Continuation Sheet (PTOL-303)

Applicant's arguments filed on 11/04/2021 have been fully considered but they are not persuasive for the following reasons:
Applicant’s Arguments:
With respect to claim 6, Applicant argues that claim 6 is non-obvious over Vasquez and Hong because “Paragraph [0043] of Hong refers to Fig. 3B. Paragraph [0043] of Hong states that "the user equipment may advertise a user ID encrypted using a one-time password (OTP) and the scanner may receive the encrypted user ID (330)." Hong,   [0043]. However, there is no teaching or hint in this passage of Hong, or any other passage of Hong, regarding "instructions executable on the processor [of a system] to ... generate a one-time password seed for the mobile device," and "provide the one-time password seed to the mobile device." Stated differently, if the "user equipment" mentioned in Hong is considered by the Office Action to be the "mobile device" of claim 6, there is no teaching or hint that another system would generate a one-time password seed and provide the one-time password seed to the mobile device, as recited in claim 6.” (Applicant’s response filed on 11/04/2021, page 8, emphasis omitted).

Examiner’s Response:
The examiner respectfully disagrees. At the onset, as recited, nowhere in the claim recites “another system” would generate a one-time password seed and provide the one-time password seed to the mobile device. Nevertheless, Hong disclosed in at least in par 0043 that, “the user equipment may generate an encrypted user ID in a time-synchronized manner with the server on the basis of the shared key and a time-based OTP algorithm. In this case, the encrypted user ID is periodically changed at regular intervals”, i.e., the equipment and the server concurrently generates OTP based on synchronized time information, which is equivalent as generating and providing the OTP to the user equipment; further, the time synchronization used for generating the OTP is clearly provided by the system.

Applicant’s Arguments:
With respect to claim 6, Applicant further argues that “Claim 6 further recites "receive a request from a managed device, the request being responsive to a presence identifier broadcast by the mobile device, wherein the presence identifier includes a one-time password generated based on the one-time password seed stored in the mobile device" and "provide identifying information associated with the user to the managed device based on validating the one-time password in the presence identifier with a one-time password generated based on the one-time password seed stored in the storage device." 
The Office Action asserted that Hong purportedly discloses "the presence identifier includes a one-time password generated based on the one-time password seed stored in the mobile device." Office Action at 6. The Office Action cited Fig. 3B and    [0042-0043] of Hong. Id. 
Paragraph [0043] of Hong states that "the user equipment may advertise a user ID encrypted using a one-time password (OTP) and the scanner may receive the encrypted user ID (330)." Hong,   [0043]. There is absolutely no indication whatsoever that the OTP in Hong is included in a "presence identifier" that is broadcast by the mobile device, as recited in the following clause of claim 6: "receive a request from a managed device, the request being responsive to a presence identifier broadcast by the mobile device, wherein the presence identifier includes a one-time password generated based on the one-time password seed stored in the mobile device."” (Applicant’s response filed on 11/04/2021, pages 8-9, emphasis omitted).

Examiner’s Response:
The examiner respectfully disagrees. As noted above by Applicant, in paragraph 0043, Hong disclosed “the user equipment may advertise a user ID encrypted using a one-time password (OTP) and the scanner may receive the encrypted user ID (330)”, the user ID encrypted using an OTP is the 

Applicant’s Arguments:
With respect to claim 1, Applicant argues “Claim 1 recites "providing, by the first device, a first public key to the mobile device, wherein the identifying information received from the identification server includes a second public key associated with the mobile device, and wherein the secure connection between the first device and the mobile device is established based on the second public key received from the identification server and based on the mobile device validating the first public key, provided by the first device to the mobile device, with the identification server." 
The rejection of claim 3 conceded that Vasquez (and presumably Hong) does not disclose the foregoing subject matter. Office Action at 8-9. The Office Action asserted that Devadas purportedly discloses the foregoing subject matter of claim 1 conceded by the Office Action to be missing from Vasquez and Hong. Id. 
The Office Action cited    [0086-0089] of Devadas. Id. at 9. 
Although Devadas refers to keys and public keys in the cited passages, Applicant respectfully submits that the concept of a first public key and a second public key communicated in the manner recited in claim 1 and used to establish a secure connection between the first device in the mobile device is not taught by Devadas. Specifically, 
according to claim 1, the first device provides a first public key to the mobile device, and the first device receives identifying information from an identification server that includes a second public key associated with the mobile device. Further, according to claim 1, the "the secure connection between the first device and the mobile device is established based on the second public key received from the 
This combination of using a first public key provided by the first device to the mobile device, and the second public key received by the first device from the identification server to establish the secure connection between the first device and the mobile device does not exist in Devadas.” (Applicant’s response filed on 11/04/2021, pages 9-11, emphasis omitted).

Examiner’s Response:
In response to applicant's arguments against the references individually, one cannot show nonobviousness by attacking references individually where the rejections are based on combinations of references.  See In re Keller, 642 F.2d 413, 208 USPQ 871 (CCPA 1981); In re Merck & Co., 800 F.2d 1091, 231 USPQ 375 (Fed. Cir. 1986). In this case, as noted in the rejection, Vasquez disclosed receiving, at the first device from the identification server, identifying information associated with the user, wherein the identifying information is received at the first device from the identification server responsive to validation of the present identifier at the identification server (Vasquez, col. 4, lines 8-24, vehicle control system generates unique key for computing device 100; also col. 5, lines 21-30, vehicle control system 112 validate unique key passed by computing device 100), Vasquez further disclosed establishing a secure connection with the mobile device (Vasquez, col. 5, lines 40-60, establishing secure connection between computing device 100 and vehicle 106), therefore the difference between Vasquez and the claimed invention is that the Vasquez does not disclose the identification information include public keys, and validating public keys, which is clearly disclosed by Devadas. Devadas disclosed the concept of generating and using public-private key pair for enrolling / identifying and authentication of devices and establishing secure communications (Devadas, par 0086-0089, generating private-public key pair (PrivK-PubK), providing public key which is used for encrypting responses from the enrolled devices), Davadas disclosed 

Applicant’s Arguments:
With respect to claim 12, Applicant argues “In the rejection of claim 12, the Office Action asserted that Hong discloses "receive the one-time password seed from the identification server." Note that according to claim 12, the mobile device receives the one-time password seed from the identification server. 
Hong refers to encrypting a user ID using a one-time password. Hong does not teach or hint at a mobile device receiving the one-time password seed from the identification server. 
Moreover, the Office Action erred in asserting that Vasquez discloses "broadcast, at different times, presence identifiers including respective different one-time passwords generated based on the 
Hong also fails to provide any teaching or hint of the subject matter in the "broadcast" clause of claim 12.” (Applicant’s response filed on 11/04/2021, pages 11-12, emphasis omitted).

Examiner’s Response:
As noted in the rejection mailed on 09/08/2021, "presence identifiers including respective different one-time password's generated based on the one-time password seed" broadcast by the mobile device is clearly disclosed by Hong in at least par 0043, “the user equipment may advertise a user ID encrypted using a one-time password (OTP) and the scanner may receive the encrypted user ID (330). The shared key shared between the server and the user equipment may be associated with the user ID, and the user equipment may generate an encrypted user ID in a time-synchronized manner with the server on the basis of the shared key and a time-based OTP algorithm. In this case, the encrypted user ID is periodically changed at regular intervals.” (Emphasis added). Time-synchronized key generation indicates different timestamps correspond to each OTP generated after each time interval.

For reasons stated above, the examiner maintains her position in the office action mailed on 09/08/2021.

/LINGLAN E EDWARDS/Primary Examiner, Art Unit 2491