DETAILED ACTION

Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .

EXAMINER'S AMENDMENT
An examiner’s amendment to the record appears below. Should the changes and/or additions be unacceptable to applicant, an amendment may be filed as provided by 37 CFR 1.312. To ensure consideration of such an amendment, it MUST be submitted no later than the payment of the issue fee.

Authorization for this examiner’s amendment was given in an interview with Mike Monaco on 5/14/21.

The application has been amended as follows: 


Claim 1 (Currently Amended):  A client device configured to access a resource based on an authorization access protocol, the client device configured to operate in a communication network and comprising one or more processors configured to:
obtain a grant for access to the resource;
based on the obtained grant, obtain an access credential from an authorization server;

when generating the resource request message to access the resource,
based on an identity of the resource server, perform an identity-based encryption on a combination of the access credential and a random session key generated by the client device; and
include the encrypted combination of the access credential and the random session key in the request message; 
transmit the resource request message to the resource server;
in reply to the resource request message, receive and process a response message of the resource server; and
when processing the response message of the resource server,
decrypt a content of the response message by using the random session key to obtain the resource,
wherein the access credential is a first access credential comprising an identifier of a first resource server that a resource owner device authorizes the client device to access, an identifier of a resource of the first resource server that the client device is authorized to access, and an authorization valid period.

Claim 2 (Previously Presented):  The client device according to claim 1, wherein the one or more processors are further configured to:
determine information for enabling the resource server to verify integrity for the combination of the access credential and the random session key; and


Claim 3 (Cancelled)

Claim 4 (Currently Amended):  The client device according to claim 1, wherein the one or more processors are further configured to:
perform identity-based encryption, based on the identity of the first server, on a combination of the first access credential and a first random session key to generate a first request message; and 
perform identity-based encryption based on identities of a plurality of the first servers to generate the first request message for the plurality of the first servers simultaneously.

Claim 5 (Cancelled).  

Claim 6 (Previously Presented):  The client device according to claim 4, 
wherein the one or more processors are further configured to decrypt a content of a response message from the first server by using the first random session key to acquire a second access credential,
wherein the second access credential comprises an identifier of a second server which the client is allowed to access, a resource which the client is allowed to access, and an allowance valid period, and 
wherein the one or more processors are further configured to perform identity-based encryption, based on the identity of the second server, on a combination of the second access credential and a second random session key , to generate a second request message for the second server.

Claim 7 (Cancelled).  

Claim 8 (Previously Presented):  The client device according to claim 6, wherein the one or more processors are further configured to decrypt a content of a response message from the second server by using the second random session key to acquire the resource to be accessed.

Claim 9 (Previously Presented):  The client device according to claim 6, wherein the first server is a different server from the second server.

Claim 10 (Previously Presented):  The client device according to claim 6, wherein the first server is the same server as the second server.

Claim 11 (Previously Presented):  The client device according to claim 6, wherein the identities of the first server and the second server comprise public identity parameters generated by a key generation center for the first server and the second server.

Claims 12-26 (Cancelled).

Claim 27 (Previously Presented).  The client device according to claim 1, 
wherein the obtaining the access credential comprises:
based on an identity of the authorization server, performing an identity-based encryption on a combination of the grant and another random session key generated by the client device, the another random session key being different from the random session key;
transmitting the encrypted combination of the grant and the another random session key to the authorization server;
receiving an identity-based encrypted combination of the access credential and the another random session key from the authorization server; and
perform an identity-based decryption of the combination of the access credential and the another random session key to obtain the access credential.

Claim 28 (Previously Presented).  The client device according to claim 27,
wherein the obtaining the grant comprises:
based on an identity of the resource owner device, performing an identity-based encryption on a combination of a grant request and the another random session key generated by the client device;
transmitting the encrypted combination of the grant request and the another random session key to the resource owner device;
receiving an identity-based encrypted combination of the grant and the another random session key from the resource owner device; and
perform an identity-based decryption of the combination of the grant and the another random session key to obtain the grant.

Claim 29 (Previously Presented):  A method by a client device configured to access a resource based on an authorization access protocol, the client device configured to operate in a communication network and comprising one or more processors, the method comprising:
obtaining a grant for access to the resource;
based on the obtained grant, obtaining an access credential from an authorization server;
generating a resource request message to access the resource from a resource server that stores the resource;
wherein the generating the resource request message to access the resource includes:
based on an identity of the resource server, performing an identity-based encryption on a combination of the access credential and a random session key generated by the client device; and
including the encrypted combination of the access credential and the random session key in the request message; 
transmitting the resource request message to the resource server; and
in reply to the resource request message, receiving and processing a response message of the resource server,
wherein the processing the response message of the resource server includes decrypting a content of the response message by using the random session key to obtain the resource,
wherein the access credential is a first access credential comprising an identifier of a first resource server that a resource owner device of the resource authorizes the client device to access, an identifier of a resource of the first resource server that the client device is authorized to access, and an authorization valid period.

Claim 30 (Previously Presented):  The method according to claim 29, further comprising:
determining information for enabling the resource server to verify integrity for the combination of the access credential and the random session key; and
including the computed information in the request message.

Claim 31 (Cancelled):  

Claim 32 (Previously Presented):  The method according to claim 29, further comprising:
performing identity-based encryption, based on the identity of the first server, on a combination of the first access credential and a first random session key to generate a first request message; and 
performing identity-based encryption based on identities of a plurality of the first servers to generate the first request message for the plurality of the first servers simultaneously.

Claim 33 (Previously Presented):  The method according to claim 32, further comprising:
decrypting a content of a response message from the first server by using the first random session key to acquire a second access credential,
wherein the second access credential comprises an identifier of a second server which the client is allowed to access, a resource which the client is allowed to access, and an allowance valid period; and 
performing identity-based encryption, based on the identity of the second server, on a combination of the second access credential and a second random session key , to generate a second request message for the second server.

Claim 34 (Previously Presented):  The method according to claim 33, further comprising: 
decrypting a content of a response message from the second server by using the second random session key to acquire the resource to be accessed.

Claim 35 (Previously Presented):  The method according to claim 33, wherein the first server is a different server from the second server.

Claim 36 (Previously Presented):  The method according to claim 33, wherein the first server is the same server as the second server.

Claim 37 (Previously Presented):  The method according to claim 33, wherein the identities of the first server and the second server comprise public identity parameters generated by a key generation center for the first server and the second server.

Claim 38 (Previously Presented).  The method according to claim 29, 
wherein the obtaining the access credential comprises:
based on an identity of the authorization server, performing an identity-based encryption on a combination of the grant and another random session key generated by the client device, the another random session key being different from the random session key;
transmitting the encrypted combination of the grant and the another random session key to the authorization server;
receiving an identity-based encrypted combination of the access credential and the another random session key from the authorization server; and
perform an identity-based decryption of the combination of the access credential and the another random session key to obtain the access credential.

Claim 39 (Previously Presented).  The method according to claim 38,
wherein the obtaining the grant comprises:
based on an identity of the resource owner device, performing an identity-based encryption on a combination of a grant request and the another random session key generated by the client device;
transmitting the encrypted combination of the grant request and the another random session key to the resource owner device;
receiving an identity-based encrypted combination of the grant and the another random session key from the resource owner device; and
perform an identity-based decryption of the combination of the grant and the another random session key to obtain the grant.

Claim 40  (Currently Amended):  A non-transitory computer-readable medium containing instructions for a method to be performed by a client device configured to access a resource based on an authorization access protocol, the client device configured to operate in a communication network and comprising one or more processors, the method comprising:
obtaining a grant for access to the resource;
based on the obtained grant, obtaining an access credential from an authorization server;
generating a resource request message to access the resource from a resource server that stores the resource;
wherein the generating the resource request message to access the resource includes:
based on an identity of the resource server, performing an identity-based encryption on a combination of the access credential and a random session key generated by the client device; and
including the encrypted combination of the access credential and the random session key in the request message; 
transmitting the resource request message to the resource server; and
in reply to the resource request message, receiving and processing a response message of the resource server,
wherein the processing the response message of the resource server includes decrypting a content of the response message by using the random session key to obtain the resource,
wherein the access credential is a first access credential comprising an identifier of a first resource server that a resource owner device of the resource authorizes the client device to access, an identifier of a resource of the first resource server that the client device is authorized to access, and an authorization valid period.

Reasons for Allowance
The following is an examiner’s statement of reasons for allowance: The prior art of record fails to teach or suggest: obtain a grant for access to the resource; based on the obtained grant, obtain an access credential from an authorization server; generate a resource request message to access the resource from a resource server that stores the resource; when generating the resource request message to access the resource, based on an identity of the resource server, perform an identity-based encryption on a combination of the access credential and a random session key generated by the client device, wherein the access credential is a first access credential comprising an identifier of a first resource server that a resource owner device authorizes the client device to access, an identifier of a resource of the first resource server that the client device is authorized to access, and an authorization valid period.
 
Any comments considered necessary by applicant must be submitted no later than the payment of the issue fee and, to avoid processing delays, should preferably accompany the issue fee.  Such submissions should be clearly labeled “Comments on Statement of Reasons for Allowance.”

Conclusion
Any inquiry concerning this communication or earlier communications from the examiner should be directed to WILLIAM A CORUM JR whose telephone number is (303)297-4234.  The examiner can normally be reached on Mon. - Fri. 8 AM - 5 PM EST.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Jeffrey Pwu can be reached on (571)272-6798.  The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system.  Status information for published applications may be obtained from either Private PAIR or Public PAIR.  Status information for unpublished applications is available through Private PAIR only.  For more information about the PAIR system, see https://ppair-my.uspto.gov/pair/PrivatePair. Should you have questions on access to the Private PAIR system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative or access to the automated information system, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.

/WILLIAM A CORUM JR/Examiner, Art Unit 2433           

/JEFFREY C PWU/Supervisory Patent Examiner, Art Unit 2433