DETAILED ACTION
Notice of Pre-AIA or AIA Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .
Claim Status
Claims 8-20 are cancelled. Claims 1-7 and 21-33 are currently pending.
Response to Arguments
Applicant’s arguments with respect to claim(s) rejected in the official action dated 12-10-2025 have been considered but are moot because the new ground of rejection does not rely on the same combination of references applied in the prior rejection of record.
Claim Rejections - 35 USC § 103
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.
Claim(s) 1-4, 6, 7, 21-24, 26-31 and 33 is/are rejected under 35 U.S.C. 103 as being unpatentable over KERNING (US 2017/0148241) in view of EDWARDS (US Patent 10,412,080).
Regarding claims 1, 21 and 28,
KERNING teaches a method performed at a server, the method comprising:
receiving, during a time period, an authentication attempt for a user from a mobile device([0190] teaches that the user, via the user's mobile device, shall select a desired door to unlock. The selection of said door to unlock is interpreted as corresponding to "during a time period". After selecting the door to be unlocked and entered, and toggling the “Activate Reader” button, one or more required authentication methods may be presented to the user, shown in FIGS. 28, 29, and 30, which may include, but is not limited to, use of a Fingerprint Scan, use of an Iris Scan, and/or entry of the appropriate Pin Number);
authenticating, during the time period, the user for access to a physical space based on the authentication attempt ([0190] teaches that the user will input via Fingerprint scanner, Iris scan, and/or to enter his/her Pin number into the displayed keypad on the mobile device. Additionally, the app may confirm that the particular user's mobile device is located within a threshold distance away from the card reader of the door for which entry is requested so that authentication may take place);
receiving, after the time period, identification information corresponding to the user from an access control device([0190] teaches that after confirming the user's identity and authorization to pass through the requested door, the system may send a command, to the access control system (ACS) to enable the door's card reader at which time the user shall swipe his/her card through the access control reader, said swipe of the card corresponding to "after the time period"); and
sending authorization to the access control device to permit the user to access the physical space based on the authenticating of the user during the time period ([0190] teaches "Whether or not the user successfully swipes his/her card to unlock the door, the reader will automatically return back to its disabled state after the programmed time has elapsed." thus teaching that a successful card swipe of an authenticated user shall result in a grant of access to "a physical space" via the unlocked door.) As to the additional limitations recited in claim 28, [0268] further teaches processing circuitry and a memory as recited ([0268] teaches Computing unit 201 may also include a volatile storage 225, such as a random access memory (RAM) or other dynamic storage device, coupled to bus 224 for storing various information as well as instructions to be executed by processor 222).
KERNING fails to expressly teach that in response to authenticating the user, sending an access token to the mobile device; and receiving, after the time period, identification information including the access token.
EDWARDS teaches that after authenticating a user of a user device, a server device creates a session token and sends the session token to the user device to enable the user device to access one or more server resources (see Abstract; col. 10:33-52 teaches in FIG. 1E and reference number 136, the server device may create a session token, such as a cookie, a hypertext transfer protocol (HTTP) parameter, a session identifier, or anything else that may be used to identify the session (col. 10:30-36). The server device may create the session token based on authenticating the user device, the monitoring device, and/or the user of the user device. The server device creates the session token to enable the user device to access one or more resources of the server device and/or a different server device (col. 10:40-45). As shown by reference number 138, the server device may send the session token to the user device. ) More specifically, EDWARDS teaches “creating, after authenticating the user of the user device … a session token” and “sending the session token to the user device” (col. 10:33-52).
Before the effective filing date of the invention, it would have been obvious to modify the system of KERNING to further include EDWARDS’ session/access token techniques in order to identify and maintain an authenticated communication session between the mobile/access control device and the server, facilitate subsequent communications between the devices and the server, and permit secure access to protected server resources, as taught by EDWARDS’ disclosure that the session token may be used as a session identifier to identify the authenticated session and enable access to server resources (col. 10:33-45).
Furthermore, because EDWARDS expressly teaches that the session token functions as a session identifier used during subsequent communications with the server, one of ordinary skill in the art would have understood that subsequent identification information transmitted from the access control device to the server would include the session/access token in order for the server to identify and maintain the authenticated session associated with the authorized user and access request.
Regarding claims 2, 22 and 29,
Kerning teaches that the authentication attempt includes a request to access at least one digital resource, and wherein authenticating the user includes granting the user access to the at least one digital resource([0190] teaches "After confirming the user's identity and authorization to pass through the requested door, the system may send a command, to the access control system (ACS) to enable the door's card reader." the "card reader" is interpreted as corresponding to the "at least one digital resource" because the act of swiping the card through a reader, initiates an electronic process that results in digital data).
Regarding claims 3, 23 and 30,
Kerning teaches that the authorization is sent to the access control device only when the identification information is received during a second time period based on the time period ([0190] teaches that the user will have a pre-set amount of time, which is configurable (e.g., 5 second, 10 seconds, etc.), within which to swipe his/her card through the access control reader, said “5 second, 10 seconds, etc.” corresponding to “a second time period”).
Regarding claims 4, 24 and 31,
Kerning teaches that the second time period is separated from the time period by a third time period, and wherein the authorization is not sent to the access control device during the third time period (the flowchart of fig. 25 illustrates that the second time period (see “5 sec”) occurs subsequent to the inputting of authentication data (see “Fingerprint”, “Iris”, “Pin”) such that authentication and validating of authentication-data occurs prior to and not overlapping with the “5 sec” identification time period).
Regarding claims 6, 26 and 33,
Kerning teaches sending the authorization to the access control device (see “Reader Activated” in fig. 25) includes sending the authorization without reauthenticating the user after the time period (At least Fig. 25 teaches that a second authentication is not required at the time of performing a card swipe by the user).
Regarding claims 7 and 27,
Kerning teaches that sending the authorization to the access control device includes sending the authorization in response to determining that the user is authorized to access the physical space (Fig. 25 illustrates user authentication to use the reader device only occurs after successful validation (see “Validate”) of the authentication data).
Claim(s) 5, 25 and 32 is/are rejected under 35 U.S.C. 103 as being unpatentable over KERNING (US 2017/0148241) in view of EDWARDS (US Patent 10,412,080) and further in view of SCHOENFELDER (US 2017/0124792).
Regarding claims 5, 25 and 32,
Kerning, modified, teaches the method of claim 1, but fails to expressly teach that the identification information includes at least one of an image captured by a camera, a communication via a proximity communication protocol, or biometric information.
SCHOENFELDER teaches that the identification information includes at least one of an image captured by a camera, a communication via a proximity communication protocol, or biometric information ([0043] teaches that a smart reader can include secure wireless communication components that can be used in conjunction with user authentication mechanisms, e.g., mechanisms involving access cards; [0014], [0024] teach, "According to embodiments, the smart access control reader can include at least one of a camera..."; [0085] teaches the smart reader can capture images and videos as necessary in association with access events taking place at the device.)
Before the effective filing date of the invention, it would have been obvious to further modify the Kerning system per the teachings of Schoenfelder, including a camera into the access control device which received identification information, since Schoenfelder teaches that each time a user enters a credential, that activity can be captured by the onboard recording equipment to create a secure activity log.
Conclusion
Applicant's amendment necessitated the new ground(s) of rejection presented in this Office action. Accordingly, THIS ACTION IS MADE FINAL. See MPEP § 706.07(a). Applicant is reminded of the extension of time policy as set forth in 37 CFR 1.136(a).
A shortened statutory period for reply to this final action is set to expire THREE MONTHS from the mailing date of this action. In the event a first reply is filed within TWO MONTHS of the mailing date of this final action and the advisory action is not mailed until after the end of the THREE-MONTH shortened statutory period, then the shortened statutory period will expire on the date the advisory action is mailed, and any nonprovisional extension fee (37 CFR 1.17(a)) pursuant to 37 CFR 1.136(a) will be calculated from the mailing date of the advisory action. In no event, however, will the statutory period for reply expire later than SIX MONTHS from the mailing date of this final action.
Any inquiry concerning this communication or earlier communications from the examiner should be directed to DIONNE PENDLETON whose telephone number is (571)272-7497. The examiner can normally be reached M-F 9a-5pm.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Davetta Goins can be reached at 571-272-2957. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. Visit https://www.uspto.gov/patents/apply/patent-center for more information about Patent Center and https://www.uspto.gov/patents/docx for information about filing in DOCX format. For additional questions, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.
/DIONNE PENDLETON/Primary Examiner, Art Unit 2689