DETAILED ACTION

This non-final office action is in response to applicant’s response filed September 14, 2022. Claims 1-20 are pending. 

Response to Arguments
	Applicant argues, prior art Fornies et al. doesn’t teach “wherein the one or more conditions comprise a number of allowed accesses to the at least one of the data or service made available by the service layer” Applicant clarified that Fornies does not identify or determine a number of allowed accesses when determining whether to grant access.
	Claim recites determining one or more context aware states associated with the authorization policy, wherein the one or more context aware states comprise an indication of one or more conditions for accessing the at least one of the data or service made available by the service layer, and wherein the one or more conditions comprise a number of allowed accesses to the at least one of the data or service made available by the service layer which can be interpreted as wherein the one or more context aware states comprise an indication of a number of allowed accesses for accessing the at least one of the data or service made available by the service layer. Fornies teaches “allowing the user to execute the information or service R only once” Para. 0082. Fornies technique allowing the user only once (i.e. number of allowed access) to execute the information or service. Under broadest reasonable interpretation, Fornies’ concept of access control teaches the limitation as claimed. However, the examiner is replacing Fornies with WO 02/084980 A1 (Lindholm et al.) to teach the argued limitation. Applicant’s arguments are moot in view of new rejection. In order for the applicant to have ample opportunity to provide persuasive arguments and /or amendment of  the claims  to overcome the prior art of record, THIS ACTION IS MADE NON-FINAL.

Claim Rejections - 35 USC § 101
35 U.S.C. 101 reads as follows:
Whoever invents or discovers any new and useful process, machine, manufacture, or composition of matter, or any new and useful improvement thereof, may obtain a patent therefor, subject to the conditions and requirements of this title.


Claims 15-20 are rejected under 35 U.S.C. 101 because claims directed to “computer readable storage medium” and the claimed invention is directed to non-statutory subject matter. and 
Pending claims are interpreted as broadly as their terms reasonably allow. See In re Zletz, 893 F.2d 319 (Fed. Cir. 1989).  The broadest reasonable interpretation of a claim drawn to a computer readable medium (also called machine readable medium and other such variations) typically covers forms of non-transitory tangible media and transitory propagating signals per se in view of the ordinary and customary meaning of computer readable media, particularly when the specification is silent (See MPEP 2111.01).  When the broadest reasonable interpretation of a claim covers a signal per se, the claim must be rejected under 35 U.S.C. §101 as covering non-statutory subject matter.  See In re Nuijten, 500 F.3d 1346, 1356-57 (Fed. Cir. 2007) (transitory embodiments are not directed to statutory subject matter) and Interim Examination Instructions for Evaluating Subject Matter Eligibility Under 35 U.S.C. § 101, Aug. 24, 2009; See p. 2. OFFICIAL GAZETTE of the UNITED STATES PATENT AND TRADEMARK OFFICE, volume 1351, February 23, 2010, OG 212 (subject matter eligibility of computer readable media). In an effort to assist the patent community in overcoming a rejection or potential rejection under 35 U.S.C. § 101 in this situation, the USPTO suggests the following approach. 
A claim drawn to such a computer readable medium that covers both transitory and non-transitory embodiments may be amended to narrow the claim to cover only statutory embodiments to avoid a rejection under 35 U.S.C. § 101 by adding the limitation “non-transitory” to the claim.
Some other solutions as 
-- an amendment the claimed term to:  "computer usable memory", or "computer usable storage memory", "computer readable memory", "computer readable device", (i.e. any variations thereof, where "media" or "medium" is replaced by "device" or "memory") or adding "wherein the medium is not a signal". 
-- “an amendment to the specification defining the medium is not a signal and deleting the statement in the spec stating that the medium can be a signal”, 
-- “an amendment to the specification defining the medium a form of memory devices and deleting the statement in the spec stating that the medium can be a signal”, 
-- “a disavowal statement and an amendment to the spec deleting the medium is a signal statement”.

Claim Rejections - 35 USC § 103
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.

Claims 1-20 are rejected under 35 U.S.C. 103 as being unpatentable over US PG-PUB No. 2015/0031335A1 to Dong et al. (hereinafter Dong) in view of WO 02/084980 A1 to Lindholm et al. (hereinafter Lindholm). 
As per claim 1, Dong disclosed a method implemented by an authorization verification service of a service layer, the method comprising: 
receiving, from a device, a request ( Dong, Claim 12, “receiving a request from a second device”, the second device corresponds to the claimed “device”)  to access at least one of data or a service made available by the service layer (Dong, Claim 12, “for location information of the first device” where the service provider is receiving a request from the second device to access location information of a first device, which correspond to the claimed “one of data or a service.” Dong further teaches that these methods for the Location-Based Service (LBS) are implemented in the service layer, par 0004, “methods, devices, and systems for location management and privacy control at an M2M service layer” and par 0065 further recites that “these mechanisms and procedures may be implemented as a service capability (SC) in a service layer.” Therefore, all Dong references imply that the methods are implemented in the service layer hereinafter.);
	determining an authorization policy associated with the at least one of the data or service made available by the service layer (Dong, par 0066, “a device D may report its location to an SC and set up a privacy policy for the location information. In such an embodiment, D may set up the policy that devices in a certain proximity (distance/range) or that devices having a certain relationship in common with the device, can get access to the device’s location information” where the privacy policy corresponds to the claimed “authorization policy” and the service of providing the location information of the device corresponds to the claimed “one of the data or service.” );
	determining one or more context aware states associated with the authorization policy, wherein the one or more context aware states comprise an indication of one or more conditions for accessing the at least one of the data or service made available by the service layer, (Dong, establishes a determination of authorization based upon new location information and privacy policy criteria, per Claim 10, “detecting a new location information regarding the first device;…and pushing the new location information of the first device to any devices that currently meet the criteria of the privacy policy in view of the new location information.” Dong further teaches in par 0038, “location is important context information for an M2M device” and therefore teaches of claimed “one or more context aware states” and it meeting the first device’s privacy policy corresponding to the claimed “an indication of one or conditions.”);
determining whether the one or more conditions associated with the one or more context aware states are valid, (Dong, establishes validation of the conditions of context aware states, per Claim 11, “pushing a notification that the location information of the first device is no longer valid to any previously chosen devices that do not meet the criteria,” where location information corresponds to the claimed “one or more conditions associated with the one or more context aware states” and do not meet the criteria corresponds to the claimed “are valid” Dong teaches further, par 0071, “device D setting up a distance value, where other devices within the specified distance from D may get access to its location information” where distance value corresponds to the claimed “one or more conditions” associated with the device location which corresponds to the claimed “context aware state” and thus when the devices may get access corresponds to the claimed “are valid.”); 
granting, to the device and based on determining that the one or more conditions associated with the one or more context aware states are valid, access to the at least one of the data or service made available by the service layer. (Dong, per Claim 12, “and, if receipt of the location information by the second device is in accordance with the privacy policy, responding to the second device by providing the location information of the first device” where location information by second device corresponds to the claimed “conditions associated with the one or more context aware states are valid” and providing location information of first devices corresponds to granting “access to the at least one of the data or service.”); 
Dong does not disclose the one or more conditions comprise a number of allowed accesses to the at least one of the data or service made available by the service layer, however, in an analogous art Lindholm disclosed the one or more conditions comprise a number of allowed accesses to the at least one of the data or service made available by the service layer (The Order Server 3 then creates a digitally signed ticket or digitally signed tickets, which it sends back to the Client 1. Such a ticket is a receipt of the order and contains information of the agreement that is necessary for the Client in order to obtain the requested media object from the Streaming Server 5 and to retrieve the contents thereof. This might be information about the Streaming Server and about requested media, cryptographic information, such as a key and other parameters for the streaming data, and usage rights or conditions, i.e. authorization information, for the requested media, e.g. the number of accesses allowed, initiation and expiration time. When receiving the ticket the Client 1 may check that the contents of the ticket coincides with the previously made order. Page 8, lines 9-18);
It would have been obvious to one of ordinary skill in the art before the effective filing date of the invention, to modify the system of Dong to incorporate the concept of the one or more conditions comprise a number of allowed accesses to the at least one of the data or service made available by the service layer as disclosed by Lindholm, such modification exchange security information, such as authentication of the client, which is used in the order process and/or in the charging process. (Lindholm, page 7, lines 37-41). 

As per claim 2, Dong-Lindholm combination further disclosed the method of claim 1, wherein the one or more conditions associated with the one or more context aware states further comprise a time duration for accessing the at least one of the data or service made available by the service layer. (Lindholm, Page 8, lines 9-18: usage rights or conditions, i.e. authorization information, for the requested media, e.g. the number of accesses allowed, initiation and expiration time.) The reasons of obviousness have been noted in the rejection of claim 1 above and applicable herein.

As per claim 3, Dong in view of Lindholm disclosed the method of claim 1, wherein the one or more conditions associated with the one or more context aware states further comprise a type of device that is allowed access to the at least one of the data or service made available by the service layer. (Dong teaches in Claim 9, “applying the privacy policy to information known to the server regarding a set of devices, the set comprising the first device, the second device, and/or other devices; choosing from the set of devices those devices that meet the criteria of the privacy policy” and par 0037, M2Msystems may report an M2M device or M2M gateway location to an M2M application when this information is available.” Dong establishes that one of the criteria in accessing location information which corresponds to the claimed “context aware states” must be a device which meets the conditions of a privacy policy which corresponds to the claimed “type of device that is allowed access” and “one or more conditions” respectively. When the conditions of the privacy policy are met, Claim 9 further elaborates that “and pushing to the chosen devices via the communication network the location information of the first device” where the claimed “type of device” can be any device that set of devices that are applicable to the privacy policy and therefore, given location information” the location information of the first device which corresponds to the claimed “data or service.”). 

As per claim 4, Dong in view of Lindholm further disclosed the method of claim 1, wherein the one or more conditions associated with the one or more context aware states are independent of the device and the request to access the at least one of the data or service made available by the service layer. (Dong, par 0038, teaches “location information of an M2M device or M2M gateway may be determined either by underlying network procedures, by application level information reported from an M2M device or gateway application or by using a combination of both methods.” The location information of an M2M device or M2M gateway corresponds to the claimed “the one or more conditions” and the determined by underlying network procedures correspond to the claimed “independent of the device.”). 

As per claim 5, Dong in view of Lindholm disclosed the method of claim 1, wherein the authorization verification service determines the context aware states based on one or more of data stored by the service layer or operations performed by the service layer. (Dong establishes the service layer as a unit of management and determination of context aware states and teaches that the distance, range, and location information which corresponds to the claimed “context aware states” is determined and managed by the Service Capability (SC, par 0065, service capability in a service layer). Dong elaborates further, par 0068, “With the devices' location information managed by the SC, the instant embodiments facilitate new service capabilities. For example, an SC may act as a relay point for device services requests and advertisements. Further, a device may advertise its services to other entities in the proximity by retrieving the device location information from the SC. Alternatively, a device may grant the SC permission to push other devices' location information if it satisfies the privacy policy for those devices. When a device wants to request a service (e.g., a food recommendation,) the SC may locate other devices in the proximity that provide the service and, if the location information for the provider of that service is public, forward the request to those provider devices. An SC can also provide a directory of services available based on the location of a device. An SC may further act as intermediary in the provision of a service”). 

As per claim 6, Dong in view of Lindholm disclosed the method of claim 1, wherein the one or more context aware states are stored in the authorization policy. (Dong teaches of the identity, distance, and relationship that comprises a privacy policy which correspond to the claimed “context aware states” and “authorization policy” respectively, in Claim 1, “where the privacy policy comprises criteria relating to an identity of a second device, a distance, and/or a relationship among two or more devices.”). 

As per claim 7, Dong in view of Lindholm disclosed the method of claim 1, further comprising updating, based on granting access to the at least one of the data or service made available by the service layer, the one or more context aware states associated with the authorization policy. (Dong establishes updating policies based upon accepted context aware states that change through location information which correspond to the claimed “context aware states,” in Claim 2, “The server of claim 1, wherein the server is further arranged: to detect a new location information regarding the first device; to reapply the privacy policy; to push a notification that the location information of the first device is no longer valid to any previously chosen devices that no longer meet the criteria of the privacy policy; and to push the new location information of the first device to any devices that currently meet the criteria of the privacy policy in view of the new location information.”) 

Claims 8-14 recites substantially the same limitations as claims 1-7, respectively, in the form of an apparatus implementing the corresponding method, therefore, they are rejected under the same rationale. 

Claims 15-20 recites substantially the same limitations as claim 1-6, respectively, in the form of a computer-readable storage medium storing computer-executable instructions implementing the corresponding method, therefore, they are rejected under the same rationale.  

Conclusion
The prior art made of record and not relied upon is considered pertinent to applicant's disclosure:
Ito et al. (US 2007/0113079 A1) disclosed [0102] The data processing apparatus may have an arrangement wherein each of the transfer restriction conditions is a limit number indicating an upper limit of how many times accesses are allowed to the predetermined storage space within the memory unit, and the monitoring unit stores therein an accumulative number of accesses made to the storage space in history, extracts a piece of address information from the transfer data, adds 1 to the accumulative number in a case where the extracted piece of address information is included in a corresponding one of the pieces of address information, and inhibits the transfer data from being transferred in a case where a number after the addition exceeds the limit number.
Trodden et al. (US 2008/0229100 A1): [0016] Accompanying the encrypted data may be data volatility information sent from the host (104) indicating the conditions under which the encrypted data may be accessed by a user of the user device (106). Also accompanying the encrypted data may be data validity rules sent from the host (104) indicating one or more actions to be performed upon expiration of the data. For example, the data volatility information may include an expiration date and/or time, a number of allowed accesses, or a number of software licenses or copies allowed. The data validity rules may indicate that upon expiration of the data, the data is to be erased or the user is to be prompted to renew a license or subscription. In some cases, the data volatility information may indicate that the data is always valid, and does not expire.
Any inquiry concerning this communication or earlier communications from the examiner should be directed to SHAWNCHOY RAHMAN whose telephone number is (571)270-7471. The examiner can normally be reached Monday - Friday 8:30A-5P ET.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Taghi T Arani can be reached on 5712723787. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. Visit https://www.uspto.gov/patents/apply/patent-center for more information about Patent Center and https://www.uspto.gov/patents/docx for information about filing in DOCX format. For additional questions, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.



/Shawnchoy Rahman/Primary Examiner, Art Unit 2438