CROSS PLATFORM CREDENTIAL SHARING

Notice of Pre-AIA or AIA Status The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA . This office action is in response to the amendment filed on 07/15/2025. Claims 1-4 and 6-21 are pending. Priority The instant application, filed 09/23/2022, claims priority of provisional documents, 63/248,391 and 63/408,815, filed on 09/24/2021, and 09/21/2022 respectively. Examiner has utilized sources filed prior to 09/24/2021 in their rejections. Information Disclosure Statement The information disclosure statement (IDS) submitted on 07/15/2025, 10/22/2025, 11/10/2025 and 12/16/2025 are in compliance with the provisions of 37 CFR 1.97. Accordingly, the information disclosure statement is being considered by the examiner. Drawings The drawings submitted on 09/23/2022 with the instant application are acceptable for examination purposes. Specification The specification submitted on 09/23/2022 with the instant application is acceptable for examination purposes. Claim Objections In view of the amendment, the objection to claims 6 and 13 has been withdrawn. Response to Arguments Applicant’s arguments, see Remarks, filed on 07/15/2025, with respect to the rejection(s) of claim(s) under 35 U.S.C. 103 have been fully considered and are persuasive. Specifically, applicant’s argument that that neither Huang, McDonald, nor Efstathopoulos, alone or in combination, teaches or suggests the amended features of the independent claims that was incorporated from claim 5 is persuasive, therefore, the rejection has been withdrawn. However, upon further consideration, a new ground(s) of rejection is made in view of Bradley et al. WO 2005/017654 (hereinafter Bradley). Claim Rejections - 35 USC § 103 In the event the determination of the status of the application as subject to AIA 35 U.S.C. 102 and 103 (or as subject to pre-AIA 35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis (i.e., changing from AIA to pre-AIA ) for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status. The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action: A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made. Claims 1, 9, 16 and 21 are rejected under 35 U.S.C. 103 as being unpatentable over Huang et al. US 20150381588 A1, in view of McDonald et al. US 20140208112 A1 in view of Bradley et al. WO 2005/017654 (hereinafter Bradley). Referring to independent claims 1, 9, and 16 Huang et al. teaches: One or more non-transitory computer-readable media having instructions that, when executed by one or more processors (Huang et al. – Paragraph [0121]: Therefore, the present application may use a form of hardware only embodiments, software only embodiments, or embodiments with a combination of software and hardware. Moreover, the present application may use a form of a computer program product that is implemented on one or more computer-usable storage media … that include computer-usable program code. [0122] In a typical configuration, a computing device includes one or more processors, central processing unit (CPU), an input/output interface, a network interface, and a memory.) of a relay server (Huang et al. – Paragraph [0004]: A cloud server not only can save a file for a user, but also can share, with another user, a file saved by a user.), cause the relay server to: identify an encrypted payload received from an origination device (Huang et al. – Paragraph [0023]: a file sharing apparatus is provided, including a first receiving module configured to receive and save one or more encrypted files separately uploaded by a first terminal … Paragraph [0062] S202: The first terminal uploads each obtained encrypted file to a server for saving.), store the encrypted payload in a location for retrieval by the recipient device (Huang et al. – Paragraph: [0063] S203: The server receives and saves each encrypted file uploaded by the first terminal. [0064] S204: The server returns, to the first terminal, a URL corresponding to a location for saving each encrypted file.); provide a uniform resource locator (URL) associated with the location to the origination device (Huang et al. – Paragraph [0064]: S204: The server returns, to the first terminal, a URL corresponding to a location for saving each encrypted file.), the uniform resource locator to be shared by the origination device with the recipient device to retrieve the encrypted payload (Huang et al. – Paragraph [0065]: S205: The first terminal generates a key package of a file to be shared. [0066] The file to be shared comes from the one or more files in step S201, and the key package includes a shared key and a URL that correspond to the file to be shared. [0069] S207: The first terminal transmits the encrypted key package to the second terminal.); identify a request for the encrypted payload received from the recipient device using the uniform resource locator (Huang et al. – Paragraph [0101]: S409: The second terminal sends, to the trusted server, a request message that carries the URL corresponding to the location for saving the key package.); and provide the encrypted payload to the recipient device based at least in part on the request (Huang et al. – Paragraph [0071]: The foregoing example is used again. Because the first terminal encrypts the key package by using the public key of the second terminal, the second terminal may decrypt the encrypted key package by using a private key of the second terminal, to acquire the URL and the shared key that are included in the decrypted key package, acquire the corresponding encrypted file from the server according to the acquired URL, and decrypt the acquired encrypted file by using the acquired shared key.), Huang et al. do not expressly teach: the encrypted payload being associated with a credential share operation of an access credential from the origination device to a recipient device; nor the encrypted payload to be utilized by the recipient device for retrieval of a copy of the access credential. McDonald et al. teaches: the encrypted payload being associated with a credential share operation of an access credential from the origination device to a recipient device; (McDonald et al. – Paragraph [0025]: … A second device 104 receives … an encrypted account credential 114 from a first device 102. At block 220, the second device 104 reconstructs the master key 180 with the first share 116 of the master key and a second share 144 of the master key. …) The examiner submits that the encrypted payload being an encrypted access credential satisfies the limitation of the encrypted payload being associated with a credential share operation of an access credential. the encrypted payload to be utilized by the recipient device for retrieval of a copy of the access credential. (McDonald et al. – Paragraph [0025]: … Next, at block 230, the second device 104 decrypts the encrypted account credential 114 ... At block 240, the second device 104 may then be enabled to access an account for a user based on the decrypted account credential 182, as previously described.) The examiner submits that the encrypted payload containing the account credential is utilized for retrieval of a copy of the access credential when it is decrypted by the second device. It would have been obvious to one of ordinary skill in the art, before the effective filing date of the claimed invention, to have modified the encrypted data being shared in Huang et al. to be representative of the data in McDonald et al. One of ordinary skill in the art would have been motivated to make this modification for the benefit of enabling a user to share access to their own accounts across devices. Huang in view of McDonald does not explicitly teach identify an authorization policy associated with the encrypted payload indicated by the origination device, the authorization policy defining an amount of writes allowed related to the encrypted payload; apply the authorization policy for access to the location based at least in part on the request; and authorization policy being satisfied. Bradley in analogous art, however, discloses identify an authorization policy associated with the encrypted payload indicated by the origination device, the authorization policy defining an amount of writes allowed related to the encrypted payload; (see para. [0313]–[0315], [0309]–[0316], “Control object 1320 includes and protects the control program (e.g., control byte code 1324) that represents the rules that govern the use of the keys used to encrypt and decrypt the content. Examiner notes that Controller object 1330 represents the binding between the keys and the rules governing their control originator creates signed control program and controller that are bound to the encrypted content/key; para. [022]–[023], para. [0281]–[0284] The DRM engine is based on a simple graph based model … the Control VM might consist of only a few pages of code. … the VM is capable of performing logical and arithmetic calculations, as well as querying state information from the host environment to check parameters such as system time, counter state, and so forth. Examiner notes: VM can read/update counters and perform arithmetic tests supports “amount of writes” quotas) apply the authorization policy for access to the location based at least in part on the request; and authorization policy being satisfied ( see para. [022]–[023], para. [0281]–[0284]). the Control VM … is capable of performing logical and arithmetic calculations, as well as querying state information from the host environment to check parameters such as system time, counter state, and so forth. (i.e. host environment queries are supported; location can be provided as host state; node attributes / certificate constraints for contextual checks see para. [0318]–[0326], [0346]–[0350] object was authorized to be used for that purpose and para. [0111]-[0113], [0183]-[0186], gateway/network tier context) It would have been obvious to one of ordinary skill in the art, before the effective filing date of the claimed invention, to have modified the encrypted data being shared in Huang et al. and McDonald with Bradley’s teaching of authorization policy with encrypted payload. One of ordinary skill in the art would have been motivated to make this modification in order to provide enables consumers, content providers, device manufacturers, service providers to establish a trusted relationship, and exchange value in rich and dynamic ways through exposed service interfaces (para. [0006], Bradley) Claim 9 and 16 are rejected with the same rationale and motivation as above. As per claim 21, Huang et al. and McDonald et al. and Bradley teach wherein the authorization policy comprises a stateless policy with a single allowed write, a stateful policy with two allowed writes, or a long lived policy with unlimited writes. (see Bradley para. ( see para. [022]–[023], para. [0281]–[0284]) DRM, parameters counter). Similar motivation as claim 1 applies. Claims 2-3, 10-11 and 17-18 are rejected under 35 U.S.C. 103 as being unpatentable over Huang et al. and McDonald et al. in view of in view of Bradley et al. WO 2005/017654 (hereinafter Bradley) as applied to claim 1 above, and further in view of Vedula et al. US 20220094668 A1. Referring to dependent claims 2, 10 and 17: As per claim 2, Huang et al. and McDonald et al. and Bradley teach the one or more non-transitory computer-readable media of claim 1. Huang et al. and McDonald et al. do not expressly teach wherein an attestation is applied to the encrypted payload, and wherein the instructions, when executed by the one or more processors, further cause the relay server to: determine whether the origination device is a type of device that is authorized to share the access credential based at least in part on the attestation. Vedula et al. teaches: The one or more non-transitory computer-readable media of claim 1, wherein an attestation is applied to the encrypted payload (Vedula et al. – Paragraph [0025]: The hardware-specific public key can be used, for example, to encrypt data that can only be decrypted by the secure hardware component using the hardware-specific private key. The hardware-specific private key can be used, by the secure hardware component, to digitally sign data with a signature that can be decrypted using the hardware-specific public key. In this way, a digital signature generated using the hardware-specific private key can be used to attest to the source and/or security of data transmitted by the electronic device and to implicitly identify the electronic device… [0046] As shown in the example of FIG. 4, data that is sent to the application server 120 via the secure tunnel may be sent together with a device-specific certificate that securely attests to the validity of the electronic device 102 and provides device identifiers that may be used for various server-side operations at the application server 120.), and wherein the instructions, when executed by the one or more processors, further cause the relay server to: determine whether the origination device is a type of device that is authorized to share the access credential based at least in part on the attestation (Vedula et al. – Paragraph [0016]: In one or more implementations, the device may provide further device-specific information in a device-specific certificate that is provided with data sent over the secure connection to, for example, (i) securely attest the validity of the device or device type, and (ii) provide one or more device identifiers to be used by server side logic.). It would have been obvious to one of ordinary skill in the art, before the effective filing date of the claimed invention, to modify the receiving functionality of the relay server taught by Huang et al. and McDonald et al. and Bradley with the capability to determine the device type of the origin device as taught by Vedula et al. One of ordinary skill in the art would have been motivated to make this modification for the benefit of implicitly providing secure device identification and attestation as part of the establishment of the connection. Claims 10 and 17 are rejected with the same rationale and motivation as above. Regarding claim 3. 11 and 18: The combination of Huang et al., McDonald et al., Bradley and Vedula et al. teaches the non-transitory computer-readable media of claim 2. Vedula additionally discloses the one or more non-transitory computer-readable media of claim 2, wherein the attestation comprises a signature applied to the encrypted payload (Vedula et al. – Paragraph [0025]: The hardware-specific public key can be used, for example, to encrypt data that can only be decrypted by the secure hardware component using the hardware-specific private key. The hardware-specific private key can be used, by the secure hardware component, to digitally sign data with a signature that can be decrypted using the hardware-specific public key. In this way, a digital signature generated using the hardware-specific private key can be used to attest to the source and/or security of data transmitted by the electronic device and to implicitly identify the electronic device), wherein the attestation indicates a device type for the origination device without identifying information for a user of the origination device (Vedula et al. – Paragraph [0025]: The hardware-specific private key can be used, by the secure hardware component, to digitally sign data with a signature that can be decrypted using the hardware-specific public key. In this way, a digital signature generated using the hardware-specific private key can be used to attest to the source and/or security of data transmitted by the electronic device and to implicitly identify the electronic device… [0046] As shown in the example of FIG. 4, data that is sent to the application server 120 via the secure tunnel may be sent together with a device-specific certificate that securely attests to the validity of the electronic device 102 and provides device identifiers that may be used for various server-side operations at the application server 120.). The same motivation as claim 2 above applies Claims 11 and 18 are rejected with the same rationale and motivation as above. Claim 4 is rejected under 35 U.S.C. 103 as being unpatentable over Huang et al. and McDonald et al. in view of Bradley as applied to claim 1 above, and further in view of Park US 20160072807 A1 . Referring to dependent claims 4, 12, and 19 As per claim 4, Huang et al. and McDonald et al. and Bradley teach the one or more non-transitory computer-readable media of claim 1. Huang et al. and McDonald et al. and Bradley do not expressly teach wherein an attestation is applied to the request for the encrypted payload, and wherein the instructions, when executed by the one or more processors, further cause the relay server to: determine whether the recipient device is a type of device that is authorized to receive the encrypted payload based at least in part on the attestation. Park teaches The one or more non-transitory computer-readable media of claim 1, wherein an attestation is applied to the request for the encrypted payload, and wherein the instructions, when executed by the one or more processors, further cause the relay server to: determine whether the recipient device is a type of device that is authorized to receive the encrypted payload based at least in part on the attestation (Park – Paragraph [0069]: The content request can comprise the first device identifier, and can be encrypted using the first shared key. In an aspect, the content request can request access to content secured using another security protocol (e.g., a security protocol other than the one used to authenticate the sender of the content request). The network device can authenticate the content request based on the received first device identifier and the first shared key. Once authenticated, the network device can authorize/permit the first user device to access the content through a content resource. Paragraph [0076]: In another aspect, the network device can act as a gateway by receiving the content request from a user device and transmitting the content request to the content resource.); The examiner submits the gateway is a sufficient equivalent to the relay server. It would have been obvious to one of ordinary skill in the art, before the effective filing date of the claimed invention, to modify the receiving functionality of the relay server taught by Huang et al. and McDonald et al. and Bradley with the capability to determine the device type of the recipient device as taught by Park. One of ordinary skill in the art would have been motivated to make this modification for the benefit of implicitly providing secure device identification and attestation as part of the establishment of the connection. Claims 12 and 19 are rejected with the same rationale and motivation as above. Claim 6 and 13 are rejected under 35 U.S.C. 103 as being unpatentable over Huang et al. and McDonald et al. as in view of Bradley applied to claim 1 above, and further in view of Taralika et al. US 20180103026 A1, and Hardt et al. US 20170264654 A1. As per claim 6, Huang et al. and McDonald et al. and Bradley teach the one or more non-transitory computer-readable media of claim 1. Huang et al. and McDonald et al. and Bradley do not expressly teach wherein the instructions, when executed by the one or more processors, further cause the relay server to: identify display information related to the access credential received from the origination device; store the display information in the location; identify a request for the display information received from the recipient device; and provide the display information to the recipient device, the display information to cause the recipient device to display an indication of the a secured entity associated with the access credential. Taralika et al. teaches: wherein the instructions, when executed by the one or more processors, further cause the relay server to: identify display information related to the access credential received from the origination device (Taralika et al. – Paragraph [0017] The user's enterprise network credentials may be presented to gain such access, enabling the file or other servers on which shared resources are stored to enforce access control list (ACL) based or other access controls with respect to requested resources. … [0024] … For example, a user's credentials may be used to determine, based on one or more policies, a subset of resources that would be available to the user if logged in to the network directly (e.g., on premises, via VPN), and access to only that subset of resources would be made available via mobile app 102. Policies may be defined by user, group, or other user association. Such an approach in various embodiments enables the user to be presented via mobile app 102 only with those shared resources that the user is most likely to desire to have mobile access, enabling a representation of only that subset of content to be displayed in a navigable interface of mobile app 102, for example.) Examiner submits that the credentials required to access a network are related to the documents that may be obtained on that network.; It would have been obvious to one of ordinary skill in the art, before the effective filing date of the claimed invention, to modify the display information received by the relay server taught by Huang et al. and McDonald et al. with the additional of display information as taught by Taralika et al. One of ordinary skill in the art would have been motivated to make this modification for the benefit of maintaining related data together as a method of reducing number of different locations which must be supported. Huang et al., McDonald et al., and Taralika et al. do not expressly teach store the display information in the location; identify a request for the display information received from the recipient device; and provide the display information to the recipient device, the display information to cause the recipient device to display an indication of a secured entity associated with the access credential. Hardt et al. teaches: store the display information in the location; identify a request for the display information received from the recipient device (Hardt et al. – Paragraph [0022]: FIG. 1 is a block diagram illustrating an example network environment 100 operable to facilitate a retrieval and display of network credentials. In embodiments, one or more clients 110 (e.g., set-top box (STB), mobile devices, tablets, gaming consoles, pluggable content-streaming devices, etc.) and one or more access points 120 may provide video and/or data services to a subscriber. For example, an access point 120 may deliver video services to a client 110, and the client 110 may output multimedia content to a display device 130 (e.g., television). [0039]: At 310, network credentials may be retrieved by the client 110. In embodiments, network credentials may be retrieved from storage at the client 110 (e.g., credential data store 220 of FIG. 2). The client 110 may request and receive network credentials from a home network device (e.g., access point 120). For example, the client 110 may request information from the access point 120 concerning which wireless bands are supported, which wireless channels are supported, available bandwidth, and other information (e.g., information as supported by 802.11). Network credentials may be shared between an access point 120 and a client 110 via a variety of mechanisms and communication protocols including, but not limited to 802.11, control and provisioning of wireless access points (CAPWAP), HTTP Get/Put, and others. It will be appreciated by those skilled in the relevant art that communications carrying network credentials from an access point 120 to a client 110 may be encrypted.) ; and provide the display information to the recipient device, the display information to cause the recipient device to display an indication of a secured entity associated with the access credential (Hardt et al. – Paragraph [0042]: FIG. 4 is an illustration of an example user interface 405 displaying network credentials. The user interface 405 may be output to a display 410 (e.g., display of a display device 130 of FIG. 1). In embodiments, the user interface 405 may be displayed at the in-focus graphics layer on the display 410 such that the user interface 405 is displayed on top of all other layers (e.g., guide, menu, content layers, etc.) of the display 410.). It would have been obvious to one of ordinary skill in the art, before the effective filing date of the claimed invention, to modify the display information received by the relay server taught by Huang et al., McDonald et al., and Bradley and Taralika et al. with the display information management as taught by Hardt et al. One of ordinary skill in the art would have been motivated to make this modification for the benefit of transferring the display information to the recipient device. Claim 13 is rejected with the same rationale and motivation as above. Claim 7 and 14 are rejected under 35 U.S.C. 103 as being unpatentable over Huang et al., McDonald et al., and Bradley Taralika et al., and Hardt et al. as applied to claim 6 above, and further in view of Aggarwal et al. US 20120158922 A1. Referring to dependent claims 7 and 14 As per claim 7, Huang et al., McDonald et al., and Bradley Taralika et al., and Hardt et al. teach one or more non-transitory computer-readable media of claim 6. Huang et al., McDonald et al., Taralika et al., and Hardt et al. do not expressly teach wherein the instructions, when executed by the one or more processors, further cause the relay server to: convert the display information to rich object data, Aggarwal et al. teaches: wherein the instructions, when executed by the one or more processors, further cause the relay server to: convert the display information to rich object data (Aggarwal et al. – Paragraph [0020]: QR codes are widely used to encode a variety of information, and QR code generation websites are publicly available. ... the QR code may encode configuration information such as, for example, network access control information, which may include, the network's SSID name, security keys (e.g., WPA and WEP), and other network configuration information.), It would have been obvious to one of ordinary skill in the art, before the effective filing date of the claimed invention, to modify the display information received by the relay server taught by Huang et al., McDonald et al., and Bradley Taralika et al., and Hardt et al. with the display information conversion as taught by Aggarwal et al. One of ordinary skill in the art would have been motivated to make this modification for the ease of use by the end user. Claim 14 is rejected with the same rationale and motivation as above. Claims 8, 15 and 20 are rejected under 35 U.S.C. 103 as being unpatentable over Huang et al. and McDonald et al. in view of Bradley as applied to claim 1 above, and further in view of FU et al. CN 105636030 A (w/ publication date: Jun. 01, 2016). Referring to dependent claims 8, 15, and 20 As per claim 8, Huang et al. and McDonald et al. Bradley teach the one or more non-transitory computer-readable media of claim 1. Huang et al. and McDonald et al. do not expressly teach wherein the instructions, when executed by the one or more processors, further cause the relay server to: request a push notification be sent to the origination device that causes a user interface to be displayed on the origination device that indicates the recipient device is attempting to retrieve the copy of the access credential, wherein the encrypted payload is provided to the recipient device based at least in part on an input received at the user interface. FU et al. teaches: wherein the instructions, when executed by the one or more processors, further cause the relay server to: request a push notification be sent to the origination device that causes a user interface to be displayed on the origination device that indicates the recipient device is attempting to retrieve the copy of the access credential (FU et al. – Paragraph [109]: In a second possible implementation, if the second terminal information is an IP address, a request message can be sent to the first terminal based on the IP address. The request message can carry the identifier of the access point to be accessed and the first terminal information. Accordingly, a selection dialog box can pop up on the display interface of the first terminal, and the request message is displayed in the selection dialog box. For example, "User A wants to access access point M, do you agree to share the access password?" is displayed on the display interface of the first terminal. In addition, the selection dialog box also provides an option of whether to share the access password.), wherein the encrypted payload is provided to the recipient device based at least in part on an input received at the user interface (FU et al. – Paragraph [109]: When it is detected that the user triggers the option to confirm sharing, the second terminal automatically obtains the access password corresponding to the access point to be accessed, and sends the access password to the first terminal.). It would have been obvious to one of ordinary skill in the art, before the effective filing date of the claimed invention, to have modified the relay server taught by Huang et al. and McDonald et al. and Bradley with the notification modification taught by FU et al. One of ordinary skill in the art would have been motivated to make this modification for the benefit of preventing the URL from being accessed by malicious third parties who may have gained unexpected knowledge of the URL. Claim 15 is rejected with the same rationale and motivation as above. Claim 20 is rejected with the same rationale and motivation as above. Conclusion The prior art made of record and not relied upon is considered pertinent to applicant’s disclosure. Paterra et al. (US 11063915) teaches a network-attachable data transfer device may be configured to operate in a cluster to coordinate the storage of data. Ramadasse et al. (US 20220385467 A1) teaches a method for cryptographic key attestation. Rebaud et al. (US 20040261093 A1) teaches a system for restricting access to media content from client devices. Murthy et al. (US 20100299340 A1) Teaches a system for contacting a data owner for permission to access data. Conclusion Any inquiry concerning this communication or earlier communications from the examiner should be directed to Shewaye Gelagay whose telephone number is (571)272-4219. The examiner can normally be reached Monday to Friday 8 A.M. - 4 P.M.. Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice. If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Amy C. Johnson can be reached at 571-272-2238. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300. Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. Visit https://www.uspto.gov/patents/apply/patent-center for more information about Patent Center and https://www.uspto.gov/patents/docx for information about filing in DOCX format. For additional questions, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000. /SHEWAYE GELAGAY/Supervisory Patent Examiner, Art Unit 2436