DETAILED ACTION
Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .

Response to Amendment
This action is responsive to the amendment filed on 07/26/2021. Claim 1, 15 and 16 are independent. Claims 9-11 are cancelled. Claims 1-8 are amended. Claims 12-18 are added. Therefore, claims 1-8 and 12-18 are pending and being considered. Claims 1-8 and 12-18 are rejected.

Response to Arguments/Remarks
Applicant’s arguments/remarks, filed on 07/26/2021, have been fully considered and are rendered moot in view of new grounds of rejection outlined below, which were necessitated by the applicant’s amendment. The argument(s) do not apply to the current art(s) being used. Further,
amendment to the specification (new Title) has been reviewed and accepted. Therefore, objection to the Title has been waived/withdrawn.
claim amendments, filed on 07/26/2021, has overcome the claim interpretation 112(f) and current rejection(s) under 35 USC § 112 (b). Therefore, the claim interpretation 112(f) and current rejection(s) under 35 USC § 112 (b) has been waived/withdrawn for claims 1-8.
claim 10 has been cancelled. Therefore, the rejection under 35 USC § 101 has been waived/withdrawn.

Claim Rejections - 35 USC § 112
The following is a quotation of 35 U.S.C. 112(b):
(b)  CONCLUSION.—The specification shall conclude with one or more claims particularly pointing out and distinctly claiming the subject matter which the inventor or a joint inventor regards as the invention.

The following is a quotation of 35 U.S.C. 112 (pre-AIA ), second paragraph:
The specification shall conclude with one or more claims particularly pointing out and distinctly claiming the subject matter which the applicant regards as his invention.

Claims 13-14 are rejected under 35 U.S.C. 112(b) or 35 U.S.C. 112 (pre-AIA ), second paragraph, as being indefinite for failing to particularly point out and distinctly claim the subject matter which the inventor or a joint inventor, or for pre-AIA  the applicant regards as the invention.
Regarding claim 13, the claim recites limitation " determine, if a hash value obtained by performing hash operation on an access token included in the received access token data is different from a hash value included in the received access token data” in lines 3-4 of the claim. The limitation is indefinite because it is unclear whether the recited term(s) “a hash value”, and “an access token” in the claim 13 refers (i.e., same as or different from) the terms “a hash value”, and “an access token” as recited in lines 6-7 of independent claim 1. Therefore, the claim 13 is indefinite and is rejected under 35 U.S.C. 112(b) or pre-AIA  35 U.S.C. 112, second paragraph. 
Regarding claim 14, the claim recites limitation "determine whether the response is equal to a challenge for a hash value obtained by performing hash operation on an access token included in the received access token data” in lines 8-9 of the claim. The 

Claim Rejections - 35 U.S.C. 103
In the event the determination of the status of the application as subject to AIA  35 U.S.C. 102 and 103 (or as subject to pre-AIA  35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status.  
The factual inquiries set forth in Graham v. John Deere Co., 383 U.S. 1, 148 USPQ 459 (1966), that are applied for establishing a background for determining obviousness under 35 U.S.C. 103 are summarized as follows:
1. Determining the scope and contents of the prior art.
2. Ascertaining the differences between the prior art and the claims at issue.
3. Resolving the level of ordinary skill in the pertinent art.
4. Considering objective evidence present in the application indicating obviousness or non-obviousness.

The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.

s 1, 7-8 and 12 are rejected under 35 U.S.C. 103 as being unpatentable over Poon et al. (US 2018/0063105 A1), hereinafter (Poon), in view of Sarangarajan; A. et al. (US 2006/0285682 A1), hereinafter (Saran).

Regarding claim 1, Poon teaches an access token system comprising (Poon, Para. [0007], discloses a system for generating keys, such as generating a token based on recipient specific information): 
a generator that comprises, a first memory configured to store first instructions, and a first processor configured to execute the first instructions to (Poon, Para. [0087], discloses that the system may include the sender, the recipient, and a server, and as disclosed in Para. [0094-0095], wherein the sender, recipient and server (or overall system) may include multiple memory unit(s) and processing unit(s) to execute instructions stored on memory unit(s), and as disclosed in Para. [0096], wherein the processing unit(s) may include, among other elements, subunits such as a key generation unit (such as disclosed in Fig. 4, a key generator 420)): 
generate, Poon, Para. [0031], discloses that a token may be generated based on recipient-specific information and/or tag-specific information, and as disclosed in Para. [0007], wherein the recipient-specific information comprises identification information associated with the receiving computing device, or a user associated with the receiving computing device, and/or see also Para. [0073], discloses that in some embodiments, using the computing device (apparatus), the sender 310 may generate an access token ), and provide the recipient-designated access token to a user (Poon, Para. [0075], discloses a sender 310 to send the access token to the recipient 350. For example, as disclosed in Fig. 1C and Para. [0051], a recipient R.sub.1 152 may be assigned a recipient specific token RK.sub.11 162 when the data owner shares the subgroup of data associated with the tag w.sub.1 122. Wherein, the recipient R.sub.1 152 is different from a recipient R.sub.2 154, or see also Para. [0144], discloses a sending an access token process 1130. The sending an access token process 1130 may include the data owner generating an access token for a recipient); and a verifier that comprises, a second memory configured to store second instructions, and a second processor configured to execute the second instructions to (Poon, Para. [0094-0095], wherein the sender, recipient and server (or overall system) may include multiple memory unit(s), and processing unit(s) to execute instructions stored on the memory unit(s) to) verify that the user who makes access using the recipient-designated access token is the designated recipient (Poon, Fig. 1C and Para. [0051], discloses that for the recipient and tag specific token RK.sub.pi 160 and the recipient R.sub.p 150, p is an integer that identifies recipients, such that each recipient has a different number for p, and i is an integer that identifies the tag. For example, a recipient R.sub.1 152 is different from a recipient R.sub.2 154, and the recipient R.sub.1 152 may be assigned a recipient specific token RK.sub.11 162 when the data owner shares the subgroup of data associated with the tag w.sub.1 ).  
However Poon fails to explicitly disclose but Saran teaches to generate, by embedding an inverse element of a processed value obtained by processing a secret information of a recipient into a hash value generated from an access token, a recipient-designated access token in which the recipient is designated (Saran, Para. [0093], discloses that at, step F: computing a number `z3` (i.e., a recipient-designated access token) by performing multiplication operation on the hash transformed data (such as by applying a hash function for examining the input data and producing an output of a fixed length, called a hash value, see Para. [0011]) and the number `z1` (i.e., inverse element) obtained from step D, as disclosed in Para. [0091], wherein at, step D: computing a number `z1` by performing inverse operation on the obtained random number ‘K’), and
Thus it would have been obvious to one ordinary skilled in the art before the effective filling date of the claimed invention to implement the teachings of ‘Saran’ into the teachings of ‘Poon’, with a motivation to generate, by embedding an inverse element of a processed value obtained by processing a secret information of a recipient into a hash value generated from an access token, a recipient-designated access token in which the recipient is designated, as taught by Saran, in order to prevent leakage and 

Regarding claim 7, Poon as modified by Saran teaches the access token system according to claim 1, wherein Poon further teaches the first processor is further configured to execute the first instructions to designate a lifetime for the recipient-designated access token, and the second processor is further configured to execute the second instructions to determine whether a lifetime of the recipient-designated access token for which the lifetime is designated falls within the lifetime (Poon, Para. [0094-0095], discloses that the sender, recipient and server (or overall system) may include multiple memory unit(s), and processing unit(s) to execute instructions stored on the memory unit(s), and as disclosed in Para. [0056], that the key server may store the recipient and/or tag specific token RK.sub.pi 160 for a limited period of time. After the recipient and/or tag specific token RK.sub.pi 160 is removed from the key server, or otherwise disabled by the data owner, the recipient R.sub.p 150 may no longer decrypt the encrypted data even if the recipient R.sub.p 150 was able to decrypt the encrypted data before the recipient and/or tag specific token RK.sub.pi 160 was removed or otherwise disabled by the data owner).  

Regarding claim 8, Poon as modified by Saran teaches the access token system according to claim 1, wherein Poon further teaches the first processor is further configured to execute the first instructions to generate a digital signature for the recipient- designated access token, and adds the digital signature, and 5 the second processor is further configured to execute the second instructions to determine whether the digital signal for the recipient- designated access token is valid (Poon, Para. [0094-0095], discloses that the sender, recipient and server (or overall system) may include multiple memory unit(s), and processing unit(s) to execute instructions stored on the memory unit(s) to perform, and as disclosed in Para. [0075], a two-way authentication process which may involve a digital signature. The authentication process 380 (as shown in Fig. 3) may be employed to verify the request of the recipient 350 to receive the message and the request of the sender 310 to send the access token to the recipient 350. The authentication process 380 may verify the request of the recipient 350 by checking that the recipient's signature is correct using the recipient's public key […]. The authentication process 380 may verify the request of the sender 310 by verifying the sender's signature is correct using the sender's public key […]. In some embodiments, the authentication process 380 may allow the sender 310 and the recipient 350 to verify the response of the key server 370 by verifying the key server's signature is correct using the key server's public key).  

9-11. (Canceled)  

Regarding claim 12, Poon as modified by Saran teaches the access token system according to claim 1, wherein Poon further teaches the second processor is further configured to execute the second instructions to (Poon, Para. [0094-0095], discloses that the sender, recipient and server (or overall system) may include multiple memory unit(s), and processing unit(s) to execute instructions stored on the memory unit(s) to perform): determine whether an access token data received from the user corresponds to the recipient-designated access token (Poon, Para. ), 
verify whether the user is the designated recipient using the recipient-designated access token, if the received access token data corresponds to the recipient-designated access token (Poon, Para. [0147], discloses an example of a recipient R.sub.1 152 that is different from a recipient R.sub.2 154, and the recipient R.sub.1 152 may be assigned a recipient specific token RK.sub.11 162 when the data owner shares the subgroup of data associated with the tag w.sub.1 122. Similarly, the recipient R.sub.2 154 may be assigned a recipient specific token RK.sub.22 164 when the data owner shares the subgroup of data associated with the tag w.sub.2 124. Wherein the tag w.sub.1 122 is different from the tag w.sub.2 124 (see Para. [0048]), and/or as disclosed in Para. [0147], when each tag attached to each symmetric key in the re-encrypted set of symmetric keys is equal the tag associated with the access token, the access token may be operable), and 
reject the received access token data, if the received access token data does not correspond to the recipient-designated access token (Poon, Para. [0147], discloses when any of tags attached to the symmetric keys in the re-encrypted set of symmetric keys are not equal to the tag associated with the access token, the access token may not be operable (In other words, the tag is rejected)).  

Claims 2-3, 6 and 13-14 are rejected under 35 U.S.C. 103 as being unpatentable over Poon in view of Saran, as applied above, and further in view of Bowness; Piers (US 8,412,928 B1), hereinafter (Bowness).

Regarding claim 2, Poon as modified by Saran teaches the access token system according to claim 1, wherein Poon further teaches the second processor is further configured to execute the second instructions to (Poon, Para. [0094-0095], wherein the sender, recipient and server (or overall system) may include multiple memory unit(s) and processing unit(s) to execute instructions stored on memory unit(s) to): 
However Poon as modified by Saran fails to explicitly disclose but Bowness teaches generate a challenge in accordance with the access by the user, and transmit the challenge, and 3determine a response generated and transmitted with respect to the challenge to verify that the user who makes access using the recipient-designated access token is the designated recipient (Bowness, Col. 8 (Lines 27-32), discloses that once the candidate OTPs have been generated, they are hashed according to the same hash function used by the client 16 to generate the hashed OTP value appearing in the authentication request 44 (i.e., challenge), and then a response message 52 is returned to the authentication server 20 which includes these hashed candidate OTP values, and as disclosed in Col. 8 (Lines 46-58), at 54 the authentication server receives the OTP response message 52 and retrieves the hashed candidate OTP values from it. It then performs a comparison between the hashed OTP value from the authentication request message 44 and one or more of the hashed ).  
Thus it would have been obvious to one ordinary skilled in the art before the effective filling date of the claimed invention to implement the teachings of ‘Bowness’ into the teachings of ‘Poon’ as modified by ‘Saran’, with a motivation to determine a response generated and transmitted with respect to the challenge to verify that the user who makes access using the recipient-designated access token is the designated recipient, as taught by Bowness, in order to provide access to a service or resource (for example, to a file system or database hosted by a service server 18); Bowness, Col. 4 (Lines 48-54).

Regarding claim 3, Poon as modified by Saran in view of Bowness teaches the access token system according to claim 2, wherein Poon further teaches further comprising a response generator that comprises, a third memory configured to store third instructions, and a third processor configured to execute the third instructions to Poon, Para. [0094-0095], wherein the sender, recipient and server (or overall system) may include multiple memory unit(s) and processing unit(s) to execute instructions stored on memory unit(s) to).  
generate the response to the transmitted challenge and transmit the response (Bowness, Col. 8 (Lines 27-32), discloses that once the candidate OTPs have been generated, they are hashed according to the same hash function used by the client 16 to generate the hashed OTP value appearing in the authentication request 44, and then a response message 52 is returned to the authentication server 20 which includes these hashed candidate OTP values, and/or see also Col. 8 (Lines 58-63), discloses that the authentication function 28 of the authentication server 20 then takes appropriate action accordingly. For example, if the user 24 is deemed authenticated, then a response message 56 may be generated and sent to the client 16 which reflects the authentication, and at 58 the client 16 proceeds accordingly).
Thus it would have been obvious to one ordinary skilled in the art before the effective filling date of the claimed invention to implement the teachings of ‘Bowness’ into the teachings of ‘Poon’ as modified by ‘Saran’, with a motivation to generate the response to the transmitted challenge and transmit the response, as taught by Bowness, in order to provide access to a service or resource (for example, to a file system or database hosted by a service server 18) based on client authentication (if it is granted) ; Bowness, Col. 4 (Lines 48-54).

Regarding claim 6, Poon as modified by Saran teaches the access token system according to claim 1, wherein Poon further teaches the first processor is further configured to execute the first instructions to (Poon, Para. [0094-0095], discloses that the sender, recipient and server (or overall system) may include multiple ) 
However Poon as modified by Saran fails to explicitly disclose Bowness teaches generate the recipient-designated access token using a round robin difficulty value obtained by processing the secret information of the recipient into a value that is difficult to perform round robin (Bowness, Col. 7 (Lines 54-64), discloses that at 50 the OTP server 14 uses the User ID to select one or more user-specific secret values and performs the combination function using the secret values (i.e., round robin difficulty value) and time-based dynamic values. For any given secret value and dynamic value, the process is the same as that performed by the token 26 as described above. In 50, however, the OTP server 14 is generating one or more candidate OTPs that may match the OTP from the user 24, not just one value that is expected to match the OTP from the user 24. Thus, the combination function is actually performed multiple times, one for each candidate OTP that is being generated).  
Thus it would have been obvious to one ordinary skilled in the art before the effective filling date of the claimed invention to implement the teachings of ‘Bowness’ into the teachings of ‘Poon’ as modified by ‘Saran’, with a motivation to generate a recipient designated access token, as taught by Bowness, in order to provide access to a service or resource (for example, to a file system or database hosted by a service server 18); Bowness, Col. 4 (Lines 48-54).

Regarding claim 13, Poon as modified by Saran teaches the access token system according to claim 12, wherein Poon further teaches the second processor is configured to execute the second instructions to (Poon, Para. [0094-0095], ): 
determinePoon, Para. [0147], when each tag attached to each symmetric key in the re-encrypted set of symmetric keys is equal the tag associated with the access token, the access token may be operable), and6Appln. No.: 16/468,336 
determinePoon, Para. [0147], discloses when any of tags attached to the symmetric keys in the re-encrypted set of symmetric keys are not equal to the tag associated with the access token, the access token may not be operable).  
However Poon as modified by Saran fails to teach but Bowness teaches determine, if a hash value obtained by performing hash operation on an access token included in the received access token data is different from a hash value included in the received access token data, that the received access token data corresponds to the recipient- designated access token (Bowness, Col. 9 (Lines 3-9), discloses that the processing based on the comparing of hashed OTP values in 54 may have a less binary nature. For example, if one matching hashed candidate OTP value is found but it corresponds to an outer extreme of the time window (i.e., different) rather ), and
determine, if the obtained hash value is equal to the included hash value, that the received access token data does not correspond to the recipient-designated access token (Bowness, Bowness, Col. 9 (Lines 36-46), discloses the possibility that once the authentication process performed at the authentication server 20 at 54 is complete, the authentication server 20 may generate and send to the OTP server 14 an informational message 60 for use by the OTP server 14 in an updating step 62. The informational message 60 may identify which of the hashed candidate OTP values of the response message 52 was matched, if any, and if none matched then this information may be conveyed as well. This information may be useful to the OTP server 14 for a variety of purposes which may include taking some user-specific action(s)).
Thus it would have been obvious to one ordinary skilled in the art before the effective filling date of the claimed invention to implement the teachings of ‘Bowness’ into the teachings of ‘Poon’ as modified by ‘Saran’, with a motivation to determine whether the received access token data does or does not correspond to the recipient-designated access token, in order to provide access to a service or resource (for example, to a file system or database hosted by a service server 18) based on client authentication (whether it is granted/not); Bowness, Col. 4 (Lines 48-54).

Regarding claim 14, Poon as modified by Saran in view of Bowness teaches the access token system according to claim 3, wherein Poon as modified by Saran in view of Bowness further teaches the second processor is configured to execute the second instructions to (Poon, Para. [0094-0095], discloses that the sender, recipient ) generate the challenge based on the hash value in which the inverse element is embedded (Bowness, Col. 8 (Lines 27-30), discloses that the candidate OTPs have been generated, they are hashed according to the same hash function used by the client 16 to generate the hashed OTP value appearing in the authentication request 44 (i.e., challenge), and as disclosed in Saran, Para. [0093], discloses that at, step F: computing a number `z3` (i.e., a recipient-designated access token) by performing multiplication operation on the hash transformed data and the number `z1` (i.e., inverse element) obtained from step D, as disclosed in Para. [0091], wherein at, step D: computing a number `z1` by performing inverse operation on the obtained random number ‘K’), 
the third processor is configured to execute the third instructions to (Poon, Para. [0094-0095], discloses that the sender, recipient and server (or overall system) may include multiple memory unit(s), and processing unit(s) to execute instructions stored on the memory unit(s) to) generate the response including the hash value in which the inverse element is not embedded by using an element of the processed value (Bowness, Col. 8 (Lines 29-32), discloses that in response to the generated authentication request 44 (challenge), a response message 52 is returned to the authentication server 20 which includes these hashed candidate OTP values), and 
the second processor is configured to execute the second instructions to (Poon, Para. [0094-0095], discloses that the sender, recipient and server (or overall system) may include multiple memory unit(s), and processing unit(s) to execute instructions stored on the memory unit(s) to): determine whether the response is equal to a challenge for a hash value obtained by performing hash operation on an access token included in the received access token data (Bowness, Col. 8 (Lines 46-58), discloses that at 54 the authentication server receives the OTP response message 52 and retrieves the hashed candidate OTP values from it. It then performs a comparison between the hashed OTP value from the authentication request message 44 and one or more of the hashed candidate OTP values from the response message 52. In general, a comparison may need to be done against every hashed candidate OTP value, but it may be advantageous to stop comparing once a match has been found. Further processing will generally depend on the result of the comparing. The result may be treated in a binary fashion, i.e., the user 24 is deemed authenticated if and only if at least one hashed candidate OTP value matches the hashed OTP value from the request 44), and 
verify, if the response is equal to the challenge for the obtained hash value, that the user is the designated recipient (Bowness, Col. 8 (Lines 58-63), discloses that the authentication function 28 of the authentication server 20 then takes appropriate action accordingly. For example, if the user 24 is deemed authenticated, then a response message 56 may be generated and sent to the client 16 which reflects the authentication, and at 58 the client 16 proceeds accordingly).  
Thus it would have been obvious to one ordinary skilled in the art before the effective filling date of the claimed invention to implement the teachings of ‘Bowness’ into the teachings of ‘Poon’ as modified by ‘Saran’, with a motivation to verify, if the response is equal to the challenge for the obtained hash value, that the user is the designated recipient, as taugh by Bowness, in order to provide access to a service or .

Claims 4-5 are rejected under 35 U.S.C. 103 as being unpatentable over Poon in view of Saran, as applied above, and further in view of Resch; Jason K. et al. (US 2014/0244788 A1), hereinafter (Resch).

Regarding claim 4, Poon as modified by Saran teaches the access token system according to claim 1, wherein Poon further teaches the first processor is further configured to execute the first instructions to Poon, Para. [0094-0095], wherein the sender, recipient and server (or overall system) may include multiple memory unit(s) and processing unit(s) to execute instructions stored on memory unit(s) to).  
However Poon as modified by Saran fails to teach but Resch teaches to mask the hash value in which the inverse element is embedded (Resch, Para. [0371], discloses to mask (e.g., applying an exclusive OR function) the corresponding random key using the corresponding digest to produce a corresponding masked key), and unmask the masked hash value (Resch, Para. [0376], discloses to de-masking the masked key using the corresponding digest to produce a corresponding key).
Thus it would have been obvious to one ordinary skilled in the art before the effective filling date of the claimed invention to implement the teachings of ‘Resch’ into 

Regarding claim 5, Poon as modified by Saran in view of Resch teaches the access token system according to claim 4, wherein Poon further teaches the first processor is configured to execute the first instructions to (Poon, Para. [0094-0095], wherein the sender, recipient and server (or overall system) may include multiple memory unit(s) and processing unit(s) to execute instructions stored on memory unit(s) to) 
However Poon as modified by Saran fails to teach but Resch teaches to mask the hash value by performing an XOR (Exclusive OR) operation using an inverse element portion in4 which the inverse element of the processed value is embedded, and a random number whose bit length is equal to a bit length of the inverse element portion (Resch, Para. [0380], discloses that the masking function 680 masks the key 686 using the digest 692 to produce a masked key 696. The masking function 680 may include a modular addition function. For example, when utilizing the modular addition function, the masking function 680 performs an exclusive OR function on the key 686 and the digest 692 to produce the masked key 696).  
Thus it would have been obvious to one ordinary skilled in the art before the effective filling date of the claimed invention to implement the teachings of ‘Resch’ into the teachings of ‘Poon’ as modified by ‘Saran’, with a motivation to mask the hash value .

Claims 15-18 are rejected under 35 U.S.C. 103 as being unpatentable over Poon et al. (US 2018/0063105 A1), hereinafter (Poon), in view of Takashima; Katsuyuki (US 2010/0275028 A1), hereinafter (Takashima).

Regarding claim 15, Poon teaches an information processing apparatus comprising (Poon, Para. [0033], discloses that a sender, a data owner, and a recipient may be a person, a computing device, or a mixture of both a person and a computing device. Any computing device, system, apparatus, etc., may include, but not be limited to, a smart phone, a laptop computer, a desktop computer […] and/or the like): a memory configured to store instructions; and a processor configured to execute the instructions to (Poon, Para. [0094-0095], wherein the sender, recipient and server (or overall system) may include multiple memory unit(s) and processing unit(s) to execute instructions stored on memory unit(s) to): 
generate, Poon, Para. [0031], discloses that a token may be generated based on recipient-specific information and/or tag-specific information, and as disclosed in Para. [0007], wherein the recipient-specific information comprises identification information associated with the receiving computing device, or a user associated with the receiving computing device, and/or see also Para. [0006], wherein the token is generated based on a secret key, the secret key known only to the ), and provide the recipient-designated access token to a user (Poon, Para. [0075], discloses a sender 310 to send the access token to the recipient 350. For example, as disclosed in Fig. 1C and Para. [0051], a recipient R.sub.1 152 may be assigned a recipient specific token RK.sub.11 162 when the data owner shares the subgroup of data associated with the tag w.sub.1 122. Wherein, the recipient R.sub.1 152 is different from a recipient R.sub.2 154, or see also Para. [0144], discloses a sending an access token process 1130. The sending an access token process 1130 may include the data owner generating an access token for a recipient).  
However Poon fails to explicitly disclose but Takashima teaches to generate, by embedding an inverse element of a processed value obtained by processing a secret information of a recipient, a recipient-designated access token in which the recipient is designated (Takashima, Fig. 12 and associated Para. [0387-0392], discloses that the secret key calculation unit 354A calculates a secret key D.sub.ID based on inputs such as data representing the additive group G.sub.2 and element g.sub.2 among encryption parameters stored by the encryption parameter storage unit 390A, and the data representing the integer 1/[s+H.sub.1(ID)] and calculated by the inverse number calculation unit 353A), and
Thus it would have been obvious to one ordinary skilled in the art before the effective filling date of the claimed invention to implement the teachings of ‘Takashima’ into the teachings of ‘Poon’, with a motivation to generate, by embedding an inverse element of a processed value obtained by processing a secret information of a recipient, a recipient-designated access token in which the recipient is designated, as taught by 

Regarding claim 16, Poon teaches an information processing apparatus comprising (Poon, Para. [0033], discloses that a sender, a data owner, and a recipient may be a person, a computing device, or a mixture of both a person and a computing device. Any computing device, system, apparatus, etc., may include, but not be limited to, a smart phone, a laptop computer, a desktop computer […] and/or the like): a memory configured to store instructions; and a processor configured to execute the instructions to (Poon, Para. [0094-0095], wherein the sender, recipient and server (or overall system) may include multiple memory unit(s) and processing unit(s) to execute instructions stored on memory unit(s) to): 
receive a recipient-designated access token, which is generated Poon, Para. [0110], discloses that authentication credentials (such as recipient-designated access token) of a user may be required prior to providing the user access to data stored within the secure enclave 926, and/or see also Para. [0135], discloses that during the deciphering enciphered data process 1040, the recipient may decipher the data using at least one of the access token and the recipient's private key and as disclosed in Poon, Para. [0031], wherein the token may be generated based on recipient-specific information and/or tag-specific information, and as disclosed in Para. [0007], wherein the recipient-specific information comprises identification information associated with the receiving computing device, or a user associated with the receiving computing device, and/or see also Para. [0006], ), and 
verify that the user who makes access using the recipient-designated access token is the designated recipient (Poon, Fig. 1C and Para. [0051], discloses that for the recipient and tag specific token RK.sub.pi 160 and the recipient R.sub.p 150, p is an integer that identifies recipients, such that each recipient has a different number for p, and i is an integer that identifies the tag. For example, a recipient R.sub.1 152 is different from a recipient R.sub.2 154, and the recipient R.sub.1 152 may be assigned a recipient specific token RK.sub.11 162 when the data owner shares the subgroup of data associated with the tag w.sub.1 122. Similarly, the recipient R.sub.2 154 may be assigned a recipient specific token RK.sub.22 164 when the data owner shares the subgroup of data associated with the tag w.sub.2 124, and as further disclosed in Para. [0032], wherein an identity of a user (recipient) may be unique in the system such that no two users in the system have same identities).  
However Poon fails to explicitly disclose but Takashima teaches to receive a recipient-designated access token, which is generated by embedding an inverse element of a processed value obtained by processing a secret information of a recipient, from an user (Takashima, Fig. 12 and associated Para. [0387-0392], discloses that the secret key calculation unit 354A calculates a secret key D.sub.ID based on inputs such as data representing the additive group G.sub.2 and element g.sub.2 among encryption parameters stored by the encryption parameter storage unit ), and
Thus it would have been obvious to one ordinary skilled in the art before the effective filling date of the claimed invention to implement the teachings of ‘Takashima’ into the teachings of ‘Poon’, with a motivation to provide a recipient-designated access token which is generated by embedding an inverse element of a processed value obtained by processing a secret information of a recipient, as taught by Takashima, that verifies the consistency of a cipher-text or the like in a cryptographic system; Takashima, Para. [0001].

Regarding claim 17, Poon as modified by Takashima teaches the information processing apparatus according to claim 16, wherein Poon further teaches the processor is further configured to execute the second instructions to (Poon, Para. [0094-0095], wherein the sender, recipient and server (or overall system) may include multiple memory unit(s) and processing unit(s) to execute instructions stored on memory unit(s) to): Poon, Fig. 1C and Para. [0051], discloses that for the recipient and tag specific token RK.sub.pi 160 and the recipient R.sub.p 150, p is an integer that identifies recipients, such that each recipient has a different number for p, and i is an integer that identifies the tag. For example, a recipient R.sub.1 152 is different from a recipient R.sub.2 154, and the recipient R.sub.1 152 may be assigned a recipient specific token RK.sub.11 162 when the data owner shares the subgroup of data associated with the tag w.sub.1 122. Similarly, the recipient ).
However Poon fails to explicitly disclose but Takashima further teaches generate a challenge in accordance with the access by the user (Takashima, Para. [0116], discloses that the challenge generating unit randomly generates an integer c not less than 1 and not more than p-1), and transmit the challenge (Takashima, Para. [0117], discloses to transmit the integer c generated by the challenge generating unit to the proving apparatus as the question message), and 
determine a response generated and transmitted with respect to the challenge to verify that the user who makes access using the recipient-designated access token is the designated recipient (Takashima, Para. [0118], discloses that the response reception unit receives an integer z not less than 1 and not more than p-1 from the proving apparatus as the response message, and as disclosed in Para. [0124], wherein the authentication result output unit outputs an authentication result indicating that authentication is successful).  
Thus it would have been obvious to one ordinary skilled in the art before the effective filling date of the claimed invention to implement the teachings of ‘Takashima’ into the teachings of ‘Poon’, with a motivation to determine a response generated and transmitted with respect to the challenge, as taught by Takashima, that judges whether or not verification is successful; Takashima, Para. [0044].

18, Poon as modified by Takashima teaches the information processing apparatus according to claim 16, wherein the processor is further configured to execute the second instructions to (Poon, Para. [0094-0095], wherein the sender, recipient and server (or overall system) may include multiple memory unit(s) and processing unit(s) to execute instructions stored on memory unit(s) to): determine whether an access token data received from the user corresponds to the recipient-designated access token (Poon, Para. [0051], discloses that for the recipient and tag specific token RK.sub.pi 160 and the recipient R.sub.p 150, (p is an integer that identifies recipients, such that each recipient has a different number for p, and i is an integer that identifies the tag), and as disclosed in Para. [0031], wherein the tag may refer to a recipient's secret key information or an access token, which is used to generate a (recipient-designated) token (see Para. [0006-0007])),8Appln. No.: 16/468,336 
verify whether the user is the designated recipient using the recipient-designated access token, if the received access token data corresponds to the recipient-designated access token (Poon, Para. [0135], discloses that during the deciphering enciphered data process 1040, the recipient may decipher the data using at least one of the access token, and as disclosed in Poon, Para. [0006-0007 and 0031], wherein the token may be generated based on recipient-specific information and/or tag-specific information associated with recipient and/or by using recipient’s secret key), and 
reject the received access token data, if the received access token data does not correspond to the recipient-designated access token (Poon, Para. [0147], discloses when any of tags attached to the symmetric keys in the re-encrypted set of ).

Conclusion
Applicant's amendment necessitated the new ground(s) of rejection presented in this Office action.  Accordingly, THIS ACTION IS MADE FINAL.  See MPEP § 706.07(a).  Applicant is reminded of the extension of time policy as set forth in 37 CFR 1.136(a).  
A shortened statutory period for reply to this final action is set to expire THREE MONTHS from the mailing date of this action.  In the event a first reply is filed within TWO MONTHS of the mailing date of this final action and the advisory action is not mailed until after the end of the THREE-MONTH shortened statutory period, then the shortened statutory period will expire on the date the advisory action is mailed, and any extension fee pursuant to 37 CFR 1.136(a) will be calculated from the mailing date of the advisory action.  In no event, however, will the statutory period for reply expire later than SIX MONTHS from the date of this final action. 
Any inquiry concerning this communication or earlier communications from the examiner should be directed to ALI CHEEMA, whose telephone number is 571-272-1239. The examiner can normally be reached on 8AM-4PM (EST) Monday-Friday. 
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Jorge L. Ortiz-Criado can be reached on 571-272-7624.  The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300. 


/ALI CHEEMA/
Examiner, Art Unit 2496

/JORGE L ORTIZ CRIADO/Supervisory Patent Examiner, Art Unit 2496