DETAILED ACTION
Continued Examination Under 37 CFR 1.114
1.         A request for continued examination (“RCE”) under 37 CFR 1.114, including the fee set forth in 37 CFR 1.17(e), was filed in this application after final rejection.  Since this application is eligible for continued examination under 37 CFR 1.114, and the fee set forth in 37 CFR 1.17(e) has been timely paid, the finality of the previous Office action has been withdrawn pursuant to 37 CFR 1.114.  Applicant's submission filed on 07/22/2022 has been entered. 


                                                Acknowledgements
This Office Action is in response to Applicant’s response/application filed on 07/22/2022.
The Examiner notes that citations to United States Patent Application Publication paragraphs are formatted as [####], #### representing the paragraph number.

                                     Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .

                                                 Status of Claims
Claims 1, 9, and 17 have been amended.
No claims have been added or canceled.
Claims 1-20 are currently pending and have been examined.















                                   Claim Rejections - 35 USC § 103
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.

The factual inquiries set forth in Graham v. John Deere Co., 383 U.S. 1, 148 USPQ 459 (1966), that are applied for establishing a background for determining obviousness under 35 U.S.C. 103(a) are summarized as follows:
1.	Determining the scope and contents of the prior art.
2.	Ascertaining the differences between the prior art and the claims at issue.
3.	Resolving the level of ordinary skill in the pertinent art.
4.	Considering objective evidence present in the application indicating obviousness or nonobviousness.
Claim(s) 1-7, 9-15, 17-19 is/are rejected under 35 U.S.C. 103 as being unpatentable over Dykeman (US 20130174223), in view of Rapaport (WO 2018207174).
Regarding claim(s) 1, 9, and 17, Dykeman discloses:
          a processor (By disclosing, a processing circuitry 306 ([0056] and Fig. 3 of Dykeman)); and 
          a memory comprising instructions stored thereon (By disclosing, a memory 308 ([0056] and Fig. 3 of Dykeman)), which when executed by the processor,
           a non-transitory computer-readable storage medium is provided including instructions that (By disclosing, a RAM ([0056] and Fig. 3 of Dykeman)), when executed by a processor, causes the processor to perform a method for geographically local license sharing, comprising:
           transmitting, from a media server, a shared secret to a licensed client, the licensed client broadcasting a wireless signal comprising a unique identifier associated with the licensed client (By disclosing, “A user device may periodically obtain access right information from a web server to enable access to a content asset” ([0012] of Dykeman); “The digital access right may include metadata, an encryption key [(shared secret)], hash code, date information, time information, identification numbers, digital water mark, term of validity of the access right, any other suitable information or any combination thereof” ([0106] of Dykeman); the access right includes “User profile information section 1110 may be used to identify the user. Section 1110 may include descriptive information 1120 about a user such as user ID number [(unique identifier associated with the licensed client)], name, gender, and age. The user ID number may be a unique number assigned to identify a user. Examples of such ID numbers may include national identity card numbers, social security numbers, passport numbers, or a hash code generated from the full name and birthdate of the user.” ([0174], and Fig. 11 of Dykeman); “In a small home network, content authorization information including the temporary access right may be transmitted from the first user device [(licensed client)] to the second user device [(unlicensed client)] through the home network” ([0093] of Dykeman); and the transmitting from the first user device to the second user device is via wireless communication ([0081] of Dykeman));
           wherein the licensed client comprises a verified device logged into by a user based on user credentials (By disclosing, “the first user device may log into a first account” ([0004] of Dykeman));
           receiving, at the media server, an access right and the unique identifier of the licensed client from an unlicensed client (By disclosing, “The content authorization may be transferred between a first user device, second user device, distribution point, webserver, any other suitable device as described in reference to FIGS. 3 and 4 above, or any combination thereof. The content authorization information may include user profile information section 1110 containing user profile data 1120. The message may include section 1130 that contains access right and permission information. Section 1130 may include access right information for content assets 1140 and 1150 and content 1160. ([0173] of Dykeman); “User profile information section 1110 may be used to identify the user. Section 1110 may include descriptive information 1120 about a user such as user ID number, name, gender, and age. The user ID number may be a unique number assigned to identify a user” ([0174], and Fig. 11 of Dykeman)), 
            wherein the unlicensed client scans a proximity of an unverified device, and identifies the verified device within less than a predetermined range of the unverified device (By disclosing, “Second control circuitry of the second user device may detect the first user device and in response, receive the temporary access right from the first user device and retrieve the recorded content asset from the web server.” ([0101], [0059] of Dykeman); “A DRM system may enable a user to temporarily assign or exchange a digital access right with another user within a physical or virtual proximity.” ([0103] of Dykeman); and “A proximity may refer to a physical proximity or virtual proximity. A physical proximity may refer to a measurable range within which detecting circuitry of an electronic device is able to detect a minimum signal, or a perceivable range between a first and second user. A measurable range may include a wireless range within which a first wireless device is able to detect a wireless signal received from a second wireless device,…” ([0003] of Dykeman)), 
           the access right and the unique identifier received by the unlicensed client from the licensed client based on the proximity of the unverified device (By disclosing, “The content authorization may be transferred between a first user device, second user device, distribution point, webserver, any other suitable device as described in reference to FIGS. 3 and 4 above, or any combination thereof. The content authorization information may include user profile information section 1110 containing user profile data 1120. The message may include section 1130 that contains access right and permission information. Section 1130 may include access right information for content assets 1140 and 1150 and content 1160. ([0173]-[0174] of Dykeman); “A DRM system may enable a user to temporarily assign or exchange a digital access right with another user within a physical or virtual proximity” ([0103] and Fig. 7 of Dykeman));
           wherein the unlicensed client comprises unverified devices not logged into by the user (By disclosing, “In some embodiments, user input interface 310 may store, transmit, and/or receive information associated with and/or identifying a particular user or users. This information may be used by detecting circuitry 307 to detect and/or identify that the user associated with the information is within a detection region of an electronic device. The user may then be added to a list of active users at the electronic device and/or logged into the electronic device.” which infers that the user’s device was not logged into the electronic device before the detecting circuitry 307 detects the user’s device ([0071] of Dykeman));
           validating, by the media server, the access right based on the unique identifier (By disclosing, “Second control circuitry of the second user device may detect the first user device and in response, receive the temporary access right from the first user device and retrieve the recorded content asset from the web server” ([0101] of Dykeman); the electronic device shown in Fig. 3 may be a web server ([0105], [0196] and Fig. 3 of Dykeman); “in order to access an encrypted content asset, processing circuitry 306 of a media equipment device may transmit an access right to a web server 430. At the web server, processing circuitry 306 may receive the transmitted access right and compare with a database of users and access rights stored in storage 308. In response to determining that the user corresponding to the transmitted access right is authorized to access the broadcast content asset, processing circuitry 306 of the web server 430 may transmit an encryption key to the media equipment device to enable the media equipment device to decrypt the encrypted content asset” ([0107] of Dykeman); “an access right may be required to view a content asset shown in the grid of FIG. 2. For example, a subscription is often required to view an on-demand asset 114” ([0042] of Dykeman); and “Subscription information may include an ID number of the user, an account number with a service provider, a duration of the subscription, and a hash code. The ID number may be used to verify the identity of the user” ([0108] of Dykeman)); and 
           enabling the unlicensed client to access media content of the media server upon validation of the access right (By disclosing, “Second control circuitry of the second user device may detect the first user device and in response, receive the temporary access right from the first user device and retrieve the recorded content asset from the web server” ([0101] of Dykeman); “in order to access an encrypted content asset, processing circuitry 306 of a media equipment device may transmit an access right to a web server 430. At the web server, processing circuitry 306 may receive the transmitted access right and compare with a database of users and access rights stored in storage 308. In response to determining that the user corresponding to the transmitted access right is authorized to access the broadcast content asset, processing circuitry 306 of the web server 430 may transmit an encryption key to the media equipment device to enable the media equipment device to decrypt the encrypted content asset” ([0107] of Dykeman)).  
           Dykeman does not expressly disclose:
           validating, by the media server, the access token based on the shared secret with the licensed client.
           However, Rapaport teaches:
           validating, by the media server, the access token based on the shared secret with the licensed client (By disclosing, “The Administrator's Computer Device [(licensed client)] encrypts the Access Token with the Cryptographic Key [(shared secret)] shared originally by the Owner” (Page 20 lines 7-13 of Rapaport); “Such Access Token may include the public key that is associated with the User, the public key or identifier that is associated with the Network Enabled Entity, The Public Key of the Administrator and the permitted Sharing Period or permitted access policy.” (Page 9 lines 23-29 of Rapaport); and “the network enabled entity [(media server)] decrypts the Access Token, using the Secret Cryptographic Key correlating to the ID or using the Administrator's Public Key. According to some embodiment, if the Public Key that is used by the Consumer's computing device matches the one Public key that is in the Access Token, and if the Administrator's cryptographic key is valid, a permission to use the Network enabled entity has been sufficiently proved and the Network Enabled Entity will allow the Consumer to use it according to the policy of the Sharing Period that is in the Access Token.” (Page 10 lines 21-27 of Rapaport)).    
         Therefore, it would have been obvious to one of ordinary skill in the art at the effective filing date of the present application to modify the method of validating, by the media server, the access right based on the unique identifier,  in view of Rapaport to include techniques of validating, by the media server, the access token based on the shared secret with the licensed client, to achieve: validating, by the media server, the access token based on the unique identifier and the shared secret with the licensed client.  Doing so would result in an improved invention because this would allow the access token to be encrypted by using the shared secret and the server can decrypt and validate the access token by using the shared secret, thus improving the security of the transmission of the access token.

Regarding claim(s) 2, 10, and 18, Dykeman discloses:
          wherein the shared secret comprises an encrypted key (By disclosing, “The digital access right may include metadata, an encryption key…” ([0106] of Dykeman)).  






Regarding claim(s) 3, 11, and 19, Dykeman discloses:          
           wherein the wireless signal comprises a Bluetooth signal (By disclosing, “Detecting circuitry 307, by using wireless detection techniques, may also be capable of detecting and/or identifying a user or users based on recognition and/or identification of a user device (e.g., a mobile device, such as an RFID device or mobile phone). Detecting circuitry 307 may recognize and identify such a device using any suitable means, for example, radio-frequency identification, Bluetooth…” ([0059], Fig. 3 of Dykeman)).  

Regarding claim(s) 4 and 12, Dykeman discloses:
         receiving the access token based on a configured timeout (By disclosing, “A temporary access right that has been temporarily assigned, transferred or exchanged from a first user to a second user may include temporary duration information” ([0177] of Dykeman); and “Temporary duration information may include a timestamp, datestamp or time duration. The timestamp and/or datestamp may indicate when the temporary access right may expire” ([0178] of Dykeman)).  

Regarding claim(s) 5 and 13, Dykeman does not disclose:
          wherein the access token is encrypted based on the shared secret.
          However, Rapaport teaches:
          wherein the access token is encrypted based on the shared secret (By disclosing, “The Administrator's Computer Device [(licensed client)] encrypts the Access Token with the Cryptographic Key [(shared secret)] shared originally by the Owner” (Page 20 lines 7-13 of Rapaport); “Such Access Token may include the public key that is associated with the User, the public key or identifier that is associated with the Network Enabled Entity, The Public Key of the Administrator and the permitted Sharing Period or permitted access policy.” (Page 9 lines 23-29 of Rapaport); and “the network enabled entity [(media server)] decrypts the Access Token, using the Secret Cryptographic Key correlating to the ID or using the Administrator's Public Key. According to some embodiment, if the Public Key that is used by the Consumer's computing device matches the one Public key that is in the Access Token, and if the Administrator's cryptographic key is valid, a permission to use the Network enabled entity has been sufficiently proved and the Network Enabled Entity will allow the Consumer to use it according to the policy of the Sharing Period that is in the Access Token.” (Page 10 lines 21-27 of Rapaport)).
         Therefore, it would have been obvious to one of ordinary skill in the art at the effective filing date of the present application to modify the method of Dykeman in view of Rapaport to include techniques of wherein the access token is encrypted based on the shared secret. Doing so would result in an improved invention because this would leverage the advantages of encryption (e.g. higher security, cost efficient, etc.). 
Regarding claim(s) 6 and 14, Dykeman discloses:
          wherein the access token allows access to encrypted payloads of premium content (By disclosing, “Second control circuitry of the second user device may detect the first user device and in response, receive the temporary access right from the first user device and retrieve the recorded content asset from the web server” ([0101] of Dykeman); and “In some implementations, a content asset requiring authorization from a content provider may restrict access to the content asset by, for example, encrypting the content asset. For example, in order to access an encrypted content asset, processing circuitry 306 of a media equipment device may transmit an access right to a web server 430. At the web server, processing circuitry 306 may receive the transmitted access right and compare with a database of users and access rights stored in storage 308. In response to determining that the user corresponding to the transmitted access right is authorized to access the broadcast content asset, processing circuitry 306 of the web server 430 may transmit an encryption key to the media equipment device to enable the media equipment device to decrypt the encrypted content asset” ([0107] of Dykeman)).  

Regarding claim(s) 7 and 15, Dykeman does not disclose:
          decrypting the access token to confirm the shared secret with the licensed client.
          However, Rapaport teaches:
          decrypting the access token to confirm the shared secret with the licensed client (By disclosing, “The Administrator's Computer Device [(licensed client)] encrypts the Access Token with the Cryptographic Key [(shared secret)] shared originally by the Owner” (Page 20 lines 7-13 of Rapaport); “Such Access Token may include the public key that is associated with the User, the public key or identifier that is associated with the Network Enabled Entity, The Public Key of the Administrator and the permitted Sharing Period or permitted access policy.” (Page 9 lines 23-29 of Rapaport); and “the network enabled entity [(media server)] decrypts the Access Token, using the Secret Cryptographic Key correlating to the ID or using the Administrator's Public Key. According to some embodiment, if the Public Key that is used by the Consumer's computing device matches the one Public key that is in the Access Token, and if the Administrator's cryptographic key is valid, a permission to use the Network enabled entity has been sufficiently proved and the Network Enabled Entity will allow the Consumer to use it according to the policy of the Sharing Period that is in the Access Token.” (Page 10 lines 21-27 of Rapaport)).
            Therefore, it would have been obvious to one of ordinary skill in the art at the effective filing date of the present application to modify the method of Dykeman in view of Rapaport to include techniques of decrypting the access token to confirm the shared secret with the licensed client. Doing so would result in an improved invention because this would leverage the advantages of encryption/decryption (e.g. higher security, cost efficient, etc.).
Claim(s) 8, 16, and 20 is/are rejected under 35 U.S.C. 103 as being unpatentable over Dykeman (US 20130174223), in view of Rapaport (WO 2018207174), further in view of Yabe (US 20180278603).
Regarding claim(s) 8, 16, and 20, Dykeman does not disclose:
          wherein the access token comprises a one time passcode (OTP) or a JSON Web Token (JWT).  
           However, Yabe teaches:
           wherein the access token comprises a one time passcode (OTP) or a JSON Web Token (JWT) (By disclosing, “In the present exemplary embodiment, a JWS or JWT technique is used, instead of a normal access token, to implement the signed access token including user information associated with the access token, such as access token information and resource owner information. Hereinafter, JSON Web Signature (JWS) used in the present exemplary embodiment is means for protecting and expressing a content represented, by JSON Token (JWT) by using a digital signature or Message Authentication Codes (MACs). JWT is a method for expressing URL-safe claims using a data structure based on JavaScript Object Notation (JSON).”  ([0053] of Yabe)).  
             Therefore, it would have been obvious to one of ordinary skill in the art at the effective filing date of the present application to modify the combination of Dykeman and Rapaport, in view of Yabe to include techniques of wherein the access token comprises a JSON web token. Doing so would result in an improved invention because this would enable the web server to determine whether the access token is valid by verifying the signature of the received signed access token, without the need for confirmation to an authorization server ([0006] of Yabe).

Response to Arguments
Applicant' s arguments with respect to the 35 U.S.C. § 103 rejection have been fully considered but they are not persuasive. 
          The Applicant argues that the added limitations are not disclosed by the presented prior art. The Examiner, respectfully disagrees. The Examiner notes that Dykeman discloses the added limitation “wherein the unlicensed client scans a proximity of an unverified device, and identifies the verified device within less than a predetermined range of the unverified device” (By disclosing, “Second control circuitry of the second user device may detect the first user device and in response, receive the temporary access right from the first user device and retrieve the recorded content asset from the web server.” ([0101], [0059] of Dykeman); “A DRM system may enable a user to temporarily assign or exchange a digital access right with another user within a physical or virtual proximity.” ([0103] of Dykeman); and “A proximity may refer to a physical proximity or virtual proximity. A physical proximity may refer to a measurable range within which detecting circuitry of an electronic device is able to detect a minimum signal, or a perceivable range between a first and second user. A measurable range may include a wireless range within which a first wireless device is able to detect a wireless signal received from a second wireless device,…” ([0003] of Dykeman)). 
         Accordingly, the 35 U.S.C. § 103 rejection will be maintained.

Conclusion
The prior art made of record and not relied upon is considered pertinent to applicant's disclosure. 
US 20200304307 to Fujimaki for disclosing a token management apparatus includes a reception unit that receives, from a first user who has an access token for accessing a service providing server that provides a service, a permission condition for permitting a second user for a conditional use of an access token of the first user, the second user being differential from the first user and not having the access token; and an issuance unit that issues a conditional access token that permits the conditional use of the service within a range of the permission condition, to the second user in a case where the second user requests the conditional use of the access token of the first user, and the request for the conditional use satisfies the permission condition.
US 20170279798 to Reynolds for disclosing authorizing a client device to access a secure resource hosted on a web server, the present methods and systems may provide executable instructions including a challenge token to the client device, which, in turn, may cause the client device to provide executable instructions, including the challenge token, to a mobile client device via a persona area network. The executable instructions provided to the mobile client device may request the mobile client device to return a verification token. The mobile client device may compare the provided challenge token to a challenge token stored locally. If the challenge tokens match, the mobile client device may provide a verification token to the client device via the personal area network, which may in turn provide the verification token to the web server. The web server may compare the verification token provided by the client device to a verification token provided by the present methods and systems. If the verification tokens match, the web server may authorize the access to the secure resource.
US 20200314167 to Achyuth for disclosing transmitting, from an authorized device of a logged-in client, a token to an unauthorized device of an unlogged-in client to allow the unauthorized client to access a file from a storage control server. 

Any inquiry concerning this communication or earlier communications from the examiner should be directed to DUAN ZHANG whose telephone number is (571)272-4642. The examiner can normally be reached Mon - Fri 10 AM-5 PM.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Neha Patel can be reached on 5712701492. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. Visit https://www.uspto.gov/patents/apply/patent-center for more information about Patent Center and https://www.uspto.gov/patents/docx for information about filing in DOCX format. For additional questions, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.





/DUAN ZHANG/Examiner, Art Unit 3685