SYSTEMS AND METHODS FOR CRYPTOGRAPHIC AUTHENTICATION OF CONTACTLESS CARDS

§102 §DP

DETAILED ACTION This communication is responsive to the application # 18/760,766 filed on July 01, 2024. By preliminary amendment Claims 21-40 are pending and are directed toward YSTEMS AND METHODS FOR CRYPTOGRAPHIC AUTHENTICATION OF CONTACTLESS CARDS. Notice of Pre-AIA or AIA Status The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA . In the event the determination of the status of the application as subject to AIA 35 U.S.C. 102 and 103 (or as subject to pre-AIA 35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status. Priority Applicant’s claim for the benefit of a prior-filed application under 35 U.S.C. 119(e) or under 35 U.S.C. 120, 121, 365(c), or 386(c) is acknowledged. Applicant has not complied with one or more conditions for receiving the benefit of an earlier filing date under 35 U.S.C. 119(e) as follows: The later-filed application must be an application for a patent for an invention which is also disclosed in the prior application (the parent or original nonprovisional application or provisional application). The disclosure of the invention in the parent application and in the later-filed application must be sufficient to comply with the requirements of 35 U.S.C. 112(a) or the first paragraph of pre-AIA 35 U.S.C. 112, except for the best mode requirement. See Transco Products, Inc. v. Performance Contracting, Inc., 38 F.3d 551, 32 USPQ2d 1077 (Fed. Cir. 1994). The disclosure of the prior-filed application, Application No. 16/205,119, fails to provide adequate support or enablement in the manner provided by 35 U.S.C. 112(a) or pre-AIA 35 U.S.C. 112, first paragraph for one or more claims of this application. Specifically, there is no support for a term “FIDO”. Therefore Examiner considers the claimed priority no earlier then 11/29/2018, which is the filing date of 16/590,429 (now US Patent No 10,685,350). Claim Rejections - 35 USC § 102 The following is a quotation of the appropriate paragraphs of 35 U.S.C. 102 that form the basis for the rejections under this section made in this Office action: A person shall be entitled to a patent unless – (a)(1) the claimed invention was patented, described in a printed publication, or in public use, on sale or otherwise available to the public before the effective filing date of the claimed invention. Claims 21-25, 35-38, and 40 are rejected under 35 U.S.C. 102(a)(1) as being unpatentable over SMART CARD ALLIANCE (Smart Card Technology and the FIDO Protocols, April 2016, 19 pages), hereinafter referred to as ACA. As per claim 21, ACA teaches a contactless card, comprising: a memory containing at least one Fast Identity Online (FIDO) key and a cryptogram storing the at least one FIDO key; a communication interface; and a processor in communication with the memory and communication interface (The smart card chip or embedded secure element contains a secure microprocessor, working RAM, nonvolatile memory, and (typically) a crypto-coprocessor. The memory and processors are protected physically, using a variety of software and hardware security technologies. The processor includes either a single external input/output (I/O) interface or, in the case of a dual-interface contact-contactless chip, two separate interfaces, that are controlled by the processor. Vendors creating FIDO authenticators can either include a second processor to manage I/O and control user input and output on the device or provide a single-chip solution that combines both functionalities. When the FIDO authenticator is implemented within an embedded secure element (eSE), it takes advantage of the smart card security features as well providing a secure environment to host other security-critical applications like payment or transport. ACA, page 12), the processor configured to: receive, via the communication interface, a transaction verification request (The online service challenges the user to log in with a previously registered FIDO device that matches the service’s acceptance policy. ACA, page 10), create a transaction verification response, the transaction verification response including the cryptogram (The device uses the user’s account identifier provided by the online service (Step 4 in the registration process) to select the correct key and signs the challenge received from the service. ACA, page 10), and transmit, via the communication interface, the transaction verification response ( The client device sends the signed challenge back to the service, which verifies it with the stored public key and logs the user in. ACA, page 10). As per claim 22, ACA teaches the contactless card of claim 21, wherein: the processor receives the transaction verification request from a client device after entry into a communication field generated by the client device, and the processor transmits the transaction verification response to the client device after entry into a communication field generated by the client device (The U2F protocol allows online services to augment the security of their existing password infrastructure by requiring a physical token, called an authenticator. The authenticator provides a strong second user authentication factor to augment user login. In a U2F deployment, the user logs in to an online service as usual, with an established credential. When prompted, the user presents a U2F token and “unlocks” it. At the moment three interface types are specified in FIDO U2F. Universal Serial Bus (USB) was the first, followed by Near Field Communication (NFC) and Bluetooth (Classic and Smart aka Low Energy (BLE)). Unlocking is a test of user physical presence and requires a token-specific gesture, such as pushing a button on a USB device, tapping a U2F device to an NFC-enabled device such as a mobile phone or tablet, or pressing a button on a BLE-enabled token or fob. The user can use the same FIDO U2F device4 on all online services that support the protocol. ACA, page 11). As per claim 23, ACA teaches the contactless card of claim 21, wherein: the at least one FIDO key is a FIDO private key, and the transaction verification response permits use of the FIDO private key (When a user registers the FIDO authenticator with a new web site (see section 3.3.1), the authenticator generates a unique key pair for that specific web site. The public key is stored on the web site; the private key, or data sufficient to derive the private key, is stored on the FIDO authenticator. Each key pair is unique and specific to the URL of that particular web site. ACA, page 7). As per claim 24, ACA teaches the contactless card of claim 21, wherein the at least one FIDO key is a FIDO public key (When a user registers the FIDO authenticator with a new web site (see section 3.3.1), the authenticator generates a unique key pair for that specific web site. The public key is stored on the web site; the private key, or data sufficient to derive the private key, is stored on the FIDO authenticator. Each key pair is unique and specific to the URL of that particular web site. ACA, page 7). As per claim 25, ACA teaches the contactless card of claim 24, wherein the FIDO public key is associated with the contactless card (The user’s device creates a new public-private key pair that is unique for the local device, the online service, and the user’s account. . ACA, page 9). Claims 35-38 and 40 have limitations similar to those treated in the above rejection, and are met by the references as discussed above, and are rejected for the same reasons of anticipation as used above. Double Patenting The nonstatutory double patenting rejection is based on a judicially created doctrine grounded in public policy (a policy reflected in the statute) so as to prevent the unjustified or improper timewise extension of the “right to exclude” granted by a patent and to prevent possible harassment by multiple assignees. A nonstatutory obviousness-type double patenting rejection is appropriate where the conflicting claims are not identical, but at least one examined application claim is not patentably distinct from the reference claim(s) because the examined application claim is either anticipated by, or would have been obvious over, the reference claim(s). See, e.g., In re Berg, 140 F.3d 1428, 46 USPQ2d 1226 (Fed. Cir. 1998); In re Goodman, 11 F.3d 1046, 29 USPQ2d 2010 (Fed. Cir. 1993); In re Longi, 759 F.2d 887, 225 USPQ 645 (Fed. Cir. 1985); In re Van Ornum, 686 F.2d 937, 214 USPQ 761 (CCPA 1982); In re Vogel, 422 F.2d 438, 164 USPQ 619 (CCPA 1970); and In re Thorington, 418 F.2d 528, 163 USPQ 644 (CCPA 1969). A timely filed terminal disclaimer in compliance with 37 CFR 1.321(c) or 1.321(d) may be used to overcome an actual or provisional rejection based on a nonstatutory double patenting ground provided the conflicting application or patent either is shown to be commonly owned with this application, or claims an invention made as a result of activities undertaken within the scope of a joint research agreement. Effective January 1, 1994, a registered attorney or agent of record may sign a terminal disclaimer. A terminal disclaimer signed by the assignee must fully comply with 37 CFR 3.73(b). Claims 21-40 are rejected on the ground of nonstatutory obviousness-type double patenting as being unpatentable over claims 1-20 of US patent No. 10685350. Although the conflicting claims are not identical, they are not patentably distinct from each other because all elements of claims 21-40 of the instant application correspond to elements of claims 1-20 of US patent No. 10685350. The above claims of the present application would have been obvious over claims 1-20 of US patent No. 10685350 because each element of the claims of the present application is anticipated by the claims 1-20 of US patent No. 10685350 and as such are unpatentable for obviousness-type double patenting (In re Goodman (CAFC) 29 USPQ2D 2010 (12/3/1993)). Claims 21-40 are rejected on the ground of nonstatutory obviousness-type double patenting as being unpatentable over claims 1-20 of US patent No. 11,544,707. Although the conflicting claims are not identical, they are not patentably distinct from each other because all elements of claims 21-40 of the instant application correspond to elements of claims 1-20 of US patent No. 11,544,707. The above claims of the present application would have been obvious over claims 1-20 of US patent No. 11,544,707 because each element of the claims of the present application is anticipated by the claims 1-20 of US patent No. 11,544,707 and as such are unpatentable for obviousness-type double patenting (In re Goodman (CAFC) 29 USPQ2D 2010 (12/3/1993)). Claims 21-40 are rejected on the ground of nonstatutory obviousness-type double patenting as being unpatentable over claims 1-20 of US patent No. 12,026,707. Although the conflicting claims are not identical, they are not patentably distinct from each other because all elements of claims 21-40 of the instant application correspond to elements of claims 1-20 of US patent No. 12,026,707. The above claims of the present application would have been obvious over claims 1-20 of US patent No. 12,026,707 because each element of the claims of the present application is anticipated by the claims 1-20 of US patent No. 12,026,707 and as such are unpatentable for obviousness-type double patenting (In re Goodman (CAFC) 29 USPQ2D 2010 (12/3/1993)). Allowable Subject Matter Claims 26-34 and 40 are indicated as allowable over prior art. The following is a statement of reasons for the indication of allowable subject matter: Limitations of the currently presented claims are essentially the same or similar to allowed claims of US 10685350, US 11544707, and US 12,026,707. As allowable subject matter has been indicated, applicant's reply must either comply with all formal requirements or specifically traverse each requirement not complied with. See 37 CFR 1.111(b) and MPEP § 707.07(a). Conclusion Any inquiry concerning this communication or earlier communications from the examiner should be directed to OLEG KORSAK whose telephone number is (571)270-1938. The examiner can normally be reached on 5:00 AM- 4:00 PM. If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Rupal Dharia can be reached on (571) 272-3880. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300. Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system. Status information for published applications may be obtained from either Private PAIR or Public PAIR. Status information for unpublished applications is available through Private PAIR only. For more information about the PAIR system, see http://pair-direct.uspto.gov. Should you have questions on access to the Private PAIR system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative or access to the automated information system, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000. /OLEG KORSAK/ Primary Examiner, Art Unit 2492