Notice of Pre-AIA or AIA Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .
Status of the Application
Claims 1-20 have been examined in this application.
The filling date of this application number recited above is 26-November-2024. Domestic Benefit/National Stage priority has been claimed for Continuation of Prior Applications 18/094,889, 16/703,539, and 62/902,247 in the Application Data Sheet, thus the examination will be undertaken in consideration of 09-January-2023, 04-December-2019, and 18-September-2019, as the priority date, for applicable claims.
The information disclosure statement (IDS) submitted on 24-December-2024, 27-February-2025, 17-March-2025, 20-May-2025, 16-June-2025, 12-September-2025, 06-January-2026, and 27-May-2026 are in compliance with the provisions of 37 CFR 1.97. Accordingly, the IDS are being considered by the examiner.
Claim Rejections - 35 USC § 103
In the event the determination of the status of the application as subject to AIA 35 U.S.C. 102 and 103 (or as subject to pre-AIA 35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status.
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.
The factual inquiries set forth in Graham v. John Deere Co., 383 U.S. 1, 148 USPQ 459 (1966), that are applied for establishing a background for determining obviousness under 35 U.S.C. 103 are summarized as follows:
1. Determining the scope and contents of the prior art.
2. Ascertaining the differences between the prior art and the claims at issue.
3. Resolving the level of ordinary skill in the pertinent art.
4. Considering objective evidence present in the application indicating obviousness or nonobviousness.
Claims 1-3, 5, and 16-18 are rejected under 35 U.S.C. 103 as being unpatentable over Miranda et al. (US 20160364938 A1), in view of RULE et al. (US 20220284178 A1), in view of Mossler et al. (US 10541995 B1), and in view of Kim (KR 20160064061 A) in further view of Park (KR 20200020442 A).
As per Claims 1 and 16, Miranda discloses a method of activating a transaction card ([0025] "The system, indicated as a whole with the reference 10, includes a user terminal 11, such as a smart phone, i.e. a communication apparatus, in particular a wireless communication apparatus, such as a mobile phone, connected to a communication network, having computer capabilities, such as a storage memory and an operative system, and including the capability of loading, storing and executing a software application"), the method comprising:
receiving a uniform resource locator (URL) stored on the transaction card from a first contactless communication between the transaction card and a customer device ([0025] “The payment card 13 contains applications in its storage portion such as payment applications and, in addition, it is provided with a NDEF TAG application which emulates a NFC Tag 13b. Accordingly, an NFC capable device such as the user terminal 11 can read the content of the NFC Tag 13b by tapping the user terminal 11 device on the payment card 13” and [0034] "After having received the payment card SC, the customer U, at step 160 taps the card on the user terminal 11, i.e. the NFC enabled smartphone, to read the content of the NDEF Tag 13b. The NDEF TAG application associated with the NDEF Tag 13b is customized with a specific activation URL (Uniform Resource Locator) string US");
providing, based on the first contactless communication, a website associated with the URL for display (see Figure 2 - step 160, wherein [0035] “Such activation URL US, stored at step 140 as data variables handled by the NDEF TAG application combines a bank server URL UB (e.g. www.bankname.com/activation/) UB and the unique number UN associated to the payment card SC. The resulting URL, as an example, could be: www.bankname.com/activation/2A8E23C7D6492376872034DEF62A1 2FF, i.e. UB/UN”), ... and wherein the website is configured to receive an input to register the customer device with the transaction card in a user profile; ([0044] "At step 220, the customer receives the message ASM with the activation code AS and fills the activation field I with it, submitting the page AP (for instance through the confirmation button CB shown in FIG. 3) and the code, as submitted activation code SS, before reaching the expiration time ET" see Figure 2 - step 220)
…
in response to authenticating the customer device, providing a graphical user interface (GUI) to the customer device, … (See Figure 3 – steps 180 and 185 as disclosed [0036] “The bank server 14 at step 180 verifies the unique number UN, in particular checking if the unique number exists and if it is associated to a payment card SC never activated before … for instance the card's activation status AF and history AH, i.e. if it is a card which awaits the first activation or not” and [0037] “If the unique number UN is not positively verified, the bank remote server 14 gives access to a warning/error web page 185”).
Although Miranda teaches of receiving authentication information from the first short-range wireless communications to populate on the first GUI for card activation, the prior art does not seem to explicitly disclose of the website with automatically populated customer identity information. However, RULE discloses:
providing, based on the first contactless communication, a website associated with the URL for display, wherein the website comprises a field automatically populated with customer identity information as part of activation of the transaction card, and wherein the website is configured to receive an input to register the customer device with the transaction card in a user profile ([0023] “The operations discussed herein solve these and other problems by enabling a user to perform one operation, e.g., tapping a contactless card on or near a device, to authenticate the user and populate the secure information in a webpage or mobile application” or see also [0030] “In embodiments, the computing device 102 may receive information and data from the contactless card 106 via one or more short-range communication exchanges with the card … If the user is authenticated, the operations may determine the data and cause the data to automatically populate. For example, the computing device 102 may provide additional information relating to the one or more fields, e.g., an identifier of the webpage or mobile application, and identifiers of fields, to the banking system 104. The banking system 104 may utilize the additional information to determine the sensitive data to populate in the webpage or mobile application. The determined data may be provided back to the computing device 102 and populated into the corresponding fields”);
It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to utilize the card tap to automatically populate authentication information in a webpage as in RULE in the system executing the method of Miranda, with the motivation of offering to improve security and accuracy for data input as taught by RULE over that of Miranda.
Although Miranda teaches of activating a contactless card via NFC using a URL, the prior art does not seem to explicitly disclose of registering the customer device with the transaction card through the website. However, Mossler teaches of receiving a prompt to bind the device with the card, as disclosed:
providing, based on the first contactless communication, a website associated with the URL for display, wherein the website comprises a field automatically populated with customer identity information as part of activation of the transaction card, and wherein the website is configured to receive an input to register the customer device with the transaction card in a user profile ([Col 5 Lines 24-40] “According to one aspect, binding the contactless card to the client includes associating the card with digital credentials and/or client devices. Associating the card with the digital credentials of the client may occur as part of an initial registration of the client with the service provider (i.e., a first access of an application service by the client) … In one embodiment at least one client device includes an interface for communicating with the contactless card. Once the contactless card is bound to a client device having a contactless card interface, a contactless card cryptogram exchange executed at a known client device may be used to authenticate client accesses to registered application services at any web coupled device. For example, a contactless card/mobile device cryptogram exchange may be used to authenticate a service provider access request by a client on the mobile device or at a different web-based device );
It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to utilize the method of binding the device information with the registered card for password-less logins as in Mossler in the system executing the method of Miranda, wherein Miranda already teaches of initiating activation of the transaction card through NFC communications and URL, with the motivation of offering to improve password-less authentication protocol as taught by Mossler over that of Miranda.
Miranda teaches a short range contactless communication after activation of the contactless card, as disclosed above, but does not seem to explicitly disclose that the second short range communication provides a different webpage from the same URL used by the card. However, Kim teaches the use of a secure URL-NFC payment card to provide additional services to the user using the same URL used by an activated card, specifically teaching in response to activating the contactless card and based on a second short range wireless communication between the mobile device and the contactless card, as disclosed:
receiving information associated with the transaction card from a second contactless communication between the transaction card and the customer device ([Page 4 Line 1] “The smart device 200 receives the URL from the URL-NFC payment card by NFC communication” and also [Page 3 Lines 16-17] “providing a URL to a smart device through a URL-NFC payment card in NFC communication”); and
authenticating the customer device based on verifying the information associated with the transaction card from the second contactless communication is associated with an account associated with the transaction card and that the customer device is a registered device within the user profile; and in response to authenticating the customer device, providing a graphical user interface (GUI) to the customer device, the GUI including one of a credential reset GUI, a login GUI, or an account dashboard GUI (See Figure 4, as disclosed [Page 5 Lines 45-49] “If the authentication information registered in the server 300 is identical to the authentication information registered in the server 300, a page for selecting main page movement reception or receipt of pending reservation pseudo information (S408) is transmitted to the smart device (S408). In step S408, when the payment plan information is received, the payment schedule information is provided to the payment server in step S411, while the page S412 for selecting the main page movement reception or termination is transmitted to the smart device 200, The main page is provided to the smart device (S409) so that the user can use the login main page (S410). If main page movement reception is selected in step S412, the main page is provided to the smart device (S409) so that the user can use the login main page”).
It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to utilize the URL-NFC payment card with the stored information from the supplementary server 300 to provide the login website as in Kim in the system executing the method of Miranda, by which the systems in Miranda teaches of the second short range contactless communication after activation of the contactless card as disclosed by Figure 3 and [0036-0037], with the motivation of offering to [Page 2 under Description] allow the merchant to save the cost of providing encryption/decryption system, and allow the customer with ease and time saving navigations of accessing card company webpages as taught by Kim over that of Miranda.
Although Kim discloses of using the NFC communications between the device and the card to access an account from the online login portal, which includes authenticating information that is already stored in the server as disclosed [Page 3 Lines 38-40] “When the authentication information of the URL-NFC payment card 100 transmitted by the user via the smart device 200 matches the information registered in the supplementary server 300, the additional server 300 is logged in”, the prior art does not seem to explicitly disclose of authenticating an account associated with the transaction card and that the customer device is a registered device within the user profile. However, Park teaches:
authenticating the customer device based on verifying the information associated with the transaction card from the second contactless communication is associated with an account associated with the transaction card and that the customer device is a registered device within the user profile ([Page 3 Lines 4-7] “In response to the URL, the Internet site is provided to the smart device by the URL-NFC payment card unit, the authentication information is confirmed, the login is accepted by the URL-NFC payment card unit, the main page information is provided to the smart device” wherein the information identifying the registered device is authenticated, as disclosed [Page 7 Lines 23-29] “The user identification information (or affiliated store identification information) is checked, and the mobile phone number and password registered in advance corresponding to the identified user identification information (or affiliated store identification information) are read from the database 130, and the corresponding confirmation. The mobile phone number and the password and the read mobile phone number and the password correspond to each other, and the confirmed user terminal 110 (or, the merchant terminal 140) is justified”).
It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to utilize the authentication of user identification information, such as phone number, using the stored data (i.e. registered device) for the account log-in process as in Park in the system executing the method of Kim, by which the systems in Miranda teaches of authenticating information associated with the NFC login process, with the motivation of offering to [Pages 2-3 under Background] improve security and reduce fraud transactions from theft and hacking as taught by Park over that of Kim.
As per Claims 2 and 17, Miranda teaches the method of claim 1, and the system of claim 16, wherein the first contactless communication is a near field communication tap ([0025] “The payment card 13 contains applications in its storage portion such as payment applications and, in addition, it is provided with a NDEF TAG application which emulates a NFC Tag 13b. Accordingly, an NFC capable device such as the user terminal 11 can read the content of the NFC Tag 13b by tapping the user terminal 11 device on the payment card 13”).
As per Claims 3 and 18, Miranda teaches the method of claim 1, and the system of claim 16, wherein the URL is a customer specific URL unique to the transaction card (Claim 18) that is received via a passive near field communication tag ([0034] "After having received the payment card SC, the customer U, at step 160 taps the card on the user terminal 11, i.e. the NFC enabled smartphone, to read the content of the NDEF Tag 13b. The NDEF TAG application associated with the NDEF Tag 13b is customized with a specific activation URL (Uniform Resource Locator) string US").
As per Claim 5, Miranda teaches the method of claim 1, wherein the URL is associated with a general web site accessible by other users including an applicant associated with the customer device [0035] “Such activation URL US, stored at step 140 as data variables handled by the NDEF TAG application combines a bank server URL UB (e.g. www.bankname.com/activation/) UB and the unique number UN associated to the payment card SC. The resulting URL, as an example, could be: www.bankname.com/activation/2A8E23C7D6492376872034DEF62A1 2FF, i.e. UB/UN” discloses the generate web site URL (e.g. www.bankname.com) with appended data field specific to the user (e.g. 2A8E23C7D6492376872034DEF62A1 2FF, which is the UB/UN of the user from the example).
Claims 4, 6-10, and 19-20 are rejected under 35 U.S.C. 103 as being unpatentable over Miranda, in view of RULE, in view of Mossler, in view of Kim in further view of Park, and in view of Rule et al. (US 10769299 B2) hereinafter Rule-2.
As per Claims 4 and 19, Miranda may not explicitly disclose, but Rule-2 teaches the method of claim 3, and the system of claim 16, wherein the customer specific URL is only useable for a predetermined number of uses ([Col 8 Lines 56-59] “In addition, the information request may be the only time this particular URL is used, and subsequent requests may generate different URLs. This may be true even if the same information is requested multiple times” and see also Claim 1 “wherein the applet generates a unique one-time uniform resource locator (URL)”).
It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to utilize one-time URL as in Rule-2 in the system executing the method of Miranda, by which the systems in Miranda teaches of utilizing the URL for card activation, with the motivation of offering to [Col 1 Lines 12-39] improve data security and protect financial or other sensitive data by “safeguarding sensitive data while ensuring ready access by authorized users”, and also [Col 8 Lines 60-63] “increase security for the information request and may reduce the likelihood that an unauthorized user successfully requests data access” by using disposable URL as taught by Rule-2 over that of Miranda.
As per Claim 6, Miranda may not explicitly disclose, but Rule-2 teaches the method of claim 1, further comprising prompting for additional authentication information from an applicant associated with the customer device before activating the transaction card (See Figure 3 – step 325 wherein the smart card communicates the URL with the communication device, and in Figure 3 – steps 340 to 360 determining further authentication, as disclosed [Col 9 Lines 45-55] “Upon receipt of the unique URL, in step 340 the server determines whether the information requested is sufficiently sensitive to require additional authentication … Alternatively, if the server determines that additional information is needed, the “YES” choice is made in step 345 and the communication device prompts the user to provide additional authentication in step 360”).
It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to utilize additional authentication as in Rule-2 in the system executing the method of Miranda, by which the systems in Miranda teaches of utilizing the URL for card activation, with the motivation of offering to [Col 1 Lines 12-39] improve data security and protect financial or other sensitive data by “safeguarding sensitive data while ensuring ready access by authorized users”, and also [Col 8 Lines 60-63] “increase security for the information request and may reduce the likelihood that an unauthorized user successfully requests data access” by using disposable URL as taught by Rule-2 over that of Miranda.
As per Claim 7, Miranda may not explicitly disclose, but Rule-2 teaches the method of claim 6, further comprising:
receiving the additional authentication information from the applicant in response to the prompt (See Figure 3 – step 365, as disclosed [Col 9 Lines 58-62] “If sufficient authentication is provided, the “YES” choice is made at step 365, the server transmits the requested information to the communication device (step 375) for display to the user (step 380)” and see also Figure 4B showing exemplary user interfaces for additional authentication inputs); and
verifying the additional authentication information from the applicant to identify the applicant (See Figure 4B, as disclosed [Col 10 Lines 28-30] “The authentication information submitted through these interfaces may be transmitted to the server for verification”).
It would have been obvious to one of ordinary skill in the before the effective filing date of the claimed invention to utilize additional authentication as in Rule-2 in the system executing the method of Miranda, by which the systems in Miranda teaches of utilizing the URL for card activation, with the motivation of offering to [Col 1 Lines 12-39] improve data security and protect financial or other sensitive data by “safeguarding sensitive data while ensuring ready access by authorized users”, and also [Col 8 Lines 60-63] “increase security for the information request and may reduce the likelihood that an unauthorized user successfully requests data access” by using disposable URL as taught by Rule-2 over that of Miranda.
As per Claim 8, Miranda may not explicitly disclose, but Rule-2 teaches the method of claim 1, further comprising:
receiving additional authentication information including a mobile identification number (MIN) of the customer device ([Col 7 Lines 25-33] “In an embodiment, the server 204 may also receive and interpret identification information for the devices 202, 203. For example, the portable communication device 202 may append information identifying itself or its user to the unique URL. Upon receipt of this information, the server 204 may compare the device identifying information to records for the smart card 201 or the account or user associated with the smart card 201 (which may be identified by the customer identifier)” and see also [Col 8 Lines 61-67 to Col 8 Lines 1-3] “For example, the portable communication device 202 may be a smart phone, and information identifying the smart phone user or the smart phone device (e.g., via telephone number, SIM card, or other means) may be appended to the unique URL sent to the server 204. If the user identification or the device identification provided by the portable communication device 202 match the smart card user or smart card account information, the server 204 may transmit information responsive to the unique URL to the portable communication device 202”); and
storing, in a database, the MIN of the customer device (As discussed in [Col 7 Lines 25-33] and [Col 8 Lines 61-67 to Col 8 Lines 1-3], the received device identifying information is compared to the stored information, which is obvious that the information must be stored in the database in order to compare or match the received data to stored records).
It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to utilize additional authentication including device identifying information as in Rule-2 in the system executing the method of Miranda, by which the systems in Miranda teaches of utilizing the URL for card activation, with the motivation of offering to [Col 1 Lines 12-39] improve data security and protect financial or other sensitive data by “safeguarding sensitive data while ensuring ready access by authorized users”, and also [Col 8 Lines 60-63] “increase security for the information request and may reduce the likelihood that an unauthorized user successfully requests data access” by using disposable URL as taught by Rule-2 over that of Miranda.
As per Claim 9, Miranda may not explicitly disclose, but Rule-2 teaches the method of claim 1, wherein the URL is valid for less than three uses ([Col 8 Lines 56-59] “In addition, the information request may be the only time this particular URL is used, and subsequent requests may generate different URLs. This may be true even if the same information is requested multiple times” and see also Claim 1 “wherein the applet generates a unique one-time uniform resource locator (URL)”).
It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to utilize one-time URL as in Rule-2 in the system executing the method of Miranda, by which the systems in Miranda teaches of utilizing the URL for card activation, with the motivation of offering to [Col 1 Lines 12-39] improve data security and protect financial or other sensitive data by “safeguarding sensitive data while ensuring ready access by authorized users”, and also [Col 8 Lines 60-63] “increase security for the information request and may reduce the likelihood that an unauthorized user successfully requests data access” by using disposable URL as taught by Rule-2 over that of Miranda.
As per Claim 10, Miranda may not explicitly disclose, but Rule-2 teaches the method of claim 9, wherein the URL is stored in the transaction card in a separate location from a payment application of the transaction card (See Figure 1A – Contactless Card 101 with separate locations for Applet 103 and URL 106).
It would have been obvious to one of ordinary skill in the art at the time of the invention to utilize separate location to store the URL as in Rule-2 in the system executing the method of Miranda, by which the systems in Miranda teaches of utilizing the URL for card activation, with the motivation of offering to [Col 1 Lines 12-39] improve data security and protect financial or other sensitive data by “safeguarding sensitive data while ensuring ready access by authorized users”, and also [Col 8 Lines 60-63] “increase security for the information request and may reduce the likelihood that an unauthorized user successfully requests data access” by using disposable URL as taught by Rule-2 over that of Miranda.
As per claim 20, Miranda may not explicitly disclose, but Rule-2 teaches the system of claim 16, wherein the operations further comprise receiving location data regarding the customer device as part of an authentication process prior to activating the transaction card ([Col 6 Lines 66-67 to Col 7 Lines 1-8] “In addition, given its stationary nature, the fixed communication device 203 may possess information specific to its location. For example, if the fixed communication device 203 is placed at an electronics store, information identifying the store and its characteristics may be appended to the unique URL. In an embodiment, this information and location information may be transmitted to the server 204 through the unique URL …”).
It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to utilize location data of the user as in Rule-2 in the system executing the method of Miranda, by which the systems in Miranda teaches of utilizing the URL and received information for card activation, with the motivation of offering to [Col 1 Lines 12-39] improve data security and protect financial or other sensitive data by “safeguarding sensitive data while ensuring ready access by authorized users” as taught by Rule-2 over that of Miranda.
Claims 11-13 are rejected under 35 U.S.C. 103 as being unpatentable over Miranda, in view of Rule et al. (US 10636241 B1) hereinafter Rule-3, in view of RULE, in view of Mossler, and in view of Kim in further view of Park.
As per Claim 11, Miranda teaches a method of activating a transaction card ([0025] "The system, indicated as a whole with the reference 10, includes a user terminal 11, such as a smart phone, i.e. a communication apparatus, in particular a wireless communication apparatus, such as a mobile phone, connected to a communication network, having computer capabilities, such as a storage memory and an operative system, and including the capability of loading, storing and executing a software application"), the method comprising:
receiving, by a mobile device and via a first contactless communication, information embedded on the transaction card comprising a uniform resource locator (URL) … ([0025] “The payment card 13 contains applications in its storage portion such as payment applications and, in addition, it is provided with a NDEF TAG application which emulates a NFC Tag 13b. Accordingly, an NFC capable device such as the user terminal 11 can read the content of the NFC Tag 13b by tapping the user terminal 11 device on the payment card 13” and [0034] "After having received the payment card SC, the customer U, at step 160 taps the card on the user terminal 11, i.e. the NFC enabled smartphone, to read the content of the NDEF Tag 13b. The NDEF TAG application associated with the NDEF Tag 13b is customized with a specific activation URL (Uniform Resource Locator) string US");
displaying, by the mobile device and based on the first contactless communication, a website associated with the URL (see Figure 2 - step 160, wherein [0035] “Such activation URL US, stored at step 140 as data variables handled by the NDEF TAG application combines a bank server URL UB (e.g. www.bankname.com/activation/) UB and the unique number UN associated to the payment card SC. The resulting URL, as an example, could be: www.bankname.com/activation/2A8E23C7D6492376872034DEF62A1 2FF, i.e. UB/UN”), ... and wherein the website is configured to receive an input to register the customer device with the transaction card in a user profile; ([0044] "At step 220, the customer receives the message ASM with the activation code AS and fills the activation field I with it, submitting the page AP (for instance through the confirmation button CB shown in FIG. 3) and the code, as submitted activation code SS, before reaching the expiration time ET" see Figure 2 - step 220);
…
in response to receiving the indication of the authentication of the mobile device, displaying, by the mobile device, a graphical user interface (GUI) … (See Figure 3 – steps 180 and 185 as disclosed [0036] “The bank server 14 at step 180 verifies the unique number UN, in particular checking if the unique number exists and if it is associated to a payment card SC never activated before … for instance the card's activation status AF and history AH, i.e. if it is a card which awaits the first activation or not” and [0037] “If the unique number UN is not positively verified, the bank remote server 14 gives access to a warning/error web page 185”).
Although Miranda teaches of receiving information including a URL from the first contactless communication between a device and a card for card activation, the prior art reference does not seem to explicitly disclose of receiving an encrypted key. However, Rule-3 discloses:
receiving, by a mobile device and via a first contactless communication, information embedded on the transaction card comprising a uniform resource locator (URL) and an encrypted key ([Col 2 Lines 21-28] “For example, a user may receive a new contactless card and tap the contactless card to a smartphone. Responsive to the tap, the smartphone may open a card activation page of an account management application, which allows the user to active the card. The smartphone may open the card activation page based on a uniform resource locator (URL) specified as action data in the memory of the contactless card” with respect to the encrypted key, see [Col 13 Lines 25-32] “The contactless card 101 may then encrypt the data (e.g., the customer identifier 507 and any other data) using the diversified key 506. The contactless card 101 may then transmit the encrypted data to the account application 113 of the mobile device 110 (e.g., via an NFC connection, Bluetooth connection, etc.). The account application 113 of the mobile device 110 may then transmit the encrypted data to the server via a network (e.g., the Internet)”);
It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to utilize the encrypted data included in the NFC communication between the card and the device as in Rule-3 in the system executing the method of Miranda, with the motivation of offering to improve security and reduce fraud by transmitting encrypted data, and also [Col 17 Lines 52-67] improving efficiency and data security while avoiding the transmission of unnecessary data as taught by Rule-3 over that of Miranda.
Although Miranda teaches of receiving authentication information from the first short-range wireless communications to populate on the first GUI for card activation, the prior art does not seem to explicitly disclose of the website with automatically populated customer identity information. However, RULE discloses:
displaying, by the mobile device and based on the first contactless communication, a website associated with the URL, wherein the website comprises a field automatically populated with customer identity information as part of activation of the transaction card, and wherein the website is configured to receive an input to register the mobile device with the transaction card in a user profile ([0023] “The operations discussed herein solve these and other problems by enabling a user to perform one operation, e.g., tapping a contactless card on or near a device, to authenticate the user and populate the secure information in a webpage or mobile application” or see also [0030] “In embodiments, the computing device 102 may receive information and data from the contactless card 106 via one or more short-range communication exchanges with the card … If the user is authenticated, the operations may determine the data and cause the data to automatically populate. For example, the computing device 102 may provide additional information relating to the one or more fields, e.g., an identifier of the webpage or mobile application, and identifiers of fields, to the banking system 104. The banking system 104 may utilize the additional information to determine the sensitive data to populate in the webpage or mobile application. The determined data may be provided back to the computing device 102 and populated into the corresponding fields”);
It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to utilize the card tap to automatically populate authentication information in a webpage as in RULE in the system executing the method of Miranda, with the motivation of offering to improve security and accuracy for data input as taught by RULE over that of Miranda.
Although Miranda teaches of activating a contactless card via NFC using a URL, the prior art does not seem to explicitly disclose of registering the customer device with the transaction card through the website. However, Mossler teaches of receiving a prompt to bind the device with the card, as disclosed:
displaying, by the mobile device and based on the first contactless communication, a website associated with the URL, wherein the website comprises a field automatically populated with customer identity information as part of activation of the transaction card, and wherein the website is configured to receive an input to register the mobile device with the transaction card in a user profile ([Col 5 Lines 24-40] “According to one aspect, binding the contactless card to the client includes associating the card with digital credentials and/or client devices. Associating the card with the digital credentials of the client may occur as part of an initial registration of the client with the service provider (i.e., a first access of an application service by the client) … In one embodiment at least one client device includes an interface for communicating with the contactless card. Once the contactless card is bound to a client device having a contactless card interface, a contactless card cryptogram exchange executed at a known client device may be used to authenticate client accesses to registered application services at any web coupled device. For example, a contactless card/mobile device cryptogram exchange may be used to authenticate a service provider access request by a client on the mobile device or at a different web-based device );
It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to utilize the method of binding the device information with the registered card for password-less logins as in Mossler in the system executing the method of Miranda, wherein Miranda already teaches of initiating activation of the transaction card through NFC communications and URL, with the motivation of offering to improve password-less authentication protocol as taught by Mossler over that of Miranda.
Miranda teaches a short range contactless communication after activation of the contactless card, as disclosed above, but does not seem to explicitly disclose that the second short range communication provides a different webpage from the same URL used by the card. However, Kim teaches the use of a secure URL-NFC payment card to provide additional services to the user using the same URL used by an activated card, specifically teaching in response to activating the contactless card and based on a second short range wireless communication between the mobile device and the contactless card, as disclosed:
receiving, by the mobile device and via a second contactless communication, information embedded on the transaction card ([Page 4 Line 1] “The smart device 200 receives the URL from the URL-NFC payment card by NFC communication” and also [Page 3 Lines 16-17] “providing a URL to a smart device through a URL-NFC payment card in NFC communication”);
receiving, by the mobile device, an indication of an authentication of the mobile device based on a verification that the information embedded on the transaction card is associated with an account associated with the transaction card and that the mobile device is a registered device associated with the transaction card within the user profile; and in response to receiving the indication of the authentication of the mobile device, displaying, by the mobile device, a graphical user interface (GUI) including one of a credential reset GUI, a login GUI, or an account dashboard GUI (See Figure 4, as disclosed [Page 5 Lines 45-49] “If the authentication information registered in the server 300 is identical to the authentication information registered in the server 300, a page for selecting main page movement reception or receipt of pending reservation pseudo information (S408) is transmitted to the smart device (S408). In step S408, when the payment plan information is received, the payment schedule information is provided to the payment server in step S411, while the page S412 for selecting the main page movement reception or termination is transmitted to the smart device 200, The main page is provided to the smart device (S409) so that the user can use the login main page (S410). If main page movement reception is selected in step S412, the main page is provided to the smart device (S409) so that the user can use the login main page”).
It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to utilize the URL-NFC payment card with the stored information from the supplementary server 300 to provide the login website as in Kim in the system executing the method of Miranda, by which the systems in Miranda teaches of the second short range contactless communication after activation of the contactless card as disclosed by Figure 3 and [0036-0037], with the motivation of offering to [Page 2 under Description] allow the merchant to save the cost of providing encryption/decryption system, and allow the customer with ease and time saving navigations of accessing card company webpages as taught by Kim over that of Miranda.
Although Kim discloses of using the NFC communications between the device and the card to access an account from the online login portal, which includes authenticating information that is already stored in the server as disclosed [Page 3 Lines 38-40] “When the authentication information of the URL-NFC payment card 100 transmitted by the user via the smart device 200 matches the information registered in the supplementary server 300, the additional server 300 is logged in”, the prior art does not seem to explicitly disclose of authenticating an account associated with the transaction card and that the customer device is a registered device within the user profile. However, Park teaches:
receiving, by the mobile device, an indication of an authentication of the mobile device based on a verification that the information embedded on the transaction card is associated with an account associated with the transaction card and that the mobile device is a registered device associated with the transaction card within the user profile ([Page 3 Lines 4-7] “In response to the URL, the Internet site is provided to the smart device by the URL-NFC payment card unit, the authentication information is confirmed, the login is accepted by the URL-NFC payment card unit, the main page information is provided to the smart device” wherein the information identifying the registered device is authenticated, as disclosed [Page 7 Lines 23-29] “The user identification information (or affiliated store identification information) is checked, and the mobile phone number and password registered in advance corresponding to the identified user identification information (or affiliated store identification information) are read from the database 130, and the corresponding confirmation. The mobile phone number and the password and the read mobile phone number and the password correspond to each other, and the confirmed user terminal 110 (or, the merchant terminal 140) is justified”).
It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to utilize the authentication of user identification information, such as phone number, using the stored data (i.e. registered device) for the account log-in process as in Park in the system executing the method of Kim, by which the systems in Miranda teaches of authenticating information associated with the NFC login process, with the motivation of offering to [Pages 2-3 under Background] improve security and reduce fraud transactions from theft and hacking as taught by Park over that of Kim.
As per Claim 12, Miranda teaches the method of claim 11, wherein responding to the information comprises: launching, by the mobile device, a browser application; and automatically navigating, by the mobile device and via the browser application, to the website associated with the URL ([0035] "The user terminal 11, after the tapping step 160, launches at step 170 a navigation application, such as an Internet browser, with the activation URL US read from the payment card SC" see Figure 2 - step 170 and step 190).
As per Claim 13, Miranda teaches the method of claim 11, further comprising:
transmitting, by the mobile device and to a card issuer computing system, information from the first contactless communication or the second contactless communication as part of an authentication of at least one of the transaction card or a user of the mobile device (See Figure 2 – steps 220 and 230, as disclosed [0044] "At step 220, the customer receives the message ASM with the activation code AS and fills the activation field I with it, submitting the page AP (for instance through the confirmation button CB shown in FIG. 3) and the code, as submitted activation code SS, before reaching the expiration time ET" wherein [0045] "The bank server 14, at step 230, checks that the submitted activation code SS is valid").
Claim 14 is rejected under 35 U.S.C. 103 as being unpatentable over Miranda, in view of Rule-3, in view of RULE, in view of Mossler, in view of Kim in further view of Park, and in view of O'HARA et al. (US 20180285868 A1).
As per Claim 14, Miranda may not explicitly disclose, but O’Hara teaches the method of claim 11, further comprising: receiving, by the mobile device, authentication information of a user associated with the transaction card, the authentication information comprising at least one of a PIN or a biometric of the user ([0022] "In an embodiment of the authenticating method, the step of inputting authenticating data in the personal computing device may comprise … capturing cardholder biometric data through the optical capturing means of the device").
It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to utilize biometric information as in O’Hara in the system executing the method of Miranda with the motivation of offering to [0009] "mitigate the ergonomic deficiencies and other grounds of user unfriendliness inherent to the prior art techniques" as taught by O’Hara over that of Miranda.
Claim 15 is rejected under 35 U.S.C. 103 as being unpatentable over Miranda, in view of Rule-3, in view of RULE, in view of Mossler, in view of Kim in further view of Park, and in view of Rule-2.
As per Claim 15, Miranda may not explicitly disclose, but Rule-2 teaches the method of claim 11, wherein the URL is valid for only a predetermined number of uses ([Col 8 Lines 56-59] “In addition, the information request may be the only time this particular URL is used, and subsequent requests may generate different URLs. This may be true even if the same information is requested multiple times” and see also Claim 1 “wherein the applet generates a unique one-time uniform resource locator (URL)”).
It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to utilize one-time URL as in Rule-2 in the system executing the method of Miranda, by which the systems in Miranda teaches of utilizing the URL for card activation, with the motivation of offering to [Col 1 Lines 12-39] improve data security and protect financial or other sensitive data by “safeguarding sensitive data while ensuring ready access by authorized users”, and also [Col 8 Lines 60-63] “increase security for the information request and may reduce the likelihood that an unauthorized user successfully requests data access” by using disposable URL as taught by Rule-2 over that of Miranda.
Double Patenting
The nonstatutory double patenting rejection is based on a judicially created doctrine grounded in public policy (a policy reflected in the statute) so as to prevent the unjustified or improper timewise extension of the “right to exclude” granted by a patent and to prevent possible harassment by multiple assignees. A nonstatutory double patenting rejection is appropriate where the conflicting claims are not identical, but at least one examined application claim is not patentably distinct from the reference claim(s) because the examined application claim is either anticipated by, or would have been obvious over, the reference claim(s). See, e.g., In re Berg, 140 F.3d 1428, 46 USPQ2d 1226 (Fed. Cir. 1998); In re Goodman, 11 F.3d 1046, 29 USPQ2d 2010 (Fed. Cir. 1993); In re Longi, 759 F.2d 887, 225 USPQ 645 (Fed. Cir. 1985); In re Van Ornum, 686 F.2d 937, 214 USPQ 761 (CCPA 1982); In re Vogel, 422 F.2d 438, 164 USPQ 619 (CCPA 1970); In re Thorington, 418 F.2d 528, 163 USPQ 644 (CCPA 1969).
A timely filed terminal disclaimer in compliance with 37 CFR 1.321(c) or 1.321(d) may be used to overcome an actual or provisional rejection based on nonstatutory double patenting provided the reference application or patent either is shown to be commonly owned with the examined application, or claims an invention made as a result of activities undertaken within the scope of a joint research agreement. See MPEP § 717.02 for applications subject to examination under the first inventor to file provisions of the AIA as explained in MPEP § 2159. See MPEP § 2146 et seq. for applications not subject to examination under the first inventor to file provisions of the AIA . A terminal disclaimer must be signed in compliance with 37 CFR 1.321(b).
The filing of a terminal disclaimer by itself is not a complete reply to a nonstatutory double patenting (NSDP) rejection. A complete reply requires that the terminal disclaimer be accompanied by a reply requesting reconsideration of the prior Office action. Even where the NSDP rejection is provisional the reply must be complete. See MPEP § 804, subsection I.B.1. For a reply to a non-final Office action, see 37 CFR 1.111(a). For a reply to final Office action, see 37 CFR 1.113(c). A request for reconsideration while not provided for in 37 CFR 1.113(c) may be filed after final for consideration. See MPEP §§ 706.07(e) and 714.13.
The USPTO Internet website contains terminal disclaimer forms which may be used. Please visit www.uspto.gov/patent/patents-forms. The actual filing date of the application in which the form is filed determines what form (e.g., PTO/SB/25, PTO/SB/26, PTO/AIA /25, or PTO/AIA /26) should be used. A web-based eTerminal Disclaimer may be filled out completely online using web-screens. An eTerminal Disclaimer that meets all requirements is auto-processed and approved immediately upon submission. For more information about eTerminal Disclaimers, refer to www.uspto.gov/patents/apply/applying-online/eterminal-disclaimer.
Claims 1-20 are rejected on the ground of nonstatutory double patenting as being unpatentable over claims 1-18 of U.S. Patent No. 11694188 (Application Number 16/986,111). Although the claims at issue are not identical, they are not patentably distinct from each other because they are both directed towards contactless communications between a card and a device for card activation and registration, wherein the registered device information is used to automatically grant access to the account for the login portal. While the claim limitations are not exactly the same, the present claims are broader and fully encompass the claims of the parent application.
Claims 1-20 are rejected on the ground of nonstatutory double patenting as being unpatentable over claims 1-20 of U.S. Patent No. US 11551200 B1 (Application Number 16/703,539). Although the claims at issue are not identical, they are not patentably distinct from each other because the claims from the both applications are related to performing contactless communications between a card and a mobile device to reset the credentials associated with an account of the card.
Claims 1-20 are rejected on the ground of nonstatutory double patenting as being unpatentable over claims 1-20 of U.S. Patent No. 11694188 (Application Number 16/986,111). Although the claims at issue are not identical, they are not patentably distinct from each other because they are both directed towards contactless communications between a card and a device for card activation and registration, wherein the registered device information is used to automatically grant access to the account for the login portal. While the claim limitations are not exactly the same, the present claims are broader and fully encompass the claims of the parent application.
Claims 1-20 are provisionally rejected on the ground of nonstatutory double patenting as being unpatentable over claims 1-20 of copending Application No. 18/142,552. Although the claims at issue are not identical, they are not patentably distinct from each other because they are both directed towards contactless communications between a card and a device for accessing a URL by authenticating transmitted information, while the second communication grants access to an online login portal. While the claim limitations are not exactly the same, the present claims are broader and fully encompass the claims of the parent application. This is a provisional nonstatutory double patenting rejection because the patentably indistinct claims have not in fact been patented.
Conclusion
The prior art made of record and not relied upon is considered pertinent to applicant's disclosure:
Singh et al. (US 20210385224 A1) discloses [0006] “In some embodiments, the user may utilize the authentication factors accessible to the first device to avoid the direct/manual entry of authentication data in the second device. Authentication data (e.g., information derived from key authentication material, or even information about an existing authenticated session) may be exchanged, accessed, transferred and/or transmitted between the devices to provide, populate, and/or fill-in authentication information (e.g., forms fields, cookies, and/or other authentication data) in a device and/or resource. Prior to providing access to the authentication information to a second device, user consent may be obtained via a request for approval at the first or the second device. The user consent and/or approval may comprise an approval via a personal identification number, a passcode, a fingerprint, a retinal pattern, a signature, a badge tap, an ID card, a face image, a quick response (QR) code scan, a device unlock mechanism, a voice signal, a user interface selection, a push notification, a text message, information extracted from biometric markers, proximity to the device, and/or other approval mechanisms”;
Any inquiry concerning this communication or earlier communications from the examiner should be directed to HENRY H JUNG whose telephone number is (571)270-5018. The examiner can normally be reached Mon - Fri 9:30 - 5:30.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Christine M Tran (Behncke) can be reached at (571) 272-8103. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. Visit https://www.uspto.gov/patents/apply/patent-center for more information about Patent Center and https://www.uspto.gov/patents/docx for information about filing in DOCX format. For additional questions, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.
/HENRY H JUNG/Examiner, Art Unit 3695
/CHRISTINE M Tran/Supervisory Patent Examiner, Art Unit 3695