Notice of Pre-AIA or AIA Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .
Claim Rejections - 35 USC § 103
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.
Claim(s) 1, 7-8, 14, 20 is/are rejected under 35 U.S.C. 103 as being unpatentable over Law (US 20190286805) in view of Cox (US 20080126260) and Calhoon (US 20140132994 )
Law discloses
1. A method, comprising:
receiving determining an input by a fingerprint sensor of by a contactless card of a user;
comparing, by a processor of the contactless card, the input to a fingerprint template stored in a memory of the contactless card, wherein the fingerprint template is steganographically encoded on an image of an identification of the user to create a steganographic image stored in the memory of the contactless card (par. 170-174);
determining, by the processor, that the comparison results in a match;
generating, by the processor of the contactless card, a digital signature, the digital signature comprising cardholder identification information of the contactless card (par. 8, 48, 60, 181-183: upon multi-factor including biometric authentication, more signals including encryption parameters, one or more certificates, and/or digital signatures are exchanged with external devices); and
enabling, by the processor, a near-field communication (NFC) antenna of the contactless card based on the determination that the comparison results in the match and a verification of the digital signature verified by another device (par. 60, 67, 117, 245-246: component can be enabled based on biometric authentication; trust is established based on verification of digital signatures before or after biometric authentication; Law is silent to an enabled component being antenna; Cox discloses “ RF antenna in the device is disabled after a single use … When a subsequent transaction is desired, and the authentication process is completed, the antenna is re-enabled for a time sufficient to complete the transaction, then automatically disabled .. if the account information has been transmitted, either wirelessly … turned off prior to reaching the end of a time-out period”; par. 22, 92; it would have been obvious to one of ordinary skill in the art before the effective date the invention was made to incorporate the teachings of Cox by enabling the antenna when authentication and trust establishment are successful to complete a transaction and disable it after a timed period, so that the transaction is more secure and the power is conserved).
Law is silent to the image of the identification of the user is an image of a government- issued identification of the user, the image of the identification of the user is visible in the steganographic image, and the fingerprint template is not visible in the steganographic image.
Calhoon discloses [0157] B1. A security document comprising:
[0158] a photograph including a digital watermark hidden therein, said digital watermark comprising a template or hash corresponding to a fingerprint; and
[0159] a thermo-responsive area, wherein application of a finger to the thermo-responsive area produces a visually perceptible pattern reflecting a fingerprint of the finger.
See also par. 149-151.
Therefore, it would have been obvious to one of ordinary skill in the art before the effective date the invention was made to incorporate the teachings of Calhoon so that secret or personal data can be desirably hidden via barcodes in the user identification image.
7.1, further comprising, subsequent to enabling the NFC antenna: disabling, by the processor, the NFC antenna based on a threshold amount of time elapsing since the enabling of the NFC antenna; receiving another input by the fingerprint sensor; comparing, by the processor, the another input to the fingerprint template; determining, by the processor, that the comparison of the another input to the fingerprint template results in a match; and enabling, by the processor, the NFC antenna of the contactless card based on the determination that the comparison of the another input to the fingerprint template results in the match (see discussion regarding claims above.)
Re claims 8, 14, 20, see discussion regarding claims above.
Claim(s) 2-3, 9-10, 15-16 is/are rejected under 35 U.S.C. 103 as being unpatentable over Law (US 20190286805)/ Cox (US 20080126260) (US 20140132994 )in view of Smets (US 20140365776)
Re claim 2.1, Law/Cox is silent to further comprising, subsequent to enabling the NFC antenna: receiving, by the processor of the contactless card and via the NFC antenna, an authentication request from another device; generating, by the processor based on the determination that the comparison results in the match, a cryptogram based on a key of the contactless card; and storing the cryptogram in a near field data exchange (NDEF) tag to provide the cryptogram to the another device in response to the authentication request.
Smets discloses
[ 0201] Typically, during payment transactions, the POI 114 issues requests for data (i.e. commands) to the transaction device 160. These commands are received by the input/ output module 162 of the transaction device 160 and then communicated to the processor 164 for processing. The processor 164 obtains the data from the memory 166 to fulfil the command and responds to the POI 114 with the requested data. In this way, the POI 114 communicates with the transaction device 160 in a command driven approach.
[0157] The transaction device application may compute a cryptogram for each of the 3 outcomes ( decline, online, offline). This cryptogram may be verified by the issuer of the transaction device. Some transaction device applications may need first to decide on the authorization before delivering the cryptogram. Other transaction device applications may deliver the cryptogram very early in the transaction and would let the point of interaction use that cryptogram for different outcomes.
Smets further uses an NFC chip used for communication with a reader (par. 272).
Therefore, it would have been obvious to one of ordinary skill in the art before the effective date the invention was made to incorporate the teachings of Smets to provide a more secure transaction. it would have also been obvious that information is stored in the NFC chip prior to the communication.
3.2, wherein the another device comprises one or more of a mobile device or a point-of-sale (POS) device, wherein the authentication request is to authorize one or more of: (i) a transaction, (ii) a balance transfer to a recipient account, (iii) a payment, (iv) viewing one or more attributes of an account associated with the contactless card, or (v) performing an operation associated with the account (see Law, Fig. 1, par. 47, 117; Smets, Figs. 1-27)
Re claims 15-16, see discussion regarding claims above.
Claim(s) 4-6, 11-13, 17-19 is/are rejected under 35 U.S.C. 103 as being unpatentable over Law (US 20190286805)/ Cox (US 20080126260)/Calhoon (US 20140132994 ) in view of Bhatt (US 20180165676 )
Re claim 4.1, Law/Cox is silent to wherein the fingerprint template is stored in the memory of the contactless card during a manufacturing of the contactless card .
Bhatt discloses
[0027] Server 150 includes a template generator 170 that utilizes an image processing algorithm 171 and one or more biometric algorithms 172 to processes finger image 112 to generate fingerprint template 174. For example, template generator 170 may use image processing algorithm 171 to generate a fingerprint image 173 by isolating the fingerprint within finger image 112, and may then use one or more biometric algorithms 172 to generate fingerprint template 174 from fingerprint image 173. In one embodiment, server 150 includes a biometric database 175 for storing one or both of fingerprint image 173 and fingerprint template 174 in association with unique ID 134. Server 150 then sends fingerprint template 174 to a manufacturer 180 that produces smartcard 190. Smartcard 190 includes a processor 191 and a fingerprint sensor 192 that cooperate to authenticate user 120 based upon fingerprint template 174. In embodiments, template generator 170 and biometric algorithms 172 operate within user device 102 to generate and send fingerprint template 174 to server 150 and/or manufacturer 180.
[0028] Manufacturer 180 receives fingerprint template 174 from server 150 in message 177 and uses a smartcard generator 182 to include fingerprint template 174 on smartcard 190. For example, manufacturer 180 may configure a previously made smartcard with fingerprint template 174 and unique ID 134, or may manufacture a new smartcard (e.g., new biometric contactless payment card with integrated fingerprint sensor) to include unique ID 134 and fingerprint template 174
Therefore, it would have been obvious to one of ordinary skill in the art before the effective date the invention was made to incorporate the teachings of Bhatt so that the card is available for use after manufacturing and discourage card theft.
5.4, further comprising: receiving, by the processor from a mobile device, a request to replace the stored fingerprint template; receiving, by the processor, a fingerprint scan from the mobile device; determining, by the processor, that the fingerprint scan matches the stored fingerprint template; receiving, by the processor based on the determination that the fingerprint scan matches the stored fingerprint template, another fingerprint template; and storing, by the processor based on the determination that the fingerprint scan matches the stored fingerprint template, the another fingerprint template in the memory of the contactless card to replace the stored fingerprint template (Bhatt, Fig. 1-4, par. 39: fingerprint template can be configured; it would have also been obvious that the capture of fingerprints may be done using the card or the phone device)
6.5, further comprising prior to storing the another fingerprint template: generating, by the processor based on the determination that the fingerprint scan matches the stored fingerprint template, a cryptogram based on a key of the contactless card; storing, by the processor, the cryptogram in a near field data exchange (NDEF) tag to provide the cryptogram to the mobile device; and receiving, by the processor from the mobile device, an indication specifying that an authentication server decrypted the cryptogram, wherein the processor further stores the another fingerprint template based on the received indication that the authentication server decrypted the cryptogram (Law discloses that cryptogram, i.e. keys, digital signatures, certificates, are essential to establish trust with external devices and multiple templates can be stored on card; thus, although not expressly stated, these features are considered obvious extension of the prior art’s teachings).
Re claim 11-13, 17-19, see discussion regarding claims above.
Response to Arguments
Applicant’s arguments have been considered but are moot in view of new ground of rejection.
Conclusion
Applicant's amendment necessitated the new ground(s) of rejection presented in this Office action. Accordingly, THIS ACTION IS MADE FINAL. See MPEP § 706.07(a). Applicant is reminded of the extension of time policy as set forth in 37 CFR 1.136(a).
A shortened statutory period for reply to this final action is set to expire THREE MONTHS from the mailing date of this action. In the event a first reply is filed within TWO MONTHS of the mailing date of this final action and the advisory action is not mailed until after the end of the THREE-MONTH shortened statutory period, then the shortened statutory period will expire on the date the advisory action is mailed, and any nonprovisional extension fee (37 CFR 1.17(a)) pursuant to 37 CFR 1.136(a) will be calculated from the mailing date of the advisory action. In no event, however, will the statutory period for reply expire later than SIX MONTHS from the mailing date of this final action.
Any inquiry concerning this communication or earlier communications from the examiner should be directed to THIEN MAI whose telephone number is (571)272-8283. The examiner can normally be reached M-F 8-5pm.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Steven Paik can be reached at 571-272-2404. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. Visit https://www.uspto.gov/patents/apply/patent-center for more information about Patent Center and https://www.uspto.gov/patents/docx for information about filing in DOCX format. For additional questions, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.
/THIEN T MAI/ Primary Examiner, Art Unit 2876