DETAILED ACTION
Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .
This action is in response to communication filed 12/30/2020. Claims 1, 9 and 19 are amended, claims 7 and 20 are canceled and claims 1-6 and 8-19 remain pending.

Remarks and Response to Arguments
35 U.S.C. 112(f) claim interpretation per the indicated limitation(s) in claim 20:
In response to cancelation of claim 20, the respective claim interpretation is moot.

Per 35 U.S.C. 112(b) rejections:
The respective rejection of canceled claim 20 is moot.
Per rejection of claims 1-6 and 9-14, in light of corrective amendments to claims 1 and 9 to clarify the indefiniteness of configuring supported and required security capabilities, applicant’s argument is moot.  In response to amendments, the respective rejection of claim 1-6 and 9-14 are withdrawn. 
The respective 112(b) rejection of canceled claim 7 is moot.
In response to amendment, the respective rejection of claim 8 is withdrawn.
In response to amendment, the respective rejection of claim 19 is withdrawn.

Per 35 U.S.C. 101 rejection of record (Abstract Idea):
In response to amendment, the respective rejection of claims 1-6 and 8 are withdrawn.

Per Double Patenting rejection of record, the rejection is maintained.

Per 35 U.S.C. 102/103 rejections of claims 1-6 and 8-19 anticipated by Smith I and/or obvious over Smith I in view of Smith II:
Applicant's arguments filed 12/30/2020 have been fully considered but they are not persuasive as follows. 

Per 35 U.S.C. 102 rejection of claims 1-2 and 4-6:
Applicant argues “[t]he applicant has amended claim 1 to recite the limitations of “ identifying a set of configurable supported security capabilities corresponding to a reference in a database” “automatically identifying a set of configurable required security capabilities” “configuring the set of supported security capabilities using the set of required security capabilities” and "comparing the set of required security capabilities to the configured set of supported security capabilities and responding to the key request based on the comparison .” These limitations are not disclosed by Smith. The applicant therefore respectfully requests that the rejection of claims 1, 2, and 4-6 under 35 U.S.C. § 102 be withdrawn” (Remarks: page 7).

Per 35 U.S.C. 103 rejection of claims 3 and 8-19:
Applicant argues “[t]he Examiner rejected claims 3 and 8-20 under 35 U.S.C. § 103 as being unpatentable over Smith I in view of Smith, U.S. Patent Application Pub. No. 2016/0381405 (Smith II). Claims 3 and 8 depend from claim 1 and are patentable over the cited art for the same reasons as is claim 1. Claim 9 has also been amended to recite the limitations of configurable supported security capabilities corresponding to client device” “a second database for storing a set of configurable required security capabilities corresponding to at least one of a key and content associated with the key” and a processing device configured to “configure, in response to an administrator communication corresponding to the set of required security capabilities, the set of required security capabilities and configure, in response to an administrator communication corresponding to the set of supported security capabilities, the set of supported security capabilities using the configured set of required security capabilities.” As with claim 1, these limitations are not disclosed by the cited prior art. Claim 9 and its dependent claims 10-20 therefore also patentably distinguish over the cited prior art” (Remarks: pages 7-8).
Applicant’s arguments regarding 102 and 103 rejections fail to comply with 37 CFR 1.111(b) because they amount to a general allegation that the claims define a patentable invention without specifically pointing out how the language of the claims patentably distinguishes them from the references. 
Nonetheless, after reconsideration of the claimed scope in light of the resolved indefiniteness issues and conducting an updated search, a new ground of rejection per claims 1-6 and 8 is necessitated below.

Claim Interpretation
The following is a quotation of 35 U.S.C. 112(f):
(f) Element in Claim for a Combination. – An element in a claim for a combination may be expressed as a means or step for performing a specified function without the recital of structure, material, or acts in support thereof, and such claim shall be construed to cover the corresponding structure, material, or acts described in the specification and equivalents thereof. 

The following is a quotation of pre-AIA  35 U.S.C. 112, sixth paragraph:



This application includes one or more claim limitations that do not use the word “means,” but are nonetheless being interpreted under 35 U.S.C. 112(f) or pre-AIA  35 U.S.C. 112, sixth paragraph, because the claim limitation(s) uses a generic placeholder that is coupled with functional language without reciting sufficient structure to perform the recited function and the generic placeholder is not preceded by a structural modifier.  Such claim limitations are: 

“A digital rights management system configured to receive a key request from a client device, the digital rights management system, … a content management system for establishing rules to determine the set of required security capabilities corresponding to content; and a processing device configured to:
identify, in the first database, the set of supported security capabilities corresponding to the client device;
identify, in the second database, the set of required security capabilities corresponding to the content associated with the key;
configure, in response to an administrator communication corresponding to the set of required security capabilities, the set of required security capabilities; and
configure the set of supported security capabilities using the configured set of required security capabilities. ” in claim 9.

Examiner’s Note: 

“a first database for storing a set of configurable supported security capabilities corresponding to client device;
a second database for storing a set of configurable required security capabilities corresponding to at least one of a key and content associated with the encryption key” in claim 9,
although “database” generally refers to a set of related data and the way such data is organized (i.e., software that may or may not include a hardware structure), due to their respective recited functions, i.e., storing, said claimed databases are interpreted to include hardware (i.e., memory). Therefore, claimed limitations are interpreted to include sufficient structure in the claim, i.e., the claimed first and second databased are not construed as generic placeholders and are not interpreted to invoke 112(f) claim interpretation.

Because these claim limitations are being interpreted under 35 U.S.C. 112(f) or pre-AIA  35 U.S.C. 112, sixth paragraph, they are being interpreted to cover the corresponding structure described in the specification as performing the claimed function, and equivalents thereof. Examiner’s Note: Sufficient structure for the means-plus-function limitations set forth above are found in Figures 2-6 and in paragraphs 0030-0037 and 0055-0058 in the specification.

If applicant does not intend to have this/these limitation(s) interpreted under 35 U.S.C. 112(f) or pre-AIA  35 U.S.C. 112, sixth paragraph, applicant may:  (1) amend the claim limitation(s) to avoid it/them being interpreted under 35 U.S.C. 112(f) or pre-AIA  35 U.S.C. 112, sixth paragraph (e.g., by reciting sufficient structure to perform the claimed function); or (2) present a sufficient showing that the claim limitation(s) recite(s) sufficient structure to perform 

Claim Objections
Claim 1 is objected to because of the following informalities:  
Per claim 1, “A key request” recited in the body of claim 1 (line 6) is a second recitation of this limitation (the first is recited in the preamble). Therefore, the second recitation should be “the key request”.  
Appropriate correction is required.

Claim Rejections - 35 USC § 103
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.

1.	Claims 1 and 3-6 are rejected under 35 U.S.C. 103 as being unpatentable over Quisumbing, US2018/0011721A1 in view of Smith – I, US2016/0381405A1, further in view of Smith – II, US2016/0364553A1.

Per claim 1, Quisumbing discloses a method for configuring security capabilities for content protection to respond to a key request, the method comprising: 
identifying a set of configurable supported security capabilities corresponding to a reference in a database and associated with a client device (The information transmitted by the identify hardware components currently used in the hardware configuration of the flash storage array system 110, a version of software used by the flash storage system 110, and other status information of the flash storage array system 110.  Further details with regard to the information transmitted by the flash storage array system 110 are described in conjunction with FIG. 2.  The guide component 130 may further receive order information of a guide component 130.  For example, the information may be provided from a database or a customer relationship management (CRM) server that provides information of new hardware components that have been ordered by a user of the flash storage array system 110 – Quisumbing:  par. 0021); 
Quisumbing is not relied on to explicitly disclose but Quisumbing in view of Smith – I discloses automatically identifying a set of configurable required security capabilities corresponding to content associated with a key request from the client device by evaluating metadata of the content (a consumption device may optionally receive (encrypted) diverse content containing one or more licensed content segments and an associated metadata package…the consumption device (or, more specifically, a DRMM thereof) may inspect the metadata package for content labels describing the licensing requirements, if any for the content segments included in the encrypted diverse content.  For protection and ensure enforcement of any required licensing requirements, the metadata package may be stored and inspected within a protected environment (e.g., TEE 208) – Smith – I: par. 0104 and 0105).
(requirements of the new hardware component may be identified.  The requirements may indicate particular versions of software, connection types, and so forth that are needed by the new hardware component.  The requirements of the new hardware component may be compared with the current hardware configuration of the system to determine whether the current hardware configuration satisfies the requirements of the new hardware component.  If the current hardware configuration does not satisfy the requirements, then an installation action may be identified as needing to be performed to satisfy the requirements of the new hardware component – Quisumbing: par. 0028); and 
Quisumbing in view of Smith – I is not relied on to disclose but further in view of Smith – II discloses comparing the set of required security capabilities to the configured set of supported security capabilities (Assuming that appropriate security requirements (as indicated by content provider 110) are met based at least in part on this certificate or other attestation information, IKM 120 may enable IoT device 140.sub.1 to be authorized as a content consumption device – Smith – II: par. 0032 – Note: device’s supported capabilities are attested to and compared to appropriate security requirements) and responding to the key request based on the comparison (next responsive to determination of the capabilities of IoT device 140.sub.1, a new content key can be generated in IKM 120, assuming that IoT device 140.sub.1 meets appropriate robustness rules… Responsive to providing this content key to IoT device 140.sub.1, given requested protected content received from content provider 110 may be provided from IKM 120 as encrypted content to IoT device 140.sub.1. – Smith – II: par. 0033 
Therefore, it would have been obvious to a person of ordinary skill in the art before the effective filing date of the claimed invention to modify Quisumbing in view of Smith – I to include automatically identifying a set of configurable required security capabilities corresponding to content associated with a key request from the client device by evaluating metadata of the content.
One of ordinary skill in the art would have been motivated because it would allow “to negotiate or otherwise provide licensing terms governing content segment(s) requested by client 101”. It would further allow “to enforce an access policy over the content in question, to protect one or more encryption keys, to appropriately use an encryption key over plain text data that is protected by TEE 208, combinations thereof, and the like)” – Smith – I: par. 0029 and 0049.
Additionally, it would have been obvious to a person of ordinary skill in the art before the effective filing date of the claimed invention to modify Quisumbing in view of Smith – I further in view of Smith – II to include comparing the set of required security capabilities to the configured set of supported security capabilities and responding to the key request based on the comparison.
One of ordinary skill in the art would have been motivated because it would allow enabling “key lifecycle management that is common across multiple key types and contexts including key management for groups involving protected content”. It would further allow devices that are aware of their security provisioning status which “allows them to be proactive  – Smith – II: par. 0025 and 0109.

Per claim 3, Quisumbing in view of Smith – I and Smith – II discloses the method according to claim 1, wherein the configuring the set of required security capabilities comprises adjusting the set of required security capabilities to reflect a decrease in required security responsibilities in response to at least one of the content becoming older, a change on contract between content creators and content distributors, and changes in licensing of the content (By introducing an IKM, a run-time evaluation of an IoT device may enable that device to receive content, when it might not have been authorized at manufacture time.  A good example would be dated content (content for which the license changes over time or expires completely).  For this content, DRM robustness requirements must be met in order to receive the content in the first place, and evaluate the date restrictions.  An IKM could assess the content, determine that the date restrictions have expired, and then distribute the content to a lower-robustness endpoint – Smith – II: par. 0019 - Note: when a given content is old, i.e., expired, required security capabilities are adjusted, wherein the given content is distributed to a lower robustness endpoint, equivalent to “a decrease in required security responsibilities in response to the content becoming old”).
The same motivation to modify Quisumbing in view of Smith – I and Smith – II applied to claim 1 above applies here.

(the content license includes a content key (which is the key used to encrypt the content) and license restrictions (e.g., number of times the content can be played back, whether a content can be copied from one device to other, key expiration time, device topology rules, etc.).  In examples, a content license can be for a specific single content or a group of content (e.g., license to watch all the episodes of "Breaking Bad") – Smith – II: par. 0022 - Note: A content license associated with a group of content, e.g., all episodes of “Breaking Bad”, comprises a content key and license restrictions).
The same motivation to modify Quisumbing in view of Smith – I and Smith – II applied to claim 1 above applies here.

Per claim 5, Quisumbing in view of Smith – I and Smith – II discloses the method according to claim 1, wherein the configuring the set of required security capabilities comprises assigning a service provider defined term to represent a particular set of required security capabilities (content provider 110 provides a content key to IKM 120.  In various embodiments, this content key may be provided as part of a content license that indicates that IKM 120 may operate as a domain controller.  The license establishes that the device is authorized by a manufacturer to install the content provider's credential in the device at manufacturing time.  This key is used to encrypt content keys that are specific to a content delivery.  Still further, this  – Smith – II: par. 0029 – Note: a content provider’s credentials represent/are associated with a content license which is assigned to the content).
The same motivation to modify Quisumbing in view of Smith – I and Smith – II applied to claim 1 above applies here.

Per claim 6, Quisumbing in view of Smith – I and Smith – II discloses the method according to claim 5, wherein the particular set of required security capabilities comprises a proprietary set of required security capabilities (content provider 110 provides a content key to IKM 120.  In various embodiments, this content key may be provided as part of a content license that indicates that IKM 120 may operate as a domain controller.  The license establishes that the device is authorized by a manufacturer to install the content provider's credential in the device at manufacturing time.  This key is used to encrypt content keys that are specific to a content delivery.  Still further, this content license may indicate that IKM 120 is authorized to attest to certain device hardening requirements of downstream IoT devices 140, and if such requirements are met, enable provision of protected digital content to such devices for consumption – Smith – II: par. 0029 – Note: a content key as part of the content license, provider’s credentials and device hardening requirements, together are equivalent to a proprietary set of required security capabilities provisioned per protected digital content subject to digital right management).
.

2.	Claim 2 is rejected under 35 U.S.C. 103 as being unpatentable over Quisumbing, US2018/0011721A1, Smith – I, US2016/0381405A1, and Smith – II, US2016/0364553A1as applied in claim 1 above, further in view of Naslund, US8578506B2.

Per claim 2, Quisumbing in view of Smith – I and Smith – II discloses the method according to claim 1.
Quisumbing in view of Smith – I and Smith – II is not relied on to disclose but further in view of Naslund discloses wherein the configuring the set of supported security capabilities comprises adjusting the set of supported security capabilities to reflect an increase in a number of client devices being allowed access to the content (When a user makes a request for content to be delivered to a device 5 in the domain, the DG grants a sub-license to the device 5, assuming that the maximum number of simultaneously rendered copies of the content specified in the master license has not been reached.  The DG maintains a count of how many devices in the domain are currently accessing the content, for example by decrementing a suitable counter by 1 whenever it grants a sub-license to a device in the domain.  When the counter reaches "zero", any further requests for that content are refused, as this indicates that the maximum number of simultaneously rendered copies of that content specified in the master license has been reached.  When a device finishes accessing the content, the counter is incremented by one.  Alternatively, the DG may count the number of devices accessing the – Naslund: col. 10, lines 64-67 and col. 11, lines 1-15 – Note: counter associated with a given content is adjusted, i.e., incremented or decremented per content access request or release to allow a number of devices to access the given content simultaneously, wherein the total number of devices that may be allowed access is a pre-set value).
Therefore, it would have been obvious to a person of ordinary skill in the art before the effective filing date of the claimed invention to modify Quisumbing, Smith – I and Smith – II further in view of Naslund to include wherein the configuring the set of supported security capabilities comprises adjusting the set of supported security capabilities to reflect an increase in a number of client devices being allowed access to the content.
One of ordinary skill in the art would have been motivated because it would allow granting sub-licenses to devices in a domain for requesting a content “assuming that the maximum number of simultaneously rendered copies of the content specified in the master license has not been reached” and refusing to furnish the requested content to the devices in the domain if a counter value “indicates that the maximum number of simultaneously rendered copies of that content specified in the master license has been reached” – Naslund: col. 10, lines 64-67 and col. 11, lines 1-15.

8 is rejected under 35 U.S.C. 103 as being unpatentable over Quisumbing, US2018/0011721A1, Smith – I, US2016/0381405A1, and Smith – II, US2016/0364553A1as applied in claim 1 above, further in view of Cheng, US2009/0094162A1.

Per claim 8, Quisumbing in view of Smith – I and Smith – II discloses the method according to claim 1. 
Quisumbing in view of Smith – I and Smith – II is not relied on to disclose but further in view of Cheng discloses wherein the configuring the set of required security capabilities further comprises periodically re-evaluating the metadata to determine if the set of required security capabilities need to be updated (The License server delivers a capability collection command to all the access devices of Product X in the domination area of the server periodically (for example, once a day or once a week), occasionally or continuously, instructing these access devices to report their current capability.  A capability parameter ID is attached to the collection command.  The capability parameter ID is a character string defined during the development of Product X and is required as the ID of the capability parameter during the generation of License file.  The capability parameter ID can ensure a consistent understanding of a server and the access devices towards a certain capability – Cheng: par. 0046 – Note: capacity parameter ID is equivalent to metadata).
Therefore, it would have been obvious to a person of ordinary skill in the art before the effective filing date of the claimed invention to modify Quisumbing, Smith – I and Smith – II further in view of Cheng to include wherein the configuring the set of required security 
One of ordinary skill in the art would have been motivated because it would allow to include a capability parameter ID that ensures “a consistent understanding of a server and the access devices towards a certain capability” – Cheng: par. 0046.

Allowable Subject Matter
Claims 9-19 remain provisionally rejected under non-statutory Double Patenting rejection (recited in the non-final action dated 07/30/2020); however, in light of 112(f) means-plus-function claim interpretation that limits the claimed scope to the specification and its equivalents, claims 9-19 are allowable over prior arts considered and of record. Therefore, upon resolving all the remaining formal and informal issues, claims 9-19 will be allowed. 
Reason for allowance will be furnished when a NOA is processed. 

Conclusion
The prior art made of record and not relied upon is considered pertinent to applicant's disclosure. 
Ramanathan (US2013/0219458A1) discloses a system for restricting access of digital content to a predetermined number of devices, wherein the system includes a content distribution system that can receive a specification of a predetermined number of devices to which digital content of a publisher may be accessed by one or more users on devices to be identified at time of distribution.
THIS ACTION IS MADE FINAL.  See MPEP § 706.07(a).  Applicant is reminded of the extension of time policy as set forth in 37 CFR 1.136(a).  
A shortened statutory period for reply to this final action is set to expire THREE MONTHS from the mailing date of this action.  In the event a first reply is filed within TWO MONTHS of the mailing date of this final action and the advisory action is not mailed until after the end of the THREE-MONTH shortened statutory period, then the shortened statutory period will expire on the date the advisory action is mailed, and any extension fee pursuant to 37 CFR 1.136(a) will be calculated from the mailing date of the advisory action.  In no event, however, will the statutory period for reply expire later than SIX MONTHS from the date of this final action. 
Any inquiry concerning this communication or earlier communications from the examiner should be directed to AREZOO SHERKAT whose telephone number is (571)272-8533.  The examiner can normally be reached on Monday - Friday 8:30-5.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Kambiz Zand can be reached on 571 - 272 - 3811.  The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system.  Status information for published applications 






/AREZOO SHERKAT/            Examiner, Art Unit 2434                                                                                                                                                                                            /KAMBIZ ZAND/Supervisory Patent Examiner, Art Unit 2434