DETAILED ACTION
This communication is in response to Applicant’s amendment filed on August 27, 2021. Claim 5 has been amended. Claims 1-13 are pending and directed towards DIGITAL RIGHTS MANAGEMENT SYSTEMS AND METHODS USING EFFICIENT MESSAGING ARCHITECTURES. Examiner acknowledges Applicant’s amendment to specification, drawing and claims, and therefore withdraws the previous office action’s objections to the specification, the claims, and the drawing. However, the rejection under 35 USC § 103 is maintained. 

Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .

Response to Arguments
Applicant's arguments with respect to 35 U.S.C. § 103 rejection have been fully considered but they are not persuasive.
Applicant’s argues none of the cited references disclose or suggest a method that includes a "rights management system" that "receiving, from a content service system, a license request message ... comprising information identifying a piece of protected electronic content and an encrypted content key associated with the piece of protected content, the encrypted content key being encrypted using a public key of a user device," in the manner recited in claim 1.
 
In Response:
Examiner respectfully disagrees with Applicant’s assertion. Nothing in the claimed limitations show that the content service system is a separate entity from the client/user device and the license server. Given the broadest reasonable interpretation of the claimed limitations, the Digital Right Management (DRM) controller (element 146 in Figure 1) could be interpreted as the claimed content service system, which performs the same claimed functions (The DRM controller (146) examines the header information of the content file to obtain the unique identifier of the content (142). This Content ID is used to associate the appropriate license document. The DRM controller (146) first examines its own local registry (148) of license documents obtained from prior requests (330). If the local repository (148) has the appropriate license document that matches the content's (142) unique identifier, that license document is used to determine the user's granted content rights. However, if the local registry (148) doesn't contain the correct license document, the DRM controller (146) will attempt to connect to the appropriate license server (160). The DRM controller (146) at this point may obtain a license for the content (340). The controller can perform this task in the background, or prompt the user along the way with various rights/considerations models. Before the DRM controller (146) contacts the license server (160), it must acquire the credentials of the user at some point. This information is passed to the license server (160) to authenticate the remote client (140) to the license server (160). Once authenticated based on the passed credentials, the license server (160) is ready to process the client request. Irwin, para [0090]-[0091]).
Therefore, Irwin teaches the limitations of receiving, from a content service system, a license request message (requesting licenses from the license server. Irwin, para [0033]) (The license server (160) interaction starts when the client device (140) user attempts to access (320) the DRM restricted content (142) file typically using some type of rendering software. Irwin, para [0089] and Fig. 3), the license request message comprising information identifying a piece of protected electronic content (Content ID is used to associate the appropriate license document. Irwin, para [0090] and Fig. 3) and an encrypted content key associated with the piece of protected content (The rights document (162) and the appropriate decryption key for the content (142) are packaged (350) into a license document. Irwin, para [0092] and Fig. 3), the encrypted content key being encrypted using a public key of a user device (The client device (140) may provide their public key as part of their credentials, which is used to encrypt the license key for secure transmission. Irwin, para [0092] and Fig. 3). 

Claim Rejections - 35 USC § 103
In the event the determination of the status of the application as subject to AIA  35 U.S.C. 102 and 103 (or as subject to pre-AIA  35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status.  
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.

The factual inquiries for establishing a background for determining obviousness under 35 U.S.C. 103 are summarized as follows:
1. Determining the scope and contents of the prior art.
2. Ascertaining the differences between the prior art and the claims at issue.
3. Resolving the level of ordinary skill in the pertinent art.
4. Considering objective evidence present in the application indicating obviousness or nonobviousness.

Claims 1-7 and 10-13 are rejected under 35 U.S.C. 103 as being unpatentable over Irwin et al. U.S. Patent Pub. No. 2005/0071280 A1 (hereinafter “Irwin”) in view of Khalil et al. U.S. Patent Pub. No. 2019/0044940 A1 (hereinafter “Khalil”).

As per claim 1, Irwin teaches a method for managing protected content performed by a rights management system (A system is disclosed for a digital rights management system. Irwin, abstract) comprising a processor (a multi-processor system comprising a plurality of processor means. Irwin, para [0067]) and a non-transitory computer-readable medium storing instructions that (a computer-readable medium […] having computer-executable instructions. Irwin, para [0068]), when executed by the processor, cause the system to perform the method, the method comprising: 
receiving, from a content service system, a license request message (requesting licenses from the license server. Irwin, para [0033]) (The license server (160) interaction starts when the client device (140) user attempts to access (320) the DRM restricted content (142) file typically using some type of rendering software. Irwin, para [0089] and Fig. 3), the license request message comprising information identifying a piece of protected electronic content (Content ID is used to associate the appropriate license document. Irwin, para [0090] and Fig. 3) and an encrypted content key associated with the piece of protected content (The rights document (162) and the appropriate decryption key for the content (142) are packaged (350) into a license document. Irwin, para [0092] and Fig. 3), the encrypted content key being encrypted using a public key of a user device (The client device (140) may provide their public key as part of their credentials, which is used to encrypt the license key for secure transmission. Irwin, para [0092] and Fig. 3); 
generating a content license based on the license request message (generate license document. Irwin, para [0090]-[0092] Fig. 3 element 350); and 
transmitting the content license to the user device based, at least in part, on the received communication session state information (The rights document (162) and the appropriate decryption key for the content (142) are packaged (350) into a license document that can be securely transmitted down to the client device. Irwin, para [0092] and Fig. 3).
Irwin does not explicitly teach receiving communication session state information associated with the license request message; 
However, Khalil teaches receiving communication session state information associated with the license request message (identity management server device 240 can provide, to user device 210, a redirect with a session state. For example, the redirect can cause user device 210 to provide the signed authentication request to identity provider server device 230 and the session state can include information related to the request (e.g., a session identifier, user input and/or selections via the native client, a timestamp of the request, etc.). Khalil, para [0074]); 
Therefore, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention, to modify the teaching of Irwin to receiving communication session state information associated with the license request message. One would be motivated to do so, to authenticate the destination and secure communication with the user device.

As per claim 2, Irwin and Khalil teach the method of claim 1. Irwin does not explicitly teach wherein the communication session state information is received from the user device.
However, Khalil teaches wherein the communication session state information is received from the user device (the user device can authenticate the identity session. For example, the user device can provide a set of credentials (identity proofing) to the identity provider server device to authenticate the identity session. The user device can provide a set of credentials associated with the identity service provider (e.g., a username/password combination, a security token, biometric information, etc. for an account associated with the identity service provider and accessible by the identity provider server device. Khalil, para [0013]).
Therefore, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention, to modify the teaching of Irwin so that the communication session state information is received from the user device. One would be motivated to do so, to authenticate the destination and secure communication with the user device.

As per claim 3, Irwin and Khalil teach the method of claim 1. Irwin does not explicitly teach wherein the communication session state information is received from a session state database system.
However, Khalil teaches wherein the communication session state information is received from a session state database system (the user device can authenticate the identity session. For example, the user device can provide a set of credentials (identity proofing) to the identity provider server device to authenticate the identity session […]the set of credentials can be stored by the user device. Khalil, para [0013]).
Therefore, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention, to modify the teaching of Irwin so that the communication session state information is received from a session state database system. One would be motivated to do so, to enhance the flexibility of communication with user device.

As per claim 4, Irwin and Khalil teach the method of claim 1. Irwin does not explicitly teach the communication session state information is included in the license request message received from the content service system. 
However, Khalil teaches the communication session state information is included in the license request message received from the content service system (the redirect can cause user device 210 to provide the signed authentication request to identity provider server device 230 and the session state can include information related to the request (e.g., a session identifier, user input and/or selections via the native client, a timestamp of the request, etc.). Khalil, para [0074]).
Therefore, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention, to modify the teaching of Irwin so that the communication session state information is included in the license request message received from the content service system. One would be motivated to do so, to authenticate the user device and secure the communication.

As per claim 5, Irwin and Khalil teach the method of claim 1, wherein the content license comprises the encrypted content key associated with the piece of protected content (specific content keys are provided to the CRP (410), the Content Provider (120) also provides a unique identifier used to uniquely associate the encrypted content with the appropriate decryption key. Irwin, para [0100])

As per claim 6, Irwin and Khalil teach the method of claim 1. Irwin does not explicitly teach wherein the received communication session state information is encrypted. 
However, Khalil teaches wherein the received communication session state information is encrypted (service provider proxy server device 250-1 and can generate the authorization request with a PKI envelope. In some implementations, and as shown by reference number 916, service provider proxy server device 250-1 can provide, to the web client on user device 210, the authorization request. For example, the authorization request can be signed service provider proxy server device 250-1 and/or encrypted using a public key associated with the second service provider. Khalil, para [0095]).
Therefore, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention, to modify the teaching of Irwin so that the received communication session state information is encrypted. One would be motivated to do so, to enhance the security and privacy of communication.

As per claim 7, Khalil in view of Irwin teaches the method of claim 6. Irwin does not explicity teach wherein the method further comprises: decrypting the communication session state information using a decryption key shared with the content service system. 
However, Khalil teaches decrypting the communication session state information using a decryption key shared with the content service system (service provider proxy server device 250-2 can decrypt and validate the authorization request (e.g., using a private key associated with the second service provider) […] service provider proxy server device 250-2 can provide the decrypted (e.g., unwrapped) authorization request to service provider server device. Khalil, para [0097]).
Therefore, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention, to modify the teaching of Irwin to decrypting the communication session state information using a decryption key shared with the content service system. One would be motivated to do so, to enhance the security and privacy of communication.

As per claim 10, Irwin and Khalil teach the method of claim 1, wherein transmitting the content license to the user device comprises transmitting one or more communication packets comprising the content license to the user device having a source address associated with the content service (preparing, at said intermediate rights provider, a digital rights package comprising said digital content; a child license, structured within said request and a set of parameters contained in said master license; and account data associated with said consumer device wherein said package is encrypted using said account key. It may also include the step of electronically transmitting, from said intermediate rights provider, said digital rights package to said consumer device. Irwin, para [0066]).

As per claim 11, Irwin and Khalil teach the method of claim 1, wherein the license request message further comprises one or more license constraints specified by the content service (The sending LRP also verifies the security level of the receiving LRP against any constraints specified in the Rights Document (162). For example, the transfer right might only be granted if the receiving device offers a hardware base secure environment. While another device, which only offers a tamper resistant software based solution, is rejected for the transfer based on the security level offered. Irwin, para [0167]).

As per claim 12, Irwin teaches the method of claim 11, wherein generating the content license comprises generating the content license in accordance with the one or more license constraints (Each Content entity can have one to many Rights Documents (162) that can be offered to consumers. The Rights Document (162) is supplied by either the Content Provider (120) or the entity managing the CRP (DRM License server) (410), and describes the digital rights being sold to the consumer. Irwin, para [0139]).

As per claim 13, Irwin and Khalil teach the method of claim 1, wherein the content license comprises at least one license term configured to be enforced in connection accessing the piece of electronic content (the transfer right might only be granted if the receiving device offers a hardware base secure environment. While another device, which only offers a tamper resistant software based solution, is rejected for the transfer based on the security level offered. Irwin, para [0167]).

Claims 8 and 9 are rejected under 35 U.S.C. 103 as being unpatentable over Irwin et al. U.S. Patent Pub. No. 2005/0071280 A1 (hereinafter “Irwin”) in view of Khalil et al. U.S. Patent Pub. No. 2019/0044940 A1 (hereinafter “Khalil”) and further in view of Park U.S. Patent Pub. No. 2019/0258778 A1. 

As per claim 8, Irwin and Khalil teach the method of claim 1. Irwin does not explicitly teach wherein the communication session state information comprises address information associated with the user device.
However, Park teaches wherein the communication session state information comprises address information associated with the user device (The request may comprise identification information associated with the user of the user device. Identification information may comprise a unique identifier, a number, a version, a model, a location, or an account. Park, para [0039]).
Therefore, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention, to modify the teaching of Irwin so that the communication session state information comprises address information associated with the user device. One would be motivated to do so, to authenticate the user device and assure that the secured content is transmitted to the correct user device.

As per claim 9, Irwin and Khalil teach the method of claim 1. Irwin does not explicitly teach wherein the communication session state information comprises communication port information associated with the user device. 
However, Park teaches wherein the communication session state information comprises communication port information associated with the user device (A secure communication session may be established with the user device, such as by performing secure sockets layer (SSL) or transport layer security (TLS) negotiation. Park, para [0043]) (The device security module may determine if the user device implements a protocol, such as a content security protocol or a communication protocol, as may be required by the use condition. The device security module may restrict use of the content key based on whether the use condition is satisfied. Park, para [0061]).
Therefore, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention, to modify the teaching of Irwin so that the communication session state information comprises communication port information associated with the user device. One would be motivated to do so, to authenticate the user device and assure that the secured content is transmitted to the correct user device.

Conclusion
THIS ACTION IS MADE FINAL.  Applicant is reminded of the extension of time policy as set forth in 37 CFR 1.136(a).  
A shortened statutory period for reply to this final action is set to expire THREE MONTHS from the mailing date of this action.  In the event a first reply is filed within TWO MONTHS of the mailing date of this final action and the advisory action is not mailed until after the end of the THREE-MONTH shortened statutory period, then the shortened statutory period will expire on the date the advisory action is mailed, and any extension fee pursuant to 37 CFR 1.136(a) will be calculated from the mailing date of the advisory action.  In no event, however, will the statutory period for reply expire later than SIX MONTHS from the mailing date of this final action. 
Any inquiry concerning this communication or earlier communications from the examiner should be directed to KHALID M ALMAGHAYREH whose telephone number is (571)272-0179. The examiner can normally be reached Monday - Thursday 8AM-5PM EST & Friday variable.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, SALEH NAJJAR can be reached on (571)272-4006. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. Visit https://www.uspto.gov/patents/apply/patent-center for more information about Patent Center and https://www.uspto.gov/patents/docx for information about filing in DOCX format. For additional questions, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.



Respectfully Submitted

/KHALID M ALMAGHAYREH/Examiner, Art Unit 2492                                                                                                                                                                                                        

/SALEH NAJJAR/Supervisory Patent Examiner, Art Unit 2492