Notice of Pre-AIA  or AIA  Status
1.	The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .

Election/Restrictions
2.    NO restrictions warranted at initial time of filing for patent.

Priority
3.    Applicant claims domestic priority under 35 USC 119e to provisional application filed on 11/08/2013.
Information Disclosure Statement
4.    The information disclosure statement (IDS) submitted on 01/21/2022, the submission is in compliance with the provisions of 37 CFR 1.97. Accordingly, the information disclosure statement is being considered by the examiner.

Oath/Declaration
5.    Applicant’s Oath was filed on 01/21/2021.

Drawings
6.    Applicant’s drawings filed on 01/21/2021 has been inspected and is in compliance with MPEP 608.01.
Specification
7.    Applicant’s specification filed on 01/21/2021 has been inspected and is in compliance with MPEP 608.02.
Claim Objections
8.    NO objections warranted at initial time of filing for patent.

Remarks
9.	Examiner request Applicant review relevant prior art under the conclusion of this office action.

Reasons for Allowance
10.	Claims 25-44 including all of the limitations of the base claim and any intervening claims are allowed.

Closest Prior Art:
U.S. Publication No. 20130305394 discloses on paragraph 0052 “The signature 504 is obtained by calculating the hash value of information regarding the license identifier 501, the application information 502, and the device identifier 503, and encrypting the hash value using a secret key in the license source through a public key encryption scheme. That is, when the signature 504 is Sign, the license identifier 501 is L_ID, the application information 502 is APJUNF, the device identifier 503 is ID_S, a one-way function for calculating the hash value is f, the secret key is Sec_KEY, and a public key encryption function is P, Sign is obtained by the following calculation.” Para 0055 “The verification of the signature 504 is performed by comparing a hash value obtained by decrypting the signature 504 with the public key 505 with the hash value of information regarding the license identifier 501, the application information 502, and the device identifier 503, and determining whether or not the hash values coincide with each other.”

U.S. Publication No. 20150121517 discloses on paragraph 0030 “Once the generated security token is received, the requesting bundle 310 may send request to access to the persistence bundle 240. The request includes the generated security token. Next, persistence bundle 240 passes the generated security token to the authentication bundle 320 for verification. Then, the authentication bundle 320 calculates a hash code of the received security token and compares the newly calculated hash code with the stored hash code for the security token. If the two hash codes are identical, then the authentication bundle 320 confirms the identity of the requesting bundle 310 based on the generated security token. Then, access to the persistence bundle 240 is granted. In some embodiments, the persistence bundle 240 returns an instance of one or more classes. Using this instance and a given API, the requesting bundle may request security sensitive resources in database 205 via the persistence bundle 240. Different classes and instances may give different levels of access to the database. In other embodiments, after the access is granted to the persistence bundle 240, the requesting bundle 310 may directly request the data in the database 205. The persistence bundle 240 returns the requested resources.”

U.S. Publication No. 20130145150 discloses on paragraph 0008 “A code signing system and method is provided. The code signing system operates in conjunction with a software application having a digital signature and includes an application platform, an application programming interface (API), and a virtual machine. The API is configured to link the software application with the application platform. The virtual machine verifies the authenticity of the digital signature in order to control access to the API by the software application.” Paragraph 0012 “A method of restricting access to a sensitive API on a mobile device, according to a further embodiment of the invention, comprises the steps of registering one or more software developers that are trusted to design software applications which access the sensitive API, receiving a hash of a software application, determining if the software application was designed by one of the registered software developers, and if the software application was designed by one of the registered software developers, then generating a digital signature using the hash of the software application, wherein the digital signature may be appended to the software application, and the mobile device verifies the authenticity of the digital signature in order to control access to the sensitive API by the software application.” U.S. Patent No. 9,288,208 discloses on Col. 12 Lines 6-39 “FIG. 7 shows an example of a method for providing access to the client device 105 for an instance 310 in a cloud-computing platform 310 in accordance with the present teachings. The method can be implemented using a non-transitory computer-readable medium that contains instructions that, when executed by a processor, perform the following operations. The method can begin at 705. At 710, an API 305, for example, a web API, of the cloud computing platform 310 can receive a request to access or provision an instance for the client 105. At 715, a challenge can be generated in response to the request. For example, the request from the client device 105 can be provided to the API 305 by the security agent 107, which can then be forwarded to the provisioned instance 310. The provisioned instance 310 can generate a challenge to be provided to the client device 105 through the API 305 at 720. The client device 105 can provide the challenge obtained from the instance 310 to the escrow platform 110. Additionally, the client device 105 can provide authentication information to the escrow platform 110 or the client device 105 can pre-authenticate with the escrow platform 110 before sending the challenge. Once the client device 105 is authenticated with the escrow platform 110, the client device 105 can communicate with the escrow platform 110 using a secured connection, such over the secure communication channel 140 over the network 125 using a secure socket layer connection. Upon receipt of the challenge, the escrow platform 110 can then generate one or more cryptographic key pairs to generate a digital signature using a digital signature algorithm. For example, the one or more cryptographic key pairs can include a public key/private key pair. The escrow platform 110 can use the private key of the generated key pair to produce the digital signature. The escrow platform 110 can also store the associated public key in the key store 116 and/or provide the associated public key to the instance 310.”

U.S. Publication No. 20140208096 discloses on paragraph 0016 “In accordance with an embodiment, once the virtual machine instance has been provisioned on the host computing device, the application programming interfaces (APIs) described herein can be used to submit a request to update the code of the hypervisor and/or the kernel of the virtual machine or perform some other privileged operation associated with the hypervisor or kernel. To prevent unauthorized parties from using these interfaces, a signing scheme (e.g., asymmetric cryptography) can be utilized to sign the API request. The signing scheme can utilize a private key and a corresponding public key, where the private key can be used to create a signature associated with the owner of the private key and the public key can be used to verify that signature to ensure that the entity submitting the request is in possession of the private key (i.e. authenticate the request). In one embodiment, the public key is provided to the host computing device and the private key is stored remotely in a secure location on the network of the service provider. When the code of the kernel or hypervisor needs to be modified, a request can be initiated using the API, requesting a privileged operation to be executed on the hypervisor or the operating system kernel. In this embodiment, the request is signed using the private key. When the host computing device receives the request, it attempts to verify the signature of the request using the public key stored on the host computing device. If the signature is successfully verified, the host computing device executes the privileged operation on the hypervisor and/or kernel, otherwise, if the signature of the request cannot be successfully verified using the public key, the privileged operation fails.” Paragraph 0017 “In another embodiment, an encryption scheme can be utilized with the API. In this embodiment, the host computing device can generate an asymmetric key pair at boot time. The key pair can include a public key and a private key, where the public key can be used to encrypt the request and the private key can be used to decrypt the request encrypted with using the public key. In this embodiment, after generating the key pair, the host computing device publishes the public key (e.g., to a certificate authority or to another party), while the private key remains on the host computing device and never leaves the host computing device. In this embodiment, when the host computing device receives a request encrypted with the public key, the host computing device can use its internally stored private key to decrypt the request. In this manner, once the request is encrypted, no party can decipher the information in the request without possession of the private key. In addition, if the public key was published to a CA, any requesting parties can ensure that the public key truly belongs to the host computing device by inspecting a certificate issued by the certificate authority (CA).”

U.S. Publication No. 20130042115 discloses on paragraph 0029 “In this exemplary first embodiment, a server computer system comprises one or more processing units and a memory coupled to at least one of the one or more processing units. The memory stores a virtual machine. An agent executive runs within the virtual machine. The agent executive is executed by at least one of the one or more processing units and comprises instructions for obtaining an agent API key from a user when the agent executive is executed a first time. The agent executive further comprises instructions for communicating the API key to a remote grid computer system in a first part of a synchronous process. The agent executive receives, in a second part of the synchronous process and responsive to the first part of the synchronous process, an agent identity token from the remote grid computer system. The remote grid computer system generates the agent identity token through a cryptographic token generation protocol. The agent executive stores the agent identity token in a secure data store associated with the agent executive. The agent executive collects information on the server computer system for an evaluation of security, compliance and integrity of the agent executive using a plurality of agent self-verification factors. The agent executive, as identified by the agent identity token, encrypts the information for confidentially. The agent executive also digitally signs the information for integrity and authenticity prior to communicating the information to the remote grid computer system as part of an asynchronous process.”

U.S. Publication No. 20150026049 discloses on paragraph 0081 “In one implementation, the merchant server may use the user sign as a trigger to request current user information from the wallet server. The merchant server may generate and send a user information request message 926 to the wallet server. The user information request message 926 may include, without limitation, the customer ID that is unique to the customer and the merchant relationship, a token, an API key, a digital certificate, and/or the like. In one implementation, the token may be generated using one or more parameters such as the merchant's API key, customer ID, merchant ID, merchant name, customer name, and/or the like. In a further implementation, the token may be encrypted. In one implementation, the token may be a string that is created by the MD5 Message Digest algorithm hash of one or more of the parameters listed above. In one implementation, the merchant server may utilize callbacks via APIs, inline widgets, etc., to pull user information from the wallet. For example, the merchant server may call the getPayment API to obtain payment method details such as card nicknames, brand, last 4 digits, etc. An exemplary GET request method for making the call is provided below.”

U.S. Publication No. 20040025022 discloses on paragraph 0031 “If the code signing authority accepts the software application Y, then a digital signature, and preferably a signature identification, are appended to the software application Y in step 46. As described above, the digital signature may be generated by using a hash of the software application Y and a private signature key 18. The signature identification is described below with reference to FIGS. 3 and 4. Once the digital signature and signature identification are appended to the software application Y to generate a signed software application, the signed software application Y is returned to the software developer in step 48. The software developer may then license the signed software application Y to be loaded onto a mobile device (step 50). If the code signing authority rejects the software application Y, however, then a rejection notification is preferably sent to the software developer (step 44), and the software application Y will be unable to access any API(s) associated with the signature.”

U.S. Publication No. 20130166921 discloses on paragraph 0037 “Before processing the license, the application 154 or the application runtime 156 can verify the license, such as by verifying a digital signature. The digital signature can be verified, for example, using one or more functions provided by the DRM API 146. A copy of the license can be stored in the client device 110a. The license can include a content identifier, an encryption key, and an authorization to present the content 150. In some implementations, the authorization to present the multimedia content 150 can include information to verify the application 154. The application runtime 156 can verify the application 154, such as by confirming that a signature associated with the application matches a signature included on a white list of applications, by confirming that the application was received from a trusted source, or by hashing an application file and confirming that a calculated hash value matches an expected hash value included in or with the license. The application runtime 156 can verify the application 154 using one or more functions provided by the DRM API 146.”

U.S. Publication No. 20030134675 discloses on paragraph 0041 “FIG. 4 is a flowchart of an embodiment of a license authentication routine 220 that may be stored in the memory of monitoring apparatus controller 97. The license authentication routine may be performed when authenticating a license such as the license stored in the memory of monitoring apparatus controller 97. Typically, a license is considered to be authentic when the license signature, generated by the licensor during the creation of the license, is determined to be valid and not the result of a forgery or an error. Referring to FIG. 4, the license authentication routine 220 may begin operation at block 221 where a license verification API may be selected by an operator via input device, for example the input device 91 described in connection with FIG. 3. Selection of the license verification API allows operator access to the license if the operator has the proper private-public key. After the license is accessed, the license signature is separated from the first hash value at block 222. The separation is accomplished by treating the license signature as a reserve parameter and not including it in the hash. The hashing algorithm, previously used to create the license, is applied to the first hash value at block 224. The resulting computation, or second hash value, is representative of a decrypted license data set of the license parameters and their corresponding license parameter values. A third hash value is formed at block 226 when a public key from the private-public key pair is applied to the license signature. A comparison of the second hash value to the third hash value at block 228 is then used to determine if the license is authentic. If the second hash value is equal to the third hash value at block 230, then a determination that the license is authentic is reported at block 232 to the operator via a display terminal such as display terminal 90. If the second hash value is not equal to the third hash value at block 230, then a determination that the license is not authentic is reported at block 234 to the operator via a display such as display terminal 90. In addition, if the license is determined to be not authentic, the monitoring apparatus controller 97 may prevent the operator/licensee from reconfiguring any of the physical or operational configurations sought to be controlled by the license until such time as an authentic license is obtained.


The following is an Examiner’s Statement of Reasons for Allowance:
Claims 25-44 are allowable over prior art references taken individually or in combination fails to particularly disclose, fairly suggests or render obvious are argued by the applicant which examiner considers persuasive as set forth above. 
Although the prior art discloses requesting access to an API associated with a signed signature and comparing the hash associated with associated with API to authorized access to the API, no one or two references anticipates or obviously receiving a request for access to a server, the request including a digitally signed license token comprising an unencrypted payload portion and a digital signature comprising an encrypted hash value of the unencrypted payload and decrypting the digital signature to obtain a previously-generated hash value.
Thereafter, generating a new hash value of the unencrypted payload portion; determining whether the new hash value matches the previously-generated hash value and upon determining that the new hash value matches the previously-generated hash value, forwarding the request to the server for authorizing a remote computing device to access the server as a function of the digitally signed license token

Any comments considered necessary by applicant must be submitted no later than the payment of the issue fee and, to avoid processing delays, should preferably accompany the issue fee. Such submissions should be clearly labeled “Comments on Statement of Reasons for Allowance.”

 Conclusion
Any inquiry concerning this communication or earlier communications from the examiner should be directed to GARY S GRACIA whose telephone number is (571)270-5192. The examiner can normally be reached Monday-Friday 9am-6pm.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Ashok Patel can be reached on 5712723972. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. Visit https://www.uspto.gov/patents/apply/patent-center for more information about Patent Center and https://www.uspto.gov/patents/docx for information about filing in DOCX format. For additional questions, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.





/GARY S GRACIA/Primary Examiner, Art Unit 2499