Notice of AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .
Claim Rejections - 35 USC § 103
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.

Claims 1-12 are rejected under 35 U.S.C. 103 as being unpatentable over VAN OS et al. (US 20170339151), hereinafter VAN OS in view of Musabeyoglu et al. (US 10089801), hereinafter Musabeyoglu.
	Regarding Claim 1, VAN OS teaches
	A method comprising: transmitting, by a first user device, an interaction request to a remote computer via a long range communication channel (Para [0022] FIG. 1A is a block diagram illustrating a portable multifunction device with a touch-sensitive display in accordance with some embodiments. Para [0275] At block 902, a requesting device (e.g., 700, a laptop device that does not have a hardware token generator) receives selection of one or more options (e.g., 708, 718, 802G, 802H, 802J). For example, the requesting device receives user selection of a name or address of a remote server, …  Para [0276] At block 904, the requesting device (e.g., 700) receives selection of an option (e.g., 722, 822) to proceed with an action associated with the selected one or more options. In some examples, the action is creating a secure network connection); 
	transmitting, by the first user device, the authentication request message to a second user device via a short range communication channel (Para [0278] At block 908, the authenticating device (e.g., 500, a phone device that does have a hardware token generator; a phone device that does have a secure element) receives the request to proceed with the action. In some examples, the transmission of the request to proceed with the action from the requesting device (e.g., 700) to the authenticating device (e.g., 500) is direct…);
	receiving, by the first user device, an authentication response message comprising a response value from the second user device via the short range communication channel (Para [0282] At block 916, the authenticating device transmits a response to the request to proceed with the action. The response to the request to proceed with the action is based on the input that is responsive to the request for authorization to proceed with the action. Para [0283] At block 918, the requesting device receives (e.g., in response to transmitting the request; subsequent to transmitting the request) the response to the request to proceed with the action).
	VAN OS does not explicitly teach a method receiving, by the first user device, an authentication request message from the remote computer; and transmitting, by the first user device, the authentication response message to the remote computer causing the remote computer to verify the response value and perform further processing if the response value is verified.
	In the same field of endeavor, Musabeyoglu teaches
	receiving, by the first user device, an authentication request message from the remote computer (Col. 14, lines 32-37, The remote server 302 may determine (e.g., based on a user identifier included in the request) whether the user device 204 should be granted access to the system. Upon making this determination, the remote server 302 may provide the user device 204 with a public key from a public/private encryption key pair);
	transmitting, by the first user device, the authentication response message to the remote computer causing the remote computer to verify the response value and perform further processing if the response value is verified (Col. 14, lines 49-60, Upon receiving the nonce value, the user device 204 may generate an access token by encrypting a combination of the nonce value and a user identifier using the public encryption key received from the remote server. The user device may then provide the access token to the universal access control device in order to gain access to a location or resource secured by an access control system in communication with the universal access control device. The universal access control device, as described elsewhere, may then validate the access token. To do this, the universal access control device may transmit the access token to the remote server 302 to determine whether access should be granted. Col. 14, lines 61-67, Col.15, lines 1-3, Upon receiving the access token from the universal access control device, the remote server 302 may decrypt the access token using the private key of the public/private encryption key pair. In some cases, the remote server 302 may strip the nonce value from the decrypted data to obtain the user identifier. The remote server 302 may then determine whether the user identifier included in the access token has authority to access an access control point associated with the universal access control device from which the access request was received).
	It would have been prima facie obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to have modified the method taught by VAN OS to incorporate teachings of Musabeyoglu such that the method of VAN OS includes receiving, by the first user device, an authentication request message from the remote computer; and transmitting, by the first user device, the authentication response message to the remote computer causing the remote computer to verify the response value and perform further processing if the response value is verified. One would have been motivated to make such combination in order to provide access control device that may be installed in proximity to, or within, an access control system to enable a user to use a user device to gain access to a secure area or resource (Musabeyoglu, [Abstract]).
	Regarding Claim 2, the combination of VAN OS and Musabeyoglu teaches all the limitations of Claim 1 above,
Musabeyoglu, Col. 14, lines 12-15, FIG. 7 depicts a sequence diagram showing a data flow in which a user device is provided a secure method of exchanging access token information for use with a universal access control device. Col. 14, lines 22-30, In data flow 700, a user device 204 (which may be an example of user device 204 depicted in FIG. 2) may submit a request for a public key to the system.  In some embodiments, the universal access control device 206 (which may be an example of universal access control device 206 depicted in FIG. 2) may act as an intermediary or proxy by receiving the request and forwarding it to a remote server 302 (which may be an example of remote server 302 depicted in FIG. 3)).
	Regarding Claim 3, the combination of VAN OS and Musabeyoglu teaches all the limitations of Claim 1 above,
	wherein after receiving the authentication response message the method further comprises: displaying, by the first user device, the response value to a user of the first user device (VAN OS, Para [0279] At block 910, the authenticating device concurrently displays (e.g., in response to receiving the request), on the display of the authenticating device, an indication (e.g., 750, 850) of the request to proceed with the action, the information (e.g., 752, 852) about the selected one or more options, and an indication (e.g., 754, 854) of the requesting device (e.g., the name of the requesting laptop or phone, an identifier of the requesting device, or an icon or image that represents the requesting device such as a line drawing of a housing of the device)); and
	receiving, by the first user device, user input comprising the response value (VAN OS, Para [0281] At block 914, the authenticating device receives an input that is responsive to the request for authorization to proceed with the action (e.g., user authentication information, a fingerprint of finger 758/858, a passcode).
	Regarding Claim 4, the combination of VAN OS and Musabeyoglu teaches all the limitations of Claim 1 above,

	wherein the short range communication channel includes a BluetoothTM communication channel (VAN OS, Para [0222] In some examples, requesting device 700 and authenticating device 500 are configured to be in communication, such as via wireless communication. For example, the requesting device 700 and authenticating device 500 may be in communication via a personal area network, a local area network, a wide area network, Bluetooth, WLAN, a cellular network, or any combination thereof), and
	wherein the long range communication channel includes a communication channel that uses the Internet (Musabeyoglu, Col. 9, lines 33-42, FIG. 3 depicts an illustrative example of a system or architecture 300 for a remote server that provides support for a universal access control device that may be implemented in accordance with at least some embodiments. In FIG. 3, a remote server 302 may be in communication with a universal access control device 206 and one or more user devices 204 via a network 304. The network 304 may include any one or a combination of many different types of networks, such as cable networks, the Internet, wireless networks, cellular networks, and other private and/or public networks).
	The motivation/rationale to combine the references is similar to claim 1 above.
	Regarding Claim 5, the combination of VAN OS and Musabeyoglu teaches all the limitations of Claim 1 above,
	wherein further processing includes transferring data between the first user device and a peer device, allowing a user of the first user device to access a secure location, data, and/or webpage, and/or performing a peer-to-peer transfer of value (Musabeyoglu, Col. 14, lines 12-21,   FIG. 7 depicts a sequence diagram showing a data flow in which a user device is provided a secure method of exchanging access token information for use with a universal access control device. Ultimately the access decision is made via a remote server and that decision is returned to the universal access control device. Data exchanged in the manner described may be encrypted end-to-end with a public key associated with the remote server, even in embodiments in which the universal access control device serves as an intermediary).
Regarding Claim 6,
Claim 6 is rejected for similar reasons as in claim 1.
Regarding Claim 7,
Claim 7 is rejected for similar reasons as in claim 2.
Regarding Claim 8,
Claim 8 is rejected for similar reasons as in claim 3.
Regarding Claim 9,
Claim 9 is rejected for similar reasons as in claim 4.
Regarding Claim 10,
Claim 10 is rejected for similar reasons as in claim 5.
	Regarding Claim 11, VAN OS teaches
A method comprising: receiving, by a second user device, an authentication request message from a first user device via a short range communication channel (Para [0282] At block 916, the authenticating device transmits a response to the request to proceed with the action. The response to the request to proceed with the action is based on the input that is responsive to the request for authorization to proceed with the action. Para [0283] At block 918, the requesting device receives (e.g., in response to transmitting the request; subsequent to transmitting the request) the response to the request to proceed with the action);
	generating, by the second user device, a response value based on the authentication request message and a second user device identifier (Van OS, Para [0218] In some examples, a secure element is a hardware component (e.g., a secure microcontroller chip) configured to securely store data or an algorithm. Para [0287] In some examples, the authenticating device (e.g., 500) includes hardware (e.g., a hardware token generator, a secure element) configured to respond (e.g., by generating or providing a token, by generating or providing payment information) to the input that is responsive to the request for authorization to proceed with the action …); Examiner submits that the secure element includes the device identifier.
	transmitting, by the second user device, an authentication response message comprising the response value to the first user device (Van OS, Para [0282] At block 916, the authenticating device transmits a response to the request to proceed with the action. The response to the request to proceed with the action is based on the input that is responsive to the request for authorization to proceed with the action),
	VAN OS does not explicitly teach a method generating, by the second user device, a response value based on the authentication request message and a second user device identifier; and wherein the first user device transmits the authentication response message to a remote computer causing the remote computer to verify the response value and perform further processing if the response value is verified.
	
	Although VAN OS teaches generating a response value based on the authentication request message and a second user device identifier as described above; in the same field of endeavor, Musabeyoglu  teaches
	generating, by the second user device, a response value based on the authentication request message and a second user device identifier (Col. 16, lines 34-42, At 812, the universal access control device may determine the validity of the access token. ... The universal access control device may also send an identifier associated with the user device from which the access token was received. In some embodiments, the remote server may provide a list of authorized access tokens to the universal access control device to be stored in memory of the universal access control device); and 
	wherein the first user device transmits the authentication response message to a remote computer causing the remote computer to verify the response value and perform further processing if the response value is verified. (Col. 14, lines 49-60, Upon receiving the nonce value, the user device 204 may generate an access token by encrypting a combination of the nonce value and a user identifier using the public encryption key received from the remote server. The user device may then provide the access token to the universal access control device in order to gain access to a location or resource secured by an access control system in communication with the universal access control device. The universal access control device, as described elsewhere, may then validate the access token. To do this, the universal access control device may transmit the access token to the remote server 302 to determine whether access should be granted. Col. 14, lines 61-67, Col.15, lines 1-3, Upon receiving the access token from the universal access control device, the remote server 302 may decrypt the access token using the private key of the public/private encryption key pair. In some cases, the remote server 302 may strip the nonce value from the decrypted data to obtain the user identifier. The remote server 302 may then determine whether the user identifier included in the access token has authority to access an access control point associated with the universal access control device from which the access request was received).
	It would have been prima facie obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to have modified the method taught by VAN OS to incorporate teachings of Musabeyoglu such that the method of VAN OS includes wherein the first user device transmits the authentication response message to a remote computer causing the remote computer to verify the response value and perform further processing if the response value is verified. One would have been motivated to make such combination in order to provide access control device that may be 
Regarding Claim 12,
Claim 12 is rejected for similar reasons as in claim 2.
Claims 13 and 14 are rejected under 35 U.S.C. 103 as being unpatentable over VAN OS et al. (US 20170339151), hereinafter VAN OS in view of Musabeyoglu et al. (US 10089801), hereinafter Musabeyoglu, in view of Hammad (US 9372971), hereinafter Hammad.
	Regarding Claim 13, the combination of VAN OS and Musabeyoglu teaches all the limitations of Claim 11 above,
	The combination of VAN OS and Musabeyoglu does not explicitly teach wherein generating the response value further comprises: inputting, by the second user device, a token included in the authentication request message and the second user device identifier into a hash function; and obtaining, by the second user device, the response value as an output of the hash function.
	In the same field of endeavor, Hammad teaches
	wherein generating the response value further comprises: inputting, by the second user device, a token included in the authentication request message and the second user device identifier into a hash function (Col. 24, lines 19-25, In each of the embodiments described herein pertaining to verification token 40, token 40 may send the identification information pertaining to portable consumer device 5 to computer 10 in a number of forms, including: (1) unaltered form ("clear form"), (2) encrypted form, (3) hashed formed (e.g., encoded), (4) signed form, (5) or any combination of these form); and
	obtaining, by the second user device, the response value as an output of the hash function (Col. 24, lines 31-40, In each of the embodiments described herein pertaining to verification token 40, the above codes of token 40 and the identification information read from device 5 by token 40 may be stored independently of computer 10 and may be secure from programs (including spyware and other malicious programs) running on computer 10. In such implementations, the identification information is put in secure form (e.g., encrypted, hashed, signed, or combination thereof) by verification token 40 before the information is provided to computer 10).
	It would have been prima facie obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to have modified the method taught by combination of VAN OS and Musabeyoglu to incorporate teachings of Musabeyoglu such that the method of combination of VAN OS and Musabeyoglu includes wherein generating the response value further comprises: inputting, by the second user device, a token included in the authentication request message and the second user device identifier into a hash function; and obtaining, by the second user device, the response value as an output of the hash function. One would have been motivated to make such combination in order to provide verification token for obtaining a device verification value for a portable consumer device (Hammad, Col. 2, lines 14-15).
	Regarding Claim 14, the combination of VAN OS, Musabeyoglu and Hammad teaches all the limitations of Claim 11 and Claim 13 above,
	wherein the remote computer determines an expected response value based on a stored second user device identifier and the token (Hammad, Col. 35, lines 13-24, Before receiving identification information for a portable consumer device 5 from a token, the issuing bank for the device may provide validation entity 80 with the look-up table, algorithm (including any seed values), or other data elements that the device uses to generate the device's variable datum (e.g., CVC3, dCVV, or cryptogram), which entity 80 may store in one of its databases 86. When validation entity 80 receives identification information from a verification token 40 for a specific portable consumer device 5, it accesses its record of the look-up table, algorithm, or other data elements for the specific device 5 to determine its value or set of values for the device's variable datum,…),
Hammad, Col. 35, lines 24-40 …, and compares the received value for a variable datum (e.g., CVC3, dCVV, or cryptogram) against its value or set of acceptable values for the variable datum to determine if the fifth validation test has been passed (e.g., a match in values is found), or has been failed (e.g., a match has not been found). To implement the fifth validation test, validation entity 80 may comprise code embodied on computer-readable medium 82 that directs data processor 81 to access the one or more stored data elements used to obtain the variable datum for the account from one of databases 86, code that directs data processor 81 to obtain one or more acceptable values for the variable datum from the one or more stored data elements, and code that directs data processor 81 to compare the received variable datum and the one or more acceptable values for a match to determine if the fifth test is passed (a match is found) or failed (a match is not found)).
	The motivation/rationale to combine the references is similar to claim 13 above.
Conclusion
Any inquiry concerning this communication or earlier communications from the examiner should be directed to HAMID TALAMINAEI whose telephone number is (571)270-3283.  The examiner can normally be reached on Flexible, M-F 7:30 -5:30.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Shewaye Gelagay can be reached on (571) 272-4219.  The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system.  Status information for published applications may be obtained 




/HAMID TALAMINAEI/Examiner, Art Unit 2436                                                                                                                                                                                                        
/Kevin Bechtel/Primary Examiner, Art Unit 2491