DETAILED ACTION
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .
This office action is in response to the application filed on 03/18/2021 and the preliminary amendment filed on 03/29/2021. This application is a continuation (CON) of the patent US 10,985,921 B1.
Claims 21-40 are currently pending in this application. Claims 1-20 were cancelled. Claims 21-40 are new.

Information Disclosure Statement
The information disclosure statement (IDS) submitted on 03/18/2021 was filed.  The submission is in compliance with the provisions of 37 CFR 1.97.  Accordingly, the information disclosure statement is being considered by the examiner.

Claim Rejections - 35 USC § 112
The following is a quotation of 35 U.S.C. 112(b):
(B)  CONCLUSION.—The specification shall conclude with one or more claims particularly pointing out and distinctly claiming the subject matter which the inventor or a joint inventor regards as the invention. 

Claims 21-40 are rejected under 35 U.S.C. 112(b) as being indefinite for failing to particularly point out and distinctly claim the subject matter which applicant regards as the invention.

Claim 21 (claims 30 and 40 include similar limitations) recites:
“… receive a first request including a first key for a first token, decrypt the first key using a second key …”, however, it is not clear how the first key (not encrypted key) is decrypted or the process is encryption (e.g., encrypt the first key) instead of decryption;
“… attempt, responsive to an unsuccessful decryption of the first key, decryption of the first key until a successful decryption of the first key …”, however, it is not clear how the unsuccessful decryption will be a successful decryption without changing any condition/parameter/rule (e.g., changing the decryption key, etc.) or omitting necessary step(s)/component(s) which cause the limitations unclear;
“… transmit, upon the successful decryption of the first key, an encrypted first token …”, however, it is not clear how the received first token can be transmit as “an encrypted first token” – note: assumed that the encrypted first token is not stored in the memory of the server before (or omitting necessary step(s)/component(s) which cause the limitations unclear);
“… authorized, based on decryption of the encrypted first token, permission to one or more services”, however, it is not clear (1) whether “the decryption of the encrypted first token” is performed by the authentication server or not (otherwise, how the authentication server uses the condition/result of the decryption of the encrypted first token to perform authorization process); (2) whether the authentication sever is authorizing itself for the service or not because there is not any entity to be authorized.
Claims 22-29 and 31-39 depend from the claim 21 or 30, and are analyzed and rejected accordingly.

Claims 25 and 34 recite “… to attempt/attempting … decryption of the first key up to a predetermined number of attempts”, however, it is not clear whether the processor is “just attempting to decrypt without decryption” or “actually decrypting” (or it is not clear to define a boundary of the limitations).
Claims 26 and 36 recite “… the first token comprises a limited use token”, however, it is not clear whether the first token is limited to an authorized user or not.
Claims 38 and 39 recite “… wherein at least one code includes …”, however, it is not clear whether “at least one code” is the same as “one or more codes” included in the claim 37 to which the claims depend from.

 Double Patenting
The nonstatutory double patenting rejection is based on a judicially created doctrine grounded in public policy (a policy reflected in the statute) so as to prevent the unjustified or improper timewise extension of the “right to exclude” granted by a patent and to prevent possible harassment by multiple assignees.  A nonstatutory double patenting rejection is appropriate where the claims at issue are not identical, but at least one examined application claim is not patentably distinct from the reference claim(s) because the examined application claim is either anticipated by, or would have been obvious over, the reference claim(s). See, e.g., In re Berg, 140 F.3d 1428, 46 USPQ2d 1226 (Fed. Cir. 1998); In re Goodman, 11 F.3d 1046, 29 USPQ2d 2010 (Fed. Cir. 1993); In re Longi, 759 F.2d 887, 225 USPQ 645 (Fed. Cir. 1985); In re Van Ornum, 686 F.2d 937, 214 USPQ 761 (CCPA 1982); In re Vogel, 422 F.2d 438, 164 USPQ 619 (CCPA 1970); and In re Thorington, 418 F.2d 528, 163 USPQ 644 (CCPA 1969).
A timely filed terminal disclaimer in compliance with 37 CFR 1.321(c) or 1.321(d) may be used to overcome an actual or provisional rejection based on a nonstatutory double patenting ground provided the reference application or patent either is shown to be commonly owned with this application, or claims an invention made as a result of activities undertaken within the scope of a joint research agreement. A terminal disclaimer must be signed in compliance with 37 CFR 1.321(b).
The USPTO internet Web site contains terminal disclaimer forms which may be used.  Please visit http://www.uspto.gov/forms/.  The filing date of the application will determine what form should be used.  A web-based eTerminal Disclaimer may be filled out completely online using web-screens. An eTerminal Disclaimer that meets all requirements is auto-processed and approved immediately upon submission.  For more information about eTerminal Disclaimers, refer to http://www.uspto.gov/patents/process/file/efs/guidance/eTD-info-I.jsp.

Claims 1, 4, 6, 8-10 and 15 of the patent US 10,985,921 B1 contains every element of claims 21-40 of the instant application and as such anticipates claims 21-40 of the instant application.
A later patent claim is not patentably distinct from an earlier patent claim if the later claim is obvious over, or anticipated by, the earlier claim.  In re Longi, 759 F.2d at 896, 225 USPQ at 651 (affirming a holding of obviousness-type double patenting because the claims at issue were obvious over claims in four prior art patents); In re Berg, 140 F.3d at 1437, 46 USPQ2d at 1233 (Fed. Cir. 1998) (affirming a holding of obviousness-type double patenting where a patent application claim to a genus is anticipated by a patent claim to a species within that genus). “ELI LILLY AND COMPANY v BARR LABORATORIES, INC., United States Court of Appeals for the Federal Circuit, ON PETITION FOR REHEARING EN BANC (DECIDED:  May 30, 2001).
Current Application No. 17/205107
Reference Patent No.: US 10,985,921 B1
Claim 21: An authentication server, comprising: a memory; and a processor, wherein the processor is configured to:

receive a first request including a first key for a first token,

decrypt the first key using a second key,

attempt, responsive to an unsuccessful decryption of the first key, decryption of the first key until a successful decryption of the first key,



transmit, upon the successful decryption of the first key, an encrypted first token, and authorized, based on decryption of the encrypted first token, permission to one or more services.
Claim 1: An authorization system, comprising: one or more servers including one or more processors and a memory, … configured to:
receive a request via a first channel including an encrypted cryptographic key for an authorization token, …
decrypt the encrypted cryptographic key using the predefined private key, and,
responsive to a first determination of an unsuccessful decryption of the encrypted cryptographic key, attempt decryption of the encrypted cryptographic key up to a predetermined threshold number of decryption attempts; and wherein, responsive to a second determination of a successful decryption of the encrypted cryptographic key, the one or more processors are configured to: …
transmit the encrypted authorization token … the encrypted authorization token is decrypted using the cryptographic key to obtain access to one or more services associated with the one or more servers.

Claim 22: The authentication server of claim 21, wherein the processor is configured to receive the first request via a first channel.
Claim 1: An authorization system, … the one or more processors are configured to: receive a request via a first channel including an encrypted cryptographic key for an authorization token …
Claim 23: The authentication server of claim 21, wherein the processor is configured to transmit the encrypted first token via a second channel. 
Claim 1: An authorization system, … the one or more processors are configured to: … transmit the encrypted authorization token via a second channel independent …
Claim 24: The authentication server of claim 21, wherein the processor is configured to encrypt the first token using the decrypted first key.
Claim 1: An authorization system, … the one or more processors are configured to … encrypt the authorization token using the decrypted cryptographic key, and …
Claim 25: The authentication server of claim 21, wherein the processor is configured to attempt decryption of the first key up to a predetermined number of attempts.
Claim 1: An authorization system, … the one or more processors are configured to … attempt decryption of the encrypted cryptographic key up to a predetermined threshold number of decryption attempts …
Claim 26: The authentication server of claim 21, wherein the first token comprises a limited use token.
Claim 6: The authorization system of claim 1, wherein the authorization token comprises a limited duration authorization token.
Claim 27: The authentication server of claim 21, wherein the processor is configured to transmit, responsive to a status of decryption of the first key, one or more codes.
Claim 1: An authorization system, … the one or more processors are configured to … transmit one or more indicators indicative of a status of successful decryption of the encrypted cryptographic key,
Claim 28: The authentication server of claim 27, wherein at least one code includes a notification of a successful decryption of the first key.
Claim 1: An authorization system, … the one or more processors are configured to … transmit one or more indicators (equivalent to a notification) indicative of a status of successful decryption of the encrypted cryptographic key,
Claim 29: The authentication server of claim 27, wherein at least one code includes a notification of an unsuccessful decryption of the first key.
Claim 4: The authorization system of claim 1, wherein at least one indicator comprises a message indicative of unsuccessful decryption of the encrypted cryptographic key.


Claims 6, 8, 9, 10 and 15 of the patent US 10,791,091 B1 contains every element of claims 30-40 of the instant application and as such anticipates 30-40 of the instant application – the claim matching is similar to matched limitations for the claims 21-29 above table.

Examiner’s Note Regarding Prior-art Rejections
As explained in the 112(b) rejections stated above, the current limitations are in a condition of lack of clarity and/or capability (e.g., omitting necessary component/step) for a prior-art examination. However, a potential concept of the application can be found in US 2017/0289197 A1 by Mandyam et al. (e.g., establishing the secure communication session by a client device sending a request to a server for access token with a public key and preventing the access token from exported by a malicious party to obtain access to services, etc.); US 6,681,017 B1 by Matias et al. (e.g., encrypting a shared key of a client using a public key of the server and sending the encrypted shared key to the server and the server sending a message to the client after successful decryption of the shared key, etc.); US 2009/0313705 A1 by Adams et al. (e.g., access restriction after a predetermined limit for decryption attempts exceeded by a user attempting to decrypt a session key with the candidate passphrase, etc.); US 9,026,782 B2 by Ahuja et al. (e.g., sending an authentication request from a device to a session management server to receive a token, etc.); US 2017/0346807 A1 by Blasi (e.g., providing technologies for token-based access authorization to an API for a service request message of a remote computing device, etc.).

Conclusion
Any inquiry concerning this communication or earlier communications from the examiner should be directed to MAUNG T LWIN whose telephone number is (571)270-7845.  The examiner can normally be reached on Monday - Friday 10:00 am - 6:00 pm.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Farid Homayounmehr can be reached on 571-272-3739.  The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system.  Status information for published applications may be obtained from either Private PAIR or Public PAIR.  Status information for unpublished applications is available through Private PAIR only.  For more information about the PAIR system, see https://ppair-my.uspto.gov/pair/PrivatePair. Should you have questions on access to the Private PAIR system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative or access to the automated information system, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.






/MAUNG T LWIN/Primary Examiner, Art Unit 2495