. usable in obtaining a different level of access to the apparatus))

Regarding claim 55, Field-Eliot, Duane, Srinivasan and Goel teach the limitations of claim 51.
Field-Eliot teaches the limitations of claim 55 as follows:
The method according to laim 51, wherein each list corresponds to a distinct role a user may assume with respect to the apparatus. (Field-Eliot; Para. [0031]: The tokens in a list of tokens includes user employment position (i.e. corresponds to a distinct role a user may assume) in regards to the system)

Claims 52-53  are rejected under 35 U.S.C. 103 as being unpatentable over Field-Eliot (US 2014/0013396 A1), further in view of Duane (US 8307210 B1), further in view of Srinivasan (US 2016/0028737 A1), further in view of and Goel (US 2017/0155627 A1), as applied to claim 51, further in view of Dent (US 7114178 B2).
 Regarding claim 52, Field-Eliot, Duane, Srinivasan and Goel teach the limitations of claim 51.
Field-Eliot teaches the limitations of 52 as follows:
The method according to claim 51, comprising receiving the second list of the access tokens (Field-Eliot; Para. [0048]: The application server of the system receives applications tokens (i.e. second list of access tokens) for accessing the application server)
Field-Eliot, Duane, Srinivasan and Goel do not teach the limitations of claim 52 as follows:
receiving the access tokens over a short-range wireless interface. 

receiving the access tokens over a short-range wireless interface.  (Dent; Col. 3, Lines 9-27: A wireless communication device is supplied (i.e. receiving) authorization codes (i.e. access tokens) via a wireless Bluetooth interface (i.e. over a short-range wireless interface))
Dent is combinable with Field-Eliot, Duane, Srinivasan and Goel because all are from the same field of endeavor of maintaining credentials for authorizing access. Therefore, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to have modified the system of Field-Eliot, Duane, Srinivasan and Goel to incorporate the Bluetooth communication interface of Dent in order to expand the functionality of the system by allowing communication to occur through multiple types of communication interfaces.

Regarding claim 53, Field-Eliot, Duane, Srinivasan, Goel and Dent teach the limitations of claim 52.
Field-Eliot, Duane, Srinivasan, Goel and Dent teach the limitations of claim 53 as follows:
The method according to claim 52, wherein the short-range wireless interface comprises a Bluetooth interface.  (Dent; Col. 3, Lines 9-27: A wireless communication device is supplied authorization codes via a wireless Bluetooth interface (i.e. short-range wireless interface comprises a Bluetooth interface))
The same motivation to combine as in claim 52 applies to claim 53.

Prior Art Considered But Not Relied Upon
	Sondhi (US 2015/0089622 A1) which teaches a mobile OAuth service which manages access to resource servers.

Conclusion
Any inquiry concerning this communication or earlier communications from the examiner should be directed to BLAKE ISAAC NARRAMORE whose telephone number is (303)297-4357.  The examiner can normally be reached on Monday - Friday 0700-1700 MT.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Taghi T Arani can be reached on (571) 272-3787.  The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system.  Status information for published applications may be obtained from either Private PAIR or Public PAIR.  Status information for unpublished applications is available through Private PAIR only.  For more information about the PAIR system, see https://ppair-my.uspto.gov/pair/PrivatePair. Should you have questions on access to the Private 






/B.I.N./Examiner, Art Unit 2438     

/SAMSON B LEMMA/Primary Examiner, Art Unit 2498