DETAILED ACTION

Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA . 
In the event the determination of the status of the application as subject to AIA  35 U.S.C. 102 and 103 (or as subject to pre-AIA  35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status.

Information Disclosure Statement
The information disclosure statement (IDS) submitted on 12/01/2020 is in compliance with the provisions of 37 CFR 1.97.  Accordingly, the information disclosure statement is being considered by the examiner.

Double Patenting
The nonstatutory double patenting rejection is based on a judicially created doctrine grounded in public policy (a policy reflected in the statute) so as to prevent the unjustified or improper timewise extension of the “right to exclude” granted by a patent and to prevent possible harassment by multiple assignees. A nonstatutory double patenting rejection is appropriate where the conflicting claims are not identical, but at least one examined application claim is not patentably distinct from the reference claim(s) because the examined application claim is either anticipated by, or would have been obvious over, the reference claim(s). See, e.g., In re Berg, 140 F.3d 1428, 46 USPQ2d 1226 (Fed. Cir. 1998); In re Goodman, 11 F.3d 1046, 29 USPQ2d 2010 (Fed. Cir. 1993); In re Longi, 759 F.2d 887, 225 USPQ 645 (Fed. Cir. 1985); In re Van Ornum, 686 F.2d 937, 214 USPQ 761 (CCPA 1982); In re Vogel, 422 F.2d 438, 164 USPQ 619 (CCPA 1970); In re Thorington, 418 F.2d 528, 163 USPQ 644 (CCPA 1969).
A timely filed terminal disclaimer in compliance with 37 CFR 1.321(c) or 1.321(d) may be used to overcome an actual or provisional rejection based on nonstatutory double patenting provided the reference application or patent either is shown to be commonly owned with the examined application, or claims an invention made as a result of activities undertaken within the scope of a joint research agreement. See MPEP § 717.02 for applications subject to examination under the first inventor to file provisions of the AIA  as explained in MPEP § 2159.  See MPEP §§ 706.02(l)(1) - 706.02(l)(3) for applications not subject to examination under the first inventor to file provisions of the AIA . A terminal disclaimer must be signed in compliance with 37 CFR 1.321(b). 
The USPTO Internet website contains terminal disclaimer forms which may be used. Please visit www.uspto.gov/patent/patents-forms. The filing date of the application in which the form is filed determines what form (e.g., PTO/SB/25, PTO/SB/26, PTO/AIA /25, or PTO/AIA /26) should be used. A web-based eTerminal Disclaimer may be filled out completely online using web-screens. An eTerminal Disclaimer that meets all requirements is auto-processed and approved immediately upon submission. For more information about eTerminal Disclaimers, refer to www.uspto.gov/patents/process/file/efs/guidance/eTD-info-I.jsp.

Claims 1-20 are rejected under the judicially created doctrine of obviousness-type double patenting as being unpatentable over claim 11 of U.S. Patent No. 10,749,846 (hereinafter “PAT846”).  Although the conflicting claims are not identical, they are not patentably distinct from each other because of the following reasons:
Claims 1-20 of U.S. Patent No. US 10,749,846 contain(s) every element of claims 1-20 of the instant application and the instant claims 1-20 are a broader version of claims 1-20 of the Patent No. US 10,749,846 (see table below) and as such anticipate(s) claims 1-20 of the instant application. “A later patent claim is not patentably distinct from an earlier patent claim if the later claim is obvious over, or anticipated by, the earlier claim. In re Longi, 759 F.2d at 896, 225 USPQ at 651 (affirming a holding of obviousness-type double patenting because the claims at issue were obvious over claims in four prior art patents); In re Berg, 140 F.3d at 1437, 46 USPQ2d at 1233 (Fed. Cir. 1998) (affirming a holding of obviousness-type double patenting where a patent application claim to a genus is anticipated by a patent claim to a species within that genus). “ ELI LILLY AND COMPANY v BARR LABORATORIES, INC., United States Court of Appeals for the Federal Circuit, ON PETITION FOR REHEARING EN BANC (DECIDED: May 30, 2001).
16924712
10,749,846


1. (New) A method comprising: 


sending, by a computing device, a request for access to content, wherein the request comprises a first security token comprising a first identifier of the content, and
a second security token comprising the first identifier of the content and a second identifier of the content, wherein the second identifier is different from the first identifier; and 




based on the request being validated, receiving a decryption key for the content.
1. One or more non-transitory computer-readable media storing instructions that, when executed, cause:
sending, by a computing device, a request for access to content, the request comprising at least two security tokens, wherein a first security token of the at least two security tokens comprises a content-management-system-release identifier of the content, and a second security token of the at least two security tokens comprises the content-management-system-release identifier of the content and a delivery-system-release identifier of the content, wherein the delivery-system-release identifier is different from the content-management-system-release identifier; and
based on the request for access being validated, receiving a decryption key for the content.

2. (New) The method of claim 1, wherein the sending the request comprises sending the request to a user device comprising a web-browser plugin that enables the user device to play the content.
2. The one or more non-transitory computer-readable media of claim 1, wherein the instructions, when executed, cause:
sending the request for access to the content to a user device comprising a web-browser plugin that enables the user device to play the content.

3. (New) The method of claim 1, wherein the sending the request comprises communicating with a first server via a front-end interface to request the access to the content.

3. The one or more non-transitory computer-readable media of claim 1, wherein the instructions, when executed, cause:
communicating with an authorization-system server via a front-end interface to request the access to the content.

4. (New) The method of claim 1, further comprising: receiving a listing of available content, wherein the listing of available content lists the content.
4. The one or more non-transitory computer-readable media of claim 1, wherein the instructions, when executed, cause:
receiving a listing of available content, wherein the listing of available content comprises the content.

5. (New) The method of claim 1, further comprising: receiving, from a second server, a notification of a third server or multicast address for the content.
5. The one or more non-transitory computer-readable media of claim 1, wherein the instructions, when executed, cause:
receiving, from a session-manager server, a notification of a streaming server or multicast address for the content.

6. (New) The method of claim 5, further comprising: receiving, using a single protocol, a communication comprising the notification.
6. The one or more non-transitory computer-readable media of claim 5, wherein the instructions, when executed, cause:
receiving, using a single protocol, communication comprising the notification.

7. (New) The method of claim 1, further comprising: receiving the content; and decrypting the content using the decryption key.
7. The one or more non-transitory computer-readable media of claim 1, wherein the instructions, when executed, cause:
requesting the content;
receiving the content; and
decrypting the content using the decryption key.

8. (New) The method of claim 1, further comprising: receiving the content in a format that is compatible with the computing device.
8. The one or more non-transitory computer-readable media of claim 7, wherein the instructions, when executed, cause:
receiving the content in a format that is compatible with the computing device.

9. (New) The method of claim 1, further comprising: storing the decryption key in a secure memory area.
9. The one or more non-transitory computer-readable media of claim 1, wherein the instructions, when executed, cause:
storing the decryption key in a secure memory area.

10. (New) A method comprising: 


identifying, by a computing device and in a request for access to content: a first security token comprising a first identifier of the content, and 
a second security token comprising the first identifier of the content and a second identifier of the content, wherein the second identifier is different from the first identifier; and 





based on the request being validated, sending a decryption key for the content.
10. One or more non-transitory computer-readable media storing instructions that, when executed, cause:
identifying, by a computing device, two security tokens in a request for access to content, a first security token of the two security tokens comprising a content-management-system-release identifier of the content, and a second security token of the two security tokens comprising the content-management-system-release identifier of the content and a delivery-system-release identifier of the content, wherein the delivery-system-release identifier is different from the content-management-system-release identifier; and
based on the request for the request for access being validated, transmitting a decryption key for the content.

11. (New) The method of claim 10, further comprising: validating, by the computing device, the request; and authorizing, by the computing device, access to the content.
11. The one or more non-transitory computer-readable media of claim 10, wherein the instructions, when executed, cause:
validating, by the computing device, the request for access; and
authorizing, by the computing device, access to the content.

12. (New) The method of claim 10, further comprising: confirming that the first identifier in the first security token corresponds to the content; confirming that the first identifier in the second security token corresponds to the content; and confirming that the second identifier in the second security token corresponds to the content.
12. The one or more non-transitory computer-readable media of claim 10, wherein the instructions, when executed, cause:
confirming that the content-management-system-release identifier in the first security token corresponds to the content;
confirming that the content-management-system-release identifier in the second security token corresponds to the content; and
confirming that the delivery-system-release identifier in the second security token corresponds to the content.

13. (New) The method of claim 10, further comprising: verifying that an age of one of the first security token and the second security token does not exceed a time limit.
13. The one or more non-transitory computer-readable media of claim 10, wherein the instructions, when executed, cause:
verifying that an age of one of the two security tokens does not exceed a time limit.

14. (New) The method of claim 10, further comprising: verifying that the first security token and the second security token are signed.
14. The one or more non-transitory computer-readable media of claim 10, wherein the instructions, when executed, cause:
verifying that the first security token and the second security token are signed.

15. (New) A method comprising: 


receiving, by a computing device, a request for access to content, wherein the request comprises a first security token comprising a first identifier of the content, and
a second security token comprising the first identifier of the content and a second identifier of the content, wherein the second identifier is different from the first identifier; and 




based on the request being validated, providing a decryption key for the content.
15. One or more non-transitory computer-readable media storing instructions that, when executed, cause:
receiving, by a computing device, a request for access to content, the request comprising at least two security tokens, wherein a first security token of the at least two security tokens comprises a content-management-system-release identifier of the content, and a second security token of the at least two security tokens comprises the content-management-system-release identifier of the content and a delivery-system-release identifier of the content, wherein the delivery-system-release identifier is different from the content-management-system-release identifier; and
based on the request for access being validated, providing a decryption key for the content.

16. (New) The method of claim 15, further comprising: communicating with a server to receive the request.
16. The one or more non-transitory computer-readable media of claim 15, wherein the instructions, when executed, cause:
communicating with an authorization-system server to receive the request for the access to the content.

17. (New) The method of claim 15, further comprising: providing a listing of available content, wherein the listing of available content lists the content.
17. The one or more non-transitory computer-readable media of claim 15, wherein the instructions, when executed, cause:
providing a listing of available content, wherein the listing of available content comprises the content.

18. (New) The method of claim 15, further comprising: providing the content, wherein the content is decryptable using the decryption key.
18. The one or more non-transitory computer-readable media of claim 15, wherein the instructions, when executed, cause:
receiving a request for the content; and
providing the content,
wherein the content is decryptable using the decryption key.

19. (New) The method of claim 15, further comprising: storing, on the computing device, the content in a plurality of formats, and providing the content in a format, of the plurality of formats, that is compatible with a user device.
19. The one or more non-transitory computer-readable media of claim 15, wherein the instructions, when executed, cause:
storing the content in a plurality of formats on the computing device, and
providing the content in a format of the plurality of formats that is compatible with a user device.
.
20. (New) The method of claim 15, further comprising: sending the decryption key to a user device.
20. The one or more non-transitory computer-readable media of claim 15, wherein the instructions, when executed, cause:
sending the decryption key to a user device


Claims 1-2, 10-11 and 15 are rejected under the judicially created doctrine of obviousness-type double patenting as being unpatentable over claims 1-2 and 9 of U.S. Patent No. 10,084,759 (hereinafter “PAT759”).  Although the conflicting claims are not identical, they are not patentably distinct from each other because of the following reasons:
Claims 1-2 and 9 of U.S. Patent No. US 10,084,759 contain(s) every element of claims 1-2, 10-11 and 15 of the instant application and the instant claims 1-2, 10-11 and 15 are a broader version of claims 1-2 and 9  of the Patent No. US 10,084,759 and as such anticipate(s) claims 1-2, 10-11 and 15 of the instant application. “A later patent claim is not patentably distinct from an earlier patent claim if the later claim is obvious over, or anticipated by, the earlier claim. In re Longi, 759 F.2d at 896, 225 USPQ at 651 (affirming a holding of obviousness-type double patenting because the claims at issue were obvious over claims in four prior art patents); In re Berg, 140 F.3d at 1437, 46 USPQ2d at 1233 (Fed. Cir. 1998) (affirming a holding of obviousness-type double patenting where a patent application claim to a genus is anticipated by a patent claim to a species within that genus). “ ELI LILLY AND COMPANY v BARR LABORATORIES, INC., United States Court of Appeals for the Federal Circuit, ON PETITION FOR REHEARING EN BANC (DECIDED: May 30, 2001).

Claims 1-20 are rejected under the judicially created doctrine of obviousness-type double patenting as being unpatentable over claims 1-4, 6-10, 16-21 and 24-28 of U.S. Patent No. 9,306,920 (hereinafter “PAT920”).  Although the conflicting claims are not identical, they are not patentably distinct from each other because of the following reasons:
Claims 1-4, 6-10, 16-21 and 24-28 of U.S. Patent No. US 9,306,920 contain(s) every element of claims 1-20 of the instant application and the instant claims 1-20 are a broader version of claims 1-4, 6-10, 16-21 and 24-28 of the Patent No. US 9,306,920 and as such anticipate(s) claims 1-20 of the instant application. “A later patent claim is not patentably distinct from an earlier patent claim if the later claim is obvious over, or anticipated by, the earlier claim. In re Longi, 759 F.2d at 896, 225 USPQ at 651 (affirming a holding of obviousness-type double patenting because the claims at issue were obvious over claims in four prior art patents); In re Berg, 140 F.3d at 1437, 46 USPQ2d at 1233 (Fed. Cir. 1998) (affirming a holding of obviousness-type double patenting where a patent application claim to a genus is anticipated by a patent claim to a species within that genus). “ ELI LILLY AND COMPANY v BARR LABORATORIES, INC., United States Court of Appeals for the Federal Circuit, ON PETITION FOR REHEARING EN BANC (DECIDED: May 30, 2001).

Claims 1-2, 7, 10, 13 and 15 are rejected under the judicially created doctrine of obviousness-type double patenting as being unpatentable over claims 1, 4, 8 and 20 of U.S. Patent No. 8910295 (hereinafter “PAT295”).  Although the conflicting claims are not identical, they are not patentably distinct from each other because of the following reasons:
Claims 1, 4, 8 and 20 of U.S. Patent No. US 8910295 contain(s) every element of claims 1-2, 7, 10, 13 and 15 of the instant application and the instant claims 1-2, 7, 10, 13 and 15 are a broader version of claims 1, 4, 8 and 20 of the Patent No. US 8910295 and as such anticipate(s) claims 1, 4, 8 and 20 of the instant application. “A later patent claim is not patentably distinct from an earlier patent claim if the later claim is obvious over, or anticipated by, the earlier claim. In re Longi, 759 F.2d at 896, 225 USPQ at 651 (affirming a holding of obviousness-type double patenting because the claims at issue were obvious over claims in four prior art patents); In re Berg, 140 F.3d at 1437, 46 USPQ2d at 1233 (Fed. Cir. 1998) (affirming a holding of obviousness-type double patenting where a patent application claim to a genus is anticipated by a patent claim to a species within that genus). “ ELI LILLY AND COMPANY v BARR LABORATORIES, INC., United States Court of Appeals for the Federal Circuit, ON PETITION FOR REHEARING EN BANC (DECIDED: May 30, 2001).

Claim Rejections - 35 USC § 103
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102 of this title, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains.  Patentability shall not be negated by the manner in which the invention was made.


Claims 1, 3-4, 7, 9-12, 15-18 and 20 are rejected under 35 U.S.C. 103 as being unpatentable over Simmons (Pub. No.: US 2012/0084804) in view of Brodersen et al. (Pub. No.: US 2008/0168568, hereinafter Brodersen).
Regarding claim 1: Simmons discloses A method comprising: 
sending, by a computing device, a request for access to content (Simmons - [0032]: At 206, the media presentation device sends the authentication tokens to a federated identity service associated with an EPG server), wherein the request comprises a first security token comprising a first identifier of the content, and a second security token comprising the first identifier of the content and a second identifier of the content, wherein the second identifier is different from the first identifier (Simmons - [0014]: The authentication token may contain any suitable information, including but not limited to information about media presentation device 102 a, user 108 of media presentation device 102 a, and/or content source 104 n from which the authentication token was received);
Although Simmons discloses validating the tokens and receiving a list of content. However, Simmons doesn’t explicitly teach receiving a decryption key for the content, In analogous art, Brodersen discloses:
based on the request being validated, receiving a decryption key for the content (Brodersen - [0033]: The received key(s) then are used conventionally by the player to decrypt the associated digital content. [0008]: The player upon receipt of the token sends back to the server (either directly, or via the host device), additional DRM related information, including the token itself and associated authenticating information. Last, the player receives from the server (directly or via the host device) the relevant DRM key(s) for conventionally decrypting the content).
It would have been prima facie obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to modify the method of Simmons with Brodersen so that an decryption key is obtained after validation. 
Regarding claim 3: Simmons as modified discloses wherein the sending the request comprises communicating with a first server via a front-end interface to request the access to the content (Simmons - [0024]: the EPG allows user 108 to access, select, and discover authenticated content from various potentially unrelated sources via a common user interface).
Regarding claim 4: Simmons as modified discloses further comprising: receiving a listing of available content, wherein the listing of available content lists the content (Simmons - [0024]: The EPG provided shows a list of authenticated content available to user 108 based on the user's stored digital credentials (e.g., authentication tokens)).
Regarding claim 7: Simmons as modified discloses further comprising: receiving the content (Brodersen - [0013]: player 30 also has the capability to directly communicate with the server, both for DRM purposes and also to download media content, such as by an Internet connection); and decrypting the content using the decryption key (Brodersen - [0033]: The received key(s) then are used conventionally by the player to decrypt the associated digital content, which is transferred to player 30 conventionally).
Brodersen is combined with Simmons herein for similar obviousness reasons and motivation and the same rationale as stated for claim 1.
Regarding claim 9: Simmons as modified discloses further comprising: storing the decryption key in a secure memory area (Brodersen - [0036]: Also provided are the DRM storage locations 40, typically some type of secure storage, which inter alia stores … at key repository 52).
It would have been prima facie obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to modify the method of Simmons with Brodersen so that the decryption is stored in the secure memory for enhanced security. 
Regarding claim 10: The limitations of claim 10 are substantially similar to the limitations of claim 1, thus it is interpreted and rejected for the reasons set forth above in the rejection of claim 1.
Regarding claim 11: Simmons as modified discloses further comprising: validating, by the computing device, the request (Simmons - [0048]: Content delivery service 418 receives the request and parses authentication token 412 a and the verification code to verify authorization); and authorizing, by the computing device, access to the content (Simmons - [0048]: Upon doing so, content delivery service 418 then transmits a license to media presentation device 102 a, as shown at 428).
Regarding claim 12: Simmons as modified discloses further comprising: confirming that the first identifier in the first security token corresponds to the content; confirming that the first identifier in the second security token corresponds to the content; and confirming that the second identifier in the second security token corresponds to the content (Simmons - [0034]: the EPG server may compare the authentication tokens to an authenticated content index or other suitable collection of known content sources utilizing authentication in order to determine the authenticated content sources with which the user is registered).
Regarding claim 15: The limitations of claim 10 are substantially similar to the limitations of claim 1, thus it is interpreted and rejected for the reasons set forth above in the rejection of claim 1.
Regarding claim 16: Simmons as modified discloses further comprising: communicating with a server to receive the request (Simmons - [0034]: the media presentation device sends a request to the EPG server for an EPG).
Regarding claim 17: Simmons as modified discloses further comprising: providing a listing of available content, wherein the listing of available content lists the content (Simmons - [0024]: The EPG provided shows a list of authenticated content available to user 108 based on the user's stored digital credentials (e.g., authentication tokens)).
Regarding claim 18: Simmons as modified discloses further comprising: providing the content (Brodersen - [0013]: player 30 also has the capability to directly communicate with the server, both for DRM purposes and also to download media content, such as by an Internet connection), wherein the content is decryptable using the decryption key (Brodersen - [0033]: The received key(s) then are used conventionally by the player to decrypt the associated digital content, which is transferred to player 30 conventionally).
Brodersen is combined with Simmons herein for similar obviousness reasons and motivation and the same rationale as stated for claim 1.
Regarding claim 20: Simmons as modified discloses further comprising: sending the decryption key to a user device (Brodersen - [0033]: the player receives the relevant key(s) for its key repository from the server directly, or via the host device, for the particular user account and player).
Brodersen is combined with Simmons herein for similar obviousness reasons and motivation and the same rationale as stated for claim 1.

Claim 2 is rejected under 35 U.S.C. 103 as being unpatentable over Simmons (Pub. No.: US 2012/0084804) in view of Brodersen et al. (Pub. No.: US 2008/0168568, hereinafter Brodersen) and Babic (Pub. No.: US 2011/0296473).
Regarding claim 2: Simmons as modified doesn’t explicitly teach but Babic discloses wherein the sending the request comprises sending the request to a user device comprising a web-browser plugin that enables the user device to play the content (Babic - [0047]: The media player 152 may be a piece of software that requests and plays the media content (e.g., displays video and plays audio), and may be a standalone software application, a web browser plug-in, a combination of browser plug-in and supporting web page logic, or the like).
It would have been prima facie obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to modify the method of Simmons and Brodersen with Babic so that a browser plug-in is used to support web logic for requesting and plays the content. 

Claims 5-6 are rejected under 35 U.S.C. 103 as being unpatentable over Simmons (Pub. No.: US 2012/0084804) in view of Brodersen et al. (Pub. No.: US 2008/0168568, hereinafter Brodersen) and Mao et al. (Pub. No.: US 2011/0188439, hereinafter Mao).
Regarding claim 5: Simmons as modified doesn’t explicitly teach but Mao discloses further comprising: receiving, from a second server, a notification of a third server or multicast address for the content (Mao - [0028]: a session manager server may locate a streaming server and/or a multicast address for a particular content item, and may notify user equipment of the streaming server and/or multicast address for the particular content item using HTTP or IP packets).
It would have been prima facie obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to modify the method of Simmons and Brodersen with Mao so that the decryption is stored in the secure memory for enhanced security.
Regarding claim 6: Simmons as modified doesn’t explicitly teach but Mao discloses further comprising: receiving, using a single protocol, a communication comprising the notification (Mao - [0028]: communication between devices may use only a single protocol (e.g., only HTTP packets or IP packets). Content items may also be transmitted using the single protocol (e.g., HTTP packets including fragments of content items))
The reason to combine is similar as claim 5.

Claims 8 and 19 are rejected under 35 U.S.C. 103 as being unpatentable over Simmons (Pub. No.: US 2012/0084804) in view of Brodersen et al. (Pub. No.: US 2008/0168568, hereinafter Brodersen) and Montague et al. (Pub. No.: US 2008/0250508, hereinafter Montague).
Regarding claim 8: Simmons as modified doesn’t explicitly teach but Montague discloses further comprising: receiving the content in a format that is compatible with the computing device (Montague - [0028]: the translator 46 translates DRM information issued according to the DRM format used by the content provider to the DRM format supported by the particular end user communication device to which the DRM information is being transferred).
It would have been prima facie obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to modify the method of Simmons and Brodersen with Montague so that the content is transformed to a device compactible format for displaying/playing on the device.
Regarding claim 19: Simmons as modified doesn’t explicitly teach but Montague discloses further comprising: storing, on the computing device, the content in a plurality of formats (Montague - [0033]: many different DRM formats or schemes exist for protecting content), and providing the content in a format, of the plurality of formats, that is compatible with a user device (Montague - [0028]: the translator 46 translates DRM information issued according to the DRM format used by the content provider to the DRM format supported by the particular end user communication device to which the DRM information is being transferred).
It would have been prima facie obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to modify the method of Simmons and Brodersen with Montague so that so that the stored plurality content is transformed to a device compactible format for displaying/playing on the device.

Claims 13-14 are rejected under 35 U.S.C. 103 as being unpatentable over Simmons (Pub. No.: US 2012/0084804) in view of Brodersen et al. (Pub. No.: US 2008/0168568, hereinafter Brodersen) and KRAMER et al. (Pub. No.: US 2010/0077216, hereinafter KRAMER).
Regarding claim 13: Simmons as modified doesn’t explicitly teach but KRAMER discloses further comprising: verifying that an age of one of the first security token and the second security token does not exceed a time limit (KRAMER - [0073]: The SA server then can verify each token SC and T1 for validity and timeout).
It would have been prima facie obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to modify the method of Simmons and Brodersen with KRAMER so that the token is verified for validity and timeout for enhanced security.
Regarding claim 14: Simmons as modified doesn’t explicitly teach but KRAMER discloses further comprising: verifying that the first security token and the second security token are signed (KRAMER - [0064]: all servers that share the array of secrets S will be able to generate tokens as well as verify that a particular token was digitally signed by one of the servers).
It would have been prima facie obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to modify the method of Simmons and Brodersen with KRAMER so that the signature of a token is verified for security improvement.	 

Conclusion
The prior art made of record and not relied upon is considered pertinent to applicant's disclosure.
Strauch et al. (WO 2010/007178) - A token delivery system
Norrman et al. (Pub. No.: US 2011/0055566) - System and method for accessing private digital content
Any inquiry concerning this communication or earlier communications from the examiner should be directed to MENG LI whose telephone number is (571)272-8729.  The examiner can normally be reached on M-F 8:30-5:30.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s acting supervisor, Kristine Kincaid can be reached on (571) 272-4063.  The fax phone number for the organization where this application or proceeding is assigned is 571-273-8729.
Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system.  Status information for published applications may be obtained from either Private PAIR or Public PAIR.  Status information for unpublished applications is available through Private PAIR only.  For more information about the PAIR system, see http://pair-direct.uspto.gov. Should you have questions on access to the Private PAIR system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative or access to the automated information system, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.





/MENG LI/
Primary Examiner, Art Unit 2437