Notice of Pre-AIA or AIA Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .
Claim Rejections - 35 USC § 102
In the event the determination of the status of the application as subject to AIA 35 U.S.C. 102 and 103 (or as subject to pre-AIA 35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis (i.e., changing from AIA to pre-AIA ) for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status.
The following is a quotation of the appropriate paragraphs of 35 U.S.C. 102 that form the basis for the rejections under this section made in this Office action:
A person shall be entitled to a patent unless –
(a)(2) the claimed invention was described in a patent issued under section 151, or in an application for patent published or deemed published under section 122(b), in which the patent or application, as the case may be, names another inventor and was effectively filed before the effective filing date of the claimed invention.
Claim(s) 1, 2, 4-12 and 14-20 is/are rejected under 35 U.S.C. 102(a2) as being anticipated by LeSaint et al.(US20230033988) (hereinafter LeSaint).
Per claim 1, LeSaint discloses a system configured to verify messaging-based notification permissions, the system comprising: one or more servers including one or more processors with processor configured by machine-readable instructions (paragraph 0114, i.e. the trusted external server 302 may possess a processor and a computer readable medium and may be capable of any operations) to: receive, via a communications network, a user-initiated request from a client computing platform for a resource , wherein the client computing platform is associated with a user (paragraph 0049, i.e. the user 110 operating a client computer 120 such as a laptop may transmit a request 101 to access their web-based email account to a server computer 160 operating as an email server. The request 101 may contain information used to perform authentication, such as a username and password); generate contents for a draft message (paragraph 0150, i.e. the cryptographic key may be used to generate an authentication cryptogram. The authentication cryptogram may be sent to a decryption device and the decryption device may decrypt the authentication cryptogram and authenticate the encryption device based on its contents). , wherein the contents includes human-readable information (paragraph 0200, i.e. the decryption device may generate cryptographic keys corresponding to each assurance level in turn, and try to decrypt the authentication cryptogram with each cryptographic key. If a decryption results in a computer or human readable message, the correct cryptographic key was used to decrypt the authentication cryptogram) a message identifier (paragraph 0089, i.e. for example, this may include information such as a unique identifier, such as a serial number, and/or an IP address or MAC address. When a new device is added to the user device network and the registry, the new device may transmit a unique identifier and its IP address to each other device in the user device network. The new device may transmit a unique identifier and its IP address to a hub or proxy device); transfer information to the client computing platform (paragraph 0118, i.e. the trusted external server 302 may perform a key exchange with devices in the user device network 312 in order to securely transmit data such as secret shares to the devices in the user device network 312), wherein the information includes the contents and one or more instructions for a messaging-based communication application on the client computing platform, wherein the one or more instructions effectuate drafting of the draft message for the messaging-based communication application(paragraph 0121, i.e. The encryption device may possess code or an application that allows it to perform functions and operations necessary to perform consensus-based online authentication. This may include generating commitment messages) , wherein the draft message includes the contents (paragraph 0028, i.e. A “commitment message” may refer to a message that may be used to verify that a course of action has been committed to. In a cryptographic context, a commitment message may refer to a message that may be used to verify that an encrypted message was not tampered with. Before a message is encrypted, a commitment message can be produced based on the message, e.g., via a hash function) ; receive, via the communications network, a text message from the client computing platform(paragraph 0208, i.e. The commitment messages may be transmitted using an appropriate protocol in an encrypted or unencrypted form. Additionally, the commitment message may be transmitted through a communication network, such as the Internet or a cellular communications network); perform a verification whether the text message as received includes the human-readable information and the message identifier as generated (paragraph 0200, i.e. e authentication cryptogram may not be paired with any number, message, statement, or indication. In this case the decryption device may employ a method such as “guess and check” in order to decrypt the authentication cryptogram. Provided the number of assurance levels is reasonable, the decryption device may generate cryptographic keys corresponding to each assurance level in turn, and try to decrypt the authentication cryptogram with each cryptographic key. If a decryption results in a computer or human readable message, the correct cryptographic key was used to decrypt the authentication cryptogram) ; and responsive to the verification verifying the text message as received includes the human-readable information and the message identifier, notify the user (paragraph 0203 and 0250, i.e. It may also include a “commitment message,” a message or value that may be used to verify that a cryptographic operation was performed correctly and The comparison assurance level may be used as a check or verification on the assurance level of the cryptogram. The user information may include information that uniquely identifies the user, such as a passcode, biometric, phone number, account number, etc.).
Per claim 2, LeSaint discloses the system of claim 1, wherein the user-initiated request is received responsive to uniform the user selecting and/or engaging with a link and/or a quick-response (QR) code on the client computing platform (paragraph 0059, i.e. a user may be operating their tablet computer (in this case, the encryption device 108), and may navigate via a web-browser to their web-based email client).
Per claim 4, LeSaint discloses the system of claim 1, wherein the human-readable information includes textual information that indicates the user acquiesces to a transfer of a first item of user-provided personal information pertaining to the user to a first organization or to an organization affiliated with the first organization (paragraph 0208 and 0251, i.e. The encryption device 502 may transmit the commitment message to a hub or proxy device, and the hub or proxy device may distribute the commitment message to participating support devices 504 and the decryption system 904 may process the confidential information according to a first protocol. The first protocol may be an authentication protocol that authenticates the encryption system 902 or an encryption device in the encryption system 902. For example, the confidential information could constitute a password, and processing the confidential information could involve verifying that the password matches a stored password and the confidential information could be a payment account number along with transaction details. In this case, processing the confidential information could involve enacting a transaction using the payment account number.
Per claim 5, refer to the same rationale as explained in claim 4.
Per claim 6, LeSaint discloses the system of claim 1, wherein the message identifier is created by hashing all or part of the human-readable information (paragraph 0027, i.e. If the hashing function is “collision resistant,” meaning that it is difficult to find two messages that hash out to the same value, a hashing algorithm can be used to create a “commitment message,” a message that may be used to verify that an encrypted message has not been tampered with) .
Per claim 7, LeSaint discloses the system of claim 1, wherein the one or more instructions instruct the client computing platform to launch the messaging-based communication application (paragraph 0050, i.e. email data from email account).
Per claim 8, LeSaint discloses the system of claim 1, wherein the verification is based on hashing all or part of the text message as received. (paragraph 0028, i.e. Before a message is encrypted, a commitment message can be produced based on the message, e.g., via a hash function. This commitment message can be sent alongside the encrypted message. Once the message is decrypted, the recipient can generate its own commitment message in the same manner. The received commitment message and the generated commitment message can be compared to verify a match).
Per claim 9, LeSaint discloses the system of claim 1, wherein the one or more processors are further configured to: responsive to the verification verifying the text message as received includes the human-readable information and the message identifier (refer to claim 1, paragraphs 203 and 250), store information in electronic storage, wherein the stored information includes a first item of user-provided personal information pertaining to the user (paragraph 0251, i.e. the confidential information could constitute a password, and processing the confidential information could involve verifying that the password matches a stored password).
Per claim 10, LeSaint discloses the system of claim 9, wherein the stored information further includes the human-readable information (paragraph 0251, i.e. the confidential information could constitute a password, and processing the confidential information could involve verifying that the password matches a stored password. Alternatively, the confidential information could be a payment account number along with transaction details).
Per claim 11, refer to the same rationale as explained in claim 1.
Per claim 12, refer to the same rationale as explained in claim 2.
Per claim 14, refer to the same rationale as explained in claim 4.
Per claim 15, refer to the same rationale as explained in claim 5.
Per claim 16, refer to the same rationale as explained in claim 6.
Per claim 17, refer to the same rationale as explained in claim 7.
Per claim 18, refer to the same rationale as explained in claim 8.
Per claim 19, refer to the same rationale as explained in claim 9.
Per claim 20, refer to the same rationale as explained in claim 10.
Claim Rejections - 35 USC § 103
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.
Claim(s) 3 and 13 is/are rejected under 35 U.S.C. 103 as being unpatentable over LeSaint in view of Litiichever et al ( US20200389469) (hereinafter Litiichever).
Per claim 3, LeSaint discloses the system of claim 1, but fails to discloses wherein the resource corresponds to a uniform resource locator (URL).
In an analogous field of endeavor, Litiichever discloses wherein the resource corresponds to a uniform resource locator (URL) (paragraph 0371, i.e. the content is extracted and sent to a temporary storage server with an HTTP front-end. An SMS “control message” (ping) containing the URL of the content is then sent to the recipient's handset to trigger the receiver's WAP browser to open and receive the content from the embedded URL).
Therefore, it would have been obvious to one of ordinary skill in the art before the effective filing
date of the claimed invention to have incorporated the teachings of Litiichever into the invention LeSaint, where LeSaint provides methods and systems for consensus-based online authentication are provided. An encryption device may be authenticated based on an authentication cryptogram generated by the encryption device. The encryption device may transmit a request for security assessment to one or more support devices and Litiichever provides a protected network connected to an external network is protected by analyzing messages received from the external network or from devices connected to the network that may be substituted, compromised, or otherwise malware infected. An analyzer functionality for detecting the malware in the received messages is located separately from the physical connection to the external network in order to provide flexibility by managing the computer resources and provides the applications and programs with access to the computer resources and interfaces which may include URL’s , see Litiichever, paragraphs 0007 and 0371).
Per claim 13, refer to the same rationale as explained in claim 3.
Any inquiry concerning this communication or earlier communications from the examiner should be directed to JOSEPH E DEAN, JR whose telephone number is (571)270-7116. The examiner can normally be reached Mon-Fri 7:30-3:30.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Allison Slater can be reached at 571-270-0375. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. Visit https://www.uspto.gov/patents/apply/patent-center for more information about Patent Center and https://www.uspto.gov/patents/docx for information about filing in DOCX format. For additional questions, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.
/JOSEPH E DEAN, JR/ Primary Examiner, Art Unit 2647