Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .

Status of Claims
This action is in reply to the amendments and remarks filed on 13 August 2021.
Claim 30 have been amended. 
Claims 1-15, 18 have been cancelled.
Claims 16-17, 19-31 are currently pending and have been examined.
Claims 16-17, 19-31 are rejected.

Response to Arguments
Applicant’s arguments with respect to the 35 USC § 103 Rejections for claims 16, 17, 19-31 have been considered but are moot because the arguments do not apply to the combination of references being used in the current rejection.

Claim Rejections - 35 USC § 103
In the event the determination of the status of the application as subject to AIA  35 U.S.C. 102 and 103 (or as subject to pre-AIA  35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status.  
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention 

The factual inquiries for establishing a background for determining obviousness under 35 U.S.C. 103 are summarized as follows:
1. Determining the scope and contents of the prior art.
2. Ascertaining the differences between the prior art and the claims at issue.
3. Resolving the level of ordinary skill in the pertinent art.
4. Considering objective evidence present in the application indicating obviousness or nonobviousness.
Claims 16-17, 19-31 are rejected under 35 U.S.C. 103 as being unpatentable over Shalev (US 2017/0024945 A1) hereinafter Shalev, in view of Harper (US 2015/0302394 A1) hereinafter Harper, in view of Hart et al. (US 2008/0215887 A1) hereinafter Hart.
Claims 16, 24, 26
Shalev discloses the following limitations:
Previously Presented) A method in a system comprising at least one portable data carrier, an authentication server and at least one reading device of at least one service provider which is couplable with the authentication server, (see at least [0005] [0059] [0031].  Shalev discloses an access control system that comprises a storage for storing a plurality of user profiles of a plurality of users, each one of the plurality of user profiles is associated with a unique identifier, and defining access credentials of each user to each of a plurality of gates.  Shalev discloses the user may use an application on his mobile device in order to be granted access.  Shalev discloses that upon arrival to an access gate, the user can present the barcode, for instance on the screen of his mobile device, allowing a reader of the gate control unit to extract an encoded user 
wherein the data carrier is adapted to communicate contactlessly with the reading device and comprises a security marking that can be read contactlessly by the reading device, on the basis of which security marking the data carrier can be authenticated by the authentication server, comprising the steps of: equipping the data carrier with a data-carrier management marking, which encodes a piece of data-carrier management information and which is contactlessly readable by means of a portable terminal of a user of the system; contactlessly reading the data-carrier management marking by means of a portable terminal and transferring the data-carrier management information encoded in the data- carrier management marking to the authentication server; (see at least [0031] [0048] [0049] [0005].  Shalev discloses upon arrival at an access gate, a user can present the barcode allowing a reader of the gate control unit to extract an encoded user identifier.  The user identifier then may be forwarded to a central server for authentication in order to be matched against a local database.). 
managing the data carrier in the system employing the data-carrier management information including a step of allocating the user to the data carrier, (see at least [0005] [0031] [0048] [0049].  Shalev discloses an access control system that comprises a storage for storing a plurality of user profiles of a plurality of users, each one of the plurality of user profiles is associated with a unique identifier, and defining access credentials of each user to each of a plurality of gates.). 

Shalev discloses the limitations shown above.  Shalev fails to specifically explain the steps of packaging the data carrier.
However, Harper discloses the following limitations:
wherein the data carrier is adapted to communicate contactlessly with the reading device and comprises a security marking that can be read contactlessly by the reading device, on the basis of which security marking the data carrier can be authenticated by the authentication server, comprising the steps of: equipping the data carrier with a data-carrier management marking, which encodes a piece of data-carrier management information and which is contactlessly readable by means of a portable terminal of a user of the system; (see at least [0020] [0018] [0027] [0058] [0062] [0063] [0071].  Harper discloses a stored-value card identifier is unique to the stored-value card and associated the stored-value card to a unique account maintained by the card issuer.  Harper discloses that the stored-value card identifier may be encoded to a magnetic strip, bar code, a series of numerals, a series of letters, or a combination thereof.  The stored-value card may also be fashioned with a personal identification number (PIN) to allow access to the stored-value card account.). 
wherein, in the step of allocating, user registration data of a user can be transferred to the authentication server and allocated to the data-carrier management information, and(see at least [0062] [0063] [0066] [0071] [0020] [0058] [0027].  Harper discloses a piece of authentication information (e.g., a card identification number, BIN number) comprising the security information of the account’s associated carrier is transferred to the authentication server.). 
It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to have modified the access control system of Shalev to incorporate the teachings of Harper and specifically explain the steps of packaging the data carrier because doing so would allow a user to initiate a secure request (see at least Harper [0062] [0063] [0066] [0071] [0020] [0058] [0027]). 
	


Yet, Hart discloses the following limitations:
wherein, in the step of allocating, user registration data of a user can be transferred to the authentication server and allocated to the data-carrier management information, and wherein the authentication server produces a public marking of the data carrier, said public marking being allocated to the data-carrier management information, and(see at least [0014] [0016] [0017] [0040] [0048] [0019] [0032] [0036] [0022]-[0024] [0027] [0028] [0038].  Hart discloses an authentication server receives the authentication information from the reader.  Hart discloses that the authentication server attempts to authenticate the data card by using the authentication information that is encrypted from the data card.  Hart discloses the authentication server decrypts the information in order to determine if the user/data card is authenticated and may be proceed. ).
 transfers said public marking to the portable terminal.  (see at least [0014] [0016] [0017] [0040] [0048] [0019] [0032] [0036] [0022]-[0024] [0027] [0028] [0038].  Hart discloses the reader then transmits the challenge to the authentication server.  The authentication server decrypts the reader’s challenge and formulates an encrypted response.  The authentication server then sends the formulated response to the reader.  The reader validates the response.). 
It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to have modified the access control system of Shalev/Harper to incorporate the teachings of Hart and specifically disclose greater detail regarding the authentication server because doing so would ensure that only authenticated users of the data carrier system are able to proceed with transactions (see at least Hart [0002] [0014] [0040] [0038]). 

Claim 17
Shalev/Harper/Hart disclose the limitations shown above.  Hart specifically discloses that the data carrier is authenticated when the authentication server receives the information.
 (Previously Presented) The method according to claim 16, wherein the management of the data carrier in the system comprises a step of activating the data carrier in the system, wherein the data carrier is preferably activated in the system when the authentication server receives the data-carrier management information encoded in the data-carrier management marking for the first time.  (see at least [0014] [0016] [0017] [0038] [0040] [0048] [0019] [0032] [0036] [0022]-[0024] [0027] [0028] [0033] [0035].  Hart discloses the authentication server receives the authentication information from the reader.  Hart discloses that the authentication server attempts to authenticate the data card by using the authentication information that is encrypted from the data card.  Hart discloses the authentication server decrypts the information in order to determine if the user/data card is authenticated and may be proceed.  Hart discloses that registration may occur directly via an authentication server when the authentication server receives the communication to authenticate.). 
It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to have modified the access control system of Shalev/Harper to incorporate the teachings of Hart and specifically disclose that the data carrier is authenticated when the authentication server receives the information because doing so would ensure that only authenticated users of the data carrier system are able to proceed with transactions (see at least Hart [0002] [0014] [0040] [0038]). 

Claim 19

 (Previously Presented) The method according to claim 16, wherein the management of the data carrier in the system comprises a step of enabling an application of a service provider for the data carrier, wherein the system is preferably adapted to support the carrying out of a transaction between the application of the service provider and the data carrier after the application has been enabled.  (see at least [0048] [0014] [0016] [0017] [0038] [0040] [0019] [0032] [0036] [0022]-[0024] [0027] [0028].  Hart discloses that after the authentication server decrypts the authentication information and authenticates the customer, the website can then complete the services requested by the customer using standard procedures.). 
  It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to have modified the access control system of Shalev/Harper/Hart to incorporate the teachings of Hart and specifically disclose the transaction is carried out after the application has been enabled because doing so would ensure that only authenticated users of the data carrier system are able to proceed with transactions (see at least Hart [0002] [0014] [0040] [0038]). 

Claim 20
Shalev/Harper/Hart disclose the limitations shown above.  Further Shalev discloses:
 (Previously Presented) The method according to claim 19, wherein the step of enabling an application of a service provider is carried out by the user allocated to the data carrier. (see at least [0005] [0031] [0048] [0049].  Shalev discloses that the user registers and determines what applications are enabled on the data carrier.). 

Claim 21

 (Previously Presented) The method according to claim 19, wherein the step of enabling an application of a service provider is carried out by the service provider itself, for which purpose the service provider in turn can read the data-carrier management marking contactlessly by means of a suitable reading device and can transfer the data- carrier management information encoded in the data-carrier management marking to the authentication server.   (see at least [0014] [0016] [0017] [0038] [0040] [0048] [0019] [0032] [0036] [0022]-[0024] [0027] [0028] [0033] [0035].  Hart discloses the authentication server receives the authentication information from the reader.  Hart discloses that the authentication server attempts to authenticate the data card by using the authentication information that is encrypted from the data card.  Hart discloses the authentication server decrypts the information in order to determine if the user/data card is authenticated and may be proceed.  Hart discloses that registration may occur indirectly before the authentication server receives the request and then look up in a database the authentication information that has been sent by the data card/service provider.). 
It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to have modified the access control system of Shalev/Harper/Hart to incorporate the teachings of Hart and specifically disclose that the data carrier is authenticated by the service provider because doing so would ensure that only authenticated users of the data carrier system are able to proceed with transactions (see at least Hart [0002] [0014] [0040] [0038]). 

Claim 22
Shalev/Harper/Hart disclose the limitations shown above.  Hart specifically discloses the transaction is carried out after the application has been enabled. 
 (Previously Presented) The method according to claim 19, wherein the application is enabled in such a manner that a transaction between the data carrier and the application can be carried out automatically. (see at least [0048] [0014] [0016] [0017] [0038] [0040] [0019] [0032] [0036] [0022]-[0024] [0027] [0028].  Hart discloses that after the authentication server decrypts the authentication information and authenticates the customer, the website can then complete the services requested by the customer using standard procedures.). 
  It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to have modified the access control system of Shalev/Harper/Hart to incorporate the teachings of Hart and specifically disclose the transaction is carried out after the application has been enabled because doing so would ensure that only authenticated users of the data carrier system are able to proceed with transactions (see at least Hart [0002] [0014] [0040] [0038]). 

Claim 23
Shalev/Harper/Hart disclose the limitations shown above.  Hart specifically discloses steps of the authentication server.
 (Previously Presented) The method according to claim 16, wherein the further steps of: requesting a piece of authentication information comprising the security information of the data carrier from the data carrier by the reading device of the service provider; supplying the authentication information to the reading device by the data carrier; forwarding the authentication information to the authentication server by the reading device; authenticating the data carrier on the basis of the security information contained in the authentication information by the authentication server; transferring a result of authenticating the data carrier to the reading device; and upon successful authentication of the data carrier, carrying out a transaction between an application of the service provider and the data carrier.  (see at least 
It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to have modified the access control system of Shalev/Harper/Hart to incorporate the teachings of Hart and specifically disclose steps of the authentication server because doing so would ensure that only authenticated users of the data carrier system are able to proceed with transactions (see at least Hart [0002] [0014] [0040] [0038]). 

Claim 25
Shalev/Harper/Hart disclose the limitations shown above.  Further Shalev discloses:
 (Previously Presented) The authentication server according to claim 24, wherein the authentication server is adapted to store and manage the security information together with the data-carrier management information related to the least one data carrier, and to support a method, comprising the steps of: equipping the data carrier with a data-carrier management marking, which encodes a piece of data-carrier management information and which is contactlessly readable by means of a portable terminal of a user of the system;  contactlessly reading the data-carrier management marking by means of a portable terminal and transferring the data-carrier management information encoded in the data-carrier management marking to the authentication server;managing the data carrier in the system employing the data-carrier management information.  (see at least [0031] [0048] [0049] [0005].  Shalev discloses upon 

Claim 27
Shalev/Harper/Hart disclose the limitations shown above.  Further Shalev discloses:
 (Previously Presented) The system according to claim 26, wherein the data carrier is configured as a chip card or as a label.  (see at least [0044] [0047] [0029].  Shalev discloses the data carrier is configured as a barcode, QR code.).

Claim 28
Shalev/Harper/Hart disclose the limitations shown above.  Further Shalev discloses:
 (Previously Presented) The system according to claim 26, wherein the security marking of the data carrier is configured as a radio-frequency identification (RFID) transponder.  (see at least [0047].  Shalev discloses the communication consists of RFID chip.). 

Claim 29
Shalev/Harper/Hart disclose the limitations shown above.  Further Shalev discloses:
(Previously Presented) The system according to claim 28, wherein the transponder is adapted to encrypt a piece of security information stored in the transponder and to transmit said piece of security information to a reading device only in an encrypted form. (see at least [0013] [0048].  Shalev discloses the message and user identifier may be encrypted.).

Claim 30
Shalev/Harper/Hart disclose the limitations shown above.  Further Shalev discloses:
 (Currently Amended) The system according to claim 26, wherein the data-carrier management marking is configured as an optically readable marking. (see at least [0045] [0046]  [0029].  Shalev discloses the reader may include an imager for imaging a machine readable code, such as a barcode or QR code.). 

Claim 31
Shalev/Harper/Hart disclose the limitations shown above.  Further Shalev discloses:
 (Previously Presented) The system according to claim 26, wherein the security marking of the data carrier is configured as a near-field communication (NFC) transponder or as an ultra high frequency (UHF) transponder.  (see at least [0029] [0045] [0047].  Shalev discloses the system controls access gates based on the reading of a proximate bar code (e.g., quick response (QR) code), for instance from a display of a mobile device and/or a wireless signal (e.g., NFC signal).). 

Conclusion
Any inquiry concerning this communication or earlier communications from the examiner should be directed to ALISON L LAMB whose telephone number is (571)272-1060. The examiner can normally be reached Monday-Thursday 8am-5pm EST.

If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Alexander Kalinowski can be reached on (571)272-6771. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. Visit https://www.uspto.gov/patents/apply/patent-center for more information about Patent Center and https://www.uspto.gov/patents/docx for information about filing in DOCX format. For additional questions, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.





/A.L.L./Examiner, Art Unit 3691                                                                                                                                                                                                        
/HANI M KAZIMI/Primary Examiner, Art Unit 3691