Notice of Pre-AIA or AIA Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .
DETAILED ACTION
This action is responsive to claims filed on April 28, 2024. Claims 1-22 are pending and presented for examination.
Authorization for Internet Communication
To expedite prosecution, filing a written authorization for internet communication is recommended. Doing so permits the USPTO to communicate using email to schedule interviews and/or discuss other aspects of the application. Without a written authorization in place, the USPTO cannot respond to email communications. The preferred method of providing authorization is by filing form PTO/SB/439, available at: https://www.uspto.gov/patent/forms/forms. See MPEP § 502.03.
Claim Objections
Claims 2-13 and 15-21 objected to because of the following informalities: It is recommended to amend the preamble of said claims “A method according to claim…” to read “The method according to claim…”. Appropriate corrections are required where applicable.
Claim Rejections - 35 USC § 112
The following is a quotation of 35 U.S.C. 112(b):
(b) CONCLUSION.—The specification shall conclude with one or more claims particularly pointing out and distinctly claiming the subject matter which the inventor or a joint inventor regards as the invention.
The following is a quotation of 35 U.S.C. 112 (pre-AIA ), second paragraph:
The specification shall conclude with one or more claims particularly pointing out and distinctly claiming the subject matter which the applicant regards as his invention.
Claims 1-22 are rejected under 35 U.S.C. 112(b) or 35 U.S.C. 112 (pre-AIA ), second paragraph, as being indefinite for failing to particularly point out and distinctly claim the subject matter which the inventor or a joint inventor (or for applications subject to pre-AIA 35 U.S.C. 112, the applicant), regards as the invention.
Claim 1 recites the limitation “verifying the cryptographically secured secret by at least one of a trusted system and the first radio to determine one of a verified trusted response from an authorised origin and a verified untrusted response” on lines 7-9 which renders the claim indefinite because it is unclear what said limitation pertains to. Appropriate corrections/clarifications are required.
Independent claims 14 and 22 recite similar limitation, thus said claims are rejected under the same rationale as claim 1.
Dependent claims 2-13 and 15-21 are rejected under the same rationale as their base claims due to their dependency.
Claim Rejections - 35 USC § 102
In the event the determination of the status of the application as subject to AIA 35 U.S.C. 102 and 103 (or as subject to pre-AIA 35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status.
The following is a quotation of the appropriate paragraphs of pre-AIA 35 U.S.C. 102 that form the basis for the rejections under this section made in this Office action:
A person shall be entitled to a patent unless –
(a)(1) the claimed invention was patented, described in a printed publication, or in public use, on sale, or otherwise available to the public before the effective filing date of the claimed invention.
Claims 1-22 are rejected under 35 U.S.C. 102(a)(1) as being anticipated by Melo et al “Melo”, US-PGPub. No. 20200274721.
As per claims 1, 14 and 22, Melo teaches methods comprising:
providing a cryptographically secured secret to a first user (Paragraph(s) [0038]; when signing up for a service for the first time, a client creates and presents to the service a self-signed public key certificate, which is created from a private key that is kept secret. The service verifies all information it needs from the connection to establish the identity of the specific individual, then creates a new-user database record that contains the public-key certificate along with that individual's identifying information);
providing a first radio associated with the first user and having stored therein data for use in verifying an origin of a response received to a challenge (Paragraph(s) [0076]; user credentials are the presentation of a cryptographically-signed payload, who's signing origins can be traced to possession of the user's Personal Root Certificate private key via a chain-of-trust validation mechanism. In addition, Melo discloses the private key can be stored internally in a consumer device's hardware security module (HSM) or in a special, separate key-storage device (Paragraph(s) [0011], [0018]). In further details. Melo discloses, in a subsequent Log-in Example. Step 1) a client presents the same certificate and the service validates the certificate chain-of-trust and performs a challenge/response to ensure certificate ownership (with TLS, this is done automatically). Step 2) the service compares the presented certificate with certificates in the service's database. If both steps are successful, the certificate belongs to and is a credential identifying the existing user and specific individual in the database (Paragraph(s) [0039]));
transmitting to the first radio a response to the challenge with data derived from information for responding to the challenge and the cryptographically secured secret (Paragraph(s) [0016]; the self-signed certificate is transmitted to a verifying party computer over a network. In further details, Melo discloses using cryptographic credential service to separately and independently determining the connecting individual's actual identity, and creating a database record for that individual containing the certificate. Then, when a self-signed certificate is subsequently presented in a connection and is affirmatively compared against the certificate database entry of the individual, it securely identifies the specific user (Paragraph(s) [0035-0036];);
verifying the cryptographically secured secret by at least one of a trusted system and the first radio to determine one of a verified trusted response from an authorised origin and a verified untrusted response (Paragraph(s) [0064-0067], [0076], [0081-0082], [0155-0156]; since the verifying party uses the user's Personal Root Certificate to authenticate the user, the user can easily migrate and recover lost credentials by signing new certificates on their Personal Certificate Chain, without direct involvement of the verifying party);
in response, to a verified trusted response, resetting access credentials to the first radio (Paragraph(s) [0074], [0082]; recovering lost credentials); and
in response to an untrusted response other than resetting access credentials to the first radio (Paragraph(s) [0075], [0122]).
As per claims 2 and 15, Melo teaches wherein, the verified trusted response includes new access credentials (Paragraph(s) [0055]).
As per claims 3 and 16, Melo teaches wherein, resetting access credentials comprises resetting access credentials to a default value (Fig. 4, Paragraph(s) [0020], [0045], [0170]).
As per claims 4 and 17, Melo teaches wherein, resetting access credentials comprises resetting access credentials through a further secure data exchange (Paragraph(s) [0055], [0057], [0062]).
As per claim 5, Melo teaches providing from the first radio the challenge (Paragraph(s) [0035]).
As per claims 6 and 18, Melo teaches wherein providing from the first radio the challenge comprises broadcasting from the first radio a challenge packet at intervals, the challenge packet comprising challenge data (Paragraph(s) [0036], [0156], [0190]).
As per claims 7 and 19, Melo teaches wherein the challenge data is verifiably provided by the first radio (Paragraph(s) [0018], [0073], [0199]).
As per claims 8 and 20, Melo teaches wherein the challenge data is cryptographically verifiable as being provided by the first radio (Paragraph(s) [0011], [0196]).
As per claims 9 and 21, Melo teaches wherein the challenge data comprises a radio identifier for identifying the first radio (Paragraph(s) [0011]).
As per claims 10, Melo teaches wherein verifying the cryptographically secured secret by at least one of a trusted system and the first radio to determine one of a verified trusted response from an authorised origin and a verified untrusted response comprises verifying the first user in reliance upon a trusted authority (Paragraph(s) [0036], [0038]).
As per claims 11, Melo teaches wherein verifying the cryptographically secured secret by at least one of a trusted system and the first radio to determine one of a verified trusted response from an authorised origin and a verified untrusted response comprises receiving a certificate of a response from the first user, the certificate provided by the trusted authority (Paragraph(s) [0038-0039]).
As per claims 12, Melo teaches wherein verifying the cryptographically secured secret by at least one of a trusted system and the first radio to determine one of a verified trusted response from an authorised origin and a verified untrusted response comprises receiving a certificate of a trusted authority, the trusted authority having verified a response by the first user (Paragraph(s) [0039]).
As per claims 13, Melo teaches wherein verifying the cryptographically secured secret by at least one of a trusted system and the first radio to determine one of a verified trusted response from an authorised origin and a verified untrusted response comprises verifying a cryptographic signature of the first user by the first radio (Paragraph(s) [0081], [0085-0086]).
Conclusion
The prior art made of record and not relied upon is considered pertinent to applicant's disclosure. Please refer to form PTO-892 (Notice of Reference Cited) for a list of relevant prior art.
Any inquiry concerning this communication or earlier communications from the examiner should be directed to MOHAMED A WASEL whose telephone number is (571) 272-2669. The examiner can normally be reached Mon-Fri (8:00 am – 4:30 pm).
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Glenton Burgess can be reached on (571)272-3949. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system. Status information for published applications may be obtained from either Private PAIR or Public PAIR. Status information for unpublished applications is available through Private PAIR only. For more information about the PAIR system, see http://pair-direct.uspto.gov. Should you have questions on access to the Private PAIR system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free)? If you would like assistance from a USPTO Customer Service Representative or access to the automated information system, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.
/MOHAMED A. WASEL/Primary Examiner, Art Unit 2454