DETAILED ACTION
Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .

Allowable Subject Matter
Claims 64-83 are allowed.

The following is an examiner’s statement of reasons for allowance:
With respect to claim 64, the prior art of record fails to disclose singly or incombination or render obvious a network apparatus adapted for delivery of security data to a node of a content distribution network managed by a first network operator, the network apparatus comprising:
a security management apparatus; and
an authentication apparatus in data communication with the security management apparatus;
wherein the security management apparatus and the authentication apparatus are configured to cooperate to:
authenticate a physically secure element of a computerized client device in data communication with the content distribution network, the physically secure element comprising a secure microprocessor, the authentication of the physically secure element enabling the computerized client device to be added to an authorized domain; and
provide security data to the physically secure element, the security data enabling at least in part access via the computerized client device to content distributed over the content distribution network, the content originating from a content source disposed at a node of a second network in data communication with the content distribution network,
the second network managed by a second network operator.
Fahrny et al. (US 2006/0137015) Haller (US 2008/0141336), Reuzel et al. (US 2010/0043060, and Craft (US 2005/0010788) are the closest prior art relating to the Applicant's claimed invention. 
Fahrny discloses a method of securely downloading at least one of conditional access software (CAS), Digital Rights Management software (DRMS), Trusted Domain Software (TDS), and Gaming Security Software (GSS) includes presenting a specialized entitlement management message (EMM) to initiate the download to a receiver security device using a supervisory logon key (SLK) split to logon with a second split contained inside the receiver security device, presenting a receiver digitally signed random challenge from the receiver security device to a sender security server to establish authentication of the receiver security device to the sender security server, and signing and returning the receiver random challenge from the sender security server to the receiver security device with a sender random challenge to establish authentication of the sender security server to the receiver security device.
Haller discloses an application server may provide an execution environment and a process execution engine that executes a process model within the execution environment. The process execution engine may include an operational component configured to perform an operation that is associated with the execution of the process model and based on a security policy, as well as a security provider configured to determine, based on the operation and on the security policy, at least one security service from among a plurality of security services executing within the process execution engine, and configured to provide the operational component with the at least one security service for use in securing the operation.
Reuzel discloses a method (100) for creating, on a device (200), an authorized domain (102) for sharing a (103) of a content item (104) between a first person (105) and a second person (106). The method (100) alleviates the hassle of having end-users managing authorized domains. If the first person is bound (107) to the right (103), and the device is bound (108) to the first person (105), the device (200) grants (110) the second person (106) the right (103) in response to the device (200) associating (109) to the second person (106).
Craft discloses a processing unit includes a read-only encryption key. Software is loaded into a system memory area from a non-volatile storage device. Software code image that resides in the system storage area includes a prefix value and a suffix value. The prefix value is combined with the master key from the processing unit to create a random value that is the seed for a hashing algorithm. The hashing algorithm uses the seed value with a signature formed from the blocks of code to form a result. Finally, after the last block has been processed, a final result remains. The suffix value is combined with the master key, this hash result is compared with the result that was created using the hashing algorithm on the code. If the two results match, the code is authenticated and is executed. If the results do not match, the code is not loaded.
The prior art do not disclose or render obvious the amended features.

With respect to claim 73, the prior art of record fails to disclose singly or incombination or render obvious a computerized apparatus for delivery of security data to a plurality of computerized client devices via at least a managed content distribution network, the computerized apparatus comprising:
network interface apparatus configured to support data communication with the plurality of computerized client devices;
processing apparatus in data communication with the network interface apparatus; and
storage apparatus in data communication with the processing apparatus, and comprising at least one computer program, the at least one computer program comprising a plurality of instructions which are configured to, when executed by the processing apparatus, cause the computerized apparatus to:
receive data representative of a request to provision one of the plurality of computerized client devices;  
cause determination of whether a physically secure element of the one of the plurality of computerized client devices is configured to enable addition of the one of the plurality of computerized client devices to an authorized domain, the physically secure element comprising a secure microprocessor; and 
provide at least security data to the one of the plurality of computerized client devices, the at least security data configured to enable access via the one of the plurality of computerized client devices to digitally rendered content distributed over the managed content distribution network, the digitally rendered content sourced from a content server of a third party network in data communication with the managed content distribution network, the third party network comprising an untrusted internetwork.
Fahrny et al. (US 2006/0137015) Haller (US 2008/0141336), Reuzel et al. (US 2010/0043060, and Craft (US 2005/0010788) are the closest prior art relating to the Applicant's claimed invention. 
Fahrny discloses a method of securely downloading at least one of conditional access software (CAS), Digital Rights Management software (DRMS), Trusted Domain Software (TDS), and Gaming Security Software (GSS) includes presenting a specialized entitlement management message (EMM) to initiate the download to a receiver security device using a supervisory logon key (SLK) split to logon with a second split contained inside the receiver security device, presenting a receiver digitally signed random challenge from the receiver security device to a sender security server to establish authentication of the receiver security device to the sender security server, and signing and returning the receiver random challenge from the sender security server to the receiver security device with a sender random challenge to establish authentication of the sender security server to the receiver security device.
Haller discloses an application server may provide an execution environment and a process execution engine that executes a process model within the execution environment. The process execution engine may include an operational component configured to perform an operation that is associated with the execution of the process model and based on a security policy, as well as a security provider configured to determine, based on the operation and on the security policy, at least one security service from among a plurality of security services executing within the process execution engine, and configured to provide the operational component with the at least one security service for use in securing the operation.
Reuzel discloses a method (100) for creating, on a device (200), an authorized domain (102) for sharing a (103) of a content item (104) between a first person (105) and a second person (106). The method (100) alleviates the hassle of having end-users managing authorized domains. If the first person is bound (107) to the right (103), and the device is bound (108) to the first person (105), the device (200) grants (110) the second person (106) the right (103) in response to the device (200) associating (109) to the second person (106).
Craft discloses a processing unit includes a read-only encryption key. Software is loaded into a system memory area from a non-volatile storage device. Software code image that resides in the system storage area includes a prefix value and a suffix value. The prefix value is combined with the master key from the processing unit to create a random value that is the seed for a hashing algorithm. The hashing algorithm uses the seed value with a signature formed from the blocks of code to form a result. Finally, after the last block has been processed, a final result remains. The suffix value is combined with the master key, this hash result is compared with the result that was created using the hashing algorithm on the code. If the two results match, the code is authenticated and is executed. If the results do not match, the code is not loaded.
The prior art do not disclose or render obvious the amended features.

With respect to claim 73, the prior art of record fails to disclose singly or incombination or render obvious a network apparatus adapted for delivery of security data to a node of a content distribution network managed by a first network operator, the network apparatus comprising:
a security management apparatus; and
an authentication apparatus in data communication with the security management apparatus;
wherein the security management apparatus and the authentication apparatus are configured to cooperate to:
authenticate a physically secure element of a computerized client device in data communication with the content distribution network, the physically secure element comprising a secure microprocessor, the authentication of the physically secure element enabling the computerized client device to be added to an authorized domain; and
provide security data to the physically secure element, the security data enabling at least in part access via the computerized client device to content distributed over the content distribution network, the content originating from a content source disposed at a node of a second network in data communication with the content distribution network, the second network not under management or control of the first network operator.
Fahrny et al. (US 2006/0137015) Haller (US 2008/0141336), Reuzel et al. (US 2010/0043060, and Craft (US 2005/0010788) are the closest prior art relating to the Applicant's claimed invention. 
Fahrny discloses a method of securely downloading at least one of conditional access software (CAS), Digital Rights Management software (DRMS), Trusted Domain Software (TDS), and Gaming Security Software (GSS) includes presenting a specialized entitlement management message (EMM) to initiate the download to a receiver security device using a supervisory logon key (SLK) split to logon with a second split contained inside the receiver security device, presenting a receiver digitally signed random challenge from the receiver security device to a sender security server to establish authentication of the receiver security device to the sender security server, and signing and returning the receiver random challenge from the sender security server to the receiver security device with a sender random challenge to establish authentication of the sender security server to the receiver security device.
Haller discloses an application server may provide an execution environment and a process execution engine that executes a process model within the execution environment. The process execution engine may include an operational component configured to perform an operation that is associated with the execution of the process model and based on a security policy, as well as a security provider configured to determine, based on the operation and on the security policy, at least one security service from among a plurality of security services executing within the process execution engine, and configured to provide the operational component with the at least one security service for use in securing the operation.
Reuzel discloses a method (100) for creating, on a device (200), an authorized domain (102) for sharing a (103) of a content item (104) between a first person (105) and a second person (106). The method (100) alleviates the hassle of having end-users managing authorized domains. If the first person is bound (107) to the right (103), and the device is bound (108) to the first person (105), the device (200) grants (110) the second person (106) the right (103) in response to the device (200) associating (109) to the second person (106).
Craft discloses a processing unit includes a read-only encryption key. Software is loaded into a system memory area from a non-volatile storage device. Software code image that resides in the system storage area includes a prefix value and a suffix value. The prefix value is combined with the master key from the processing unit to create a random value that is the seed for a hashing algorithm. The hashing algorithm uses the seed value with a signature formed from the blocks of code to form a result. Finally, after the last block has been processed, a final result remains. The suffix value is combined with the master key, this hash result is compared with the result that was created using the hashing algorithm on the code. If the two results match, the code is authenticated and is executed. If the results do not match, the code is not loaded.
The prior art do not disclose or render obvious the amended features.

Any comments considered necessary by applicant must be submitted no later than the payment of the issue fee and, to avoid processing delays, should preferably accompany the issue fee.  Such submissions should be clearly labeled “Comments on Statement of Reasons for Allowance.”

Inquiries

Any inquiry concerning this communication or earlier communications from the examiner should be directed to MUSHFIKH I ALAM whose telephone number is (571)270-1710. The examiner can normally be reached 1:00PM-9:00PM.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Nasser Goodarzi can be reached on 571-272-4195. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. Visit https://www.uspto.gov/patents/apply/patent-center for more information about Patent Center and https://www.uspto.gov/patents/docx for information about filing in DOCX format. For additional questions, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.

MUSHFIKH I. ALAM
Primary Examiner
Art Unit 2426



/MUSHFIKH I ALAM/Primary Examiner, Art Unit 2426                                                                                                                                                                                                        8/13/2022