DETAILED ACTION

Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA . 
In the event the determination of the status of the application as subject to AIA  35 U.S.C. 102 and 103 (or as subject to pre-AIA  35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status.

Information Disclosure Statement
The information disclosure statement (IDS) submitted on 10/20/2020 and 06/30/2021 is in compliance with the provisions of 37 CFR 1.97.  Accordingly, the information disclosure statement is being considered by the examiner.

Double Patenting
The nonstatutory double patenting rejection is based on a judicially created doctrine grounded in public policy (a policy reflected in the statute) so as to prevent the unjustified or improper timewise extension of the “right to exclude” granted by a patent and to prevent possible harassment by multiple assignees. A nonstatutory double patenting rejection is appropriate where the conflicting claims are not identical, but at least one examined application claim is not patentably distinct from the reference claim(s) because the examined application claim is either anticipated by, or would have been obvious over, the reference claim(s). See, e.g., In re Berg, 140 F.3d 1428, 46 USPQ2d 1226 (Fed. Cir. 1998); In re Goodman, 11 F.3d 1046, 29 USPQ2d 2010 (Fed. Cir. 1993); In re Longi, 759 F.2d 887, 225 USPQ 645 (Fed. Cir. 1985); In re Van Ornum, 686 F.2d 937, 214 USPQ 761 (CCPA 1982); In re Vogel, 422 F.2d 438, 164 USPQ 619 (CCPA 1970); In re Thorington, 418 F.2d 528, 163 USPQ 644 (CCPA 1969).
A timely filed terminal disclaimer in compliance with 37 CFR 1.321(c) or 1.321(d) may be used to overcome an actual or provisional rejection based on nonstatutory double patenting provided the reference application or patent either is shown to be commonly owned with the examined application, or claims an invention made as a result of activities undertaken within the scope of a joint research agreement. See MPEP § 717.02 for applications subject to examination under the first inventor to file provisions of the AIA  as explained in MPEP § 2159.  See MPEP §§ 706.02(l)(1) - 706.02(l)(3) for applications not subject to examination under the first inventor to file provisions of the AIA . A terminal disclaimer must be signed in compliance with 37 CFR 1.321(b). 
The USPTO Internet website contains terminal disclaimer forms which may be used. Please visit www.uspto.gov/patent/patents-forms. The filing date of the application in which the form is filed determines what form (e.g., PTO/SB/25, PTO/SB/26, PTO/AIA /25, or PTO/AIA /26) should be used. A web-based eTerminal Disclaimer may be filled out completely online using web-screens. An eTerminal Disclaimer that meets all requirements is auto-processed and approved immediately upon submission. For more information about eTerminal Disclaimers, refer to www.uspto.gov/patents/process/file/efs/guidance/eTD-info-I.jsp.

nonstatutory obviousness-type double patenting as being unpatentable over U.S. Patent No. 10,679,440 (hereinafter “PAT440”) claims 1, 9 and 17 in view of Smith et al. (Pub. No.: US 2013/02371907, hereinafter Smith) and Shoji et al. (EP 1 926 038 A1, hereinafter Shoji).
 Regarding Claim 21, the Instant Application is directed a method which correspond to PAT440 claim 9.
PAT440 teaches the following limitations (see table below):
in response to identifying the access attempt, generate a derived key, wherein the derived key is a derivative of a master key, and wherein the master key is not determined from the derived key; send the master key to an access control reader via a first communication path; and
send the derived key to the access control reader via a second communication path;
enabling the access control reader to make an access control decision based, at least in part, on determining that the master key and the derived key indicate authorization to access a protected resource.
However,  PAT440 doesn’t explicitly teach:
identify an access attempt at a primary credential device;
 wherein the first communication path flows through a secondary credential device which forwards the derived key to the access control reader.
However, in an analogous art, Smith discloses identifying an access attempt at a primary credential device (Smith - [0028]: Fig. 1, The smart card emulator 111 receives input from the radio transceiver or other applications executing in the memory of the portable wireless device 101, and requests information of the data store 115 and/or the smart card applet 113 in response to the input).
It would have been prima facie obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to modify the method of PAT440 with Smith so that an access attempt is identified which initiated an authentication process for security. 
However, the combination of PAT440 and Smith doesn’t explicitly teach but Shoji discloses: wherein the first communication path flows through a secondary credential device which forwards the Shoji -Fig. 41, IC card communication means A110 communicate to Billing information generating device via Mobile phone).
It would have been prima facie obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to modify the method of PAT440 and Smith with Shoji so that a communication path flows through an intermediate device. 

16/895,546
10,679,440


30. An access control system, comprising:

a processor;
a communication interface in communication with the processor; and
a memory storing instructions that, when executed by the processor, cause the processor to:

identify an access attempt at a primary credential device;



in response to identifying the access attempt, generate a derived key, wherein the derived key is a derivative of a master key, and wherein the master key is not determined from the derived key; send the master key to an access control reader via a first communication path; and
send the derived key to the access control reader via a second communication path, 

wherein the first communication path flows through a secondary credential device which forwards the derived key to the access control reader thereby 

enabling the access control reader to make an access control decision based, at least in part, on determining that the master key and the derived key indicate authorization to access a protected resource.

1. A reader for an access control system, comprising:
a processor;
a communication interface in communication with the processor; and
a memory for storing instructions that, when executed by the processor, cause the processor to:


authenticate a primary credential device;
authenticate a secondary credential device;

receive, after authentication of the primary credential device and the secondary credential device, a master key and a derived key via the communication interface, wherein the master key is not determined from the derived key;
verify that the derived key is derived from the master key;







determine whether the master key and the derived key indicate authorization to access a protected resource; and
make an access decision based on the 
determination of whether the master key and the derived key indicate authorization to access the protected resource.
21. method claim
9
39.
17




Claim Rejections - 35 USC § 103
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102 of this title, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains.  Patentability shall not be negated by the manner in which the invention was made.


Claims 21, 23-26, 30, 32-35 and 39 are rejected under 35 U.S.C. 103 as being unpatentable over  Shoji et al. (EP 1 926 038 A1, hereinafter Shoji) in view of Smith et al. (Pub. No.: US 2013/02371907, hereinafter Smith).
Regarding claim 21: Shoji discloses A method, comprising:
in response to identifying the access attempt, generating a derived key, wherein the derived key is a derivative of a master key and wherein the master key is not determined from the derived key (Shoji - [0222]: the ID of the user having the mobile phone A101 and the IC card A108 is encrypted with the first ID information A107 to obtain the second ID information A111);
sending the master key to an access control reader via a first communication path; and sending the derived key to the access control reader via a second communication path, wherein the first communication path flows through a secondary credential device which forwards the derived key to the access control reader (Shoji - [0232]: At step A205, the first ID information A107 and the second ID information A111 are sent to the billing information generating device A112. Fig. 41, IC card communication means A110 communicate to Billing information generating device via Mobile phone), 
thereby enabling the access control reader to make an access control decision based, at least in part, on determining that the master key and the derived key indicate authorization to access a protected resource (Shoji - [0233]: At step A206, the second ID information A111 is decrypted with the first ID information A107 to obtain the user ID information. At step A207, the user ID information obtained at step A206 and ID information of an ID information list A119 stored in the ID information storage unit A116 are verified at the authentication unit A115 to check whether the user is a valid user. [0234]: the first ID information A107 stored in the mobile phone A101 and the second ID information A111 stored in the IC card A108 can be used to perform the purchasing process for a ticket for a ride at a theme park by the user who is determined to be a valid user1). 
However Shoji doesn’t explicitly teach, but Smith discloses:
identifying an access attempt at a primary credential device (Smith - [0028]: Fig. 1, The smart card emulator 111 receives input from the radio transceiver or other applications executing in the memory of the portable wireless device 101, and requests information of the data store 115 and/or the smart card applet 113 in response to the input);
It would have been prima facie obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to modify the method of Shoji with Smith so that an access attempt is identified which initiated an authentication process for security. 
Regarding claim 23: Shoji as modified discloses wherein identifying the access attempt at the primary credential device comprises:
receiving a signal at the primary credential device, wherein the signal is transmitted by the access control reader (Smith - [0039]: signals transmitted from the smart card reader emulation device radio transceiver 121 to the portable wireless device radio transceiver 103).
Smith is combined with Shoji herein for similar obviousness reasons and motivation as stated for claim 1.
Regarding claim 24: Shoji as modified discloses wherein identifying the access attempt at the primary credential device comprises:
receiving a sensor input that correlates with proximity to the access control reader (Smith - [0064]: the strength of the portable wireless device radio transceiver 103 is at or above a set level. The smart card reader emulation device radio transceiver 121 measures the signal strength from the portable wireless device 101).
prima facie obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to modify the method of Shoji with Smith so that an access attempt is identified when a device signal strength is within the proximity range. 
Regarding claim 25: Shoji as modified discloses wherein identifying the access attempt at the primary credential device comprises:
receiving a user input at the primary credential device indicating that a user desires the primary credential device to initiate an access process with the access control reader (Smith - [0036]: the operating system 125 includes one or more commands for a user to authenticate to the operating system 125, … the operating system requires authentication to allow user to log on to the operating system).
It would have been prima facie obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to modify the method of Shoji with Smith so that an access attempt is requires user input for authentication. 
Regarding claim 26: Shoji as modified discloses wherein identifying the access attempt at the primary credential device comprises:
detecting that the primary credential device is within a predetermined proximity of the access control reader (Smith - [0066]: In block 505, if the portable wireless device 101 is within range of the smart card reader emulation device radio transceiver 121, and is also within the limit. See also [0064]); and
providing a prompt to a user of the primary credential device asking whether the user desires the primary credential device to establish communications with the access control reader (Smith - [0067]: In block 507 the operating system 125, the application software 123, and/or the radio smart card reader driver 119 may request an authentication from the portable wireless device application 109. … a username and/or password may be requested from the portable wireless device 101).
It would have been prima facie obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to modify the method of Shoji with Smith so that an access attempt is prompt user input for initiating the communication when the device is in the range. 
Regarding claims 30 and 32-35: Claims are directed to access control system claims and do not teach or further define over the limitations recited in claims 21 and 23-26. Therefore, claims 30 and 32-35 are also rejected for similar reasons set forth in claims 21 and 23-26. 
Regarding claim 39: this claim defines a primary credential device claim that corresponds to method claim 21 and does not define beyond limitations of claim 1. Therefore, claim 39 is rejected with the same rational as in the rejection of claim 21. 

Claims 22, 31 and 40 are rejected under 35 U.S.C. 103 as being unpatentable over  Shoji et al. (EP 1 926 038 A1, hereinafter Shoji) in view of Smith et al. (Pub. No.: US 2013/02371907, hereinafter Smith) and Messerman et al. (Pub. No.: US 2016/025490, hereinafter Messerman).
Regarding claims 22, 31 and 40: Shoji as modified doesn’t explicitly teach but Messerman discloses further comprising:
causing the secondary credential device to delete the derived key from memory after the secondary credential device forwards the derived key to the access control reader (Messerman - [0061]: the CA server deletes the derived key 34 from memory after it is sent in response to the key request).
It would have been prima facie obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to modify the method of Shoji and Smith with Messerman so that a derived key is deleted after transmission. The modification would have allowed the system to enhance security. 

Claims 27 and 36 are rejected under 35 U.S.C. 103 as being unpatentable over  Shoji et al. (EP 1 926 038 A1, hereinafter Shoji) in view of Smith et al. (Pub. No.: US 2013/02371907, hereinafter Smith) and Gabrielson (Patent No.: US 8.595,806).
Regarding claims 27 and 36: Shoji as modified doesn’t explicitly teach but Gabrielson discloses further comprising:
establishing a secure communication channel with the secondary credential device prior to sending the derived key to the secondary credential device, wherein the second communication path comprises the secure communication channel (Gabrielson - [Col. 8, Line 1-4]: the acquaintance device may establish an SSL or other secure communication channel with the authentication service 402 prior to receiving the acquaintance key).
It would have been prima facie obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to modify the method of Shoji and Smith with Gabrielson so that a key is transmitted after an secure channel is established. The modification would have allowed the system to enhance security. 

Claims 28-29 and 37-38 are rejected under 35 U.S.C. 103 as being unpatentable over  Shoji et al. (EP 1 926 038 A1, hereinafter Shoji) in view of Smith et al. (Pub. No.: US 2013/02371907, hereinafter Smith) and Makhotin et al. (Pub. No.: US 2013/0151400).
Regarding claims 28 and 37: Shoji as modified doesn’t explicitly teach but Makhotin discloses wherein the first communication path and the second communication path utilize a common communication protocol (Makhotin - [0042]: some interfaces may use the same general communication protocol standard or specification).
It would have been prima facie obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to modify the method of Shoji and Smith with Makhotin so that the same communication protocol is used for different entity for efficiency. 
Regarding claims 29 and 36: Shoji as modified doesn’t explicitly teach but Makhotin discloses wherein the first communication path and the second communication path utilize different communication protocols (Makhotin - [0041]: The hub modules may also be capable of securely communicating between the aforementioned entities by communicating via various interface connections (i.e., interfaces), each of which may implement a different communication protocol).
It would have been prima facie obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to modify the method of Shoji and Smith with Makhotin so that different communication protocol is used for flexibility. 

Conclusion
The prior art made of record and not relied upon is considered pertinent to applicant's disclosure.

Wurm (Pub. No.: US 2012/0170751) - Cryptographic Communication With Mobile Devices 
Any inquiry concerning this communication or earlier communications from the examiner should be directed to MENG LI whose telephone number is (571)272-8729.  The examiner can normally be reached on M-F 8:30-5:30.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s acting supervisor, Kristine Kincaid can be reached on (571) 272-4063.  The fax phone number for the organization where this application or proceeding is assigned is 571-273-8729.
Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system.  Status information for published applications may be obtained from either Private PAIR or Public PAIR.  Status information for unpublished applications is available through Private PAIR only.  For more information about the PAIR system, see http://pair-direct.uspto.gov. Should you have questions on access to the Private PAIR system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative or access to the automated information system, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.





/MENG LI/
Primary Examiner, Art Unit 2437