DETAILED ACTION
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .
This office action is in response to the application filed on 10/15/2024. This application is a continuation (CON) of the patent US 12,149,627.
Claims 1-20 are currently pending in this application.
Information Disclosure Statement
The information disclosure statement (IDS) submitted on 10/15/2024 was filed. The submission is in compliance with the provisions of 37 CFR 1.97. Accordingly, the information disclosure statement is being considered by the examiner.
Claim Rejections - 35 USC § 112
The following is a quotation of 35 U.S.C. 112(b):
(B) CONCLUSION.—The specification shall conclude with one or more claims particularly pointing out and distinctly claiming the subject matter which the inventor or a joint inventor regards as the invention.
Claims 1-20 are rejected under 35 U.S.C. 112(b) as being indefinite for failing to particularly point out and distinctly claim the subject matter which applicant regards as the invention.
Claim 1 (claims 9 and 17 include similar limitations) recites:
“An authentication server, comprising: a memory storing … a processor in communication with the memory, wherein the processor is configured to: receive an encrypted cryptographic key … transmit, to a client application, the encrypted authorization token … grant access to at least one service …”, however, it is not clear (1) whether the encrypted cryptographic key is received from the memory via the communication or not; (2) whether the client application is a part of the authentication server (e.g., stored/installed in the memory) or not; (3) whether the authentication server grants the service of the authentication server or not – it is not clear to define a boundary of the limitations;
“… apply each of the plurality of stored keys to the encrypted cryptographic key until one of the stored keys successfully decrypts …”, however, it is not clear (1) how to apply the stored key to the encrypted key (e.g., replacing key, adding the key) – note: the stored key and the encrypted key are data/information, NOT a program/function for execution; (2) how applying the stored key to the encrypted key perform decryption a process - omitting necessary step(s)/component(s) which cause the limitations unclear;
“… transmit, to a client application … via an out-of-band channel; grant access to at least one service to the client application …”, however, it is not clear (1) whether the out-of-band channel is the communication channel other than the communication channel between the processor and the memory stated before or not; (2) whether the client application is granted to access the service via the out-of-band channel or not – it is not clear to define a boundary of the limitations.
Claims 2-8, 10-16 and 18-20 depend from the claim 1, 9 or 17, and are analyzed and rejected accordingly.
Claims 2, 10 and 18 recite “… a limited duration token”, however, it is not clear how to define “a duration token”.
Claim 8 recites “… wherein upon an unsuccessful decryption of the encrypted cryptographic key, the processor disables communications with a client application”, however, it is not clear (1) how the processing until successfully decryption (see the claim 1) provides “an unsuccessful decryption” (e.g., during the decryption process before the successful decryption, etc.); (2) whether the processor has communications with the client application before the decryption process in order to process “disable” function – it is not clear to define a boundary of the limitations.
Double Patenting
The nonstatutory double patenting rejection is based on a judicially created doctrine grounded in public policy (a policy reflected in the statute) so as to prevent the unjustified or improper timewise extension of the “right to exclude” granted by a patent and to prevent possible harassment by multiple assignees. A nonstatutory double patenting rejection is appropriate where the claims at issue are not identical, but at least one examined application claim is not patentably distinct from the reference claim(s) because the examined application claim is either anticipated by, or would have been obvious over, the reference claim(s). See, e.g., In re Berg, 140 F.3d 1428, 46 USPQ2d 1226 (Fed. Cir. 1998); In re Goodman, 11 F.3d 1046, 29 USPQ2d 2010 (Fed. Cir. 1993); In re Longi, 759 F.2d 887, 225 USPQ 645 (Fed. Cir. 1985); In re Van Ornum, 686 F.2d 937, 214 USPQ 761 (CCPA 1982); In re Vogel, 422 F.2d 438, 164 USPQ 619 (CCPA 1970); and In re Thorington, 418 F.2d 528, 163 USPQ 644 (CCPA 1969).
A timely filed terminal disclaimer in compliance with 37 CFR 1.321(c) or 1.321(d) may be used to overcome an actual or provisional rejection based on a nonstatutory double patenting ground provided the reference application or patent either is shown to be commonly owned with this application, or claims an invention made as a result of activities undertaken within the scope of a joint research agreement. A terminal disclaimer must be signed in compliance with 37 CFR 1.321(b).
The USPTO internet Web site contains terminal disclaimer forms which may be used. Please visit http://www.uspto.gov/forms/. The filing date of the application will determine what form should be used. A web-based eTerminal Disclaimer may be filled out completely online using web-screens. An eTerminal Disclaimer that meets all requirements is auto-processed and approved immediately upon submission. For more information about eTerminal Disclaimers, refer to http://www.uspto.gov/patents/process/file/efs/guidance/eTD-info-I.jsp.
Claims 1-3, 5, 9-11, 14 and 18 of the patent US 11,652,640 B2 contains every element of claims 1-4, 9-12 and 17-20 of the instant application and as such anticipates claims 1-4, 9-12 and 17-20 of the instant application.
A later patent claim is not patentably distinct from an earlier patent claim if the later claim is obvious over, or anticipated by, the earlier claim. In re Longi, 759 F.2d at 896, 225 USPQ at 651 (affirming a holding of obviousness-type double patenting because the claims at issue were obvious over claims in four prior art patents); In re Berg, 140 F.3d at 1437, 46 USPQ2d at 1233 (Fed. Cir. 1998) (affirming a holding of obviousness-type double patenting where a patent application claim to a genus is anticipated by a patent claim to a species within that genus). “ELI LILLY AND COMPANY v BARR LABORATORIES, INC., United States Court of Appeals for the Federal Circuit, ON PETITION FOR REHEARING EN BANC (DECIDED: May 30, 2001).
Current Application No. 18/915419
Reference Patent No.: US 11,652,640 B2
Claim 1: An authentication server, comprising:
a memory storing a plurality of stored keys; and a processor in communication with the memory, wherein the processor is configured to: receive an encrypted cryptographic key;
apply each of the plurality of stored keys to the encrypted cryptographic key until one of the stored keys successfully decrypts the encrypted cryptographic key;
encrypt an authorization token with the decrypted cryptographic key;
transmit, to a client application, the encrypted authorization token via an out-of-band channel; and
grant access to at least one service to the client application based on the client application successfully decrypting the authorization token.
Claim 1: An authentication server, comprising:
a memory storing a plurality of stored keys; and a processor, wherein the processor: receives a first request for a first token, the first request including an encrypted first key,
attempts decryption of the encrypted first key using a first stored key of the plurality of stored keys … until a successful decryption of the encrypted first key,
… encrypt the first token using the decrypted first key,
transmits the encrypted first token, and [see claim 3 for second/out-of-band channel];
authorizes, based on the successful decryption of the encrypted first token, permission (equivalent to granting access) to one or more services.
Claim 2: The authentication server of claim 1, wherein the authorization token comprises a limited duration token.
Claim 5: The authentication server of claim 1, wherein the first token comprises a limited use token.
Claim 3: The authentication server of claim 1, wherein the authorization token comprises a single use token.
Claim 1: An authentication server … the encrypted first token, permission to one (or single use) or more services.
Claim 4: The authentication server of claim 1, wherein the processor receives, a request for the authorization token.
Claim 2: The authentication server of claim 1, wherein the processor receives the first request (see claim 1 for the first request for the first token) via a first channel.
Claims 9-12 and 17-20 have similar limitations with the claims 9-14 and “18 and 3”, 2, 5 of the reference patent US 11,652,640 B2, and they are analyzed and rejected accordingly (see the above table for the matching claim limitations).
Examiner’s Note Regarding Prior-art Rejections
As explained in the 112(b) rejections stated above, the current limitations are in a condition of lack of clarity and/or capability (e.g., omitting necessary component/step) for a prior-art examination. However, a potential concept of the application can be found in:
US 11,133,934 B2 by Abadir et al. (e.g., performing out-of-band user authentication, by a service electronic device associated with a service for a request to initiate a session of the service; generating an authentication token; encrypting the authentication token to generate an encrypted authentication token, and transmitting the encrypted authentication token to the electronic device, etc.);
US 2014/0068244 A1 by Oliver (e.g., enabling a web browser to decrypt and to display encrypted information including attempting to decrypt at least one element using keys, such as key 1, key 2, key 3 until a successful completion, etc.);
US 2017/0289197 A1 by Mandyam et al. (e.g., establishing the secure communication session by a client device sending a request to a server for access token with a public key and preventing the access token from exported by a malicious party to obtain access to services, etc.);
US 6,681,017 B1 by Matias et al. (e.g., encrypting a shared key of a client using a public key of the server and sending the encrypted shared key to the server and the server sending a message to the client after successful decryption of the shared key, etc.);
US 2009/0313705 A1 by Adams et al. (e.g., access restriction after a predetermined limit for decryption attempts exceeded by a user attempting to decrypt a session key with the candidate passphrase, etc.);
US 9,026,782 B2 by Ahuja et al. (e.g., sending an authentication request from a device to a session management server to receive a token, etc.);
US 2017/0346807 A1 by Blasi (e.g., providing technologies for token-based access authorization to an API for a service request message of a remote computing device, etc.).
Conclusion
Any inquiry concerning this communication or earlier communications from the examiner should be directed to MAUNG T LWIN whose telephone number is (571)270-7845. The examiner can normally be reached on Monday - Friday 10:00 am - 6:00 pm.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Farid Homayounmehr can be reached on 571-272-3739. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system. Status information for published applications may be obtained from either Private PAIR or Public PAIR. Status information for unpublished applications is available through Private PAIR only. For more information about the PAIR system, see https://ppair-my.uspto.gov/pair/PrivatePair. Should you have questions on access to the Private PAIR system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative or access to the automated information system, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.
/MAUNG T LWIN/Primary Examiner, Art Unit 2495