Detailed Action
Claims 1-20 are pending in this application. This is a response to the Amendments/Remarks filed on 3/5/26. This is a Final Rejection.
Information Disclosure Statement
The information disclosure statement (IDS) submitted on 12/16/25, 3/5/26 has been considered.
Claim Rejections - 35 USC § 103
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.
Claims 1-13, 15-18, 20 rejected under 35 U.S.C. 103 as being unpatentable over US 2022/0392286 issued to Elrad et al.(Elrad) in view of US 2019/0394042 issued to Peddada in view of CN 114241631 issued to Wang et al.(cited in IDS 11/30/23).
As per claims 1, 15, 20, Elrad teaches a method/ a system comprising:one or more processors coupled to a memory comprising non-transitory computer instructions that, when executed by the one or more processors, cause the one or more processors to perform operations/a non-transitory computer readable medium comprising non-transitory computer- readable instructions that, when executed by one or more processors, configure the one or more processors to perform operations comprising comprising(Fig.1,9, para.127,130): establishing, between a first device and a second device, a communication session(Elrad, Abstract, [0003] The techniques provide for authentication of a reader device by a mobile device using a wireless protocol (e.g., Near Field Communications (NFC) or Bluetooth, Bluetooth Low Energy (BLE)); [0024]-[0026]); receiving, by the second device from the first device, a certificate associated with the first device(Elrad, Fig.4, [0080] … The reader device 112 can transmit the certificate to the mobile device 102 via wired or wireless communication; [0081] At 428 the mobile device 102 can receive a certificate from the reader device 112. The certificate can be transmitted from the reader device 112 using various protocols such as Bluetooth, BLE, or NFC. The certificate can be stored in a memory of the mobile device. The mobile device 102 has the static public key of the reader device 116 and can use the reader identifier to verify the certificate from the reader device.);
selecting, by the second device, a credential from one or more credentials stored on the second device, a credential structure of the credential([0091] At 604, the mobile device 102 can generate an encrypted credential by encrypting a first stored credential of the one or more access credentials using the session key as described above. The encrypted credential can include the reader identifier, the transaction identifier, and the ephemeral reader public key. The encrypted credential can be stored in a memory of the mobile device 102.)
transmitting a credential corresponding to the credential selection information from the second device to the first device(Elrad, Fig.4-5, [0082] Once the mobile device authenticates the reader device, the mobile device can send the credential to the reader device (e.g., when the reader device does not need to authenticate the mobile device) to obtain access. The authenticating of the reader device can protect against rogue or malicious terminal readers accessing the credentials from the mobile device.[0083]-[0087]).
Elrad however does not explicitly teach obtaining credential selection information from the certificate associated with the first device; based on the credential selection information included in the certificate received from the first device, and a sector identifier list identifying one or more sectors associated with the credential.
Elrad does teach that the reader sends a certificate that includes at least a static public key of the reader/reader ID, then the mobile device verifies the reader using the certificate, the static reader public key, values for the ephemeral reader public key, the reader identifier, and the transaction identifier which is stored on the mobile device ([0080] -[0084] which fairly teaches obtaining credential selection info. because the mobile device is using the static public key/reader ID, etc(credential selection info.) from the certificate of the reader to verify, in other words the static public key/reader ID has to be obtained from the certificate before verification can be done.
In further, Peddada explicitly teaches obtaining credential selection information and the credential selection information included in the certificate from the certificate associated with the first device([0034] ..In a first example, the application server 225 may determine the public key based on a received certificate (e.g., retrieving the public key from metadata associated with the certificate, extracting the public key from the certificate, etc.), and may verify that the determined public key corresponds to a public-private key pair with the private key 215 ….).
Therefore it would have been obvious to one ordinary skill in the art before the effective filing date of the claimed invention to modify the teachings of Elrad to apply the known method of extracting/obtaining public key from a certificate as taught by Peddada in order to provide the predictable result of extracting/obtaining the public key from a reader’s certificate for verification.
One ordinary skill in the art would have been motivated to combine the teachings in order to protect personal information from rogue or malicious readers(Elrad, [0002]).
Elrad in view of Peddada does not explicitly teach a sector identifier list identifying one or more sectors associated with the credential.
Wang, a sector identifier list identifying one or more sectors associated with the credential(teaches the use of an area identifier(ie sector identifier) of the door lock to identifier the area where the door lock is located, pg.5,7; note: the limitation recites that the sector id list identifies one or more sectors; therefore can be read as the sector id list identifies one sector; the area identifier is interpreted as the sector id list that identifies a sector)
Therefore it would have been obvious to one ordinary skill in the art before the effective filing date of the claimed invention to modify the teachings of Elrad in view of Peddada’s teaching of selecting credentials using extracted information from the reader’s certificate to use the teachings of Wang of the use of an area identifier(ie sector identifier) of the door lock in order to provide the predictable result of selecting credentials which includes an area identifier using extracted information from the reader’s certificate.
One ordinary skill in the art would have been motivated to combine the teachings in order to protect personal information from rogue or malicious readers(Elrad, [0002]) and provide security(Wang, pg.4, Background).
As per claims 2,16, the method/system of claim 1,15, Elrad in view of Peddada in view of Wang teaches wherein the first device comprises an access control reader, and wherein the second device comprises a user device(Elrad, Fig.1, [0080][0081]).
As per claims 3,17, Elrad in view of Peddada Peddada in view of Wang teaches the method/system of claim 1,15, further comprising: controlling, by the first device, access to a protected resource based on the credential received from the second device(Elrad, Fig.1, [0022][0034];shows door handle with reader to protect hotel room; [0051] If the readers are networked, all the reader devices can have the same reader ID and can be provided the same credential for matching against a credential received from the mobile device. For example, in some hotels the exterior doors are locked after hours for security. There may be more than one exterior door to the hotel. All the electronic locks to the exterior doors can share the same static reader public key. In this way, a hotel guest can use the same credential to access any one of the exterior locks without having to get individual credentials for each of the locks.). .
As per claims 4,18, Elrad in view of Peddada in view of Wang teaches the method/system of claim 1,15, further comprising: verifying, by the second device, an issuer signature over the certificate(Elrad, [0058] In the first part of the technique, the mobile device can receive a signature that can be used to authenticate the reader device 116 prior to transmitting encrypted credentials for obtaining access; [0078] At 422, the reader device 112 can transmit the signature message to the mobile device 102. The signature message can be transmitted from the reader device 112 using various protocols such as Bluetooth, BLE, or NFC. This message may be referred to as an AUTH1 command. In some embodiments, the reader device 112 authenticates itself to the device in this message by sending the signature).
As per claim 5, Elrad in view of Peddada in view of Wang teaches the method of claim 4, further comprising: conditioning, by the second device, transmission of the credential based on successfully verifying the issuer signature(Elrad, [0084] At 502, the mobile device 102 can verify the reader signature using optionally the certificate, the static reader public key, and values for the ephemeral reader public key, the reader identifier, and the transaction identifier. If no certificate is received from the reader device 116, the mobile device can verify the signature for the reader device with the information it has received (e.g., the reader identifier); [0086] At 506, the mobile device 102 can transmit the encrypted credential (which may be referred to as an AUTH1 response) to the reader device 112 for providing access to the mobile device 102. For example, the mobile device 102 may send the encrypted response message to the reader device 112. The encrypted response can be transmitted to the reader device 112 using various protocols such as Bluetooth, BLE, or NFC. In various embodiments, the encrypted credential comprises the ephemeral public key of the mobile device 102.).
As per claim 6, Elrad in view of Peddada in view of Wang teaches the method of claim 1, further comprising: associating the credential with a sector identifier corresponding to the first device(Elrad, [0085] At 504, the mobile device 102 can generate an encrypted credential by encrypting a first stored credential of the one or more access credentials using the session key as described above. The encrypted credential can include the reader identifier, the transaction identifier, and the ephemeral reader public key.;Wang, teaches the use of an area identifier(ie sector identifier) of the door lock to identifier the area where the door lock is located, pg.5,7.) Therefore it would have been obvious to one ordinary skill in the art before the effective filing date of the claimed invention to modify the teachings of Elrad in view of Peddada’s teaching of the credential including a reader identifier to include Wang’s teaching of an area identifier(ie sector identifier) in order to provide the predictable result of the credential includes the reader ID, area ID, transaction ID, and public key. One ordinary skill in the art would have been motivated to combine the teachings in order to protect personal information from rogue or malicious readers(Elrad, [0002]) and provide security(Wang, pg.4, Background).
As per claim 7, Elrad in view of Peddada in view of Wang teaches the method of claim 6, further comprising: binding the credential and a public key associated with the first device to the sector identifier of the first device(Elrad, [0085] At 504, the mobile device 102 can generate an encrypted credential by encrypting a first stored credential of the one or more access credentials using the session key as described above. The encrypted credential can include the reader identifier, the transaction identifier, and the ephemeral reader public key; Wang, the use of an area identifier(ie sector identifier) of the door lock to identifier the area where the door lock is located, pg.5,7; including the area id with the reader ID and public key in the credential is “binding”). Motivation to combine set forth in claim 6.
As per claim 8, Elrad in view of Peddada in view of Wang teaches the method of claim 6, wherein the credential includes a structure that binds credential payloads and one or more public keys of one or more devices to sector identifiers of the one or more devices(Elrad, [0085] At 504, the mobile device 102 can generate an encrypted credential by encrypting a first stored credential of the one or more access credentials using the session key as described above. The encrypted credential can include the reader identifier, the transaction identifier, and the ephemeral reader public key; Wang, the use of an area identifier(ie sector identifier) of the door lock to identifier the area where the door lock is located, pg.5,7; including the area ID with the credential that includes the reader ID, transaction ID(interpreted as credential payload), and public key is “binding”). Motivation to combine set forth in claim 6..
As per claim 9, Elrad in view of Peddada in view of Wang teaches the method of claim 1, further comprising: obtaining a reader identifier from the certificate associated with the first device(Elrad, [0081] At 428 the mobile device 102 can receive a certificate from the reader device 112. The certificate can be transmitted from the reader device 112 using various protocols such as Bluetooth, BLE, or NFC. The certificate can be stored in a memory of the mobile device. The mobile device 102 has the static public key of the reader device 116 and can use the reader identifier to verify the certificate from the reader device.); verifying the certificate using an issuer public key associated with the first device(Elrad, [0081] At 428 the mobile device 102 can receive a certificate from the reader device 112. The certificate can be transmitted from the reader device 112 using various protocols such as Bluetooth, BLE, or NFC. The certificate can be stored in a memory of the mobile device. The mobile device 102 has the static public key of the reader device 116 and can use the reader identifier to verify the certificate from the reader device.); and determining, by the second device, whether the issuer public key associated with the first device corresponds to the reader identifier obtained from the certificate(Elrad, [0081] At 428 the mobile device 102 can receive a certificate from the reader device 112. The certificate can be transmitted from the reader device 112 using various protocols such as Bluetooth, BLE, or NFC. The certificate can be stored in a memory of the mobile device. The mobile device 102 has the static public key of the reader device 116 and can use the reader identifier to verify the certificate from the reader device.; by verifying the certificate with the use of the public key and reader ID, the public key corresponds to the reader ID); however does not explicitly teach the use of a sector identifier, which is taught by Wang, the use of an area identifier(ie sector identifier) of the door lock to identifier the area where the door lock is located, pg.5,7. Therefore it would have been obvious to one ordinary skill in the art before the effective filing date of the claimed invention to modify the teachings of Elrad in view of Peddada’s teaching of the certificate including a reader identifier and verification to include Wang’s teaching of an area identifier(ie sector identifier) in order to provide the predictable result of using the certificate that includes the reader ID, area ID, transaction ID, and public key for verification. One ordinary skill in the art would have been motivated to combine the teachings in order to protect personal information from rogue or malicious readers(Elrad, [0002]) and provide security(Wang, pg.4, Background).
As per claim 10, Elrad in view of Peddada in view of Wang teaches the method of claim 9, further comprising: conditioning, by the second device, transmission of the credential based on successfully determining that an issuer signature associated with the first device corresponds to the sector identifier obtained from the certificate(Elrad, [0058] In the first part of the technique, the mobile device can receive a signature that can be used to authenticate the reader device 116 prior to transmitting encrypted credentials for obtaining access; [0081] At 428 the mobile device 102 can receive a certificate from the reader device 112. The certificate can be transmitted from the reader device 112 using various protocols such as Bluetooth, BLE, or NFC. The certificate can be stored in a memory of the mobile device. The mobile device 102 has the static public key of the reader device 116 and can use the reader identifier to verify the certificate from the reader device.; Wang, teaches the use of an area identifier(ie sector identifier) of the door lock to identifier the area where the door lock is located, pg.5,7). Motivation to combine set forth in claim 9.
As per claim 11, Elrad in view of Peddada in view of Wang teaches the method of claim 9, further comprising: determining, by first device, whether the credential received from the second device corresponds to the transaction identifier of the first device [0092] At 606, the mobile device 102 can transmit the encrypted credential (which may be referred to as an AUTH1 response) to the reader device 112 for providing access to the mobile device 102. For example, the mobile device 102 may send the encrypted response message to the reader device 112. The encrypted response can be transmitted to the reader device 112 using various protocols such as Bluetooth, BLE, or NFC. In various embodiments, the encrypted credential comprises the ephemeral public key of the mobile device 102. [0097] At 610, the reader device 112 can authenticate the mobile device 102 using the encrypted response message including the reader identifier, the transaction identifier, and the ephemeral reader public key. In various embodiments, the reader device 112 can authenticate the mobile device 102 by validating the transaction identifier. In various embodiments, the reader device 112 can connect with a network (e.g., the Internet) and a server to validate the signature from the mobile device 102….; Wang, the use of an area identifier(ie sector identifier) of the door lock to identifier the area where the door lock is located, pg.5,7. Validating is interpreted as a determination of corresponding ). Therefore it would have been obvious to one ordinary skill in the art before the effective filing date of the claimed invention to modify the teachings of Elrad in view of Peddada’s teaching of the reader device validating the transaction identifier in the credential sent by the mobile device to substitute Wangs teachings of the use of the area identifier(ie sector ID) for the transaction ID in order to provide the predictable result of the validating the sector ID in the credential sent by the mobile device. One ordinary skill in the art would have been motivated to combine the teachings in order to protect personal information from rogue or malicious readers(Elrad, [0002]) and provide security(Wang, pg.4, Background).
As per claim 12, Elrad in view of Peddada in view of Wang teaches the method of claim 11, further comprising:selectively granting access to a protected resource by the first device in response to determining that the credential received from the second device corresponds to the sector identifier of the first device(Elrad, [0103] For example, a hotel guest can use an App for the facility (e.g., the hotel) to check in the hotel and requesting an electronic key. Using the secure element of the mobile device 102 a transient key pair (transient private key and transient public key) can be generated. The transient private key can be maintained confidential in the secure element of the mobile device 102. The public key can be sent to the facility (e.g., the hotel).. [0104] At 616, the reader device can send a signal to an electronic lock allowing access.; granting access to a hotel room.). Motivation to combine set forth in claim 11.
As per claim 13, Elrad in view of Peddada in view of Wang teaches the method of claim 12, further comprising:verifying a credential issuer signature over the credential received from the second device, wherein access is selectively granted in response to successfully verifying the credential issuer signature(Elrad, [0103] …The facility manager can create a document that contains the public key of the mobile device 102 and access rights (e.g., access rights to a specific room). The facility manager will sign the document with a root private key; the corresponding root public key can be provisioned to all the reader devices 112 of the facility. The facility manager can send the signed document to the mobile device 102. The mobile device 102 can then access a reader device 112 in the facility and submit the documents. The reader device 112 can verify the documents (which may be encrypted using a session key) using the root public key, which is provisioned by the access manager/hotel. The reader device 112 can extract from these documents the public key that allows the reader device 112 to verify the signature, calculated using a private key stored in the secure element of the specific mobile device 102.; [0104] At 616, the reader device can send a signal to an electronic lock allowing access.) Motivation to combine set forth in claim 11.
Allowable Subject Matter
Claims 14, 19 objected to as being dependent upon a rejected base claim, but would be allowable if rewritten in independent form including all of the limitations of the base claim and any intervening claims.
Response to Arguments
The double patent rejection is withdrawn.
Applicant's arguments filed 3/5/26 have been fully considered but they are not persuasive. The applicant argues in substance that Wang does not teach “selecting, by the second device based on the credential selection information included in the certificate received from the first device, a credential from one or more credentials stored on the second device, a credential structure of the credential comprising a sector identifier list identifying one or more sectors associated with the credential” because Wang’s area identifier is not contained within a certificate, is not used by a second device to select a credential, and is not part of credential structure containing a sector identifier list.
In reply; The applicant's arguments against the references individually, one cannot show nonobviousness by attacking references individually where the rejections are based on combinations of references. See In re Keller, 642 F.2d 413, 208 USPQ 871 (CCPA 1981); In re Merck & Co., 800 F.2d 1091, 231 USPQ 375 (Fed. Cir. 1986).
Elrad teaches [0091] At 604, the mobile device 102 can generate an encrypted credential by encrypting a first stored credential of the one or more access credentials using the session key as described above. The encrypted credential can include the reader identifier, the transaction identifier, and the ephemeral reader public key. The encrypted credential can be stored in a memory of the mobile device 102., which teaches selecting, by the second device, a credential from one or more credentials stored on the second device, a credential structure of the credential.
Peddada explicitly([0034] ..In a first example, the application server 225 may determine the public key based on a received certificate (e.g., retrieving the public key from metadata associated with the certificate, extracting the public key from the certificate, etc.), and may verify that the determined public key corresponds to a public-private key pair with the private key 215 ….) which teaches obtaining credential selection information and the credential selection information included in the certificate from the certificate associated with the first device. Therefore the combination of Elrad in view of Peddada teaches selecting, by the second device based on the credential selection information included in the certificate received from the first device, a credential from one or more credentials stored on the second device, a credential structure of the credential.
Elrad in view of Peddada does not explicitly teach a sector identifier list identifying one or more sectors associated with the credential.
Wang, a sector identifier list identifying one or more sectors associated with the credential(teaches the use of an area identifier(ie sector identifier) of the door lock to identifier the area where the door lock is located, pg.5,7; note: the limitation recites that the sector id list identifies one or more sectors; therefore can be read as the sector id list identifies one sector; the area identifier is interpreted as the sector id list that identifies a sector)
Therefore it would have been obvious to one ordinary skill in the art before the effective filing date of the claimed invention to modify the teachings of Elrad in view of Peddada’s teaching of selecting credentials using extracted information from the reader’s certificate to use the teachings of Wang of the use of an area identifier(ie sector identifier) of the door lock in order to provide the predictable result of selecting credentials which includes an area identifier using extracted information from the reader’s certificate.
One ordinary skill in the art would have been motivated to combine the teachings in order to protect personal information from rogue or malicious readers(Elrad, [0002]) and provide security(Wang, pg.4, Background).
Therefore the combination of Elrad in view of Peddada in view of Wang teaches selecting, by the second device based on the credential selection information included in the certificate received from the first device, a credential from one or more credentials stored on the second device, a credential structure of the credential comprising a sector identifier list identifying one or more sectors associated with the credential
Conclusion
The prior art made of record and not relied upon is considered pertinent to applicant's disclosure. See PTO-892.
US 9,332,002 issued to Bowen teaches controlling physical access through a digital certificate validation process that works with standard certificate formats and that enables a certifying authority (CA) to prove the validity status of each certificate C at any time interval (e.g., every day, hour, or minute) starting with C's issue date, D.sub.1. C's time granularity may be specified within the certificate itself, unless it is the same for all certificates. For example, all certificates may have a one-day granularity with each certificate expires 365 days after issuance. Given certain initial inputs provided by the CA, a one-way hash function is utilized to compute values of a specified byte size that are included on the digital certificate and to compute other values that are kept secret and used in the validation process.
US 9,391,782 issued to Mironenko teaches a client device obtains data associated with a credential. The client device then obtains a first version of a representation for the credential and a second version of the representation for the credential, the first version being configured for validation by a validation entity via concurrent network communication, and the second version being configured for validation by a validation entity without concurrent network communication, wherein the second version of the credential comprises a digital signature derived from a private key of a credential grantor and a portion of the data associated with the credential. The client device receives a request to output a representation for the credential. Then the client device outputs the second version of the representation for the credential in a manner that enables a validation entity to validate the credential by accessing a public key of the credential grantor to authenticate the digital signature.
US 9,230,375 issued to Micali et al., teaches a client device obtains data associated with a credential. The client device then obtains a first version of a representation for the credential and a second version of the representation for the credential, the first version being configured for validation by a validation entity via concurrent network communication, and the second version being configured for validation by a validation entity without concurrent network communication, wherein the second version of the credential comprises a digital signature derived from a private key of a credential grantor and a portion of the data associated with the credential. The client device receives a request to output a representation for the credential. Then the client device outputs the second version of the representation for the credential in a manner that enables a validation entity to validate the credential by accessing a public key of the credential grantor to authenticate the digital signature.
THIS ACTION IS MADE FINAL. Applicant is reminded of the extension of time policy as set forth in 37 CFR 1.136(a).
A shortened statutory period for reply to this final action is set to expire THREE MONTHS from the mailing date of this action. In the event a first reply is filed within TWO MONTHS of the mailing date of this final action and the advisory action is not mailed until after the end of the THREE-MONTH shortened statutory period, then the shortened statutory period will expire on the date the advisory action is mailed, and any nonprovisional extension fee (37 CFR 1.17(a)) pursuant to 37 CFR 1.136(a) will be calculated from the mailing date of the advisory action. In no event, however, will the statutory period for reply expire later than SIX MONTHS from the mailing date of this final action.
Any inquiry concerning this communication or earlier communications from the examiner should be directed to BACKHEAN TIV whose telephone number is (571)272-5654. The examiner can normally be reached on Mon.-Thurs. 5:30-3:30.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, TONIA DOLLINGER can be reached on (571) 272-4170. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. Visit https://www.uspto.gov/patents/apply/patent-center for more information about Patent Center and https://www.uspto.gov/patents/docx for information about filing in DOCX format. For additional questions, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.
/BACKHEAN TIV/
Primary Examiner, Art Unit 2459