DETAILED ACTION
Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .

Status of Claims
This Office Action is in response to the claims and remarks filed on 12/07/2020.  
Claims 2, 7, 15-16, and 19 were amended.
Claims 1-20 are pending.

Response to arguments
With respect to the 35 USC § 103 rejection, applicant’s arguments were found persuasive. Applicant’s arguments are made moot, with respect to the independent claims and the arguments against the combination of Rouse in view of Nguyen, based on new grounds of rejection for the independent claims.

Claim Rejections - 35 USC § 102
In the event the determination of the status of the application as subject to AIA  35 U.S.C. 102 and 103 (or as subject to pre-AIA  35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status.  
The following is a quotation of the appropriate paragraphs of 35 U.S.C. 102 that form the basis for the rejections under this section made in this Office action:
A person shall be entitled to a patent unless –



Claim(s) 1-2, and 4 is/are rejected under 35 U.S.C. 102(a)(2) as being anticipated by Skuratovich et al. (US 20170163607 A1) hereinafter referred to as Skuratovich.

With respect to claim 1, Skuratovich discloses: A method comprising: receiving, by a server and from a computing device, a request for content; (similarly to what is recited in the applicant’s summary of the invention, Skuratovich [0101] discloses plurality of servers 210 each connected to a load balancer wherein “Requests directed to the call controller 210 are received by the load balancer 602, and can be directed to any one of the servers 524a, 524b, 524c”. Skuratovich [0102] discloses client device making the request).
receiving, by the server and from the computing device: an encrypted session key configured for use in a previous secure session of the computing device; (Skuratovich [0147] discloses “decrypting the encrypted session key” with respect to the encrypted session key received by server 210 from client device according to paragraphs [0139-0145]. Wherein Skuratovich [0111] discloses the encrypted session key was generated when a “secure connection 407 is established in the pre-call establishment phase”, which is mapped to the previous secure session. Skuratovich [0107-0108] disclose, pre-call session is secure session connection over “TLS” to “provide confidentiality and data integrity”).
and key generation input information associated with the previous secure session of the computing device; (Skuratovich [0111] discloses the “ticket” generated in the pre-call phase, which is mapped to the key generation input information).
determining, based on the key generation input information, a decryption key; (Skuratovich [0146] “the call controller 210 extracts WrapperKeylD from the Ticket, and obtains WrappingKey 
generating, using the decryption key and based on the encrypted session key, a decrypted session key; (Skuratovich [0147] discloses “call controller 210 obtains SessionKey by decrypting the encrypted session key in Ticket with the WrappingKey”).
generating, based on the decrypted session key, encrypted content; (Skuratovich [0153] discloses,” This results in another encrypted cipher text string ("Encrypted2")” which is based on the session key that was obtained in earlier stage in order to reach this step).
and sending, to the computing device, the encrypted content. (Skuratovich [0153] discloses, “The call controller 210 then sends HMAC2 and Encrypted2 to the client”).

With respect to claim 2, Skuratovich discloses: The method of claim 1, wherein the receiving the encrypted session key configured for use in the previous secure session of the computing device comprises receiving encrypted data comprising the encrypted session key, wherein the encrypted data is associated with the previous secure session. (Skuratovich [0147] discloses “decrypting the encrypted session key” with respect to the encrypted session key received by server 210 from client device according to paragraphs [0139-0145]. Wherein Skuratovich [0111] discloses the encrypted session key was generated when a “secure connection 407 is established in the pre-call establishment phase”, which is mapped to the previous secure session. Further proof is found in Skuratovich paragraph [0121] that discloses “step S512, the call controller 210 sends to the client the SessionKey” which comprises “encrypted version of the session key”).

With respect to claim 4, Skuratovich discloses: The method of claim 2, wherein the previous secure session is associated with a previous request for the content, and wherein the encrypted data comprises data generated in response to the previous request for the content. (Skuratovich [0111] discloses generating the session key and ticket associated with connection setup authentication request, see Skuratovich [0108]. The request is in a pre-call secure session, as Skuratovich [0107-0108] disclose, secure session connection over “TLS” to “provide confidentiality and data integrity”. Skuratovich starting at paragraph [0130] discloses “subsequent call signaling process”, wherein [0146-147] disclose using the encrypted session key and ticket, which were previously generated for the pre-call request).

Claim Rejections - 35 USC § 103
In the event the determination of the status of the application as subject to AIA  35 U.S.C. 102 and 103 (or as subject to pre-AIA  35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status.  
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.

The factual inquiries set forth in Graham v. John Deere Co., 383 U.S. 1, 148 USPQ 459 (1966), that are applied for establishing a background for determining obviousness under 35 U.S.C. 103 are summarized as follows:
1. Determining the scope and contents of the prior art.
2. Ascertaining the differences between the prior art and the claims at issue.
3. Resolving the level of ordinary skill in the pertinent art.


Claims 9, 12-13, 15, and 17-20  are rejected under 35 U.S.C. 103 as being unpatentable over Skuratovich in view of Jiang et al. (US 20060212706 A1) hereinafter referred to as Jiang.

With respect to claim 9, Skuratovich discloses: A system comprising: a first server comprising: one or more processors; (Skuratovich [0017] and Fig. 2A disclose “Call Controller 210” comprising a “server pool” who contain processor according to Skuratovich [0260]).
memory storing instructions that, when executed by the one or more processors of the first server, cause the first server to: establish, with a computing device, a secure session, (Skuratovich [0107-0108] disclose, session between server and client is secure session connection over “TLS” to “provide confidentiality and data integrity”).
wherein communications for the secure session are based on a session key configured for use in the secure session; (Skuratovich [0111] discloses secure session communication require generating a session key as part of the process).
and send, to the computing device, an encrypted session key comprising an encrypted version of the session key; (Skuratovich [0111] discloses server 210 sending to client device encrypted session key of the generated session key. Further proof, Skuratovich paragraph [0121] that discloses “step S512, the call controller 210 sends to the client the SessionKey” which comprises “encrypted version of the session key”).
and a server comprising: one or more processors; and memory storing instructions that, when executed by the one or more processors of the server, cause the server to: receive, from the computing device, a request for content, (similarly to what is recited in the applicant’s summary of the 
wherein the request comprises the encrypted session key and key generation input information, (Skuratovich [0147] discloses “decrypting the encrypted session key” with respect to the encrypted session key received by server 210 from client device according to paragraphs [0139-0145]. Wherein Skuratovich [0111] discloses the encrypted session key was generated when a “secure connection 407 is established in the pre-call establishment phase”, which is mapped to the previous secure session. Skuratovich [0107-0108] disclose, pre-call session is secure session connection over “TLS” to “provide confidentiality and data integrity”).
determine, based on the key generation input information, a decryption key, (Skuratovich [0146] “the call controller 210 extracts WrapperKeylD from the Ticket, and obtains WrappingKey corresponding to WrapperKeylD” wherein the determined wrapping key is mapped to the decryption key).
generate, using the decryption key and based on the encrypted session key, the session key, (Skuratovich [0147] discloses “call controller 210 obtains SessionKey by decrypting the encrypted session key in Ticket with the WrappingKey”).
generate, using the session key, encrypted content, (Skuratovich [0153] discloses,” This results in another encrypted cipher text string ("Encrypted2")” which is based on the session key that was obtained in earlier stage in order to reach this step).
and send, to the computing device, the encrypted content. (Skuratovich [0153] discloses, “The call controller 210 then sends HMAC2 and Encrypted2 to the client”).
and a second server comprising: one or more processors; and memory storing instructions that, when executed by the one or more processors of the second server, cause the second server to: receive, from the computing device, a request for content,
However, Jiang in an analogous art teaching a server different than the first server receiving a user request, see Jiang Abstract, furthermore discloses: a second server comprising: one or more processors; and memory storing instructions that, when executed by the one or more processors of the second server, cause the second server to: receive, from the computing device, a request for content, (Jiang [0030-0031] and Figs. 3 and 6 paragraph [0059] disclose when a second server, receiving from a user a cookie for a request. In comparison Figs. 2 and 5 show the first server access by a user).
Therefore, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to modify Skuratovich with second server to: receive, from the computing device, a request for content wherein a cookie is used in order to create a seamless and secure communication wherein the second server may decrypt and verify the cookie, see Jiang Abstract.

With respect to claim 12, Skuratovich in view of Jiang disclose: The system of claim 9, wherein the encrypted session key comprises at least one of: a session encryption key or a session authentication key.  (Skuratovich [0148] discloses the encrypted session key could be used to derive “EncryptionKey and AuthenticationKey” which could be mapped to a session encryption key and a session authentication key consecutively).

With respect to claim 13, Skuratovich in view of Jiang disclose: The system of claim 9, wherein the computing device is further configured to send, to the first server, a second request for second content. (Skuratovich [0167] discloses “The above steps are performed for each request and response 

With respect to claim 15, Skuratovich discloses: A method comprising: establishing, by a computing device and with a first server, a secure session, (Skuratovich [0107-0108] disclose, session between server and client is secure session connection over “TLS” to “provide confidentiality and data integrity”).
wherein communications for the secure session are based on a session key configured for use in the secure session; (Skuratovich [0111] discloses secure session communication require generating a session key as part of the process).
receiving, by the computing device and from the first server, an encrypted session key comprising an encrypted version of the session key; (Skuratovich paragraph [0121] that discloses “step S512, the call controller 210 sends to the client the SessionKey” which comprises “encrypted version of the session key”).
sending, by the computing device and to a server, a request for content, (similarly to what is recited in the applicant’s summary of the invention, Skuratovich [0101] discloses plurality of servers 210 each connected to a load balancer wherein “Requests directed to the call controller 210 are received by the load balancer 602, and can be directed to any one of the servers 524a, 524b, 524c”. Additionally, Skuratovich [0102] discloses client device sending a request to the server).
wherein the request comprises the encrypted session key and key generation input information; (Skuratovich [0147] discloses “decrypting the encrypted session key” with respect to the encrypted session key received by server 210 from client device according to paragraphs [0139-0145]. Wherein Skuratovich [0111] discloses the encrypted session key was generated when a “secure connection 407 is established in the pre-call establishment phase”, which is mapped to the previous 
receiving, after sending the request and from the server, encrypted content; (Skuratovich [0153] discloses the receiving wherein: “The call controller 210 then sends HMAC2 and [cipher text string (" Encrypted2")] to the client”).
decrypting, using the session key, the encrypted content; and outputting for display the content. (Skuratovich [0154] discloses, “The client 205a authenticates and decrypts data in the same manner”. Skuratovich [0102] that the client device is a TV receiving data from the server and Skuratovich [0103] “The client 205 has a user interface (UI) for receiving information from and outputting information to a user of the device 204”).
Skuratovich does not explicitly disclose sending, by the computing device and to a second server, a request for content, 
However, Jiang in an analogous art teaching a server different than the first server receiving a user request, see Jiang Abstract, furthermore discloses: sending, by the computing device and to a second server, a request for content (Jiang [0030-0031] and Figs. 3 and 6 paragraph [0059] disclose when a second server, receiving from a user a cookie for a request. In comparison Figs. 2 and 5 show the first server access by a user. Wherein Jiang [0058] discloses the cookie comprises of “encrypted signed key (ESK)” mapped to the encrypted session key along with key generation input information).
Therefore, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to modify Skuratovich with sending, by the computing device and to a second server, a request for content as disclosed by Jiang in order to create a seamless and secure communication wherein the second server may decrypt and verify the cookie, see Jiang Abstract.

With respect to claim 17, Skuratovich in view of Jiang disclose: The method of claim 15, wherein the encrypted session key comprises at least one of: a session encryption key or a session authentication key. (Skuratovich [0148] discloses the encrypted session key could be used to derive “EncryptionKey and AuthenticationKey” which could be mapped to a session encryption key and a session authentication key consecutively).

With respect to claim 18, Skuratovich in view of Jiang disclose: The method of claim 15, wherein the encrypted session key comprises data encrypted by a second session key. (Skuratovich [0112] discloses “the "connection encryption key" (e.g. TLS key) is separate and different from the "session key"”, wherein the TLS key, mapped to the second session key, is used to encrypt data when transmitted over TLS. Skuratovich [0121] discloses key exchange embodiment wherein “both the encrypted version of the session key (in the ticket) and an unencrypted version of the session key for use by the client 205a. At least the unencrypted version of the session key is transmitted via the secure TLS connection 407”. Since the prior art says “At least” that implicitly means that the encrypted session key could also be transmitted via secure TLS connection. This is interpreted that the encrypted session key when transmitted over TLS is encrypted by the TLS key for additional security for the communication session).

With respect to claim 19, Skuratovich in view of Jiang disclose: The method of claim 15, wherein the sending, to the second server, the request for content comprises transmitting encrypted data comprising the encrypted session key. (Skuratovich [0140] discloses “client 204a sends a request message” which could be a second server based on the load balancing explained in the independent claim wherein the request contains the encrypted session key, see also Skuratovich [0147]. Wherein Jiang based on the mapping of the independent claim discloses the request could be sent to a second server).

With respect to claim 20, Skuratovich in view of Jiang disclose: The method of claim 19, wherein the encrypted data comprises data generated by the first server. (Skuratovich [0111] discloses the encrypted session key was generated when a “secure connection 407 is established in the pre-call establishment phase”, which is mapped to the previous secure session. Wherein based on load balancing explained in the independent claim it could have been a first server, See Skuratovich Figs. 5A-5B).

Claim 3 is rejected under 35 U.S.C. 103 as being unpatentable over Skuratovich in view of Kocher et al. (US 20140044265 A1) hereinafter referred to as Kocher.

With respect to claim 3, Skuratovich discloses: The method of claim 1, 
Skuratovich does not explicitly disclose: wherein the determining the decryption key comprises determining, using a key ladder, the decryption key.
However, based on paragraph 62 page 23 of the applicant specifications document reciting, “The key ladder may comprise a hierarchy of algorithms that generate an output based on an input.” Kocher in an analogous art discloses in paragraph [0162] the decryption “key may be derived using key ladders,”
Therefore, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to modify Skuratovich with using a key ladder disclosed by Kocher in order to (Kocher paragraph [0162]) “help prevent higher-value keys from being compromised should a third party improperly manage keys.”

Claim 11 is rejected under 35 U.S.C. 103 as being unpatentable over Skuratovich in view of Jiang and further in view of Kocher et al. (US 20140044265 A1) hereinafter referred to as Kocher.

With respect to claim 11, Skuratovich in view of Jiang disclose: The system of claim 9, wherein the instructions stored in the memory of the second server, when executed by the one or more processors of the second server, cause the second server to determine the decryption key (Jiang in view of the load balancing disclosed by Skuratovich in the independent claim, and further, Skuratovich [0146] discloses “the call controller 210 extracts WrapperKeylD from the Ticket, and obtains WrappingKey corresponding to WrapperKeylD” wherein the determined wrapping key is mapped to the decryption key and the call controller 210 contains server pool therefore containing any number of servers with the load balancing).
However, Skuratovich does not explicitly disclose: by: sending, to a shared server in communication with the first server and the second server, the key generation input information; and receiving, from the shared server, the decryption key, wherein the decryption key was generated by the shared server by using the key generation input information as an input to a stored key ladder.
Kocher in a similar field of endeavor teaches in paragraph [0156] a shared third party server that may receive commands or keys wherein in paragraph [0162] the decryption “key may be derived using key ladders,” wherein the input to a stored key ladder includes “parameter values” such as an identifier.
Therefore, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to modify Skuratovich with using a key ladder disclosed by Kocher in order to (Kocher paragraph [0162]) “help prevent higher-value keys from being compromised should a third party improperly manage keys.”

Claims 6-8 are rejected under 35 U.S.C. 103 as being unpatentable over Skuratovich in view of Drucker (US 20130024686 A1) hereinafter referred to as Drucker.

With respect to claim 6, Skuratovich discloses: The method of claim 1, 
Skuratovich does not explicitly disclose: wherein the determining the decryption key comprises determining, based on a Media Access Control (MAC) address associated with the computing device, the decryption key. 
However, Drucker in an analogous art disclose in claims 9 and 11 requested decryption key based on device MAC attribute.
Therefore, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to modify Skuratovich with determining, based on the key generation input information, a decryption key disclosed by Drucker “to maintain the security and proprietary nature of communications in a variety of conventional ways” (see Drucker [0003])

With respect to claim 7, Skuratovich discloses: The method of claim 1, 
Skuratovich does not explicitly disclose the rest of the claim.
However, Drucker in an analogous art discloses: wherein the determining the decryption key comprises: sending, to a shared server in communication with the server and a different server, the MAC address; (Drucker [0026] based on Fig. 1C shows devices connected to server over the internet, which means there could be any number of servers on the internet. [0036] device can request “encryption /decryption key”. [0045] and Fig. 5 disclosing the decryption key request (DKR) sent to server containing the device MAC).
and receiving, from the shared server, the decryption key. (Drucker [0045] discloses the requesting device then receives the decryption key from the server).


With respect to claim 8, Skuratovich discloses: The method of claim 1, wherein the key generation input information associated with the previous secure session of the computing device 
Skuratovich does not explicitly disclose: comprises at least one of: a session encryption key, a session authentication key, a time, or a user identifier. 
However, Drucker in an analogous art discloses key generation input information comprises a user identifier paragraph [0052] discloses the input information used in order to generate a key includes a user ID.
Therefore, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to modify Skuratovich with determining, based on the key generation input information, a decryption key wherein the information includes a user identifier disclosed by Drucker “to maintain the security and proprietary nature of communications in a variety of conventional ways” (see Drucker [0003]).

Claims 14, and 16 are rejected under 35 U.S.C. 103 as being unpatentable over Skuratovich in view Jiang and further in view of Drucker (US 20130024686 A1) hereinafter referred to as Drucker.

With respect to claim 14, Skuratovich in view of Jiang disclose: The system of claim 13, 
 wherein the second request comprises: a timestamp, and a Media Access Control (MAC) address associated with the computing device.
However, Drucker in an analogous art discloses: wherein the second request comprises: a timestamp, and a Media Access Control (MAC) address associated with the computing device. (Drucker [0040] discloses message attributes associated with the computing device include MAC and time stamp).
Therefore, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to modify Skuratovich wherein the second request comprises: a timestamp, and a Media Access Control (MAC) address associated with the computing device as disclosed by Drucker “to maintain the security and proprietary nature of communications in a variety of conventional ways” (see Drucker [0003]).

With respect to claim 16, Skuratovich in view of Jiang disclose: The method of claim 15, 
They do not explicitly disclose: further comprising transmitting, to the second server, a different request for content, wherein the different request comprises at least one of a MAC address or a timestamp.
However, Drucker in an analogous art paragraph [0040] discloses message attributes associated with the computing device for every key request include MAC and time stamp).
Therefore, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to modify Skuratovich with further comprising transmitting, to the second server, a different request for content, wherein the different request comprises at least one of a MAC address or a timestamp disclosed by Drucker “to maintain the security and proprietary nature of communications in a variety of conventional ways” (see Drucker [0003]).

Claim 10 is rejected under 35 U.S.C. 103 as being unpatentable over Skuratovich in view of Fahrny (US 20060184796 A1) hereinafter referred to as Fahrny.

With respect to claim 10, Skuratovich discloses: The system of claim 9, wherein the encrypted session key comprises data generated by the first server, (Skuratovich [0118] discloses server client 210 generating session key).
Skuratovich does not explicitly disclose: and wherein the encrypted session key comprises additional encrypted data. 
However, Fahrny in an analogous art disclosing generating multiple key encryption/decryption and extracting a session key as recited in the Abstract also in paragraph [0042-0043] discloses a CA system which could be mapped to a server that “typically use 3 to 4 tiers of keys” which means that every key is used to decrypt the next key in the chain which means that a session key could comprise an additional encrypted key to decrypt.
Therefore, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to modify Skuratovich to present a more secure and modifiable tiered encryption/decryption key security that is resistant to hacker attacks (see Fahrny paragraph [0004]).

Conclusion
Any inquiry concerning this communication or earlier communications from the examiner should be directed to HANY S GADALLA whose telephone number is (571)272-2322.  The examiner can normally be reached on Mon to Fri 8:30AM - 5:00PM.

If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Carl Colin can be reached on (571) 272-3862.  The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system.  Status information for published applications may be obtained from either Private PAIR or Public PAIR.  Status information for unpublished applications is available through Private PAIR only.  For more information about the PAIR system, see https://ppair-my.uspto.gov/pair/PrivatePair. Should you have questions on access to the Private PAIR system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative or access to the automated information system, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.



/H.S.G./Examiner, Art Unit 2493                                                                                                                                                                                         
/CARL G COLIN/Supervisory Patent Examiner, Art Unit 2493