Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .


DETAILED ACTION
Claims 1-20 are presented for examination.
This is a first action on the merits based on Applicant’s claims submitted 7/12/2019.                    

Information Disclosure Statement
The information disclosure statement(s)(IDS) submitted on 7/12/2019, 4/03/2020, 5/18/2021 and 10/12/2021 is/are in compliance with the provisions of 37 CFR 1.97.  Accordingly, the information disclosure statement (s) is/are being considered by the examiner.
Applicant is respectfully reminded of the duty to disclose 37 C.F.R. 1.56 all pertinent information and material pertaining to the patentability of applicant’s claimed invention, by continuing to submitting in a timely manner PTO-1449, Information Disclosure Statement (IDS) with the filing of applicant’s application or thereafter.
 
Claim Objections
Claim 1, 9, 17 are objected to because of the following informalities:  Appropriate correction is required.
The "and/or" language makes the claim vague, the examiner is not sure whether it means "and" or it means "or" as part of the limitation.

Claim Rejections - 35 U.S.C. 112
The following is a quotation of 35 U.S.C. 112(b):
(b)  CONCLUSION.—The specification shall conclude with one or more claims particularly pointing out and distinctly claiming the subject matter which the inventor or a joint inventor regards as the invention.
The following is a quotation of 35 U.S.C. 112 (pre-AIA ), second paragraph:
The specification shall conclude with one or more claims particularly pointing out and distinctly claiming the subject matter which the applicant regards as his invention.
Claims 1, 3, 9, 11, 17-18  are rejected 35 U.S.C. 112(b) or 35 U.S.C. 112 (pre-AIA ), second paragraph, as being indefinite for failing to particularly point out and distinctly claim the subject matter which the inventor or a joint inventor, or for pre-AIA  the applicant regards as the invention.
For claim 1, the claim language reciting “being associated with the command message…” lacks proper antecedent basis.  The underlined term has not been positively recited previously therefore is not clear as what this term is referring to.  Appropriate correction is required.  
For claims 1, 9, and 18, the term “the first and second time periods are within the predetermined threshold…” deems the limitation ambiguous.  The underlined term refers back to a term that has been positively recited twice, therefore is not clear as to which “a predetermined threshold” the underlined term is referring to.  Appropriate correction is required.  See also claim 3 and 11.
For claims 3, 11, the limitation reading “decrypting the encrypted third time period; comparing, by the first device, the third time period to a fourth time period determined by the first device and being measured from a time when the first response message was transmitted to the second device and a time when the second request message is received by the first device;” deems the claim unclear as to what the inventor regards as the invention.  The limitation first states that the encrypted third time period is decrypted.  However, when the comparison step takes place, it is not clear which third time period is being compared to a fourth time period, i.e. the encrypted or decrypted third time period.   
For claim 17, the claim limitation reciting “”associated with the command message, the first response message and/or the first response message…” deems the claim unclear as to what the inventor regards as the invention.  Firstly, the underlined term lacks proper antecedent basis as it has not been positively recited previously.  Therefore, it is unclear as to what this “first response message” is referring to.  Secondly, the claim limitation redundantly recites “the first response message”.  Does the claim limitation intends to recite that the data message is associated with the command message and the first response message or is it associated with only the first response message?  Or does the claim limitation intends to recite that the data message is associated with the command message or the first response message?  Appropriate correction is required.

Claim Rejections - 35 USC § 103
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent may not be obtained though the invention is not identically disclosed or described as set forth in section 102 of this title, if the differences between the subject matter sought to be patented and the prior art are such that the subject matter as a whole would have been obvious at the time the invention was made to a person having ordinary skill in the art to which said subject matter pertains.  Patentability shall not be negatived by the manner in which the invention was made.
Claim1-2 rejected under 35 U.S.C. 103 as being unpatentable over Ivanchykhin et al. (US 2015/0082427 A1, hereinafter “Dmytro”) in view of Smets et al. (US 2014/0365776 A1, hereinafter “Smets”)  *Examiner notes that both prior arts were provided in the IDS.

Regarding claim 1, Dmytro teaches:
1. A method comprising: 
generating and sending, by a first device, a command to a second device in a transaction conducted between the first device and the second device (par 36; i.e. command sent by a terminal device), wherein the second device thereafter generates a first request message and transmits the first request message to the first device (par 95; request and responses generated); 
receiving, by the first device, the first request message (par 95; i.e. APDU request); 
generating, by the first device, a first response message (par 95, i.e. APDU response); 
transmitting, by the first device, the first response message to the second device (par 95, 99; i.e. APDU response); 
receiving, by the first device, a data message (i.e. Examiner interprets this as data payload in APDU response) from the second device, the data message comprising an encrypted value comprising a first time period in encrypted form (par 97; Time information is included in APDU response), the first time period determined by the second device (par 97: “T.sub.d for a preceding APDU may be included into a subsequent response of a special APDU request/response”), and being associated with the command message (par 100: “The T.sub.th may be set according to APDU commands”), the first request message, and/or the first response message; 
decrypting, by the first device, the encrypted value to determine the first time period (par 89, 93, 100; the time includes signature and the signature involves decryption); 
comparing, by the first device, the first time period to a second time period determined by the first device (par 85, i.e. time is compared with a time threshold), the second time period being associated with the command message (par 100: “The T.sub.th may be set according to APDU commands”), the first request message and/or the first response message; 
if the first time period and the second time period are not within a predetermined threshold, recording that the first and second time periods are not within the predetermined threshold (par 85; i.e. if time is greater, then detection of relay attack), and optionally initiating a decline of the transaction (par 85, 100; i.e. relay attack and therefore, communication between devices is refused); and 
if the first time period and the second time period are within a predetermined threshold (par 85; i.e. if time is not greater), then recording that the first and second time periods are within the predetermined threshold (par 85; i.e. if time is not greater), and optionally allowing the transaction to proceed (par 85; i.e. the check is passed, see also par 91; i.e. communication between two communication devices continue).  
As shown above, Dmytro shows the calculation of time periods that go above or below the threshold.  However, Smets explicitly teaches and supports:
if the first time period and the second time period are not within a predetermined threshold, recording that the first and second time periods are not within the predetermined threshold (par 314, fig. 18; i.e. if time is within predetermined range), and optionally initiating a decline of the transaction (fig. 18, no path; i.e. stop transaction); and 
if the first time period and the second time period are within a predetermined threshold (par 314, fig. 18; i.e. if time is within predetermined range), then recording that the first and second time periods are within the predetermined threshold (par 314, fig. 18; i.e. if time is within predetermined range), and optionally allowing the transaction to proceed (fig. 18, yes path, i.e. continue transaction).
Accordingly, it would have been obvious to one having ordinary skill in the art before the effective filing date of the invention to have implemented a calculation of time that falls within a predetermined threshold, as taught by Smets, to the invention of Dmytro.  Dmytro uses comparison of values that fall outside or inside a threshold number, which appears that the invention would perform equally well as with using a comparison of values that are within a predetermined threshold and would be deemed as completely design choice.  The motivation to do so would be in order to have a cushion of values in order to trust that a relay attack is not occurring (Smets: par 314).

Regarding claim 2, Dmytro and Smets teach:
2. The method of claim 1, wherein the first request message is a time extension request message and the first response message is a time extension response message (Dmytro: par 100; APDU requests and responses contain a setting of time to detect relay attacks), and wherein the first time period is measured from a time when the command message is received by the second device and a time when the first request message is transmitted by the second device to the first device (Dmytro:par 62-63, recording sending and receiving time), and the second time period is measured from a time when the command message is transmitted by the first device to the second device and a time when the first request message is received by the first device Dmytro: (par 64; i.e. calculating time period between the sending and receiving times recorded; see also par 85, 94 and 97).  

Regarding claim 6, Dmytro and Smets teach:
6. The method of claim 1, wherein the first device is an access device (Dmytro: i.e. terminal) and the second device is a portable device (Dmytro: i.e. NFC enabled phone; par 95).  

Regarding claim 7, Dmytro and Smets teach:
7. The method of claim 1, wherein the encrypted value contains a number of request messages that have been sent from the second device to the first device in encrypted form (Dmytro: par 86-87; values are included in the APDU messages in signed form, which encryption is needed.).  

Regarding claim 8, Dmytro and Smets teach:
8. The method of claim 1, wherein the first request message comprises an unpredictable number, and wherein the encrypted value contains the unpredictable number in encrypted form (Dmytro: par 86-87; values are included in the APDU messages in signed form, which encryption is needed.).  
Regarding claim 9, all claim limitations are set forth and rejected as it has been discussed in claim 1.  Furthermore, Dmytro teaches the additional limitations as follows:
9. A first device, the first device comprising: a processor; and a non-transitory computer readable medium, the non-transitory computer readable medium (par 118) comprising…

Regarding claim 10, all claim limitations are set forth and rejected as discussed in claim 2.

Regarding claim 14, all claim limitations are set forth and rejected as discussed in claim 6.

Regarding claim 15, Dmytro and Smets teach:
15. The first device of claim 9, wherein the first device is in the form of a terminal (Dmytro: i.e. terminal) and the second device is in the form of a card (Dmytro: i.e. contactless smartcard) (par 95).  

Regarding claim 16, all claim limitations are set forth and rejected as discussed in claim 8.

Regarding claim 17, all claim limitations are set forth and rejected as discussed in claim 1.

Regarding claim 18, all claim limitations are set forth and rejected as discussed in claim 1.

Regarding claim 19, all claim limitations are set forth and rejected as discussed in claim 2.

Regarding claim 20, Dmytro and Smets teach:
20. The method of claim 17, wherein the second device is a card (Dmytro: i.e. contactless smartcard) and the first device is an access device (Dmytro: i.e. terminal, par 95).  

Claim 3-5, 11-13 rejected under 35 U.S.C. 103 as being unpatentable over Ivanchykhin et al. (US 2015/0082427 A1, hereinafter “Dmytro”) in view of Smets et al. (US 2014/0365776 A1, hereinafter “Smets”) in further view of Official Notice.  *Examiner notes that both prior arts were provided in the IDS.

Regarding claim 3, Dmytro and Smets teach:
3. The method of claim 2, further comprising, after transmitting the first response message and before receiving the data message: receiving, by the first device, a second request message from the second device (Dmytro:par 95; i.e. special APDU request/response can be added after the usual APDU request/response); 

Examiner notes that the following claim limitations are a duplicate of claim limitations recited in claims 1-2.  These limitations redundantly send a response message containing a time period and then calculating the sending time period and the receiving time period and determining if the calculated time is within a predetermined time or not within a predetermined time in order to either complete a transaction or decline it [“generating, by the first device, a second response message; transmitting, by the first device, the second response message to the second device; and wherein the data message further comprises a third time period in encrypted form, the third time period determined by the second device and being measured from a time when the first response message is received by the second device and a time when the second request message is transmitted by the second device to the first device; and wherein the method further comprises: decrypting the encrypted third time period; comparing, by the first device, the third time period to a fourth time period determined by the first device and being measured from a time when the first response message was transmitted to the second device and a time when the second request message is received by the first device; if the third time period and the fourth time period are not within a predetermined threshold, then recording that the third time period and the fourth time period are not within the predetermined threshold, and optionally initiating a decline of the transaction; and if the third time period and the fourth time period are within a predetermined threshold, then recording that the third time period and the fourth time period are within the predetermined threshold, and optionally allowing the transaction to proceed”].
	Dmytro teaches the claimed invention in which special APDU messages are inserted and time of transmission between messages is calculated, yet Dmytro and Smets do not explicitly suggest a third and a fourth time period as Dmytro’s invention teaches a general time period.  Yet, it would have been obvious to one having ordinary skill in the art before the effective filing date of the invention to have duplicated multiple time periods and refer to it as different times (i.e. third and fourth) in order to calculate times to allow a transaction, since it has been held that mere duplication of the essential working part of a device involves only routine skill in the art.

Regarding claim 4, Dmytro and Smets teach:
4. The method of claim 3, wherein the first request message is a first time extension request message, the first response message is a first time extension response message (i.e. usual APDU request / response messages), the second request message is a second time extension request message, and the second response message is a second time extension response message (i.e. special APDU request/response messages) (Dmytro: par 97).  

Regarding claim 5, Dmytro and Smets teach: 
5. The method of claim 3, wherein the first time period and the third time period are different (Dmytro: par 98, one time period is T+10ms and other is T+50ms).  

Regarding claim 11, all claim limitations are set forth and rejected as discussed in claim 3

Regarding claim 12, all claim limitations are set forth and rejected as discussed in claim 4.

Regarding claim 13, all claim limitations are set forth and rejected as discussed in claim 5.

Conclusion
The prior art made of record and not relied upon is considered pertinent to applicant's disclosure. See PTO-892 Notice of References Cited.
Any inquiry concerning this communication or earlier communications from the examiner should be directed to LIZBETH TORRES-DIAZ whose telephone number is (571)272-1787.  The examiner can normally be reached on 9:00a-4:30p.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Farid Homayounmehr, can be reached on (571)272-3739.  The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system.  Status information for published applications may be obtained from either Private PAIR or Public PAIR.  Status information for unpublished applications is available through Private PAIR only.  For more information about the PAIR system, see http://pair-direct.uspto.gov. Should you have questions on access to the Private PAIR system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative or access to the automated information system, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.


/LIZBETH TORRES-DIAZ/Examiner, Art Unit 2495                                                                                                                                                                                                        
/15 January 2022/
/ltd/