DETAILED ACTION
A response was received on 21 March 2026. By this response, Claims 1, 5, 10, and 12 have been amended. Claims 3, 6, and 13 have been canceled. No new claims have been added. Claims 1, 2, 5, and 7-12 are currently pending in the present application.
Response to Arguments
Applicant’s arguments with respect to the rejection of Claims 1-3 and 5-13 under 35 U.S.C. 103 (pages 10-11 of the present response) have been considered but are moot in view of the new grounds of rejection set forth below.
Specification
The objection to the disclosure for informalities is withdrawn in light of the amendments to the specification. Applicant’s cooperation is again requested in correcting any other errors of which applicant may become aware in the specification.
Claim Objections
The objection to Claim 12 for informalities is withdrawn in light of the amendments to the claims.
Claim Rejections - 35 USC § 112
The rejection of Claims 3 and 13 under 35 U.S.C. 112(a) for failure to comply with the written description requirement and the rejection of Claims 3, 6, and 13 under 35 U.S.C. 112(b) as indefinite are moot in light of the cancellation of the claims. The rejection of Claims 1, 2, 5, and 7-12 under 35 U.S.C. 112(b) is NOT withdrawn because not all issues have been addressed and/or because the amendments have raised new issues, as detailed below.
The following is a quotation of 35 U.S.C. 112(b):
(b) CONCLUSION.—The specification shall conclude with one or more claims particularly pointing out and distinctly claiming the subject matter which the inventor or a joint inventor regards as the invention.
The following is a quotation of 35 U.S.C. 112 (pre-AIA ), second paragraph:
The specification shall conclude with one or more claims particularly pointing out and distinctly claiming the subject matter which the applicant regards as his invention.
Claims 1, 2, 5, and 7-12 are rejected under 35 U.S.C. 112(b) or 35 U.S.C. 112 (pre-AIA ), second paragraph, as being indefinite for failing to particularly point out and distinctly claim the subject matter which the inventor or a joint inventor (or for applications subject to pre-AIA 35 U.S.C. 112, the applicant), regards as the invention.
Claim 1 recites “the time stamp data included in the third code” and “the second code included in the third code” in lines 20-21. However, although the claim previously recited time stamp data and a second code, and that the third code is generated based on the first and second codes and the time stamp data, there was not previous description of the second code or time stamp data being actually included in the third code. The above ambiguities render the claim indefinite.
Claim 5 recites “the approving the authority” in line 24. There is not clear antecedent basis for this limitation in the claim, although the claim now recites approving authorization of the client device. The claim further recites “the time stamp data included in the third code” and “the second code included in the third code” in lines 30-31. However, although the claim previously recited time stamp data and a second code, and that the third code is generated based on the first and second codes and the time stamp data, there was not previous description of the second code or time stamp data being actually included in the third code. The above ambiguities render the claim indefinite.
Claim 8 recites “the approving the authority” in line 3 and “the authority” in line 4. There is not clear antecedent basis for these limitations in the claims as amended.
Claim 9 recites “the approved authority” in line 2. There is insufficient antecedent basis for this limitation in the claims as amended.
Claim 10 recites “rolling a k-gon algorithm along a track” in lines 11-12. It is not clear how an abstract concept such as an algorithm (which is a series of steps to be performed) would be rolled along a track. The claim further recites “the time stamp data included in the third code” and “the second code included in the third code” in lines 35-36. However, although the claim previously recited time stamp data and a second code, and that the third code is generated based on the first and second codes and the time stamp data, there was not previous description of the second code or time stamp data being actually included in the third code. The above ambiguities render the claim indefinite.
Claim 12 recites “the time stamp data included in the third code” and “the second code included in the third code” in lines 22-23. However, although the claim previously recited time stamp data and a second code, and that the third code is generated based on the first and second codes and the time stamp data, there was not previous description of the second code or time stamp data being actually included in the third code. The above ambiguities render the claim indefinite.
Claims not specifically referred to above are rejected due to their dependence on a rejected base claim.
Claim Rejections - 35 USC § 103
In the event the determination of the status of the application as subject to AIA 35 U.S.C. 102 and 103 (or as subject to pre-AIA 35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis (i.e., changing from AIA to pre-AIA ) for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status.
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.
Claims 1, 2, 5, and 7-12 are rejected under 35 U.S.C. 103 as being unpatentable over Yoo, US Patent Application Publication 2019/0050849, in view of Juitt et al, US Patent 7042988, and Healy et al, US Patent 7228182.
In reference to Claim 1, Yoo discloses a method that includes receiving a first code from a client device for generating a virtual authentication code (paragraph 0064), transmitting the first code to a verification device and receiving a second code (paragraph 0063), generating and transmitting a third code that is the virtual authentication code based on first and second codes (see paragraph 0071, for example), and determining whether the second code is valid (paragraph 0063, verifying the virtual code). However, Yoo does not explicitly disclose that the first code grants access to service devices or that the second code includes a hash and role information.
Juitt discloses a method that includes transmitting a code that grants access to service devices (see column 10, line 53-column 12, line 7); receiving a code that includes a hash and role information (column 11, lines 19-44); and determining whether the code is valid, granting authorization based when the code is determined to be valid, and accessing service devices based on the authorization (column 10, line 53-column 12, line 7, authentication and access to service devices). Therefore, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to modify the method of Yoo to include the grant of access, hash, and role information of Juitt, in order to improve management of networks (see Juitt, column 11, lines 14-18).
However, although Yoo generally discloses using time data in generating a virtual code (paragraphs 0082-0083), neither Yoo nor Juitt explicitly discloses using time stamp data to generate the third code or that the determination that the second code is valid is based on the time stamp data. Healy discloses a method that includes generating a code based on, inter alia, other code and time stamp data and determining, based on the time stamp data whether the code is valid (column 13, lines 10-46, time stamps used in code generation and validation). Therefore, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to further modify the method of Yoo and Juitt to include the use of the time stamp in the code as taught by Healy, in order to provide freshness and prevent replay (see Healy, column 13, lines 21-29; see also column 5, lines 5-18).
In reference to Claim 2, Yoo, Juitt, and Healy further disclose requesting update of the second code after it has expired and generating a new third code based on the updating second code and time (see Yoo, paragraphs 0078-0081).
In reference to Claim 5, Yoo discloses a method that includes receiving a first code from a client device for generating a virtual authentication code (paragraph 0064), transmitting the first code to a verification device and receiving a second code (paragraph 0063), generating and transmitting and receiving a third code that is the virtual authentication code based on first and second codes (see paragraph 0071, for example), and determining whether the second code is valid (see paragraph 0063, verification of virtual code). However, Yoo does not explicitly disclose that the first code grants access to service devices or that the second code includes a hash and role information.
Juitt discloses a method that includes transmitting a code that grants access to service devices (see column 10, line 53-column 12, line 7), receiving a code that includes a hash and role information (column 11, lines 19-44), and approving the access based on a code that includes generating a hash value and verifying the generated hash value by comparing it to the included hash value (column 11, lines 19-44) and determining whether the code is valid, granting authorization based when the code is determined to be valid, and accessing service devices based on the authorization (column 10, line 53-column 12, line 7, authentication and access to service devices). Therefore, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to modify the method of Yoo to include the grant of access, hash, and role information of Juitt, in order to improve management of networks (see Juitt, column 11, lines 14-18).
However, although Yoo generally discloses using time data in generating a virtual code (paragraphs 0082-0083), neither Yoo nor Juitt explicitly discloses using time stamp data to generate the third code or that the determination that the second code is valid is based on the time stamp data. Healy discloses a method that includes generating a code based on, inter alia, other code and time stamp data and determining, based on the time stamp data whether the code is valid (column 13, lines 10-46, time stamps used in code generation and validation). Therefore, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to further modify the method of Yoo and Juitt to include the use of the time stamp in the code as taught by Healy, in order to provide freshness and prevent replay (see Healy, column 13, lines 21-29; see also column 5, lines 5-18).
In reference to Claims 7-9, Yoo, Juitt, and Healy further disclose requesting update of the second code after it has expired and generating a new third code based on the updating second code and time (see Yoo, paragraphs 0078-0081).
In reference to Claim 10, Yoo discloses a method that includes receiving a first code from a client device for generating a virtual authentication code (paragraph 0064), transmitting the first code to a verification device and using the first code to search for a storage location based on a rolling k-gon and generating a second code based on information in the storage location (see paragraphs 0116-0119), and generating and transmitting a third code that is the virtual authentication code based on first and second codes (see paragraph 0071, for example), and determining whether the second code is valid (paragraph 0063, verifying the virtual code). However, Yoo does not explicitly disclose that the first code grants access to service devices or that the second code includes a hash and role information.
Juitt discloses a method that includes transmitting a code that grants access to service devices (see column 10, line 53-column 12, line 7); authenticating a client device based on identification information (column 11, lines 19-44); generating a code that includes a hash and role information (column 11, lines 19-44); and determining whether the code is valid, granting authorization based when the code is determined to be valid, and accessing service devices based on the authorization (column 10, line 53-column 12, line 7, authentication and access to service devices). Therefore, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to modify the method of Yoo to include the grant of access, hash, and role information of Juitt, in order to improve management of networks (see Juitt, column 11, lines 14-18).
However, although Yoo generally discloses using time data in generating a virtual code (paragraphs 0082-0083), neither Yoo nor Juitt explicitly discloses using time stamp data to generate the third code or that the determination that the second code is valid is based on the time stamp data. Healy discloses a method that includes generating a code based on, inter alia, other code and time stamp data and determining, based on the time stamp data whether the code is valid (column 13, lines 10-46, time stamps used in code generation and validation). Therefore, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to further modify the method of Yoo and Juitt to include the use of the time stamp in the code as taught by Healy, in order to provide freshness and prevent replay (see Healy, column 13, lines 21-29; see also column 5, lines 5-18).
In reference to Claim 11, Yoo, Juitt, and Healy further disclose requesting update of the second code after it has expired and generating a new third code based on the updating second code and time (see Yoo, paragraphs 0078-0081).
In reference to Claim 12, Yoo discloses a method that includes generating a first code for generating a virtual authentication code (paragraph 0064), transmitting the first code to first device and a verification device and receiving a second code (paragraph 0063), generating and transmitting a third code that is the virtual authentication code based on first and second codes (see paragraph 0071, for example), and determining whether the second code is valid (paragraph 0063, verifying the virtual code). However, Yoo does not explicitly disclose that the first code grants access to service devices or that the second code includes a hash and role information.
Juitt discloses a method that includes transmitting a code that grants access to service devices (see column 10, line 53-column 12, line 7); receiving a code that includes a hash and role information (column 11, lines 19-44); and determining whether the code is valid, granting authorization based when the code is determined to be valid, and accessing service devices based on the authorization (column 10, line 53-column 12, line 7, authentication and access to service devices). Therefore, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to modify the method of Yoo to include the grant of access, hash, and role information of Juitt, in order to improve management of networks (see Juitt, column 11, lines 14-18).
However, although Yoo generally discloses using time data in generating a virtual code (paragraphs 0082-0083), neither Yoo nor Juitt explicitly discloses using time stamp data to generate the third code or that the determination that the second code is valid is based on the time stamp data. Healy discloses a method that includes generating a code based on, inter alia, other code and time stamp data and determining, based on the time stamp data whether the code is valid (column 13, lines 10-46, time stamps used in code generation and validation). Therefore, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to further modify the method of Yoo and Juitt to include the use of the time stamp in the code as taught by Healy, in order to provide freshness and prevent replay (see Healy, column 13, lines 21-29; see also column 5, lines 5-18).
Conclusion
The prior art made of record and not relied upon is considered pertinent to applicant's disclosure.
Benson, US Patent 5935246, discloses a mechanism that uses timestamps to ensure freshness and prevent replay attacks.
Haverty, US Patent 6189096, discloses a method in which a server uses a time stamp to avoid replay attacks.
Sivalingham, US Patent 7116668, discloses a method for time stamp based replay protection.
Ilac et al, US Patent 7571311, discloses a scheme in which a timestamp is used to prove that a message is not a replay.
Dickinson et al, US Patent 8332922, disclose a system in which time stamps are used to verify security tickets.
Applicant's amendment necessitated the new ground(s) of rejection presented in this Office action. Accordingly, THIS ACTION IS MADE FINAL. See MPEP § 706.07(a). Applicant is reminded of the extension of time policy as set forth in 37 CFR 1.136(a).
A shortened statutory period for reply to this final action is set to expire THREE MONTHS from the mailing date of this action. In the event a first reply is filed within TWO MONTHS of the mailing date of this final action and the advisory action is not mailed until after the end of the THREE-MONTH shortened statutory period, then the shortened statutory period will expire on the date the advisory action is mailed, and any nonprovisional extension fee (37 CFR 1.17(a)) pursuant to 37 CFR 1.136(a) will be calculated from the mailing date of the advisory action. In no event, however, will the statutory period for reply expire later than SIX MONTHS from the mailing date of this final action.
Any inquiry concerning this communication or earlier communications from the examiner should be directed to Zachary A Davis whose telephone number is (571)272-3870. The examiner can normally be reached Monday-Friday, 9:00am-5:30pm, Eastern Time.
Examiner interviews are available via telephone and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Rupal D Dharia can be reached at (571) 272-3880. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. Visit https://www.uspto.gov/patents/apply/patent-center for more information about Patent Center and https://www.uspto.gov/patents/docx for information about filing in DOCX format. For additional questions, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.
/Zachary A. Davis/Primary Examiner, Art Unit 2492