CONTEXT AWARE AUTHORIZATION FOR DATA AND SERVICES IN THE IOT/M2M SERVICE LAYER

DETAILED ACTION This final office action is in response to applicant’s claim arguments/remarks filed March 24, 2026. Claims 1-20 are pending. Notice of Pre-AIA or AIA Status The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA . Response to Arguments I. Applicant argues that Lindholm fails to disclose “wherein the one or more conditions comprise a number of allowed accesses to the at least one of the data or service made available by the service layer,” as recited by independent claims 1, 8, and 15. Specifically, Applicant contends that Lindholm fails to disclose this limitation because the alleged one or more conditions are not indicated by one or more context-aware states that are associated with an authorization policy. In the pending independent claims, the one or more conditions are indicated by the one or more context-aware states, which are associated with an authorization policy. The authorization policy, in turn, is associated with at least one of the data or services made available by the service layer. Therefore, Applicant asserts that the one or more conditions feature, as claimed, is not disclosed by Lindholm. The Examiner has carefully reviewed Applicant's arguments and respectfully disagrees. The claim limitation recites that the one or more conditions comprise a number of allowed accesses to at least one of the data or services made available by the service layer. Lindholm teaches that the Order Server 3 creates one or more digitally signed tickets and sends them back to the Client 1. Such a ticket serves as a receipt of the order and contains information necessary for the Client to obtain the requested media object (e.g. access data or service) from the Streaming Server 5 (e.g. service layer). This information may include details about the Streaming Server and the requested media, cryptographic information such as keys and other parameters for the streaming data, and usage rights or conditions — i.e., authorization information — for the requested media, e.g., the number of accesses allowed, initiation and expiration times (e.g. one or more conditions comprise a number of allowed accesses). Lindholm clearly teaches that the client uses the ticket to access the requested media object from the Streaming Server, and that the ticket includes usage rights or conditions, i.e., authorization information, for the requested media, such as the number of accesses allowed, initiation time, and expiration time. Accordingly, Lindholm clearly teaches the one or more conditions comprise a number of allowed accesses to the at least one of the data or service (e.g. media object, streaming data) made available by the service layer (e.g. streaming server). Furthermore, Lindholm also teaches an authorization policy (cryptographic information such as keys and other parameters for the streaming data, and usage rights or conditions — i.e., authorization information for the requested media). Lindholm was not incorporated to teach that the one or more conditions are indicated by one or more context-aware states that are associated with an authorization policy. II. Applicant’s claim amendments to claims 15-20 is persuasive to overcome 35 U.S.C. § 101 rejection. Therefore, the rejection of claims 15-20 under 35 U.S.C. § 101 is hereby withdrawn. III. The rejection on the ground of non-statutory obviousness-type double patenting rejection is maintained. Applicant presents no further arguments. For the above reasons, it is believed that the rejections should be sustained. Accordingly, THIS ACTION IS MADE FINAL. See MPEP 706.07(a). Applicant is reminded of the extension of time policy as set forth in 37 CFR 1.136(a). Double Patenting The non-statutory double patenting rejection is based on a judicially created doctrine grounded in public policy (a policy reflected in the statute) so as to prevent the unjustified or improper timewise extension of the “right to exclude” granted by a patent and to prevent possible harassment by multiple assignees. A non-statutory double patenting rejection is appropriate where the conflicting claims are not identical, but at least one examined application claim is not patentably distinct from the reference claim(s) because the examined application claim is either anticipated by, or would have been obvious over, the reference claim(s). See, e.g., In re Berg, 140 F.3d 1428, 46 USPQ2d 1226 (Fed. Cir. 1998); In re Goodman, 11 F.3d 1046, 29 USPQ2d 2010 (Fed. Cir. 1993); In re Longi, 759 F.2d 887, 225 USPQ 645 (Fed. Cir. 1985); In re Van Ornum, 686 F.2d 937, 214 USPQ 761 (CCPA 1982); In re Vogel, 422 F.2d 438, 164 USPQ 619 (CCPA 1970); In re Thorington, 418 F.2d 528, 163 USPQ 644 (CCPA 1969). A timely filed terminal disclaimer in compliance with 37 CFR 1.321(c) or 1.321(d) may be used to overcome an actual or provisional rejection based on non-statutory double patenting provided the reference application or patent either is shown to be commonly owned with the examined application, or claims an invention made as a result of activities undertaken within the scope of a joint research agreement. See MPEP § 717.02 for applications subject to examination under the first inventor to file provisions of the AIA as explained in MPEP § 2159. See MPEP § 2146 et seq. for applications not subject to examination under the first inventor to file provisions of the AIA . A terminal disclaimer must be signed in compliance with 37 CFR 1.321(b). The filing of a terminal disclaimer by itself is not a complete reply to a non-statutory double patenting (NSDP) rejection. A complete reply requires that the terminal disclaimer be accompanied by a reply requesting reconsideration of the prior Office action. Even where the NSDP rejection is provisional the reply must be complete. See MPEP § 804, subsection I.B.1. For a reply to a non-final Office action, see 37 CFR 1.111(a). For a reply to final Office action, see 37 CFR 1.113(c). A request for reconsideration while not provided for in 37 CFR 1.113(c) may be filed after final for consideration. See MPEP §§ 706.07(e) and 714.13. The USPTO Internet website contains terminal disclaimer forms which may be used. Please visit www.uspto.gov/patent/patents-forms. The actual filing date of the application in which the form is filed determines what form (e.g., PTO/SB/25, PTO/SB/26, PTO/AIA /25, or PTO/AIA /26) should be used. A web-based eTerminal Disclaimer may be filled out completely online using web-screens. An eTerminal Disclaimer that meets all requirements is auto-processed and approved immediately upon submission. For more information about eTerminal Disclaimers, refer to www.uspto.gov/patents/apply/applying-online/eterminal-disclaimer. Claims 1-20 are provisionally rejected on the ground of non-statutory double patenting as being unpatentable over claims 1-20 of U.S. Patent Application No. 11,765,586 (S/N # 16/771,728) and claims 1-19 of U.S. Patent Application No. 12,126,999 (S/N # 18/358,080). Although the conflicting claims are not identical, they are not patentably distinct from each other because the referenced co-pending US Patent application and the instant application are claiming common subject matter, as follows (only independent claim 1 is shown as example): Claim Comparison Table: Instant Application # 18/891,370 US Patent 11,765,586 (S/N # 16/771,728) 1. (New) A method implemented by an authorization verification service of a service layer, the method comprising: receiving, from a device, a request to access at least one of data or a service made available by the service layer; determining an authorization policy associated with the at least one of the data or service made available by the service layer; determining one or more context aware states associated with the authorization policy, wherein the one or more context aware states comprise an indication of one or more conditions for accessing the at least one of the data or service made available by the service layer, and wherein the one or more conditions comprise a number of allowed accesses to the at least one of the data or service made available by the service layer; determining whether the one or more conditions associated with the one or more context aware states are valid; and granting, to the device and based on determining that the one or more conditions associated with the one or more context aware states are valid, access to the at least one of the data or service made available by the service layer. 1. A method implemented by an authorization verification service of a service layer, the method comprising: receiving, from a device, a request to access at least one of data or a service made available by the service layer; determining an authorization policy associated with information indicative of prior access attempts for the at least one of the data or service made available by the service layer; determining one or more context aware states associated with the authorization policy, wherein the one or more context aware states comprise an indication of a plurality of conditions for accessing the at least one of the data or service made available by the service layer, and wherein the plurality of conditions comprise a number of allowed accesses to the at least one of the data or service made available by the service layer within a defined period of time; determining whether the plurality of conditions associated with the one or more context aware states are valid; granting, to the device and based on determining that the plurality of conditions associated with the one or more context aware states are valid, access to the at least one of the data or service made available by the service layer; determining the defined period of time elapses; and resetting the number of allowed accesses, based on the elapsed period of time, to the at least one of the data or service made available by the service layer. Instant Application # 18/891,370 US Patent 12,126,999 (S/N # 18/358,080) 1. (New) A method implemented by an authorization verification service of a service layer, the method comprising: receiving, from a device, a request to access at least one of data or a service made available by the service layer; determining an authorization policy associated with the at least one of the data or service made available by the service layer; determining one or more context aware states associated with the authorization policy, wherein the one or more context aware states comprise an indication of one or more conditions for accessing the at least one of the data or service made available by the service layer, and wherein the one or more conditions comprise a number of allowed accesses to the at least one of the data or service made available by the service layer; determining whether the one or more conditions associated with the one or more context aware states are valid; and granting, to the device and based on determining that the one or more conditions associated with the one or more context aware states are valid, access to the at least one of the data or service made available by the service layer. 1. A method implemented by a middleware supporting service capabilities through a set of Application Programming Interfaces (APIs), the middleware being provided between application protocols and applications, the method comprising: receiving, from an entity, a request to access at least one of data or a service made available by the middleware; determining an authorization policy associated with information indicative of prior access attempts for the at least one of the data or service made available by the middleware; determining one or more context aware states associated with the authorization policy, wherein the one or more context aware states comprise an indication of a plurality of conditions for accessing the at least one of the data or service made available by the middleware, and wherein the plurality of conditions comprise a number of allowed accesses to the at least one of the data or service made available by the middleware within a defined period of time; determining whether the plurality of conditions associated with the one or more context aware states are valid; granting, to the entity and based on determining that the plurality of conditions associated with the one or more context aware states are valid, access to the at least one of the data or service made available by the middleware; determining the defined period of time elapses; and resetting the number of allowed accesses, based on the elapsed period of time, to the at least one of the data or service made available by the middleware. Claim Rejections - 35 USC § 103 In the event the determination of the status of the application as subject to AIA 35 U.S.C. 102 and 103 (or as subject to pre-AIA 35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis (i.e., changing from AIA to pre-AIA ) for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status. The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action: A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made. The factual inquiries for establishing a background for determining obviousness under 35 U.S.C. 103 are summarized as follows: 1. Determining the scope and contents of the prior art. 2. Ascertaining the differences between the prior art and the claims at issue. 3. Resolving the level of ordinary skill in the pertinent art. 4. Considering objective evidence present in the application indicating obviousness or non-obviousness. Claim(s) 1-20 are rejected under 35 U.S.C. 103 as being unpatentable over US 2015/0031335A1 to Dong et al. (“Dong”) in view of WO 02/084980A1 to Lindholm et al. (“Lindholm”). Regarding claim 1, (New) Dong taught a method implemented by an authorization verification service of a service layer, the method comprising: receiving, from a device, a request to access at least one of data or a service made available by the service layer (See Claim 12. “Receiving a request from a second device for location information of the first device.” i.e. the service provider is receiving a request from the second device to access location information of a first device. See Para, 0004. “Location information management and privacy control at an M2M service layer…A service layer may inform a device of other devices whose locations are public and the device may designate the other devices that may receive its location information.” i.e. a service layer made information available. Para. 0065. “Device location management and privacy control, which may be implemented in an M2M service layer, such as the M2M service layers 22 and 22' of FIG. 2. In particular, these mechanisms and procedures may be implemented as a service capability (SC) in a service layer.”); determining an authorization policy associated with the at least one of the data or service made available by the service layer; (Para. 0066. “a device D may report its location to an SC and set up a privacy policy (i.e. authorization policy) for the location information. In such an embodiment, D may set up the policy that devices in a certain proximity (distance/range), or that devices having a certain relationship in common with the device, can get access to the device's location information.” i.e. authorization policy associated with location access service.) determining one or more context aware states associated with the authorization policy, wherein the one or more context aware states comprise an indication of one or more conditions for accessing the at least one of the data or service made available by the service layer (Claim 10. “…detecting a new location information regarding the first device; pushing the new location information of the first device to any devices that currently meet the criteria of the privacy policy in view of the new location information.” Para. 0038. “…location is important context information for an M2M device.” Para. [0094] “Next, device D 1001 moves from location L1 to location L2. SC 1002 detects this movement and gets the new location L2 of device D 1001 using a context management service. For example, the context management service may be able to detect the device mobility and acquire the device's new location due to the mobility. SC 1002 then reapplies the privacy policy originally setup by device D 1001 and determines that device 1-n 1003 no longer meets the criteria of the privacy policy, but device 1-m 1004 now does.”); determining whether the one or more conditions associated with the one or more context aware states are valid (Claim 11. “pushing a notification that the location information of the first device is no longer valid to any previously chosen devices that do not meet the criteria of the revised privacy policy; and pushing the location information of the first device to any devices that currently meet the criteria of the revised privacy policy.” Para. 0071. “D setting up a distance value, where other devices within the specified distance from D may get access to its location information.”); and granting, to the device and based on determining that the one or more conditions associated with the one or more context aware states are valid, access to the at least one of the data or service made available by the service layer (See claim 12. “if receipt of the location information by the second device is in accordance with the privacy policy, responding to the second device by providing the location information of the first device.”). Dong did not but the analogous art Lindholm taught wherein the one or more conditions comprise a number of allowed accesses to the at least one of the data or service made available by the service layer (The Order Server 3 then creates a digitally signed ticket or digitally signed tickets, which it sends back to the Client 1. Such a ticket is a receipt of the order and contains information of the agreement that is necessary for the Client in order to obtain the requested media object from the Streaming Server 5 and to retrieve the contents thereof. This might be information about the Streaming Server and about requested media, cryptographic information, such as a key and other parameters for the streaming data, and usage rights or conditions, i.e. authorization information, for the requested media, e.g. the number of accesses allowed, initiation and expiration time. When receiving the ticket the Client 1 may check that the contents of the ticket coincides with the previously made order. Page 8, lines 9-18); It would have been obvious to one of ordinary skill in the art before the effective filing date of the invention, to modify the system of Dong to incorporate the concept of the one or more conditions comprise a number of allowed accesses to the at least one of the data or service made available by the service layer as disclosed by Lindholm, such modification exchange security information, such as authentication of the client, which is used in the order process and/or in the charging process. (Lindholm, page 7, lines 37-41). Claims 8 and 15 recites similar limitations to claim 1, mutatis mutandis, the subject matter of claims 8 and 15, which is therefore, also considered to be taught by Dong-Lindholm combination as above. Regarding claim 2, (New) Dong-Lindholm combination further taught the method of claim 1, wherein the one or more conditions associated with the one or more context aware states further comprise a time duration for accessing the at least one of the data or service made available by the service layer (Lindholm, Page 8, lines 9-18: usage rights or conditions, i.e. authorization information, for the requested media, e.g. the number of accesses allowed, initiation and expiration time.) The reasons of obviousness have been noted in the rejection of claim 1 above and applicable herein. Claims 9 and 16 recite similar limitations to claim 2, mutatis mutandis, the subject matter of claims 9 and 16, which is therefore, also considered to be taught by Dong-Lindholm combination as above. Regarding claim 3, (New) Dong in view of Lindholm further taught the method of claim 1, wherein the one or more conditions associated with the one or more context aware states further comprise a type of device that is allowed access to the at least one of the data or service made available by the service layer (Dong teaches in Claim 9, “applying the privacy policy to information known to the server regarding a set of devices, the set comprising the first device, the second device, and/or other devices; choosing from the set of devices those devices that meet the criteria of the privacy policy” and par 0037, M2Msystems may report an M2M device or M2M gateway location to an M2M application when this information is available.” Dong establishes that one of the criteria in accessing location information which corresponds to the claimed “context aware states” must be a device which meets the conditions of a privacy policy which corresponds to the claimed “type of device that is allowed access” and “one or more conditions” respectively. When the conditions of the privacy policy are met, Claim 9 further elaborates that “and pushing to the chosen devices via the communication network the location information of the first device” where the claimed “type of device” can be any device that set of devices that are applicable to the privacy policy and therefore, given location information” the location information of the first device which corresponds to the claimed “data or service.”). Claims 10 and 17 recite similar limitations to claim 3, mutatis mutandis, the subject matter of claims 10 and 17, which is therefore, also considered to be taught by Dong-Lindholm combination as above. Regarding claim 4, (New) Dong in view of Lindholm further taught the method of claim 1, wherein the one or more conditions associated with the one or more context aware states are independent of the device and the request to access the at least one of the data or service made available by the service layer (Dong, par 0038, teaches “location information of an M2M device or M2M gateway may be determined either by underlying network procedures, by application level information reported from an M2M device or gateway application or by using a combination of both methods.” The location information of an M2M device or M2M gateway corresponds to the claimed “the one or more conditions” and the determined by underlying network procedures correspond to the claimed “independent of the device.”) Claims 11 and 18 recite similar limitations to claim 4, mutatis mutandis, the subject matter of claims 11 and 18, which is therefore, also considered to be taught by Dong-Lindholm combination as above. Regarding claim 5, (New) Dong in view of Lindholm further taught the method of claim 1, wherein the authorization verification service determines the context aware states based on one or more of data stored by the service layer or operations performed by the service layer (Dong establishes the service layer as a unit of management and determination of context aware states and teaches that the distance, range, and location information which corresponds to the claimed “context aware states” is determined and managed by the Service Capability (SC, par 0065, service capability in a service layer). Dong elaborates further, par 0068, “With the devices' location information managed by the SC, the instant embodiments facilitate new service capabilities. For example, an SC may act as a relay point for device services requests and advertisements. Further, a device may advertise its services to other entities in the proximity by retrieving the device location information from the SC. Alternatively, a device may grant the SC permission to push other devices' location information if it satisfies the privacy policy for those devices. When a device wants to request a service (e.g., a food recommendation,) the SC may locate other devices in the proximity that provide the service and, if the location information for the provider of that service is public, forward the request to those provider devices. An SC can also provide a directory of services available based on the location of a device. An SC may further act as intermediary in the provision of a service”). Claims 12 and 19 recite similar limitations to claim 5, mutatis mutandis, the subject matter of claims 12 and 19, which is therefore, also considered to be taught by Dong-Lindholm combination as above. Regarding claim 6, (New) Dong in view of Lindholm further taught the method of claim 1, wherein the one or more context aware states are stored in the authorization policy (Dong teaches of the identity, distance, and relationship that comprises a privacy policy which correspond to the claimed “context aware states” and “authorization policy” respectively, in Claim 1, “where the privacy policy comprises criteria relating to an identity of a second device, a distance, and/or a relationship among two or more devices.”). Claims 13 and 20 recite similar limitations to claim 6, mutatis mutandis, the subject matter of claims 13 and 20, which is therefore, also considered to be taught by Dong-Lindholm combination as above. Regarding claim 7, (New) Dong in view of Lindholm further taught the method of claim 1, further comprising updating, based on granting access to the at least one of the data or service made available by the service layer, the one or more context aware states associated with the authorization policy (Dong establishes updating policies based upon accepted context aware states that change through location information which correspond to the claimed “context aware states,” in Claim 2, “The server of claim 1, wherein the server is further arranged: to detect a new location information regarding the first device; to reapply the privacy policy; to push a notification that the location information of the first device is no longer valid to any previously chosen devices that no longer meet the criteria of the privacy policy; and to push the new location information of the first device to any devices that currently meet the criteria of the privacy policy in view of the new location information.”) . Claim 14 recites similar limitations to claim 1, mutatis mutandis, the subject matter of claims 14, which is therefore, also considered to be taught by Dong-Lindholm combination as above. Conclusion The prior art made of record and not relied upon is considered pertinent to applicant's disclosure: US 9,603,059 B2 (Vuornos et al.): A technique may include receiving application usage data at a data package service; analyzing the application usage data to obtain analyzed data; designing one or more data service packages according to the analyzed data, each data service package to define a set of parameters to manage access to a cellular data network; presenting one or more data service packages to a client device; receiving a selection of a data service package from the client device; and uploading a policy associated with the selected data service package to a data access server. Other embodiments are described and claimed. THIS ACTION IS MADE FINAL. Applicant is reminded of the extension of time policy as set forth in 37 CFR 1.136(a). A shortened statutory period for reply to this final action is set to expire THREE MONTHS from the mailing date of this action. In the event a first reply is filed within TWO MONTHS of the mailing date of this final action and the advisory action is not mailed until after the end of the THREE-MONTH shortened statutory period, then the shortened statutory period will expire on the date the advisory action is mailed, and any nonprovisional extension fee (37 CFR 1.17(a)) pursuant to 37 CFR 1.136(a) will be calculated from the mailing date of the advisory action. In no event, however, will the statutory period for reply expire later than SIX MONTHS from the mailing date of this final action. Any inquiry concerning this communication or earlier communications from the examiner should be directed to SHAWNCHOY RAHMAN whose telephone number is (571)270-7471. The examiner can normally be reached Monday - Friday 8:30A-5P ET. Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice. If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Taghi T Arani can be reached at 5712723787. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300. Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. Visit https://www.uspto.gov/patents/apply/patent-center for more information about Patent Center and https://www.uspto.gov/patents/docx for information about filing in DOCX format. For additional questions, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000. /Shawnchoy Rahman/Primary Examiner, Art Unit 2438