Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .

This action is in response to the claims filed 8/08/2019.  Claims 1-20 are pending.  Claims 1 (a method) and 11 (a software machine) are independent.

Claim Rejections - 35 USC § 101
35 U.S.C. 101 reads as follows:
Whoever invents or discovers any new and useful process, machine, manufacture, or composition of matter, or any new and useful improvement thereof, may obtain a patent therefor, subject to the conditions and requirements of this title.


Claims 11-20 are rejected under 35 U.S.C. 101 because the claimed invention is directed to non-statutory subject matter.  The claim(s) does/do not fall within at least one of the four categories of patent eligible subject matter because claim 11 is directed toward a software machine.  Claim 11 comprises a “processor”, this term is defined by the Merriam Webster dictionary as “a computer program (such as a compiler) ….”  A computer program is not a process, machine, manufacture, nor composition of matter for the purposes of § 101 and claims 11-20 are non-statutory. 


Claim Rejections - 35 USC § 102
The following is a quotation of the appropriate paragraphs of 35 U.S.C. 102 that form the basis for the rejections under this section made in this Office action:


(a)(2) the claimed invention was described in a patent issued under section 151, or in an application for patent published or deemed published under section 122(b), in which the patent or application, as the case may be, names another inventor and was effectively filed before the effective filing date of the claimed invention.

Claim(s) 1, 2, 11, and 12 is/are rejected under 35 U.S.C. 102(a)(2) as being anticipated by Felt et al., US 2002/0138735 (filed 2002-02).
As to claims 1 and 11, Felt discloses a method/machine comprising:
receiving, (“In step 280, the receiving party receives a signed message.” Felt ¶ 123) by a data processing system (“The target might be a client, a particular service, a server group, a gateway group, a particular server machine” Felt ¶ 104), from a computing device (“the originating user signs a message buffer with a signature. … The user may be a person using the transaction server itself” Felt ¶ 113), a content item communication (“message 40 is used to generate a message digest 90.” Felt ¶ 122, the message), the content item communication including a first content item device identifier (“Public Key Certificate: A data structure containing a public key with associated identifying information. The information might include a user's name, organization, email address, etc., plus key-specific information such as its creation date, expiration date, issuer id, and serial number. The issuing Certificate Authority digitally signs both the public key and the associated information, to create a verifiable and tamper-proof binding between a public key and a particular user.” Felt ¶ 78.  The signed public key being the device identifier) and an attestation token (“A digitally signed message buffer can be represented in PKCS-7 format, as a “SignedData” content type.” Felt ¶ 229. The signed message being the attestation token) including a public key associated with the computing device, (The signed data includes the signing party’s certificate, Felt 
verifying, by the data processing system, (“In step 290 message digest A and message digest B are compared, and if they are found to be identical, then the message is deemed to have arrived from a valid identified sender (step 292)” Felt ¶ 123) the digital signature using the public key, (“The recipient may then generate another version of the message digest by using the public key and the message signature (step 288).” Felt ¶ 123, public keys used to verify signature.) the time stamp (“Whenever a signature is generated, a timestamp from the local system's clock is attached. The timestamp itself is included in the signature's checksum calculation as an authenticated attribute” Felt¶ 236), and the message payload; (“This signature contains a cryptographically secure checksum of the message buffer's contents. Any party with access to the message buffer may verify that the originating user's signature is authentic” Felt ¶ 222)
generating, by the data processing system, a second content item device identifier based on a crypto-hash (“TPSIGN_OK: The signing party's certificate is issued by a recognized CA, the CA's certificate signature is valid,” Felt ¶ 255. Validating the  of the public key; (“The issuing Certificate Authority digitally signs both the public key and the associated information, to create a verifiable and tamper-proof binding between a public key and a particular user.” Felt ¶ 78.  Validating the signing party’s certificate involves a hash/digest of the public key, to compare with the CA’s signature/digest)
determining, by the data processing system, that the second content item device identifier matches the first content item device identifier; and  (“TPSIGN_OK: The signing party's certificate is issued by a recognized CA, the CA's certificate signature is valid,” Felt ¶ 255. The certificate comprising a signature of the CA, a crypto hash)
processing, by the data processing system, responsive to verifying the digital signature (“and the associated digital signature is verified.” Felt ¶ 255. See also Felt ¶ 123, validating the signature.) and responsive to determining that the second content item device identifier matches the first content item device identifier, (“TPSIGN_OK: The signing party's certificate is issued by a recognized CA, the CA's certificate signature is valid,” Felt ¶ 255. The certificate comprising a signature of the CA, a crypto hash) the content item communication based on the message payload. (“A service may require a valid digital signature on all incoming request messages, based on an administrative policy…. must have composite signature status TPSIGN_OK or it will not be processed.” Felt ¶ 275)

As to claims 2 and 12, Felt discloses the method/machine of claims 1 and 11 and further discloses: 
.

Claim Rejections - 35 USC § 103
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.


Claims 3, 10, 13, and 20 are is/are rejected under 35 U.S.C. 103 as being unpatentable over Felt et al., US 2002/0138735 (filed 2002-02), in view of Stahl, US 2016/0373418 (filed 2015-06).
As to claims 3 and 13 Felt discloses the method/machine of claims 1 and 11 but does not disclose:
further comprising the step of truncating the crypto-hash of the public key.

Stahl discloses:


A person of ordinary skill in the art before the effective filing date of the claimed invention would have combined Felt with Stahl by incorporating a truncated device identifier as used in Stahl (¶¶ 60 and 64) as part of the authentication of Felt.  It would have been obvious to a person of ordinary skill in the art to incorporate the device identifier authentication of Stahl in the system of Felt in order to provide a truncated device identifier for constrained wireless devices, thereby saving resources; and to perform a Diffie-Hellman authentication exchange to both authenticate the terminals to each other and to derive shared keys for secure communication, thereby proving identity and securing communication between the devices.

As to claims 10 and 20 Felt discloses the method/machine of claims 1 and 11 but does not disclose:
wherein receiving a content item communication includes receiving the first content item device identifier having a length of 16 bytes.

Stahl discloses:


A person of ordinary skill in the art before the effective filing date of the claimed invention would have combined Felt with Stahl by incorporating a truncated device identifier as used in Stahl (¶¶ 60 and 64) as part of the authentication of Felt.  It would have been obvious to a person of ordinary skill in the art to incorporate the device identifier authentication of Stahl in the system of Felt in order to provide a truncated device identifier for constrained wireless devices, thereby saving resources; and to perform a Diffie-Hellman authentication exchange to both authenticate the terminals to each other and to derive shared keys for secure communication, thereby proving identity and securing communication between the devices.

Claims 4, 5, 14, and 15 are is/are rejected under 35 U.S.C. 103 as being unpatentable over Felt et al., US 2002/0138735 (filed 2002-02), in view of Patiejunas et al., US 2014/0046908  (filed 2012/08).
As to claims 4 and 14, Felt discloses the method/machine of claims 1 and 11 but does not disclose:


Patiejunas discloses:
wherein processing the content item communication includes determining the message payload of the content item communication includes a wipe-out request. (“process 700 includes receiving 702 a data deletion request to delete data” Patiejunas ¶ 138. See also Patiejunas ¶¶ 50, 53 and 54.  A deletion being a wipe-out)

A person of ordinary skill in the art before the effective filing date of the claimed invention would have combined Felt with Patiejunas by using the secure message system of Felt to transmit the deletion requests of Patiejunas.  It would have been obvious to a person of ordinary skill in the art before the effective filing date of the claimed invention to transmit the deletion requests of Patiejunas using the secure message system of Felt in order to establish the requestor’s authorization to perform the deletion act (Patiejunas ¶¶ 53-54); thereby preventing unauthorized individuals from inadvertently or maliciously damaging user data.

As to claims 5 and 15, Felt in view of Patiejunas discloses the method/machine of claims 4 and 14 but does not disclose:
further comprising removing data associated with the first content item device identifier responsive to determining the message payload includes the wipe-out request.


further comprising removing data associated with the first content item device identifier responsive to determining the message payload includes the wipe-out request. (“process 700 includes causing 716 the deletion of at least some of the data components. For example, in an environment 200 illustrated by FIG. 2, a storage node manager 244 responsible for the data deletion job may identify a set of storage nodes that store the data components for the data to be deleted and requests at least a subset of those storage nodes to delete their respective data components.” Patiejunas ¶ 146)

A person of ordinary skill in the art before the effective filing date of the claimed invention would have further combined Felt in view of Patiejunas with Patiejunas by using the secure message system of Felt to transmit the deletion requests of Patiejunas, which cause deletions in a system.  It would have been obvious to a person of ordinary skill in the art before the effective filing date of the claimed invention to transmit the deletion requests of Patiejunas using the secure message system of Felt in order to establish the requestor’s authorization to perform the deletion act (Patiejunas ¶¶ 53-54); thereby preventing unauthorized individuals from inadvertently or maliciously damaging user data.

Claims 6, 7, 16, and 17 are is/are rejected under 35 U.S.C. 103 as being unpatentable over Felt et al., US 2002/0138735 (filed 2002-02), in view of Fransdonk et al., US 2003/0163684  (filed 2002-12).
As to claims 6 and 16, Felt discloses the method/machine of claims 1 and 11 but does not disclose:


Fransdonk discloses:
wherein processing the content item communication (“broadband IP technologies allow content and service providers to distribute high-quality video to millions of subscribers simultaneously.” Fransdonk ¶ 9) includes determining the message payload of the content item communication includes a content item request (“prompts the user for a PIN to confirm the order. The PIN is utilized to sign the order utilizing the secure device 46, and a resulting order confirmation (signed) is transmitted back to the conditional access agent 28” Fransdonk ¶ 229)
 and a set of parameters associated with a request for a content item. (“The order request may furthermore consist of a number of order options, if applicable (e.g., a pricing of $8.00, or $4.00 for a predetermined amount of time plus $1.00 per minute thereafter).” Fransdonk ¶ 228).

A person of ordinary skill in the art before the effective filing date of the claimed invention would have combined Felt with Fransdonk by sending the content order using the communication system of Felt.  It would have been obvious to a person of ordinary skill in the art before the effective filing date of the claimed invention to combine Felt with Fransdonk in order to communicate commercial digital media (Fransdonk) in a 

As to claims 7 and 17, Felt in view of Fransdonk discloses the method/machine of claims 6 and 16 but does not disclose:
further comprising selecting, by the data processing system, a content item and sending the content item to a party associated with the received content item communication responsive to determining that the message payload includes the content item request.

Fransdonk further discloses:
further comprising selecting, by the data processing system, a content item and sending the content item to a party associated with the received content item communication  (“encrypts the unique user key with a public key of the content destination 22. At block 158, the content distributor 20 transmits the encrypted content, the encrypted product key, and the encrypted unique user key to the content consumer at a content destination 22.” Fransdonk ¶ 241) responsive to determining that the message payload includes the content item request. (“prompts the user for a PIN to confirm the order. The PIN is utilized to sign the order utilizing the secure device 46, and a resulting order confirmation (signed) is transmitted back to the conditional access agent 28” Fransdonk ¶ 229.  “verifies the collected data (in a physically secure environment). The collected data includes access criteria, a user signature, a user certificate” Fransdonk ¶ 230)

A person of ordinary skill in the art before the effective filing date of the claimed invention would have further combined Felt in view of Frandsdonk with Frandsdonk by sending the content in response to receiving the content order.  It would have been obvious to a person of ordinary skill in the art before the effective filing date of the claimed invention to combine Felt in view of Frandsdonk with Frandsdonk in order to communicate commercial digital media (Frandsdonk) in a system that allows validation of user requests (Felt’s messages) thereby avoiding fraudulent views and preventing users from misrepresenting their identity.

Claims 8, 9, 18, and 19 are is/are rejected under 35 U.S.C. 103 as being unpatentable over Felt et al., US 2002/0138735 (filed 2002-02), in view of Jones et al., US 2020/0264859  (filed 2017-09).
As to claims 8 and 18, Felt discloses the method/machine of claims 1 and 11 but does not disclose:
wherein processing the content item communication includes determining the message payload of the content item communication includes an application installation notification indicating that an application has been installed on a client device.

Jones discloses:
wherein processing the content item communication includes determining the message payload of the content item communication includes an application installation notification indicating that an application has been installed on a client device. (“At event 
A person of ordinary skill in the art before the effective filing date of the claimed invention would have combined Felt with Jones by providing an application install tracking message using a secured message buffer, as disclosed in Felt.  It would have been obvious to a person of ordinary skill in the art before the effective filing date of the claimed invention to combine Felt with Jones in order to provide convenient and robust way to track application downloads and installs (Jones ¶¶ 3-4); thereby allowing developers to securely (Felt ¶ 49) track installation of their software (Jones ¶¶ 3 and 21).

As to claims 9 and 19, Felt in view of Jones discloses the method/machine of claims 8 and 18 but does not disclose:
updating, by the data processing system, a credit value associated with the content item responsive to determining the message payload includes the application installation notification.

Jones further discloses:
updating, by the data processing system, a credit value (“software application developers code, build, develop and create software applications that can be downloaded by users via websites or online stores such as the Apple iTunes store, the Apple App Store, Google Play and others. Such stores or websites are able to monetize the installs of certain software applications occurring as a result of downloads by, for example, posting advertising.” Jones ¶ 21) associated with the content item responsive to determining the message payload includes the application installation notification. (“It enables web and app publishers to monetize installs occurring as a result of advertisements on their website or in their apps on a cost per install and/or cost per engagement basis.” Jones ¶ 28)
.

Conclusion
The prior art made of record and not relied upon is considered pertinent to applicant's disclosure. See PTO-892, particularly:
Challener et al., US 2005/0132182 discloses an attestation system that hashes a nonce and a public key. 
Bajaj, us 2003/0221105, discloses a set of user interfaces for applying and verifying signatures on documents that include timestamps.
Dye et al., US 2005/0114658, discloses a system for adding signatures, certificates, and timestamps to a file for storage in a network and using the signature to provide data possession on the network storage.
Walrant, US 2018/0167393, discloses a system that receives signed requests with timestamps and certificates. 


Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Saleh Najjar can be reached on (571) 272-4006.  The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system.  Status information for published applications may be obtained from either Private PAIR or Public PAIR.  Status information for unpublished applications is available through Private PAIR only.  For more information about the PAIR system, see https://ppair-my.uspto.gov/pair/PrivatePair. Should you have questions on access to the Private PAIR system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative or access to the automated information system, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.