DETAILED ACTION
This is a non-final office action on the merits. The U.S. Patent and Trademark Office (the Office) has received claims 1 -20 in application 19/208373.
Claims 1-20 are pending and have been examined on the merits.
Notice of Pre-AIA or AIA Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .
Claim Interpretation
Please refer to MPEP §2111 - “Claim Interpretation; Broadest Reasonable Interpretation”. Claims must be given their broadest reasonable interpretation in light of the specification. Claims 1, 2, 3, 9, 10, 11, 15, 16, and 17 mentions the phrase “sensitive action” in which is defined in applicant’s specification ¶ 0050-0055. In ¶ 0052, “sensitive action” broadly described as “Other types of sensitive actions may be included as is necessary and/or desired”, therefore, the claim will be interpreted as such.
Claim Rejections - 35 USC § 102
The following is a quotation of the appropriate paragraphs of 35 U.S.C. 102 that form the basis for the rejections under this section made in this Office action:
A person shall be entitled to a patent unless –
(a)(1) the claimed invention was patented, described in a printed publication, or in public use, on sale, or otherwise available to the public before the effective filing date of the claimed invention.
(a)(2) the claimed invention was described in a patent issued under section 151, or in an application for patent published or deemed published under section 122(b), in which the patent or application, as the case may be, names another inventor and was effectively filed before the effective filing date of the claimed invention.
Claim(s) 8 is/are rejected under 35 U.S.C. 102(a)(2) as being anticipated by Rule (US20200242588A1).
Regarding Claim 8. Rule teaches:
A method, comprising: receiving, by a mobile application executed by a mobile electronic device, a selection of an action to execute;
Rule - when the account number field 201 receives focus (e.g., is selected by the user) (¶ 0041). once the user taps the expiration date field 302, the account application 113 and/or the autofill service 114 may output a notification 305 to tap the contactless card 101 (¶ 0047).
communicating, by the mobile application, the action to a backend computer program executed by a backend electronic device;
Rule - The application may transmit the encrypted data received from the contactless card to a server for verification (¶ 0012). The account application 113 of the mobile device 110 may then transmit the encrypted data to the server 120 (¶ 0026).
receiving, by the mobile application and from the backend computer program, a notification to display an instruction to present a wireless-enabled device to the mobile electronic device;
Rule - the account application 113…on the mobile device 110 may output a notification 304 specifying to tap the contactless card 101 to the mobile device 110 (¶ 0044).
displaying, by the mobile application, the instruction;
Rule - the account application 113…on the mobile device 110 may output a notification 304 specifying to tap the contactless card 101 to the mobile device 110 (¶ 0044).
wirelessly receiving, by the mobile application, device information from a wireless-enabled device;
Rule - The contactless card 101 may then transmit the encrypted data (e.g., the encrypted customer ID 109) to the account application 113 of the mobile device 110 (e.g., via an NFC connection, Bluetooth connection, etc.) (¶ 0026).
communicating, by the mobile application, the device information to the backend computer program; and
Rule - prompt the user to tap a contactless card (¶ 0020). The account application 113 of the mobile device 110 may then transmit the encrypted customer ID (¶ 0037).
receiving, by the mobile application, a notification from the backend computer program based on execution of the action.
Rule - Upon verifying the data, the server may transmit card data (¶ 0012). After verifying the encrypted customer ID 109 of FIG. 1A, the management application 123 of the server 120 transmits the card data 103 from the server 120 to the mobile device 110 (¶ 0039).
Claim Rejections - 35 USC § 103
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.
The factual inquiries for establishing a background for determining obviousness under 35 U.S.C. 103 are summarized as follows:
1. Determining the scope and contents of the prior art.
2. Ascertaining the differences between the prior art and the claims at issue.
3. Resolving the level of ordinary skill in the pertinent art.
4. Considering objective evidence present in the application indicating obviousness or nonobviousness.
Claim(s) 1-7 and 9-20 is/are rejected under 35 U.S.C. 103 as being unpatentable over Rule in view of Ting (US20070186106A1).
Regarding Claim 1. Rule teaches:
A method, comprising: receiving, by a computer program executed by an electronic device and from a mobile application executed by a mobile electronic device, an action selected by a user;
Rule - account application 113 when the account number field 201 receives focus (e.g., is selected by the user) (¶ 0041). once the user taps the expiration date field 302, the account application 113 and/or the autofill service 114 may output a notification 305 to tap the contactless card 101 (¶ 0047).
causing, by the computer program, the mobile application to display an instruction to present a wireless-enabled device to the mobile electronic device;
Rule - notification 206 instructs the user to tap the contactless card 101 to the mobile device 110 (¶ 0041). the account application 113…on the mobile device 110 may output a notification 304 specifying to tap the contactless card 101 to the mobile device 110 (¶ 0044).
receiving, by the computer program and from the mobile application, device information that was received wirelessly from the wireless-enabled device;
Rule - The contactless card 101 may then transmit the encrypted data (e.g., the encrypted customer ID 109) to the account application 113 of the mobile device 110 (e.g., via an NFC connection, Bluetooth connection, etc.) (¶ 0026). contactless card 101 further includes an indication of the counter value 104 along with the encrypted data (¶ 0074).
validating, by the computer program, the device information; and
Rule - the server 120 verifies the encrypted customer ID…”and” a match of the customer ID values verifies the encrypted data received from the contactless card (¶ 0038). the management application 123 may validate the data received from the contactless card 101 at block 545. For example, the management application 123 may compare the customer identifier 107 to a customer identifier for the associated account in the account data 124, and validate the data based on a match (¶ 0075).
executing, by the computer program, the sensitive action in response to the device information being validated.
Rule - The application may transmit the encrypted data received from the contactless card to a server for verification. Upon verifying the data, the server may transmit card data (e.g., an account number, expiration date, name, addresses, and/or CVV) to the device. Whether received from the contactless card, from the server, or locally, the card data may then be provided to an autofill service of the operating system of the device. The autofill service may then automatically populate the card data to the form field (e.g., populate the account number into an account number form field, etc.) (¶ 0012).
Rule does not teach, however Ting discloses:
determining, by the computer program, that the action is a sensitive action;
Ting - rules can include time-based access rules (e.g., a user cannot access a certain resource during non-business hours), location-based access rules…and/or resource-based rule (¶ 0012).
Therefore, it would have been obvious to one of ordinary skilled of the art before the effective filing date of the claimed invention to modify the mobile application and workflow of Rule with the policy of Ting because doing so determines if the action is sensitive and triggers an authentication process which improves security when a risk is determined.
Regarding Claims 2, 10, and 16. The combination of Rule and Ting further discloses:
The method of claims 1 and 9 and the system of claim 15, wherein the action is determined to be the sensitive action based on a time of day and/or a location of the mobile electronic device.
Ting - The policy may also include individual rules related to different types of biometric authentication, password presentation, time-of-day, day-of-week, concurrent application usage and physical location restrictions (¶ 0046).
Therefore, it would have been obvious to one of ordinary skilled of the art before the effective filing date of the claimed invention to modify the mobile application and workflow of Rule with the policy of Ting because doing so determines if the action is sensitive and triggers an authentication process which improves security when a risk is determined.
Regarding Claims 3, 11, and 17. The combination of Rule and Ting further discloses:
The method of claims 1 and 9 and the system of claim 15, wherein the action is determined to be the sensitive action based on a type of action.
Ting - Other rules and policies can include time-based rules (e.g., multiple criteria required during non-business hours), workflow-based rules (e.g., different policies for different applications or portions thereof) as well as combinations of rules (¶ 0064).
Therefore, it would have been obvious to one of ordinary skilled of the art before the effective filing date of the claimed invention to modify the mobile application and workflow of Rule with the policy of Ting because doing so determines if the action is sensitive and triggers an authentication process which improves security when a risk is determined.
Regarding Claims 4, 12, and 18. The combination of Rule and Ting further discloses:
The method of claims 1 and 8 and the system of claim 15, wherein the wireless-enabled device comprises a wireless-enabled financial instrument, and the device information comprises information stored by a chip on the wireless-enabled financial instrument.
Rule - tap the contactless card 101 to the mobile device (¶ 0025).
Regarding Claims 5, 14, and 20. The combination of Rule and Ting further discloses:
The method of claims 1 and 8 and the system of claim 15, wherein the device information is received by near field communication.
Rule - the contactless card 101 may transmit the encrypted data to the account application 113 of the mobile device 110, e.g., using NFC (¶ 0074).
Regarding Claims 6. The combination of Rule and Ting further discloses:
The method of claim 1, further comprising: receiving, by the computer program, a timestamp with the device information.
Rule - the contactless card 101 transmits the counter value 104 with the encrypted data (¶ 0026).
Regarding Claims 7. The combination of Rule and Ting further discloses:
The method of claim 1, further comprising: communicating, by the computer program, a notification to the mobile application that the action was executed.
Rule - Doing so allows the user to manually enter the expiration date and CVV to the corresponding form fields while the notification remains in view. In some embodiments, the account application 113 and/or the autofill service 114 may also copy the expiration date, billing address, and/or the CVV to the clipboard 116, allowing the expiration date, billing address, and/or the CVV to be pasted to the corresponding form fields (¶ 0035).
Regarding Claim 9. The combination of Rule and Ting further discloses:
The method of claim 8, wherein the backend computer program is configured to determine that the action is a sensitive action.
Ting - rules can include time-based access rules (e.g., a user cannot access a certain resource during non-business hours), location-based access rules…and/or resource-based rule (¶ 0012).
Therefore, it would have been obvious to one of ordinary skilled of the art before the effective filing date of the claimed invention to modify the mobile application and workflow of Rule with the policy of Ting because doing so determines if the action is sensitive and triggers an authentication process which improves security when a risk is determined.
Regarding Claim 13. The combination of Rule and Ting further discloses:
The method of claim 8, further comprising: communicating, by the mobile application and to the backend computer program, a timestamp with the device information.
Rule - the contactless card 101 transmits the counter value 104 with the encrypted data (¶ 0026).
Regarding Claim 15. Rule teaches:
A system, comprising: a mobile electronic device executing a mobile application; and
Rule - The application may transmit…to a server (¶ 0012).
a backend computer program executed by a backend electronic device;
Rule - The application may then receive, from a server, verification of the encrypted data, the server to decrypt the encrypted data based on the cryptographic algorithm (¶ 0003).
wherein: the mobile application is configured to receive a selection of an action to execute and to communicate the action to the backend computer program;
Rule - selected by the user (¶ 0041). data may be transmitted to a server (¶ 0062).
the backend computer program is configured to send a notification to the mobile application to display an instruction to present a wireless-enabled device to the mobile electronic device;
Rule - notification 206 instructs the user to tap the contactless card 101 to the mobile device 110 (¶ 0041). the account application 113…on the mobile device 110 may output a notification 304 specifying to tap the contactless card 101 to the mobile device 110 (¶ 0044).
the mobile application is configured to present the instruction;
Rule - notification 206 instructs the user to tap the contactless card 101 to the mobile device 110 (¶ 0041). the account application 113…on the mobile device 110 may output a notification 304 specifying to tap the contactless card 101 to the mobile device 110 (¶ 0044).
the mobile application is configured to wirelessly receive device information from a wireless-enabled device and to communicate the device information to the backend computer program;
Rule - The contactless card 101 may then transmit the encrypted data (e.g., the encrypted customer ID 109) to the account application 113 of the mobile device 110 (e.g., via an NFC connection, Bluetooth connection, etc.) (¶ 0026). contactless card 101 further includes an indication of the counter value 104 along with the encrypted data (¶ 0074).
the backend computer program is configured to validate the device information; and
Rule - the server 120 verifies the encrypted customer ID…”and” a match of the customer ID values verifies the encrypted data received from the contactless card (¶ 0038). the management application 123 may validate the data received from the contactless card 101 at block 545. For example, the management application 123 may compare the customer identifier 107 to a customer identifier for the associated account in the account data 124, and validate the data based on a match (¶ 0075).
the backend computer program is configured to execute the sensitive action in response to the device information being validated.
Rule - The application may transmit the encrypted data received from the contactless card to a server for verification. Upon verifying the data, the server may transmit card data (e.g., an account number, expiration date, name, addresses, and/or CVV) to the device. Whether received from the contactless card, from the server, or locally, the card data may then be provided to an autofill service of the operating system of the device. The autofill service may then automatically populate the card data to the form field (e.g., populate the account number into an account number form field, etc.) (¶ 0012).
Rule does not teach, however Ting discloses:
the backend computer program is configured to determine that the action is a sensitive action;
Ting - rules can include time-based access rules (e.g., a user cannot access a certain resource during non-business hours), location-based access rules…and/or resource-based rule (¶ 0012).
Therefore, it would have been obvious to one of ordinary skilled of the art before the effective filing date of the claimed invention to modify the mobile application and workflow of Rule with the policy of Ting because doing so determines if the action is sensitive and triggers an authentication process which improves security when a risk is determined.
Regarding Claim 9. The combination of Rule and Ting further discloses:
The system of claim 15, wherein the mobile application is configured to communicate a timestamp with the device information to the backend computer program.
Rule - the contactless card 101 transmits the counter value 104 with the encrypted data (¶ 0026).
Conclusion
The prior art made of record and not relied upon is considered pertinent to applicant's disclosure. Hernacki - (US20110154434A1) - A system and a method are disclosed for authenticating a user of a mobile computing device. Information is received describing the location of the mobile computing device. The information can include the current location of the device or a current type of user activity associated with a location. A current timeout length is determined based on this information. If the mobile computing device has remained idle for a time period equal to the current timeout length, the user of the mobile computing device is authenticated.
Any inquiry concerning this communication or earlier communications from the examiner should be directed to CHRISTINA C whose telephone number is (571)270-7280. The examiner can normally be reached on Monday-Friday from 8am to 5pm.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Patrick Mcatee, can be reached at telephone number 571-272-7575. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of an application may be obtained from Patent Center. Status information for published applications may be obtained from Patent Center. Status information for unpublished applications is available through Patent Center for authorized users only. Should you have questions about access to Patent Center, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free).
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) Form at https://www.uspto.gov/patents/uspto-automated- interview-request-air-form.
/C.C.S./Examiner, Art Unit 3698
/PATRICK MCATEE/Supervisory Patent Examiner, Art Unit 3698