DETAILED ACTION
The following is a Final Office action in response to applicants’ amendment and remarks filed on 05/04/2026. Claims 1, 2, 5, 6, 8-10, 14-17, 19, and 20 have been amended. Claims 1-20 are currently pending and have been considered as follows.
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .
Information Disclosure Statement
The information disclosure statement (IDS) submitted on 05/28/2026 has been placed in the application file, and the information referred therein has been considered as to the merits.
Response to Arguments
In view of the amendment to Claim 20, the objection to Claim 20 is withdrawn.
In view of the amendment to Claims 1, 8, 16, and 17, the prior 35 U.S.C. 112(b) rejection of Claims 1, 8, 16, and 17 is withdrawn.
Applicants’ amendment of independent Claims 1, 10, and 20 with newly presented features “an application comprising instructions for execution”, “receive, from a client device associated with a merchant, a first timestamp corresponding to a first time interval” [Claim 1], “receiving, by a contactless a first timestamp from a client device associated with a merchant” [Claim 10], and “receiving, from a contactless card via a second device, an authentication request comprising a first time-based cryptogram generated using a shared secret key and a first timestamp received from a client device associated with a merchant” [Claim 20] has newly changed the scope of the claimed invention. Therefore, applicants’ arguments on pages 14-20 of the remarks filed 05/04/2026 have been fully considered but are moot because the amendment necessitates new ground(s) of rejection where applicants’ arguments do not apply to the updated reference(s) for any teaching or matter specifically challenged in the argument.
Claim Rejections - 35 USC § 112
The following is a quotation of 35 U.S.C. 112(b):
(b) CONCLUSION.—The specification shall conclude with one or more claims particularly pointing out and distinctly claiming the subject matter which the inventor or a joint inventor regards as the invention.
The following is a quotation of 35 U.S.C. 112 (pre-AIA ), second paragraph:
The specification shall conclude with one or more claims particularly pointing out and distinctly claiming the subject matter which the applicant regards as his invention.
Claims 1-20 are rejected under 35 U.S.C. 112(b) or 35 U.S.C. 112 (pre-AIA ), second paragraph, as being indefinite for failing to particularly point out and distinctly claim the subject matter which the inventor or a joint inventor (or for applications subject to pre-AIA 35 U.S.C. 112, the applicant), regards as the invention.
Claim 1 recites a “system for user authentication, comprising: an application comprising instructions for execution by an authentication processor;”, but it is unclear and indefinite as to whether “an authentication processor” in line 3 is intended to be a part of Claim 1’s system. Given the broadest reasonable interpretation (BRI), Claim 1’s system comprises “an application” and “a contactless card”, but “an authentication processor” in line 3 is not positively recited as part of the system. As defined by applicants’ Specification at paragraph [0031], the “authentication processor 130 may be a network-enabled computer device. Exemplary network-enabled computer devices include, without limitation, a server, a network appliance, a personal computer, a workstation, a phone, a handheld personal computer, a personal digital assistant, a thin client, a fat client, an Internet browser, a mobile device, a kiosk, a contactless card, an automatic teller machine (ATM), or other a computer device or communications device”. Since the “authentication processor” is a specialized (separate) computing device, it is extrinsic to the claimed invention. For purposes of examination, the subsequent clause “wherein, upon execution by the authentication processor, the application is configured to validate the first time-based cryptogram using the secret key and a second timestamp corresponding to a reception of the time-based cryptogram by the application, wherein the second timestamp falls within the first time interval” are considered outside the scope of the claimed invention because the application is not executed by Claim 1’s system which only stores the application instructions. The application is executed by the authentication processor which is a network-enabled computer device separate of Claim 1’s system.
Claim 1 lines 9-10 further recite “the first timestamp received from the authentication processor” which is unclear since this contradicts lines 7-9 which recite “receive, from a client device associated with a merchant, a first timestamp”. Claim 5 recites “a second application comprising instructions for execution by a processor of the second device” in lines 2-3 which is unclear as to whether “the second device” is intended to be a part of Claim 1’s system. Given the BRI, “the second device” is not positively recited as part of the claimed system and is extrinsic to the claimed invention. For purposes of examination, the second application and its configured functions are never executed by the claimed system and whether they are actually executed by the separate “second device” is beyond the scope of the claimed invention.
Claim 6 likewise recites functions of the second application that can only be executed by a second device outside of the claimed system and is also indefinite.
Claims 2-9 which depend upon the system of Claim 1, inherit the same indefiniteness and also rejected under 35 U.S.C. 112(b).
Claim 10 recites “receiving, by a contactless a first timestamp” which is unclear in meaning as to whether this is intended to mean “a contactless card”.
Claim 14 recites the limitation "the second application" in lines 1-2. There is insufficient antecedent basis for this limitation in the claim.
Claim 15 recites the limitation "the second application" in line 1. There is insufficient antecedent basis for this limitation in the claim.
Claims 11-19 which depend upon the method of Claim 10, inherit the same indefiniteness and also rejected under 35 U.S.C. 112(b).
Claim 20 recites the limitation "the application" in lines 9-10. There is insufficient antecedent basis for this limitation in the claim.
Claim 20 recites the limitation "the first time interval" in line 11. There is insufficient antecedent basis for this limitation in the claim.
Claim Rejections - 35 USC § 103
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.
This application currently names joint inventors. In considering patentability of the claims the examiner presumes that the subject matter of the various claims was commonly owned as of the effective filing date of the claimed invention(s) absent any evidence to the contrary. Applicant is advised of the obligation under 37 CFR 1.56 to point out the inventor and effective filing dates of each claim that was not commonly owned as of the effective filing date of the later invention in order for the examiner to consider the applicability of 35 U.S.C. 102(b)(2)(C) for any potential 35 U.S.C. 102(a)(2) prior art against the later invention.
Claims 1, 3, 4, 9, 10, 11, 13, 19, and 20 are rejected under 35 U.S.C. 103 as being unpatentable over Jin et al. (US 20180198820 A1, hereinafter Jin) in view of Kinagi et al. (US 20210312448 A1, hereinafter Kinagi).
As to Amended Claim 1:
Jin discloses a system for user authentication (e.g. Jin FIG. 1; server computer [0023] and “A “communication device” may be a device that includes one or more electronic components (e.g., an integrated chip) that can communicate with another device. For example, a communication device can be a computing device having at least one processor coupled to a memory... portable communication device may be... in the form of a card (e.g., smart card)” [0022]) comprising:
an application comprising instructions for execution by an authentication processor (e.g. Jin “servers, and the like described herein can be implemented using one or more processors coupled to a memory that store code or instructions, which when executed by the one or more processors, cause the device to perform one or more of the methods and processes described herein” [0112]; server computer’s processor [0023]; authorization server [0039]); and
a contactless card (e.g. Jin FIG. 10 Communication Device may be in the form of a smart card [0022] with contactless interface [0085]), wherein the contactless card is configured to:
receive(e.g. Jin “have the access application obtain an authorization network time from the authorization server 180 each time the access credential is generated. Because the authorization network time is provided by authorization server 180, a user would not be able to manipulate this time information received from authorization server 180” [0043]; [0042]; “Communication device 110 may communicate with authorization server 180 via a communications network 182 (e.g., internet, mobile or cellular network, etc.). For example, communication device 110 may communicate with authorization server 180 to download an access application. The access application may allow communication device 110 to interact with an access device to obtain a service associated with the service provider” [0039]; “the access application may communicate with the authorization network (e.g., authorization server) to synchronize the access application and the communication device with the authorization network. For example, the access application may receive an authorization network time from the authorization network when the communication device synchronizes with the authorization network. The authorization network time can be, for example, the current Universal Coordinated Time (UTC), the current local time at the authorization server, or the current time of an arbitrary clock maintained by the authorization server” [0046]; “the access credential may have a limited lifespan and may expire after a time-to-live amount of time. For example, the access credential may have a time-to-live of up to 5 minutes, 10 minutes, 15 minutes, or 30 minutes, etc. from when the access credential is generated, and after which the access credential will no longer be valid. To allow authorization server 180 to verify whether the access credential has expired, the access credential may include timestamp information indicating when the access credential was generated by the access application” [0042]),
generate a first time-based cryptogram with a shared secret key and the first timestamp received from the authentication processor (e.g. Jin “In addition to the timestamp, the access credential generated by the access application may also include account information associated with an account of the user. For example, the account information may include an account identifier or a token that is used as a substitute for a real account identifier. The account credential may also include a cryptogram that is generated by encrypting the account information and/or the timestamp using an encryption key” [0050]),
transmit an authentication request comprising the first time-based cryptogram to a second device for transmission to the application for validation (e.g. Jin “An “access device” may be any suitable device for interacting with a communication device and for communicating with an authorization server. In some embodiments, an access device may communicate with an authorization server via a merchant computer or transaction processing network. An access device may generally be located in any suitable location, such as at the location of a merchant. An access device may be in any suitable form. Some examples of access devices include POS devices” [0027]; “When the user attempts to access a service using communication device 110, the user may launch the access application on communication device 110, and instruct the access application to generate an access credential that is used for authenticating the user and/or communication device 110 to the service provider. Communication device 110 may interact with access device 160, and provide the access credential to access device 160” [0040]; “The account credential may also include a cryptogram that is generated by encrypting the account information and/or the timestamp using an encryption key. In some embodiments, the encryption key can be a limited-use key that has its own set of usage restrictions. The access credential can then be provided to the access device to request authorization to access the requested service. In some embodiments, the access credential can be transmitted to the access device using a wired or wireless (e.g., NFC, WiFi, Bluetooth, etc.) connection” [0050]; “Access device 160 may send the access credential to authorization sever 180 via authorization network 184 to authenticate the user and/or communication device 110” [0041]), and
wherein, upon execution by the authentication processor, the application is configured to validate the first time-based cryptogram using the secret key and a second timestamp corresponding to a reception of the time-based cryptogram by the application, wherein the second timestamp falls within the first time interval (e.g. although the authentication processor is not recited explicitly as part of the claim 1’s system which does not execute the application - Jin “The authorization sever may also verifying that cryptogram by regenerating the cryptogram using a copy of the encryption key and comparing the regenerated cryptogram with the cryptogram provided in the access credential. The authorization server may also determine whether the access credential has reliable timestamp information (e.g., via the value of the timestamp and/or the timestamp reliability flag)” [0051]; “If the access credential indicates that the timestamp information is reliable, the authorization server may compare the timestamp information with the current authorization network time at the authorization server, and calculate the amount of time that has elapsed since the access credential was generated. The authorization server may then determine whether the access credential is being used within its time-to-live threshold. If the access credential has not expired yet, and the account information and/or cryptogram are verified to be valid, the authorization can then grant authorization for the user and/or the communication device to access the requested service” [0052]);
But Jin does not specifically disclose:
receive, from a client device associated with a merchant, a first timestamp.
However, the analogous art Kinagi does disclose receive, from a client device associated with a merchant, a first timestamp (e.g. Kinagi “the access device 125 (e.g, a merchant terminal such as a POS terminal) may generate and display a unique QR code on a display. The QR code may encode transaction-specific information including, but not limited to, access device data such as a merchant identifier, transaction amount, location information (e.g., a GPS location of the access device), transaction timestamp, etc. Other examples of the transaction-specific information may include, but are not limited to, a number of purchases in a past time period, location information of the merchant terminal, an access device ID, a token request timestamp” [0071]; “the user may scan the QR code displayed on the access device 125 using his/her mobile device 115. For example, the mobile device 115 may be a smartphone with a camera. The camera may capture the QR code and storage an image of the QR code within memory of the device for further processing. In other embodiments, the access data may be transferred from the access device 125 to the mobile device 115 using a wireless connection such as WiFi, Bluetooth, or NRC, or even a contact mode of interaction” [0072]; “the user 110 may use a second device (e.g., a wearable device) communicatively coupled to the mobile device 115 to capture the QR code (e.g., a head mounted display connected to a smartphone device)… The head mounted device sends the captured QR code information to the mobile device 115. This may be sent over a secure connection supported over a wireless data protocol, such as Bluetooth, Wi-Fi, etc” [0073]; a given time frame [0088]; “the mobile device 115 may alternatively be in the form of a payment card” [0055]). Jin and Kinagi are analogous art because they are from the same field of endeavor in contactless devices, payment cards, and cryptograms.
It would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art, having the teachings of Jin and Kinagi before him or her, to modify the disclosure of Jin with the teachings of Kinagi to include receive, from a client device associated with a merchant, a first timestamp as claimed. The suggestion/motivation for doing so would have been to improve transaction security by limiting the transaction to one that has the corresponding transaction-specific information that may be passed in an authorization request message (e.g., transaction amount, merchant location, time, date, account identifier, expiration date, CVV, etc.), as well as information surrounding the interaction between the mobile device and the access device at the point of sale (Kinagi [0019]). Therefore, it would have been obvious to combine Jin and Kinagi to obtain the invention as specified in the instant claim(s).
As to Claim 3:
Jin in view of Kinagi discloses the system of claim 1, wherein the first timestamp is associated with a real-world time (e.g. Jin “The timestamp can reflect the time at which the access credential was generated” [0019]; [0043]; “The authorization network time can be, for example, the current Universal Coordinated Time (UTC)” [0046]; [0048]).
As to Claim 4:
Jin in view of Kinagi discloses the system of claim 1, wherein the contactless card is further configured to include the first timestamp along with the first time-based cryptogram in the authentication request (e.g. Jin “To allow authorization server 180 to verify whether the access credential has expired, the access credential may include timestamp information indicating when the access credential was generated by the access application” [0042]; “portable communication device 1110 may provide access device 1160 with access credential such as an account identifier (e.g., an alternate account identifier, a token, etc.), and additional information such as limited-use account parameters… the limited-use account parameters included in the access credential may include a transaction cryptogram and a timestamp” [0107]).
As to Claim 9:
Jin in view of Kinagi discloses the system of claim 4, wherein: the contactless card is further configured to receive the first time stamp from the client device (e.g. Kinagi “access device data such as a merchant identifier, transaction amount, location information (e.g., a GPS location of the access device), transaction timestamp, etc. Other examples of the transaction-specific information may include, but are not limited to, a number of purchases in a past time period, location information of the merchant terminal, an access device ID, a token request timestamp” [0071]) via an intermediary device, and the intermediary device comprises a user device with near-field communication (NFC) connectivity to the contactless card and a network connectivity to the authentication processor (e.g. Kinagi “the user 110 may use a second device (e.g., a wearable device) communicatively coupled to the mobile device 115 to capture the QR code (e.g., a head mounted display connected to a smartphone device)… The head mounted device sends the captured QR code information to the mobile device 115. This may be sent over a secure connection supported over a wireless data protocol, such as Bluetooth, Wi-Fi, etc” [0073]; a given time frame [0088]; “the mobile device 115 may alternatively be in the form of a payment card” [0055]; “the user 110 may tap his/her mobile device 115 to the access device 125 to initiate an NFC connection” [0080]; [0082]). The Examiner supplies the same rationale for the combination of references Jin and Kinagi as in Claim 1 above.
As to Amended Claim 10:
Jin discloses a method for user authentication (e.g. Jin “A process for generating an access credential by a communication device” [Abstract]; smart card [0022]), comprising:
receiving, by a contactless a first timestamp (e.g. Jin “have the access application obtain an authorization network time from the authorization server 180 each time the access credential is generated. Because the authorization network time is provided by authorization server 180, a user would not be able to manipulate this time information received from authorization server 180” [0043]; [0042]; “Communication device 110 may communicate with authorization server 180 via a communications network 182 (e.g., internet, mobile or cellular network, etc.). For example, communication device 110 may communicate with authorization server 180 to download an access application. The access application may allow communication device 110 to interact with an access device to obtain a service associated with the service provider” [0039]; “the access application may communicate with the authorization network (e.g., authorization server) to synchronize the access application and the communication device with the authorization network. For example, the access application may receive an authorization network time from the authorization network when the communication device synchronizes with the authorization network. The authorization network time can be, for example, the current Universal Coordinated Time (UTC), the current local time at the authorization server, or the current time of an arbitrary clock maintained by the authorization server” [0046]; “the access credential may have a limited lifespan and may expire after a time-to-live amount of time. For example, the access credential may have a time-to-live of up to 5 minutes, 10 minutes, 15 minutes, or 30 minutes, etc. from when the access credential is generated, and after which the access credential will no longer be valid. To allow authorization server 180 to verify whether the access credential has expired, the access credential may include timestamp information indicating when the access credential was generated by the access application” [0042]);
generating, by the contactless card (e.g. Jin smart card [0022]), a first time-based cryptogram using a shared secret key and the first timestamp received from the application (e.g. Jin “In addition to the timestamp, the access credential generated by the access application may also include account information associated with an account of the user. For example, the account information may include an account identifier or a token that is used as a substitute for a real account identifier. The account credential may also include a cryptogram that is generated by encrypting the account information and/or the timestamp using an encryption key” [0050]);
transmitting, by the contactless card, an authentication request comprising the first time-based cryptogram to a second device for transmission to an application comprising instructions for execution on a first device (e.g. Jin “An “access device” may be any suitable device for interacting with a communication device and for communicating with an authorization server. In some embodiments, an access device may communicate with an authorization server via a merchant computer or transaction processing network. An access device may generally be located in any suitable location, such as at the location of a merchant. An access device may be in any suitable form. Some examples of access devices include POS devices” [0027]; “When the user attempts to access a service using communication device 110, the user may launch the access application on communication device 110, and instruct the access application to generate an access credential that is used for authenticating the user and/or communication device 110 to the service provider. Communication device 110 may interact with access device 160, and provide the access credential to access device 160” [0040]; “The account credential may also include a cryptogram that is generated by encrypting the account information and/or the timestamp using an encryption key. In some embodiments, the encryption key can be a limited-use key that has its own set of usage restrictions. The access credential can then be provided to the access device to request authorization to access the requested service. In some embodiments, the access credential can be transmitted to the access device using a wired or wireless (e.g., NFC, WiFi, Bluetooth, etc.) connection” [0050]; “Access device 160 may send the access credential to authorization sever 180 via authorization network 184 to authenticate the user and/or communication device 110” [0041]); and
validating, by the application, the first time-based cryptogram using the shared secret key and a second timestamp associated with a reception of the time-based cryptogram by the application, wherein the second timestamp falls within the first time interval (e.g. Jin “The authorization sever may also verifying that cryptogram by regenerating the cryptogram using a copy of the encryption key and comparing the regenerated cryptogram with the cryptogram provided in the access credential. The authorization server may also determine whether the access credential has reliable timestamp information (e.g., via the value of the timestamp and/or the timestamp reliability flag)” [0051]; “If the access credential indicates that the timestamp information is reliable, the authorization server may compare the timestamp information with the current authorization network time at the authorization server, and calculate the amount of time that has elapsed since the access credential was generated. The authorization server may then determine whether the access credential is being used within its time-to-live threshold. If the access credential has not expired yet, and the account information and/or cryptogram are verified to be valid, the authorization can then grant authorization for the user and/or the communication device to access the requested service” [0052]);
But Jin does not specifically disclose:
receiving, by a contactless a first timestamp from a client device associated with a merchant.
However, the analogous art Kinagi does disclose receiving, by a contactless a first timestamp from a client device associated with a merchant (e.g. Kinagi “the access device 125 (e.g, a merchant terminal such as a POS terminal) may generate and display a unique QR code on a display. The QR code may encode transaction-specific information including, but not limited to, access device data such as a merchant identifier, transaction amount, location information (e.g., a GPS location of the access device), transaction timestamp, etc. Other examples of the transaction-specific information may include, but are not limited to, a number of purchases in a past time period, location information of the merchant terminal, an access device ID, a token request timestamp” [0071]; “the user may scan the QR code displayed on the access device 125 using his/her mobile device 115. For example, the mobile device 115 may be a smartphone with a camera. The camera may capture the QR code and storage an image of the QR code within memory of the device for further processing. In other embodiments, the access data may be transferred from the access device 125 to the mobile device 115 using a wireless connection such as WiFi, Bluetooth, or NRC, or even a contact mode of interaction” [0072]; “the user 110 may use a second device (e.g., a wearable device) communicatively coupled to the mobile device 115 to capture the QR code (e.g., a head mounted display connected to a smartphone device)… The head mounted device sends the captured QR code information to the mobile device 115. This may be sent over a secure connection supported over a wireless data protocol, such as Bluetooth, Wi-Fi, etc” [0073]; a given time frame [0088]; “the mobile device 115 may alternatively be in the form of a payment card” [0055]). Jin and Kinagi are analogous art because they are from the same field of endeavor in contactless devices, payment cards, and cryptograms.
It would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art, having the teachings of Jin and Kinagi before him or her, to modify the disclosure of Jin with the teachings of Kinagi to include receiving, by a contactless a first timestamp from a client device associated with a merchant as claimed. The suggestion/motivation for doing so would have been to improve transaction security by limiting the transaction to one that has the corresponding transaction-specific information that may be passed in an authorization request message (e.g., transaction amount, merchant location, time, date, account identifier, expiration date, CVV, etc.), as well as information surrounding the interaction between the mobile device and the access device at the point of sale (Kinagi [0019]). Therefore, it would have been obvious to combine Jin and Kinagi to obtain the invention as specified in the instant claim(s).
As to Claim 11:
Jin in view of Kinagi discloses the method of claim 10, wherein the first timestamp corresponds to current time maintained by the first device (e.g. Jin “the access application obtain an authorization network time from the authorization server 180 each time the access credential is generated. Because the authorization network time is provided by authorization server 180, a user would not be able to manipulate this time information received from authorization server 180” [0043]; “FIG. 2 illustrates a timing diagram of a technique to generate a reliable timestamp for use in an access credential” [0044]; “the access application may receive an authorization network time from the authorization network when the communication device synchronizes with the authorization network. The authorization network time can be, for example, the current Universal Coordinated Time (UTC), the current local time at the authorization server” [0046]).
As to Claim 13:
Jin in view of Kinagi discloses the method of claim 10, wherein the contactless card is further configured to include the first timestamp, along with the first time-based cryptogram, in the authentication request transmitted to the second device (e.g. Jin “To allow authorization server 180 to verify whether the access credential has expired, the access credential may include timestamp information indicating when the access credential was generated by the access application” [0042]; “portable communication device 1110 may provide access device 1160 with access credential such as an account identifier (e.g., an alternate account identifier, a token, etc.), and additional information such as limited-use account parameters… the limited-use account parameters included in the access credential may include a transaction cryptogram and a timestamp” [0107]).
As to Claim 19:
Jin in view of Kinagi discloses the method of claim 13, wherein:
receiving the first time stamp comprises receiving, by the contactless card, the first time stamp from the client device via an intermediary device, and (e.g. Kinagi “access device data such as a merchant identifier, transaction amount, location information (e.g., a GPS location of the access device), transaction timestamp, etc. Other examples of the transaction-specific information may include, but are not limited to, a number of purchases in a past time period, location information of the merchant terminal, an access device ID, a token request timestamp” [0071]), and the intermediary device comprises a user device with near-field communication (NFC) connectivity to the contactless card and a network connectivity to the first device, the first device corresponding to an authentication processor associated with the contactless card (e.g. Kinagi “the user 110 may use a second device (e.g., a wearable device) communicatively coupled to the mobile device 115 to capture the QR code (e.g., a head mounted display connected to a smartphone device)… The head mounted device sends the captured QR code information to the mobile device 115. This may be sent over a secure connection supported over a wireless data protocol, such as Bluetooth, Wi-Fi, etc” [0073]; a given time frame [0088]; “the mobile device 115 may alternatively be in the form of a payment card” [0055]; “the user 110 may tap his/her mobile device 115 to the access device 125 to initiate an NFC connection” [0080]; [0082]). The Examiner supplies the same rationale for the combination of references Jin and Kinagi as in Claim 10 above.
As to Amended Claim 20:
Jin discloses a non-transitory computer readable medium containing computer executable instructions that, when executed by a computer hardware arrangement, cause the computer hardware arrangement to perform procedures (e.g. Jin “Any of the software components or functions described in this application, may be implemented as software code to be executed by a processor... software code may be stored as a series of instructions, or commands on a computer readable medium” [0114]) comprising:
receiving, from a contactless card via a second device, an authentication request comprising a first time-based cryptogram generated using a shared secret key and a first timestamp (e.g. Jin “An “access device” may be any suitable device for interacting with a communication device and for communicating with an authorization server. In some embodiments, an access device may communicate with an authorization server via a merchant computer or transaction processing network. An access device may generally be located in any suitable location, such as at the location of a merchant. An access device may be in any suitable form. Some examples of access devices include POS devices” [0027]; “When the user attempts to access a service using communication device 110, the user may launch the access application on communication device 110, and instruct the access application to generate an access credential that is used for authenticating the user and/or communication device 110 to the service provider. Communication device 110 may interact with access device 160, and provide the access credential to access device 160” [0040]; “The account credential may also include a cryptogram that is generated by encrypting the account information and/or the timestamp using an encryption key. In some embodiments, the encryption key can be a limited-use key that has its own set of usage restrictions. The access credential can then be provided to the access device to request authorization to access the requested service. In some embodiments, the access credential can be transmitted to the access device using a wired or wireless (e.g., NFC, WiFi, Bluetooth, etc.) connection” [0050]; “Access device 160 may send the access credential to authorization sever 180 via authorization network 184 to authenticate the user and/or communication device 110” [0041]); and
validating, the first time-based cryptogram using the secret key and a second timestamp associated with a reception of the time-based cryptogram by the application, received from the contactless card, wherein the second timestamp falls within the first time interval (e.g. Jin “The authorization sever may also verifying that cryptogram by regenerating the cryptogram using a copy of the encryption key and comparing the regenerated cryptogram with the cryptogram provided in the access credential. The authorization server may also determine whether the access credential has reliable timestamp information (e.g., via the value of the timestamp and/or the timestamp reliability flag)” [0051]; “If the access credential indicates that the timestamp information is reliable, the authorization server may compare the timestamp information with the current authorization network time at the authorization server, and calculate the amount of time that has elapsed since the access credential was generated. The authorization server may then determine whether the access credential is being used within its time-to-live threshold. If the access credential has not expired yet, and the account information and/or cryptogram are verified to be valid, the authorization can then grant authorization for the user and/or the communication device to access the requested service” [0052]);
But Jin does not specifically disclose:
a first timestamp received from a client device associated with a merchant.
However, the analogous art Kinagi does disclose a first timestamp received from a client device associated with a merchant (e.g. Kinagi “the access device 125 (e.g, a merchant terminal such as a POS terminal) may generate and display a unique QR code on a display. The QR code may encode transaction-specific information including, but not limited to, access device data such as a merchant identifier, transaction amount, location information (e.g., a GPS location of the access device), transaction timestamp, etc. Other examples of the transaction-specific information may include, but are not limited to, a number of purchases in a past time period, location information of the merchant terminal, an access device ID, a token request timestamp” [0071]; “the user may scan the QR code displayed on the access device 125 using his/her mobile device 115. For example, the mobile device 115 may be a smartphone with a camera. The camera may capture the QR code and storage an image of the QR code within memory of the device for further processing. In other embodiments, the access data may be transferred from the access device 125 to the mobile device 115 using a wireless connection such as WiFi, Bluetooth, or NRC, or even a contact mode of interaction” [0072]; “the user 110 may use a second device (e.g., a wearable device) communicatively coupled to the mobile device 115 to capture the QR code (e.g., a head mounted display connected to a smartphone device)… The head mounted device sends the captured QR code information to the mobile device 115. This may be sent over a secure connection supported over a wireless data protocol, such as Bluetooth, Wi-Fi, etc” [0073]; a given time frame [0088]; “the mobile device 115 may alternatively be in the form of a payment card” [0055]). Jin and Kinagi are analogous art because they are from the same field of endeavor in contactless devices, payment cards, and cryptograms.
It would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art, having the teachings of Jin and Kinagi before him or her, to modify the disclosure of Jin with the teachings of Kinagi to include a first timestamp received from a client device associated with a merchant as claimed. The suggestion/motivation for doing so would have been to improve transaction security by limiting the transaction to one that has the corresponding transaction-specific information that may be passed in an authorization request message (e.g., transaction amount, merchant location, time, date, account identifier, expiration date, CVV, etc.), as well as information surrounding the interaction between the mobile device and the access device at the point of sale (Kinagi [0019]). Therefore, it would have been obvious to combine Jin and Kinagi to obtain the invention as specified in the instant claim(s).
Claim 2 is rejected under 35 U.S.C. 103 as being unpatentable over Jin in view of Kinagi as applied to Claim 1, and further in view of Liu et al. (US 20140325225 A1, hereinafter Liu).
As to Amended Claim 2:
Jin in view of Kinagi discloses the system of claim 1, but does not specifically disclose:
to encrypt the first timestamp with the shared secret key prior to transmission (although Jin does discloses transmitting the timestamp to the contactless card [0076]).
However, the analogous art Liu does disclose to encrypt the first timestamp with the shared secret key prior to transmission (e.g. Liu “encrypting sender's ID and timestamp by using the private key of the coupled public and private keys, and obtains the first ciphertext of the sender's ID valid period” [Abstract]; “wherein the self-authenticated process is conducted between sender and receiver with timestamp, which consists of valid period authentication and identity authentication” [0013]). Jin, Kinagi, and Liu are analogous art because they are from the same field of endeavor in cryptographic network communication.
It would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art, having the teachings of Jin, Kinagi, and Liu before him or her, to modify the combination of Jin and Kinagi with the teachings of Liu to include to encrypt the first timestamp with the shared secret key prior to transmission as claimed. The suggestion/motivation for doing so would have been to provide a self-authenticated system with timestamp and solve the problem of the distributed key is irrevocable in the existing self-authenticated system (Liu [0012]). Therefore, it would have been obvious to combine Jin, Kinagi, and Liu to obtain the invention as specified in the instant claim(s).
Claims 5 and 6 are rejected under 35 U.S.C. 103 as being unpatentable over Jin in view of Kinagi as applied to Claim 1, and further in view of VILMOS (US 20200274866 A1).
As to Amended Claim 5:
Jin in view of Kinagi discloses the system of claim 4, further comprising: a second application comprises instructions for execution by a processor of the second device (e.g. Jin “An access device may be in any suitable form. Some examples of access devices include POS devices, cellular phones, PDAs, personal computers (PCs), tablet PCs, hand-held specialized readers, set-top boxes, electronic cash registers (ECRs), automated teller machines (ATMs), virtual cash registers (VCRs), kiosks, security systems, access systems, websites or web servers, and the like. An access device may use any suitable contact or contactless, wired or wireless mode of operation to send or receive data from, or associated with, a communication device. In some embodiments, where an access device may comprise a POS terminal, any suitable POS terminal may be used and may include a reader, a processor, and a computer-readable medium” [0027]), but does not specifically disclose:
wherein the second application is configured to verify the first timestamp falls within a second time interval prior to transmitting (although Jin does discloses forwarding the time-based cryptogram to the authentication processor [0027]; [0040]; [0041]; [0050]).
However, the analogous art VILMOS does disclose wherein the second application is configured to verify the first timestamp falls within a second time interval prior to transmitting (e.g. VILMOS “expiration is verified based on the timestamp 214, current time and a pre-set expiry value, e.g. 1 minutes. The gateway 30 checks whether or not the pre-set expiry value had already expired since the timestamp 214 was applied, if yes the command 204 will not be forwarded to the second (protected) device 42” [0082]). Jin, Kinagi, and VILMOS are analogous art because they are from the same field of endeavor in authentication over a network.
It would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art, having the teachings of Jin, Kinagi, and VILMOS before him or her, to modify the combination of Jin and Kinagi with the teachings of VILMOS to include wherein the second application is configured to verify the first timestamp falls within a second time interval prior to transmitting as claimed. The suggestion/motivation for doing so would have been to assure the protection of a remotely operable second device (which may even be a complex system as well) without the need to carry out major modifications on the device itself (VILMOS [0010]). Therefore, it would have been obvious to combine Jin, Kinagi, and VILMOS to obtain the invention as specified in the instant claim(s).
As to Amended Claim 6:
Jin in view of Kinagi and VILMOS discloses the system of claim 5, wherein the second application is further configured to reject the authentication request if the first timestamp does not fall within the second time interval (e.g. VILMOS “expiration is verified based on the timestamp 214, current time and a pre-set expiry value, e.g. 1 minutes. The gateway 30 checks whether or not the pre-set expiry value had already expired since the timestamp 214 was applied, if yes the command 204 will not be forwarded to the second (protected) device 42” [0082]; “the request to transmit the command 204 is rejected without further verification” [0084]). The Examiner supplies the same rationale for the combination of references Jin, Kinagi, and VILMOS as in Claim 5 above.
Claim 7 is rejected under 35 U.S.C. 103 as being unpatentable over Jin in view of Kinagi and VILMOS as applied to Claim 5, and further in view of Agrawal et al. (US 20220215391 A1, hereinafter Agrawal).
As to Claim 7:
Jin in view of Kinagi and VILMOS discloses the system of claim 6, but does not specifically disclose:
wherein the second time interval is predetermined by a client associated with the second device.
However, the analogous art Agrawal does disclose wherein the second time interval is predetermined by a client associated with the second device (e.g. Agrawal “FSP system 130 may, in response to the request, associate a transaction rule with the user's payment account in step 720. The transaction rule may define a condition... For example, the condition may specify a window of time within with a foreign transaction authorization request can be approved, and the condition is met when the foreign transaction authorization request is received within the time window.” [0088]). Jin, Kinagi, VILMOS, and Agrawal are analogous art because they are from the same field of endeavor in authorizing transactions.
It would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art, having the teachings of Jin, Kinagi, VILMOS, and Agrawal before him or her, to modify the combination of Jin, Kinagi, and VILMOS with the teachings of Agrawal to include wherein the second time interval is predetermined by a client associated with the second device as claimed. The suggestion/motivation for doing so would have been for greatly enhancing the utility of the payment card while preventing or deterring fraudulent activities (Agrawal [0003]; [0004]). Therefore, it would have been obvious to combine Jin, Kinagi, VILMOS, and Agrawal to obtain the invention as specified in the instant claim(s).
Claims 8 and 18 are rejected under 35 U.S.C. 103 as being unpatentable over Jin in view of Kinagi as applied to Claims 1 and 10, and further in view of Liu and Ting (US 20020174348 A1).
As to Amended Claim 8:
Jin in view of Kinagi discloses the system of claim 4, but does not specifically disclose:
wherein the first timestamp is encrypted with a private key, stored on the contactless card, prior to inclusion in the authentication request, and validated by a corresponding public key stored in the second device.
However, the analogous art Liu does disclose wherein the first timestamp is encrypted with a private key prior to inclusion in the authentication request (e.g. Liu “encrypting sender's ID and timestamp by using the private key of the coupled public and private keys, and obtains the first ciphertext of the sender's ID valid period” [Abstract]; “wherein the self-authenticated process is conducted between sender and receiver with timestamp, which consists of valid period authentication and identity authentication” [0013]; sender encrypts timestamp with private key prior to sending it in the authentication message to the receiver [0034]-[0038]). Furthermore, the analogous art Ting does disclose a private key, stored on the contactless card and validated by a corresponding public key stored in the second device (e.g. Ting “Once the smart card is opened for read access, the agent module 148 reads out the private key associated with the smart card and uses the private key to sign the challenge string to produce the response. The response code is then returned to the server 108 for validation. The network interface 124 receives the resulting response and using the public key associated with the subscriber (stored in module 135), the network interface 124 applies the public key to the signature to validate the response which could only be generated using the private key in the smart card” [0044]). Jin, Kinagi, Liu, and Ting are analogous art because they are from the same field of endeavor in cryptographic validation.
It would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art, having the teachings of Jin, Kinagi, Liu, and Ting before him or her, to modify the combination of Jin and Kinagi with the teachings of Liu and Ting to include wherein the first timestamp is encrypted with a private key, stored on the contactless card, prior to inclusion in the authentication request, and validated by a corresponding public key stored in the second device as claimed. First suggestion/motivation for doing so would have been to provide a self-authenticated system with timestamp and solve the problem of the distributed key is irrevocable in the existing self-authenticated system (Liu [0012]). Second suggestion/motivation for doing so would have been to utilize strong authentication to offer highly reliable authentication that creates links that cannot be repudiated for transactions initiated within the context of an authenticated session (Ting [0006]). Therefore, it would have been obvious to combine Jin, Kinagi, Liu, and Ting to obtain the invention as specified in the instant claim(s).
As to Claim 18:
Jin in view of Kinagi discloses the method of claim 13, but does not specifically disclose:
wherein the first timestamp is encrypted with a private key, stored on the contactless card, prior to inclusion in the authentication request, and validated by a corresponding public key stored on the second device.
However, the analogous art Liu does disclose wherein the first timestamp is encrypted with a private key prior to inclusion in the authentication request (e.g. Liu “encrypting sender's ID and timestamp by using the private key of the coupled public and private keys, and obtains the first ciphertext of the sender's ID valid period” [Abstract]; “wherein the self-authenticated process is conducted between sender and receiver with timestamp, which consists of valid period authentication and identity authentication” [0013]; sender encrypts timestamp with private key prior to sending it in the authentication message to the receiver [0034]-[0038]). Furthermore, the analogous art Ting does disclose a private key, stored on the contactless card and validated by a corresponding public key stored on the second device (e.g. Ting “Once the smart card is opened for read access, the agent module 148 reads out the private key associated with the smart card and uses the private key to sign the challenge string to produce the response. The response code is then returned to the server 108 for validation. The network interface 124 receives the resulting response and using the public key associated with the subscriber (stored in module 135), the network interface 124 applies the public key to the signature to validate the response which could only be generated using the private key in the smart card” [0044]). Jin, Kinagi, Liu, and Ting are analogous art because they are from the same field of endeavor in cryptographic validation.
It would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art, having the teachings of Jin, Kinagi, Liu, and Ting before him or her, to modify the combination of Jin and Kinagi with the teachings of Liu and Ting to include wherein the first timestamp is encrypted with a private key, stored on the contactless card, prior to inclusion in the authentication request, and validated by a corresponding public key stored on the second device as claimed. First suggestion/motivation for doing so would have been to provide a self-authenticated system with timestamp and solve the problem of the distributed key is irrevocable in the existing self-authenticated system (Liu [0012]). Second suggestion/motivation for doing so would have been to utilize strong authentication to offer highly reliable authentication that creates links that cannot be repudiated for transactions initiated within the context of an authenticated session (Ting [0006]). Therefore, it would have been obvious to combine Jin, Kinagi, Liu, and Ting to obtain the invention as specified in the instant claim(s).
Claim 12 is rejected under 35 U.S.C. 103 as being unpatentable over Jin in view Kinagi as applied to Claim 10, and further in view of ILINCIC et al. (US 20210279724 A1, hereinafter Ilincic).
As to Claim 12:
Jin in view of Kinagi discloses the method of claim 10, wherein the authentication request further comprises a unique customer identifier (e.g. Jin “the access credential generated by the access application may also include account information associated with an account of the user. For example, the account information may include an account identifier or a token that is used as a substitute for a real account identifier” [0050]; “Access device 1160 or a merchant computer coupled to access device 1160 may generate an authorization request message including the account identifier” [0108]), but does not specifically disclose:
a unique customer identifier retrieved from a memory of the contactless card.
However, the analogous art Ilincic does disclose a unique customer identifier retrieved from a memory of the contactless card (e.g. Ilincic “a memory 102 of the contactless card includes card data 103, a counter 104, a master key 105, a diversified key 106, and a unique customer identifier 107” [0018]; “The contactless card 101 may then encrypt the data (e.g., the customer identifier 107 and any other data) using the diversified key 106. The contactless card 101 may then transmit the encrypted data to the account application 113 of the mobile device 110 (e.g., via an NFC connection” [0024]). Jin, Kinagi, and Ilincic are analogous art because they are from the same field of endeavor in contactless cards.
It would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art, having the teachings of Jin, Kinagi, and Ilincic before him or her, to modify the combination of Jin and Kinagi with the teachings of Ilincic to include a unique customer identifier retrieved from a memory of the contactless card as claimed. The suggestion/motivation for doing so would have been to provide secure techniques for mobile currency transfer using NFC-enabled mobile devices (Ilincic [0011]). Therefore, it would have been obvious to combine Jin, Kinagi, and Ilincic to obtain the invention as specified in the instant claim(s).
Claims 14 and 17 are rejected under 35 U.S.C. 103 as being unpatentable over Jin in view of Kinagi as applied to Claim 10, and further in view of VILMOS and Miryala et al. (US 20180060863 A1, hereinafter Miryala).
As to Amended Claim 14:
Jin in view of Kinagi discloses the method of claim 13, but does not specifically disclose:
verifying, by the second application, that the first timestamp falls within a second time interval prior to forwarding (although Jin does discloses forwarding the time-based cryptogram to the first device [0027]; [0040]; [0041]; [0050]);
wherein the second time interval is predetermined by the merchant.
However, the analogous art VILMOS does disclose verifying, by the second application, that the first timestamp falls within a second time interval prior to forwarding (e.g. VILMOS “expiration is verified based on the timestamp 214, current time and a pre-set expiry value, e.g. 1 minutes. The gateway 30 checks whether or not the pre-set expiry value had already expired since the timestamp 214 was applied, if yes the command 204 will not be forwarded to the second (protected) device 42” [0082]). Furthermore, the analogous art Miryala does disclose wherein the second time interval is predetermined by the merchant (e.g. Miryala “a merchant can define a validity period of the unique transaction code by setting a predetermined validity period. The predetermined validity period provides a time period that the unique transaction code is considered valid” [0065]). Jin, Kinagi, VILMOS, and Miryala are analogous art because they are from the same field of endeavor in communication validity periods.
It would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art, having the teachings of Jin, Kinagi, VILMOS, and Miryala before him or her, to modify the combination of Jin and Kinagi with the teachings of VILMOS and Miryala to include verifying, by the second application, that the first timestamp falls within a second time interval prior to forwarding and wherein the second time interval is predetermined by the merchant as claimed. First suggestion/motivation for doing so would have been to assure the protection of a remotely operable second device (which may even be a complex system as well) without the need to carry out major modifications on the device itself (VILMOS [0010]). Second, suggestion/motivation for doing so would have been to prevent losses from transactions by allowing the store owner to deploy some auditing measures for payment status verification (Miryala [0005]; [0006]). Therefore, it would have been obvious to combine Jin, Kinagi, VILMOS, and Miryala to obtain the invention as specified in the instant claim(s).
As to Amended Claim 17:
Jin in view of Kinagi, VILMOS, and Miryala discloses the method of claim 14, wherein the second device comprises a merchant transaction device (e.g. Jin “an access device may communicate with an authorization server via a merchant computer or transaction processing network. An access device may generally be located in any suitable location, such as at the location of a merchant” [0027]; “portable communication device 1110 by interacting with a contactless reader 1162 of an access device 1160 (e.g., at a merchant location). Components of access device 1160 may include point-of-sale (POS) terminal 1164 and/or electronic cash register 1166. In some embodiments, access device 1160 can be a web server associated with a merchant” [0104]) and wherein the second time interval is pre-determined by the merchant (e.g. Miryala “a merchant can define a validity period of the unique transaction code by setting a predetermined validity period. The predetermined validity period provides a time period that the unique transaction code is considered valid” [0065]). The Examiner supplies the same rationale for the combination of references Jin, Kinagi, VILMOS, and Miryala as in Claim 14 above.
Claim 15 is rejected under 35 U.S.C. 103 as being unpatentable over Jin in view of Kinagi, VILMOS, and Miryala as applied to Claim 14, and further in view of Nishida et al. (US 20130003106 A1, hereinafter Nishida).
As to Amended Claim 15:
Jin in view of Kinagi, VILMOS, and Miryala discloses the method of claim 14 wherein the second application is further configured to reject the authentication request if the first timestamp does not fall within the second time interval (e.g. VILMOS “expiration is verified based on the timestamp 214, current time and a pre-set expiry value, e.g. 1 minutes. The gateway 30 checks whether or not the pre-set expiry value had already expired since the timestamp 214 was applied, if yes the command 204 will not be forwarded to the second (protected) device 42” [0082]; “In such cases the request to transmit the command 204 is rejected without further verification” [0084] with the same rationale for the combination of references as in Claim 14), but does not specifically disclose:
wherein the authentication request comprises an indication of a length of the second time interval (although Jin does teach a time-to-live threshold amount of time [0018]; “the access credential may have a limited lifespan and may expire after a time-to-live amount of time. For example, the access credential may have a time-to-live of up to 5 minutes, 10 minutes, 15 minutes, or 30 minutes, etc. from when the access credential is generated, and after which the access credential will no longer be valid” [0042] and VILMOS does teach a pre-set expiry value e.g. 1 minute [0082]).
However, the analogous art Nishida does disclose wherein the authentication request comprises an indication of a length of the second time interval (e.g. Nishida “an expiration date/time determination unit configured to determine whether or not the valid time period of an access token included in the authentication request remains for a predetermined time or more upon acceptance of the authentication request, wherein, when the expiration date/time determination unit has determined that the valid time period of the access token remains for a predetermined time or more” [Claim 13]). Jin, Kinagi, VILMOS, Miryala, and Nishida are analogous art because they are from the same field of endeavor in token validity periods.
It would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art, having the teachings of Jin, Kinagi, VILMOS, Miryala, and Nishida before him or her, to modify the combination of Jin, Kinagi, VILMOS, and Miryala with the teachings of Nishida to include wherein the authentication request comprises an indication of a length of the second time interval as claimed. The suggestion/motivation for doing so would have been to update the expiration date/time of authentication information required (Nishida [0002]). Therefore, it would have been obvious to combine Jin, Kinagi, VILMOS, Miryala, and Nishida to obtain the invention as specified in the instant claim(s).
Claim 16 is rejected under 35 U.S.C. 103 as being unpatentable over Jin in view of Kinagi, VILMOS, and Miryala as applied to Claim 14, and further in view of Bahr (US 20090196227 A1).
As to Amended Claim 16:
Jin in view of Kinagi, VILMOS, and Miryala discloses the method of claim 14, but does not specifically disclose:
wherein the second time interval corresponds to a same time window as the first time interval.
However, the analogous art Bahr does disclose wherein the second time interval corresponds to a same time window as the first time interval (e.g. Bahr “it is of advantage if the value of a second validity period of the RREP message is set equal to the value of the first validity period on the part of the sink node. The advantage is that forward and reverse route have virtually the same or a very similar lifetime” [0041]). Jin, Kinagi, VILMOS, Miryala, and Bahr are analogous art because they are from the same field of endeavor in network communication.
It would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art, having the teachings of Jin, Kinagi, VILMOS, Miryala, and Bahr before him or her, to modify the combination of Jin, Kinagi, VILMOS, and Miryala with the teachings of Bahr to include wherein the second time interval corresponds to a same time window as the first time interval as claimed. The suggestion/motivation for doing so would have been so that forward and reverse route have virtually the same or a very similar lifetime (Bahr [0041]). Therefore, it would have been obvious to combine Jin, Kinagi, VILMOS, Miryala, and Bahr to obtain the invention as specified in the instant claim(s).
Conclusion
The prior art made of record and not relied upon is considered pertinent to applicants’ disclosure.
Irwin et al. (US 20030187794 A1)
Labrou et al. (US 20040098350 A1)
Kelly et al. (US 20130036058 A1)
Applicants’ amendment necessitated the new ground(s) of rejection presented in this Office action. Accordingly, THIS ACTION IS MADE FINAL. See MPEP § 706.07(a). Applicant is reminded of the extension of time policy as set forth in 37 CFR 1.136(a).
A shortened statutory period for reply to this final action is set to expire THREE MONTHS from the mailing date of this action. In the event a first reply is filed within TWO MONTHS of the mailing date of this final action and the advisory action is not mailed until after the end of the THREE-MONTH shortened statutory period, then the shortened statutory period will expire on the date the advisory action is mailed, and any nonprovisional extension fee (37 CFR 1.17(a)) pursuant to 37 CFR 1.136(a) will be calculated from the mailing date of the advisory action. In no event, however, will the statutory period for reply expire later than SIX MONTHS from the mailing date of this final action.
Any inquiry concerning this communication or earlier communications from the examiner should be directed to Kenneth Chang whose telephone number is (571)270-7530. The examiner can normally be reached Monday - Friday 9:30am-5:30pm EST.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Taghi Arani can be reached at 571-272-3787. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. Visit https://www.uspto.gov/patents/apply/patent-center for more information about Patent Center and https://www.uspto.gov/patents/docx for information about filing in DOCX format. For additional questions, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.
/KENNETH W CHANG/Primary Examiner, Art Unit 2438
PNG
media_image1.png
35
280
media_image1.png
Greyscale
06.23.2026