Notice of Pre-AIA or AIA Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .
In the event the determination of the status of the application as subject to AIA 35 U.S.C. 102 and 103 (or as subject to pre-AIA 35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis (i.e., changing from AIA to pre-AIA ) for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status.
This action is in response to the correspondence filed 08/28/2024.
Claims 1-20 are presented for examination.
Double Patenting
The nonstatutory double patenting rejection is based on a judicially created doctrine grounded in public policy (a policy reflected in the statute) so as to prevent the unjustified or improper timewise extension of the “right to exclude” granted by a patent and to prevent possible harassment by multiple assignees. A nonstatutory double patenting rejection is appropriate where the conflicting claims are not identical, but at least one examined application claim is not patentably distinct from the reference claim(s) because the examined application claim is either anticipated by, or would have been obvious over, the reference claim(s). See, e.g., In re Berg, 140 F.3d 1428, 46 USPQ2d 1226 (Fed. Cir. 1998); In re Goodman, 11 F.3d 1046, 29 USPQ2d 2010 (Fed. Cir. 1993); In re Longi, 759 F.2d 887, 225 USPQ 645 (Fed. Cir. 1985); In re Van Ornum, 686 F.2d 937, 214 USPQ 761 (CCPA 1982); In re Vogel, 422 F.2d 438, 164 USPQ 619 (CCPA 1970); In re Thorington, 418 F.2d 528, 163 USPQ 644 (CCPA 1969).
A timely filed terminal disclaimer in compliance with 37 CFR 1.321(c) or 1.321(d) may be used to overcome an actual or provisional rejection based on nonstatutory double patenting provided the reference application or patent either is shown to be commonly owned with the examined application, or claims an invention made as a result of activities undertaken within the scope of a joint research agreement. See MPEP § 717.02 for applications subject to examination under the first inventor to file provisions of the AIA as explained in MPEP § 2159. See MPEP § 2146 et seq. for applications not subject to examination under the first inventor to file provisions of the AIA . A terminal disclaimer must be signed in compliance with 37 CFR 1.321(b).
The filing of a terminal disclaimer by itself is not a complete reply to a nonstatutory double patenting (NSDP) rejection. A complete reply requires that the terminal disclaimer be accompanied by a reply requesting reconsideration of the prior Office action. Even where the NSDP rejection is provisional the reply must be complete. See MPEP § 804, subsection I.B.1. For a reply to a non-final Office action, see 37 CFR 1.111(a). For a reply to final Office action, see 37 CFR 1.113(c). A request for reconsideration while not provided for in 37 CFR 1.113(c) may be filed after final for consideration. See MPEP §§ 706.07(e) and 714.13.
The USPTO Internet website contains terminal disclaimer forms which may be used. Please visit www.uspto.gov/patent/patents-forms. The actual filing date of the application in which the form is filed determines what form (e.g., PTO/SB/25, PTO/SB/26, PTO/AIA /25, or PTO/AIA /26) should be used. A web-based eTerminal Disclaimer may be filled out completely online using web-screens. An eTerminal Disclaimer that meets all requirements is auto-processed and approved immediately upon submission. For more information about eTerminal Disclaimers, refer to www.uspto.gov/patents/apply/applying-online/eterminal-disclaimer.
Claims 1-20 are rejected on the ground of nonstatutory double patenting as being unpatentable over claims 1-20 of U.S. Patent No. 11,689,538. Although the claims at issue are not identical, they are not patentably distinct from each other because each of the elements of claims 1, 11 and 20 of the present application are anticipated by each of the claim elements of claims 1, 10 and 18 of U.S. Patent No. 11,689,538.
Claim Rejections - 35 USC § 112
The following is a quotation of 35 U.S.C. 112(b):
(b) CONCLUSION.—The specification shall conclude with one or more claims particularly pointing out and distinctly claiming the subject matter which the inventor or a joint inventor regards as the invention.
The following is a quotation of 35 U.S.C. 112 (pre-AIA ), second paragraph:
The specification shall conclude with one or more claims particularly pointing out and distinctly claiming the subject matter which the applicant regards as his invention.
Claims 1-20 are rejected under 35 U.S.C. 112(b) or 35 U.S.C. 112 (pre-AIA ), second paragraph, as being indefinite for failing to particularly point out and distinctly claim the subject matter which the inventor or a joint inventor (or for applications subject to pre-AIA 35 U.S.C. 112, the applicant), regards as the invention.
As to claims 1, 11 and 20, the scope of the claims cannot be clearly determined rendering them indefinite. Specifically, a method performed by an authentication system is claimed, however the elements include steps or functions which are performed by a verification system which is not claimed as being included within the authentication system. The limitation stating, “wherein the verification system is configured to identify the authentication information and use the coded sequence to determine whether the second device is an authentic device associated with the user and the interaction initiated by the first device is approved,” is not performed by the claimed authentication system. The scope of the claims includes the steps or functions performed by the authentication system, while the steps and functions of the verification system fall outside of the scope of the claims unless the verification system is claimed as being a part of the authentication system. It is unclear as to whether the Applicant intended to format the claims in a way that the verification fell within the scope of the claim. Thus, in the claims present state, the limitation of “wherein the verification system is configured to identify the authentication information and use the coded sequence to determine whether the second device is an authentic device associated with the user and the interaction initiated by the first device is approved,” does not further limit the scope of the claims. For purposes of examination, this limitation will be interpreted as intended use language which does not further limit the scope of the claim and is not granted patentable weight. Please feel free to contact the Examiner with any questions or concerns.
As to claims 2, 7, 8, 10 and 14-16, the claims include limitations similar to those of claims 1, 11 and 20, discussed above, in that they include steps or functions which are not performed by the authentication system and therefore rendered indefinite for the same reasons as claims 1, 11 and 20.
As to claim 3, the steps are performed by the authentic device, therefore, similar to those performed by the verification system discussed above, the elements do not further limit the scope of the claim. For purposes of examination, this limitation will be interpreted as intended use language which does not further limit the scope of the claim and is not granted patentable weight.
As to claims 4-6, 9, 11-13 and 17-20, the claims do not cure the deficiency of claims 1 and 11 and are rejected under 35 USC § 112 for their dependency upon claims 1 and 11.
Claim Rejections - 35 USC § 102
The following is a quotation of the appropriate paragraphs of 35 U.S.C. 102 that form the basis for the rejections under this section made in this Office action:
A person shall be entitled to a patent unless –
(a)(1) the claimed invention was patented, described in a printed publication, or in public use, on sale, or otherwise available to the public before the effective filing date of the claimed invention.
Claims 1-7, 8-14 and 16-20 are rejected under 35 U.S.C. 102(a)(1) as being anticipated by US 2015/0095219 to Hurley (Applicant’s IDS).
As to claims 1, 11 and 20, Hurley teaches a method, performed by an authentication system, to facilitate interaction authentication, the method comprising: subsequent to initiation of an interaction by a first device associated with a user (FIG. 5, paragraph 40, electronic device communicates payment device identification data with merchant subsystem [claimed interaction by a first device]), communicating with a second device to receive data stored by the second device (FIG. 5 and paragraph 41, received transaction request data from merchant subsystem to the commercial entity subsystem); generating a coded sequence based on at least a portion of the data (FIG. 5 and paragraph 42, payment request data may be encrypted or otherwise formatted by commercial entity subsystem 400 before communication to the target payment device 100 using one or more suitable commercial entity keys, wherein the payment request data may include any suitable information included in or based on the transaction request data of step 504 that may identify one or more particulars of the transaction to that device 100); and transmitting authentication information, including the coded sequence, over an interaction network monitored by a verification system (paragraph 42, transmit the payment request data), wherein the verification system is configured to identify the authentication information and use the coded sequence to determine whether the second device is an authentic device associated with the user and the interaction initiated by the first device is approved (the steps performed by the verification system are not positively recited steps which require the step to be performed by the authentication system nor does it limit the claim to a particular structure [see 35 USC 112(b) rejection above]).
As to claim 2, Hurley teaches wherein the coded sequence included in the authentication information is a first coded sequence (FIG. 5 and paragraph 42, payment request data may be encrypted or otherwise formatted by commercial entity subsystem 400 before communication to the target payment device 100 using one or more suitable commercial entity keys, wherein the payment request data may include any suitable information included in or based on the transaction request data of step 504 that may identify one or more particulars of the transaction to that device 100), and the verification system is configured to generate, for comparison with the first coded sequence, a second coded sequence expected from an interaction between the authentication system and the authentic device associated with the user (paragraph 67, confirm that the security code matches the security code provided at step 611, thereby providing an additional layer of security to process 600; furthermore, the steps performed by the verification system are not positively recited steps which require the step to be performed by the authentication system nor does it limit the claim to a particular structure [see 35 USC 112(b) rejection above]).
As to claim 3, Hurley teaches wherein the portion of the data used to generate the first coded sequence includes a first key (paragraph 18, a merchant key may be determined by the commercial entity through use of merchant identification information received from the merchant via the transaction request), and the authentic device associated with the user stores a second key known and used by the verification system to generate the second coded sequence such that a match between the first coded sequence and the second coded sequence indicates the first key is a same key as the second key, and the second device is the authentic device associated with the user (the steps performed by the verification system are not positively recited steps which require the step to be performed by the authentication system nor does it limit the claim to a particular structure [see 35 USC 112(b) rejection above]).
As to claim 4, Hurley teaches wherein, when the first coded sequence and the second coded sequence match based on the comparison, the second device is determined to be the authentic device associated with the user and the interaction initiated by the first device is approved (paragraph 67, confirm that the security code matches the security code provided at step 611, thereby providing an additional layer of security to process 600; furthermore, the steps performed by the verification system are not positively recited steps which require the step to be performed by the authentication system nor does it limit the claim to a particular structure [see 35 USC 112(b) rejection above]).
As to claim 5, Hurley teaches wherein, when the first coded sequence and the second coded sequence do not match based on the comparison, the interaction initiated by the first device is denied (paragraph 67, confirm that the security code matches the security code provided at step 611, thereby providing an additional layer of security to process 600, wherein interaction would not continue if the security code does not match; furthermore, the steps performed by the verification system are not positively recited steps which require the step to be performed by the authentication system nor does it limit the claim to a particular structure [see 35 USC 112(b) rejection above]).
As to claim 6, Hurley teaches wherein the authentication system stores a transaction key (paragraph 18, a merchant key may be determined by the commercial entity through use of merchant identification information received from the merchant via the transaction request), and the method further comprises: using the transaction key to encode a predetermined authentication identifier (paragraph 18, wherein the credential, which may include an identifier, may be encrypted using the key); and including the predetermined authentication identifier as part of the authentication information transmitted to the verification system (paragraphs 18 and 42, transmit the payment request including the encrypted identifier), wherein the predetermined authentication identifier is known by the verification system, and is used to identify the authentication information as the verification system is monitoring the interaction network (the steps performed by the verification system are not positively recited steps which require the step to be performed by the authentication system nor does it limit the claim to a particular structure [see 35 USC 112(b) rejection above]).
As to claims 8 and 16, Hurley teaches receiving, as input to the authentication system, an identifier (paragraph 41, the received transaction request data communicated from merchant subsystem 200 to commercial entity subsystem 400 (e.g., via path 85) may include a merchant identifier that may identify the particular merchant sending the data, a transaction identifier that may identify the particular purchase transaction to be financed, one or more pieces of information specific to that transaction (e.g., purchase price, description of product/service being purchased, shipping information, etc.), identification of the currency to be used during the transaction, a list of financial institutions whose payment credentials may be accepted by merchant subsystem 200, and/or one or more fields of customizable information that may be uniquely customized by merchant subsystem 200 for a particular transaction); and including the identifier as part of the authentication information transmitted to the verification system (paragraph 42, transmitted payment request may include a merchant identifier that may identify the particular merchant that instigated step 506 (e.g., the merchant that sent transaction request data at step 504), a transaction identifier that may identify the particular purchase transaction to be financed, one or more pieces of information specific to that transaction (e.g., purchase price, description of product/service being purchased, shipping information, etc.), and/or one or more fields of customizable information that may be uniquely customized by merchant subsystem 200 for a particular transaction), wherein the verification system is further configured to determine whether the identifier matches an expected identifier, and approve the interaction initiated by the first device further based on the determination (the steps performed by the verification system are not positively recited steps which require the step to be performed by the authentication system nor does it limit the claim to a particular structure [see 35 USC 112(b) rejection above]).
As to claim 9, Hurley teaches wherein the identifier is a predetermined identifier associated with the second device (paragraph 41, payment device identification data or merchant identifier).
As to claim 10, Hurley teaches wherein the identifier is generated by the verification system and transmitted to the first device in response to the initiation of the interaction by the first device (the steps performed by the verification system are not positively recited steps which require the step to be performed by the authentication system nor does it limit the claim to a particular structure [see 35 USC 112(b) rejection above]).
As to claim 12, Hurley teaches wherein the portion of the data used to generate the coded sequence includes a private key associated with the second device, and the private key is known and used by the verification system to generate the expected coded sequence (paragraph 42, payment request data may be encrypted or otherwise formatted by commercial entity subsystem 400 before communication to the target payment device 100 using one or more suitable commercial entity keys (e.g., ISD key 156k and/or any other suitable access key, such as one or more of keys 151k, 155a, 155b, 158k) that may be available to commercial entity subsystem 400 and that may be associated with the payment device 100 that is to receive such payment request data [e.g., for creating a secure communication channel between commercial entity subsystem 400 and the payment device 100, such that payment device 100 may utilize an associated device key for decrypting or otherwise reformatting the payment request data before use by device 100 so as to ensure that the source of the payment request data is trustworthy]).
As to claim 13, Hurley teaches the payment request data may include using a transaction key to encode a predetermined authentication identifier (paragraph 42, payment request data may be encrypted or otherwise formatted by commercial entity subsystem 400 before communication to the target payment device 100 using one or more suitable commercial entity keys (e.g., ISD key 156k and/or any other suitable access key, such as one or more of keys 151k, 155a, 155b, 158k) that may be available to commercial entity subsystem 400 and that may be associated with the payment device 100 that is to receive such payment request data [e.g., for creating a secure communication channel between commercial entity subsystem 400 and the payment device 100, such that payment device 100 may utilize an associated device key for decrypting or otherwise reformatting the payment request data before use by device 100 so as to ensure that the source of the payment request data is trustworthy]; and including the predetermined authentication identifier as part of the authentication interaction information transmitted to the verification system (paragraph 42, transmitted payment request may include a merchant identifier that may identify the particular merchant that instigated step 506 (e.g., the merchant that sent transaction request data at step 504), a transaction identifier that may identify the particular purchase transaction to be financed, one or more pieces of information specific to that transaction (e.g., purchase price, description of product/service being purchased, shipping information, etc.), and/or one or more fields of customizable information that may be uniquely customized by merchant subsystem 200 for a particular transaction).
As to claim 14, Hurley teaches wherein the interaction network is an existing interaction rail platform supporting transmission of a plurality of different types of interaction communications (paragraph 21, a communications network may be used to provide one or more of paths 15, 15', 25, 35, 45, 55, 65, 75, and 85, which may be capable of providing communications using any suitable wired or wireless communications protocol. For example, one or more of paths 15, 15', 25, 35, 45, 55, 65, 75, and 85 may support Wi-Fi (e.g., an 802.11 protocol), ZigBee (e.g., an 802.15.4 protocol), WiDi.TM., Ethernet, Bluetooth.TM., BLE, high frequency systems (e.g., 900 MHz, 2.4 GHz, and 5.6 GHz communication systems), infrared, TCP/IP, SCTP, DHCP, HTTP, BitTorrent.TM., FTP, RTP, RTSP, RTCP, RAOP, RDTP UDP, SSH, WDS-bridging, any communications protocol that may be used by wireless and cellular telephones and personal e-mail devices (e.g., GSM, GSM plus EDGE, CDMA, OFDMA, HSPA, multi-band, etc.), any communications protocol that may be used by a low power Wireless Personal Area Network ("6LoWPAN") module, any other communications protocol, or any combination thereof), and the verification system is configured to identify the communication including the authentication interaction information based on a presence of the predetermined authentication identifier (the steps performed by the verification system are not positively recited steps which require the step to be performed by the authentication system nor does it limit the claim to a particular structure [see 35 USC 112(b) rejection above]).
As to claim 17, Hurley teaches wherein communicating with the second device further comprises: providing power to the second device to enable the communicating (paragraph 116, a reader of such a merchant terminal may emit a relatively low-power radio wave field that may be used to power an antenna utilized by NFC device module 130 (e.g., shared antenna 116 or NFC-specific antenna 134) and, thereby, enable that antenna to transmit suitable NFC communication information (e.g., credit card credential information) from NFC data module 132, via antenna 116 or antenna 134, to such a merchant terminal as an NFC communication).
As to claim 18, Hurley teaches wherein the authentication system is one of an automated teller machine, a point of sale device, or a terminal (FIG. 1A and paragraph 32, commercial entity subsystem 400 is a terminal).
As to claim 19, Hurley teaches the second device is a card including one or more cryptographic-enabled components ((the steps performed by the second device are not positively recited steps which require the step to be performed by the authentication system nor does it limit the claim to a particular structure [see 35 USC 112(b) rejection above])).
Claim Rejections - 35 USC § 103
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.
The factual inquiries for establishing a background for determining obviousness under 35 U.S.C. 103 are summarized as follows:
1. Determining the scope and contents of the prior art.
2. Ascertaining the differences between the prior art and the claims at issue.
3. Resolving the level of ordinary skill in the pertinent art.
4. Considering objective evidence present in the application indicating obviousness or nonobviousness.
Claims 7 and 15 are rejected under 35 U.S.C. 103 as being unpatentable over Hurley in view of US 20140031011 A1 to West.
As to claims 7 and 15, Hurley does not explicitly teach including a first geographic location of the authentication system as part of the authentication information transmitted to the verification system, wherein the verification system is further configured to receive information indicating a second geographic location of the first device as the authentication system is communicating with the second device, determine whether the first geographic location is within a predetermined distance of the second geographic location indicative of the user being in possession of and presenting the second device to the authentication system, and approve the interaction initiated by the first device further based on the determination.
However, West teaches including a first geographic location of the authentication system as part of the authentication information transmitted to the verification system (paragraph 32, the location authenticator communicates a current geographical location for the mobile device to a location-based authentication manager), wherein the verification system is further configured to receive information indicating a second geographic location of the first device as the authentication system is communicating with the second device, determine whether the first geographic location is within a predetermined distance of the second geographic location indicative of the user being in possession of and presenting the second device to the authentication system, and approve the interaction initiated by the first device further based on the determination (the steps performed by the verification system are not positively recited steps which require the step to be performed by the authentication system nor does it limit the claim to a particular structure [see 35 USC 112(b) rejection above]).
It would have been obvious to one of ordinary skill in the art, before the effective filing date of the claimed invention, to modify the teachings of Hurley to include the method of transmitting the geographical location as part of the authentication information as taught by West in order to provide an extra layer of authentication, via multifactor authentication, using the predefined authorized locations, thus preventing unauthorized access from an area in which a lost or stolen device is location optimizing the overall security of the system.
Conclusion
Any inquiry concerning this communication or earlier communications from the examiner should be directed to MALCOLM CRIBBS whose telephone number is (571)270-1566. The examiner can normally be reached Monday-Friday 930a-330p; 430p-630p.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Eleni Shiferaw can be reached at (571)272-3867. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. Visit https://www.uspto.gov/patents/apply/patent-center for more information about Patent Center and https://www.uspto.gov/patents/docx for information about filing in DOCX format. For additional questions, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.
MALCOLM . CRIBBS
Examiner
Art Unit 2497
/MALCOLM CRIBBS/Primary Examiner, Art Unit 2497