DETAILED ACTION
Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .

Drawings
The drawings are objected to because “encrytping the password” at reference no. 304 in Fig. 3 should read as “encrypting the password”.  Corrected drawing sheets in compliance with 37 CFR 1.121(d) are required in reply to the Office action to avoid abandonment of the application. Any amended replacement drawing sheet should include all of the figures appearing on the immediate prior version of the sheet, even if only one figure is being amended. The figure or figure number of an amended drawing should not be labeled as “amended.” If a drawing figure is to be canceled, the appropriate figure must be removed from the replacement sheet, and where necessary, the remaining figures must be renumbered and appropriate changes made to the brief description of the several views of the drawings for consistency. Additional replacement sheets may be necessary to show the renumbering of the remaining figures. Each drawing sheet submitted after the filing date of an application must be labeled in the top margin as either “Replacement Sheet” or “New Sheet” pursuant to 37 CFR 1.121(d). If the changes are not accepted by the examiner, the applicant will be notified and informed of any required corrective action in the next Office action. The objection to the drawings will not be held in abeyance.

Claim Objections
Claims 2-3, 5-7, and 11-12 objected to because of the following informalities:  
Each mention of “wherein the steps further comprises” should read as “wherein the steps further comprise”.
In Claim 2, “wherein the data further includes” should read as “wherein the data further include”.
In Claim 7, “embeded” should read as “embedded”.
Appropriate correction is required.

Claim Rejections - 35 USC § 103
In the event the determination of the status of the application as subject to AIA  35 U.S.C. 102 and 103 (or as subject to pre-AIA  35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status.  
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.

Claims 1-3 are rejected under 35 U.S.C. 103 as being unpatentable over Huber et al. (U.S. Patent No. 2014/0375422 A1) hereinafter referred to as “Huber” in view of Kuenzi et al. (U.S. Patent No. 2013/0257590 A1) hereinafter referred to as “Kuenzi” and further in view of Sindhu (U.S. Patent No. 2010/0323762 A1) hereinafter referred to as “Sindhu”.
Regarding Claim 1:
	Huber discloses:
	A lock, comprising:
(Fig. 3, Par. [0071], an electronic lock 300 (lock) that includes a dynamic display 301 (display). The dynamic display 301 may display one or more of a machine-readable optical identifier 302 (QR code))
and an on-screen keyboard (Par. [0057], 	keypad 104 (keyboard) may comprise physically actuated buttons, touch sensitive (e.g., capacitive, resistive) buttons (on-screen))
one or more processors (Par. [0010], one or more processors)
and a non-transitory computer-readable medium comprising one or more sequences of instructions which, when executed by the one or more processors, causes steps to be performed comprising (Par. [0044], Embodiments within the scope of the present invention (steps to be performed) also include physical and other computer-readable media (non-transitory computer-readable medium) for carrying or storing computer executable (when executed by the one or more processors) instructions (comprising one or more sequences of instructions))
generating a password (Par. [0051], generates access codes)
encrypting the password with an encryption key (Par. [0123], all or a part of the code may be encrypted or encoded, such as using a shared key)
(taught by Kuenzi below)
displaying the data as a QR code on the display (Fig. 3, Par. [0071], an electronic lock 300 that includes a dynamic display 301. The dynamic display 301 may display one or more of a machine-readable optical identifier 302 (data as a QR code on the display))
reading an input entered on the (Par. [0054], a user input device (input entered), such as the depicted keypad (keyboard)). Sindhu teaches the limitation of a specifically on-screen keyboard below.
(Abstract, grants access to one or more lock features (unlocking the lock) when the time-based access code (password) matches the received access code (input))
and repeating the steps (a) - (d) (Par. [0056], time-based one-time password algorithm (repeating the steps)) Since the system disclosed by Huber involves a one-time password, it is necessary to repeat the steps beginning from generating a new password after the password has been used. 

Kuenzi discloses the following limitation not explicitly taught by Huber:
generating data that include information of the encrypted password and an identification (ID) of the lock (Par. [0019], barcode image 110 may contain information identifying the lock (identification of the lock, Par. [0020], display a series of characters 160 (password) … generated using, the captured barcode image (data that include information of encrypted password)) Unlike Huber, the barcode image of Kuenzi may contain the encrypted password, by virtue of being able to generate the password from processing the barcode image alone. This has the benefit of not needing to contact an external server for obtaining the password, which is noted by Huber to allow access in areas with poor cellular reception.

References Huber and Kuenzi are considered to be analogous art because they relate to digital locks which display a QR code which is scanned to obtain a password. Therefore, it would have been obvious of one of ordinary skill in the art before the effective filing date of the claimed invention to combine the lock system taught by Huber with the QR code which explicitly contains the encrypted password taught by Kuenzi in order to gain the benefit of not needing to contact an external server to obtain the password. 

Sindhu discloses the following limitation not explicitly taught by either Huber or Kuenzi:
(Par. [0005], a translucent on-screen keyboard via a touch-screen display of a computing device). The combination of Huber/Kuenzi discloses the claimed lock system except where the keyboard is specifically an on-screen keyboard. Sindhu however teaches an on-screen keyboard for computing devices which “result in increased efficiency with which a user is able to enter data into and retrieve, view or otherwise access data” particularly in the realm of mobile devices (Par. [0005]). Sindhu also teaches that there is a trend in the market towards miniaturization of computing devices and a resulting trend which attempts to address the reduced usability from smaller form factors (Par. [0004], to overcome this usability limit, many device manufactures have begun to provide different ways by which users may interact with the mobile devices). Furthermore, Sindhu teaches that it is well known in the art that the usability limit may be addressed with providing an on-screen keyboard in lieu of a physical one (Par. [0004], other mobile devices eliminate the physical keyboard and provide a touch-screen display (on-screen keyboard) with which a user may interact using either a finger or a stylus). 

The combination of Huber/Kuenzi and reference Sindhu are considered to be analogous art because they both relate to computing devices with a digital display and keyboard. Therefore, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to produce a variation of the lock system of Huber/Kuenzi to include an on-screen keyboard due to market forces, since such variations were commonplace for the mobile devices in Sindhu and in order to gain the benefit of increased usability in light of hardware miniaturization.



Regarding Claim 2:
The combination of Huber, Kuenzi, and Sindhu discloses Claim 1.
Huber further discloses:
A lock as recited in claim 1, wherein the data further includes an initialization vector that is required to encrypt the password (Par. [0056], based on time data (initialization vector) provided by the RTC, the microcontroller(s) are configured to generate access codes using a time-based cryptographic algorithm (required to encrypt the password)) 

Regarding Claim 3:
The combination of Huber, Kuenzi, and Sindhu discloses Claim 1.
Huber further discloses:
A lock as recited in claim 1, wherein the steps further comprises: registering the lock to a server (Par. [0052], the electronic lock 100 as it is registered in a lock management system (server))
(taught by Kuenzi below)

Kuenzi discloses the following limitation not explicitly disclosed by Huber or Sindhu:
receiving the ID of the lock and the encryption key from the server (Par. [0021],  central control 175 (the server) may communicate to mobile device (receiving from) 105 … data related to the functions described in this disclosure, such as data representing the expected appearance of barcode image 110 (encryption key) … data (such as information that identifies user 155) (lock ID) to be input to an algorithm for generating the series of characters (password) 160, Par. [0006], creating key information based on the user information and the lock information (creation of password involves lock ID)). Unlike Huber/Sindhu, Kuenzi teaches that the data used to generate the password (lock ID and encryption key) may be received by the server (central control). This has the benefit of central control acting as a property management system, which in one example, central control can change the key information of a lock remotely such as for a user checking out of a hotel.

The combination of Huber and Sindhu and reference Kuenzi are considered to be analogous art because they relate to digital locks which display a QR code which is scanned to obtain a password. Therefore, it would have been obvious of one of ordinary skill in the art before the effective filing date of the claimed invention to combine the lock management system taught by Huber/Sindhu with the server taught by Kuenzi which has the ability to designate the lock ID and encryption key in order to gain the benefit of the management system being able to change the key information of the lock remotely.

Claims 4, 7, 10, 13 are rejected under 35 U.S.C. 103 as being unpatentable over Huber in view of Kuenzi.

Regarding Claim 4:
Huber discloses:
A mobile device for retrieving a password embedded in a quick response (QR) code (Par. [0101], the mobile device scans a machine-readable optical identifier (embedded in a quick response (QR) code), the mobile device can use the server key(s) to generate the appropriate access code (retrieving a password))
comprising a display (Par. [0081], a display screen of the mobile device)
one or more processors; and a non-transitory computer-readable medium comprising one or more sequences of instructions which, when executed by the one or more processors, causes steps to (Claim 1, a mobile computer system including one or more processors and system memory (non-transitory computer-readable medium comprising one or more sequences of instructions), a method (steps to be performed))
capturing and scanning an image of a QR code (Fig. 10, Par. [0079], by scanning a QR code with a mobile device) 
(taught by Kuenzi below)
(taught by Kuenzi below)
sending a request for access of the lock, the request including the ID of the lock and an ID of a user (Par. [0100], the mobile device sends an unlock request to the server. The unlock request includes at least the lock identifier (ID of the lock). The unlock request can also include other data fields, such as user identification information (ID of a user))
receiving an access notification that includes a decryption key (Par. [0101], If the server determines that the mobile device/user is authorized to access the lock(s) (access notification), the server can send the mobile device (receiving) one or more server keys (decryption key), Par. [0123], all or a part of the code may be encrypted or encoded, such as using a shared key (server keys may be decryption key)
(taught by Kuenzi below)
displaying the decrypted password on the display, wherein the decrypted password is used to unlock the lock (Par. [0100], the mobile device displays the access code, and the user enters the access code at the lock)

Kuenzi discloses the following limitations not explicitly taught by Huber:
(Par. [0019], barcode image 110 may contain information identifying the lock, Par. [0020], display a series of characters 160 (password) … generated using, the captured barcode image (data that include information of encrypted password)). This limitation is analogous to that of Claim 1, and the same rationale is used here: unlike Huber, the barcode image of Kuenzi may contain the encrypted password, by virtue of being able to generate the password from processing the barcode image alone. This has the benefit of not needing to contact an external server for obtaining the password, which is noted by Huber to allow access in areas with poor cellular reception.
extracting the ID of the lock and the encrypted password from the scanned image (Par. [0023], an application, software program, or the like, running on mobile device 105 processes (extracting) the data (ID of the lock and the encrypted password) represented by or contained in barcode image (scanned image) 110 to generate a series of characters 160 that act as key information) Huber does not teach that the scanned image contains the encrypted password, and inherently does not teach extracting the encrypted password from the scanned image. Unlike Huber, the barcode image of Kuenzi may contain the encrypted password, so the previous rationale may be used as this forms a sub-step in generating the password as done in the limitation of Claim 1. 
decrypting the encrypted password using the decryption key (Par. [0023], software program, or the like, running on mobile device 105 processes the data represented by or contained in barcode image (encrypted password) 110 to generate a series of characters (decrypt) … the application on mobile device 105 may communicate with central control 175 in order to obtain information (e.g. user-identifying information) or variables needed (the decryption key) to calculate series of characters). While Huber teaches that cryptographic keys may be sent, Huber does not explicitly teach using the keys to the decode the encrypted password. Instead, these keys are used as inputs to a time-based cryptographic algorithm which generates the codes, but does not necessarily use the data encoded within the barcode. Kuenzi however teaches that the mobile device must be able to generate (decrypt) the passcode from the barcode image (encrypted password). This allows the mobile device to compute the password to the electronic lock and describes an alternative method of obtaining the password. This method of direct decryption avoids clock synchronization issues described by Huber where the server and lock describe different passwords from the time-based cryptographic algorithm due to their clocks not being aligned (Par. [0098], lock's clock has drifted to an unacceptable level).

References Huber and Kuenzi are considered to be analogous art because they relate to digital locks which display a QR code which is scanned to obtain a password. Therefore, it would have been obvious of one of ordinary skill in the art before the effective filing date of the claimed invention to combine the lock system taught by Huber with the scanned image (QR code) which explicitly contains the encrypted password taught by Kuenzi in order to gain the benefit of not needing to contact an external server to obtain the password. Additionally, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to substitute the password generation method taught by Huber with decryption of the encrypted password taught by Kuenzi in order to gain the benefit of avoiding time synchronization related issues. 

Regarding Claim 7:
The claim has limitations similar to those treated in the above rejection of Claim 4, and is met by the references as discussed above. 
Huber further discloses:
a computer implemented method (Par. [0009], an embodiment may include a mobile computer system for providing an unlock code for a lock (computer implemented method)). Thus, the actions performed by the mobile device of the previous claim constitutes a computer implemented method.

Regarding Claim 10:
The claim has limitations similar to those treated in the above rejection of Claim 4, and is met by the references as discussed above. 
Huber further discloses:
sending a query to check whether a user of the mobile device has access to the lock, the query including the ID of the lock and an ID of the user (Par. [0096-97], In addition to sending (sending a query) the lock identifier (ID of the lock) to the server 703, the mobile device 702 may send one or more additional pieces of information to the server 703, such as user identification information (ID of the user) … For example, the server 703 may use user identification information to verify whether the requesting user is permitted to access the lock 701a (check whether a user of the mobile device has access to the lock))

Regarding Claim 13:
The claim has limitations similar to those treated in the above rejections of Claims 7 and 10, and is met by the references as discussed above. 

Claims 5, 8, 11, 14 are rejected under 35 U.S.C. 103 as being unpatentable over the combination of Huber and Kuenzi further in view of the Android Developer Guide (“Request App Permissions”).
Regarding Claim 5:
The combination of Huber and Kuenzi discloses Claim 4.
Huber further discloses:
(Par. [0096-97], the mobile device 702 may send one or more additional pieces of information to the server 703 … the server 703 may use user identification information to verify whether the requesting user is permitted to access the lock 701a (determining whether the user has an access to the lock))
(taught by the Android Developer Guide below)
and otherwise, retrieving the decryption key stored in the mobile device and proceeding to the step (e) (Par. [0101], In the offline mode (stored in the mobile device) … the mobile device can use the server key(s) (retrieving the decryption key) to generate the appropriate access code (proceeding to the step (e)))

The Android Developer Guide discloses the following limitation not explicitly disclosed by Huber:
and if an answer to the determination is negative, proceeding to the step (c) (Par. [0007], if the app does not have the permission (answer to the determination is negative), the method returns PERMISSION_DENIED, and the app has to explicitly ask the user for permission (proceeding to the step (c), requesting access)). Huber teaches requesting access which includes determining whether the device has access, but does not distinguish between the two actions as separate. The Android Developer Guide however teaches that these two actions can be clearly separated: the mobile device can check for access first (check permission) and then request access (request permission) if denied. The Android Developer Guide teaches that checking for permissions has the inherent benefit of providing an expedient way of obtaining access if the permission is granted already, while also retaining the benefit of requiring access be explicitly granted if the prior determination was negative. 


Regarding Claim 8:
The combination of Huber and Kuenzi discloses Claim 7.
The claim has limitations similar to those treated in the above rejection of Claim 5, and is met by the references as discussed above. 

Regarding Claim 11:
The combination of Huber and Kuenzi discloses Claim 10. 
Huber further discloses:
receiving an access query response notifying that the user does not have access to the lock (taught by the Android Developer Guide below)
sending a request for access of the lock, the request including the ID of the lock and the ID of the user (Par. [0100], the mobile device sends an unlock request to the server (sending a request for access of the lock). The unlock request includes at least the lock identifier (ID of the lock). The unlock request can also include other data fields, such as user identification information (ID of the user))
responsive to receiving an access notification, proceeding to step (a) (Par. [0135], The locks desktop interface may also enable lock-related settings to be set or changed (responsive to receiving an access notification). Settings may include permissions (e.g., a whitelist of approved users or a blacklist of banned users); Par. [0071], the machine-readable optical identifier 302 may be dynamically-updated (proceeding to step (a))) By changing permissions for the user to access the lock, lock-related settings may change. The QR code taught by Huber dynamically updates according to lock related settings, which inherently necessitates rescanning the QR code for access (proceeding to step (a))

The Android Developer Guide discloses the following limitation not explicitly disclosed by Huber:
receiving an access query response notifying that the user does not have access to the lock (Par. [0007], If the app does not have the permission (user does not have access to the lock), the method returns PERMISSION_DENIED (receiving access query response), and the app has to explicitly ask the user for permission.)

The previous limitation is similar to that treated in the above rejection of Claim 5, and is met by the references as discussed above.

Regarding Claim 14:
The combination of Huber and Kuenzi discloses Claim 13. 
The claim has limitations similar to those treated in the above rejections of Claims 8 and 11, and is met by the references as discussed above.

Claims 6, 9, 12, 15 are rejected under 35 U.S.C. 103 as being unpatentable over the combination of Huber and Kuenzi further in view of Nielsen (“Confirmation Dialogs Can Prevent User Errors – If Not Overused”).
egarding Claim 6:
The combination of Huber and Kuenzi discloses Claim 4.
Nielsen discloses:
A mobile device as recited in claim 4, wherein the steps further comprises, after the step (b): querying the user whether the user wants to request access; and if an answer to the query is negative, terminating a process for retrieving the password; and otherwise, proceeding to step (c) (Par. [0003-4], There are many ways to prevent (or at least reduce) user errors (terminating a process for retrieving the password). Here, we’ll focus on one of the simplest — the confirmation dialog. A confirmation dialog asks users (querying the user) whether they are sure that they want to proceed (whether the user wants to request access) with a command that they have just issued to a system (proceeding to step (c))) Huber/Kuenzi do not explicitly teach querying the user if they want to request access.  Nielsen however teaches that querying the user in the form of a confirmation dialog before proceeding with an action is beneficial since it reduces user errors/unintended actions.

References Huber and Nielsen are considered analogous art because they both pertain to performing potentially undesired actions in software, i.e. Huber pertains to having the mobile device request access from the server while Nielsen pertains to confirming such actions through a confirmation dialog. Therefore, it would have been obvious of one of ordinary skill in the art before the effective filing date of the claimed invention to combine the lock system of Huber/Kuenzi with the confirmation dialog of Nielsen in order to gain the benefit of reducing unintended actions from the user.   


Regarding Claim 9:
The combination of Huber and Kuenzi discloses Claim 7.


Regarding Claim 12:
The combination of Huber, Kuenzi, and the Android Developer Guide discloses Claim 11. 
The claim has limitations similar to those treated in the above rejection of Claim 6, and is met by the references as discussed above. 

Regarding Claim 15:
The combination of Huber, Kuenzi, and the Android Developer Guide discloses Claim 14. 
The claim has limitations similar to those treated in the above rejections of Claims 9 and 12, and is met by the references as discussed above.

Related Art
	The following prior art made of record and cited on PTO-892, but not relied upon, is considered pertinent to applicant’s disclosure: 
Chen (U.S. Patent No. 2017/0338950 A1) – Includes a method for cryptographic communication in which a decryption key is received from a central server in order to decrypt a message.

Conclusion
Any inquiry concerning this communication or earlier communications from the examiner should be directed to ETHAN V VO whose telephone number is (571)272-2505. The examiner can normally be reached M-F 8am-5pm.

If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Lynn Feild can be reached on (571)272-2092. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. Visit https://www.uspto.gov/patents/apply/patent-center for more information about Patent Center and https://www.uspto.gov/patents/docx for information about filing in DOCX format. For additional questions, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.






/E.V.V./Examiner, Art Unit 4122      

01/11/2022                                



/ALEXANDER LAGOR/Primary Examiner, Art Unit 2491