DETAILED ACTION
 	Claims 21-40 are pending, Claims 1-20 are canceled. This is in response to the application filed on October 22, 2019 which claims priority to 15/686055 filed on August 24, 2017 that is granted under Patent 10,505,978.

Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .

Double Patenting
The nonstatutory double patenting rejection is based on a judicially created doctrine grounded in public policy (a policy reflected in the statute) so as to prevent the unjustified or improper timewise extension of the “right to exclude” granted by a patent and to prevent possible harassment by multiple assignees. A nonstatutory double patenting rejection is appropriate where the conflicting claims are not identical, but at least one examined application claim is not patentably distinct from the reference claim(s) because the examined application claim is either anticipated by, or would have been obvious over, the reference claim(s). See, e.g., In re Berg, 140 F.3d 1428, 46 USPQ2d 1226 (Fed. Cir. 1998); In re Goodman, 11 F.3d 1046, 29 USPQ2d 2010 (Fed. Cir. 1993); In re Longi, 759 F.2d 887, 225 USPQ 645 (Fed. Cir. 1985); In re Van Ornum, 686 F.2d 937, 214 USPQ 761 (CCPA 1982); In re Vogel, 422 F.2d 438, 164 USPQ 619 (CCPA 1970); In re Thorington, 418 F.2d 528, 163 USPQ 644 (CCPA 1969).
et seq. for applications not subject to examination under the first inventor to file provisions of the AIA . A terminal disclaimer must be signed in compliance with 37 CFR 1.321(b). 
The USPTO Internet website contains terminal disclaimer forms which may be used. Please visit www.uspto.gov/patent/patents-forms. The filing date of the application in which the form is filed determines what form (e.g., PTO/SB/25, PTO/SB/26, PTO/AIA /25, or PTO/AIA /26) should be used. A web-based eTerminal Disclaimer may be filled out completely online using web-screens. An eTerminal Disclaimer that meets all requirements is auto-processed and approved immediately upon submission. For more information about eTerminal Disclaimers, refer to www.uspto.gov/patents/process/file/efs/guidance/eTD-info-I.jsp.
Claim  rejected on the ground of nonstatutory double patenting as being unpatentable over claim 1 of U.S. Patent No. 10,505,978. Although the claims at issue are not identical, they are not patentably distinct from each other because the claim recites similar features as follows:
transmitting, by a computing device to a recipient computing device, a first message comprising a first trust token and first digitally signed data comprising a first identifier associated with the computing device as digitally signed by the computing device;


receiving, by the computing device, a second message, the second message comprising the first trust token of the first message a second trust token generated by the recipient computing device, the second trust token comprising a second identifier associated with the recipient computing device and second digitally signed data comprising the second identifier as digitally signed by the recipient computing device;

obtaining, by the computing device from a trust provider computer, a public key associated with the recipient computing device;









validating the second digitally signed data of the second trust token utilizing the public key; 



 	comparing a first portion of the first trust token transmitted in the first message to a second portion of the first trust token received in the second message; and  	

when the second digitally signed data is valid and the first portion of the first trust token transmitted in the first message matches the second portion of the first trust token received in the second message, processing content of the second message.
generating, by a computing device, a first trust token using first digitally signed data…comprising a source identifier
as digitally signed by the computing device; transmitting, by the computing device to a recipient computing device, a first message comprising the first
trust token;

receiving, by the computing device, a second message, the second message comprising the first trust token associated with the computing device and a second
trust token associated with the recipient computing device, the second trust token comprising a destination identifier …the destination identifier as digitally signed by the recipient computing device;



determining that the second message is valid by: obtaining, by the computing device from the trust provider computer, an indication that the third digitally
signed data of the second trust token is valid, the indication comprising a public key associated with the recipient computing device; comparing at least a portion of the first trust token
received in the second message to the first trust token generated by the computing device;

validating the fourth digitally signed data of the second trust token at the computing device utilizing the public key obtained from the trust provider computer; and

comparing at least a portion of the first trust token received in the second message to the first trust token generated by the computing device;


in response to determining that the second message is valid, processing content of the second message.


 	Claim 31 is also rejected in view of claim 21 rejection.
 	This is an anticipatory rejection.

Claim Rejections - 35 USC § 103
In the event the determination of the status of the application as subject to AIA  35 U.S.C. 102 and 103 (or as subject to pre-AIA  35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status.  
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.

Claims 21, 27, 31-33, 35-36 and 39 are rejected under 35 U.S.C. 103 as being unpatentable over PG Pub 20130227289 (hereinafter Du ) in view of PG Pub 20130308778 (hereinafter after Fosmark) and further in view of PG Pub 20180337784 (hereinafter Jain)
 	Regarding claim 21, Du discloses a method, comprising: 
 	transmitting, by a computing device to a recipient computing device, a first message comprising a first trust token and first digitally signed data comprising a first identifier associated with the computing device as digitally signed by the computing device (Fig. 3 and par. [0032] and [0083]-[0100] disclose messages exchanged between entity A, B and a trusted platform where a token can comprise signature of any of the three entities. Entity A sends message 4 to B comprise TokenAB that includes TokenTA and a signature of the entity A); 
 	receiving, by the computing device, a second message, the second message comprising … a second trust token generated by the recipient computing device, the second trust token comprising a second identifier associated with the recipient computing device and second digitally signed data comprising the second identifier as digitally signed by the recipient computing device (par. [0095] discloses message 5 sent to A comprises TokenBA with Signature of B). Du discloses the (reply) message 5 includes other data such as GB, Rs, GA and RA. However, Du does not expressly discloses the message include TokenAB of entity A. Fosmark discloses using a first code as a token for registering a mobile device where the first code is returned when the mobile device replies to the registration process (par. [0116]-[0117]) Therefore, it would have been obvious before the effective filing date of the claimed invention to receiving, by the computing device, a second message, the second message comprising the first trust token of the first message a second trust token generated by the recipient computing device, the second trust token comprising a second identifier associated with the recipient computing device and second digitally signed data comprising the second identifier as digitally signed by the recipient computing device. One would have done so to improve a communication session to verify that a transaction performed by a user was actually performed by that user and not an imposter (Fosmark); 
 	obtaining, by the computing device from a trust provider computer, a public key associated with the recipient computing device (Du, Fig. 3, par [0032] and [0044] discloses the trusted third party sends messages 3 to entity A the ResGB which comprises the certificate CertGB (public key of B)); 
 	validating the second digitally signed data of the second trust token utilizing the public key (Du, par. [0099] discloses entity A obtains the public key of the group GB, verifies the signature of the entity B in TokenBA for validity); 
	Neither Du nor Fosmark discloses comparing a first portion of the first trust token transmitted in the first message to a second portion of the first trust token received in the second message.  Jain discloses the same token is included in a sending message and the replying message where the toke is verified (Fig. 5 and par. [0084], Steps 506-508-510). Therefore, it would have been obvious before the effective filing date of the claimed invention to modify Du and Fosmark with Jain to further teach the claimed feature. One would have done by using short-lived tokens for the partner authentication (PA) system to ensure network trust levels are not violated and that security tokens  
  	when the second digitally signed data is valid and the first portion of the first trust token transmitted in the first message matches the second portion of the first trust token received in the second message, processing content of the second message (see Du in the validation step above and Jain (par. [0084]-[0085], Steps 510-512). 
Regarding claim 27, Du discloses wherein the first trust token comprises third digitally signed data signed by the trust provider computer, and wherein the method further comprises providing, from the computing device to the trust provider computer, the public key associated with the computing device, wherein receiving, by the trust provider computer, the public key associated with the computing device causes the trust provider computer to generate and provide the third digitally signed data to the computing device  (par. [0089] disclose before entity A send message 4 to entity B it sends its public key (CertGA) to the trusted third party then the trusted third party returns the TokenTA includes a signature of the trusted third party). 
Regarding claim 31, Du, Fosmark and Jain discloses a computing device comprising, a processor, and a non-transitory computer readable medium coupled to the processor, the non-transitory computer readable medium comprising code that, when executed, causes the processor to: 
transmit, to a recipient computing device, a first message comprising a first trust token, the first trust token comprising first digitally signed data comprising a first identifier associated with the computing device as digitally signed by the computing device; 
receive a second message, the second message comprising the first trust token of the first message a second trust token generated by the recipient computing device, the second trust token comprising a second identifier associated with the recipient computing device and second digitally signed data comprising the second identifier as digitally signed by the recipient computing device; 
obtain, from a trust provider computer, a public key associated with the recipient computing device; validate the second digitally signed data of the second trust token utilizing the public key; 
compare a first portion of the first trust token transmitted in the first message to a second portion of the first trust token received in the second message; and 
when the second digitally signed data is valid and the first portion of the first trust token transmitted in the first message matches the second portion of the first trust token received in the second message, process content of the second message. 
 	See claim 21 rejection. 	Regarding claims 32 and 35, Du discloses wherein the first identifier is a public key of the computing device (par. [0088] discloses identity IGA is a certificate CertGA (public key)). wherein the first portion of the first trust token transmitted in the first message and the second portion of the first trust token received in the second message are device identifiers (par. [0090] and [0095] disclose tokens comprise pluralities of value including identifiers for entities A & B).  	Regarding claim 36, Du discloses to provide, to the trust provider computer, a public key of the computing device to cause the trust provider computer to store an association between the public key and the computing device (par. [0088] discloses using IGA of entity A the trusted third party TP searches for a valid public key (to store) in order to generate the verification result ResGA). 
 	Regarding claim 39, Du discloses wherein the first digitally signed data comprises message data of the first message (Fig. 3 discloses optional text can be included in each message). 
 	Claim 23 is rejected under 35 U.S.C. 103 as being unpatentable over Du in view of Fosmark and Jain and further in view of PG Pub 20090094452 (hereinafter Shao) 	Regarding claim 23, neither Du, Fosmark and Jain discloses wherein the public key and the first private key are obtained from a key management module that is distinct from the trust provider computer. However, it is known in the art keys usually issued by a certificate authority. Shao teaches this (Fig. 1, Certificate Authority 140). Therefore, it would have been obvious before the effective filing date of the claimed invention to modify Du, Fosmark and Jain with Shao to further teach the claimed feature. One would .
Claims 24-26 and 34 are rejected under 35 U.S.C. 103 as being unpatentable over Du in view of Fosmark and Jain and further in view of PG Pub 20120144195 (hereinafter after Nair) 	Regarding claims 24-25, neither Du, Fosmark and Jain discloses wherein the first trust token is generated by the computing device using a nonce generated by the computing device wherein the nonce is generated to be unique to the first trust token. Nair discloses a token is based on a nonce value (par. [0018]). Therefore, it would have been obvious before the effective filing date of the claimed invention to modify Du, Fosmark and Jain with Nair to further teach the claimed feature. One would have done so using known process of using nonce for generating token with reasonable expectation for success. 	Regarding claim 26, Nair discloses wherein the first trust token comprises a nonce generated by the computing device and the first identifier corresponding to the computing device (Nair discloses the DRM agent on the client device generates the nonce value). 
 	Regarding claim 34, Nair discloses wherein the first portion of the first trust token transmitted in the first message is a first nonce and the second portion of the first trust token received in the second message is a second nonce. See claims 24-25 rejection. 	Claims 28-29 are rejected under 35 U.S.C. 103 as being unpatentable over Du in view of Fosmark and Jain and further in view of PG Pub 20190334718 (hereinafter after Li) 	Regarding claims 28-29, Du, Fosmark and Jain does not disclose storing a mapping between the first identifier associated with computing device and the first trust token and comparing the first identifier of the first trust token received in the second message to the first identifier stored in the mapping. Li discloses using token binding identifier where a token is mapped to a public key (Table 1 and par.[0093]-[0094]). Therefore, it would have been obvious before the effective filing date of the claimed invention to modify Du, Fosmark and Jain with Li to further teach the claimed feature. One would have done so to reduce replay attack risks as mentioned by Li (Background).

 	Claim 37 is rejected under 35 U.S.C. 103 as being unpatentable over Du in view of Fosmark and Jain and further in view of PG Pub 20180322311 (hereinafter Kobayashi) 	Regarding claim 37, Du does not disclose the processor to store a mapping between the first identifier associated with computing device, a nonce generated by the computing device, and the first trust token. Kobayashi discloses such feature (Table II) used for registering user of an IoT device for web services (Summary section). Therefore, it would have been obvious before the effective filing date of the claimed invention to modify Du, Fosmark and Jain with Kobayashi to further teach the claimed .
 	Claim 38 is rejected under 35 U.S.C. 103 as being unpatentable over Du in view of Fosmark and Jain and further in view of PG Pub 20140281533 (hereinafter de Andrade) 	Regarding claim 38, Du does not disclose wherein the first trust token is provided in header fields of the first message. de Andrade discloses a token can be stored in a header of an HTTP message (par. [0093]). Therefore, it would have been obvious before the effective filing date of the claimed invention to modify Du, Fosmark and Jain with de Andrade to further teach the claimed feature. One would have done so using same process of storing token with reasonable expectation for success.
Allowable Subject Matter
Claims 22, 30 and 40 are objected to as being dependent upon a rejected base claim, but would be allowable if rewritten in independent form including all of the limitations of the base claim and any intervening claims.

                                                Inquiry communication                                                                                                              	Any inquiry concerning this communication or earlier communications from the examiner should be directed to TRI M TRAN whose telephone number is (571)270-1994. The examiner can normally be reached Mon-Fri: 9am-5pm.

If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Jeffrey Nickerson can be reached on (469)295-9235. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. Visit https://www.uspto.gov/patents/apply/patent-center for more information about Patent Center and https://www.uspto.gov/patents/docx for information about filing in DOCX format. For additional questions, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.

/TRI M TRAN/Primary Examiner, Art Unit 2432