Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .
DETAILED ACTION
Election/Restrictions

Applicant’s election without traverse of Group II(Claim 6-17)  in the reply filed on 8/2/2022 is acknowledged.

Allowable Subject Matter
Claims 6-18 are allowed.

The following is a statement of reasons for the indication of allowable subject matter: 

The instant claims recites in an narrow and detailed manner of verifying the token based on IP address and first hash. Specifically, the instant claims recites “verify the token based on attributes of the token in response to determining an existing verified IP-token pair does not match the IP address and the token combination associated with the API request; wherein verifying the token based on attributes of the token further comprises: (i) generating, by the proxy, a first hash from one or more first attributes of the token; (ii) comparing the first hash to a second attribute of the token; (iii) verifying the token if the first hash generated by the proxy matches the second attribute, where the second attribute is a second hash generated by the client device; (iv) decrypting the token with a private encryption key, the private encryption key corresponding to a public encryption key available to the client device for encrypting tokens; and 2 ORA180682-US-CNTDocket No. ORA 80682 (ZEN-6-CNT) (v) reading the attributes of the token in response to decrypting the token with the private encryption key. permit the API request in response to verification of the token associated with the API request; and store a new verified IP-token pair comprising the IP address associated with the client device stored in association with the token, wherein the permitted API request is transmitted to the host device for servicing”.
  
The primary reason for the allowance of the claims is the inclusion of these limitations in all the claims which is not found in the prior art references.

The closest prior art found is Online Data Access Control with Bluetooth Beacon for Digital Content Stores to Ju,  which discloses the content store with tokens that is used for authentication of client devices using IP address see Page 3 § 2. Results & Fig. 3 item Authentication Server, Auth_Code & Abstract. However, Ju does not disclose “verify the token based on attributes of the token in response to determining an existing verified IP-token pair does not match the IP address and the token combination associated with the API request; wherein verifying the token based on attributes of the token further comprises: (i) generating, by the proxy, a first hash from one or more first attributes of the token; (ii) comparing the first hash to a second attribute of the token; (iii) verifying the token if the first hash generated by the proxy matches the second attribute, where the second attribute is a second hash generated by the client device; (iv) decrypting the token with a private encryption key, the private encryption key corresponding to a public encryption key available to the client device for encrypting tokens; and 2 ORA180682-US-CNTDocket No. ORA 80682 (ZEN-6-CNT) (v) reading the attributes of the token in response to decrypting the token with the private encryption key. permit the API request in response to verification of the token associated with the API request; and store a new verified IP-token pair comprising the IP address associated with the client device stored in association with the token, wherein the permitted API request is transmitted to the host device for servicing”.

Th next closest prior art found is US Patent Pub 2016/0277413 to Ajitomi which discloses token storage for accessing resources see Fig.1 item 117 & Fig. 5. However, Ajitomi does not disclose “verify the token based on attributes of the token in response to determining an existing verified IP-token pair does not match the IP address and the token combination associated with the API request; wherein verifying the token based on attributes of the token further comprises: (i) generating, by the proxy, a first hash from one or more first attributes of the token; (ii) comparing the first hash to a second attribute of the token; (iii) verifying the token if the first hash generated by the proxy matches the second attribute, where the second attribute is a second hash generated by the client device; (iv) decrypting the token with a private encryption key, the private encryption key corresponding to a public encryption key available to the client device for encrypting tokens; and 2 ORA180682-US-CNTDocket No. ORA 80682 (ZEN-6-CNT) (v) reading the attributes of the token in response to decrypting the token with the private encryption key. permit the API request in response to verification of the token associated with the API request; and store a new verified IP-token pair comprising the IP address associated with the client device stored in association with the token, wherein the permitted API request is transmitted to the host device for servicing”.

Any comments considered necessary by applicant must be submitted no later than the payment of the issue fee and, to avoid processing delays, should preferably accompany the issue fee.  Such submissions should be clearly labeled “Comments on Statement of Reasons for Allowance.”

	Conclusion		
	
Any inquiry concerning this communication or earlier communications from the examiner should be directed to Venkat Perungavoor  whose telephone number is (571)272-7213.  The examiner can normally be reached on 9-5.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.

If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Saleh Najjar can be reached on 571-272-4006.  The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.

Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system.  Status information for published applications may be obtained from either Private PAIR or Public PAIR.  Status information for unpublished applications is available through Private PAIR only.  

For more information about the PAIR system, see https://ppairmy.uspto.gov/pair/PrivatePair. Should you have questions on access to the Private PAIR system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative or access to the automated information system, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.

/VENKAT PERUNGAVOOR/Primary Examiner, Art Unit 2492                                                                                                                                                                                                        Email: venkatanarayan.perungavoor@uspto.gov