DETAILED ACTION
Notice of Pre-AIA or AIA Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .
This Office Action is responsive to application 19/046,150 that the Applicant filed on February 5, 2025 and presented 20 claims. Original claims 1-20 remain pending in the application.
Double Patenting
The nonstatutory double patenting rejection is based on a judicially created doctrine grounded in public policy (a policy reflected in the statute) so as to prevent the unjustified or improper timewise extension of the “right to exclude” granted by a patent and to prevent possible harassment by multiple assignees. A nonstatutory double patenting rejection is appropriate where the conflicting claims are not identical, but at least one examined application claim is not patentably distinct from the reference claim(s) because the examined application claim is either anticipated by, or would have been obvious over, the reference claim(s). See, e.g., In re Berg, 140 F.3d 1428, 46 USPQ2d 1226 (Fed. Cir. 1998); In re Goodman, 11 F.3d 1046, 29 USPQ2d 2010 (Fed. Cir. 1993); In re Longi, 759 F.2d 887, 225 USPQ 645 (Fed. Cir. 1985); In re Van Ornum, 686 F.2d 937, 214 USPQ 761 (CCPA 1982); In re Vogel, 422 F.2d 438, 164 USPQ 619 (CCPA 1970); In re Thorington, 418 F.2d 528, 163 USPQ 644 (CCPA 1969).
A timely filed terminal disclaimer in compliance with 37 CFR 1.321(c) or 1.321(d) may be used to overcome an actual or provisional rejection based on nonstatutory double patenting provided the reference application or patent either is shown to be commonly owned with the examined application, or claims an invention made as a result of activities undertaken within the scope of a joint research agreement. See MPEP § 717.02 for applications subject to examination under the first inventor to file provisions of the AIA as explained in MPEP § 2159. See MPEP § 2146 et seq. for applications not subject to examination under the first inventor to file provisions of the AIA . A terminal disclaimer must be signed in compliance with 37 CFR 1.321(b).
The filing of a terminal disclaimer by itself is not a complete reply to a nonstatutory double patenting (NSDP) rejection. A complete reply requires that the terminal disclaimer be accompanied by a reply requesting reconsideration of the prior Office action. Even where the NSDP rejection is provisional the reply must be complete. See MPEP § 804, subsection I.B.1. For a reply to a non-final Office action, see 37 CFR 1.111(a). For a reply to final Office action, see 37 CFR 1.113(c). A request for reconsideration while not provided for in 37 CFR 1.113(c) may be filed after final for consideration. See MPEP §§ 706.07(e) and 714.13.
The USPTO Internet website contains terminal disclaimer forms which may be used. Please visit www.uspto.gov/patent/patents-forms. The actual filing date of the application in which the form is filed determines what form (e.g., PTO/SB/25, PTO/SB/26, PTO/AIA /25, or PTO/AIA /26) should be used. A web-based eTerminal Disclaimer may be filled out completely online using web-screens. An eTerminal Disclaimer that meets all requirements is auto-processed and approved immediately upon submission. For more information about eTerminal Disclaimers, refer to www.uspto.gov/patents/apply/applying-online/eterminal-disclaimer.
Claims 1-12, 17-18 and 20 are rejected on the ground of nonstatutory double patenting as being unpatentable over claims 1-12 and 17-19 of U.S. Patent No. 12,259,961 (“‘961 patent”). Although the claims at issue are not identical, they are not patentably distinct from each other because the claims overlap in scope as detailed below by the claim-by-claim comparison table. As illustrated below, the claim limitations between the ‘961 patent are the same or represent obvious variations of the claim limitations of the instant application.
Instant Application
‘961 Patent
1. A method comprising:
determining, by a contactless access device, an interaction value associated with an interaction;
responsive to determining the interaction value, prompting, by the contactless access device, a user operating a user device for a secret;
receiving, by the contactless access device, the secret from the user;
after receiving the secret from the user, receiving, by the contactless access device from the user device, an initial communication from the user device over a wireless communication medium;
receiving, by the contactless access device from the user device, a user device certificate comprising a public key;
verifying, by the contactless access device, the user device certificate;
concatenating, by the contactless access device, at least the secret and an unpredictable number to form a concatenated value;
encrypting, by the contactless access device, the concatenated value with the public key;
transmitting, by the contactless access device, the encrypted concatenated value over the wireless communication medium to the user device, wherein the user device decrypts the encrypted concatenated value with a private key corresponding to the public key, verifies the unpredictable number, verifies the secret by comparing the secret to another secret stored in the user device, determines whether or not the interaction is approved based at least upon the verification of the secret, produces a user device interaction authorization result, and then provides the user device interaction authorization result to the contactless access device; and
receiving, by the contactless access device from the user device, the user device interaction authorization result.
1. A method comprising:
determining, by a contactless access device, an interaction value associated with an interaction;
responsive to determining the interaction value, prompting, by the contactless access device, a user operating a user device for a secret;
receiving, by the contactless access device, the secret from the user;
after receiving the secret from the user, receiving, by the contactless access device from the user device, an initial communication from the user device over a wireless communication medium;
receiving, by the contactless access device from the user device, a user device certificate comprising a public key;
verifying, by the contactless access device, the user device certificate;
concatenating, by the contactless access device, at least the secret and an unpredictable number to form a concatenated value;
encrypting, by the contactless access device, the concatenated value with the public key;
transmitting, by the contactless access device, the encrypted concatenated value over the wireless communication medium to the user device, wherein the user device decrypts the encrypted concatenated value with a private key corresponding to the public key, verifies the unpredictable number, verifies the secret by comparing the secret to another secret stored in the user device, determines whether or not the interaction is approved based at least upon the verification of the secret, produces a user device interaction authorization result, and then provides the user device interaction authorization result to the contactless access device; and
receiving, by the contactless access device from the user device, the user device interaction authorization result,
wherein the public key is a secret encipherment public key, and wherein the user device certificate includes the secret encipherment public key and a user device public key.
2. The method of claim 1, wherein the wireless communication medium uses NFC.
2. The method of claim 1, wherein the wireless communication medium uses NFC.
3. The method of claim 1, wherein the secret is a PIN, a passcode, a biometric, a one-time password, an access code, or a username-password pair.
3. The method of claim 1, wherein the secret is a PIN, a passcode, a biometric, a one-time password, an access code, or a username-password pair.
4. The method of claim 1, wherein after determining the interaction value, the method further comprises:
determining, by the contactless access device, whether or not to prompt the user operating the user device for the secret based on the interaction value and a predetermined threshold.
4. The method of claim 1, wherein after determining the interaction value, the method further comprises:
determining, by the contactless access device, whether or not to prompt the user operating the user device for the secret based on the interaction value and a predetermined threshold.
5. The method of claim 1, wherein after receiving the secret, the method further comprises:
prompting, by the contactless access device, the user to bring the user device into communication range with the contactless access device;
generating, by the contactless access device, a read record command message that requests one or more certificates from the user device; and
when the user device is in the communication range with the contactless access device, providing, by the contactless access device, the read record command message to the user device, wherein the user device obtains one or more certificates, generates a read record response message comprising the one or more certificates, and provides the read record response message to the contactless access device, wherein the one or more certificates includes the user device certificate.
5. The method of claim 1, wherein after receiving the secret, the method further comprises:
prompting, by the contactless access device, the user to bring the user device into communication range with the contactless access device;
generating, by the contactless access device, a read record command message that requests at least one or more certificates from the user device; and
when the user device is in the communication range with the contactless access device, providing, by the contactless access device, the read record command message to the user device, wherein the user device obtains at least the one or more certificates, generates a read record response message comprising at least the one or more certificates, and provides the read record response message to the contactless access device, wherein the one or certificates includes the user device certificate.
6. The method of claim 1, wherein the user device is a card.
6. The method of claim 1, wherein the user device is a card.
7. The method of claim 1, wherein the public key is a user device public key, and wherein the method further comprises:
receiving, by the contactless access device, an authorizing entity certificate comprising an authorizing entity public key from the user device.
7. The method of claim 1, wherein the method further comprises:
receiving, by the contactless access device, an authorizing entity certificate comprising an authorizing entity public key from the user device.
8. The method of claim 7, wherein the authorizing entity certificate is signed by a certificate authority private key, and wherein prior to verifying the user device certificate the method further comprises:
verifying, by the contactless access device, the authorizing entity certificate using a certificate authority public key available to the contactless access device and corresponds to the certificate authority private key; and
if the authorizing entity certificate is valid, obtaining, by the contactless access device, the authorizing entity public key from the authorizing entity certificate.
8. The method of claim 7, wherein the authorizing entity certificate is signed by a certificate authority private key, and wherein prior to verifying the user device certificate the method further comprises:
verifying, by the contactless access device, the authorizing entity certificate using a certificate authority public key available to the contactless access device and corresponds to the certificate authority private key; and
if the authorizing entity certificate is valid, obtaining, by the contactless access device, the authorizing entity public key from the authorizing entity certificate.
9. The method of claim 8, wherein the user device certificate is signed by an authorizing entity private key corresponding to the authorizing entity public key, and wherein verifying the user device certificate further comprises:
verifying, by the contactless access device, the user device certificate using the authorizing entity public key; and
if the user device certificate is valid, obtaining, by the contactless access device, the user device public key from the user device certificate.
9. The method of claim 8, wherein the user device certificate is signed by an authorizing entity private key corresponding to the authorizing entity public key, and wherein verifying the user device certificate further comprises:
verifying, by the contactless access device, the user device certificate using the authorizing entity public key; and
if the user device certificate is valid, obtaining, by the contactless access device, the user device public key from the user device certificate.
10. A contactless access device comprising:
a processor; and
a computer-readable medium coupled to the processor, the computer-readable medium comprising code executable by the processor for implementing a method comprising:
determining an interaction value associated with an interaction;
responsive to determining the interaction value, prompting a user operating a user device for a secret;
receiving the secret from the user;
after receiving the secret from the user, receiving, from the user device, an initial communication from the user device over a wireless communication medium;
receiving, from the user device, a user device certificate comprising a public key;
verifying the user device certificate;
concatenating at least the secret and an unpredictable number to form a concatenated value;
encrypting the concatenated value with the public key;
transmitting the encrypted concatenated value over the wireless communication medium to the user device, wherein the user device decrypts the encrypted concatenated value with a private key corresponding to the public key, verifies the unpredictable number, verifies the secret by comparing the secret to another secret stored in the user device, determines whether or not the interaction is approved based at least upon the verification of the secret, produces a user device interaction authorization result, and then provides the user device interaction authorization result to the contactless access device; and
receiving, from the user device, the user device interaction authorization result.
10. A contactless access device comprising:
a processor; and
a computer-readable medium coupled to the processor, the computer-readable medium comprising code executable by the processor for implementing operations comprising:
determining an interaction value associated with an interaction;
responsive to determining the interaction value, prompting a user operating a user device for a secret;
receiving the secret from the user;
after receiving the secret from the user, receiving, from the user device, an initial communication from the user device over a wireless communication medium;
receiving, from the user device, a user device certificate comprising a public key;
verifying the user device certificate;
concatenating at least the secret and an unpredictable number to form a concatenated value;
encrypting the concatenated value with the public key;
transmitting the encrypted concatenated value over the wireless communication medium to the user device, wherein the user device decrypts the encrypted concatenated value with a private key corresponding to the public key, verifies the unpredictable number, verifies the secret by comparing the secret to another secret stored in the user device, determines whether or not the interaction is approved based at least upon the verification of the secret, produces a user device interaction authorization result, and then provides the user device interaction authorization result to the contactless access device; and
receiving, from the user device, the user device interaction authorization result,
wherein the public key is a secret encipherment public key, and wherein the user device certificate includes the secret encipherment public key and a user device public key.
11. The contactless access device of claim 10, wherein the public key is a user device public key, and wherein the method further comprises:
receiving an authorizing entity certificate comprising an authorizing entity public key from the user device, wherein the authorizing entity certificate is signed by a certificate authority private key
verifying the authorizing entity certificate using a certificate authority public key available to the contactless access device and corresponds to the certificate authority private key; and
if the authorizing entity certificate is valid, obtaining the authorizing entity public key from the authorizing entity certificate.
11. The contactless access device of claim 10, wherein the operations further comprises:
receiving an authorizing entity certificate comprising an authorizing entity public key from the user device, wherein the authorizing entity certificate is signed by a certificate authority private key;
verifying the authorizing entity certificate using a certificate authority public key available to the contactless access device and corresponds to the certificate authority private key; and
if the authorizing entity certificate is valid, obtaining the authorizing entity public key from the authorizing entity certificate.
12. The contactless access device of claim 11, wherein the user device certificate is signed by an authorizing entity private key corresponding to the authorizing entity public key, and wherein verifying the user device certificate further comprises:
verifying the user device certificate using the authorizing entity public key; and
if the user device certificate is valid, obtaining the user device public key from the user device certificate.
12. The contactless access device of claim 11, wherein the user device certificate is signed by an authorizing entity private key corresponding to the authorizing entity public key, and wherein verifying the user device certificate further comprises:
verifying the user device certificate using the authorizing entity public key; and
if the user device certificate is valid, obtaining the user device public key from the user device certificate.
17. The contactless access device of claim 10, wherein the method further comprises:
generating a challenge command message that requests the unpredictable number from the user device;
providing the challenge command message to the user device, wherein the user device obtains the unpredictable number and provides the unpredictable number to the contactless access device; and receiving the unpredictable number from the user device.
17. The contactless access device of claim 10, wherein the operations further comprise:
generating a challenge command message that requests the unpredictable number from the user device;
providing the challenge command message to the user device, wherein the user device obtains the unpredictable number and provides the unpredictable number to the contactless access device; and receiving the unpredictable number from the user device.
18. A method comprising:
upon entering communication range with a contactless access device during an interaction, providing, by a user device, an initial communication from the user device over a wireless communication medium;
receiving, by the user device, a read record command from the contactless access device, wherein the read record command requests one or more certificates from the user device;
obtaining, by the user device, one or more certificates from memory;
generating, by the user device, a read record response message comprising the one or more certificates from the memory;
providing, by the user device, the read record response message to the contactless access device in response to the read record command, wherein the one or certificates includes a user device certificate comprising a public key, wherein the contactless access device verifies the user device certificate, concatenates at least a secret provided by a user of the user device to the contactless access device and an unpredictable number to form a concatenated value, encrypts the concatenated value with the public key, and transmits the encrypted concatenated value over the wireless communication medium to the user device;
receiving, by the user device, the encrypted concatenated value from the contactless access device;
decrypting, by the user device, the encrypted concatenated value using a private key corresponding to the public key;
verifying, by the user device, the secret included in the concatenated value by comparing the secret to another secret stored in the user device;
producing, by the user device, a user device interaction authorization result based on whether or not the interaction is approved based at least upon the verification of the secret; and
providing, by the user device, the user device interaction authorization result to the contactless access device.
18. A method comprising:
upon entering communication range with a contactless access device during an interaction, providing, by a user device, an initial communication from the user device over a wireless communication medium;
receiving, by the user device, a read record command from the contactless access device, wherein the read record command requests at least one or more certificates from the user device;
obtaining, by the user device, at least the one or more certificates from memory;
generating, by the user device, a read record response message comprising at least the one or more certificates;
providing, by the user device, the read record response message to the contactless access device in response to the read record command, wherein the one or more certificates includes a user device certificate comprising a public key, wherein the contactless access device verifies the user device certificate, concatenates at least a secret provided by a user of the user device to the contactless access device and an unpredictable number to form a concatenated value, encrypts the concatenated value with the public key, and transmits the encrypted concatenated value over the wireless communication medium to the user device;
receiving, by the user device, the encrypted concatenated value from the contactless access device;
decrypting, by the user device, the encrypted concatenated value using a private key corresponding to the public key;
verifying, by the user device, the secret included in the concatenated value by comparing the secret to another secret stored in the user device;
producing, by the user device, a user device interaction authorization result based on whether or not the interaction is approved based at least upon the verification of the secret; and
providing, by the user device, the user device interaction authorization result to the contactless access device,
wherein after providing the user device interaction authorization result to the contactless access device, the contactless access device generates an authorization request message comprising at least an interaction value and interaction data associated with the interaction and provides the authorization request message to a resource provider computer, wherein the resource provider computer provides the authorization request message to a transport computer that provides the authorization request message to a network processing computer, wherein the network processing computer provides the authorization request message to an authorizing entity computer for authorization of the interaction.
20. The method of claim 18 further comprising:
receiving, by the user device, a challenge command message from the contactless access device that requests the unpredictable number;
obtaining, by the user device, the unpredictable number; and
providing, by the user device, the unpredictable number to the contactless access device.
19. The method of claim 18 further comprising:
receiving, by the user device, a challenge command message from the contactless access device that requests the unpredictable number;
obtaining, by the user device, the unpredictable number; and
providing, by the user device, the unpredictable number to the contactless access device.
Claim Rejections - 35 USC § 103
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.
The following conventions apply to the mapping of the prior art to the claims:
Italicized text – claim language.
Parenthetical plain text – Examiner’s citation and explanation.
Citation without an explanation – an explanation has been previously provided for the respective limitation(s).
Quotation marks – language quoted from a prior art reference.
Underlining – language quoted from a claim.
Brackets – material altered from either a prior art reference or a claim, which includes the Examiner’s explanation that relates a claim limitation to the quoted material of a reference.
Braces – a limitation taught by another reference, but the limitation is presented with the mapping of the instant reference for context.
Numbered superscript – a first phrase to be moved upwards to the primary reference analysis.
Lettered superscript – a second phrase to be moved after the movement of the first phrase from which it was lifted, or more succinctly, move numbered material first, lettered material last.
A. Claims 1-4 and 6-12 are rejected under 35 U.S.C. 103 as being unpatentable over Osborn et al. (US 10,657,754, “Osborn”) in view of Aleksandrov ( US 2022/0101286, “Aleksandrov”), and further in view of Aubin et al. (US 2011/0251958, “Aubin”).
Regarding Claim 1
Osborn discloses
A method (abstract) comprising:
1 …;
responsive to determining the {interaction value (Aleksandrov ¶ [0056])}, prompting, by the contactless access device, a user operating a user device for a secret (Col. 8:22-32, “In the system 200 of FIG. 2A, the transaction device 222 [contactless access device] (which may be a client mobile device, a merchant transaction device or any device comprising NFC communication capability) is shown to include a user interface 225 for receiving information, such as an input PIN, from a user 202;” and Col. 9:4-17, “At step 251 a transaction [possessing an interaction value] is initiated by user 202; for example, the user may seek to access an account, make a purchase, or otherwise perform an action that benefits from the dual factor authentication method disclosed herein. At step 252, the user 202 is prompted to input a PIN [as a secret] and upon receipt of the input PIN, the transaction device 222 may initiate a dual-authentication cryptogram exchange with the contactless card [user device] 205,...");
receiving, by the contactless access device, the secret from the user (Col. 9:4-17, “At step 252, the user 202 is prompted to input a PIN [as a secret that is received by the contactless access device] ...");
after receiving the secret from the user (Col. 9:4-17), receiving, by the contactless access device from the user device, an initial communication from the user device over a wireless communication medium (Col. 9:4-17, “…and upon receipt of the input PIN [secret], the transaction device [contactless access device] 222 may initiate a dual-authentication cryptogram exchange [communication] with the contactless card 205, for example by prompting the user to tap the card 205 on the transaction device 222 or otherwise bring the contactless card 205 in communication range [via a wireless communication medium] with the transaction device 222.”);
2 …;
3 …;
concatenating, by the contactless access device, at least the secret and an unpredictable number (Col. 11:17-30, “At step 465, the transaction device generates a random [unpredictable] number...") to form a concatenated value (Col. 7:24-33, “In some embodiments, shared information, including, but not limited to a shared secret and/or a PIN [secret], may then be concatenated with one or more blocks of random [unpredictable number] data and encoded using a cryptographic algorithm and the diversified key to generate a MAC cryptogram.”);
encrypting, by the contactless access device, the concatenated value with the public key (Col. 11:17-31, “At step 465, the transaction device [contactless access device] generates a random number which it [concatenates to create the concatenated value as disclosed by Osborn II ¶ [0047]] encrypts with the public key and forwards to the contactless card 405.”);
transmitting, by the contactless access device, the encrypted concatenated value over the wireless communication medium to the user device (Col. 11:17-31, “At step 465, the transaction device [contactless access device] generates a random number which it [concatenates to create the concatenated value as disclosed by Osborn II ¶ [0047]] encrypts with the public key and forwards [or transmits over the wireless communication medium] to the contactless card [user device] 405.”),
wherein the user device (Col. 9:4-17)
decrypts the encrypted concatenated value with a private key corresponding to the public key (Col. 11:17-31, “At step 466, the contactless card [user device] decrypts the random number [within the encrypted concatenated value] using its private key...”),
verifies the unpredictable number (Col. 11:17-37, “At step 466, the contactless card [user device] decrypts the random number using its private key [that thereby verifies the unpredictable number],…”),
4 …,
5 …,
6 …, and
7 …; and
8 ….
Osborn doesn’t disclose
1 determining, by a contactless access device, an interaction value associated with an interaction;
2 receiving, by the contactless access device from the user device, a user device certificate comprising a public key;
3 verifying, by the contactless access device, the user device certificate;
4 verifies the secret by comparing the secret to another secret stored in the user device,
5 determines whether or not the interaction is approved based at least upon the verification of the secret,
6 produces a user device interaction authorization result,
7 then provides the user device interaction authorization result to the contactless access device;
8 receiving, by the contactless access device from the user device, the user device interaction authorization result.
Aleksandrov, however, discloses
1 determining, by a {contactless access device (Osborn Col. 8:22-32)}, an interaction value associated with an interaction (¶ [0056], “Alternatively, the selection of a product can be made without a terminal, whereby the seller's store employee can scan the barcodes [as an interaction] of the products, and a list of products and amounts for payment [as an interaction value] will be displayed on the terminal screen for further payment.”)
2 receiving, by the contactless access device from the user device, a user device certificate comprising a public key (¶ [0034], “the customer's [user] device transmits a public key [user device] certificate [that possesses a public key] of the customer's device to [and is received by] the terminal [contactless access device]”)
3 verifying, by the contactless access device, the user device certificate (¶ [0034], “the terminal [contactless access device] verifies a digital signature of the public key [user device] certificate of the customer's device using the public key of the customer's bank server”);
Regarding the combination of Osborn and Aleksandrov, it would have been obvious for one of ordinary skill in the art before the effective filing date of the claimed invention to have modified the secret processing system to have included the interaction value feature of Aleksandrov. One of ordinary skill in the art would have been motivated to incorporate the interaction value feature because Aleksandrov teaches a security system that “expand[s] the functionality of the payment system and reducing its vulnerability, in particular, by making it possible to conduct a payment transaction in a contactless way, on condition that the reference value of the customer authentication data is stored exclusively on the customer's device, as well as by combining the advantages of online and offline customer authentication procedures.” Aleksandrov ¶ [0015].
Aubin, however, discloses
4 verifies the secret by comparing the secret to another secret stored in the user device (¶¶ [0013]-[0014], “The terminal then sends (E108) the payment card a VERIFY request for verification of the PIN [secret] entered by the cardholder. The payment card then compares the PIN entered by the cardholder with the authentic PIN [another secret] contained in its memory [stored in the user device]. If the PIN entered is deemed valid [verified],…”)
5 determines whether or not the interaction is approved based at least upon the verification of the secret (¶ [0014], “If the PIN entered is deemed [determined] valid [verification of the secret], the payment card sends (E110) a 0x9000 OK [approve the interaction] message to the terminal. If not, the card sends (E110) a 0x63Cx refusal message to the terminal, where x is the number of PIN entry attempts remaining before the card blocks the transaction [interaction] in progress (and future transactions).”),
6 produces a user device interaction authorization result (¶ [0014], “If the PIN entered is deemed valid, the payment card sends (E110) a 0x9000 OK message [as a user device interaction authorization result] to the terminal.”),
7 then provides the user device interaction authorization result to the contactless access device (¶ [0014], “If the PIN entered is deemed valid, the payment card [user device] sends [provides] (E110) a 0x9000 OK message [as a user device interaction authorization result] to the terminal [contactless access device].”);
8 receiving, by the contactless access device from the user device, the user device interaction authorization result (¶ [0014], ¶ [0014], “If the PIN entered is deemed valid, the payment card sends (E110) a 0x9000 OK message [as a user device interaction authorization result] to the terminal [contactless access device that receives the authorization result].”).
Regarding the combination of Osborn-Aleksandrov and Aubin, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to modify the secret processing system of Osborn-Aleksandrov to arrive at the claimed invention. KSR establishes that a rationale for obviousness is proven by showing a “use of [a] known technique to improve similar devices in the same way.” See MPEP § 2143(I)(C).
To substantiate the conclusion of obviousness under this KSR rationale, the Examiner finds pursuant to MPEP § 2143(I)(C):
1) the prior art contained a base system, namely the secret processing system of Osborn-Aleksandrov, upon which the claimed invention can be seen as an “improvement” through the use of a PIN security feature;
2) the prior art contained a “comparable” system, namely the transaction system of Aubin, that has been improved in the same way as the claimed invention through the PIN security feature; and
3) one of ordinary skill in the art could have applied the known improvement technique of applying the PIN security feature to the base secret processing system of Osborn-Aleksandrov, and the results would have been predictable to one of ordinary skill in the art.
Regarding Claim 2
Osborn in view of Aleksandrov, and further in view of Aubin (“Osborn-Aleksandrov-Aubin”) discloses the method of claim 1, and Osborn further discloses
wherein the wireless communication medium uses NFC (Col. 4:60-67, “System 100 may include one or more contactless cards 105. In one embodiment, a contactless card 105 comprises a card of credit-card dimension including an embedded integrated circuit, a storage device and an interface that permits the card to communicate with a transmitting device using a Near Field Communication (NFC) protocol.”).
Regarding Claim 3
Osborn-Aleksandrov-Aubin discloses the method of claim 1, and Osborn further discloses
wherein the secret is a PIN (Col. 9:4-17, “At step 252, the user 202 is prompted to input a PIN [as a secret] and upon receipt of the input PIN, the transaction device 222 may initiate a dual-authentication cryptogram exchange with the contactless card 205,..."), a passcode, a biometric, a one-time password, an access code, or a username-password pair.
Regarding Claim 4
Osborn-Aleksandrov-Aubin discloses the method of claim 1, and Osborn further discloses
wherein after {determining the interaction value (Aleksandrov ¶ [0056])}, the method further comprises:
determining, by the contactless access device, whether or not to prompt the user operating the user device for the secret based on the interaction value and a predetermined threshold (Col. 9:4-17 “At step 251 a transaction is initiated by user 202; for example, the user may seek to access an account, make a purchase, or otherwise perform an action that benefits from the dual factor authentication method disclosed herein. At step 252, the user 202 is prompted [via the “transaction device”/contactless access device] to input a PIN and upon receipt of the input PIN, the transaction device 222 may [based upon a threshold] initiate a dual-authentication cryptogram exchange with the contactless card 205, for example by prompting the user to tap the card 205 on the transaction device 222 or otherwise bring the contactless card 205 in communication range with the transaction device 222,” i.e., Osborn is silent to bypassing the input of a secret/PIN, but it would be obvious to one skilled in the art to bypass the security feature for small purchases that do not require heightened security and emphasize convenience to the consumer).
Regarding Claim 6
Osborn-Aleksandrov-Aubin discloses the method of claim 1, and Osborn further discloses
wherein the user devce is a card (Col. 9:4-17, “At step 252, the user 202 is prompted to input a PIN and upon receipt of the input PIN, the transaction device 222 may initiate a dual-authentication cryptogram exchange with the contactless card [as the user device] 205,...").
Regarding Claim 7
Osborn-Aleksandrov-Aubin discloses the method of claim 1, and Osborn further discloses
wherein the public key is a user device public key (Col. 11:5-16, “…the public key [encompassing a user device certificate] of the card 405 may be stored by the card [user device] 405 and read [or received from the user device/card] by the transaction device [contactless access device] as part of the authentication process.”), and
wherein the method further comprises:
1 ….
Aleksandrov further discloses
1 receiving, by the contactless access device, an authorizing entity certificate comprising an authorizing entity public key from the user device (¶ [0034], “the customer's device transmits [to be received] a public key certificate [that possesses a public key] of the customer's bank [an authorizing entity certificate] server to the terminal [contactless access device]”).
Regarding the combination of Osborn and Aleksandrov, the rationale to combine is the same as provided for claim 1 due to the overlapping subject matter of claims 1 and 7.
Regarding Claim 8
Osborn-Aleksandrov-Aubin discloses the method of claim 7, and Aleksandrov further discloses
wherein the authorizing entity certificate (¶ [0034]) is signed by a certificate authority private key (¶ [0034], “the terminal verifies a digital signature of the public key certificate of the customer's bank server using a public key of a certification authority [based upon the CA signing the certificate with its corresponding certificate authority private key]”), and
wherein prior to verifying the user device certificate (¶ [0034], “the terminal verifies a digital signature of the public key [user device] certificate of the customer's device using the public key of the customer's bank server”) the method further comprises:
verifying, by the contactless access device, the authorizing entity certificate using a certificate authority public key available to the contactless access device and corresponds to the certificate authority private key (¶ [0034], “the terminal [contactless access device] verifies a digital signature of the public key certificate of the customer's bank [authorizing entity] server using a [available] public key of a certification authority [that corresponds to the certificate authority private key that was used to create the digital signature]”); and
if the authorizing entity certificate is valid, obtaining, by the contactless access device, the authorizing entity public key from the authorizing entity certificate (¶ [0034], “extracts [via the contactless access device] a [authorizing entity] public key of the customer's bank [authorizing entity] server from the public key [authorizing entity] certificate of the customer's bank server”).
Regarding the combination of Osborn and Aleksandrov, the rationale to combine is the same as provided for claim 1 due to the overlapping subject matter of claims 1 and 8.
Regarding Claim 9
Osborn-Aleksandrov-Aubin discloses the method of claim 8, and Aleksandrov further discloses
wherein the user device certificate is signed by an authorizing entity private key corresponding to the authorizing entity public key (¶ [0034], “the customer's device transmits a public key certificate of the customer's device to the terminal; the terminal verifies a digital signature of the public key [user device] certificate of the customer's [user] device using the public key of the customer's bank [authorizing entity] server [because the user device certificate was signed the corresponding authorizing entity private key]”), and
wherein verifying the user device certificate further comprises:
verifying, by the contactless access device, the user device certificate using the authorizing entity public key (¶ [0034], “”); and
if the user device certificate is valid, obtaining, by the contactless access device, the user device public key from the user device certificate (¶ [0034], “extracts [obtaining via the contactless access device] a [user device] public key of the customer's device from the public key [user device] certificate of the customer's device”).
Regarding the combination of Osborn and Aleksandrov, the rationale to combine is the same as provided for claim 1 due to the overlapping subject matter of claims 1 and 9.
Regarding Independent Claim 10
With respect to independent claim 10, a corresponding reasoning as given earlier for independent claim 1 applies, mutatis mutandis, to the subject matter of claim 10. Therefore, claim 10 is rejected, for similar reasons, under the grounds set forth for claim 1.
Regarding Claim 11
With respect to claim 11, a corresponding reasoning as given earlier for independent claims 7 and 8 applies, mutatis mutandis, to the subject matter of claim 11. Therefore, claim 11 is rejected, for similar reasons, under the grounds set forth for claims 7 and 8.
Regarding Claim 12
With respect to independent claim 12, a corresponding reasoning as given earlier for independent claim 9 applies, mutatis mutandis, to the subject matter of claim 12. Therefore, claim 12 is rejected, for similar reasons, under the grounds set forth for claim 9.
B. Claims 5 and 18 are rejected under 35 U.S.C. 103 as being unpatentable over Osborn in view of Aleksandrov and Aubin, and further in view of Cook et al. (US 11,551,200 “Cook”).
Regarding Claim 5
Osborn-Aleksandrov-Aubin discloses the method of claim 1, and Osborn further discloses
wherein after receiving the secret (Col. 9:4-17), the method further comprises:
prompting, by the contactless access device, the user to bring the user device into communication range with the contactless access device (Col. 9:4-17, “…and upon [after] receipt of the input PIN [secret], the transaction device [contactless access device] 222 may initiate a dual-authentication cryptogram exchange with the contactless card [user device] 205, for example by prompting the user to tap the card 205 on the transaction device 222 or otherwise bring the contactless card 205 in communication range with the transaction device [contactless access device] 222.”);
1 …; and
2 …,
3 …,
4 …, and
5 ….
Osborn doesn’t disclose
1 generating, by the contactless access device, a read record command message that requests one or more certificates from the user device;
2 when the user device is in the communication range with the contactless access device, providing, by the contactless access device, the read record command message to the user device,
3 wherein the user device obtains one or more certificates,
4 generates a read record response message comprising the one or more certificates,
5 provides the read record response message to the contactless access device, wherein the one or more certificates includes the user device certificate.
Cook, however, discloses
1 generating, by the contactless access device, a read record command message (Col. 33:36-34:19, “At process 1002, the customer device [contactless access device] 102 [generates and] transmits a [read record] command requesting identity information [via the user device public key certificate] to a transaction card 104 via a contactless communication.”) that requests one or more certificates from the user device (Col. 33:36-34:19, “At process 1002, the customer device 102 transmits a [read record] command requesting identity information…”; and Aleksandrov ¶ [0034], “the customer's [user] device transmits a public key certificate [that is based upon the request] of the customer's device to the terminal”);
2 when the user device is in the communication range with the contactless access device, providing, by the contactless access device, the read record command message to the user device (Col. 33:36-34:19, “At process 1002, the customer device [contactless access device] 102 transmits [provides] a [read record] command [message when the user device is in communication range with the contactless access device]…”]),
3 wherein the user device obtains one or more certificates (Fig. 1, Col. 12:24-13:38, “In some embodiments, the chip may include a cryptographic token, cryptographic key, digital certificate, or encryption algorithm that is profiled to the user. In this situation, the chip may not include a username and/or password of the user. Rather, the stored information (e.g., token, etc.) is the authentication mechanism for the user. This stored information will authenticate and identify the user during each tap (e.g., account access situation),” i.e., the certificates are obtained when required based upon the command),
4 generates a read record response message comprising the one or more certificates (Col. 33:36-34:19, “The customer device 102 generates a command that is configured to cause the transaction card [user device] 104 to respond by transmitting identification information [via a generated read record response message] to the customer device 102.”; and Aleksandrov ¶ [0034], “the customer's [user] device transmits a public key certificate [as the read record response message] of the customer's device to the terminal”),
5 provides the read record response message to the contactless access device, wherein the one or more certificates includes the user device certificate (Col. 33:36-34:19, “The customer device 102 generates a command that is configured to cause the transaction card [user device] 104 to respond by transmitting [and provide] identification information [comprising the user device certificate and included within read record response message] to the customer device [contactless access device]102.”).
Regarding the combination of Osborn-Aleksandrov-Aubin and Cook, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to modify the secret processing system of Osborn-Aleksandrov-Aubin to arrive at the claimed invention. KSR establishes that a rationale for obviousness is proven by showing a “use of [a] known technique to improve similar devices in the same way.” See MPEP § 2143(I)(C).
To substantiate the conclusion of obviousness under this KSR rationale, the Examiner finds pursuant to MPEP § 2143(I)(C):
1) the prior art contained a base system, namely the secret processing system of Osborn-Aleksandrov-Aubin, upon which the claimed invention can be seen as an “improvement” through the use of a record request and response;
2) the prior art contained a “comparable” system, namely the transaction system of Cook, that has been improved in the same way as the claimed invention through the record request and response feature; and
3) one of ordinary skill in the art could have applied the known improvement technique of applying the record request and response feature to the base secret processing system of Osborn-Aleksandrov-Aubin, and the results would have been predictable to one of ordinary skill in the art.
Regarding Independent Claim 18
A method (abstract) comprising:
upon entering communication range with a contactless access device during an interaction, providing, by a user device, an initial communication from the user device over a wireless communication medium (Col. 9:4-17, “…and upon receipt of the input PIN, the transaction [interaction] device [contactless access device] 222 may initiate a dual-authentication cryptogram exchange [including an initial communication] with the contactless card [user device] 205, for example by prompting the user to tap the card 205 on the transaction device 222 or otherwise bring the contactless card 205 in communication range [via a wireless communication medium] with the transaction device 222.”);
1 …,
2 …;
3 …;
4 …;
5 …,
6 …,
7 …,
concatenates at least a secret provided by a user of the user device (Col. 8:22-32, “In the system 200 of FIG. 2A, the transaction device 222 [contactless access device] (which may be a client mobile device, a merchant transaction device or any device comprising NFC communication capability) is shown to include a user interface 225 for receiving information, such as an input PIN [secret], from a user 202;” and Col. 9:4-17, “At step 251 a transaction is initiated by user 202; for example, the user may seek to access an account, make a purchase, or otherwise perform an action that benefits from the dual factor authentication method disclosed herein. At step 252, the user 202 is prompted to input a PIN [as a secret] and upon receipt of the input PIN, the transaction device 222 may initiate a dual-authentication cryptogram exchange with the contactless card [user device] 205,...") to the contactless access device and an unpredictable number (Col. 11:17-30, “At step 465, the transaction device generates a random [unpredictable] number...") to form a concatenated value (Col. 7:24-33, “In some embodiments, shared information, including, but not limited to a shared secret and/or a PIN [secret], may then be concatenated with one or more blocks of random [unpredictable number] data and encoded using a cryptographic algorithm and the diversified key to generate a MAC cryptogram.”),
encrypts the concatenated value with the public key (Col. 11:17-31, “At step 465, the transaction device generates a random number which it [concatenates to create the concatenated value as disclosed by Osborn II ¶ [0047]] encrypts with the public key and forwards to the contactless card 405.”), and
transmits the encrypted concatenated value over the wireless communication medium to the user device (Col. 11:17-31, “At step 465, the transaction device generates a random number which it encrypts with the public key and forwards [or transmits over the wireless communication medium] to the contactless card [user device] 405.”);
receiving, by the user device, the encrypted concatenated value from the contactless access device (Col. 11:17-31, “At step 465, the transaction device generates a random number which it encrypts with the public key and forwards to [and is received by] the contactless card [user device] 405.”);
decrypting, by the user device, the encrypted concatenated value using a private key corresponding to the public key (Col. 11:17-31, “At step 466, the contactless card [user device] decrypts the random number [within the encrypted concatenated value] using its private key...”);
8 …;
9 …; and
10 ….
Osborn doesn’t disclose
1 receiving, by the user device, a read record command from the contactless access device,
2 wherein the read record command requests one or more certificates from the user device;
3 obtaining, by the user device, the one or more certificates from memory;
4 generating, by the user device, a read record response message comprising the one or more certificates from the memory;
5 providing, by the user device, the read record response message to the contactless access device in response to the read record command,
6 wherein the one or certificates includes a user device certificate comprising a public key,
7 wherein the contactless access device verifies the user device certificate,
8 verifying, by the user device, the secret included in the concatenated value by comparing the secret to another secret stored in the user device;
9 producing, by the user device, a user device interaction authorization result based on whether or not the interaction is approved based at least upon the verification of the secret;
10 providing, by the user device, the user device interaction authorization result to the contactless access device.
Aleksandrov, however, discloses
6 wherein the one or certificates includes a user device certificate comprising a public key (¶ [0034], “the customer's [user] device transmits a public key [user device] certificate [that possesses a public key] of the customer's device to [and is received by] the terminal [contactless access device]”),
7 wherein the contactless access device verifies the user device certificate (¶ [0034], “the terminal [contactless access device] verifies a digital signature of the public key [user device] certificate of the customer's device using the public key of the customer's bank server”),
Regarding the combination of Osborn and Aleksandrov, it would have been obvious for one of ordinary skill in the art before the effective filing date of the claimed invention to have modified the secret processing system to have included the interaction value feature of Aleksandrov. One of ordinary skill in the art would have been motivated to incorporate the interaction value feature because Aleksandrov teaches a security system that “expand[s] the functionality of the payment system and reducing its vulnerability, in particular, by making it possible to conduct a payment transaction in a contactless way, on condition that the reference value of the customer authentication data is stored exclusively on the customer's device, as well as by combining the advantages of online and offline customer authentication procedures.” Aleksandrov ¶ [0015].
Aubin, however, discloses
8 verifying, by the user device, the secret included in the concatenated value by comparing the secret to another secret stored in the user device (¶¶ [0013]-[0014], “The terminal then sends (E108) the payment card a VERIFY request for verification of the PIN [secret] entered by the cardholder. The payment card then compares the PIN entered by the cardholder with the authentic PIN [another secret] contained in its memory [stored in the user device]. If the PIN entered is deemed valid [verified],…”);
9 producing, by the user device, a user device interaction authorization result based on whether or not the interaction is approved based at least upon the verification of the secret (¶ [0014], “If the PIN entered is deemed [verified] valid [approved], the payment card sends (E110) a 0x9000 OK message [as a user device interaction authorization result] to the terminal.”);
10 providing, by the user device, the user device interaction authorization result to the contactless access device (¶ [0014], “If the PIN entered is deemed valid, the payment card [user device] sends [provides] (E110) a 0x9000 OK message [as a user device interaction authorization result] to the terminal [contactless access device].”).
Regarding the combination of Osborn-Aleksandrov and Aubin, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to modify the secret processing system of Osborn-Aleksandrov to arrive at the claimed invention. KSR establishes that a rationale for obviousness is proven by showing a “use of [a] known technique to improve similar devices in the same way.” See MPEP § 2143(I)(C).
To substantiate the conclusion of obviousness under this KSR rationale, the Examiner finds pursuant to MPEP § 2143(I)(C):
1) the prior art contained a base system, namely the secret processing system of Osborn-Aleksandrov, upon which the claimed invention can be seen as an “improvement” through the use of a PIN security feature;
2) the prior art contained a “comparable” system, namely the transaction system of Aubin, that has been improved in the same way as the claimed invention through the PIN security feature; and
3) one of ordinary skill in the art could have applied the known improvement technique of applying the PIN security feature to the base secret processing system of Osborn-Aleksandrov, and the results would have been predictable to one of ordinary skill in the art.
Cook, however, discloses
1 receiving, by the user device, a read record command from the contactless access device (Col. 33:36-34:19, “At process 1002, the customer device [contactless access device] 102 transmits a [read record] command requesting identity information [via the user device public key certificate] to a transaction card [user device that receives the command] 104 via a contactless communication.”),
2 wherein the read record command (Cook Col. 33:36-34:19) requests one or more certificates from the user device (Col. 33:36-34:19, “At process 1002, the customer device 102 transmits a [read record] command requesting identity information…”; and Aleksandrov ¶ [0034], “the customer's [user] device transmits a public key certificate [that is transmitted based upon the command] of the customer's device to the terminal”)
3 obtaining, by the user device, the one or more certificates from memory (Fig. 1, Col. 12:24-13:38, “In some embodiments, the chip may include a cryptographic token, cryptographic key, digital certificate, or encryption algorithm that is profiled to the user. In this situation, the chip may not include a username and/or password of the user. Rather, the stored information [in memory] (e.g., token, etc.) is the authentication mechanism for the user. This stored information will authenticate and identify the user during each tap (e.g., account access situation),” i.e., the certificates are obtained when required based upon the command);
4 generating, by the user device, a read record response message comprising the one or more certificates (Col. 33:36-34:19, “The customer device 102 generates a command that is configured to cause the transaction card [user device] 104 to respond by transmitting identification information [via a generated read record response message] to the customer device 102.”; and Aleksandrov ¶ [0034], “the customer's [user] device transmits a public key certificate [as the read record response message] of the customer's device to the terminal”);
5 providing, by the user device, the read record response message to the contactless access device in response to the read record command (Col. 33:36-34:19, “The customer device 102 generates a command that is configured to cause the transaction card [user device] 104 to respond by transmitting [and provide] identification information [as the read record response message] to the customer device [contactless access device]102.”),
Regarding the combination of Osborn-Aleksandrov-Aubin and Cook, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to modify the secret processing system of Osborn-Aleksandrov-Aubin to arrive at the claimed invention. KSR establishes that a rationale for obviousness is proven by showing a “use of [a] known technique to improve similar devices in the same way.” See MPEP § 2143(I)(C).
To substantiate the conclusion of obviousness under this KSR rationale, the Examiner finds pursuant to MPEP § 2143(I)(C):
1) the prior art contained a base system, namely the secret processing system of Osborn-Aleksandrov-Aubin, upon which the claimed invention can be seen as an “improvement” through the use of a record request and response;
2) the prior art contained a “comparable” system, namely the transaction system of Cook, that has been improved in the same way as the claimed invention through the record request and response feature; and
3) one of ordinary skill in the art could have applied the known improvement technique of applying the record request and response feature to the base secret processing system of Osborn-Aleksandrov-Aubin, and the results would have been predictable to one of ordinary skill in the art.
C. Claims 17 and 20 are rejected under 35 U.S.C. 103 as being unpatentable over Osborn in view of Aleksandrov and Aubin, and further in view of Rans et al. (US 2007/0278291 “Rans”).
Regarding Claim 17
Osborn-Aleksandrov-Aubin discloses the contactless access device of claim 10, and Osborn further discloses
wherein the method further comprises:
generating a challenge command message that requests the unpredictable number from the user device (¶ [0042], “In that usage model, the terminal [generates and] sends a request for card authentication to the card, providing the card with a terminal-generated random [unpredictable number] challenge (UN).”);
providing the challenge command message to the user device, wherein the user device obtains the unpredictable number and provides the unpredictable number to the contactless access device (¶ [0042], “In that usage model, the terminal sends [provides] a request for card authentication to the card [user device], providing the card with a terminal-generated random [unpredictable number] challenge (UN).”); and
receiving the unpredictable number from the user device (¶ [0047], “The CVC3 s as sent back by the card [user device and then received by the contactless access device] in the answer to that command, any part of the PIN digits and of the challenge data not used at the previous step are combined to form the input to the calculation of a one-way hash function.”).
Regarding the combination of Osborn-Aleksandrov-Aubin and Rans, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to modify the secret processing system of Osborn-Aleksandrov-Aubin to arrive at the claimed invention. KSR establishes that a rationale for obviousness is proven by showing a “use of [a] known technique to improve similar devices in the same way.” See MPEP § 2143(I)(C).
To substantiate the conclusion of obviousness under this KSR rationale, the Examiner finds pursuant to MPEP § 2143(I)(C):
1) the prior art contained a base system, namely the secret processing system of Osborn-Aleksandrov-Aubin, upon which the claimed invention can be seen as an “improvement” through the use of a challenge;
2) the prior art contained a “comparable” system, namely the transaction system of Rans, that has been improved in the same way as the claimed invention through the challenge feature; and
3) one of ordinary skill in the art could have applied the known improvement technique of applying the challenge feature to the base secret processing system of Osborn-Aleksandrov-Aubin, and the results would have been predictable to one of ordinary skill in the art.
Regarding Claim 20
With respect to claim 20, a corresponding reasoning as given earlier for claim 17 applies, mutatis mutandis, to the subject matter of claim 20. Therefore, claim 20 is rejected, for similar reasons, under the grounds set forth for claim 17.
D. Claim 13 is rejected under 35 U.S.C. 103 as being unpatentable over Osborn in view of Aleksandrov and Aubin, and further in view of Benkreira et al. (US 2019/0347642 “Benkreira”).
Regarding Claim 13
Osborn-Aleksandrov-Aubin discloses the contactless access device of claim 10, and Osborn further discloses
wherein the initial communication (Col. 9:4-17) is…1
Osborn-Aleksandrov-Aubin doesn’t disclose
1 …a detection of a presence of the user device.
Benkreira, however, discloses
1 …a detection of a presence of the user device (¶ [0034], “In some implementations, the ATM device may include a transaction card reader (e.g., a card insertion or swiping mechanism, a contactless card reading mechanism, and/or the like). In such cases, the ATM device may instruct the user device to prompt the user for a PIN based on the [the initial communication of the] user inserting the ATM card [user device] into the transaction card reader [with the presence detected], swiping the ATM card through the transaction card reader, and/or tapping the ATM card on (or placing the ATM card near) the transaction card reader.”).
Regarding the combination of Osborn-Aleksandrov-Aubin and Benkreira, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to modify the secret processing system of Osborn-Aleksandrov-Aubin to arrive at the claimed invention. KSR establishes that a rationale for obviousness is proven by showing a “use of [a] known technique to improve similar devices in the same way.” See MPEP § 2143(I)(C).
To substantiate the conclusion of obviousness under this KSR rationale, the Examiner finds pursuant to MPEP § 2143(I)(C):
1) the prior art contained a base system, namely the secret processing system of Osborn-Aleksandrov-Aubin, upon which the claimed invention can be seen as an “improvement” through the use of an initial detecting feature;
2) the prior art contained a “comparable” system, namely the transaction system of Benkreira, that has been improved in the same way as the claimed invention through the initial detecting feature; and
3) one of ordinary skill in the art could have applied the known improvement technique of applying the initial detecting feature to the base secret processing system of Osborn-Aleksandrov-Aubin, and the results would have been predictable to one of ordinary skill in the art.
E. Claims 14-16 are rejected under 35 U.S.C. 103 as being unpatentable over Osborn in view of Aleksandrov and Aubin, and further in view of Shenker et al. (US 2020/0245138 “Shenker”).
Regarding Claim 14
Osborn-Aleksandrov-Aubin discloses the contactless access device of claim 13, and Osborn further discloses
wherein the method further comprises after the initial communication (Col. 9:4-17),…1
Osborn-Aleksandrov-Aubin doesn’t disclose
1 …transmitting an available applications request to the user device and receiving an available applications response message from the user device.
Shenker, however, discloses
1 …transmitting an available applications request to the user device and receiving an available applications response message from the user device (Fig. 4, ¶ [0078], “At step S406, the access device 403 may send [transmit] an available applications request message to the user device 402 to request information regarding which applications (e.g., a list of AIDs) may be available on the digital wallet application of user device 402.”; and ¶ [0083], “At step S412, the user device 402 may transmit to the access device 403, based in part on whether the association determined in step S410 exists, an enhanced available applications response, comprising the one or more AIDs of the plurality of AIDs associated with the ADTI. In some embodiments, the enhanced available applications response message may be in the form of an enhanced PPSE (ePPSE) response.”).
Regarding the combination of Osborn-Aleksandrov-Aubin and Shenker, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to modify the secret processing system of Osborn-Aleksandrov-Aubin to arrive at the claimed invention. KSR establishes that a rationale for obviousness is proven by showing a “use of [a] known technique to improve similar devices in the same way.” See MPEP § 2143(I)(C).
To substantiate the conclusion of obviousness under this KSR rationale, the Examiner finds pursuant to MPEP § 2143(I)(C):
1) the prior art contained a base system, namely the secret processing system of Osborn-Aleksandrov-Aubin, upon which the claimed invention can be seen as an “improvement” through the use of an application availability feature;
2) the prior art contained a “comparable” system, namely the transaction system of Shenker, that has been improved in the same way as the claimed invention through the application availability feature; and
3) one of ordinary skill in the art could have applied the known improvement technique of applying the application availability feature to the base secret processing system of Osborn-Aleksandrov-Aubin, and the results would have been predictable to one of ordinary skill in the art.
Regarding Claim 15
Osborn in view of Aleksandrov and Aubin, and further in view of Shenker (“Osborn-Aleksandrov-Aubin-Shenker”) discloses the contactless access device of claim 14, and Shenker further discloses
wherein the method further comprises transmitting an application selection message comprising an application identifier to the user device (¶ [0085], “The access device 403 may then send [transmit] an ‘application selection’ command [message] including the selected AID [application identifier] to the user device 402.”).
Regarding the combination of Osborn-Aleksandrov-Aubin and Shenker, the rationale to combine is the same as provided for claim 14 due to the overlapping subject matter of claims 14 and 15.
Regarding Claim 16
Osborn-Aleksandrov-Aubin discloses the contactless access device of claim 15, and Osborn further discloses
wherein the method further comprises, {after receiving the user device interaction authorization result (Aubin ¶ [0014])},…1
transmitting a cryptogram request message to the user device and receiving a cryptogram from the user device in a cryptogram response message (Fig. 2B, Col. 9:18-27, “If a ‘match’ is determined at step 255, the cryptogram generating applet is instructed [via the transmitted PIN message that also serves as an implicit cryptogram request message] to generate a cryptogram at step 256 an to transmit the cryptogram back [as a response message] to the transaction device 222.”; and “When the contactless card is within range of the transaction device, at step 253 the transaction device 222 forwards [transmits] the input PIN to the contactless card [user device] 205,...”).
Conclusion
Any inquiry concerning this communication or earlier communications from the examiner should be directed to D'ARCY WINSTON STRAUB whose telephone number is (303)297-4405. The examiner can normally be reached Monday-Friday 9:00-5:00 Mountain Time.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, WILLIAM KORZUCH can be reached at (571)272-7589. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. Visit https://www.uspto.gov/patents/apply/patent-center for more information about Patent Center and https://www.uspto.gov/patents/docx for information about filing in DOCX format. For additional questions, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.
/D'Arcy Winston Straub/Primary Examiner, Art Unit 2491