Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .
DETAILED ACTION
This office action is in response to the communication filed on 8/13/2019.
Claims 1-12 have been examined.


Information Disclosure Statement
The information disclosure statements (IDS) submitted on 8/13/2019 and 2/13/2020 are in compliance with the provisions of 37 CFR 1.97.  Accordingly, the information disclosure statements are being considered by the examiner.

Specification
Applicant is reminded of the proper language and format for an abstract of the disclosure.

The abstract should be in narrative form and generally limited to a single paragraph on a separate sheet within the range of 50 to 150 words.  The form and legal phraseology often used in patent claims, such as "means" and "said," should be avoided.  The abstract should describe the disclosure sufficiently to assist readers in deciding whether there is a need for consulting the full patent text for details.

The language should be clear and concise and should not repeat information given in the title.  It should avoid using phrases which can be implied, such as, "The disclosure concerns," "The disclosure defined by this invention," "The disclosure describes," etc.

The abstract of the disclosure is objected to because the abstract should be a single paragraph, and should not include phrases which can be implied.  The examiner suggests removing the first line of the abstract.  Correction is required.  See MPEP § 608.01(b).
Claim Rejections - 35 USC § 102
In the event the determination of the status of the application as subject to AIA  35 U.S.C. 102 and 103 (or as subject to pre-AIA  35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status.  
The following is a quotation of the appropriate paragraphs of 35 U.S.C. 102 that form the basis for the rejections under this section made in this Office action:
A person shall be entitled to a patent unless –

(a)(1) the claimed invention was patented, described in a printed publication, or in public use, on sale or otherwise available to the public before the effective filing date of the claimed invention.


(a)(2) the claimed invention was described in a patent issued under section 151, or in an application for patent published or deemed published under section 122(b), in which the patent or application, as the case may be, names another inventor and was effectively filed before the effective filing date of the claimed invention.

Claims 1-4, 6, 7, and 9-12 are rejected under 35 U.S.C. 102(a)(1) as being anticipated by Deo (US Patent Number 5,594,227).
Regarding claim 1, Deo disclosed an IC card (Deo Fig. 2 Col. 4 Lines 8-51) comprising: a communicator which performs communication with a terminal device (Deo Fig. 2 Col. 4 Lines 8-51); a storage which stores authentication information for authenticating a user (Deo Fig. 2 Col. 4 Lines 8-51); and an authentication processor which performs personal authentication on the basis of input information received from the terminal device through the communicator and authentication information stored in the storage (Deo Fig. 7 and Col. 9 Lines 30-67), wherein the authentication processor extends an authentication processing time until completion of authentication becomes possible again on the basis of the number of times of the personal authentication having failed (Deo Fig. 7 and Col. 9 Lines 30-67). 


Regarding claim 2, Deo disclosed that the authentication processor extends the authentication processing time on the basis of a waiting time correlated with the number of times of successive authentication failures (Deo Fig. 7 and Col. 9 Lines 30-67). 
Regarding claim 3, Deo disclosed that the authentication processor increases a waiting time as the number of times of successive authentication failures increases (Deo Fig. 7 and Col. 9 Lines 30-67). 
Regarding claim 4, Deo disclosed that the authentication processor changes the waiting time correlated with the number of times of successive authentication failures on the basis of at least one of an authentication method, the strength of an encryption key and the strength of authentication information (Deo Fig. 7 and Col. 9 Lines 30-67 or Deo Col. 8 Line 65 – Col. 9 Line 13.  Deo Fig. 7 is an “authentication method” and based upon this “authentication method”, delay times are determined from the number of successive authentication failures.  Deo Fig. 5 teaches that the delay can be based on the length (strength) of the password, and that for each 
Regarding claim 6, Deo disclosed that the authentication processor waits for execution of processing after the input information has been received through the communicator until the waiting time elapses (Deo Fig. 7 and Col. 9 Lines 30-67 – the smartcard does not perform output processing until the delay has been fulfilled). 
Regarding claim 7, Deo disclosed that the authentication processor waits until the waiting time elapses before causing the communicator to transmit a result of personal authentication based on the input information and the authentication information to the terminal device (Deo Fig. 7 and Col. 9 Lines 30-67 – the smartcard does not perform output processing until the delay has been fulfilled). 
Regarding claim 9, Deo disclosed the authentication processor increases an authentication prohibition time period if the authentication processor failed to perform personal authentication (Deo Fig. 7 and Col. 9 Lines 30-67), wherein in the authentication prohibition time period, the authentication processor is prohibited to perform personal authentication, wherein the authentication prohibition time period starts at a time that the authentication processor failed to perform personal authentication (Deo Fig. 7 and Col. 9 Lines 30-67 – Deo teaches that upon determining that the authentication fails, the smart card delays for the determined delay period). 
Regarding claim 10, Deo disclosed that the authentication processor sets the authentication prohibition time period if the authentication processor failed to perform personal 
Regarding claim 11, Deo disclosed that the authentication processor sets a first authentication prohibition time period if the authentication processor failed to perform personal authentication in the absence of the first authentication prohibition time period which is set (Deo Fig. 7 and Col. 9 Lines 30-67.  Also see Deo Col. 6 Lines 40-45), wherein the authentication processor replaces the first authentication prohibition time period by a second authentication prohibition time period if the authentication processor failed to perform personal authentication in the presence of the first authentication prohibition time period which is set, wherein the second authentication prohibition time period is longer than the first authentication prohibition time period (Deo Fig. 7 and Col. 9 Lines 30-67.  Also see Deo Col. 6 Lines 40-55). 

Claim Rejections - 35 USC § 103
In the event the determination of the status of the application as subject to AIA  35 U.S.C. 102 and 103 (or as subject to pre-AIA  35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status.  
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102 of this title, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains.  Patentability shall not be negated by the manner in which the invention was made.


5 is rejected under 35 U.S.C. 103 as being unpatentable over Deo, and further in view of Wlodarczyk (US Patent Application Publication Number 2006/0015938).

Regarding claim 5, while Deo taught a system which implements wait times upon authentication failure, but did not explicitly teach a waiting time controller which changes the waiting time correlated with the number of times of successive authentication failures on the basis of a waiting time change request acquired through the communicator. 
Wlodarczyk taught in an smart card authentication system, upon a failed authentication attempt, waiting a duration before allowing a new authentication step, and further taught that the smart card can receive APDU commands and teaches tuning the parameters of the wait duration to balance security with usability (Wlodarczyk Paragraphs 0076-0087 for example).
It would have been obvious to the person having ordinary skill in the art before the effective filing date of the invention to have employed the teachings of Wlodarczyk in the smart card authentication system of Deo by incorporating APDU commands which allow the smart card delays to be tuned for each credential.  This would have been obvious because the person having ordinary skill in the art would have been motivated to balance security with usability.  

Claim 8 is rejected under 35 U.S.C. 103 as being unpatentable over Deo, and further in view of Proidl (US Patent Number 6,276,604).

While Deo taught the system being in a waiting state upon authentication failure, Deo did not explicitly teach that the authentication processor transmits information representing being in 
Proidl taught, in a smart card authentication system which incorporates a waiting period upon authentication failure, the smart card should cause a display to display an indication of the waiting period (Proidl Col. 10 Line 51 – Col. 11 Line 55).
It would have been obvious to the person having ordinary skill in the art before the effective filing date to have incorporated the teachings of Proidl in the smart card authentication system of Deo by causing display of a message indicating the delay and time left of the delay.  This would have been obvious because the person having ordinary skill in the art would have been motivated to provide a means to inform an authorized user that there have been possible tampering attempts and to provide an indication of how long ago the attempt occurred.  


Conclusion
Claims 1-12 have been rejected.
The prior art made of record and not relied upon is considered pertinent to applicant's disclosure. 
US 2014/0130117 taught generally the idea of increasing a timer for each time a password is wrong.
	US 2008/0072283 taught a smart card token authentication system which for each failed authentication attempt a counter is increased and a time delay is based upon the counter.  The time delay may, for example, increase exponentially based upon the counter.
	US 2009/0260078 taught in a system which increases time between authentication attempts based upon the number of failed attempts, the time between authentication attempts can also be based upon the security level of the particular authentication.



Any inquiry concerning this communication or earlier communications from the examiner should be directed to MATTHEW T HENNING whose telephone number is (571)272-3790.  The examiner can normally be reached on Monday- Thursday 9AM-5PM EST.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Ashok Patel can be reached on (571)272-3972.  The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system.  Status information for published applications may be obtained from either Private PAIR or Public PAIR.  Status information for unpublished applications is available through Private PAIR only.  For more information about the PAIR system, see https://ppair-my.uspto.gov/pair/PrivatePair. Should you have questions on access to the Private PAIR system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative or access to the automated information system, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.






/MATTHEW T HENNING/Primary Examiner, Art Unit 2491