METHODS AND DEVICES FOR CONTROLLING ACCESS TO A SOFTWARE ASSET

Notice of Pre-AIA or AIA Status The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA . 1. Claims 1, 5 and 18-19 have been amended. Claims 24-34 have been newly added. Claims 1-6, 18-19 and 24-34 have been examined. Response to Arguments 2. Applicant’s arguments with respect to claims 1, 18 and 19 have been considered but are moot because the new ground of rejection does not rely on any reference applied in the prior rejection of record for any teaching or matter specifically challenged in the argument. 3. The text of those sections of Title 35, U.S. Code not included in this action can be found in a prior Office action. 4. In the event the determination of the status of the application as subject to AIA 35 U.S.C. 102 and 103 (or as subject to pre-AIA 35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis (i.e., changing from AIA to pre-AIA ) for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status. Claim Rejections - 35 USC § 103 5. Claims 1-6, 18-19 and 24-34 are rejected under 35 U.S.C. 103 as being unpatentable over Chan et al. (U.S. Patent Application Publication 2022/0255944; hereafter “Chan”), and further in view of Palanisamy (U.S. Patent Application Publication 2015/0312038), and further in view of Hunt et al. (U.S. Patent Application Publication 2021/0152372; hereafter “Hunt”). For claims 1 and 18-19, Chan teaches a method, non-transitory computer-readable storage medium (note paragraph [0030], software stored in memory) and a software provider server (note paragraph [0029]-[0031], server), comprising: one or more processors (note paragraph [0029], processor); and a memory storing one or more programs configured to be executed by the one or more processors (note paragraph [0030], software stored in memory), the one or more programs including instructions for; after providing the authentication token, receiving a request for a feature access token from the service provider server (note paragraph [0036], feature server receives a token request to provide requested features from a device management server, i.e. service provider server); and in reaction to the request, providing the feature access token to the service provider server (note paragraph [0037], feature server sends a token to device management server), wherein the feature access token is signed and enables the service provider server to provide access to the software asset to one or more electronic devices which are coupled to the service provider server (note paragraphs [0037]-[0039], token is embedded with a signature and enables device management server to provide access to feature to electronic device connected to the device management server), the feature access token being accessible at the one or more electronic devices where it can be validated locally at the one or more electronic devices, thereby providing access to the software asset on the one or more electronic devices by using the feature access token (note paragraph [0039], token is accessible at the electronic device and can be validated locally based on expiry time and provides access to the software feature on the electronic device). Chan differs from the claimed invention in that they fail to teach: receiving a request for authentication of a service provider server from the service provider server; upon successful authentication of the service provider server, providing an authentication token to the service provider server; Palanisamy teaches: receiving a request for authentication of a service provider server from the service provider server (note paragraph [0068], token server receives a registration request from a token requestor); upon successful authentication of the service provider server, providing an authentication token to the service provider server (note paragraph [0068], upon verifying the token requestor is an authorized entity, a requestor ID, i.e. authentication token, is provided to the token requestor); after providing the authentication token, receiving a request for a feature access token from the service provider server (note paragraph [0071], token request is received from token requestor); It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to combine the feature token distribution to clients from a device management server of Chan and the registration of a token requesting computer to a token server of Palanisamy to form a system where a device management server (i.e. token requestor) registers with a feature server (i.e. token server) for requesting feature tokens for distribution to clients. One of ordinary skill would have been motivated to combine Chan and Palanisamy because a requestor ID for registered requestors would facilitate identification and validation of the entity (note paragraph [0056] of Palanisamy). The combination of Chan and Palanisamy differs from the claimed invention in that they fail to teach: the feature access token being accessible at the one or more electronic devices where it can be validated locally at the one or more electronic devices using a security key to verify whether the feature asset is issued by a software provider server in the one or more software provider servers, thereby providing access to the software asset on the one or more electronic devices by using the feature access token Hunt teaches: the feature access token being accessible at the one or more electronic devices where it can be validated locally at the one or more electronic devices using a security key (note paragraph [0053], client validates a response locally using a public key) to verify whether the feature asset is issued by a software provider server in the one or more software provider servers (note paragraph [0056], signature validation verifies the origin server as the source of content), thereby providing access to the software asset on the one or more electronic devices by using the feature access token (note paragraph [0021], validated payload may provide access to a software update) It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to combine the combination of Chan and Palanisamy and the client device validating a payload using a signature and a public key of Hunt to form a combination where a feature server generates tokens (Chan) which include digital signatures (Hunt) so a receiving electronic device can validate the origin of the token even if the token has passed through intermediary servers. One of ordinary skill would have been motivated to combine Chan, Palanisamy and Hunt because it would allow for a client device to validate a source server signature even if there is an intermediary distribution (note paragraphs [0009] and [0056] of Hunt). For claims 2, 25 and 30, the combination of Chan, Palanisamy and Hunt teaches claims 1, 18 and 19, wherein: the feature access token comprises a digital signature or is encrypted using a digital signature (note paragraphs [0049]-[0050] of Hunt, response to client includes a signature); and the security key is a decryption key for validating the digital signature of the feature access token or for decrypting the feature access token (note paragraph [0053] of Hunt, public key is used to decrypt the hash to validate the digital signature). It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to combine the combination of Chan and Palanisamy and the client device validating a payload using a signature and a public key of Hunt to form a combination where a feature server generates tokens (Chan) which include digital signatures (Hunt) so a receiving electronic device can validate the origin of the token even if the token has passed through intermediary servers. One of ordinary skill would have been motivated to combine Chan, Palanisamy and Hunt because it would allow for a client device to validate a source server signature even if there is an intermediary distribution (note paragraphs [0009] and [0056] of Hunt). For claims 3, 26 and 31, the combination of Chan, Palanisamy and Hunt teaches claims 2, 25 and 30, further comprising: receiving a request for the decryption key from an electronic device (note paragraph [0042] of Hunt, server receives a request for the server’s public key certificate); and providing the decryption key to the electronic device in reaction to the request (note paragraph [0044] of Hunt, the server provides public key certificate to the client). It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to combine the combination of Chan and Palanisamy and the client device validating a payload using a signature and a public key of Hunt to form a combination where a feature server generates tokens (Chan) which include digital signatures (Hunt) so a receiving electronic device can validate the origin of the token even if the token has passed through intermediary servers. One of ordinary skill would have been motivated to combine Chan, Palanisamy and Hunt because it would allow for a client device to validate a source server signature even if there is an intermediary distribution (note paragraphs [0009] and [0056] of Hunt). For claims 4, 27 and 32, the combination of Chan, Palanisamy and Hunt teaches claims 2, 25 and 30, further comprising: modifying the decryption key used for the digital signature of the feature access token after elapse of a key validity period (note paragraph [0026] of Hunt, if the existing certificate expires, the client updates with a newly generated certificate). It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to combine the combination of Chan and Palanisamy and the client device validating a payload using a signature and a public key of Hunt to form a combination where a feature server generates tokens (Chan) which include digital signatures (Hunt) so a receiving electronic device can validate the origin of the token even if the token has passed through intermediary servers. One of ordinary skill would have been motivated to combine Chan, Palanisamy and Hunt because it would allow for a client device to validate a source server signature even if there is an intermediary distribution (note paragraphs [0009] and [0056] of Hunt). For claims 5, 28 and 33, the combination of Chan, Palanisamy and Hunt teaches claims 1, 18 and 19, further comprising: receiving configuration data from the service provider server, the configuration data indicative of the software program within which the software asset is to be used (note paragraph [0036] of Chan, feature server receives a token request for a requested feature including an identifier of the shadow of the device, i.e. state and identification information of the particular device); and providing feature access token based on the configuration data, such that the feature access token limits access to the software asset for use within the software program indicated by the configuration data (note paragraphs [0037]-[0038] of Chan, feature server provides a token based on the identifying information, such that the token allows access to the feature for that particular electronic device). For claims 6, 29 and 34, the combination of Chan, Palanisamy and Hunt teaches claims 1, 18 and 19, wherein the software provider server for providing the authentication token (note paragraph [0056] of Palanisamy, requestor registration module) is different from the software provider server for providing the feature access token (note paragraph [0058] of Palanisamy, token generation module; paragraph [0106] of Palanisamy, software components may be present on different computational apparatuses within a system or network). It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to combine the feature token distribution to clients from a device management server of Chan and the registration of a token requesting computer to a token server of Palanisamy to form a system where a device management server (i.e. token requestor) registers with a feature server (i.e. token server) for requesting feature tokens for distribution to clients. One of ordinary skill would have been motivated to combine Chan and Palanisamy because a requestor ID for registered requestors would facilitate identification and validation of the entity (note paragraph [0056] of Palanisamy). For claim 24, the combination of Chan, Palanisamy and Hunt teaches claim 1, further comprising providing the security key to the one or more electronic devices, wherein a first software provider server provides the feature access token and a second software provider server different from the first software provider server provides the security key (note paragraphs [0020], [0044] and [0050], certificate server and origin are different servers of the software provider servers; certificate server provides public key while origin server provides signed response message). It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to combine the combination of Chan and Palanisamy and the client device validating a payload using a signature and a public key of Hunt to form a combination where a feature server generates tokens (Chan) which include digital signatures (Hunt) so a receiving electronic device can validate the origin of the token even if the token has passed through intermediary servers. One of ordinary skill would have been motivated to combine Chan, Palanisamy and Hunt because it would allow for a client device to validate a source server signature even if there is an intermediary distribution (note paragraphs [0009] and [0056] of Hunt). Conclusion 6. The prior art made of record and not relied upon is considered pertinent to applicant's disclosure. Peza Remirez et al. (U.S. Patent Application Publication 2018/0260536) discloses a user device authenticating a license locally using a license generation public key for enabling application features (note paragraphs [0038]-[0039]). Cronce (U.S. Patent Application Publication 2003/0156719) discloses a device authenticating a license locally using a publisher’s public key to control software use (note Fig. 9-10). Puhl et al. (U.S. Patent 6,223,291) enabling a feature on a phone by making a request to a server, which is then sent to certificate server to generate a license; the license is validated using a public key (note column 6, lines 5-37). 7. Applicant's amendment necessitated the new ground(s) of rejection presented in this Office action. Accordingly, THIS ACTION IS MADE FINAL. See MPEP § 706.07(a). Applicant is reminded of the extension of time policy as set forth in 37 CFR 1.136(a). A shortened statutory period for reply to this final action is set to expire THREE MONTHS from the mailing date of this action. In the event a first reply is filed within TWO MONTHS of the mailing date of this final action and the advisory action is not mailed until after the end of the THREE-MONTH shortened statutory period, then the shortened statutory period will expire on the date the advisory action is mailed, and any nonprovisional extension fee (37 CFR 1.17(a)) pursuant to 37 CFR 1.136(a) will be calculated from the mailing date of the advisory action. In no event, however, will the statutory period for reply expire later than SIX MONTHS from the mailing date of this final action. 8. Any inquiry concerning this communication or earlier communications from the examiner should be directed to DAVID J PEARSON whose telephone number is (571)272-0711. The examiner can normally be reached 8:30 - 6:00 pm; Monday through Friday. Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice. If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Catherine Thiaw can be reached at (571)270-1138. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300. Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. Visit https://www.uspto.gov/patents/apply/patent-center for more information about Patent Center and https://www.uspto.gov/patents/docx for information about filing in DOCX format. For additional questions, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000. DAVID J. PEARSON Primary Examiner Art Unit 2407 /David J Pearson/Primary Examiner, Art Unit 2407