DETAILED ACTION

Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .

1.  This Final Office Action is in response to amendment filed on 06/22/2022.
	Claims 1, 8 and 15 have been amended. Claims 6-7, 13-14 and 19-20 are canceled. Claims 1-5, 8-12, and 15-18 remain pending in the application. 

Response to Amendment

The amendment filed 06/22/2022 has been entered. Claims 1, 8 and 15 have been amended. Claims 6-7, 13-14 and 19-20 are canceled. Claims 1-5, 8-12, and 15-18 remain pending in the application. 
Applicant cancelation to the claims 6-7, 13-14 and 19-20 have overcome the 35 USC § 112 rejection previously set forth in the Non-Final Office Action mailed on 04/05/2022. The rejection has been withdrawn in view of the amended Claims.
Applicant arguments regarding independent claims 1, 8, and 15 do not overcome the 35 USC § 112 rejection previously set forth in the Non-Final Office Action mailed on 04/05/2022. The rejection is maintained in view of the independent Claims.

Regarding Applicant’s arguments, on page 8-10 of the remark filed on 06/22/2022, on the  35 USC § 112 rejection of independent claims 1, 8 and 15: “a hash of the token”, arguments are not persuasive
Applicant argues on page 8 paragraph 2 of the remarks filed on 06/22/2022 that the 35 USC § 112 rejection should be withdrawn and overcome the rejection based on the clarification of the antecedence.   Applicant’s interpretation of the reference has been noted; however, examiner respectfully disagrees. The independent claims recite on claim 1 lines 18-20, claim 8 lines 21-23, and claim 15 lines 20-22 the limitation a hash of the token. This creates confusion as it becomes difficult for the Examiner to distinguish if the hash of the token is referring to the same hash of the token recited one line above or if a hash of the token is referring to a new embodiment of a hash that is compared. By using the phrase “a” in front of “hash of the token” recited twice in the independent claims it becomes unclear which hash is being used in the process as well as the plurality of other hashes used in the claims. Examiner suggest using the phrase “the” in from of hash of the token to recite consistent claim language and to eliminate confusion. Thereby the rejection is maintained.

Regarding Applicant’s arguments, on page 8-11 of the remark filed on 06/22/2022, on the newly added limitations of independent claims 1: “determining a range of times that include the current time as indicated by the timestamp, attempting to decrypt the first message by comparing each of the plurality of different hash values to a hash of the token,”, 
	The newly added limitations of independent claim 8: “determining a range of times that include the current time as indicated by the timestamp, attempting to decrypt the first message by comparing each of the plurality of different hash values to a hash of the token,”
	The newly added limitations of independent claim 15: “, determining a range of times that include the current time as indicated by the timestamp, attempting to decrypt the first message by comparing each of the plurality of different hash values to a hash of the token;”, arguments are not persuasive.
Applicant argues on page 8 paragraph 3 and page 9 paragraph 1 of the remarks filed on 06/22/2022 that the cited references fail to expressly or inherently disclose or make obvious the amended features incorporate a process of attempting to decrypt the first message by comparing each of the plurality of different hash values from a determined range of times around a current time to a hash of the token. Applicant’s interpretation of the reference has been noted; however, examiner respectfully disagrees. Agarwal teaches on Par (0020) a range of timestamps that differ by +1 intervals, Agarwal further discloses on Par. (0023) that a range of time is determined based on a threshold duration of a credential that is either accepted or rejected based on a quantized time. Agarwal describes in Par. (0019) the current time as indicated by the time stamp as well as a cryptographic hash of the current time. Agarwal continues to disclose on Par. (0073) that a mobile device decrypts values corresponding to the first message. Examiner asserts that the phrasing of the limitation “attempting” recites a limitation that may or may not be performed. The broadest reasonable interpretation of the claims in light of the specification suggests that if the decryption process is attempted the claim is met, as the claim currently is recited whether or not the successful decryption is performed or not is unclear because of the phrase “attempting”. Therefore it will be broadly and reasonably interpreted that if a decryption process is performed success or not successful the claim limitation is met. Examiner suggest modifying the phraseology of the claims to recite a decryption step that is definitively performed and not just attempted. Agarwal further describes in the Abstract and Par. (0006) multiple different cryptographic hash values corresponding to different credentials. Agarwal discloses in Par. (0018-0019) the hash of a token or one-time password is computed through a cryptographic hash function. Agarwal describes on Par. (0020) that a comparison is done between a received hash value and a hash of the one-time password or token that is hashed. These hash values are compared and matched with other hashes. Thereby the rejection is maintained.


Claim Rejections - 35 USC § 112

The following is a quotation of 35 U.S.C. 112(b):
(b)  CONCLUSION.—The specification shall conclude with one or more claims particularly pointing out and distinctly claiming the subject matter which the inventor or a joint inventor regards as the invention.


The following is a quotation of 35 U.S.C. 112 (pre-AIA ), second paragraph:
The specification shall conclude with one or more claims particularly pointing out and distinctly claiming the subject matter which the applicant regards as his invention.



Claims 1-5, 8-12, and 15-18 is/are rejected under 35 U.S.C. 112(b) or 35 U.S.C. 112 (pre-AIA ), second paragraph, as failing to set forth the subject matter which the inventor or a joint inventor, (or for applications subject to pre-AIA  35 U.S.C. 112, the applicant) regards as the invention. 

In regards to Independent Claims 1, 8 and 15, the applicant recites the limitation “a hash of the token”, this is unclear because the limitation “a hash of the token” was already previously recited earlier in the claims. This creates confusion as to which different timestamps the applicant is referring to as there is a plurality or multiple instances of different timestamps recited in the claims. The specification states on Par. (0029) “As the hashing function that is selected is computationally efficient, the generation of the hashes is not resource intensive. Only one combination of session ID and timestamp will have a hash that matches the hash of the token. Once the hash is matched, the timestamp (and session ID) that were used to generate the hash are sent to the content identifier 164..”. Therefore it will be broadly and reasonably interpreted that “a hash of the token” is referring to the same hash of a token recited earlier in the claims. Examiner suggest amending the claims by using the phrase “the” in front of hash of the token to recite consistent claim language and to eliminate confusion. 

In regards to Claims 1, 8 and 15, the applicant recites the limitation “the range”, this is unclear because the range has a lack of antecedence as it was not previously recited earlier in the claims. This creates confusion if the applicant is referring to the range of times recited previously in the claims or if the applicant is referring to a new embodiment. The specification state on Par. (0049) “Subsequently, the actionable content repository system 160 decrypts 330 the hash of the token using a plurality of timestamps within a range of a current time. The actionable content repository system 160 determines 340 an identifier of the content item presented to the user based on the decrypted hash. The actionable content repository system 160 transmits 350 a message to an enabling system that includes instructions for execution by the enabling system to execute one or more operations with the identified insertable content item”. Therefore Examiner will broadly and reasonably interpreted the range to be associated with time. Examiner suggest amending the claims by using the phrase “a” in front of range or reciting “the range of times” to recite consistent claim language and to eliminate confusion. 

Claims 2-5, 9-12, and 16-18 are being additionally rejected for being dependent on a rejected base claim.


Claim Rejections - 35 USC § 103


In the event the determination of the status of the application as subject to AIA  35 U.S.C. 102 and 103 (or as subject to pre-AIA  35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status.  

The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.



Claims 1-3,  8-10,  and 15-16, is/are rejected under 35 U.S.C. 103 as being unpatentable over Teng et al. (U.S Pub. No. 20200034521, hereinafter referred to as “Teng”), Meembat et al. (U.S No. 9525897, hereinafter referred to as “Meembat”) and Agarwal et al. (U.S Pub. No. 20190289017, hereinafter referred to as “Agarwal”) in further view of Morganer et al. (U.S Pub. No. 20180025145, hereinafter referred to as “Morganer”)


	Regarding Independent Claim 1 (Currently Amended), Teng teaches a computer-implemented method comprising: 
receiving a session identifier from a streaming system, the session identifier identifying a user session with the streaming system; (Par. (0010) “the authentication server receives a request from the client to initiate a session for a user, the server creates the session and sends a token containing session-identifying information (“session ID”) back to the client along with a request for authentication. The client then broadcasts an audio transmission containing the token to the mobile device over an audio channel using a data-over-sound transmission. That is, the client plays the audio message encoded with the token via a multimedia speaker.”; receives a session identifier (sends [..] session ID) from a streaming system (audio channel/ audio transmission) identifying a user session (session for a user)), (Par. (0020) “In various embodiments, such an audio watermark algorithm can be used to embed the message repeatedly into the audio transmission from the client 101 to the mobile device 102. To do this, the watermark algorithm can be instructed to embed the message in the same way that the algorithm would typically embed a watermark into an audio stream”; streaming system (audio stream)), (Par.  (0015) “the server 103 also sends a session token containing a session identifier (session ID) so that responses to the request can be associated with the corresponding session based on the token.”; receiving a session identifier (sends a session token containing session identifier))
receiving a first message from the streaming system, the first message based on a token that is generated based on a combination of the session identifier………… (Par. (0016) “the server 103 can encrypt the contents of the request of authentication message that is sent to the client 101 (e.g., using the server's 103 private key)”), (Par. (0015) “the server 103 also sends a session token containing a session identifier (session ID) so that responses to the request can be associated with the corresponding session based on the token. For security reasons, the server 103 can also include an expiration time period in the token (e.g. 10 minutes) such that authentication attempts into the session after expiration of the set time period are rejected. The server 103 also sends [..] when messages are transmitted back to the server 103.”; first message based on a token that is generated based on a combination of the session identifier (message corresponding to session identifier with expiration time period))
determining an identifier ….. ….. based on the decrypted message; and (Par. (0030) “also decrypts the session token and verifies that the token is valid, e.g., that the timeframe provided in the token is not past its expiration, and the server 103 identifies the corresponding session that was created for the user based on the session ID in the token. If everything is verified successfully, then the server 103 authenticates the user, permits the login into the session”; based on the decrypted message (after decrypting session token that was in message) determining an identifier (identifies the corresponding session [..] based on session ID))
transmitting a second message to an enabling system, the second message including instructions for execution by the enabling system to execute one or more operations ….. (Par. (0029-0030) “This request is sent from the mobile device 102 to the server 103 over a secure connection such as SSL. [..]  The server 103 receives the mobile device's 102 request message over the secure channel and reads it. From the message, the server 103 obtains the user's login credentials and verifies them. The server also obtains the mobile device 102 ID from the request message and verifies that the mobile device 102 is an approved mobile device for purposes of authentication  [..] then the server 103 authenticates the user, permits the login into the session, and notifies the client 101 accordingly”; transmitting a second message (mobile device sends request message) to an enabling system (server) including instruction for execution (verifies mobile device is an approved mobile device for purposes of authentication) by enabling system to execute one or more operations (permits the login)), (Par. (0044) “for executing instructions that can be stored in a storage medium component. The storage medium can include many types of memory, persistent data storage, or non-transitory computer-readable storage media. For example, the storage medium may take the form of random access memory (RAM) 401 storing program instructions for execution by the processor(s)”; including instructions for execution))
However Teng does not include and a timestamp at which an insertable content item was presented to the user in a content stream by the streaming system; using a plurality of timestamps of the insertable content item with the identified insertable content item, decrypting the first message by: determining a range of times that include the current time as indicated by the timestamp, generating a plurality of different hash values, each different hash value generated by hashing a different timestamp  with the session identifier, each different timestamp being within the range, wherein a plurality of different timestamps within the range are used to generate the plurality of hash values, attempting to decrypt the first message by comparing each of the plurality of hash values to a hash of the token, determining, from the comparing, a matching hash value of the plurality of hash values that  matches a hash of the token, and decrypting the first message using the matching hash value;
Wherein Meembat teaches and a timestamp at which an insertable content item was presented to the user in a content stream by the streaming system; (Col. 3 lines 12-25 “ the timing cue being comprised in the following list: a silent period in the media stream and a predefined content sequence in the media stream, and insert a predetermined content item into the media stream starting from or ending in a point in the media stream corresponding to the timing cue, to at least in part replace content originally in the media stream responsive to the timing cue being determined and to refrain from inserting the predetermined content ite”; a timestamp (timing) at which an insertable content item (insert a predetermined content item) was presented)), (Col. 4 lines 53-65 “insertion of content items into a stream of media content, such as for example personal messages or advertisements into an audio broadcast stream. Accurately inserted content items may produce a resulting stream that is free of gaps and has no overwritten content parts.”; insertable content item corresponding to streaming system (audio broadcast stream)), (Col. 4 lines 63-67 and Col. 5 lines 1-8 “ a user or consumer device, such as for example a digital radio, smartphone, tablet or laptop computer or other device capable of receiving a media stream, such as for example a digital media stream. A media stream may comprise, for example, the contents of a frequency modulated signal. A media stream may comprise, for example, a digitally encoded media stream. Device 110 is communicatively coupled, via air interface 121, to base station 120.”; user in the content stream ( user corresponding to media stream)), (Col. 8 lines 22-35 “ the contents of the metadata signal may be cryptographically signed with a private key, where device 110 is in possession of a corresponding public key. The signed part may comprise a timestamp to prevent copying of metadata signals, device 110 being configured to discard metadata signals with a timestamp not substantially matching a current time.”; metadata corresponding to timestamp)), (Col. 6 lines 25-45 “ A metadata signal may comprise information on a length of a section of the media stream, such as for example a silent period or an advertisement, that is suitable for being overwritten by inserting the content item. Device 110 may use this information when selecting a content item from among the at least one insertable content item available in device 110 for insertion. A metadata signal may be comprised in the media stream, or it may be delivered to device 110 separately from the media stream”; timestamp with metadata corresponding to media stream/insertable content item))
using a plurality of timestamps (Col. 4 lines 53-60 “ Using a plurality of timing cues may improve the accuracy of insertion of content items into a stream of media content, such as for example personal messages or advertisements into an audio broadcast stream.”; plurality of timestamps (plurality of timing cues)), (Col. 2 lines 20-45 “metadata signal determining whether a timing cue can be determined, the timing cue being comprised in the following list: a silent period in the media stream and a predefined content sequence in the media stream, and inserting a predetermined content item into the media stream starting from or ending in a point in the media stream corresponding to the timing cue”; timing cues corresponding to two times (silent period and predefined sequence)), (Col. 8 lines 1-22 “the timing cue has been determined 24 milliseconds, ms, after the metadata signal, the search window may extend from 10 ms before metadata signal 240 to 30 ms after metadata signal 240. In general the search window may be characterized by two time parameters, t1 and t2. Parameter t1 may denote how long the search window is in the direction before arrival of metadata signal 240, and parameter t2 may denote how long the search window is in the direction after arrival of metadata signal 240. The case t1=t2 corresponds to a search window that is symmetrically arranged around metadata signal 240.”; plurality of timestamps ( timing cue corresponding to two times t1, t2/ two time parameters))
of the insertable content item ((Col. 4 lines 53-65 “insertion of content items into a stream of media content, such as for example personal messages or advertisements into an audio broadcast stream. Accurately inserted content items may produce a resulting stream that is free of gaps and has no overwritten content parts.”; insertable content item corresponding to streaming system (audio broadcast stream)), (Col. 6 lines 25-45 “ A metadata signal may comprise information on a length of a section of the media stream, such as for example a silent period or an advertisement, that is suitable for being overwritten by inserting the content item. Device 110 may use this information when selecting a content item from among the at least one insertable content item available in device 110 for insertion. A metadata signal may be comprised in the media stream, or it may be delivered to device 110 separately from the media stream”; metadata corresponding to media stream/insertable content item)), (Col. 8 lines 53-67 “metadata signal 240 may comprise at least one of an identifier of the media stream, an identifier of device 110, and identifier of a user of the device 110 and an identifier of a subscription associated with device 110. An identifier of the media stream may comprise, for example, a hash of a file of the media stream or an identifier of the media stream within a naming convention of a node originating the media stream”; metadata corresponding to insertable content item includes an identifier))
with the identified insertable content item. ((Col. 4 lines 53-65 “insertion of content items into a stream of media content, such as for example personal messages or advertisements into an audio broadcast stream. Accurately inserted content items may produce a resulting stream that is free of gaps and has no overwritten content parts.”; insertable content item corresponding to streaming system (audio broadcast stream)), (Col. 6 lines 25-45 “ A metadata signal may comprise information on a length of a section of the media stream, such as for example a silent period or an advertisement, that is suitable for being overwritten by inserting the content item. Device 110 may use this information when selecting a content item from among the at least one insertable content item available in device 110 for insertion. A metadata signal may be comprised in the media stream, or it may be delivered to device 110 separately from the media stream”; metadata corresponding to media stream/insertable content item)), (Col. 6 lines 25-45 “at least one insertable content item and receives the media stream, device 110 may determine a location in the media stream, where to begin inserting one of the at least one insertable content item. Device 110 may be configured to determine the location based on timing cues, for example a metadata signal may be received in device 110 to mark the location where insertion may begin, so that a user of device 110 can perceive a continuous media stream where the transition in playback from the received media stream to the inserted content item is smooth and as imperceptible as possible”; identified insertable content item (insertable content item corresponding to determining where the insertion may begin))
Therefore, it would have been obvious before the effective filing date of the claimed invention to combine the teachings of Meembat within the teachings of Teng to include and a timestamp at which an insertable content item was presented to the user in a content stream by the streaming system with a plurality of timestamps and the insertable content item because of the analogous concept of real-time audio processing using tokens and identifiers to enable secure digital audio streams. Meembat includes a process of a timestamp at which an insertable content item was presented by the streaming system as well as a plurality of timestamps used to identify the insertable content item. This is significant because users that communicate with internet service on multiple entities share data that might include personal identifiable information, this becomes at risk by malicious attackers that gain information by inferring or predicting user’s patterns on these internet services. This can lead to composites of fake profiles on the internet services. By implementing a time base verification system coupled to these insertable content items that could be advertisements or other media content used, the user can securely protect themselves from attackers attempting to gain personal information such as financial/ banking transaction, medical records, social security number, etc. By implementing a timestamp to these insertable content items malicious attacker are discouraged and faced with difficulties trying to gain information that will lead to the compromise of the user’s accounts. 
The motivation to combine these references is because Internet services save and store personal identifiable information all the time, and the likelihood becomes higher that the user’s confidential data will be compromised or altered as well as extracted. By implementing time into the session the user can be assured with high confidence and credibility that their personal information will not be at harm. This maintains and promotes high integrity in the system. 
	However Teng and Meembat do not explicitly teach decrypting the first message by: determining a range of times that include the current time as indicated by the timestamp, generating a plurality of different hash values, each different hash value generated by hashing a different timestamp with the session identifier, each different timestamp being within the range, wherein a plurality of different timestamps within he range are used to generate the plurality of different hash values, attempting to decrypt the first message by comparing each of the plurality of different hash values to a hash of the token, determining, from the comparing, a matching hash value of the plurality of hash values that matches a hash of the token
	Wherein Agarwal teaches decrypting the first message by: (Par. (0073) “in messages to the mobile device, for example in an encoded encrypted ciphertext, and the mobile computing device 64 may decrypt t”; decrypting the first message (messages corresponding to decryption)), 
determining a range of times that include the current time as indicated by the timestamp, (Par. (0020) “one-time passwords generated from timestamps that differ by ±1 time interval from the client's timestamp).”; range of times (timestamps that differ)), (Par. (0023) “a time output of the authentication management system's clock or a quantized time associated with the sent credential (which may be rejected if that time is more than a threshold duration from a time determined by the authentication management system's clock). The authentication management system's cryptographic hash function may further take as inputs values retrieved from a profile of the user”; determine a range of times (time associated with credentials may be rejected)), (Par. (0019) “a time stamp of the current time and a shared secret value. TOTP is based on a HMAC (hash-based message authentication code) based one-time password HOTP. A cryptographic hash function may be implemented to generate the one-time password by generating a cryptographic hash of the current time”; include the current time as indicated by the time stamp (timestamps of the current time))
each different timestamp being within the range, (Par. (0020) “generated from timestamps that differ by ±1 time interval from the client's timestamp).”; each different timestamp (timestamps that differ)), (Par. (0019-0020) “by generating a OTP based on a time stamp of the current time and a shared secret value. TOTP is based on a HMAC (hash-based message authentication code) based one-time password HOTP. A cryptographic hash function may be implemented to generate the one-time password by generating a cryptographic hash of the current time and a shared secret value [..] allowing for passwords generated in close time proximity with the same shared secret value to be equal. [..] the server may accept one-time passwords generated from timestamps that differ by ±1 time interval from the client's timestamp). A single shared secret value, to be used for all subsequent authentication sessions,”; within range of a current time (close time proximity) with the session identifier (shared secret value corresponding to a session)), (Par. (0020) “one-time passwords generated from timestamps that differ [..] the client and server may each calculate a hash value based on both the a locally created time stamp and the shared secret. To authenticate the user, the server may determine whether a received hash value matches a locally created hash value”; plurality of different timestamps (timestamps that differ) are used to generate the plurality of hash values (timestamp with shared secret are used to calculate hash value of client and server)) 
attempting to decrypt the first message (Par. (0073) “all of these parameters may be encoded in messages to the mobile device, for example in an encoded encrypted ciphertext, and the mobile computing device 64 may decrypt these values with a previously exchanged encryption key from the authorization server 70.”; attempting to decrypt the first message)) (Examiner notes: the pharology of the limitation “attempting” reads on a performed step that may or may not occur. By using the phrase “attempting” it is unclear if the decryption is actually successfully performed or if it is simply attempted an incomplete. Examiner suggest amending the claims to definitively recite a decryption by comparing.)
 	by comparing each of the plurality of different hash values to a hash of the token, (Par.0018-0019) “the use of an OTP token, which is a hardware device capable of generating OTPs, e.g., with the output of a linear shift register. [..] time based one-time password (TOTP) often provide secure access from a client device to a network, server, application, etc., by generating a OTP based on a time stamp of the current time and a shared secret value. TOTP is based on a HMAC (hash-based message authentication code) based one-time password HOTP. A cryptographic hash function may be implemented to generate the one-time password by generating a cryptographic hash of the current time and a shared secret value to which both the client and authentication system have access..”; hash of the token (OTP token or one-time password is corresponding to a cryptographic hash function/ hash)), (Par. (0020) “he server then runs a TOTP algorithm to verify the entered one-time password. [..] To authenticate the user, the server may determine whether a received hash value matches a locally created hash value.”; compare each of the plurality of hash values to a hash of the token (received hash corresponding to cryptographic hash of OTP token is matched with another hash))
determining, from the comparing, a matching hash value of the plurality of hash values that matches a hash of the token, and (Par. (0045) “a cryptographic hash of a user credential may be sent instead of the user credential itself in plain text form, and some embodiments may determine whether a cryptographic hash value stored in memory of the authentication system 18 and a user profile matches the received cryptographic hash value.”; determining from the comparing a matching hash value of the plurality of hash values that matches a hash of the token (determine whether the cryptographic hash value of the user credential/token matches the received hash value))
(Par. (0018) “the user may submit the OTP with other identity credentials (username and password) to an authentication server that validates the logon request based on whether the supplied credentials are valid.”; hash of the token (user credentials corresponding to OTP that is hashed)) (Par. (0006) “generating, with the credential-generating computing device, [..] one or more cryptographic hash values based on the shared-secret value,”; plurality of hash values (one or more cryptographic hash values))
decrypting the first message using the matching hash value; (Par. (0020) “o authenticate the user, the server may determine whether a received hash value matches a locally created hash value.”; using a hash from the plurality of timestamps (hash corresponding to timestamp of OTP) that matches a hash of the token (received hash matches hash value of token)), (Par. (0045) “a cryptographic hash of a user credential may be sent instead of the user credential itself in plain text form, and some embodiments may determine whether a cryptographic hash value stored in memory of the authentication system 18 and a user profile matches the received cryptographic hash value. In another example, a value may be cryptographically signed based upon the user credential,”; matches a hash of the token ( matches received cryptographic hash value associated with user profile/credential)), (Par. (0073) “in messages to the mobile device, for example in an encoded encrypted ciphertext, and the mobile computing device 64 may decrypt these values with a previously exchanged encryption key from the authorization server 70.”; to decrypt the first message (messages with values corresponding to decryption)), Par. (0061) “authentication token corresponds to a valid authenticated session, such as one that is not be expired, [..] may receive a cryptographic hash value calculated based on an authentication token [..] by a private key corresponding to the session held by the browser 66”; encryption key corresponding to session ID (session token) and hash associated with timestamp (hash value based on token with expiration time)), (Par. (0070) “these values are a value that is cryptographically signed with a private encryption key of the authorization server and corresponding to a public encryption key stored in memory of the native application, or a value that is otherwise secret.”; values that are decrypted corresponding to encryption key)), (Par. (0043) “authentication tokens, i.e. one-time passwords, may be expired by the application servers 16 and cease to be honored, for instance after a given session ends or after a threshold amount of time has elapsed,”; authentication token that is hashed associated with timestamp (amount of time)), (Par. (0019) “hash of [..] a shared secret value [..] the time stamp is often quantized into 30 second intervals, [..] close time proximity with the same shared secret value”; encryption key (secret value) is hashed with timestamp)), (Par. (0038) “key that serves as the shared secret is exchanged),”; secret value corresponding to encryption key)) 
Therefore, it would have been obvious before the effective filing date of the claimed invention to combine the teachings of Agarwal within the teachings of Teng and Meembat to include decrypting the first message by: each different timestamp being within the range of the current time, comparing each of the plurality of hash values to a hash of the token, and determining, from the comparing, a matching hash value of the plurality of hash values that matches a hash of the token because of the analogous concept of network communication using a session token or identifier associated with time to securely protect transmission over internet services. Agarwal includes a process in which the decryption of a message is performed first by hashing multiple timestamps that are in proximity or range of the session identifier and current time. This is important because by implementing a current time such as 5 or 10 minutes the system as a whole can be securely protected from compromise, forgery or modification because the corresponding hash must match the session ID or token at the given timestamp otherwise it will provide an indication to the user that an invalid or unauthorized entity is attempting to gain access. By using the hash of the timestamps as a form of comparison the likelihood of personal identifiable information used on web browsers such as banking, medical records, etc. can be safe from malicious users gathering information. This in return allows each session by the user to isolated and difficult from malicious attackers to glean or infer any information used on Internet services. Thus protecting the authenticity of the messages transmitted and assuring high confidence and credibility for the system.
However Teng, Meembat and Agarwal do not explicitly teach generating a plurality of different hash values, each different hash value generated by hashing a different timestamp with the session identifier, wherein a plurality of different timestamps within the range are used to generate the plurality of hash values.
Wherein Morganer teaches generating a plurality of different hash values, each different hash value generated by hashing a different timestamp with the session identifier (Par. (0118) “temporary hash values are generated individually in step 410 for all session identifications which are stored in the terminal.”; generating a plurality of hash values ( hash values are generated)), (Par. (0031) “a first timestamp is stored in the ID token in a manner associated with the identification of the terminal, [..] the timestamp associated with the identification of the terminal is read, wherein the session-specific session key is deemed to be validly stored only if the first timestamp is still valid”; different timestamp with session identifier( timestamp is inside ID token)), (Par. (0022) “a hash value is generated by the ID token from the identification of the terminal, the salt, and the session identification. The session identification is then transmitted from the ID token to the terminal in the form of a transmission of the hash value together with the salt.”; hashing a different timestamp with the session identifier (hash value is generated with ID token with timestamp)), (Par. (0035) “the first timestamp is generated for the storing of the session-specific session key in the ID token, wherein the first timestamp is generated on the basis of a predefined relative period of validity. Said relative period of validity, which is predefined, could comprise for example a period of time such as a year, six months, or 24 hours, wherein for example a system time of the terminal or of the ID token is noted with the storage of the session-specific session key, and the relative period of validity is added to the system time”; session identifier (ID token corresponding to session) with a different timestamp (first timestamp)), (Par. (0035) “the first timestamp is generated for the storing of the session-specific session key in the ID token, wherein the first timestamp is generated on the basis of a predefined relative period of validity. Said relative period of validity, which is predefined, could comprise for example a period of time such as a year, six months, or 24 hours, wherein for example a system time of the terminal or of the ID token is noted with the storage of the session-specific session key, and the relative period of validity is added to the system time”; session identifier (ID token corresponding to session) with a different timestamp (first timestamp)), (Par. (0051) “the second timestamp is generated for the storage of the terminal hash value in the ID token, wherein the timestamp is generated on the basis of a predefined relative period of validity. If the metadata comprise the second timestamp, the period of validity of the access of the terminal to the attribute starting from an initial time can thus be provided”; different timestamp with the session identifier (second timestamp associated with ID token)), (Par. (0118) “with which the hash value is associated. For this purpose, temporary hash values are generated individually in step 410 for all session identifications which are stored in the terminal. The generation is performed again with use of the identification of the terminal and the salt. With step 412, the terminal then identifies the temporary hash value corresponding to the previously received hash value. The session identification associated with this identified temporary hash value is then the session identification of which the associated session-specific session key”; different hash values (temporary hash values generated individually corresponding to session-specific IDs.)))
wherein a plurality of different timestamps within the range are used to generate the plurality of hash values  (Par. (0051) “that the second timestamp is generated for [..] terminal hash value in the ID token, wherein the timestamp is generated on the basis of a predefined relative period of validity. If the metadata comprise the second timestamp, the period of validity of the access of the terminal to the attribute starting from an initial time can thus be provided for a specific period of time without further authentication and with use of the first signature”; plurality of different timestamps (second timestamp) are used to generate the plurality of hash values (generated for terminal hash value)), (Par. (0118-0127) “  temporary hash values are generated individually in step 410 for all session identifications which are stored in the terminal  [..] the hash value together with the expiry date of a period of validity can be stored in the ID token in particular. The hash value is thus stored in the ID token linked to a timestamp. The timestamp by way of example could specify an expiry date of the terminal hash value. If this expiry date has passed, the period of validity is now void in spite of the presence of the terminal hash value”; plurality of different timestamp are used to generate the plurality of hash values (hash value linked to a timestamp); (hash values are generated))
Therefore, it would have been obvious before the effective filing date of the claimed invention to combine the teachings of Morganer within the teachings of Teng, Meembat and Agarwal to include generating a plurality of hash values, each hash value generated by hashing a different timestamp with the session identifier and wherein a plurality of different timestamps are used to generate the plurality of hash values  because of the analogous concept of network communication using a session token or identifier associated with time to securely protect transmission over internet services. Morganer includes a process in which a plurality of hash values corresponds to a hashing of a different timestamp and session ID as well as the different timestamps being utilized in the generation of the hash values. This is important because it discourages malware attackers from predicting the cycle and times of communication based on certain timestamps, by creating cryptographic hashes based on a multitude of timestamps it provides an enhance secure protection of the session and safeguards the session from harmful activities or impersonation. 



Regarding Dependent Claim 2 (Original), Teng does not explicitly teach the method of claim 1, wherein the one or more operations are associated with an action performed by a user in response to being presented with the insertable content item.
Wherein Meembat teaches the method of claim 1, wherein the one or more operations are associated with an action performed by a user in response to being presented with the insertable content item. (Col. 6 lines 9-35 “Server 150 may be configured to provide to provide to device 110 at least one insertable content item. The at least one insertable content item may be delivered from server 150 to device via connection [..]  device 110 stores the at least one insertable content item and receives the media stream, device 110 may determine a location in the media stream, where to begin inserting one of the at least one insertable content item. Device 110 may be configured to determine the location based on timing cues, for example a metadata signal may be received in device 110 to mark the location where insertion may begin, so that a user of device 110 can perceive a continuous media stream where the transition in playback from the received media stream to the inserted content item is smooth and as imperceptible as possible”; in response to being presented with the insertable content item (server to provide to device one insertable content item), one or more operations are associated with an action performed by a user (device may determine a location in the media stream))
Therefore, it would have been obvious before the effective filing date of the claimed invention to combine the teachings of Meembat within the teachings of Teng, Agarwal and Morganer for the reasons stated in independent claim 1 discussed above. 


Regarding Dependent Claim 3 (Original),, the combination of Teng, Meembat, Agarwal and Morganer teach the method of claim 1, Teng further teaches the method of claim 2, wherein the user session is initiated by a voice enabled device, and wherein the action is performed by the user using the voice enabled device. (Par. (0022) “before or during the audio transmission by the client 101 (e.g., the audio stream containing the watermark embedded message) over the speaker, a notification can be produced to let the user know that the client 101 is attempting to communicate with the mobile device 102 [..] A message containing any of this information can also be conveyed by audio (e.g., a recording of a voice reciting the message can be played to the user).”; user session is initiated ( before or during audio transmission [..] let the user know that the client is attempting to communicate) by a voice enabled device (over a speaker/ recording of a voice)); the action is performed by the user using the voice enabled device )recording of a voice reciting the message)), (Par. (0026) “the mobile authentication application on the mobile device 102 accesses the microphone of the mobile device 102, records and captures the audio transmission (e.g., the watermarked audio signal),”; action is performed by the user using voice enabled device (microphone of the mobile device records and captures the audio transmission))

.

Regarding Independent Claims 8 and 15 (Currently Amended), claims 8 and 15 are system and non-transitory computer readable storage medium claims that recite similar limitations to independent claim 1 and the teachings of Teng, Meembat, Agarwal and Morganer address all the limitations discussed in claim 1 and are thereby rejected under the same grounds.  


Regarding Dependent Claims 9 and 16 (Original), claims 9 and 16 recite similar limitations to claim 2 and the teachings of Teng, Meembat, Agarwal and Morganer address all the limitations discussed in claim 2 and are thereby rejected under the same grounds.  

Regarding Dependent Claim 10 (Original), claim 10 recite similar limitations to claim 3 and the teachings of Teng, Meembat, Agarwal and Morganer address all the limitations discussed in claim 3 and are thereby rejected under the same grounds.  



Claims 4, 11 and 17 is/are rejected under 35 U.S.C. 103 as being unpatentable over Teng et al. (U.S Pub. No. 20200034521, hereinafter referred to as “Teng”), Meembat et al. (U.S No. 9525897, hereinafter referred to as “Meembat”), Agarwal et al. (U.S Pub. No. 20190289017, hereinafter referred to as “Agarwal”) and Morganer et al. (U.S Pub. No. 20180025145, hereinafter referred to as “Morganer”) in further view of Gallo et al. (U.S Pub. No. 20120146773, hereinafter referred to as “Gallo”)

Regarding Dependent Claim 4 (Original), the combination of Teng, Meembat, Agarwal and Morganer do not explicitly teach the method of claim 1, wherein the session identifier is a randomly generated value that is generated in response to each new user session and discarded after the termination of the user session.
Wherein Gallo teaches the method of claim 1, wherein the session identifier is a randomly generated value that is generated in response to each new user session and discarded after the termination of the user session. (Par. (0016) “the typical prior-art Random-ID code is a session related ID for smartcard 10 which is regenerated anytime that smartcard 10 is newly introduced to card reader system 100 and deleted at the end of the interaction with card reader system 100. Therefore, the typical prior-art Random-ID code is typically stored in RAM (volatile memory). However, in accordance with the invention, the Random-ID code, "PseudoFixedRandomUID", is fixed over multiple communication sessions with different card reader systems 100 (e.g. at different locations) until the user initiates the generation of a new Random-ID code, "PseudoFixedRandomUID"”; session identifier is a randomly generated value (random-ID code is a session related ID [..] Random ID code fixed over multiple communication sessions) is generated in response to each new user session (generation of a new Random ID code) and discarded after termination of the user session (and deleted at the end of the interaction))
Therefore, it would have been obvious before the effective filing date of the claimed invention to combine the teachings of Gallo within the teachings of Teng, Meembat, Agarwal and Morganer to include the session identifier being a randomly generated value that is generated in response to each new user session and discarded after the termination of the user session because of the analogous concept of secure protection of a session on Internet services and applications. Gallo includes a session identifier being a randomly generated value to each new user session and discarding it after the session is terminated. This is significant because it discourages and presents difficulties for malicious attacker that are attempting to gain or infer personal identifiable information based on the session. By implementing a random session identifier two internet services that are communicating with permanent or unchanging identifiers can be securely protected from being tracked throughout the whole session by attackers. This lessens the likelihood of the user being compromised or forged and protects the user from composite or fake profiles with unauthorized access to personal data such as banking transactions, medical records, social security numbers etc. This in return provides another secure layer of protecting for the user on possible unsecure networks as well as makes it difficult for attackers to predict or glean any information that would lead to harm for the user. 

Regarding Dependent Claims 11 and 17 (Original), claims 11 and 17 recite similar limitations to claim 4 and the teachings of Teng, Meembat, Agarwal, Morganer and Gallo address all the limitations discussed in claim 4 and are thereby rejected under the same grounds.  


Claims 5, 12 and 18 is/are rejected under 35 U.S.C. 103 as being unpatentable over Teng et al. (U.S Pub. No. 20200034521, hereinafter referred to as “Teng”), Meembat et al. (U.S No. 9525897, hereinafter referred to as “Meembat”), Agarwal et al. (U.S Pub. No. 20190289017, hereinafter referred to as “Agarwal”) and Morganer et al. (U.S Pub. No. 20180025145, hereinafter referred to as “Morganer”) in further view of Tippett et al. (U.S Pub. No. 20120054491, hereinafter referred to as “Tippett”)

Regarding Dependent Claim 5 (Original), the combination of Teng, Meembat, Agarwal and Morganer does not explicitly teach the method of claim 1, wherein the token is generated by using a hashing function on the session identifier concatenated with the timestamp.
Wherein Tippett teaches the method of claim 1, wherein the token is generated by using a hashing function on the session identifier concatenated with the timestamp. (Par. (0024) “a creation time of the token and duration of validity of the token.”; token is generated (creation time of token)), (Par. (0037) “to generate new tokens.”; token is generated (generate new tokens)), (Par. (0038) “a composite key is generated by one-way cryptographic hashing of a user key and a master key using a Secure Hash Algorithm (SHA-256). At 504, a payload is constructed using the user identifier and a validity parameter. In this embodiment, the validity parameter includes a creation time of the token, duration of validity of the token, a session identifier, a list of hostnames, and a list of Internet Protocol addresses. The payload is constructed by combining the user identifier, the creation time, the duration, the session identifier, the hostnames, and the IP addresses.”; using a hashing function (using a Secure Hash Algorithm) on the session identifier concatenated with the time stamp ( combining the creation time [..] session identifier))
Therefore, it would have been obvious before the effective filing date of the claimed invention to combine the teachings of Tippett within the teachings of Teng, Meembat, Agarwal and Morganer to include a token is generated by using a hashing function on the session identifier concatenated with the timestamp because of the analogous concept of data security using digital signatures during a session using a validity of time. Tippett includes a generation of a token that is performed by using a hashing function that concatenates or combines the session identifier and the timestamp. This is important because by linking the session ID with a period of time the user is provided an indication of authorized users of a session that are within that specific timeframe. This eliminates the possibility of exposure or compromise because a token that is generated outside of that time will be detected and in return securely protecting the system from harm. By implementing a hashing function that combines the two elements, malicious attackers cannot extract any generated tokens. This proves important when address the issue of trust on server based signatures systems by assuring the user the combining of the time and session ID provides a clear indication of rightful users and protects confidential data exchanged in the session from harm. 

Regarding Dependent Claims 12 and 18 (Original), claims 12 and 18 recite similar limitations to claim 5 and the teachings of Teng, Meembat Agarwal, Morganer and Tippett address all the limitations discussed in claim 5 and are thereby rejected under the same grounds.  




Relevant Prior Art

The prior art made of record and not relied upon is considered pertinent to applicant's disclosure.

Nieuwenhuys; Bruno (U.S No. 10248378) “Dynamically Inserting Additional Content Items Targeting A Variable Duration For A Real-time Content Stream”. Considered this reference because it had a similar Inventor and Assignee as well as addressed streaming real time media content using audio and video recording devices.

Kuang; Randy (U.S Pub. No. 20210211271) “METHODS AND SYSTEMS FOR SECURE DATA COMMUNICATION”. Considered this application because it relates to messages containing a hash or signature as well an identifier that are both compared and extracted in an expected format after decryption much like the dependent claims of the instant application. 

Suresh; Viswanath (U.S Pub.  No. 20200195439) “METHOD FOR SECURING THE RENDEZVOUS CONNECTION IN A CLOUD SERVICE USING ROUTING TOKENS”. Considered this application because it addressed the use of tokens and session identifiers in the realm of streaming video content.


Conclusion

Applicant's amendment necessitated the new ground(s) of rejection presented in this Office action. Accordingly, THIS ACTION IS MADE FINAL.  Applicant is reminded of the extension of time policy as set forth in 37 CFR 1.136(a).  

A shortened statutory period for reply to this final action is set to expire THREE MONTHS from the mailing date of this action.  In the event a first reply is filed within TWO MONTHS of the mailing date of this final action and the advisory action is not mailed until after the end of the THREE-MONTH shortened statutory period, then the shortened statutory period will expire on the date the advisory action is mailed, and any extension fee pursuant to 37 CFR 1.136(a) will be calculated from the mailing date of the advisory action.  In no event, however, will the statutory period for reply expire later than SIX MONTHS from the mailing date of this final action. 

Applicants are encouraged to take advantage of the After Final Consideration Pilot 2.0 (AFCP 2.0) which authorizes non-production time for consideration of responses filed after a final rejection. The purpose of the pilot is to compact prosecution of the case. The request must include 1) A signed AFCP request form (PTO/SB/434 or equivalent) that includes a statement that applicant is requesting consideration under the AFCP; 2) An amendment to at least one independent claim that does not broaden the scope of the independent claim in any aspect; and 3) A statement that applicant is willing and available to participate in any interview initiated by the examiner concerning the present response.  In the limited amount of non-production time if the examiner’s consideration of a proper AFCP 2.0 request and response does not result in a determination that all pending claims are in condition for allowance, the examiner will request an interview with the applicant to discuss the response. For more info, please visit http://www.uspto.gov/patent/initiatives/after-final-consideration-pilot-20

Any inquiry concerning this communication or earlier communications from the examiner should be directed to HASSAN A HUSSEIN whose telephone number is (571)272-3554. The examiner can normally be reached on 7:30am-5pm.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Eleni Shiferaw can be reached on (571)272-3867. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system. Status information for published applications may be obtained from either Private PAIR or Public PAIR. Status information for unpublished applications is available through Private PAIR only. For more information about the PAIR system, see https://ppair-my.uspto.gov/pair/PrivatePair. Should you have questions on access to the Private PAIR system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative or access to the automated information system, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.

/H.A.H./           Examiner, Art Unit 2497                                                                                                                                                                                             

/JORGE L ORTIZ CRIADO/Supervisory Patent Examiner, Art Unit 2496