DETAILED ACTION
Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .

Status of Claims
Claims 1-13 are pending in this Office Action.

Priority
Receipt is acknowledged of certified copies of papers required by 37 CFR 1.55.

Information Disclosure Statement
The information disclosure statement (IDS) submitted on 11/19/2019 filed is/are in compliance with the provisions of 37 CFR 1.97.  Accordingly, the information disclosure statement is being considered by the examiner.

Drawings
The formal drawings received on 11/19/2019 have been entered.

Interview
An examiner-initiated interview was conducted with the applicant's representative, BRIAN HANNON, on August 2, 2021 to discuss allowable subject matter. The examiner presented allowable subject matter to place the application in 

Claim Rejections - 35 USC § 112
The following is a quotation of the first paragraph of 35 U.S.C. 112(a):
(a)  IN GENERAL.—The specification shall contain a written description of the invention, and of the manner and process of making and using it, in such full, clear, concise, and exact terms as to enable any person skilled in the art to which it pertains, or with which it is most nearly connected, to make and use the same,  and shall set forth the best mode contemplated by the inventor or joint inventor of carrying out the invention.

The following is a quotation of the first paragraph of pre-AIA  35 U.S.C. 112:
The specification shall contain a written description of the invention, and of the manner and process of making and using it, in such full, clear, concise, and exact terms as to enable any person skilled in the art to which it pertains, or with which it is most nearly connected, to make and use the same, and shall set forth the best mode contemplated by the inventor of carrying out his invention.

Claims 1-13 are rejected under 35 U.S.C. 112(a) or 35 U.S.C. 112 (pre-AIA ), first paragraph, as failing to comply with the written description requirement.  The claim(s) contains subject matter which was not described in the specification in such a way as to reasonably convey to one skilled in the relevant art that the inventor or a joint inventor, or for pre-AIA  the inventor(s), at the time the application was filed, had possession of the claimed invention. MPEP 2161.01(I) and 2163.05(I)(3)(ii) give guidance. Generic claim language in the original disclosure does not satisfy the written description requirement if it fails to support the scope of the genus claimed. Ariad Pharms, Inc. v. Eli Lilly & Co., 598 F.3d 1336, 1350 (Fed. Cir. 2010)(en banc); Enzo Biochem, Inc. v. Gen-Probe, Inc., 323 F.3d 956, 968, 63 USPQ2d 1609, ___ (Fed. Cir. Fiers v. Revel, 984 F.2d 1164, 1170, 25 USPQ2d 1601, ___ (Fed. Cir. 1993) (rejecting the argument that “only similar language in the specification or original claims is necessary to satisfy the written description requirement”).
Even original claims may fail to satisfy the written description requirement when the invention is claimed and described in functional language but the specification does not sufficiently identify how the invention achieves the claimed function. Ariad, 598 F.3d at 1349 (“[A]n adequate written description of a claimed genus requires more than a generic statement of an invention’s boundaries.”) (citing Regents of the University of California v. Eli Lilly, 119 F.3d 1559, 1568). In Ariad, the court recognized the problem of using functional claim language without providing in the specification examples of species that achieve the claimed function:
“The problem is especially acute with genus claims that use functional language to define the boundaries of a claimed genus. In such a case, the functional claim may simply claim a desired result, and may do so without describing species that achieve that result. But the specification must demonstrate that the applicant has made a generic invention that achieves the claimed result and do so by showing that the applicant has invented species sufficient to support a claim to the functionally-defined genus.” Ariad, 598 F.3d at 1349.
The standard for description of computer-implemented functions is a description within the specification itself of the algorithm steps that are necessary to perform the In re Hayes Microcomputer Prods., Inc. Patent Litigation, 982 F.2d 1527, 1533-34, 25 USPQ2d 1241, ___ (Fed. Cir. 1992). See also Aristocrat Technologies v. IGT, 521 F.3d 1328 (Fed. Cir. 2008). Specifically, if one skilled in the art would know how to program the disclosed computer to perform the necessary steps described in the specification to achieve the claimed function and the inventor was in possession of that knowledge, the written description requirement would be satisfied. Hayes, 982 F.2d at 1534.
Further, when a specification provides a single means of performing a function it does not entitle the inventor to all means of achieving the function. Lizardtech Inc. v. Earth Res. Mapping Inc., 424 F.3d 1336, 1346 (Fed. Cir. 2005). The written description requirement for a claimed genus may be satisfied through sufficient description of a representative number of species by actual reduction to practice (see MPEP 2163.05(I)(3)(i)(A)), reduction to drawings ((i)(B)), or by disclosure of relevant, identifying characteristics, i.e., structure or other physical and/or chemical properties, by functional characteristics coupled with a known or disclosed correlation between function and structure, or by a combination of such identifying characteristics, sufficient to show the applicant was in possession of the claimed genus ((i)(C)). See Eli Lilly, 119 F.3d at 1568.
Thus it is clear what is required of computer-implemented functional claims: As Ariad stated, mere claim to the functionality, without more, is insufficient to meet the written description requirement. Hayes and Aristocrat teach that the applicant must provide at least a single means of achieving the function within the specification itself. That means the algorithm steps which achieve the function must be described in sufficient detail that one of ordinary skill in the art would reasonably conclude that the applicant had 
In the instant case:
Examiner contends that Applicant does not even disclose a representative number of species (i.e., algorithms or steps/procedures) in the specification for the claimed genus for achieving the functionality “checking if the decrypted physical quantity of the received onetime password (OTP) corresponds to the physical quantity determined in the reading device (3) and received in the information about the physical quantity, and if the state of the counter is different from a received previous state of the counter so as to authenticate the transponder” of claim(s) 1. The aforementioned limitations are merely examples and there may be additional limitations for which the Applicant does not even disclose a representative number of species in the specification for the claimed genus for achieving the additional functionalities. A claim to functionality must be supported by at least a single algorithm or step/procedure for achieving it, see Ariad and Hayes, above. Even if Applicant discloses an algorithm or step/procedure for achieving the functionality, a claim to functionality is overbroad of the disclosure of a single means of achieving it, as described by Lizardtech, Ariad and Eli Lily above. Because applicant is seeking to claim more than he has invented, the full scope of his claim is not described and a 112, 1st rejection is proper.

The following is a quotation of 35 U.S.C. 112(b):
(b)  CONCLUSION.—The specification shall conclude with one or more claims particularly pointing out and distinctly claiming the subject matter which the inventor or a joint inventor regards as the invention.


The following is a quotation of 35 U.S.C. 112 (pre-AIA ), second paragraph:
The specification shall conclude with one or more claims particularly pointing out and distinctly claiming the subject matter which the applicant regards as his invention.


Claim(s) 1-13 is/are rejected under 35 U.S.C. 112(b) or 35 U.S.C. 112 (pre-AIA ), second paragraph, as being indefinite for failing to particularly point out and distinctly claim the subject matter which the inventor or a joint inventor (or for applications subject to pre-AIA  35 U.S.C. 112, the applicant), regards as the invention.
Claim(s) 1-13 rejected as failing to define the invention in the manner required by 35 U.S.C. 112(b) or pre-AIA  35 U.S.C. 112, second paragraph. The claim(s) are narrative in form and replete with indefinite language. The structure which goes to make up the device must be clearly and positively specified. The structure must be organized and correlated in such a manner as to present a complete operative device. Note the format of the claims in the patent(s) cited.
Claim 13 is rejected as being indefinite, as it is unclear from the claim language whether it is a system claim or a method claim. According to the preamble of claim 13, it appears that claim 13 is a system claim; however, since claim 13 depends from claim 1, which is a method claim, it is unclear if claim 13 is a system claim or a method claim.

Claim Rejections - 35 USC § 103
In the event the determination of the status of the application as subject to AIA  35 U.S.C. 102 and 103 (or as subject to pre-AIA  35 U.S.C. 102 and 103) is incorrect, any 
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.

Claim(s) 1, 2, 11, and 13 is/are rejected under 35 U.S.C. 103 as being unpatentable over George, Michael A. (Pub. No.: US 20190014107, hereinafter, “George”) in view of Koneru, Srikanth P. (Pub. No.: US 2016/0021103, hereinafter, “Koneru”), and further in view of Spangler et al. (Patent No.: US 9,292,668, hereinafter, “Spangler”) and Tyagi et al. (Pub. No.: US 2019/0356652, hereinafter, “Tyagi”).
Claims 1, 13. George teaches:
Method of securely authenticating a transponder (1) in communication with a server (2), – in paragraphs [0021], [0022], [0027], Fig. 1 (The environment 100 shows that mobile computing device 120 is operated by an administrator or operator 110. Server 102, tag 121 and device 120 may each comprise a computing device 600. OTPs avoid shortcomings that are associated with traditional (static) password-based authentication, such as replay attacks (i.e., when an intruder records an OTP that was already used to log into a service) and instances where the same password is used for 
the transponder comprising a processing unit connected to a memory unit, to a counter and to connection means so as to establish a communication with the server (2), – in paragraph [0021] (The tag 121 may be a smart card, chip card, or integrated circuit card (ICC), which is a pocket-sized card that includes non-volatile memory for storing data (such as a unique identifier, and a uniform resource locator) and an embedded integrated circuit for delivering stored data, such as generating a one-time-password (OTP).)
characterised in that the method comprises the steps of: calculating a one-time password (OTP), – in paragraphs [0021], [0027] (The tag 121 may be a smart card, chip card, or integrated circuit card (ICC), which is a pocket-sized card that includes non-volatile memory for storing data (such as a unique identifier, and a uniform resource locator) and an embedded integrated circuit for delivering stored data, such as generating a one-time-password (OTP).Various methods are well known in the art for generating an OTP, such as time-synchronized generation of an OTP (which uses hardware called a security token) and mathematical algorithms that use a seed and a hash function. A one-time-password (OTP) generation identifier is simply a unique identifier that identifies the method of generating an OTP used in a particular instance.)
transmitting the one-time password (OTP) to the server (2) by means of the reading device (3), which determines the physical quantity of the transponder (1), and transmitting to the server (2), in addition to the onetime password (OTP), the information about the physical quantity determined in the reading device (3), receiving the one-time password (OTP) in the server (2) with the information about the physical quantity of the reading device (3), – in paragraphs [0029], [0031] (The processor of the device 120 is configured for reading data 202 from the identification tag 121, wherein the data 202 includes at least a unique identifier, a one-time password, and a data packet, which may include an address for a server, such as a universal resource location (URL). Data 202 may also include a photograph of the object or location. In step 306, the device 120 transmits a request 204 to the server 102 identified in the data packet. The request 204 may include the unique identifier, the OTP, a current time stamp and the current geographical location.)

George does not explicitly teach:
wherein the one-time password (OTP) is calculated in the processing unit of the transponder (1) with the help of a dedicated algorithm, said algorithm being stored, on the basis of the current state of the counter and on the basis of a physical quantity determined in the transponder (1), checking if the decrypted physical quantity of the received onetime password (OTP) corresponds to the physical quantity determined in the reading device (3) and received in the information about the physical quantity, and if the state of the counter is different from a received previous state of the counter so as to authenticate the transponder.
However, Koneru teaches:
wherein the one-time password (OTP) is calculated in the processing unit of the transponder (1) with the help of a dedicated algorithm, said algorithm being stored, on the basis of the current state of the counter and on the basis of a physical quantity determined in the transponder (1), – in paragraph [0028] (Client device 210 may include an application to generate a password (e.g., a time and location-based password), used to verify the location of client device 210 at a particular time, based on location information and time information. In some implementations, client device 210 may generate the password using a random key generator, a hash-based message authentication code (HMAC) algorithm, a time-based one-time password (TOTP) algorithm, an HMAC-based one-time password algorithm (HOTP), and/or some other algorithm or technique.)
checking if the decrypted physical quantity of the received onetime password (OTP) corresponds to the physical quantity determined in the reading device (3) and received in the information about the physical quantity, and if the state of the counter is different from a received previous state of the counter so as to authenticate the transponder. – in paragraph [0018] (The verification device may verify that the client device was located at the location at the time when the password, provided by the client device, matches the password formed by the verification device. As an example, assume that the verification device is associated with a fixed location. Given this assumption, the verification device may generate a password based on information identifying the fixed location and based on a current time. In some implementations, the password, generated by the verification device, may be used to verify whether the client device is currently located at the fixed location (e.g., when characters in the password, generated by the client device, match characters in the password generated by the verification device).)


Combination of George and Koneru does not explicitly teach:
wherein the one-time password (OTP) is calculated following receipt of an interrogation signal received from a reading device (3).
However, Spangler teaches:
wherein the one-time password (OTP) is calculated following receipt of an interrogation signal received from a reading device (3) – on lines 50-53 in column 11, on lines 5-6 in column 12 (In step 510, the OTP device 140 receives a request for an OTP from the computing device 130. In step 550, the OTP device 140 generates an OTP for accessing the secure account.)


Combination of George, Koneru, and Spangler does not explicitly teach:
decrypting by the dedicated algorithm the one-time password (OTP).
However, Tyagi teaches:
decrypting by the dedicated algorithm the one-time password (OTP) – in paragraph [0105] (OTP server 134 can decrypt the OTP received using the subscriber's user key.)
It would have been obvious for one of ordinary skill in the art, before the effective filing date of the claimed invention, to modify George, Koneru, and Spangler with Tyagi to include decrypting by the dedicated algorithm the one-time password (OTP), as taught by Tyagi, in paragraph [0010], to prevent any unauthorized reception of content.

Claim 2. Combination of George, Koneru, Spangler, and Tyagi teaches Method of securely authenticating a transponder (1) according to claim 1 – refer to the indicated claim for reference(s).
George teaches:
characterised in that the communication between the transponder (1) and the server (2) passes by means of the reading device (3), which is a mobile communication unit (3), in near-field connection with the transponder (1). – in paragraphs [0021], [0022], [0027], Fig. 1 (FIG. 1 also shows an identification device or tag 121, which may be a near field communication (NFC) tag that emits radio frequency signals that comport with the ISO/IEC 18092 and ECMA 340 communications protocol standards. The environment 100 shows that mobile computing device 120 is operated by an administrator or operator 110. Server 102, tag 121 and device 120 may each comprise a computing device 600. OTPs avoid shortcomings that are associated with traditional (static) password-based authentication, such as replay attacks (i.e., when an intruder records an OTP that was already used to log into a service) and instances where the same password is used for multiple systems (i.e., if the password for one system is gained, all said systems are not made vulnerable).)

Claim 11. Combination of George, Koneru, Spangler, and Tyagi teaches Method of securely authenticating a transponder (1) according to claim 1 – refer to the indicated claim for reference(s).
George teaches:
characterised in that, at each reading of the transponder (1), a new quantity is determined in the transponder (1). – in paragraph [0020] (A location may be an office, a building, a room, a structure, an edifice, a street, a wall or the like. At a location, the identification tag may be affixed to a wall, a floor, a door, a pole, or the like.)

Claim(s) 3 is/are rejected under 35 U.S.C. 103 as being unpatentable over George, Michael A. (Pub. No.: US 20190014107, hereinafter, “George”) in view of Koneru, Srikanth P. (Pub. No.: US 2016/0021103, hereinafter, “Koneru”), and further in view of Spangler et al. (Patent No.: US 9,292,668, hereinafter, “Spangler”), Tyagi et al. (Pub. No.: US 2019/0356652, hereinafter, “Tyagi”), and Chau, Ching H. (Pub. No.: US 2016/0275321, hereinafter, “Chau”).
Claim 3. Combination of George, Koneru, Spangler, and Tyagi teaches Method of securely authenticating a transponder (1) according to claim 1 – refer to the indicated claim for reference(s).

Combination of George, Koneru, Spangler, and Tyagi does not explicitly teach:
characterised in that the communication between the transponder (1) and the server (2) passes by means of the reading device (3), which is a mobile communication unit (3), in UHF connection with the transponder (1).
However, Chau teaches:
characterised in that the communication between the transponder (1) and the server (2) passes by means of the reading device (3), which is a mobile communication unit (3), in UHF connection with the transponder (1). – in paragraph [0074], Fig. 7 (The cloud server may be connected to a router via a network, and the router respectively connects the UHF reader via a wired or WIFI network, connects a computer or display device via a WIFI network and connects the RFID emulator via a wired or WIFI network.)
.

Claim(s) 4, 9, and 10 is/are rejected under 35 U.S.C. 103 as being unpatentable over George, Michael A. (Pub. No.: US 20190014107, hereinafter, “George”) in view of Koneru, Srikanth P. (Pub. No.: US 2016/0021103, hereinafter, “Koneru”), and further in view of Spangler et al. (Patent No.: US 9,292,668, hereinafter, “Spangler”), Tyagi et al. (Pub. No.: US 2019/0356652, hereinafter, “Tyagi”), and Ahmed et al. (Pub. No.: US 2018/0052980, hereinafter, “Ahmed”).
Claim 4. Combination of George, Koneru, Spangler, and Tyagi teaches Method of securely authenticating a transponder (1) according to claim 1 – refer to the indicated claim for reference(s).
 
Combination of George, Koneru, Spangler, and Tyagi does not explicitly teach:
characterised in that the physical quantity determined in the transponder (1) is a determined transmission delay (.DELTA.t), in that the reading device (3) determines the transmission delay (.DELTA.t') of the transponder upon receipt of data from the transponder (1), and so as to transmit to the server (2), in addition to the one-time password (OTP), the information about the transmission delay (.DELTA.t') determined in the reading device (3), and in that, after decrypting of the one-time password (OTP), it is checked in the server (2) if the decrypted transmission delay (.DELTA.t) of the received one-time password (OTP) corresponds to the transmission delay (.DELTA.t') determined in the reading device (3) and received in the information about the transmission delay (.DELTA.t') within a determined temporal margin, so as to authenticate the transponder (1).
However, Ahmed teaches:
characterised in that the physical quantity determined in the transponder (1) is a determined transmission delay (.DELTA.t), in that the reading device (3) determines the transmission delay (.DELTA.t') of the transponder upon receipt of data from the transponder (1), and so as to transmit to the server (2), in addition to the one-time password (OTP), the information about the transmission delay (.DELTA.t') determined in the reading device (3), and in that, after decrypting of the one-time password (OTP), it is checked in the server (2) if the decrypted transmission delay (.DELTA.t) of the received one-time password (OTP) corresponds to the transmission delay (.DELTA.t') determined in the reading device (3) and received in the information about the transmission delay (.DELTA.t') within a determined temporal margin, so as to authenticate the transponder (1). – in paragraph [0076] (The distance is measured in response time which, together with the known delay of the link, can give an estimate of the probability that the user device 110 is actually on the NFC link. The path delay can be determined by measuring the time it takes from sending a request (e.g. echo request) to receiving a 
It would have been obvious for one of ordinary skill in the art, before the effective filing date of the claimed invention, to modify George, Koneru, Spangler, and Tyagi with Ahmed to include characterised in that the physical quantity determined in the transponder (1) is a determined transmission delay (.DELTA.t), in that the reading device (3) determines the transmission delay (.DELTA.t') of the transponder upon receipt of data from the transponder (1), and so as to transmit to the server (2), in addition to the one-time password (OTP), the information about the transmission delay (.DELTA.t') determined in the reading device (3), and in that, after decrypting of the one-time password (OTP), it is checked in the server (2) if the decrypted transmission delay (.DELTA.t) of the received one-time password (OTP) corresponds to the transmission delay (.DELTA.t') determined in the reading device (3) and received in the information about the transmission delay (.DELTA.t') within a determined temporal margin, so as to authenticate the transponder (1), as taught by Ahmed, in paragraph [0074], to prove requests are authenticated by a legitimate NFC pad.

Claim 9. Method of securely authenticating a transponder (1) according to claim 4 – refer to the indicated claim for reference(s).
 
Ahmed further teaches:
characterised in that, at each reading of the transponder (1), a new transmission delay (.DELTA.t) is determined randomly in the transponder (1). – in paragraph [0076] (The distance is measured in response time which, together with the known delay of the link, can give an estimate of the probability that the user device 110 is actually on the NFC link. The path delay can be determined by measuring the time it takes from sending a request (e.g. echo request) to receiving a response. If the expected path delay for the NFC link is known it can be compared to the measured path delay, so as to confirm that it falls within a given, acceptable, threshold of the expected delay. If the delay is not acceptable then the packets will not be modified (arrangement 1), the messages blocked (arrangement 2) or the token not issued (arrangement 3).) 
It would have been obvious for one of ordinary skill in the art, before the effective filing date of the claimed invention, to modify George, Koneru, Spangler, and Tyagi with Ahmed to include characterised in that, at each reading of the transponder (1), a new transmission delay (.DELTA.t) is determined randomly in the transponder (1), as taught by Ahmed, in paragraph [0074], to prove requests are authenticated by a legitimate NFC pad.

Claim 10. Method of securely authenticating a transponder (1) according to claim 4 – refer to the indicated claim for reference(s).
 
Ahmed further teaches:
characterised in that each transmission delay (.DELTA.t) can be at least 3 times greater than the difference between the maximum and minimum times measured by the reading device (3). – in paragraph [0076] (The distance is measured in response time which, together with the known delay of the link, can give an estimate of the probability that the user device 110 is actually on the NFC link. The path delay can be determined by measuring the time it takes from sending a request (e.g. echo request) to receiving a response. If the expected path delay for the NFC link is known it can be compared to the measured path delay, so as to confirm that it falls within a given, acceptable, threshold of the expected delay. If the delay is not acceptable then the packets will not be modified (arrangement 1), the messages blocked (arrangement 2) or the token not issued (arrangement 3).) 
It would have been obvious for one of ordinary skill in the art, before the effective filing date of the claimed invention, to modify George, Koneru, Spangler, and Tyagi with Ahmed to include characterised in that each transmission delay (.DELTA.t) can be at least 3 times greater than the difference between the maximum and minimum times measured by the reading device (3), as taught by Ahmed, in paragraph [0074], to prove requests are authenticated by a legitimate NFC pad.

Claim(s) 5 is/are rejected under 35 U.S.C. 103 as being unpatentable over George, Michael A. (Pub. No.: US 20190014107, hereinafter, “George”) in view of Koneru, Srikanth P. (Pub. No.: US 2016/0021103, hereinafter, “Koneru”), and further in view of Spangler et al. (Patent No.: US 9,292,668, hereinafter, “Spangler”), Tyagi et al. (Pub. No.: US 2019/0356652, hereinafter, “Tyagi”), and Kasibhatla et al. (Pub. No.: US 2018/0145957, hereinafter, “Kasibhatla”).
Claim 5. Combination of George, Koneru, Spangler, and Tyagi teaches Method of securely authenticating a transponder (1) according to claim 1 – refer to the indicated claim for reference(s).
 
Combination of George, Koneru, Spangler, and Tyagi does not explicitly teach:
characterised in that the physical quantity determined in the transponder (1) is a temperature measurement, in that the reading device (3) determines the temperature in the course of the authentication method, and so as to transmit to the server (2), in addition to the one-time password (OTP), the information about the temperature measurement determined in the reading device (3), and in that, after decrypting the one-time password (OTP), it is checked in the server (2) if the decrypted temperature measurement of the received one-time password (OTP) corresponds to the temperature measurement determined in the reading device (3) and received in the information about the temperature measurement, so as to authenticate the transponder (1).
However, Kasibhatla teaches:
characterised in that the physical quantity determined in the transponder (1) is a temperature measurement, in that the reading device (3) determines the temperature in the course of the authentication method, and so as to transmit to the server (2), in addition to the one-time password (OTP), the information about the temperature measurement determined in the reading device (3), and in that, after decrypting the one-time password (OTP), it is checked in the server (2) if the decrypted temperature measurement of the received one-time password (OTP) corresponds to the temperature measurement determined in the reading device (3) and received in the information about the temperature measurement, so as to authenticate the transponder (1). – in paragraph [0020] (Any parameter generated in any fashion may be used. For example, the parameters may be pseudo-randomly generated by the password management system and may be provided to the user (e.g. on a client system used by the user) so that the user may generate the dynamic password. Other parameters may be any deterministically-generated value. For example, the parameters may include environmental parameters. The environmental parameters may include any data that is generated dependent on some aspect of the environment surrounding the user. For example, the environmental parameters may include location (e.g. specific physical location such as longitude and latitude or global positioning system (GPS) coordinates, or symbolic location such as home or work). The environmental parameters may include day of the week, month or year and/or time of day. Environmental parameters may include temperature or other weather variables, etc.)
It would have been obvious for one of ordinary skill in the art, before the effective filing date of the claimed invention, to modify George, Koneru, Spangler, and Tyagi with Kasibhatla to include characterised in that the physical quantity determined in the transponder (1) is a temperature measurement, in that the reading device (3) determines the temperature in the course of the authentication method, and so as to transmit to the server (2), in addition to the one-time password (OTP), the information .

Claim(s) 6 is/are rejected under 35 U.S.C. 103 as being unpatentable over George, Michael A. (Pub. No.: US 20190014107, hereinafter, “George”) in view of Koneru, Srikanth P. (Pub. No.: US 2016/0021103, hereinafter, “Koneru”), and further in view of Spangler et al. (Patent No.: US 9,292,668, hereinafter, “Spangler”), Tyagi et al. (Pub. No.: US 2019/0356652, hereinafter, “Tyagi”), and El Saddik et al. (Pub. No.: US 2008/0235788, hereinafter, “El Saddik”).
Claim 6. Combination of George, Koneru, Spangler, and Tyagi teaches Method of securely authenticating a transponder (1) according to claim 1 – refer to the indicated claim for reference(s).
 
Combination of George, Koneru, Spangler, and Tyagi does not explicitly teach:
characterised in that the physical quantity determined in the transponder (1) is a pressure measurement, in that the reading device (3) determines the pressure, such as the atmospheric pressure, in the course of the authentication method, and so as to transmit to the server (2), in addition to the one-time password (OTP), the information about the pressure measurement determined in the reading device (3), and in that, after decrypting the one-time password (OTP), it is checked in the server (2) if the decrypted pressure measurement of the received one-time password (OTP) corresponds to the pressure measurement determined in the reading device (3) and received in the information about the pressure measurement, so as to authenticate the transponder (1).
However, El Saddik teaches:
characterised in that the physical quantity determined in the transponder (1) is a pressure measurement, in that the reading device (3) determines the pressure, such as the atmospheric pressure, in the course of the authentication method, and so as to transmit to the server (2), in addition to the one-time password (OTP), the information about the pressure measurement determined in the reading device (3), and in that, after decrypting the one-time password (OTP), it is checked in the server (2) if the decrypted pressure measurement of the received one-time password (OTP) corresponds to the pressure measurement determined in the reading device (3) and received in the information about the pressure measurement, so as to authenticate the transponder (1). – in paragraph [0029] (The creation of a graphical password is based upon a grid configuration defining data points for generating positional coordinates, for example x-y axis coordinates. The user has to choose a password from a set of points and lines from a grid shown in FIG. 1 or create a password which crosses points of the grid. The grid is utilized to draw a random secret instead of a password entered by a traditional key pad or keyboard. In the simplest for the user can connect any two points on the grid selectively, so that it 
It would have been obvious for one of ordinary skill in the art, before the effective filing date of the claimed invention, to modify George, Koneru, Spangler, and Tyagi with El Saddik to include characterised in that the physical quantity determined in the transponder (1) is a pressure measurement, in that the reading device (3) determines the pressure, such as the atmospheric pressure, in the course of the authentication method, and so as to transmit to the server (2), in addition to the one-time password (OTP), the information about the pressure measurement determined in the reading device (3), and in that, after decrypting the one-time password (OTP), it is checked in the server (2) if the decrypted pressure measurement of the received one-time password (OTP) corresponds to the pressure measurement determined in the reading device (3) and received in the information about the pressure measurement, so as to authenticate the transponder (1), as taught by El Saddik, in paragraph [0012], to provide a password scheme that provides improved security and is shoulder-surfing resistant.

Claim(s) 7 is/are rejected under 35 U.S.C. 103 as being unpatentable over George, Michael A. (Pub. No.: US 20190014107, hereinafter, “George”) in view of Koneru, Srikanth P. (Pub. No.: US 2016/0021103, hereinafter, “Koneru”), and further in view of Spangler et al. (Patent No.: US 9,292,668, hereinafter, “Spangler”), Tyagi et al. (Pub. No.: US 2019/0356652, hereinafter, “Tyagi”), and Le Saint, Eric (Pub. No.: US 2021/0111875, hereinafter, “Le Saint”).
Claim 7. Combination of George, Koneru, Spangler, and Tyagi teaches Method of securely authenticating a transponder (1) according to claim 1 – refer to the indicated claim for reference(s).

Combination of George, Koneru, Spangler, and Tyagi does not explicitly teach:
characterised in that the encryption and decryption of each one-time password (OTP) is obtained by means of a symmetric encryption and decryption algorithm (AES) and by means of one and the same secret key (K) stored in the transponder (1) and the server (2).
However, Le Saint teaches:
characterised in that the encryption and decryption of each one-time password (OTP) is obtained by means of a symmetric encryption and decryption algorithm (AES) and by means of one and the same secret key (K) stored in the transponder (1) and the server (2). – in paragraphs [0024], [0042], [0044] (A "data encryption key" or "DEK" (sometimes referred to as an "encryption key" or simply a "key") can be a value used by an encryption algorithm to encrypt data. For example, a DEK can be a string of bits. An encryption value used to encrypt and decrypt data in the same manner can be referred to as a " symmetric key." The term "data encryption key shares" or "DEK shares" can refer to values that together can be used to reconstruction a data encryption key. For example, DEK shares can be strings of bits that when combined together according to a secret sharing scheme can be used to determine 
It would have been obvious for one of ordinary skill in the art, before the effective filing date of the claimed invention, to modify George, Koneru, Spangler, and Tyagi with Le Saint to include characterised in that the encryption and decryption of each one-time password (OTP) is obtained by means of a symmetric encryption and decryption algorithm (AES) and by means of one and the same secret key (K) stored in the transponder (1) and the server (2), as taught by Le Saint, in paragraph [0024], to encrypt and decrypt data in the same manner.

Claim(s) 8 is/are rejected under 35 U.S.C. 103 as being unpatentable over George, Michael A. (Pub. No.: US 20190014107, hereinafter, “George”) in view of Koneru, Srikanth P. (Pub. No.: US 2016/0021103, hereinafter, “Koneru”), and further in view of Spangler et al. (Patent No.: US 9,292,668, hereinafter, “Spangler”), Tyagi et al. (Pub. No.: US 2019/0356652, hereinafter, “Tyagi”), and Komperla et al. (Pub. No.: US 2020/0145408, hereinafter, “Komperla”).
Claim 8. Combination of George, Koneru, Spangler, and Tyagi teaches Method of securely authenticating a transponder (1) according to claim 1 – refer to the indicated claim for reference(s).
 
Combination of George, Koneru, Spangler, and Tyagi does not explicitly teach:
characterised in that the encryption and decryption of each one-time password (OTP) is obtained by means of an asymmetric encryption and decryption algorithm.
However, Komperla teaches:
characterised in that the encryption and decryption of each one-time password (OTP) is obtained by means of an asymmetric encryption and decryption algorithm. – in paragraphs [0063], [0064] (Client logic 124 generates a single decryption key for every commercial transaction request and encrypted OTP. Client logic 124 executes a decryption matrix that represents a cipher to decrypt an encrypted OTP that represents an asymmetric encryption.)
It would have been obvious for one of ordinary skill in the art, before the effective filing date of the claimed invention, to modify George, Koneru, Spangler, and Tyagi with Komperla to include characterised in that the encryption and decryption of each one-time password (OTP) is obtained by means of an asymmetric encryption and decryption algorithm, as taught by Komperla, in paragraph [0022], to differentiate between the legitimate user and an attacker who fraudulently acquires the passcode of a legitimate user.

Claim(s) 12 is/are rejected under 35 U.S.C. 103 as being unpatentable over George, Michael A. (Pub. No.: US 20190014107, hereinafter, “George”) in view of Koneru, Srikanth P. (Pub. No.: US 2016/0021103, hereinafter, “Koneru”), and further in view of Spangler et al. (Patent No.: US 9,292,668, hereinafter, “Spangler”), Tyagi et al. (Pub. No.: US 2019/0356652, hereinafter, “Tyagi”), and Robinton et al. (Pub. No.: US 2017/0017947, hereinafter, “Robinton”).
Claim 12. Combination of George, Koneru, Spangler, and Tyagi teaches Method of securely authenticating a transponder (1) according to claim 1 – refer to the indicated claim for reference(s).
 
Combination of George, Koneru, Spangler, and Tyagi does not explicitly teach:
characterised in that, at each new reading of the transponder (1), the state of the counter is incremented or decremented by a random number, which is a whole number greater than or equal to 1, and in that the server (2) determines if the state of the decrypted counter of the received one-time password (OTP) is greater than or less than a previous state of the counter stored in the server so as to authenticate the transponder (1).
However, Robinton teaches:
characterised in that, at each new reading of the transponder (1), the state of the counter is incremented or decremented by a random number, which is a whole number greater than or equal to 1, and in that the server (2) determines if the state of the decrypted counter of the received one-time password (OTP) is greater than or less than a previous state of the counter stored in the server so as to authenticate the transponder (1). – in paragraph [0066] (Where the counter value C is incremented at the TAC module 144, the counter value C at the authentication service 116 is incremented for each response it receives for a particular smart tag 108. Thus, the counter values C at each node should maintain a certain amount of 
It would have been obvious for one of ordinary skill in the art, before the effective filing date of the claimed invention, to modify George, Koneru, Spangler, and Tyagi with Robinton to include characterised in that, at each new reading of the transponder (1), the state of the counter is incremented or decremented by a random number, which is a whole number greater than or equal to 1, and in that the server (2) determines if the state of the decrypted counter of the received one-time password (OTP) is greater than or less than a previous state of the counter stored in the server so as to authenticate the transponder (1), as taught by Robinton, in paragraph [0003], to utilize information about a person's presence or a thing's presence to provide or improve a service in connection.

Conclusion
Any inquiry concerning this communication or earlier communications from the examiner should be directed to MUHAMMAD RAZA whose telephone number is (571)272-7734.  The examiner can normally be reached on Monday-Friday, 7:00 A.M.-5:00 P.M..

If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Vivek Srivastava can be reached on (571)272-7304.  The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system.  Status information for published applications may be obtained from either Private PAIR or Public PAIR.  Status information for unpublished applications is available through Private PAIR only.  For more information about the PAIR system, see https://ppair-my.uspto.gov/pair/PrivatePair. Should you have questions on access to the Private PAIR system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative or access to the automated information system, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.






/MUHAMMAD RAZA/Primary Examiner, Art Unit 2449