Notice of Pre-AIA or AIA Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .
Claim Rejections - 35 USC § 102
The following is a quotation of the appropriate paragraphs of 35 U.S.C. 102 that form the basis for the rejections under this section made in this Office action:
A person shall be entitled to a patent unless –
(a)(1) the claimed invention was patented, described in a printed publication, or in public use, on sale, or otherwise available to the public before the effective filing date of the claimed invention.
Claims 1-2, 4-5, 7-8, 12-13, 15-16 and 18-19 are rejected under 35 U.S.C. 102(a)(1) as being anticipated by Mathias (US Patent No. 20200052905 A1).
In re claim 1, Mathias teaches A method performed at an access control device (Abstract: “Techniques are disclosed relating to electronic security, e.g., for authenticating a mobile electronic device to allow access to system functionality (e.g., physical access to the system, starting an engine/motor, etc.).”) comprising:
sending, from the access control device, a first ephemeral public key to a user device (Para [0068]: “In the illustrated embodiment, at 306 system 110 verifies the authentication information and, in response, generates an ephemeral key pair. In the illustrated embodiment, system 110 switches to a “pairing in progress state” at this point. Note that in other embodiments, other states may be used and the states may be entered or exited at different points than shown.”);
receiving, from the user device, a second ephemeral public key responsive to the first ephemeral public key (Paras [0070]-[0071]: “In the illustrated embodiment, user 310 also starts the pairing procedure with mobile device 130 via AP 136 at 308. This may be performed using an input device of mobile device 130 such as a touch screen, for example. The user may initiate the pairing procedure by opening an application and selecting a pair option, for example. In some embodiments, rather than requiring a user to navigate to a pairing application, mobile device 130 is configured to automatically prompt the user for input to confirm that a pairing operation is desired, e.g., in response to communications by system 110. In other embodiments, user-initiating of the pairing process may be required on both devices in order to avoid broadcasting an indication that pairing is occurring. Mobile device 130 may also prompt the user for authentication information such as a password, a biometric scan, a PIN, etc.” “In response to initiation of the pairing procedure, at 312 AP 136 also generates an ephemeral key pair phone.ePK and phone.eSK, in the illustrated embodiment. In the illustrated embodiment, system 110 and AP 135 then exchange their respective generated ephemeral public keys, system.ePK and phone.ePK at 314 and 316. Each device then derives a shared secret based on the exchanged public keys and their respective secret keys at 318. As discussed above, ECDH may be used to derive the shared secret. At this point in the process, in the illustrated embodiment, an unauthenticated secure channel has been established between the system 110 and the mobile device 130 using ephemeral keys. In other embodiments, other techniques may be used to establish a shared secret or key. The disclosed techniques for obtaining a shared secret are disclosed for purposes of illustration, but are not intended to limit the scope of the present disclosure.”);
sending, to the user device, a first authentication cryptogram including a first signature, a public key certificate, and a Credential Trust Information (CTI);
receiving, from the user device, a second authentication cryptogram including a second signature, a public key of the user device, and a credential (Paras [0072]-[0074]: “In the illustrated embodiment, system 110 then sends a certificate (system.Cert) that is encrypted using the shared secret at 322. In the particular illustrated embodiment, the shared secret includes an encryption key (KENC) and a message authorization code (KMAC). These may be shared symmetric keys derived from system.eSK/phone.ePK on the system side and phone.eSK/ system.ePK on the mobile device side. These keys may be stored on the AP 136 and the system 110's ECU and may be deleted after each transaction. In the illustrated embodiment, the notation (KENC,KMAC)(data) denotes an encryption operation using KENC and a hashing operation using KMAC (where the hash output may be used to protect the integrity of the key exchange). AP 136, in the illustrated embodiment, extracts the system public key system.PK from the encrypted certificate system.Cert using the shared secret at 324.” “In the illustrated embodiment at 326, AP 136 then requests a new key pair to be generated from SE 134. In the illustrated embodiment, SE 134 generates a public/private key pair se.SK and se.PK and a corresponding certificate se.Cert at 328. In the illustrated embodiment, the certificate is a wrapper for the public key, which may describe the public key and indicate that SE 134 is authorized to issue such public keys. The certificate may be self-signed or based on a certificate from a certificate authority (e.g., if the SE 134 is an intermediate authority). SE 135 sends the certificate se.Cert to AP 136 at 332, which then encrypts the certificate using the shared secret (using KENC and KMAC techniques in the illustrated embodiment) and sends the encrypted certificate to system 110 over the secure channel at 334.” “In the illustrated embodiment, system 110 then verifies the MAC and decrypts the certificate se.Cert at 336. System 110 then verifies the se.Cert using a root certificate from an authorized entity associated with the mobile device (e.g., obtained from a manufacturer or OEM of mobile device 130) and extracts the public key se.PK from the se.Cert. In some embodiments, the manufacturer of mobile device 130 may provide its root certificate to various system manufacturers to facilitate this procedure.”);
authenticating the user device based on the credential and the second signature (SEE FIGS. 1B and 7A-8B);
validating whether the user device is authorized to activate an action based on a determination of whether the credential received in the second authentication cryptogram is signed by a trusted credential issuer (SEE FIGS. 1B, 7A-9C and 10); and
causing, in response to validating that the user device is authorized to activate the action and that the user device is authenticated, the action to be performed (Paras [0075]-[0076]: “In the illustrated embodiment, a text confirmation is then performed (this step may be omitted in other embodiments) and both the mobile device 130 and the system 110 generate text information based on the shared secret and display the text information to the user at 338. In the illustrated embodiment, the user then indicates to system 110 that the text is the same on both devices. This may be used to detect and avoid tampering by unauthorized entities during the pairing procedure (which would, e.g., cause the displayed text not to match).” “In the illustrated embodiment, system 110 then stores the se.PK with owner entitlements (e.g., information specifying what operations mobile device 130 is authorized to perform) at 342. This long-term SE public key may be used to authenticate future requests from mobile device 130. Examples of owner entitlements for mobile device 130 may include, without limitation: open door, start engine, add/remove keys from system 110 (e.g., owner and friend keys), delegate key sharing to another party, change entitlements, set system to unpaired state, access keychain data (e.g., website usernames, passwords, WLAN network information, payment information, etc.), make purchases within system 110, perform other cryptographic operations, etc. In the illustrated embodiment, the system 110 also switches to a paired state, which may prevent subsequent pairings (e.g., until mobile device 130 is unpaired). In some embodiments, ownership transfer may be performed by giving owner entitlements to a new user (e.g., using the procedure of FIG. 5) and then revoking the previous owner's key, without transitioning to the unpaired state. In other embodiments, transition to the unpaired state may be required to transfer ownership to another mobile device.” and SEE paras [0272]-[0280]).
Machine-readable medium claim 12 (Para [0282] teaches a memory and processor) and device claim 19 (Para [0282] teaches a memory and processor and para [0044] teaches access control) are rejected for the same reasons as method claim 1 for having similar limitations and being similar in scope.
In re claim 2, Mathias teaches wherein the first ephemeral public key is randomly generated by the access control device (Para [0140]: “In FIG. 9A, system 110 and mobile device 130 generate respective ephemeral key pairs and begin communications at elements 902-906. Note that the ephemeral key pairs may be generated before and/or after beginning communications. Because this process takes time, it may be desirable to generate keys before a transaction begins in order to reduce user-visible transaction time, in various embodiments. Beginning communications may include the system 110 using NFC anti-collision with ECP, for example, to initiate communications. At 908 system 110 then generates a random (or pseudo-random) transaction.ID for the current transaction and sends a message 910 (in the illustrated embodiment, this is a SELECT ACCESS message, but various types of messages may be used in other embodiments). In some embodiments, this message indicates an applet ID of an applet executable on mobile device 130 (e.g., by SE 134) to perform the transaction.”).
Medium claim 13 is rejected for the same reasons as method claim 2 for having similar limitations and being similar in scope.
In re claim 4, Mathias teaches wherein the determination includes a verification that the trusted credential issuer is in a stored list of trusted issuers, the list generated during a prior registration (Para [0079]: “In some embodiments, a user may also initiate an un-pairing operation, which may transition system 110 to the unpaired state. This may be used to register a new device as an owner device of system 110, e.g., to transfer ownership of the system or if the user buys a new mobile device. For this process, the mobile device 130 may send a specific command while authenticating with the private key se.SK. In some embodiments, un-pairing may also be performed via an interface of system 110, e.g., by entering the new PIN from the last pairing operation.”).
Medium claim 15 is rejected for the same reasons as method claim 4 for having similar limitations and being similar in scope.
In re claim 5, Mathias teaches wherein the first signature is generated using a device key of the access control device (Para [0035]: “The present disclosure describes embodiments in which a mobile device is used to gain access to functionality of a system. In some embodiments, asymmetric cryptography is used to establish a secure channel between a mobile device and a system. Using the secure channel, the system may authenticate the device by verifying a signature generated by a secure circuit such as a secure element (SE) of the mobile device using a previously-stored public key (e.g., a key stored as part of a pairing process). A processor such as a control unit of the system (e.g., an ECU) may be configured to store long-term key pairs, generate short-lived asymmetric key pairs, and verify signatures. A mobile device may include an SE configured to store long term asymmetric key pairs.”).
Medium claim 16 is rejected for the same reasons as method claim 5 for having similar limitations and being similar in scope.
In re claim 7, Mathias teaches wherein the action includes opening a door (Para [0038]: “Once the mobile device has been paired with the other system, the mobile device may perform an exchange with the other system to enable functionality of the other system such as, in some embodiments, opening a door, starting an engine or activating a motor, make a call, play media, travel above a certain speed, etc.”).
Medium claim 18 is rejected for the same reasons as method claim 7 for having similar limitations and being similar in scope.
In re claim 8, Mathias teaches wherein the credential includes a hash of the public key of the user device to bind the credential to the user device (Para [0088]: “In the illustrated embodiment, AP 136 then sets the command (which indicates the desired operation(s) to be performed by system 110, in some embodiments) and MACs and encrypts a response to system 110 at 436. In the illustrated embodiment, the response includes the ODSignature, a hash of the public key se.PK, and the command at 438. This may utilize the established secure channel and may allow system 110 to authenticate mobile device 130. Note that although both encrypting and MACing are discussed in various embodiments, encrypting using a secret key without using a MAC may be used in other embodiments.” and para [0090]: “In some embodiments, the disclosed techniques prevent the mobile device 130 from releasing unique identifiers or data (e.g., that might allow the mobile device to be tracked using a rogue radio) without user consent. In particular, public key certificates, public key hashes, or other kinds of key/device unique identifiers may be used to track a user device, but the disclosed techniques may prevent this information from being intercepted by establishing a secure channel prior to exchanging this information and/or by authenticating a system before transmitting this information.”).
Claim Rejections - 35 USC § 103
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.
Claim 3 and 14 are rejected under 35 U.S.C. 103 as being unpatentable over Mathias (US Patent No. 20200052905 A1), in view of Minematsu (US Patent No. 20170272239).
In re claim 3, Mathias teaches all of the limitations of claim 1 stated above but fails to teach wherein sending the first authentication cryptogram includes sending the first authentication cryptogram using an authenticated encryption (AENC) algorithm.
However, Minematsu teaches wherein sending the first authentication cryptogram includes sending the first authentication cryptogram using an authenticated encryption (AENC) algorithm (Para [0116]: “First, basic inputs/outputs of authenticated encryption (AE) are described. Assume that two persons “Alice” and “Bob” share a secret key K, and communication from Alice to Bob is performed by using encryption based on authenticated encryption (AE). Here, the encryption function of the authenticated encryption (AE) is denoted by AEnc, and the decryption function thereof is denoted by ADec. In addition, encryption target plaintext is denoted by M, and a variable called initial vector N is introduced.”).
Therefore, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to have modified Mathias to incorporate the teachings of Minematsu to provide wherein sending the first authentication cryptogram includes sending the first authentication cryptogram using an authenticated encryption (AENC) algorithm with the SYSTEM ACCESS USING A MOBILE DEVICE of Mathias. Doing so enables provide a technique efficiently enabling authenticated encryption with a small increase of band (length) of ciphertext with respect to plaintext, as recognized by Minematsu (Para [0018]).
Medium claim 14 is rejected for the same reasons as method claim 3 for having similar limitations and being similar in scope.
Claims 6, 10-11 and 17 are rejected under 35 U.S.C. 103 as being unpatentable over Mathias (US Patent No. 20200052905 A1), in view of Le Saint (US Patent No. 10389533).
In re claim 6, Mathias teaches all of the limitations of claim 1 stated above but fails to teach wherein the second authentication cryptogram indicates the action, which replaces a default action.
However, Le Saint teaches wherein the second authentication cryptogram indicates the action, which replaces a default action (Col 31, lines 54-58: “In some embodiments, the transaction cryptogram is used to conduct a second secure communication with a validation server. The second secure communication can be an authorization transaction, wherein the second cryptogram authenticates at least one element of the authorization transaction.”).
Therefore, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to have modified Mathias to incorporate the teachings of Le Saint to provide wherein the second authentication cryptogram indicates the action, which replaces a default action with the SYSTEM ACCESS USING A MOBILE DEVICE of Mathias. Doing so enables the second cryptogram to authenticate at least one element of the authorization transaction, as recognized by Le Saint (Col 31, lines 54-58).
Medium claim 17 is rejected for the same reasons as method claim 6 for having similar limitations and being similar in scope.
In re claim 10, Mathias teaches all of the limitations of claim 1 stated above but fails to teach wherein the second authentication cryptogram uses a different encryption than the first authentication cryptogram, the second authentication cryptogram using an encryption based on final session keys.
However, Le Saint teaches wherein the second authentication cryptogram uses a different encryption than the first authentication cryptogram, the second authentication cryptogram using an encryption based on final session keys (Abstract: “Embodiments of the invention introduce efficient methods for securely generating a cryptogram by a user device, and validating the cryptogram by a server computer. A secure communication can be conducted whereby a user device provides a cryptogram without requiring the user device to persistently store an encryption key or other sensitive data used to generate the cryptogram. The user device and server computer can mutually authenticate and establish a shared secret. Using the shared secret, the server computer can derive a session key and transmit key derivation parameters encrypted using the session key to the user device. The user device can derive the session key using the shared secret, decrypt the encrypted key derivation parameters, and store the key derivation parameters. Key derivation parameters and the shared secret can be used to generate a single use cryptogram key, which can be used to generate a cryptogram for conducting secure communications.”).
Therefore, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to have modified Mathias to incorporate the teachings of Le Saint to provide wherein the second authentication cryptogram uses a different encryption than the first authentication cryptogram, the second authentication cryptogram using an encryption based on final session keys with the SYSTEM ACCESS USING A MOBILE DEVICE of Mathias. Doing so enables efficient methods for securely generating a cryptogram by a user device, and validating the cryptogram by a server computer, as recognized by Le Saint (Abstract).
In re claim 11, Mathias teaches all of the limitations of claim 1 stated above but fails to teach wherein each operation, other than causing the action to be performed, occurs regardless of whether a failure occurred at any previous operation.
However, Le Saint teaches wherein each operation, other than causing the action to be performed, occurs regardless of whether a failure occurred at any previous operation (Col 31, lines 54-58: “In some embodiments, the transaction cryptogram is used to conduct a second secure communication with a validation server. The second secure communication can be an authorization transaction, wherein the second cryptogram authenticates at least one element of the authorization transaction.”).
Therefore, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to have modified Mathias to incorporate the teachings of Le Saint to provide wherein each operation, other than causing the action to be performed, occurs regardless of whether a failure occurred at any previous operation with the SYSTEM ACCESS USING A MOBILE DEVICE of Mathias. Doing so enables efficient methods for securely generating a cryptogram by a user device, and validating the cryptogram by a server computer, as recognized by Le Saint (Abstract).
Claims 9 and 20 are rejected under 35 U.S.C. 103 as being unpatentable over Mathias (US Patent No. 20200052905 A1), in view of Velur (US Patent No. 11256675).
In re claim 9, Mathias teaches all of the limitations of claim 1 stated above but fails to teach wherein the CTI includes a sorted list with a plurality of hashes, and wherein the credential is a first hash from a user device list of hashes that matches a hash of the sorted list.
However, Velur teaches wherein the CTI includes a sorted list with a plurality of hashes, and wherein the credential is a first hash from a user device list of hashes that matches a hash of the sorted list (Abstract: “A method comprises receiving, by a server computer, a request message comprising at least a credential from a client device. The server computer can hash the credential to form an altered value. The server computer can then determine whether or not the altered value matches one of the hashed values stored in the database. If the altered value matches a matched hashed value, the server computer can determine a range of a plurality of ranges. The range can be associated with the matched hashed value. The server computer can then determine a data item associated with the range. The server computer can provide the data item to the client device.”).
Therefore, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to have modified Mathias to incorporate the teachings of Velur to provide wherein the CTI includes a sorted list with a plurality of hashes, and wherein the credential is a first hash from a user device list of hashes that matches a hash of the sorted list with the SYSTEM ACCESS USING A MOBILE DEVICE of Mathias. Doing so allows for a method and system for creating rapid searchable altered data in a database, as recognized by Velur (Col 5, lines 62-63).
Medium claim 20 is rejected for the same reasons as method claim 9 for having similar limitations and being similar in scope.
Conclusion
Any inquiry concerning this communication or earlier communications from the examiner should be directed to JAMES EDWARD MUNION whose telephone number is (571)270-0437. The examiner can normally be reached Monday-Friday 7:30-5:00.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Steven Lim can be reached at 571-270-1210. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. Visit https://www.uspto.gov/patents/apply/patent-center for more information about Patent Center and https://www.uspto.gov/patents/docx for information about filing in DOCX format. For additional questions, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.
/JAMES E MUNION/Examiner, Art Unit 2688 02/21/2026