Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .
DETAILED ACTION
Continued Examination Under 37 CFR 1.114
A request for continued examination under 37 CFR 1.114, including the fee set forth in 37 CFR 1.17(e), was filed in this application after final rejection.  Since this application is eligible for continued examination under 37 CFR 1.114, and the fee set forth in 37 CFR 1.17(e) has been timely paid, the finality of the previous Office action has been withdrawn pursuant to 37 CFR 1.114.  Applicant’s submission filed on 12/07/2021 has been entered.
As per instant Amendment, claims 1, 2, 6, 8-12, 14, 16 and 18-20 have been amended; claims 4, 7 and 15 have been cancelled; claims 21-22 have been added; Claims 1, 11 and 19 are independent claims.  Claims 1-3, 5-6, 8-14 and 16-22 have been examined and are pending. This Action is made Non-FINAL. 
Response to Arguments
Applicants’ arguments with respect to claims 1-20 have been considered but are moot in view of the new ground(s) of rejection.
Claim Rejections - 35 USC § 103
In the event the determination of the status of the application as subject to AIA  35 U.S.C.
102 and 103 (or as subject to pre-AIA  35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status.
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102 of this title, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.
Claims 1-3, 5-6, 8-14 and 16-22 are rejected under 35 U.S.C. 103 as being unpatentable over Ratnakaram (US 2020/0175154) and in view of Khan (US 9,918,226).
Regarding claim 1, Ratnakaram discloses a method for authenticating a secure credential transfer between two client devices (Ratnakaram abstract and par. 0033. Ratnakaram teaches a system for employing a smart device for secure and authenticated event. The secure event system 300 may be a system owned or controlled by the managing entity and/or a third party that specializes in data security, data encryption, secure communication between computing devices), the method comprising: 
transmitting, by one or more processors of a first client device, a first communication to an authentication server (Ratnakaram par. 0078 and 0059. Ratnakaram teaches that in response to the smart assistant application authenticating the user for the proposed transaction (and communicating this authentication back to the smart assistant device 503), the smart assistant device transmits the transaction details (i.e., the transaction details that it received from the merchant system 513) to the smart assistant application via the secure and dedicated communication channel and the smart assistant application an application provided by the managing entity system 200 (e.g., a financial institution) to a mobile computing device of a user. See also par. 0061); 
transmitting, by the one or more processors, a second communication to a second client device, the second communication including instructions for initiating the secure credential transfer on the second client device (Ratnakaram par. 0074. Ratnakaram teaches that once the secure and dedicated communication channel 512 has been established, the smart assistant device 503 transmits, to the mobile device 505, the digital voice ID of the user 501 (as determined by the smart assistant device 503), an identification code or other identifying indicia for the smart assistant device. See also par. 0073); 
receiving, by the one or more processors, an identifier of the second client device from the second client device in response to transmitting the second communication to the second client device (Ratnakaram par. 0073 and 0076. Ratnakaram teaches that the smart assistant device 503 initiates a handshake with the mobile device 505 of the user 501 (and specifically with the smart assistant application 507 of that mobile device 505) to establish a secure and dedicated communication channel 512 between the smart assistant device 503 and the mobile device 505. The smart assistant application 507 may additionally ensure that the device ID of the smart assistant device 503 is associated with the user 501, based on the data stored in the customer data reference database 511); 
(Ratnakaram par. 0075. Ratnakaram teaches that the smart assistant device 503 to emit an audible message that the transaction has been rejected, and/or prompt the user 501 to input additional authentication credentials either via the smart assistant device 503 or the mobile device 505 of the user 501); 
establishing, using the one or more, a secure -2-Application No. 16/526,384Docket No. GOOGLE 3.OF-2701 [11001] channel with the second client device for the secure credential transfer using one or more tokens associated with an account for the secure credential transfer (Ratnakaram par. 0066, 0074, 0076 and 0078. Ratnakaram teaches that the transfer and storage of additional tokens generated by the smart assistant device that interacts with the user. When the smart assistant application 507 determines that the received digital voice ID received from the smart assistant device 503 matches the customer voice ID(s) associated with the user. The smart assistant application additionally ensure that the device ID of the smart assistant device 503 is associated with the user 501, based on the data stored in the customer data reference database. In response to the smart assistant application 507 authenticating the user 501 for the proposed transaction, the smart assistant device 503 transmits the transaction details (i.e., the transaction details that it received from the merchant system 513) to the smart assistant application 507 via the secure and dedicated communication channel 512 with the mobile device 505. Once the secure and dedicated communication channel 512 has been established, the smart assistant device 503 transmits, to the mobile device 505, tokens or authentication information).
(Ratnakaram par. 0066, 0074-0076). However; Ratnakaram does not explicitly teach verifying, by the one or more processors, received user identification input and initiating, by the one or more processors, device identity verification for the second client device according to the verifying. 
However, in an analogous field, Khan teaches verifying, by the one or more processors, received user identification input (Khan Col. 10; lines 62-66 and Fig 2. Khan teaches that processing subsystem display, on a display subsystem 240, instructions to provide the identifier. Then, the user provide the identifier in the form of a username and/or a password entered using user-interface device); and 
initiating, by the one or more processors, device identity verification for the second client device according to the verifying (Khan Col. 13; lines 20-23 and Fig 4. Khan teaches that a flow diagram illustrating a method 400 for certifying a secure element, which may be performed by a processor in a secure element in an electronic device). 
Therefore, it would have been obvious to one of ordinary skill in the art at the time the invention was made to combine the teachings of Ratnakaram with the method and system of Khan, wherein verifying, by the one or more processors, received user identification input and initiating, by the one or more processors, device identity verification for the second client device according to the verifying to provide maintaining  (Khan col. 1; lines 51-56).
Regarding claim 2, Ratnakaram and Khan disclose the method of claim 21, 
Ratnakaram discloses wherein the user input includes a tap input in an applet installed on the first client device (Ratnakaram par. 0088. Ratnakaram teaches that to initiate the transaction with the merchant, the user provides a payment card for the transaction to the merchant system, as shown in block 702. The user may also be prompted to provide, and subsequently provide, additional information associated with the payment card (or another financial instrument) that may enable the transaction to successfully process (e.g., a personal identification number, a zip code, an answer to a security question, or the like). The merchant system then reads the payment card to obtain the financial information of the user. See also par. 0027). 
Regarding claim 3, Ratnakaram and Khan disclose the method of claim 1, 
Ratnakaram further discloses wherein the second communication is transmitted from the first client device to the second client device using near field communication (NFC) (Ratnakaram par. 0073. Ratnakaram teaches that the smart assistant device 503 determining that the mobile device 505 is within a particular proximity of the smart assistant device 503 (e.g., based on global positioning system ("GPS") data of the mobile device 505 and the smart assistant device 503, based on a detection using near field communication ("NFC") protocols, based on a detection using Bluetooth communication, based on a detection using a same wireless internet connection, or the like)).7
Regarding claim 5, Ratnakaram and Khan disclose the method of claim 1, 
Khan further discloses wherein the user identification input is an existing verification of user identity for the first client device (Khan Col.5; lines 23-29. Khan teaches that a processor in electronic device 110 provides an identifier of a user of electronic device 110 (such as a username, a password and/or a biometric identifier) to electronic device 114 (such as a server associated with a provider of electronic device 110 and, more generally, hardware under the control of and/or otherwise performing actions on behalf of the provider of electronic device 110)).
Therefore, it would have been obvious to one of ordinary skill in the art at the time the invention was made to combine the teachings of Ratnakaram with the method and system of Khan, wherein verifying, by the one or more processors, received user identification input and initiating, by the one or more processors, device identity verification for the second client device according to the verifying to provide maintaining the security of the secure element by requesting a secure-element identifier from the secure element to ensure that it is safe to provide an update for an applet or an application on the secure element (Khan col. 1; lines 51-56).
Regarding claim 6, Ratnakaram and Khan disclose the method of claim 1, 
Khan further discloses wherein a security status of the second client device is obtained from a trusted security chip of the second client device (Khan Col.7; lines 5-10. Khan teaches that processing subsystem include a secure enclave processor 220 (which is a system-on-chip within one or more processors in processing subsystem 210) that performs security services for other components in the processing subsystem 210 and that securely communicates with other subsystems in electronic device).
Therefore, it would have been obvious to one of ordinary skill in the art at the time the invention was made to combine the teachings of Ratnakaram with the method and system of Khan, wherein verifying, by the one or more processors, received user identification input and initiating, by the one or more processors, device identity verification for the second client device according to the verifying to provide maintaining the security of the secure element by requesting a secure-element identifier from the secure element to ensure that it is safe to provide an update for an applet or an application on the secure element (Khan col. 1; lines 51-56).
Regarding claim 8, Ratnakaram and Khan disclose the method of claim 1, 
Khan further discloses further comprising receiving, by the one or more processors, a certification for the second client device (Khan Col. 16; lines 9-21. Khan teaches that secure enclave processor 220 may provide certification information (such as the secure-element identifier, the optional certificate, the digital signature and the sign-in token) to electronic device 112, which certifies that secure element 230 is valid using information available to electronic device 112 (such as the optional certificate and the private encryption key associated with the provider of secure element 230). In some embodiments, electronic device 112 communicates with electronic device 114 to confirm that the sign-in token is valid, e.g., using the unencrypted version of the sign-in token that is provided to electronic device 112 by secure enclave processor 220).
 (Khan col. 1; lines 51-56).
Regarding claim 9, Ratnakaram and Khan disclose the method of claim 1, 
Khan further discloses further comprising, receiving, by the one or more processors, a selection of the account for the secure credential transfer (Khan Col. 9; lines 59-66. Khan teaches that the user may use passbook 248 to select or activate one or more of payment applets 236 (such as payment applets 236-1 and 236-4). If payment applet 236-1 supports the authentication-complete flag (as indicated by the enabling or setting of authentication support in payment applet 236-1), in order for payment applet 236-1 to conduct a financial transaction with electronic device 112 (FIG. 1)).
Therefore, it would have been obvious to one of ordinary skill in the art at the time the invention was made to combine the teachings of Ratnakaram with the method and system of Khan, wherein verifying, by the one or more processors, received user identification input and initiating, by the one or more processors, device identity verification for the second client device according to the verifying to provide maintaining the security of the secure element by requesting a secure-element identifier from the secure  (Khan col. 1; lines 51-56).
Regarding claim 10, Ratnakaram and Khan disclose the method of claim 1, 
Ratnakaram further discloses the first client device is used as a proxy for invoking the identifier related to a security status of the second client device to the authentication server (Ratnakaram par. 0001 and 0071. Ratnakaram teaches that Smart devices, including voice assistant devices, voice assistant applications, and the like, are being utilized to execute events on behalf of their users, especially with respect to common or frequent events. The smart assistant device 503, upon receiving this prompt, will interface with a merchant system 513 associated with Merchant B (e.g., via an online portal of the merchant system 513 or via a direct link between a managing entity of the smart assistant device 503 and the merchant system 513), and initiate a transaction request with the merchant system 513 for product A on behalf of the user 501, as shown at event 514. Upon receiving the transaction request from the smart assistant device 503, the merchant system 513 may transmit proposed transaction details back to the smart assistant device, as also represented by event 514).
Regarding claims 11-14, 16-18; claims 11-14 and 16-18 are directed to a non-transitory computer readable medium associated with the method claimed in claims 1-3, 5-6 and 8-10 respectively. Claims 11-14 and 16-18 are similar in scope to claims 1-3, 5-6 and 8-10 respectively, and are therefore rejected under similar rationale respectively.
Regarding claim 19, Ratnakaram discloses an authentication server comprising: a memory storing a database of device identity information for a plurality of devices that (Ratnakaram par.  0001. Ratnakaram teaches that Smart devices, including voice assistant devices, voice assistant applications, and the like, are being utilized to execute events on behalf of their users, especially with respect to common or frequent events); and 
one or more processors in communication with the memory, the one or more processors (Ratnakaram par.  0003. Ratnakaram teaches that the present invention address the above needs and/or achieve other advantages by providing apparatuses (e.g., a system, computer program product and/or other devices) and methods for employing a smart device for secure event execution. The system embodiments may comprise one or more memory devices having computer readable program code stored thereon, a communication device, and one or more processing devices operatively coupled to the one or more memory devices, wherein the one or more processing devices are configured to execute the computer readable program code to carry out the invention) being configured to: 
receive a communication from a first computing device related to initiating a secure credential transfer between the first computing device and a second computing device (Ratnakaram par. 0074, 0078 and 0059. Ratnakaram teaches that in response to the smart assistant application authenticating the user for the proposed transaction (and communicating this authentication back to the smart assistant device 503), the smart assistant device transmits the transaction details (i.e., the transaction details that it received from the merchant system 513) to the smart assistant application via the secure and dedicated communication channel and the smart assistant application an application provided by the managing entity system 200 (e.g., a financial institution) to a mobile computing device of a user. The smart assistant device 503 transmits, to the mobile device 505, the digital voice ID of the user 501 (as determined by the smart assistant device 503), an identification code or other identifying indicia for the smart assistant device. See also par. 0073. 0061, 0073); 
performing a verification that that (1) the information related to the user identity verification is from the first computing device, (Ratnakaram par. 0006. Ratnakaram teaches that validating the digital voice identification code associated with the audible transaction request as being associated with the user is based on stored customer reference data and a smart assistant device identification code associated with the smart assistant device) (2) the first identifier matches the second identifier (Ratnakaram par. 0075. Ratnakaram teaches that the smart assistant application 507 can determine whether the digital voice ID received from the smart assistant device 503 matches the reference data stored in the customer data reference database), (3) the second identifier matches a device in the database of device identity information stored in the memory (Ratnakaram par. 0076. Ratnakaram teaches that when the smart assistant application 507 determines that the received digital voice ID received from the smart assistant device 503 matches the customer voice ID(s) associated with the user 501 stored in the customer data reference database 511, the smart assistant application 507 authenticates the user 501 for the proposed transaction);
provide one or more tokens to the second computing device to enable establishment of a channel with the second computing device for the secure credential transfer (Ratnakaram par. 0066, 0074, 0076 and 0078. Ratnakaram teaches that the transfer and storage of additional tokens generated by the smart assistant device that interacts with the user. When the smart assistant application 507 determines that the received digital voice ID received from the smart assistant device 503 matches the customer voice ID(s) associated with the user. The smart assistant application additionally ensure that the device ID of the smart assistant device 503 is associated with the user 501, based on the data stored in the customer data reference database. In response to the smart assistant application 507 authenticating the user 501 for the proposed transaction, the smart assistant device 503 transmits the transaction details (i.e., the transaction details that it received from the merchant system 513) to the smart assistant application 507 via the secure and dedicated communication channel 512 with the mobile device 505. Once the secure and dedicated communication channel 512 has been established, the smart assistant device 503 transmits, to the mobile device 505, tokens or authentication information).
Ratnakaram3KhanKhanKkk teaches 3 transmitting, by one or more processors of a first client device, a first communication and second communication and establishing, using the one or more, a secure -2-Application No. 16/526,384Docket No. GOOGLE 3.OF-2701 [11001] channel with the second client device for the secure credential transfer using one or more tokens associated with an account for the secure credential transfer (Ratnakaram par. 0066, 0074-0076). However; Ratnakaram does not explicitly teach verifying, by the one or more processors, received user identification input and initiating, by the one or more processors, device identity verification for the second client device according to the verifying. 
However, in an analogous field, Khan teaches receive a validation request from the second computing device (electronic device 110), the validation request including a challenge communication (Khan Col.16; lines 9-12 and Figs. 2, 7 and 8. Khan teaches that secure enclave processor 220 may provide certification information (such as the secure-element identifier, the optional certificate, the digital signature and the sign-in token) to electronic device 112) carrying:
information related to a user identity verification (Khan Col. 13; lines 58-64 and Figs 1, 2 and 8. Khan teaches that receives, from a user, an identifier (such as a username, a password and/or a biometric identifier of the user); provides, to a third electronic device (such as electronic device 114 in FIG. 1), the identifier; receives, from the third electronic device, a sign-in token (such as a single sign-in token) that is based on the identifier; and provides, to the secure element, the sign-in token), 
a first identifier from a previous challenge communication (Khan Col. 14; lines 23-29 and Fig 6. Khan teaches that electronic device 112 may request the secure-element identifier (SEID) from secure element 230 in electronic device 110. In response, secure element 230 may access the controlling authority security domain to obtain the secure-element identifier, and may provide the secure-element identifier to electronic device 112), and 
a signature from the second computing device including a second identifier related to a security status of the second computing device (Khan Col. 14; lines 37-44. Khan teaches that using the challenge and the secure-element identifier, secure element 230 may access the controlling authority security domain to obtain the encryption key, and may generate the digital signature. In particular, secure element 230 may sign the secure-element identifier and the challenge using a secure hash technique and the encryption key. Next, secure element 230 may provide the digital signature to electronic device 112).
 (Khan col. 1; lines 51-56).
 Regarding claim 20, Ratnakaram and Khan disclose the authentication server of claim 19, 
Ratnakaram further discloses wherein the one or more processors are configured to: 
provide a first token for the user account to the first computing device (Ratnakaram par. 0066. Ratnakaram teaches that event 504 may include the transfer and storage of additional tokens generated by the smart assistant device 503);
receive a selection of a user account from the first computing device (Ratnakaram par. 0075. Ratnakaram teaches that the smart assistant device 503 to emit an audible message that the transaction has been rejected, and/or prompt the user 501 to input additional authentication credentials either via the smart assistant device 503 or the mobile device 505 of the user 501);
 (Ratnakaram par. 0066. Ratnakaram teaches that event 504 may include the transfer and storage of additional tokens generated by the smart assistant device 503. These additional tokens may include a smart assistant device 503 identification code (e.g., a device ID or any other indicia that names or is unique to the smart assistant device 503 that interacts with the user 501));
provide a third token for establishing a secure channel with the second client device for the secure credential transfer (Ratnakaram par. 0066, 0074, 0076 and 0078. Ratnakaram teaches that the transfer and storage of additional tokens generated by the smart assistant device that interacts with the user. When the smart assistant application 507 determines that the received digital voice ID received from the smart assistant device 503 matches the customer voice ID(s) associated with the user. The smart assistant application additionally ensure that the device ID of the smart assistant device 503 is associated with the user 501, based on the data stored in the customer data reference database. In response to the smart assistant application 507 authenticating the user 501 for the proposed transaction, the smart assistant device 503 transmits the transaction details (i.e., the transaction details that it received from the merchant system 513) to the smart assistant application 507 via the secure and dedicated communication channel 512 with the mobile device 505. Once the secure and dedicated communication channel 512 has been established, the smart assistant device 503 transmits, to the mobile device 505, tokens or authentication information).  
Khan further discloses receive a signed token from the second computing device (Khan Col.15; lines 22-25. Khan teaches that a digital signature may include a signed version of the sign-in token and the secure-element identifier. Furthermore, the processor provides, to the second electronic device (such as electronic device 112 in FIG. 1)); 
Therefore, it would have been obvious to one of ordinary skill in the art at the time the invention was made to combine the teachings of Ratnakaram with the method and system of Khan, wherein receive a signed token from the second computing device to provide maintaining the security of the secure element by requesting a secure-element identifier from the secure element to ensure that it is safe to provide an update for an applet or an application on the secure element (Khan col. 1; lines 51-56).
Regarding claim 21, Ratnakaram and Khan disclose the method of claim 1, 
Khan further discloses wherein the first communication is triggered when the one or more processors receive a user input to initiate the secure credential transfer to the second client device, the first communication including at least one of information related to (1) the first client device, (2) initiating the secure credential transfer or (3) an account for transfer (Ratnakaram par. 0070-0071. Ratnakaram teaches that the transaction process 500b of FIG. 5, the user 501 may wish to initiate a transaction for a product or service from a particular merchant, where the user 501 wishes to utilize the smart assistant device 503 in executing the desired transaction and the smart assistant device 503 and the merchant system 513), and initiate a transaction request with the merchant system 513 for product A on behalf of the user 501).
Therefore, it would have been obvious to one of ordinary skill in the art at the time the invention was made to combine the teachings of Ratnakaram with the method and system of Khan, wherein verifying, by the one or more processors, received user  (Khan col. 1; lines 51-56).
Regarding claim 22; claim 22 is directed to a non-transitory computer readable medium associated with the method claimed in claim 1. Claim 22 is similar in scope to claim 1, and is therefore rejected under similar rationale respectively.
Conclusion
Any inquiry concerning this communication or earlier communications from the examiner should be directed to SANCHIT K SARKER whose telephone number is (571)270-7907. The examiner can normally be reached M-F 8:30 AM-5:30 PM.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, FARID HOMAYOUNMEHR can be reached on 571-272-3739. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.






/SANCHIT K SARKER/Examiner, Art Unit 2495