DETAILED ACTION
Notice of Pre-AIA or AIA Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .
Continued Examination Under 37 CFR 1.114
A request for continued examination under 37 CFR 1.114, including the fee set forth in 37 CFR 1.17(e), was filed in this application after final rejection. Since this application is eligible for continued examination under 37 CFR 1.114, and the fee set forth in 37 CFR 1.17(e) has been timely paid, the finality of the previous Office action has been withdrawn pursuant to 37 CFR 1.114. Applicant's submission filed on 3/20/2026 has been entered.
Response to Amendment / Arguments
Regarding claims rejected under 35 USC 103:
Applicant’s arguments have been considered but are moot because the new ground of rejection does not rely on any reference applied in the prior rejection of record for any teaching or matter specifically challenged in the argument.
Claim Rejections - 35 USC § 112
The following is a quotation of 35 U.S.C. 112(b):
(b) CONCLUSION.—The specification shall conclude with one or more claims particularly pointing out and distinctly claiming the subject matter which the inventor or a joint inventor regards as the invention.
The following is a quotation of 35 U.S.C. 112 (pre-AIA ), second paragraph:
The specification shall conclude with one or more claims particularly pointing out and distinctly claiming the subject matter which the applicant regards as his invention.
Claims 23-24, 29, 34-35, 37, 43, 45, and 46-51 are rejected under 35 U.S.C. 112(b) or 35 U.S.C. 112 (pre-AIA ), second paragraph, as being indefinite for failing to particularly point out and distinctly claim the subject matter which the inventor or a joint inventor (or for applications subject to pre-AIA 35 U.S.C. 112, the applicant), regards as the invention. Example independent claim 23 recites “determine that the transfer of custody of the attestation device from the first gateway device to the second gateway device is authentic based on a determination that the expected hash value equals both the first value from the first gateway device and the second value from the second gateway device,” which renders the claim indefinite because it is not clear how to interpret “equals both the first value [V1]… and the second value [V2].” Specifically, it is not clear whether this language is drawn to determining that (a) the expected hash value is equal to V1 and also equal to V2 (i.e., that it is equal to each of V1 and V2, which are therefore also equal) or (b) that the expected hash is equal to some combination of V1 and V2 together (e.g., concatenation as in [0060]-[0069] of the instant specification). In the case of (b), it is also not clear whether “equals both” is exclusive of other attributes (i.e., whether it equals some combination of V1 and V2 only rather than some combination of V1 and V2 and other attributes).
It is additionally not clear how to interpret the expected hash value being “based on, at least in part, a first signature for the transfer generated by the first gateway device, a second signature for the transfer generated by the second gateway device, and the secret data,” since the equality to V1 and V2 could mean to exclude the other recited attributes and therefore contradict the rest of the claim.
Independent claims 35 and 49 recite substantially similar language, and are therefore rejected under the same analysis. The respective dependent claims do not rectify this issue and are likewise rejected.
For the purpose of applying prior art, “determine that the transfer of custody… is authentic based on a determination that the expected hash value equals both the first value from the first gateway device and the second value from the second gateway device” has been interpreted to mean that the expected hash is matched to a calculated hash of some combination of V1 and V2 (e.g., concatenation or inputting both into the same field / record).
Claim Rejections - 35 USC § 103
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.
Claim(s) 23-24, 35, 43, 45, 47, and 49 is/are rejected under 35 U.S.C. 103 as being unpatentable over Robinton (US 2015/0208245 A1) in view of Hind (US 7,225,167 B2).
Regarding claim 23, Robinton discloses: At least one non-transitory machine-readable medium comprising machine-readable instructions to cause at least one processor circuit to at least:
provision secret data on an attestation device (e.g., tag 108 in FIG. 1 of Robinton);
Refer to at least [0035], [0065], and [0070] of Robinton with respect to data written to tag memory (e.g., UID, PINs, passwords).
receive, from a first gateway device (e.g., phone 104 in FIG. 1 and [0027] of Robinton), a first report of a transfer of custody of the attestation device from the first gateway device to a second gateway device (e.g., [0011] and [0086]-[0087] of Robinton concerning chain of custody), the first report including a first instance of attestation data for the transfer, the first instance of the attestation data having a first value;
Refer to at least [0037] of Robinton with respect to the phone sending collected tag data and information to a trusted authority. The collected data may include, e.g., the UID, PIN, metadata, and so forth.
receive, from the second gateway device (e.g., a different phone as in [0041] and [0087] of Robinton), a second report of the transfer, the second report including a second instance of the attestation data for the transfer, the second instance of the attestation data having a second value;
Refer to at least [0041]-[0042] and [0087] of Robinton with respect to the different phone participating in the chain of custody by reading the tag, sending collected tag data and information to the trusted authority, and writing to the tag.
determine an expected hash value for the attestation data based on, at least in part, first a signature for the transfer generated by the first gateway device, a second signature for the transfer generated by the second gateway device, and the secret data; and
Refer to at least [0037]-[0041] and [0087] of Robinton with respect to each of the different phones having a respective signature that is associated with the tag and chain of custody.
Refer to at least [0038], [0043], and [0085] of Robinton with respect to hashing for signature generation including inputs from received from the phones, combined signatures, and regenerating an expected signature for validation.
determine that the transfer of custody of the attestation device from the first gateway device to the second gateway device is authentic based on a determination [using the expected hash value].
Refer to at least [0043]-[0045], [0011], and [0087] of Robinton with respect to validation including comparing the expected signature against received signatures.
Although Robinton discusses tag signature validation between different devices and corresponding signatures generally (e.g., [0041]-[0045] of Robinton), it does not specify: the determination using the expected hash value further comprising that the expected hash value equals both the first from the first gateway device and the second value from the second gateway device. However, Robinton in view of Hind discloses: the determination using the expected hash value further comprising that the expected hash value (e.g., Col. 8, Ll. 13-32 of Hind concerning a signature comprising a hash computation over fields of an ownership record) equals both the first from the first gateway device and the second value from the second gateway device (e.g., FIG. 9 of Hind concerning devices used during ownership transfer).
Refer to at least Col. 11, Ll. 29-Col. 12, Ll. 5, Col. 12, Ll. 23-27, and Col. 16, Ll. 40-50 of Hind with respect to adding data from each transfer to the ownership record which is signed using the hash. The signed record is validated using the hash (i.e., verifying that the fields match the signature over the fields).
The teachings of both Robinton and Hind concern object tracking and RFID, and are considered to be within the same field of endeavor and combinable as such. Further, at least [0087] of Robinton contemplates writing multiple validation signatures or a combined validation signature to a tag as in [0085].
Therefore it would have been obvious to one of ordinary skill in the art before the filing date of Applicant’s invention to modify the teachings of Robinton to further implement support for writing and validating ownership records incorporating data from previous transfers because the particular known technique was recognized as part of the ordinary capabilities of one skilled in the art, and for the purpose of validating all parties’ evidence of transfer (multiple parties may be involved in a custody transfer, and a comprehensive integrity verification would verify all respective signatures involved). Additionally, this allows for writing cryptographically secured audit information into the tracked object, thereby making modification by a dishonest entity more difficult (e.g., Col. 3, Ll. 10-20 of Hind).
Regarding claim 24, Robinton-Hind discloses: The at least one non-transitory machine-readable medium of claim 23, wherein the secret data includes a configuration of the attestation device.
Refer to at least [0037], [0065], and [0070] of Robinton with respect to the data written on the tag, including the UID, PIN, password, service descriptions, access control information, authentication algorithms, and metadata.
Regarding independent claim 35, it is substantially similar to independent claim 23 above, and is therefore likewise rejected.
Regarding claim 43, it is rejected for substantially the same reasons as claim 23 above (i.e., chain of custody transfers involving multiple parties and validating all involved signatures; e.g., [0085]-[0087] of Robinton and Col. 11, Ll. 29-Col. 12, Ll. 5, Col. 12, Ll. 23-27, and Col. 16, Ll. 40-50 of Hind).
Regarding claim 45, it is rejected for substantially the same reasons as claim 23 above (e.g., [0085]-[0087] of Robinton concerning singular per-signature validation and/or a combined signature for validation).
Regarding claim 47, it is substantially similar to claim 45 above, and is therefore likewise rejected.
Regarding independent claim 49, it is substantially similar to independent claim 23 above, and is therefore likewise rejected.
Claim(s) 29 and 37 is/are rejected under 35 U.S.C. 103 as being unpatentable over Robinton-Hind as applied to claims 23-24, 35, 43, 45, 47, and 49 above, and further in view of Dombkowski (US 2005/0210265 A1).
Regarding claim 29, Robinton-Hind discloses various types of memory in [0054], but does not specify: wherein the machine-readable instructions are to cause one or more of the at least one processor circuit to cause the secret data to be written in memory of the attestation device that is erased on a restart of the attestation device. However, Robinton-Hind in view of Dombkowski discloses: wherein the machine-readable instructions are to cause one or more of the at least one processor circuit to cause the secret data to be written in memory of the attestation device that is erased on a restart of the attestation device.
Refer to at least [0041] and [0049] of Dombkowski with respect to an authentication device having memory which erases stored secret data upon a loss of power.
The teachings of Robinton-Hind and Dombkowski concern authentication devices and device tracking, and are considered to be within the same field of endeavor and combinable as such.
Therefore it would have been obvious to one of ordinary skill in the art before the filing date of Applicant’s invention to modify the teachings of Robinton-Hind to include erasing secret data upon a loss of power for at least the purpose of tamper prevention (i.e., making sure that an attacker cannot break into the tag and reader).
Regarding claim 37, it is substantially similar to claim 29 above, and is therefore likewise rejected.
Claim(s) 34, 46, 48, and 50 is/are rejected under 35 U.S.C. 103 as being unpatentable over Robinton-Hind as applied to claims 23-24, 35, 43, 45, 47, and 49 above, and further in view of Warner (US 8,344,853 B1).
Regarding claim 34, Robinton-Hind does not disclose: wherein the first value is based on a value of a random number generator based on a random number generation seed. However, Robinton-Hind in view of Warner discloses: wherein the first value is based on a value of a random number generator based on a random number generation seed.
Refer to at least the abstract and Col. 6, LI. 4-9 of Warner with respect to the tag generating random numbers when polled by readers.
Refer to at least FIG. 2 and Col. 6, LI. 31-37 of Warner with respect to multiple readers polling for random numbers.
The teachings of Robinton-Hind and Warner both concern custody transfers with tag verification, and are considered to be within the same field of endeavor and combinable as such.
Therefore it would have been obvious to one of ordinary skill in the art before the filing date of Applicant’s invention to modify the teachings of Robinton to further implement generating random numbers as part of storing custody data to the tag because the particular known technique (creating random numbers with a random number generator) was recognized as part of the ordinary capabilities of one skilled in the art.
Regarding claims 46, 48, and 50, they are substantially similar to elements of claim 34, and are therefore likewise rejected.
Claim(s) 51 is/are rejected under 35 U.S.C. 103 as being unpatentable over Robinton-Hind as applied to claims 23-24, 35, 43, 45, 47, and 49 above, and further in view of Kostiainen (US 2015/0281219 A1).
Regarding claim 51, Robinton-Hind does not disclose: further including verifying a certificate to verify the transfer. However, Robinton-Hind in view of Kostiainen discloses: further including verifying a certificate to verify the transfer.
Refer to at least [0069]-[0076] of Kostiainen with respect to verifying a signature based on a device certificate.
The teachings of Kostiainen likewise concern device signature verification, and are considered to be within the same field of endeavor and combinable as such. At least Col. 7, Ll. 60-Col. 8, Ll. 32 of Hind concern using a certificate as part of the hash signature scheme and verification.
Therefore it would have been obvious to one of ordinary skill in the art before the filing date of Applicant’s invention to modify the teachings of Robinton-Hind to include verifying device certificates for at least the purpose of introducing improved security (e.g., trusted devices to prevent counterfeit signatures; certificate revocation to prevent usage of compromised certificates).
Conclusion
The prior art made of record and not relied upon is considered pertinent to applicant's disclosure.
Any inquiry concerning this communication or earlier communications from the examiner should be directed to VADIM SAVENKOV whose telephone number is (571)270-5751. The examiner can normally be reached 12PM-8PM.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Jeffrey L Nickerson can be reached at (469) 295-9235. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. Visit https://www.uspto.gov/patents/apply/patent-center for more information about Patent Center and https://www.uspto.gov/patents/docx for information about filing in DOCX format. For additional questions, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.
/Jeffrey Nickerson/Supervisory Patent Examiner, Art Unit 2432
/V.S/Examiner, Art Unit 2432