DETAILED ACTION
Notice of Pre-AIA or AIA Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .
Claims 10-22 are canceled.
Claims 23-36 are newly added.
Claims 1-9 and 23-36 are presented for examination.
The claims and only the claims form the metes and bounds of the invention. “Office personnel are to give claims their broadest reasonable interpretation in light of the supporting disclosure. In re Morris, 127 F.3d 1048, 1054-55, 44 USPQ2d 1023, 1027-28 (Fed. Cir. 1997). Limitations appearing in the specification but not recited in the claim are not read into the claim. In re Prater, 415 F.2d 1393, 1404-05, 162 USPQ 541, 550-551 (CCPA 1969)” (MPEP p 2100-8, c 2, I 45-48; p 2100-9, c 1, l 1-4). The Examiner has full latitude to interpret each claim in the broadest reasonable sense. The Examiner will reference prior art using terminology familiar to one of ordinary skill in the art. Such an approach is broad in concept and can be either explicit or implicit in meaning.
Response to Arguments
US PGPUB 2013/0046697 by Schibuk is newly introduced for the rejection of the instant claims.
Applicant’s arguments have been considered but they are moot in view of new ground(s) of rejection. However, the Examiner welcomes any suggestion(s) Applicants may have on moving prosecution forward. The Examiner’s contact information is in the Conclusion of this office action.
Claim Rejections - 35 USC § 112
The following is a quotation of the first paragraph of 35 U.S.C. 112(a):
(a) IN GENERAL.—The specification shall contain a written description of the invention, and of the manner and process of making and using it, in such full, clear, concise, and exact terms as to enable any person skilled in the art to which it pertains, or with which it is most nearly connected, to make and use the same, and shall set forth the best mode contemplated by the inventor or joint inventor of carrying out the invention.
The following is a quotation of the first paragraph of pre-AIA 35 U.S.C. 112:
The specification shall contain a written description of the invention, and of the manner and process of making and using it, in such full, clear, concise, and exact terms as to enable any person skilled in the art to which it pertains, or with which it is most nearly connected, to make and use the same, and shall set forth the best mode contemplated by the inventor of carrying out his invention.
Claims 1-9 and 23-35 are rejected under 35 U.S.C. 112(a) or 35 U.S.C. 112 (pre-AIA ), first paragraph, as failing to comply with the written description requirement. The claim(s) contains subject matter which was not described in the specification in such a way as to reasonably convey to one skilled in the relevant art that the inventor or a joint inventor, or for applications subject to pre-AIA 35 U.S.C. 112, the inventor(s), at the time the application was filed, had possession of the claimed invention.
Claims 1 and 27 recite “wherein the user credentials are not accessible to the contextual service delivery device”.
Applicant’s original specification teaches “receive the user credential via the contextual service delivery device” (see Claim 19 of Applicant’s original disclosure).
Applicant’s original specification does not appear to teach “wherein the user credentials are not accessible to the contextual service delivery device” because receiving user credential(s) via the contextual service delivery device means that the user credential(s) are accessible to the contextual service delivery device.
Dependent Claims 2-9, 23-26 and 28-35 depend from independent claims 1 and 27, and are rejected under 35 U.S.C. 112(a) or 35 U.S.C. 112 (pre-AIA ), first paragraph for the same reason(s) as independent claim 1 and 27 above.
The following is a quotation of 35 U.S.C. 112(b):
(b) CONCLUSION.—The specification shall conclude with one or more claims particularly pointing out and distinctly claiming the subject matter which the inventor or a joint inventor regards as the invention.
The following is a quotation of 35 U.S.C. 112 (pre-AIA ), second paragraph:
The specification shall conclude with one or more claims particularly pointing out and distinctly claiming the subject matter which the applicant regards as his invention.
Claims 1-9 and 23-35 are rejected under 35 U.S.C. 112(b) or 35 U.S.C. 112 (pre-AIA ), second paragraph, as being indefinite for failing to particularly point out and distinctly claim the subject matter which the inventor or a joint inventor (or for applications subject to pre-AIA 35 U.S.C. 112, the applicant), regards as the invention.
Claims 1 and 27 recite the limitation "authenticate/authenticating a pre-configured mobile device, wherein the pre-configuration comprises invoking a contextual service application at a contextual service delivery device”. There is insufficient antecedent basis for “the pre-configuration” recited in the claims.
Dependent Claims 2-9 and 23-26 are rejected under 35 U.S.C. 112(b) or 35 U.S.C. 112 (pre-AIA ), second paragraph for the same reason as independent Claim 1 above.
Dependent Claims 28-35 are rejected under 35 U.S.C. 112(b) or 35 U.S.C. 112 (pre-AIA ), second paragraph for the same reason as independent Claim 27 above.
In the event the determination of the status of the application as subject to AIA 35 U.S.C. 102 and 103 (or as subject to pre-AIA 35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status.
Claim Rejections - 35 USC § 103
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.
This application currently names joint inventors. In considering patentability of the claims the examiner presumes that the subject matter of the various claims was commonly owned as of the effective filing date of the claimed invention(s) absent any evidence to the contrary. Applicant is advised of the obligation under 37 CFR 1.56 to point out the inventor and effective filing dates of each claim that was not commonly owned as of the effective filing date of the later invention in order for the examiner to consider the applicability of 35 U.S.C. 102(b)(2)(C) for any potential 35 U.S.C. 102(a)(2) prior art against the later invention.
Claims 1-9 and 23-36 are rejected under 35 U.S.C. 103 as being unpatentable over US PGPUB 2011/0238573 by Varadarajan in view of US PGPUB 2013/0046697 by Schibuk.
As to Claim 1, Varadarajan teaches a computer automated system comprising:
a processor; a memory (Varadarajan: at least ¶0016; “memory 27 and a central processing unit (CPU) 28”; ¶0020 also discloses “memory 37 and a central processing unit (CPU) 38” and ¶0024 discloses “memory 57 and a CPU 58”);
encoded instructions stored in the memory which when implemented by the processor cause the computer automated system (Varadarajan: at least ¶0013; “system 10 includes an ATM 30, and a plurality of provider systems 50, 60, 70, which are each configured to communicate with a network 40, which may be, for example, the internet”) to: authenticate a preconfigured mobile device (Varadarajan: at least ¶0005; “mobile user device is configured to communicate with one or more of the network, the ATM and the provider system”; ¶0015 further discloses “ATM application 22 on the mobile user device 20 may include one or more algorithms configured to conduct communications with an automated teller machine such as the ATM 30. The DVG 26 may include one or more algorithms configured to generate one or more types of dynamic values, such as one-time passcodes, transaction identifiers and authentication values”; ¶¶0024 & 0027 further disclose “an authentication system 56” and “system 50 may be configured by programming to conduct ATM related transactions, which may include conducting transaction authorization and authentication”; ¶¶0039-0040 further disclose “inputted to the ATM 30 from the mobile user device 20 may include all of the information required to complete the user's ATM transaction, including, for example, authentication information” and “authenticate the user or the mobile user device 20”; ¶0043 further discloses “provider B system 60 provides an affirmative transaction authorization result to the ATM 30, and at step 118 the ATM 30 completes the requested transaction”), wherein the pre-configuration comprises invoking a contextual service application at a contextual service delivery device (Varadarajan: at least ¶0018; “the ATM 30 may be configured to communicate with the mobile user device 20 through an interface 33. The device interface 23 and the ATM interface 33 may be configured by any means suitable for communication of transaction and authentication information between the mobile user device 20 and the ATM 30, e.g., the interface 23 and the interface 33 are each configured as an input interface and an output interface, with respect to the other”);
receive from the contextual service application via a network, user authentication information and contextual service data (Varadarajan: at least ¶0036; “transaction information may further include authentication information such as the user account holder's PIN, an OTP, a transaction identifier, challenge or challenge response, digital signature, key, secret, datum, device identifier, biometric value and/or other authentication information or value, or a combination of these”; ¶0039 further discloses “transaction information inputted to the ATM 30 from the mobile user device 20 may include all of the information required to complete the user's ATM transaction, including, for example, authentication information such as the user's account PIN or OTP”; ¶0042 further discloses “provider B system 60 receives the inputted transaction information, which may include the authentication information“ and “… communicate with an authentication system 66 to determine validation of the user's authentication information”), the contextual service data comprising a unique identifier (Varadarajan: at least ¶0044; “transaction record may include any element or combination of elements of information typically found on a transaction record, such as the transaction date, the transaction time, an account identifier, a transaction amount, an account balance, a transaction identifier, a confirmation number, an ATM identifier, an ATM location, etc”; ¶0064 further discloses “transaction record may be provided by the ATM 30 to the user”; claim 4 also discloses “transaction information includes at least one of a provider identifier, a user identifier, an account identifier, a transaction identifier”) and information obtained from the contextual service delivery device (Varadarajan: at least ¶0036; “transaction information may further include authentication information such as the user account holder's PIN, an OTP, a transaction identifier, challenge or challenge response, digital signature, key, secret, datum, device identifier, biometric value and/or other authentication information or value, or a combination of these”; ¶0042 further discloses “provider B system 60 receives the inputted transaction information, which may include the authentication information“ and “… communicate with an authentication system 66 to determine validation of the user's authentication information”) via a short-range communication means (Varadarajan at least ¶0007; “any suitable wireless connection such as RFID, Bluetooth.TM. or other near field communication means, or through a USB port or other suitable means of contact” and “mobile user device may provide transaction information or authentication information to an ATM or to an authentication system in communication with an ATM”);
based on the received user authentication information and contextual service data, authenticate the contextual service delivery device (Varadarajan: at least ¶¶0006, 0042-0043; “providing a transaction authorization result to the ATM using the provider system, and completing the authorized transaction using the ATM” and “transaction authorization system 62 may, for illustrative example, verify the user's provider B account information, confirm sufficient funds availability in the user's provider B account to complete the requested transaction, communicate with an authentication system 66 to determine validation of the user's authentication information, check for security alerts on the user's account which may require additional user input or validation to authorize the transaction, and generate a transaction authorization result” and “affirmative transaction authorization result to the ATM 30, and at step 118 the ATM 30 completes the requested transaction”; note: ATM authenticated to complete transaction); and
authorize release of a requested service at the contextual service delivery device (Varadarajan: at least ¶0043; “completing the requested transaction may include, for example, one or more of transferring funds from one account to another, completing a payment transaction, completing a funds withdrawal which may include dispensing funds from the funds dispenser 42 of the ATM 30 in a negotiable form, which may be, for example, money, cash, coin, currency or other medium such as a debit or gift card, a mobile wallet or another mobile payment mechanism, transferring funds to a third party, authorizing a beneficiary transaction, etc”; ¶0064 further discloses “transaction record may be provided by the ATM 30 to the user”; ¶0044 further discloses “the transaction record may be provided in paperless form directly to the mobile user device 20 through the connection interface between the ATM 30 and the mobile user device 20, or may be provided through another means, for example, from the provider system through the network 40 to the user or to the mobile user device 20”).
Varadarajan does not explicitly disclose, but Schibuk discloses authenticate a user credential at the mobile device (Schibuk: at least ¶0020; “techniques for unlocking mobile devices are known in the art, and generally require entry of a password, biometric data such as a fingerprint, or other information unique to the owner or user. Activating the application may include selecting an icon on a menu screen, for example, or entering a secondary password. The secondary password may be a fixed PIN assigned by the financial institution”); and wherein the user credentials are not accessible to the contextual service delivery device (Schibuk: at least ¶0020; “our user may wish to withdraw money from an ATM” and “techniques for unlocking mobile devices are known in the art, and generally require entry of a password, biometric data such as a fingerprint, or other information unique to the owner or user. Activating the application may include selecting an icon on a menu screen, for example, or entering a secondary password. The secondary password may be a fixed PIN assigned by the financial institution”; note: credential used to unlock mobile device not sent to ATM).
It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to incorporate Schibuk’s features of authenticate a user credential at the mobile device (Schibuk: at least ¶0020); and wherein the user credentials are not accessible to the contextual service delivery device (Schibuk: at least ¶0020) with Varadarajan’s system.
The suggestion/motivation for doing so would have been to securely “withdraw money from an ATM, or engage in a purchase at a retail establishment” (Schibuk: at least ¶0020).
Claim 27 (a method claim) corresponds in scope to Claim 1, and are similarly rejected.
Claim 36 (a device claim) corresponds in scope to Claim 1, and are similarly rejected.
As to Claim 2, Varadarajan and Schibuk teach the computer automated system of claim 1, wherein the user credential comprises a user-provided authentication input received through a user interface comprised in the mobile device (Schibuk: at least ¶0020; “techniques for unlocking mobile devices are known in the art, and generally require entry of a password, biometric data such as a fingerprint, or other information unique to the owner or user. Activating the application may include selecting an icon on a menu screen, for example, or entering a secondary password. The secondary password may be a fixed PIN assigned by the financial institution”).
Claim 28 (a method claim) corresponds in scope to Claim 2, and are similarly rejected.
As to Claim 3, Varadarajan and Schibuk teach the computer automated system of claim 1, wherein the contextual service delivery device comprises identification information readable by the mobile device via a short-range communication interface comprised in the short-range communication means (Varadarajan at least ¶0007; “ATM may be configured for communication with the mobile user device through a contact or contactless means” and “any suitable wireless connection such as RFID, Bluetooth.TM. or other near field communication means, or through a USB port or other suitable means of contact” and “mobile user device may provide transaction information or authentication information to an ATM or to an authentication system in communication with an ATM”).
Claim 29 (a method claim) corresponds in scope to Claim 3, and are similarly rejected.
As to Claim 4, Varadarajan and Schibuk teach the computer automated system of claim 1, wherein the contextual service data comprises a contextual service point code associated with the contextual service delivery device (Varadarajan at least ¶¶0034-0036; “one-time passcode, authenticating value, transaction identifier or other dynamic value may be generated using one or more of a key, secret and/or other datum which is shared by the provider's authenticating system and the mobile user device 20” and “camouflaging or obfuscation of information provided by the mobile user device 20 to the provider system through the ATM 30 or through the network 40. The user may be required to provide other information which may be used to authorize or authenticate an ATM transaction, including, for example, mobile device identification information, and/or personal identification information which may include biometric information and/or challenge responses” and “transaction information may further include authentication information such as the user account holder's PIN, an OTP, … and/or other authentication information or value, or a combination of these”).
Claim 30 (a method claim) corresponds in scope to Claim 4, and are similarly rejected.
As to Claim 5, Varadarajan and Schibuk teach the computer automated system of claim 4, wherein the contextual service delivery device is authenticated based on the contextual service point code and the user authentication information (Varadarajan: at least ¶¶0006, 0042-0043; “providing a transaction authorization result to the ATM using the provider system, and completing the authorized transaction using the ATM” and “transaction authorization system 62 may, for illustrative example, verify the user's provider B account information, confirm sufficient funds availability in the user's provider B account to complete the requested transaction, communicate with an authentication system 66 to determine validation of the user's authentication information, check for security alerts on the user's account which may require additional user input or validation to authorize the transaction, and generate a transaction authorization result” and “affirmative transaction authorization result to the ATM 30, and at step 118 the ATM 30 completes the requested transaction”; ¶0036 further discloses “transaction information may further include authentication information such as the user account holder's PIN, an OTP, … and/or other authentication information or value, or a combination of these”; note: ATM authenticated to complete transaction).
Claim 31 (a method claim) corresponds in scope to Claim 5, and are similarly rejected.
As to Claim 6, Varadarajan and Schibuk teach the computer-automated system of claim 1 the requested service comprises executing a function at the contextual service delivery device (Varadarajan: at least ¶0043; “completing the requested transaction may include, for example, one or more of transferring funds from one account to another, completing a payment transaction, completing a funds withdrawal which may include dispensing funds from the funds dispenser 42 of the ATM 30 in a negotiable form, which may be, for example, money, cash, coin, currency or other medium such as a debit or gift card, a mobile wallet or another mobile payment mechanism, transferring funds to a third party, authorizing a beneficiary transaction, etc”; ¶0064 further discloses “transaction record may be provided by the ATM 30 to the user”; ¶0044 further discloses “the transaction record may be provided in paperless form directly to the mobile user device 20 through the connection interface between the ATM 30 and the mobile user device 20, or may be provided through another means, for example, from the provider system through the network 40 to the user or to the mobile user device 20”) in response to an authorization response from the computer-automated system (Varadarajan: at least ¶0043; “transaction authorization result is based upon the authorization and authentication criteria of the provider”).
Claim 32 (a method claim) corresponds in scope to Claim 6, and are similarly rejected.
As to Claim 7, Varadarajan and Schibuk teach the computer automated system of claim 1 wherein the mobile device establishes communication with the contextual service delivery device via the short-range communication means (Varadarajan at least ¶0007; “ATM may be configured for communication with the mobile user device through a contact or contactless means” and “any suitable wireless connection such as RFID, Bluetooth.TM. or other near field communication means, or through a USB port or other suitable means of contact” and “mobile user device may provide transaction information or authentication information to an ATM or to an authentication system in communication with an ATM”).
Claim 33 (a method claim) corresponds in scope to Claim 7, and are similarly rejected.
As to Claim 8, Varadarajan and Schibuk teach the computer automated system of claim 1 wherein the contextual service application is invoked by the mobile device based on metadata received (Varadarajan: at least ¶0018; “the ATM 30 may be configured to communicate with the mobile user device 20 through an interface 33. The device interface 23 and the ATM interface 33 may be configured by any means suitable for communication of transaction and authentication information between the mobile user device 20 and the ATM 30, e.g., the interface 23 and the interface 33 are each configured as an input interface and an output interface, with respect to the other”) via the short-range communication with the contextual service delivery device (Varadarajan at least ¶0007; “any suitable wireless connection such as RFID, Bluetooth.TM. or other near field communication means, or through a USB port or other suitable means of contact” and “mobile user device may provide transaction information or authentication information to an ATM or to an authentication system in communication with an ATM”).
Claim 34 (a method claim) corresponds in scope to Claim 8, and are similarly rejected.
As to Claim 9, Varadarajan and Schibuk teach the computer automated system of claim 1 wherein the computer-automated system transmits an authorization response to the contextual service delivery device without disclosing the user credential (Varadarajan: at least ¶¶0006, 0042-0043; “providing a transaction authorization result to the ATM using the provider system, and completing the authorized transaction using the ATM” and “transaction authorization system 62 may, for illustrative example, verify the user's provider B account information, confirm sufficient funds availability in the user's provider B account to complete the requested transaction, communicate with an authentication system 66 to determine validation of the user's authentication information, check for security alerts on the user's account which may require additional user input or validation to authorize the transaction, and generate a transaction authorization result” and “affirmative transaction authorization result to the ATM 30, and at step 118 the ATM 30 completes the requested transaction”; note: no credential was disclosed in transaction result).
Claim 35 (a method claim) corresponds in scope to Claim 9, and are similarly rejected.
As to Claim 23, Varadarajan and Schibuk teach the computer-automated system of claim 1, wherein the user authentication information includes metadata indicating a method of local user authentication performed by the mobile device (Varadarajan: at least ¶0036; “transaction information may further include authentication information such as the user account holder's PIN, an OTP, a transaction identifier, challenge or challenge response, digital signature, key, secret, datum, device identifier, biometric value and/or other authentication information or value, or a combination of these”; ¶0039 further discloses “transaction information inputted to the ATM 30 from the mobile user device 20 may include all of the information required to complete the user's ATM transaction, including, for example, authentication information such as the user's account PIN or OTP”; ¶0042 further discloses “provider B system 60 receives the inputted transaction information, which may include the authentication information“ and “… communicate with an authentication system 66 to determine validation of the user's authentication information”).
As to Claim 24, Varadarajan and Schibuk teach the computer-automated system of claim 23, wherein the metadata indicating the method of local user authentication, indicates at least one of a biometric verification, a facial recognition verification, and a pin code verification on the mobile device (Varadarajan: at least ¶0036; “transaction information may further include authentication information such as the user account holder's PIN, an OTP, a transaction identifier, challenge or challenge response, digital signature, key, secret, datum, device identifier, biometric value and/or other authentication information or value, or a combination of these”; ¶0039 further discloses “transaction information inputted to the ATM 30 from the mobile user device 20 may include all of the information required to complete the user's ATM transaction, including, for example, authentication information such as the user's account PIN or OTP”; ¶0042 further discloses “provider B system 60 receives the inputted transaction information, which may include the authentication information“ and “… communicate with an authentication system 66 to determine validation of the user's authentication information”).
As to Claim 25, Varadarajan and Schibuk teach the computer-automated system of claim 1, wherein the computer-automated system authorizes the requested service based on a verification result received from the mobile device (Schibuk: at least ¶0020; “our user may wish to withdraw money from an ATM” and “techniques for unlocking mobile devices are known in the art, and generally require entry of a password, biometric data such as a fingerprint, or other information unique to the owner or user. Activating the application may include selecting an icon on a menu screen, for example, or entering a secondary password. The secondary password may be a fixed PIN assigned by the financial institution”; note: authorization based on result of unlock of mobile device).
As to Claim 26, Varadarajan and Schibuk teach the computer-automated system of claim 1, wherein the computer-automated system maps the user authentication information to prior stored user information (Varadarajan: at least ¶¶0006, 0042-0043; “providing a transaction authorization result to the ATM using the provider system, and completing the authorized transaction using the ATM” and “transaction authorization system 62 may, for illustrative example, verify the user's provider B account information, confirm sufficient funds availability in the user's provider B account to complete the requested transaction, communicate with an authentication system 66 to determine validation of the user's authentication information, check for security alerts on the user's account which may require additional user input or validation to authorize the transaction, and generate a transaction authorization result”; ¶0042 further discloses “using a key or secret and algorithm shared with a DVG 26 on the mobile user device 20, and matching the value generated by the authentication server 66 to the value inputted with the transaction information as a requirement to authorize the transaction”) and transmits processed user information to the contextual service delivery device for service execution (Varadarajan: at least ¶0043; “affirmative transaction authorization result to the ATM 30, and at step 118 the ATM 30 completes the requested transaction).
Conclusion
Applicant's amendment necessitated the new ground(s) of rejection presented in this Office action. Accordingly, THIS ACTION IS MADE FINAL. See MPEP § 706.07(a). Applicant is reminded of the extension of time policy as set forth in 37 CFR 1.136(a).
A shortened statutory period for reply to this final action is set to expire THREE MONTHS from the mailing date of this action. In the event a first reply is filed within TWO MONTHS of the mailing date of this final action and the advisory action is not mailed until after the end of the THREE-MONTH shortened statutory period, then the shortened statutory period will expire on the date the advisory action is mailed, and any nonprovisional extension fee (37 CFR 1.17(a)) pursuant to 37 CFR 1.136(a) will be calculated from the mailing date of the advisory action. In no event, however, will the statutory period for reply expire later than SIX MONTHS from the mailing date of this final action.
Any inquiry concerning this communication or earlier communications from the Examiner should be directed to Huen Wong whose telephone number is (571) 270-3426. The examiner can normally be reached on Monday - Friday (10:30AM EST - 6:30PM EST). If attempts to reach the examiner by telephone are unsuccessful, the Examiner's supervisor, Charles Rones can be reached on (571) 272-4085. The fax phone number for the organization where this application or proceeding is assigned is (571) 273-8300 for regular communications and after final communications.
Information regarding the status of an application may be obtained from thePatent Application Information Retrieval (PAIR) system. Status information forpublished applications may be obtained from either Private PAIR or Public PAIR.Status information for unpublished applications is available through Private PAIR only.For more information about the PAIR system, see http://pair-direct.uspto.gov. Shouldyou have questions on access to the Private PAIR system, contact the ElectronicBusiness Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from aUSPTO Customer Service Representative or access to the automated informationsystem, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.
/H .W./
Examiner, AU 2168
22 January 2026
/CHARLES RONES/Supervisory Patent Examiner, Art Unit 2168