DETAILED ACTION
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .
This Office Action is in response to Application No. 18/800,812 filed on 08/12/2024.
As per the Preliminary Amendment filed on 08/11/2025, claim 1 is canceled; claims 2-21 have been added. Claims 2-21 have been examined and are pending in this application.
Priority
Acknowledgment is made of Applicant’s claim for foreign priority under 35 U.S.C. 120 to parent Application No. 17/379,537, filed on 07/19/2021.
Information Disclosure Statement
The information disclosure statement (IDS), submitted on 10/16/2025, is in compliance with the provisions of 37 CFR 1.97. Accordingly, the information disclosure statement is being considered by the examiner.
Specification Objections
The specification is objected to because of the language contained within the Abstract of the Disclosure.
Applicant is reminded of the proper language and format for an abstract of the disclosure.
The language should be clear and concise and should not repeat information given in the title. It should avoid using phrases which can be implied, such as, "The disclosure concerns," "The disclosure defined by this invention," "The disclosure describes," or “Aspects of the present disclosure may provide. The abstract should be in narrative form and generally limited to a single paragraph within the range of 50 to 150 words in length.” (emphasis added)
Appropriate correction is required (See MPEP 608.01 (b)).
Double Patenting
The nonstatutory double patenting rejection is based on a judicially created doctrine grounded in public policy (a policy reflected in the statute) so as to prevent the unjustified or improper timewise extension of the “right to exclude” granted by a patent and to prevent possible harassment by multiple assignees. A nonstatutory obviousness-type double patenting rejection is appropriate where the conflicting claims are not identical, but at least one examined application claim is not patentably distinct from the reference claim(s) because the examined application claim is either anticipated by, or would have been obvious over, the reference claim(s). See, e.g., In re Berg, 140 F.3d 1428, 46 USPQ2d 1226 (Fed. Cir. 1998); In re Goodman, 11 F.3d 1046, 29 USPQ2d 2010 (Fed. Cir. 1993); In re Longi, 759 F.2d 887, 225 USPQ 645 (Fed. Cir. 1985); In re Van Ornum, 686 F.2d 937, 214 USPQ 761 (CCPA 1982); In re Vogel, 422 F.2d 438, 164 USPQ 619 (CCPA 1970); and In re Thorington, 418 F.2d 528, 163 USPQ 644 (CCPA 1969).
A timely filed terminal disclaimer in compliance with 37 CFR 1.321(c) or 1.321(d) may be used to overcome an actual or provisional rejection based on a nonstatutory double patenting ground provided the conflicting application or patent either is shown to be commonly owned with this application, or claims an invention made as a result of activities undertaken within the scope of a joint research agreement.
Effective January 1, 1994, a registered attorney or agent of record may sign a terminal disclaimer. A terminal disclaimer signed by the assignee must fully comply with 37 CFR 3.73(b).
The USPTO internet Web site contains terminal disclaimer forms which may be used. Please visit http://www.uspto.gov/forms/. The filing date of the application will determine what form should be used. A web-based eTerminal Disclaimer may be filled out completely online using web-screens. An eTerminal Disclaimer that meets all requirements is auto-processed and approved immediately upon submission. For more information about eTerminal Disclaimers, refer to http://www.uspto.gov/patents/process/file/efs/guidance/eTD-info-I.jsp.
Claim 2-21 rejected on the ground of nonstatutory double patenting as being unpatentable over claims 1-20 of U.S. Patent No. 12,061,682. Although the claims at issue are not identical, they are not patentably distinct from each other because claim(s) 2-21 are similar in scope to the claim(s) in US Patent No. 12,061,682 (see table below). If the claims in Application No. 12,061,682 are allowed, it could improperly extend the “right to exclude” for the same invention in two different Patents.
Claims 2-21 are directed to a computer implemented method and a mobile device, respectively; said computer implemented method and mobile device are associated with the system and computing device claimed in claim(s) 1-20 of U.S. Patent No. 12,061,682.
The subject matter claimed in the instant application is fully disclosed in the U.S. Patent No. 12,061,682 and is covered by the U.S. Patent No. 12,061,682 since the Patent U.S. Patent No. 12,061,682 and the instant application are claiming common subject matter, as follows:
Application No. 18/800,812 (Instant App.)
US Patent No. 12,061,682
Claim 2: A computer-implemented method, comprising: determining, by a mobile device, first data comprising to cause the mobile device to download and install a mobile application on the mobile device, wherein the first data is received via scanning quick-response (QR) code or receiving a message comprising the first data; receiving, by the mobile device, second data comprising an identifier to identify and launch an authentication operation of the mobile application utilizing a contactless card based on the identifier; receiving, by the mobile device, encrypted data from the contactless card; authenticating, by the mobile device, the encrypted data; receiving, by the mobile device, an indication to perform sensitive actions based on authentication of the encrypted data.
Claim 1: A system configured to authenticate unauthenticated users to perform sensitive actions, comprising:
one or more processors;
memory coupled with the one or more processors, the memory to store instructions that when executed by the one or more processors, cause the one or more processors to: communicate a first communication to a mobile device, the first communication comprising first data to cause the mobile device to download a mobile application;
generate a task identifier to identify and launch an authentication operation to perform a specific type of authentication in the mobile application to authenticate a user of the mobile device; communicate a second communication to the mobile device, the second communication comprising second data comprising the task identifier, the second data to cause the mobile application to launch and perform the authentication operation associated with the task identifier;
determine the user is authenticated by the authentication operation; and enable the mobile device to perform sensitive actions.
Claim 3: The system of claim 2, wherein the encrypted data comprises data stored on the contactless card and is received in response to the contactless card being within a near-field communication range of the mobile device.
Claim 12: A mobile device, comprising:
one or more processors; and
a memory storing instructions that, when executed by the one or more processors,
cause the mobile device to: determine first data to cause the mobile device to download and install a mobile application, wherein the first data is received via scanning a quick-response (QR) code or receiving a message comprising the first data; receive second data comprising an identifier to identify and launch an authentication operation of the mobile application utilizing a contactless card based
on the identifier; receive encrypted data from the contactless card; authenticate the encrypted data; and receive an indication to perform sensitive actions based on authentication of the encrypted data.
Claim 12: A computing device configured to authenticate unauthenticated users to perform sensitive actions, comprising:
processing circuitry; memory coupled with the processing circuitry, the memory to store instructions that when executed by the processing circuitry, cause the processing circuitry to: receive a first communication from a system to authenticate a user, the first communication comprising first data to install a mobile application; install the mobile application based on invocation of the first data; receive a second communication from the system, the second communication comprising second data comprising a task identifier to identify a specific type of authentication operation, the second data to cause the mobile application to perform the authentication operation associated with the task identifier; initiate the authentication operation of the specific type based on invocation of the second data to determine the user is authenticate; and receive an indication that the user is authenticated based on performance of the authentication operation, and the user is enabled to perform sensitive actions.
Claim 15: The computing device of claim 13, wherein the wireless interface comprises a near-field communication (NFC) interface, and the encrypted data is received from the contactless card as part of an NFC exchange.
Claim Rejections - 35 USC § 112
The following is a quotation of 35 U.S.C. 112(b):
(B) CONCLUSION.—The specification shall conclude with one or more claims particularly pointing out and distinctly claiming the subject matter which the inventor or a joint inventor regards as the invention.
The following is a quotation of 35 U.S.C. 112 (pre-AIA ), second paragraph:
The specification shall conclude with one or more claims particularly pointing out and distinctly claiming the subject matter which the applicant regards as his invention.
Claim(s) 2-11 are rejected under 35 U.S.C. 112(b) or 35 U.S.C. 112 (pre-AIA ), second paragraph, as being indefinite for failing to particularly point out and distinctly claim the subject matter which the inventor or a joint inventor, or for pre-AIA the applicant regards as the invention.
Regarding claim 2; Claim 2 recites the limitation “first data comprising to cause the mobile device” (emphasis added). It is unclear as to what the Applicant regards and what it means to “comprising to cause”. For the purpose of applying art, the Examiner interprets “first data comprising to cause the mobile device” as “first data to cause the mobile device”. Appropriate correction is required in order to ensure proper claim interpretation.
Regarding claims 3-11; claims 3-11 are dependent on claim 2, and therefore inherit the 35 U.S.C. 112(b) or 35 U.S.C. 112 (pre-AIA ), second paragraph, issues of independent claim 2.
Claim Rejections - 35 USC § 103
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.
In the event the determination of the status of the application as subject to AIA 35 U.S.C. 102 and 103 (or as subject to pre-AIA 35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status.
Claim(s) 2-4, 6-10, 12-14, and 16-20 are rejected under 35 U.S.C. 103 as being unpatentable Canfield et al. (US 2021/0168140; Hereinafter “Canfield”) in view of Rule et al. (US 2020/0106617; Hereinafter “Rule”).
Regarding claim 2, Canfield teaches a computer-implemented method, comprising: determining, by a mobile device, first data comprising to cause the mobile device to download and install a mobile application on the mobile device, wherein the first data is received via scanning quick-response (QR) code or receiving a message comprising the first data (Canfield: Fig. 1-3, Para. [0043], Para. [0026], Exemplary embodiments include at step 111 providing a registration code for the user and embedding the registration code within a dynamic link. The registration code may be any code that uniquely identifies the user. The registration code may be used to identify the user as the user of the created user account from step 110, when the user is trying to associate another remote application to their account. Para. [0027], When the account is initially created or at some time thereafter, a mobile application registration message may be sent to the user at step 112. The mobile application registration message may be sent to the user via email, SMS, or other entered communication identification method. This message may contain the dynamic link including the registration code. The dynamic link may be embedded in a button, such as might be found in an email, or a web link that can be selected by the user. Para. [0051]);
Canfield does not explicitly teach receiving, by the mobile device, second data comprising an identifier to identify and launch an authentication operation of the mobile application utilizing a contactless card based on the identifier; receiving, by the mobile device, encrypted data from the contactless card; authenticating, by the mobile device, the encrypted data; receiving, by the mobile device, an indication to perform sensitive actions based on authentication of the encrypted data.
In an analogous art, Rule teaches receiving, by the mobile device, second data comprising an identifier to identify and launch an authentication operation of the mobile application utilizing a contactless card based on the identifier (Rule: Para. [0158], In some examples, the tap may activate or launch the application of the device and then initiate one or more actions or communications with one or more servers to activate the contactless card. Subsequent to installation, a tap of the contactless card may activate or launch the application, and then initiate, for example via the application or other back-end communication), activation of the contactless card. After activation, the contactless card may be used in various activities, including without limitation commercial transactions. Para. [0039]-[0040], Para. [0041], For example, a reader, such as application 122, may transmit a message, such as an applet select message, with the applet ID of an NDEF producing applet. Upon confirmation of the selection, a sequence of select file messages followed by read file messages may be transmitted. For example, the sequence may include “Select Capabilities file”, “Read Capabilities file”, and “Select NDEF file”. At this point, a counter value maintained by the contactless card 105 may be updated or incremented, which may be followed by “Read NDEF file.” At this point, the message may be generated which may include a header and a shared secret. Session keys may then be generated. The MAC cryptogram may be created from the message, which may include the header and the shared secret. The MAC cryptogram may then be concatenated with one or more blocks of random data, and the MAC cryptogram and a random number (RND) may be encrypted with the session key. Thereafter, the cryptogram and the header may be concatenated, and encoded as ASCII hex and returned in NDEF message format (responsive to the “Read NDEF file” message).);
receiving, by the mobile device, encrypted data from the contactless card; authenticating, by the mobile device, the encrypted data (Rule: Para. [0041], Para. [0044], At step 106, the contactless card 105 sends the MAC cryptogram to the application 122. In some examples, the transmission of the MAC cryptogram occurs via NFC, however, the present disclosure is not limited thereto.);
receiving, by the mobile device, an indication to perform sensitive actions based on authentication of the encrypted data (Rule: Para. [0046], At step 112, the processor 124 verifies the MAC cryptogram pursuant to an instruction from the application 122. For example, the MAC cryptogram may be verified, as explained below. Para. [0054]).
It would have been obvious to a person having ordinary skill in the art, before the effective filing date of the claimed invention, to combine the teachings of Rule with the system and method of Canfield to include receiving, by the mobile device, second data comprising an identifier to identify and launch an authentication operation of the mobile application utilizing a contactless card based on the identifier; receiving, by the mobile device, encrypted data from the contactless card; authenticating, by the mobile device, the encrypted data; receiving, by the mobile device, an indication to perform sensitive actions based on authentication of the encrypted data because this functionality provides for transmitting sensitive data after verification of a contactless card (Rule: Para. [0054]).
Regarding claim 3, Canfield, in combination with Rule, teaches the method of claim 2, wherein the message comprising the first data is a text message communicated via a short message service (SMS), multimedia messaging service (MMS), or rich communication service (RCS) (Canfield: Fig. 1-3, Para. [0027], When the account is initially created or at some time thereafter, a mobile application registration message may be sent to the user at step 112. The mobile application registration message may be sent to the user via email, SMS, or other entered communication identification method. This message may contain the dynamic link including the registration code. The dynamic link may be embedded in a button, such as might be found in an email, or a web link that can be selected by the user. Para. [0051]).
Regarding claim 4, Canfield, in combination with Rule, teaches the method of claim 2, wherein the first data comprises an embedded link that, when activated, causes the mobile device to download the mobile application from an application store (Canfield: Fig. 1-3, Para. [0026], Para. [0027], When the account is initially created or at some time thereafter, a mobile application registration message may be sent to the user at step 112. The mobile application registration message may be sent to the user via email, SMS, or other entered communication identification method. This message may contain the dynamic link including the registration code. The dynamic link may be embedded in a button, such as might be found in an email, or a web link that can be selected by the user. Para. [0029], Once the user selects the dynamic link, an associated application is launched. If the application was downloaded during or after the activation of the dynamic link, upon opening the application, a service in the app determines that the registration process initiated before an app was installed is to be continued. Para. [0051]).
Regarding claim 6, Canfield, in combination with Rule, teaches the method of claim 2, wherein receiving the encrypted data from the contactless card is performed via a near-field communication (NFC) interface of the mobile device after a user is prompted to tap the contactless card on the mobile device (Rule: Para. [0031], System 100 may include one or more contactless cards 105, which are further explained below with reference to FIGS. 5A-5B. In some embodiments, contactless card 105 may be in wireless communication, utilizing NFC in an example, with client device 110.).
Regarding claim 7, Canfield, in combination with Rule, teaches the method of claim 2, wherein authenticating the encrypted data further comprises: transmitting, by the mobile device, the encrypted data to a remote authentication server (Rule: Para. [0047], In some examples, verifying the MAC cryptogram may be performed by a device other than client device 110, such as a server 120 in data communication with the client device 110 (as shown in FIG. 1A).); and
receiving, by the mobile device, the result of the authentication from the remote authentication server (Rule: Para. [0035], Client device 110 may be in communication with one or more servers 120 via one or more networks 115, and may operate as a respective front-end to back-end pair with server 120. Client device 110 may transmit, for example from a mobile device application executing on client device 110, one or more requests to server 120. The one or more requests may be associated with retrieving data from server 120. Server 120 may receive the one or more requests from client device 110. Para. [0046], At step 112, the processor 124 verifies the MAC cryptogram pursuant to an instruction from the application 122. For example, the MAC cryptogram may be verified, as explained below. Para. [0054]).
Regarding claim 8, Canfield, in combination with Rule, teaches the method of claim 2, wherein the encrypted data is a cryptogram that includes a counter value, a unique card identifier, and a shared secret (Rule: Para. [0039]-[0040], Para. [0041], For example, a reader, such as application 122, may transmit a message, such as an applet select message, with the applet ID of an NDEF producing applet. Upon confirmation of the selection, a sequence of select file messages followed by read file messages may be transmitted. For example, the sequence may include “Select Capabilities file”, “Read Capabilities file”, and “Select NDEF file”. At this point, a counter value maintained by the contactless card 105 may be updated or incremented, which may be followed by “Read NDEF file.” At this point, the message may be generated which may include a header and a shared secret. Session keys may then be generated. The MAC cryptogram may be created from the message, which may include the header and the shared secret. The MAC cryptogram may then be concatenated with one or more blocks of random data, and the MAC cryptogram and a random number (RND) may be encrypted with the session key. Thereafter, the cryptogram and the header may be concatenated, and encoded as ASCII hex and returned in NDEF message format (responsive to the “Read NDEF file” message).)
Regarding claim 9, Canfield, in combination with Rule, teaches the method of claim 8, wherein the cryptogram is generated using a session key that is derived from a unique card master key and the counter value, and wherein the counter value is updated upon each read of the contactless card to prevent replay attacks (Rule: Para. [0008], and validate the cryptographic result using the one or more cryptographic algorithms and the session key, wherein the counter is independently updated by the contactless card and the client application for each transmission between the contactless card and the application,).
Regarding claim 10, Canfield, in combination with Rule, teaches the method of claim 2, wherein the sensitive actions include performing a financial transaction or viewing personal information (Rule: Para. [0079], After activation, the card may be used in various transactions including commercial transactions.).
Regarding claims 12-14, Claims 12-14 are rejected under the same rational as claims 2-4, respectively.
Regarding claims 16-20, Claims 16-20 are rejected under the same rational as claims 6-10, respectively.
Claim(s) 5 and 15 are rejected under 35 U.S.C. 103 as being unpatentable Canfield et al. (US 2021/0168140; Hereinafter “Canfield”) in view of Rule et al. (US 2020/0106617; Hereinafter “Rule”) in view of Beilis et al. (US 2014/0045458; Hereinafter “Beilis”).
Regarding claim 5, Canfield, in combination with Rule, teaches the method of claim 2. Canfield, in combination with Rule, does not explicitly teach wherein the second data comprises an embedded link that, when activated, launches the mobile application and passes the identifier to the mobile application.
In an analogous art Beilis teaches wherein the second data comprises an embedded link that, when activated, launches the mobile application and passes the identifier to the mobile application (Beilis: Para. [0045], It will be apparent to the skilled person that there are only a few enterprises presently providing NFC-enabled cards, and none of these are enabled with a unique identifier such as is described above for invoking an application and authenticating a user. Para. [0039], In this embodiment the customer, having invoked the application on appliance 115 (1) accessing the bank's web site on server 109 also has his or her NFC enabled telephone 115 (3) at hand and NFC-enabled card 202. The customer taps the card to the telephone, which invokes the telephone application as described above, acquires the unique identifier and optionally other data, and links to the same web site on server 109, where the SW at the server recognizes the customer is connected by appliance 115 (1) as well, and authenticates the customer transparently for the connection to appliance 115(1). Para. [0012]).
It would have been obvious to a person having ordinary skill in the art, before the effective filing date of the claimed invention, to combine the teachings of Beilis with the system and method of Canfield and Rule to include wherein the second data comprises an embedded link that, when activated, launches the mobile application and passes the identifier to the mobile application because this functionality provides for authentication using mobile devices in a much quicker, less error prone, and more secure manner (Beilis: Para. [0007]).
Regarding claim 15, Claim 15 is rejected under the same rational as claim 5.
Claim(s) 11 and 21 are rejected under 35 U.S.C. 103 as being unpatentable Canfield et al. (US 2021/0168140; Hereinafter “Canfield”) in view of Rule et al. (US 2020/0106617; Hereinafter “Rule”) in view of Polyakov et al. (US 2016/0173825; Hereinafter “Polyakov”).
Regarding claim 11, Canfield, in combination with Rule, teaches the method of claim 2. Canfield, in combination with Rule, does not explicitly teach further comprising, prior to determining the first data, establishing a voice or chat communication channel with an agent of a service provider, wherein the first data is received in response to the agent determining that the mobile application is not installed on the mobile device.
In an analogous art, Polyakov teaches further comprising, prior to determining the first data, establishing a voice or chat communication channel with an agent of a service provider, wherein the first data is received in response to the agent determining that the mobile application is not installed on the mobile device (Polyakov: Para. [0011], In operation, a customer service support agent, upon receiving a phone call from a customer, can supply a link to the customer to download and install a mobile application or push the mobile application to the customer's device, e.g., a smart phone, directly.).
It would have been obvious to a person having ordinary skill in the art, before the effective filing date of the claimed invention, to combine the teachings of Polyakov with the system and method of Canfield and Rule to include further comprising, prior to determining the first data, establishing a voice or chat communication channel with an agent of a service provider, wherein the first data is received in response to the agent determining that the mobile application is not installed on the mobile device because this functionality provides on-demand distribution of applications while the end user is connected over the phone (Polyakov: Para. [0008]).
Regarding claim 21, Claim 21 is rejected under the same rational as claim 11.
Conclusion
The prior art made of record and not relied upon is considered pertinent to applicant's disclosure.
U.S. Patent No. US 10,050,957 by Farrugia et al.
Any inquiry concerning this communication or earlier communications from the examiner should be directed to Nelson Giddins whose telephone number is (571)272-7993. The examiner can normally be reached on Monday - Friday, 9:00 AM - 5:00 PM.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Linglan Edwards can be reached at (571) 270-5440. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system. Status information for published applications may be obtained from either Private PAIR or Public PAIR. Status information for unpublished applications is available through Private PAIR only. For more information about the PAIR system, see http://pair-direct.uspto.gov. Should you have questions on access to the Private PAIR system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative or access to the automated information system, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.
/NELSON S. GIDDINS/ Primary Examiner, Art Unit 2408