DETAILED ACTION
This communication responsive to the Application No. 17/673,114 filed on February 16,
2022. A preliminary amendment was filed on 02/16/2022 in which claims 1-21 have been canceled, and claims 22-41 have been added new. Claims 22-41 are pending and are directed towards PROTECTIONS AGAINST SECURITY VULNERABILITIES ASSOCIATED WITH TEMPORARY ACCESS TOKENS.

Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .

Information Disclosure Statement
The information disclosure statement (IDS) submitted on 02/16/2022 was Acknowledge. The submission is in compliance with the provisions of 37 CFR 1.97.  Accordingly, the information disclosure statement is being considered by the examiner.


Double Patenting
The nonstatutory double patenting rejection is based on a judicially created doctrine grounded in public policy (a policy reflected in the statute) so as to prevent the unjustified or improper timewise extension of the “right to exclude” granted by a patent and to prevent possible harassment by multiple assignees. A nonstatutory double patenting rejection is appropriate where the conflicting claims are not identical, but at least one examined application claim is not patentably distinct from the reference claim(s) because the examined application claim is either anticipated by, or would have been obvious over, the reference claim(s). See, e.g., In re Berg, 140 F.3d 1428, 46 USPQ2d 1226 (Fed. Cir. 1998); In re Goodman, 11 F.3d 1046, 29 USPQ2d 2010 (Fed. Cir. 1993); In re Longi, 759 F.2d 887, 225 USPQ 645 (Fed. Cir. 1985); In re Van Ornum, 686 F.2d 937, 214 USPQ 761 (CCPA 1982); In re Vogel, 422 F.2d 438, 164 USPQ 619 (CCPA 1970); In re Thorington, 418 F.2d 528, 163 USPQ 644 (CCPA 1969).
A timely filed terminal disclaimer in compliance with 37 CFR 1.321(c) or 1.321(d) may be used to overcome an actual or provisional rejection based on nonstatutory double patenting provided the reference application or patent either is shown to be commonly owned with the examined application, or claims an invention made as a result of activities undertaken within the scope of a joint research agreement. See MPEP § 717.02 for applications subject to examination under the first inventor to file provisions of the AIA  as explained in MPEP § 2159. See MPEP § 2146 et seq. for applications not subject to examination under the first inventor to file provisions of the AIA . A terminal disclaimer must be signed in compliance with 37 CFR 1.321(b). 
The USPTO Internet website contains terminal disclaimer forms which may be used. Please visit www.uspto.gov/patent/patents-forms. The filing date of the application in which the form is filed determines what form (e.g., PTO/SB/25, PTO/SB/26, PTO/AIA /25, or PTO/AIA /26) should be used. A web-based eTerminal Disclaimer may be filled out completely online using web-screens. An eTerminal Disclaimer that meets all requirements is auto-processed and approved immediately upon submission. For more information about eTerminal Disclaimers, refer to www.uspto.gov/patents/process/file/efs/guidance/eTD-info-I.jsp.
Claims 22, 26-28, 31-36, 38, and 40-41 are rejected on the ground of nonstatutory obviousness-type double patenting as being unpatentable over claims 1, 4-12, and 15-19 of U.S. Patent No. 11,258,788 B2. Although the claims at issue are not identical, they are not patentably distinct from each other because both the current invention and U.S. Patent No. 11,258,788 B2 are drawn to a methods and systems for protecting data integrity in a content distribution network. Although some of the conflicting claims are not identical, they are not patentably distinct from each other because the claimed limitations from the present application and U.S. Patent No 11,258,788 B2 are significantly similar and the claimed features seem to be identical with various obvious alternate method of protecting data integrity in a content distribution network.  
Furthermore, the omission of an element with a corresponding loss of function is an obvious expedient. See In re Karlson, 136 USPQ 184 and Ex parte Rainu, 168 USPQ 375. In particular the omission of the limitation “modifying the temporary access token by replacing a portion of the temporary access token with customized data to generate a customized replacement token” is an obvious expedient. 
The table below compares the independent claims of the instant application and the U.S. Patent No. 11,258,788 B2. Other dependent claims have similar features. 

Instant Application: 17/673,114
Patent No. 11,258,788 B2
Claim 22: A non-transitory computer readable medium including instructions that, when executed by at least one processor, cause the at least one processor to perform operations for securing the use of temporary access tokens in network environments, the operations comprising: 
identifying a request from a network identity for an action involving a target network resource, wherein the action requires a temporary access token; 
receiving, from the target network resource, a temporary access token generated by the target network resource based on the request for the action; storing the temporary access token separate from the network identity; 
generating a customized replacement token having an attribute different from the temporary access token such that the customized replacement token cannot be used directly with the target network resource; providing the customized replacement token to the network identity; 
monitoring use of the customized replacement token to detect an activity identified as being at least one of potentially anomalous or potentially malicious; receiving an access request from the network identity to access the target network resource, the access request including the customized replacement token; and based on the detected activity, denying the access request from the network identity.
Claim 1: A non-transitory computer readable medium including instructions that, when executed by at least one processor, cause the at least one processor to perform operations for securing the use of temporary access tokens in network environments, the operations comprising: 
identifying a request from a network identity for an action involving a target network resource, wherein the action requires a temporary access token;
receiving, from the target network resource, a temporary access token generated by the target network resource based on the request for the action; 
storing the temporary access token separate from the network identity; 
modifying the temporary access token by replacing a portion of the temporary access token with customized data to generate a customized replacement token, the customized replacement token having an attribute different from the temporary access token such that the customized replacement token cannot be used directly with the target network resource; 
providing the customized replacement token to the network identity; 
receiving an access request from the network identity to access the target network resource, the access request including the customized replacement token; and asserting the temporary access token to the target network resource on behalf of the network identity.
Claim 2. The non-transitory computer readable medium of claim 1, wherein the operations further comprise monitoring use of the customized replacement token and detecting an anomaly in the monitored use.
Claim 35: A computer-implemented method for securing the use of temporary access tokens in network environments, the method comprising:
 identifying a request from a network identity for an action involving a target network resource, wherein the action requires a temporary access token;
 receiving, from the target network resource, a temporary access token generated by the target network resource based on the request for the action;
storing the temporary access token separate from the network identity; 
generating a customized replacement token having an attribute different from the temporary access token such that the customized replacement token cannot be used directly with the target network resource;
providing the customized replacement token to the network identity; 
monitoring use of the customized replacement token to detect an activity identified as being at least one of potentially anomalous or potentially malicious; receiving an access request from the network identity to access the target network resource, the access request including the customized replacement token; and based on the detected activity, denying the access request from the network identity
Claim 15: A computer-implemented method for securing the use of temporary access tokens in network environments, the method comprising: identifying a request from a network identity for an action involving a target network resource, wherein the action requires a temporary access token; determining that the network identity is authorized for a role associated with the temporary access token; creating, based on the role associated with the temporary access token, a customized replacement role for the network identity, the customized replacement role being different from the role associated with the temporary access token and having conditional use restrictions comprising a limitation on actions that are performable using the customized replacement role, the conditional use restrictions being customized for the network identity based on information included in the request and information associated with the network identity; generating a replacement role temporary token associated with the customized replacement role; providing the customized replacement role to the target network resource; and providing the replacement role temporary token to the network identity in response to the request.



Conclusion
Any inquiry concerning this communication or earlier communications from the examiner should be directed to KHALID M ALMAGHAYREH whose telephone number is (571)272-0179. The examiner can normally be reached Monday - Thursday 8AM-5PM EST & Friday variable.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, SALEH NAJJAR can be reached on (571)272-4006. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. Visit https://www.uspto.gov/patents/apply/patent-center for more information about Patent Center and https://www.uspto.gov/patents/docx for information about filing in DOCX format. For additional questions, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.



Respectfully Submitted

/KHALID M ALMAGHAYREH/Examiner, Art Unit 2492