DETAILED ACTION
Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA . In communications filed on 02/22/2022. Claims 1, 4, 6-9, 13-14, and 23-24 are amended. Claims 1-2, and 4-25 are pending in this examination.
 In the event the determination of the status of the application as subject to AIA  35 U.S.C. 102 and 103 (or as subject to pre-AIA  35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status.   This examination is in response to US Patent Application No. 16/560,464.
Examiner Note
Applicant’s amendment to claims 6, and 8-10 obviates previously raised claims 6, and 8-10, claims objections. 
Claim Objections
Claims 9 and 14 recites” determining, by the first tag, that the second tag satisfies a proximity criterion with regard to the first tag; receiving, in the first tag and from the second tag, the first security certificate and the session token”. It is unclear for the examiner how the first tag determines the proximity since it has no information about the second tag? And also, how the second tag received the first security certificate and the session token in order to send it to the first tag? Examiner interpreted that the second tag received the first security certificate and the session token from the management broker system and the proximity limitation should follow after the first tag received the first security certificate and the session token.
Response to Argument
Applicant’s arguments with respect to the independent claims for newly added limitation have been considered but are moot because the arguments do not apply to any of the references being used in the current rejection.
Allowable Subject Matter
Claim 12 is objected and would be allowable if rewritten to overcome the claim objection set forth in this Office action.
Claim Rejections - 35 USC § 103
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102 of this title, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains.  Patentability shall not be negated by the manner in which the invention was made.


The factual inquiries set forth in Graham v. John Deere Co., 383 U.S. 1, 148 USPQ 459 (1966), that are applied for establishing a background for determining obviousness under 35 U.S.C. 103 are summarized as follows:
1. Determining the scope and contents of the prior art.
2. Ascertaining the differences between the prior art and the claims at issue.
3. Resolving the level of ordinary skill in the pertinent art.
4. Considering objective evidence present in the application indicating obviousness or nonobviousness.
Claims 1-2, 4-8, 13, and 18-23 are rejected under 35 U.S.C. 103 as being unpatentable over US Patent No. (US 2019/0058591) issued to Sharpe et al. hereinafter referred to as “Sharpe” and in view of WO2018189507 application issued to PAK YONGBEOM hereinafter referred to as “PAK”,
Regarding claim 1, Sharpe discloses receiving, in a first tag, a first security certificate for a second tag and a session token corresponding to an arrangement involving the first and second tags, the first security certificate and the session token received from an arrangement broker system, the arrangement broker system also sending, to the second tag, the session token and a second security certificate for the first tag[ ¶28, Ticket holder's device 110  ( First tag) may be any device capable of providing data directly and/or indirectly to validator 120. The data may include, for example, a digital ticket (equated to the session token) previously purchased by the ticket holder. In some embodiments, ticket holder's device 110 may be a portable device, such as a cellular phone, PDA, tablet, laptop, smart watch. Alternatively, or additionally, ticket holder's device 110 may be a dedicated device (e.g., a fob) for providing the data], and [¶34, Ticket server 130 may be any physical or virtual server capable of providing the digital ticket associated with the purchased products and/or services to ticket holder's device 110. In some embodiments, ticket server 130 may be a group of physical and/or virtual servers], and[ ¶35,  ticket server 130 may maintain records (e.g., identifiers) of digital tickets that have been used, unused, and/or voided…In some embodiments, ticket server 130 may be further capable of providing such records, or data derived from such records, to validator 120( second tag) and/or ticket holder's device 110( equated to sending the digital ticket ( session token) to the first tag and second tag)], and  [¶197-198, at an operation 1220, device 1202 (or the software provided at operation 1216) may receive configuration data from RDM server 1204… In some embodiments, the configuration data may be pushed by RDM server 1204…. the configuration data may be any data that affects operations of the software program executing on device 1202. In some embodiments, the configuration data may be pushed by RDM server 1204. In some embodiments, the configuration data may be requested by device 1202 and provided to device 1202 in response to the request… the configuration data may include one or more cryptographic keys/certificates used by device 1202. In some embodiments, the configuration data may include one or more list of entities (e.g., IP addresses of servers) that device 1202 is authorized to communicate with], and [¶31]; and 
determining, by the first tag after receiving the first security certificate and the session token from the arrangement broker system, that the second tag satisfies a proximity criterion with regard to the first tag [¶86, In some embodiments, ticket holder's device 110 may provide the digital ticket, the ticket-server signature, and the device signature in response to an input from the ticket holder. In some embodiments, ticket holder's device 110 may provide the digital ticket, the ticket-server signature, and the device signature after ticket holder's device 110 is placed near validator 120 (Proximity). In some embodiments, ticket holder's device 110 (first tag) may provide the digital ticket, the ticket-server signature, and the device signature in response to a request from validator 120(second tag). In some embodiments, ticket holder's device 110 may provide the digital ticket, the ticket-server signature, and the device signature after ticket holder's device 110 is detected by one or more beacons (e.g., Bluetooth beacons). In some embodiments, ticket holder's device 110 may provide the digital ticket, the ticket-server signature, and the device signature in response to ticket holder's device completing step 410 (i.e., obtaining the device signature)], and [¶103, in embodiments where the device data provided by ticket holder's device 110 includes a location of ticket holder's device 110, validator 120 may determine that the digital ticket is valid after determining that the current location of validator 120 is within a predetermined distance from the provided location of ticket holder's device 110 ( determining proximity). In these embodiments, validator 120 may include, or have access to, a GPS receiver for determining the current location of validator 120), and [¶29]; and
and generating, by the first tag and in response to the determination and the receipt of the first security certificate and the session token from the second tag, a first output corresponding to verification of a custodian of the second tag as a participant in the arrangement[¶175, in some embodiments, output may include instructions for an access control device 140, and access control device 140 may generate an output based on the instruction provided by token validator 630. The generated output may be indicative of whether rider 650 is permitted or denied from proceeding beyond the location of access control device 140. For example, access control device 140 may be a gate or a door. The gate or door may be electronically controlled such that the gate or door is locked when rider 650 is denied from proceeding and unlocked/turned when rider 650 is permitted to proceed. Additionally, or alternatively, access control device 140 may include a speaker that produces a sound, and the produced sound may be indicative of whether rider 650 is permitted or denied from proceeding. In some embodiments, access control device 140 may include a display monitor that displays a visual content indicative of whether rider 650 is permitted or denied from proceeding. In some embodiments, access control device 140 may include one or more light emitting devices, and access control device 140 may turn on or off one or more light emitting devices to indicate whether rider 650 is permitted or denied form proceeding], and [¶178, in one example, system 1100 may be capable of transferring a digital ticket purchased by a ticket holder and stored on ticket holder's device 110 to another device. In another example, system 1100 may be capable of transferring information needed (e.g., token identifier 612, fare type 622, dispenser context data 624, a digital ticket, a ticket-server signature, and/or a device signature) to validate a digital ticket or a digital token to a validator (e.g., ticket validator 120 or token validator 630). In yet another example, system 1100 may be capable of transferring information needed (e.g., token identifier 612 and/or cryptographic signature 614) to create, activate, and dispense a ticket or a token to a dispenser (e.g., token dispenser 620). Furthermore, system 1100 may be capable of providing real-time transit information and/or advertisements to a device operated by a rider using the audio-based communication techniques described herein], and [¶¶137, 139, 198].
receiving, in the first tag and from the second tag after receiving the first security certificate and the session token from the arrangement broker system, the first security certificate and the session token; 
Even though Sharpe discloses this limitation as: [¶66 a digital ticket may be a set of data that identifies and/or defines one or more purchased products and/or services. For example, a digital ticket (session token) may include identifiers of purchased products and/or services. In another example, a digital ticket may further include usable time periods, blackout periods, an expiration time/date, and/or a valid duration. Some of the data that may be included the digital ticket, such as an expiration time/date and a valid duration, may be determined based on the products and/or services purchased and/or based on one or more business rules, para [¶125, token dispenser 620 may generate digital token data including token identifier 612 and cryptographic signature 614 and transmit the digital token data to a device of rider 650], and  [¶197-198, at an operation 1220, device 1202 (or the software provided at operation 1216) may receive configuration data from RDM server 1204. The configuration data may be any data that affects operations of the software program executing on device 1202. In some embodiments, the configuration data may be pushed by RDM server 1204. In some embodiments, the configuration data may be requested by device 1202 and provided to device 1202 in response to the request… the configuration data may include one or more cryptographic keys/certificates used by device 1202. In some embodiments, the configuration data may include one or more list of entities (e.g., IP addresses of servers) that device 1202 is authorized to communicate with], and [¶48].
However, it does not explicitly disclose and PAK discloses as: 
[ Pages 10-11, Figure 7 is a block diagram of the system of Figure 1 showing example steps to perform an improved handshake between client device and server. Accordingly, like reference numerals refer to the same or similar elements. System 700 comprises a client device (C) 102 and a server (S) 104 and, in particular embodiments, comprises a bootstrap server (B) 106. Client device 102 may communicate with server 104 and bootstrap server 106 using any suitable communication protocol(s). Likewise, server 104 may communicate with bootstrap server 106 using any suitable communication protocol(s). Client device 102 may be provisioned with particular credentials (such as cryptographic keys and digital certificates), as part of a factory bootstrap process (e.g. during manufacture). Without these credentials, client device 102 cannot establish trust with other machines in system 700. In this example, client device 102 is provisioned with a digital certificate for the client device 102 (which comprises information about the client device's public key), also referred to herein as Cert(C), and a private key of a public-private key pair, also referred to herein as Priv(C). Client device 102 may also be provisioned with information that enables the client device 102 to locate and connect to the bootstrap server 106 the first time the client device 102 is turned on post-manufacture. For example, the client device 102 may be provisioned with an IP address and a server name indication (SNI) of bootstrap server 106, to enable the client device 102 to search for the bootstrap server 106 and connect to it when first powered-up. This information may be provisioned on client device 102 as part of a factory bootstrap, or as part of a configuration or registration process by an owner of client device 102. In embodiments, the client device 102 may be pre-provisioned with all the information it requires to locate and communicate with server 104 in addition to, or instead of, being pre-provisioned with the information required to locate bootstrap server 106.When client device 102 is powered-up in system 700, it may use the IP address and SNI of bootstrap server 106 to locate bootstrap server 106. The bootstrap server 106 comprises its own digital certificate (also referred to herein as Cert(B)). The bootstrap server 106 and client device 102 perform a TLS/DTLS handshake process to authenticate (step S702), and so that bootstrap server 106 can verify that client device 102 is permitted to join the system/network 700. The handshake process performed between the bootstrap server 106 and client device 102 involves the client device 102 providing Cert(C) to the bootstrap server 106 so that the bootstrap server can authenticate the client device 102, and involves the bootstrap server 106 providing Cert(B) to the client device 102. Once each machine has authenticated the other in this handshake process, the bootstrap server 106 may provide additional credentials (e.g. cryptographic keys and digital certificates) to client device 102 that may enable the client device 102 to communicate securely with server 104. For example, as shown in step S704, bootstrap server 106 may provide client device 102 with a private key (of a public- private key pair) for communication between the client device 102 and server 104 (shown as Priv(C-S) in Figure 7), a digital certificate for the client device 102 and server 104 (shown as Cert(C-S) in Figure 7), and a digital certificate of the server 104 (shown as Cert(S) in Figure 7). The provisioning process of step S704 is described in more detail with reference to Figure 2. The credentials are provided to client device 102 in a secure manner, i.e. in an encrypted format. The client device 102 may store these credentials in storage 102c alongside the manufacturer-provided credentials. Client device 102 may need to communicate with server 104 to, for example, provide sensed/measured data to the server 104, to access services/applications via the server 104, to receive updates, instructions/commands, or data from server 104, etc. Typically, client devices and servers establish a secure communication session by performing a TLS/DTLS handshake process to authenticate each other before exchanging messages (i .e. encrypted messages)
[Page 14, the server 104 and client device 102 use, respectively, the URI for Cert (C- S) and the fingerprint of Cert(S), for the authentication/validation process. This is described in more detail with respect to Figures 3 to 6. Once the handshake process has been successfully completed, the secure communication session is established and client device 102 and server 104 may exchange encrypted messages/data.
[Pages 30-31, in embodiments, when the secure communication session is established, the method may further comprise exchanging encrypted messages with the server. The established secure communication session may terminate when the exchanging of encrypted messages is completed, and/or after a specified time period has lapsed. The method may comprise transmitting, to the client device, a message indicating the client device has been authenticated. The method may comprise receiving, from the client device, a message indicating the server has been authenticated by the client device. In embodiments, when the secure communication session is established, the method may comprise exchanging encrypted messages with the client device. The established secure communication session may be terminated when the exchanging of encrypted messages is completed, and/or after a specified time period has lapsed.
It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to combine the teaching of Sharpe with the teaching of PAK in order to implement for improved techniques to secure communication session between devices [ PAK, pages 1-2].
Regarding claim 2, Sharpe discloses, wherein receiving the first security certificate and the session token from the second tag comprises: receiving, by the first tag and from the second tag, an encrypted communication [¶68, The ticket-server signature may be generated using ticket server's private key 135. For example, the ticket-server signature may be generated by encrypting a hash value of the digital ticket with ticket server's private key 135], and [¶41, ticket holder's device 110 may communicate with ticket server 130 using secure HTTPS connections], and [¶42, the communication between validator 120 and ticket server 130 may be encrypted. For example, validator 120 may communicate with ticket server 130 using secure HTTPS connections], and [¶¶28-29, 182-183, 186]; and 
decrypting, by the first tag, the encrypted communication using the first security certificate [¶51, A digital signature may be generated in numerous ways. In one example, a digital signature may be generated by encrypting a hash value of given data using a private key. In this example, a corresponding public key may be used to decrypt the digital signature and obtain the hash value of the original data. Thus, if the decrypted digital signature matches the hash value of the received data, it may prove that (i) the data was signed with a private key that corresponds to the public key, and (ii) the data has not changed since it was signed. However, if the decrypted digital signature does not match the hash value of the received data, the data has been altered and/or the digital signature was created with a private key that does not correspond to the public key], and [¶¶94, 185-187, 1981]; and 
and determining, by the first tag, that the encrypted communication includes the session token.  [¶94, the device signature may be verified using device's public key 117. In an example where the device signature is generated by encrypting a hash value of the digital ticket with device's private key 115, the device signature may be verified by decrypting the device signature with device's public key 117, generating a hash value of the digital ticket, and comparing the decrypted device signature with the generated hash value of the digital ticket. A match between the decrypted device signature and the generated hash value of the digital ticket may indicate that (i) the digital ticket was generated by an entity with access to device's private key 115 (i.e., ticket holder's device 110), and (ii) the digital ticket has not been altered since the device signature was generated by the entity], and [¶¶122, 136, 1391].
Regarding claim 4, Sharpe discloses, wherein a first person associated with the first tag makes the arrangement using an online interface provided by the arrangement broker system [¶31…The products and/or services may have been purchased, for example, by the ticket holder via an app on ticket holder's device 110, an e-commerce website…], and [¶¶35,65,116, 202].
Regarding claim 5, Sharpe discloses, wherein the arrangement broker system provides the first security certificate and the session token to the first tag upon the arrangement being made [¶31, As used herein, a “digital ticket” may be a set of data that identifies and/or defines one or more products and/or services that may have been purchased (or authorized to use) by the ticket holder. For example, a digital ticket may include identifiers of one or more products and/or services, usable time periods, blackout periods, an expiration time/date, and/or a valid duration. The products and/or services may have been purchased, for example, by the ticket holder via an app on ticket holder's device 110, an e-commerce website, a dedicated kiosk, and/or a salesperson at a ticket counter. After the purchase, ticket holder's device 110 may have obtained the digital ticket associated with the purchased products and/or services from ticket server 130], and [¶¶178], 185, 198].
Regarding claim 6, Sharpe does not explicitly disclose, however PAK discloses providing, by the first tag and to the arrangement broker system, the second security certificate for the first tag, wherein the arrangement broker system sends to the second tag the second security certificate that the arrangement broker system received from the first tag [ see FIG.7 and corresponding text for more detail].
Regarding claim 7, Sharpe discloses, wherein the arrangement broker system comprises a service broker system.  [¶34] Ticket server 130 may be any physical or virtual server capable of providing the digital ticket associated with the purchased products and/or services to ticket holder's device 110. In some embodiments, ticket server 130 may be a group of physical and/or virtual servers. In some embodiments, at least some functions of ticket server 130 may be implemented on a cloud platform such as Amazon Web Services, Microsoft Azure, or Google Cloud], and [¶35, in some embodiments, ticket server 130 may maintain records (e.g., identifiers) of digital tickets that have been used, unused, and/or voided. In some embodiments, ticket server 130 may maintain records (e.g., identifiers) of ticket holder's devices, pieces of software executing on ticket holder's devices, and validators that may have been compromised. In some embodiments, ticket server 130 may be further capable of providing such records, or data derived from such records, to validator 120 and/or ticket holder's device 110], and [31, 661].
Regarding claim 8, Sharpe discloses, wherein the arrangement comprises that a first person associated with the first tag makes a reservation for an online to offline( O2O )service using an online interface provided by the arrangement broker system [¶31, As used herein, a “digital ticket” may be a set of data that identifies and/or defines one or more products and/or services that may have been purchased (or authorized to use) by the ticket holder. For example, a digital ticket may include identifiers of one or more products and/or services, usable time periods, blackout periods, an expiration time/date, and/or a valid duration. The products and/or services may have been purchased, for example, by the ticket holder via an app on ticket holder's device 110, an e-commerce website, a dedicated kiosk, and/or a salesperson at a ticket counter. After the purchase, ticket holder's device 110 may have obtained the digital ticket associated with the purchased products and/or services from ticket server 130], and, and [0065] In some embodiments, ticket server 130 may obtain the digital ticket in response to receiving an indication that a purchase process for one or more products or services has been completed, for example, by a ticket holder. As discussed above, a ticket holder may complete a purchase process using an app or a web browser executing on ticket holder's device 110 or via a kiosk. Alternatively, a ticket holder may complete an offline purchase process through a salesperson. The purchase process may include obtaining a selection(s) of product(s)/service(s), payment information, and/or personal information of the ticket holder], and [¶¶104, 162, 200, 217-218].
Regarding claim 13, Sharpe discloses, further comprising, providing, by the first tag and after receiving the first security certificate and the session token, the session token to the arrangement broker system [¶143, In some embodiments, token validator 630 and/or server 610 may validate physical token 625 by verifying that physical token 625 is not being used fraudulently. In one example, physical token 625 may be configured (e.g., by token dispenser 620) to provide the dispense time and/or location to token validator 630, and token validator 630 and/or server 610 may determine whether the provided dispense time and/or location are reasonable in view of the current time and location of token validator 630 (e.g., determine whether the speed at which rider 650 would need to have traveled from the dispense location to the location of token validator 630 is reasonable or theoretically possible). In another example, token validator 630 and/or server 610 may determine whether physical token 625 was validated at the same token validator 630 and/or another validator in the last two hours. In this example, token validator 630 may prevent fraudulent use of physical token 625 involving one rider passing physical token 625 to another rider to reuse physical token 625], and [¶¶198, 202, 211].
Regarding claim 18, Sharpe discloses, further comprising generating, by the first tag, a communication to the second tag that confirms the arrangement.  [¶68, the ticket-server signature may be generated using ticket server's private key 135. For example, the ticket-server signature may be generated by encrypting a hash value of the digital ticket with ticket server's private key 135], and [¶41, ticket holder's device 110 may communicate with ticket server 130 using secure HTTPS connections], and [¶42, the communication between validator 120 and ticket server 130 may be encrypted. For example, validator 120 may communicate with ticket server 130 using secure HTTPS connections], and [¶¶28-29, 182-183, 185-186, 193].
Regarding claim 19, Sharpe discloses, wherein the session token includes a secured, single-use, digitally signed token [¶70, Accordingly, any entity that has access to the digital ticket, the ticket-server signature, and ticket server's public key 137 (e.g., validator 120) may determine: (i) whether the digital ticket has been indeed signed by ticket server 130, and (ii) whether the digital ticket has not been altered since it was signed by ticket server 130. Thus, such an entity may detect digital tickets that have been generated and/or altered by an unauthorized entity], and [¶¶50, 52, 95].
Regarding claim 20, Sharpe discloses, wherein the arrangement includes that a second person associated with the second tag is to enter premises of a first person, a lock to the premises associated with the first tag [¶40, in some embodiments, access control device 140 may be a gate or a door, which may be electronically controlled such that the gate/door is locked when a person is denied from proceeding and unlocked/turned when the person is permitted to proceed. Additionally, or alternatively, access control device 140 may include a speaker that produces sound, and the produced sound may be indicative of whether a person is permitted or denied from proceeding. In some embodiments, access control device 140 may include a display monitor that displays a visual content indicative of whether a person is permitted or denied from proceeding. In some embodiments, access control device 140 may include one or more light emitting devices, and access control device 140 may turn on or off one or more of the lights emitting devices to indicate whether the rider is permitted or denied form proceeding], and [¶¶ 110, 175, 205].
Regarding claim 21, Sharpe discloses, further comprising a pre-authorization process comprising: the first security certificate being received by a device carried by the first person; and the first tag receiving the first security certificate from the device [¶¶31.139, 175, 198-203].
Regarding claim 22, Sharpe discloses, wherein receipt of the first security certificate by the device occurs in a first context when the device does not have online access, and wherein receipt of the first security certificate by the first tag occurs in a second context when the device does have the online access [¶¶124-126, 198, 217-218].
Regarding claim 23, this claim is interpreted and rejected for the same rational set forth in claim 1.

Claims 9-11 are rejected under 35 U.S.C. 103 as being unpatentable over US Patent No. (US 2019/0058591) issued to Sharpe et al. hereinafter referred to as “Sharpe” and in view of CN106530412A application issued to BIN C. hereinafter referred to as “BIN”,
Regarding claim 9, Sharpe discloses a method comprising: receiving, in a first tag, a first security certificate for a second tag and a session token corresponding to an arrangement involving the first and second tags, wherein the first security certificate is received from an arrangement broker system, wherein the arrangement broker system comprises a service broker system[ ¶28, Ticket holder's device 110  ( First tag) may be any device capable of providing data directly and/or indirectly to validator 120. The data may include, for example, a digital ticket (equated to the session token) previously purchased by the ticket holder. In some embodiments, ticket holder's device 110 may be a portable device, such as a cellular phone, PDA, tablet, laptop, smart watch. Alternatively, or additionally, ticket holder's device 110 may be a dedicated device (e.g., a fob) for providing the data], and [¶34, Ticket server 130 may be any physical or virtual server capable of providing the digital ticket associated with the purchased products and/or services to ticket holder's device 110. In some embodiments, ticket server 130 may be a group of physical and/or virtual servers], and[ ¶35,  ticket server 130 may maintain records (e.g., identifiers) of digital tickets that have been used, unused, and/or voided…In some embodiments, ticket server 130 may be further capable of providing such records, or data derived from such records, to validator 120( second tag) and/or ticket holder's device 110( equated to sending the digital ticket ( session token) to the first tag and second tag)], and  [¶197-198, at an operation 1220, device 1202 (or the software provided at operation 1216) may receive configuration data from RDM server 1204… In some embodiments, the configuration data may be pushed by RDM server 1204…. the configuration data may be any data that affects operations of the software program executing on device 1202. In some embodiments, the configuration data may be pushed by RDM server 1204. In some embodiments, the configuration data may be requested by device 1202 and provided to device 1202 in response to the request… the configuration data may include one or more cryptographic keys/certificates used by device 1202. In some embodiments, the configuration data may include one or more list of entities (e.g., IP addresses of servers) that device 1202 is authorized to communicate with], and [¶31]; and
wherein the arrangement comprises that a first person associated with the first tag makes a reservation for an online to offline (O2O) service using an online interface provided by the arrangement broker system [¶31, As used herein, a “digital ticket” may be a set of data that identifies and/or defines one or more products and/or services that may have been purchased (or authorized to use) by the ticket holder. For example, a digital ticket may include identifiers of one or more products and/or services, usable time periods, blackout periods, an expiration time/date, and/or a valid duration. The products and/or services may have been purchased, for example, by the ticket holder via an app on ticket holder's device 110, an e-commerce website, a dedicated kiosk, and/or a salesperson at a ticket counter. After the purchase, ticket holder's device 110 may have obtained the digital ticket associated with the purchased products and/or services from ticket server 130], and, and [0065] In some embodiments, ticket server 130 may obtain the digital ticket in response to receiving an indication that a purchase process for one or more products or services has been completed, for example, by a ticket holder. As discussed above, a ticket holder may complete a purchase process using an app or a web browser executing on ticket holder's device 110 or via a kiosk. Alternatively, a ticket holder may complete an offline purchase process through a salesperson. The purchase process may include obtaining a selection(s) of product(s)/service(s), payment information, and/or personal information of the ticket holder], and [¶¶104, 162, 200, 217-218]’ and 
determining, by the first tag, that the second tag satisfies a proximity criterion with regard to the first tag; receiving, in the first tag and from the second tag, the first security certificate and the session token [¶86, In some embodiments, ticket holder's device 110 may provide the digital ticket, the ticket-server signature, and the device signature in response to an input from the ticket holder. In some embodiments, ticket holder's device 110 may provide the digital ticket, the ticket-server signature, and the device signature after ticket holder's device 110 is placed near validator 120 (Proximity). In some embodiments, ticket holder's device 110 (first tag) may provide the digital ticket, the ticket-server signature, and the device signature in response to a request from validator 120(second tag). In some embodiments, ticket holder's device 110 may provide the digital ticket, the ticket-server signature, and the device signature after ticket holder's device 110 is detected by one or more beacons (e.g., Bluetooth beacons). In some embodiments, ticket holder's device 110 may provide the digital ticket, the ticket-server signature, and the device signature in response to ticket holder's device completing step 410 (i.e., obtaining the device signature)], and [¶103, in embodiments where the device data provided by ticket holder's device 110 includes a location of ticket holder's device 110, validator 120 may determine that the digital ticket is valid after determining that the current location of validator 120 is within a predetermined distance from the provided location of ticket holder's device 110 ( determining proximity). In these embodiments, validator 120 may include, or have access to, a GPS receiver for determining the current location of validator 120), and [¶29]; and
and generating, by the first tag and in response to the determination and the receipt of the first security certificate and the session token, a first output corresponding to verification of a custodian of the second tag as a participant in the arrangement [¶175, in some embodiments, output may include instructions for an access control device 140, and access control device 140 may generate an output based on the instruction provided by token validator 630. The generated output may be indicative of whether rider 650 is permitted or denied from proceeding beyond the location of access control device 140. For example, access control device 140 may be a gate or a door. The gate or door may be electronically controlled such that the gate or door is locked when rider 650 is denied from proceeding and unlocked/turned when rider 650 is permitted to proceed. Additionally, or alternatively, access control device 140 may include a speaker that produces a sound, and the produced sound may be indicative of whether rider 650 is permitted or denied from proceeding. In some embodiments, access control device 140 may include a display monitor that displays a visual content indicative of whether rider 650 is permitted or denied from proceeding. In some embodiments, access control device 140 may include one or more light emitting devices, and access control device 140 may turn on or off one or more light emitting devices to indicate whether rider 650 is permitted or denied form proceeding], and [0178] In one example, system 1100 may be capable of transferring a digital ticket purchased by a ticket holder and stored on ticket holder's device 110 to another device. In another example, system 1100 may be capable of transferring information needed (e.g., token identifier 612, fare type 622, dispenser context data 624, a digital ticket, a ticket-server signature, and/or a device signature) to validate a digital ticket or a digital token to a validator (e.g., ticket validator 120 or token validator 630). In yet another example, system 1100 may be capable of transferring information needed (e.g., token identifier 612 and/or cryptographic signature 614) to create, activate, and dispense a ticket or a token to a dispenser (e.g., token dispenser 620). Furthermore, system 1100 may be capable of providing real-time transit information and/or advertisements to a device operated by a rider using the audio-based communication techniques described herein], and [¶¶137,139,198].
wherein the O2O service includes a rideshare arrangement where a second person associated with the second tag is to use a vehicle to transport the first person[¶162,  Token validator 630 may be located, for example, at an entrance or an exit of a transit station (e.g., an airport, a train/subway station, a bus station for one or more buses), a transit platform (e.g., an airport gate, train/subway platform, a bus stop within a bus station), or a transit vehicle (e.g., train/subway, bus, taxi, ride-share vehicle, airplane)].
Even though Sharpe discloses makes a reservation for an online to offline (O2O) service, however does not explicitly disclose and BIN discloses [ Technical field, The present invention relates to the field of embedded applications and mobile internet applications, and in particular to an electronic ticket verification system, comprising: a ticket management server, a ticket verification device, a ticket reservation terminal and an access control device.], and [ Background of the invention, After consumers purchase tickets online or offline, the electronic ticket system automatically (or manually ) sends a two-dimensional code electronic ticket to the consumer mobile phone ], and [, and the ticket reservation end automatically generates and displays Electronic tickets corresponding to the two-dimensional code.].
It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to combine the teaching of Sharpe with the teaching of BIN in order to implement a ticket purchasing/verification system which comprises a ticket management server, a ticket verification device, a ticket reservation terminal to purchase a ticket by offline or online [ BIN, technical field and background of the invention].
Regarding claim 10,  Sharpe discloses  further comprising determining, by the first tag and after generating the first output, that the second tag no longer satisfies the proximityAmendment and Response Under 37 CFR § 1.111Page 7 Serial No.: 16/560,464Docket No.: 0229-006001 Filing Date: 9/4/2019 criterion with regard to the first tag without the O2O service being complete, and in response generating a second output.  [¶29, in some embodiments, ticket holder's device 110 may provide the data (e.g., a digital ticket) by transmitting the data using a transmitter. For example, ticket holder's device 110 may transmit the data using a transmitter that may be included in, or accessible to, ticket holder's device 110 to a receiver that may be included in, and/or accessible to, validator 120. The transmitter of ticket holder's device 110 and the receiver of validator 120 may be based on, for example, Wi-Fi, Bluetooth, near-field communication (NFC), infrared, and/or audio-based contactless communication technologies. Examiner Note: It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to indicate that if the proximity is not stratified, then the communication session will not occur and the ticket holding device could not be able to transmit any data.
Regarding claim 11, Sharpe discloses further comprising verifying, by the first tag, a passenger that is in the vehicle when the first security certificate and the session token are received [0175] In some embodiments, output may include instructions for an access control device 140, and access control device 140 may generate an output based on the instruction provided by token validator 630. The generated output may be indicative of whether rider 650 is permitted or denied from proceeding beyond the location of access control device 140. For example, access control device 140 may be a gate or a door. The gate or door may be electronically controlled such that the gate or door is locked when rider 650 is denied from proceeding and unlocked/turned when rider 650 is permitted to proceed. Additionally, or alternatively, access control device 140 may include a speaker that produces a sound, and the produced sound may be indicative of whether rider 650 is permitted or denied from proceeding. In some embodiments, access control device 140 may include a display monitor that displays a visual content indicative of whether rider 650 is permitted or denied from proceeding. In some embodiments, access control device 140 may include one or more light emitting devices, and access control device 140 may turn on or off one or more light emitting devices to indicate whether rider 650 is permitted or denied form proceeding], and [0178] In one example, system 1100 may be capable of transferring a digital ticket purchased by a ticket holder and stored on ticket holder's device 110 to another device. In another example, system 1100 may be capable of transferring information needed (e.g., token identifier 612, fare type 622, dispenser context data 624, a digital ticket, a ticket-server signature, and/or a device signature) to validate a digital ticket or a digital token to a validator (e.g., ticket validator 120 or token validator 630). In yet another example, system 1100 may be capable of transferring information needed (e.g., token identifier 612 and/or cryptographic signature 614) to create, activate, and dispense a ticket or a token to a dispenser (e.g., token dispenser 620). Furthermore, system 1100 may be capable of providing real-time transit information and/or advertisements to a device operated by a rider using the audio-based communication techniques described herein], and [¶¶137,139,198].


Claims 14-17 are rejected under 35 U.S.C. 103 as being unpatentable over US Patent No. (US 2019/0058591) issued to Sharpe et al. hereinafter referred to as “Sharpe” and in view of WO2018189507 application issued to PAK YONGBEOM hereinafter referred to as “PAK” and further and in view of US2020/0027183 application issued to Guttridge.
Regarding claim 14, Sharpe discloses a method comprising: receiving, in a first tag, a first security certificate for a second tag and a session token corresponding to an arrangement involving the first and second tags, wherein the first security certificate is received from an arrangement broker system [ ¶28, Ticket holder's device 110 (First tag) may be any device capable of providing data directly and/or indirectly to validator 120. The data may include, for example, a digital ticket (equated to the session token) previously purchased by the ticket holder. In some embodiments, ticket holder's device 110 may be a portable device, such as a cellular phone, PDA, tablet, laptop, smart watch. Alternatively, or additionally, ticket holder's device 110 may be a dedicated device (e.g., a fob) for providing the data], and [¶34, Ticket server 130 may be any physical or virtual server capable of providing the digital ticket associated with the purchased products and/or services to ticket holder's device 110. In some embodiments, ticket server 130 may be a group of physical and/or virtual servers], and[ ¶35,  ticket server 130 may maintain records (e.g., identifiers) of digital tickets that have been used, unused, and/or voided…In some embodiments, ticket server 130 may be further capable of providing such records, or data derived from such records, to validator 120( second tag) and/or ticket holder's device 110( equated to sending the digital ticket ( session token) to the first tag and second tag)], and  [¶197-198, at an operation 1220, device 1202 (or the software provided at operation 1216) may receive configuration data from RDM server 1204… In some embodiments, the configuration data may be pushed by RDM server 1204…. the configuration data may be any data that affects operations of the software program executing on device 1202. In some embodiments, the configuration data may be pushed by RDM server 1204. In some embodiments, the configuration data may be requested by device 1202 and provided to device 1202 in response to the request… the configuration data may include one or more cryptographic keys/certificates used by device 1202. In some embodiments, the configuration data may include one or more list of entities (e.g., IP addresses of servers) that device 1202 is authorized to communicate with], and [¶31]; and
determining, by the first tag, that the second tag satisfies a proximity criterion with regard to the first tag [¶86, In some embodiments, ticket holder's device 110 may provide the digital ticket, the ticket-server signature, and the device signature in response to an input from the ticket holder. In some embodiments, ticket holder's device 110 may provide the digital ticket, the ticket-server signature, and the device signature after ticket holder's device 110 is placed near validator 120 (Proximity). In some embodiments, ticket holder's device 110 (first tag) may provide the digital ticket, the ticket-server signature, and the device signature in response to a request from validator 120(second tag). In some embodiments, ticket holder's device 110 may provide the digital ticket, the ticket-server signature, and the device signature after ticket holder's device 110 is detected by one or more beacons (e.g., Bluetooth beacons). In some embodiments, ticket holder's device 110 may provide the digital ticket, the ticket-server signature, and the device signature in response to ticket holder's device completing step 410 (i.e., obtaining the device signature)], and [¶103, in embodiments where the device data provided by ticket holder's device 110 includes a location of ticket holder's device 110, validator 120 may determine that the digital ticket is valid after determining that the current location of validator 120 is within a predetermined distance from the provided location of ticket holder's device 110 ( determining proximity). In these embodiments, validator 120 may include, or have access to, a GPS receiver for determining the current location of validator 120), and [¶29]; and
and generating, by the first tag and in response to the determination and the receipt of the first security certificate and the session token, a first output corresponding to verification of a custodian of the second tag as a participant in the arrangement [¶175, in some embodiments, output may include instructions for an access control device 140, and access control device 140 may generate an output based on the instruction provided by token validator 630. The generated output may be indicative of whether rider 650 is permitted or denied from proceeding beyond the location of access control device 140. For example, access control device 140 may be a gate or a door. The gate or door may be electronically controlled such that the gate or door is locked when rider 650 is denied from proceeding and unlocked/turned when rider 650 is permitted to proceed. Additionally, or alternatively, access control device 140 may include a speaker that produces a sound, and the produced sound may be indicative of whether rider 650 is permitted or denied from proceeding. In some embodiments, access control device 140 may include a display monitor that displays a visual content indicative of whether rider 650 is permitted or denied from proceeding. In some embodiments, access control device 140 may include one or more light emitting devices, and access control device 140 may turn on or off one or more light emitting devices to indicate whether rider 650 is permitted or denied form proceeding], and [0178] In one example, system 1100 may be capable of transferring a digital ticket purchased by a ticket holder and stored on ticket holder's device 110 to another device. In another example, system 1100 may be capable of transferring information needed (e.g., token identifier 612, fare type 622, dispenser context data 624, a digital ticket, a ticket-server signature, and/or a device signature) to validate a digital ticket or a digital token to a validator (e.g., ticket validator 120 or token validator 630). In yet another example, system 1100 may be capable of transferring information needed (e.g., token identifier 612 and/or cryptographic signature 614) to create, activate, and dispense a ticket or a token to a dispenser (e.g., token dispenser 620). Furthermore, system 1100 may be capable of providing real-time transit information and/or advertisements to a device operated by a rider using the audio-based communication techniques described herein], and [¶¶137,139, 198].
receiving, in the first tag and from the second tag, the first security certificate and the session token
Even though Sharpe discloses this limitation as: [¶66 a digital ticket may be a set of data that identifies and/or defines one or more purchased products and/or services. For example, a digital ticket (session token) may include identifiers of purchased products and/or services. In another example, a digital ticket may further include usable time periods, blackout periods, an expiration time/date, and/or a valid duration. Some of the data that may be included the digital ticket, such as an expiration time/date and a valid duration, may be determined based on the products and/or services purchased and/or based on one or more business rules, para [¶125, token dispenser 620 may generate digital token data including token identifier 612 and cryptographic signature 614 and transmit the digital token data to a device of rider 650], and  [¶197-198, at an operation 1220, device 1202 (or the software provided at operation 1216) may receive configuration data from RDM server 1204. The configuration data may be any data that affects operations of the software program executing on device 1202. In some embodiments, the configuration data may be pushed by RDM server 1204. In some embodiments, the configuration data may be requested by device 1202 and provided to device 1202 in response to the request… the configuration data may include one or more cryptographic keys/certificates used by device 1202. In some embodiments, the configuration data may include one or more list of entities (e.g., IP addresses of servers) that device 1202 is authorized to communicate with], and [¶48].
However, it does not explicitly disclose and PAK discloses as: 
[ Pages 10-11, Figure 7 is a block diagram of the system of Figure 1 showing example steps to perform an improved handshake between client device and server. Accordingly, like reference numerals refer to the same or similar elements. System 700 comprises a client device (C) 102 and a server (S) 104 and, in particular embodiments, comprises a bootstrap server (B) 106. Client device 102 may communicate with server 104 and bootstrap server 106 using any suitable communication protocol(s). Likewise, server 104 may communicate with bootstrap server 106 using any suitable communication protocol(s). Client device 102 may be provisioned with particular credentials (such as cryptographic keys and digital certificates), as part of a factory bootstrap process (e.g. during manufacture). Without these credentials, client device 102 cannot establish trust with other machines in system 700. In this example, client device 102 is provisioned with a digital certificate for the client device 102 (which comprises information about the client device's public key), also referred to herein as Cert(C), and a private key of a public-private key pair, also referred to herein as Priv(C). Client device 102 may also be provisioned with information that enables the client device 102 to locate and connect to the bootstrap server 106 the first time the client device 102 is turned on post-manufacture. For example, the client device 102 may be provisioned with an IP address and a server name indication (SNI) of bootstrap server 106, to enable the client device 102 to search for the bootstrap server 106 and connect to it when first powered-up. This information may be provisioned on client device 102 as part of a factory bootstrap, or as part of a configuration or registration process by an owner of client device 102. In embodiments, the client device 102 may be pre-provisioned with all the information it requires to locate and communicate with server 104 in addition to, or instead of, being pre-provisioned with the information required to locate bootstrap server 106.When client device 102 is powered-up in system 700, it may use the IP address and SNI of bootstrap server 106 to locate bootstrap server 106. The bootstrap server 106 comprises its own digital certificate (also referred to herein as Cert(B)). The bootstrap server 106 and client device 102 perform a TLS/DTLS handshake process to authenticate (step S702), and so that bootstrap server 106 can verify that client device 102 is permitted to join the system/network 700. The handshake process performed between the bootstrap server 106 and client device 102 involves the client device 102 providing Cert(C) to the bootstrap server 106 so that the bootstrap server can authenticate the client device 102, and involves the bootstrap server 106 providing Cert(B) to the client device 102. Once each machine has authenticated the other in this handshake process, the bootstrap server 106 may provide additional credentials (e.g. cryptographic keys and digital certificates) to client device 102 that may enable the client device 102 to communicate securely with server 104. For example, as shown in step S704, bootstrap server 106 may provide client device 102 with a private key (of a public- private key pair) for communication between the client device 102 and server 104 (shown as Priv(C-S) in Figure 7), a digital certificate for the client device 102 and server 104 (shown as Cert(C-S) in Figure 7), and a digital certificate of the server 104 (shown as Cert(S) in Figure 7). The provisioning process of step S704 is described in more detail with reference to Figure 2. The credentials are provided to client device 102 in a secure manner, i.e. in an encrypted format. The client device 102 may store these credentials in storage 102c alongside the manufacturer-provided credentials. Client device 102 may need to communicate with server 104 to, for example, provide sensed/measured data to the server 104, to access services/applications via the server 104, to receive updates, instructions/commands, or data from server 104, etc. Typically, client devices and servers establish a secure communication session by performing a TLS/DTLS handshake process to authenticate each other before exchanging messages (i .e. encrypted messages)
[Page 14, the server 104 and client device 102 use, respectively, the URI for Cert (C- S) and the fingerprint of Cert(S), for the authentication/validation process. This is described in more detail with respect to Figures 3 to 6. Once the handshake process has been successfully completed, the secure communication session is established and client device 102 and server 104 may exchange encrypted messages/data.
[Pages 30-31, in embodiments, when the secure communication session is established, the method may further comprise exchanging encrypted messages with the server. The established secure communication session may terminate when the exchanging of encrypted messages is completed, and/or after a specified time period has lapsed. The method may comprise transmitting, to the client device, a message indicating the client device has been authenticated. The method may comprise receiving, from the client device, a message indicating the server has been authenticated by the client device. In embodiments, when the secure communication session is established, the method may comprise exchanging encrypted messages with the client device. The established secure communication session may be terminated when the exchanging of encrypted messages is completed, and/or after a specified time period has lapsed.
It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to combine the teaching of Sharpe with the teaching of PAK in order to implement for improved techniques to secure communication session between devices [ PAK, pages 1-2].
Sharpe and PAK do not explicitly disclose, however, Guttridge discloses:
wherein a multifactor authentication is performed, the multifactor authentication comprising: receiving, by the first tag and in association with the arrangement being made, a first authentication token from the arrangement broker system; Amendment and Response Under 37 CFR § 1.111Page 8 receiving, by the first tag and in association with receiving the first security certificate and the session token, a second authentication token from a third tag; and determining, by the first tag, a correspondence between the first authentication token and the second authentication tokenSerial No.: 16/560,464Docket No.: 0229-006001[¶50, with reference to FIG. 2, the network computer system 100 can determine an identifier of a token that is uniquely associated with a vehicle (e.g., vehicle 50) (200). For example, the network computer system 100 can identify the blockchain token 20 in response to an owner entity 32 making a vehicle intake request (VR) 151. For example, in the context of autonomous vehicles, an owner entity 32 can make the vehicle 50 available for use with a network transport service when the autonomous capable vehicle 50 is not in use. As described with an example of FIG. 1, the vehicle intake subsystem 120 can determine a public identifier of blockchain token 20. In examples, the owner entity 32 can associate the vehicle 50 with the blockchain token 20, by, for example, creating a transaction record that specifies the vehicle identification number (VIN) of the vehicle 50 using the blockchain token 20], and [0053] In scenarios provided for by examples, a user of requester device 104 makes a transport request of the network computer system 100, and the network computer system 100 selects an autonomous vehicle (e.g., vehicle 50 that has autonomous capabilities) for the user. Examples recognize that the user may want assurance that the arriving autonomous vehicle is safe to ride and is capable of autonomous driving to a destination specified by the transport request], and [0054] FIG. 3A illustrates an example user interface (UI) executing on a service application of a requester device to provide information related to a vehicle that is selected to provide transport for a user. For example, FIG. 3A includes user interface 300 that be provided by a service application (e.g., service application 105) running on a requester device (e.g., requester device 104). User interface 300 can include various information panels, such as a photograph panel 302 that depicts a picture of the assigned vehicle, as well as a name (e.g., first name) or other identifiers 304 of the owner entity 32, and one or more visible vehicle identifiers 312 (e.g., license plate number, color, make, model) of the assigned vehicle].
It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to combine the teaching of Sharpe, PAK with the teaching of Guttridge in order to implement a system which utilizes the identifier of a token which uniquely associated with a vehicle [ Guttridge, Abstract].
Regarding claim 15, wherein the arrangement involves a rideshare service in which the third tag is carried by a vehicle.  
Even though Sharpe discloses this limitation as: 
[¶175, in some embodiments, output may include instructions for an access control device 140, and access control device 140 may generate an output based on the instruction provided by token validator 630. The generated output may be indicative of whether rider 650 is permitted or denied from proceeding beyond the location of access control device 140. For example, access control device 140 may be a gate or a door. The gate or door may be electronically controlled such that the gate or door is locked when rider 650 is denied from proceeding and unlocked/turned when rider 650 is permitted to proceed. Additionally, or alternatively, access control device 140 may include a speaker that produces a sound, and the produced sound may be indicative of whether rider 650 is permitted or denied from proceeding. In some embodiments, access control device 140 may include a display monitor that displays a visual content indicative of whether rider 650 is permitted or denied from proceeding. In some embodiments, access control device 140 may include one or more light emitting devices, and access control device 140 may turn on or off one or more light emitting devices to indicate whether rider 650 is permitted or denied form proceeding], and [0178] In one example, system 1100 may be capable of transferring a digital ticket purchased by a ticket holder and stored on ticket holder's device 110 to another device. In another example, system 1100 may be capable of transferring information needed (e.g., token identifier 612, fare type 622, dispenser context data 624, a digital ticket, a ticket-server signature, and/or a device signature) to validate a digital ticket or a digital token to a validator (e.g., ticket validator 120 or token validator 630). In yet another example, system 1100 may be capable of transferring information needed (e.g., token identifier 612 and/or cryptographic signature 614) to create, activate, and dispense a ticket or a token to a dispenser (e.g., token dispenser 620). Furthermore, system 1100 may be capable of providing real-time transit information and/or advertisements to a device operated by a rider using the audio-based communication techniques described herein], and [¶¶137,139,198].
Furthermore, Guttridge discloses [¶50, With reference to FIG. 2, the network computer system 100 can determine an identifier of a token that is uniquely associated with a vehicle (e.g., vehicle 50) (200). For example, the network computer system 100 can identify the blockchain token 20 in response to an owner entity 32 making a vehicle intake request (VR) 151. For example, in the context of autonomous vehicles, an owner entity 32 can make the vehicle 50 available for use with a network transport service when the autonomous capable vehicle 50 is not in use. As described with an example of FIG. 1, the vehicle intake subsystem 120 can determine a public identifier of blockchain token 20. In examples, the owner entity 32 can associate the vehicle 50 with the blockchain token 20, by, for example, creating a transaction record that specifies the vehicle identification number (VIN) of the vehicle 50 using the blockchain token 20], and [0053] In scenarios provided for by examples, a user of requester device 104 makes a transport request of the network computer system 100, and the network computer system 100 selects an autonomous vehicle (e.g., vehicle 50 that has autonomous capabilities) for the user. Examples recognize that the user may want assurance that the arriving autonomous vehicle is safe to ride and is capable of autonomous driving to a destination specified by the transport request], and [0054] FIG. 3A illustrates an example user interface (UI) executing on a service application of a requester device to provide information related to a vehicle that is selected to provide transport for a user. For example, FIG. 3A includes user interface 300 that be provided by a service application (e.g., service application 105) running on a requester device (e.g., requester device 104). User interface 300 can include various information panels, such as a photograph panel 302 that depicts a picture of the assigned vehicle, as well as a name (e.g., first name) or other identifiers 304 of the owner entity 32, and one or more visible vehicle identifiers 312 (e.g., license plate number, color, make, model) of the assigned vehicle].
Regarding claim 16, Sharpe does not disclose, however, Guttridge discloses, wherein the second authentication token is native to the vehicle.  [0050] With reference to FIG. 2, the network computer system 100 can determine an identifier of a token that is uniquely associated with a vehicle (e.g., vehicle 50) (200). For example, the network computer system 100 can identify the blockchain token 20 in response to an owner entity 32 making a vehicle intake request (VR) 151. For example, in the context of autonomous vehicles, an owner entity 32 can make the vehicle 50 available for use with a network transport service when the autonomous capable vehicle 50 is not in use. As described with an example of FIG. 1, the vehicle intake subsystem 120 can determine a public identifier of blockchain token 20. In examples, the owner entity 32 can associate the vehicle 50 with the blockchain token 20, by, for example, creating a transaction record that specifies the vehicle identification number (VIN) of the vehicle 50 using the blockchain token 20], and [0053] In scenarios provided for by examples, a user of requester device 104 makes a transport request of the network computer system 100, and the network computer system 100 selects an autonomous vehicle (e.g., vehicle 50 that has autonomous capabilities) for the user. Examples recognize that the user may want assurance that the arriving autonomous vehicle is safe to ride and is capable of autonomous driving to a destination specified by the transport request], and [0054] FIG. 3A illustrates an example user interface (UI) executing on a service application of a requester device to provide information related to a vehicle that is selected to provide transport for a user. For example, FIG. 3A includes user interface 300 that be provided by a service application (e.g., service application 105) running on a requester device (e.g., requester device 104). User interface 300 can include various information panels, such as a photograph panel 302 that depicts a picture of the assigned vehicle, as well as a name (e.g., first name) or other identifiers 304 of the owner entity 32, and one or more visible vehicle identifiers 312 (e.g., license plate number, color, make, model) of the assigned vehicle].
Regarding claim 17, Sharpe does not disclose, however, Guttridge discloses, wherein the second authentication token is specific to the rideshare service and was provided to the vehicle by the arrangement broker system [¶50, With reference to FIG. 2, the network computer system 100 can determine an identifier of a token that is uniquely associated with a vehicle (e.g., vehicle 50) (200). For example, the network computer system 100 can identify the blockchain token 20 in response to an owner entity 32 making a vehicle intake request (VR) 151. For example, in the context of autonomous vehicles, an owner entity 32 can make the vehicle 50 available for use with a network transport service when the autonomous capable vehicle 50 is not in use. As described with an example of FIG. 1, the vehicle intake subsystem 120 can determine a public identifier of blockchain token 20. In examples, the owner entity 32 can associate the vehicle 50 with the blockchain token 20, by, for example, creating a transaction record that specifies the vehicle identification number (VIN) of the vehicle 50 using the blockchain token 20], and [0053] In scenarios provided for by examples, a user of requester device 104 makes a transport request of the network computer system 100, and the network computer system 100 selects an autonomous vehicle (e.g., vehicle 50 that has autonomous capabilities) for the user. Examples recognize that the user may want assurance that the arriving autonomous vehicle is safe to ride and is capable of autonomous driving to a destination specified by the transport request], and [0054] FIG. 3A illustrates an example user interface (UI) executing on a service application of a requester device to provide information related to a vehicle that is selected to provide transport for a user. For example, FIG. 3A includes user interface 300 that be provided by a service application (e.g., service application 105) running on a requester device (e.g., requester device 104). User interface 300 can include various information panels, such as a photograph panel 302 that depicts a picture of the assigned vehicle, as well as a name (e.g., first name) or other identifiers 304 of the owner entity 32, and one or more visible vehicle identifiers 312 (e.g., license plate number, color, make, model) of the assigned vehicle].

Claims 24-25 are rejected under 35 U.S.C. 103 as being unpatentable over WO2018189507 application issued to PAK YONGBEOM hereinafter referred to as “PAK” and in view of US Patent No. (US 2011/0093710 issued to Galvin et al. hereinafter referred to as “Galvin”.
Regarding claim 24 , PAK discloses receiving, in an arrangement broker system and from a first tag associated with a first person, a first security certificate for the first tag, the first security certificate received by the arrangement broker system in association with establishing an arrangement involving the first person; receiving, , by the arrangement broker system, a second security certificate for a second tag associated with a second person also involved with the arrangement( see FIG.7 , Figure 7 is a block diagram of the system of Figure 1 showing example steps to perform an improved handshake between client device and server. Accordingly, like reference numerals refer to the same or similar elements. System 700 comprises a client device (C) 102(first tag) and a server (S) 104(second tag) and, in particular embodiments, comprises a bootstrap server (B) 106(arrangement broker system). Client device 102 may communicate with server 104 and bootstrap server 106 using any suitable communication protocol(s). Likewise, server 104 may communicate with bootstrap server 106 using any suitable communication protocol(s).
Client device 102 may be provisioned with particular credentials (such as cryptographic keys and digital certificates), as part of a factory bootstrap process (e.g. during manufacture). Without these credentials, client device 102 cannot establish trust with other machines in system 700. In this example, client device 102 is provisioned with a digital certificate for the client device 102 (which comprises information about the client device's public key), also referred to herein as Cert(C), and a private key of a public-private key pair, also referred to herein as Priv(C). Client device 102 may also be provisioned with information that enables the client device 102 to locate and connect to the bootstrap server 106 the first time the client device 102 is turned on post-manufacture. For example, the client device 102 may be provisioned with an IP address and a server name indication (SNI) of bootstrap server 106, to enable the client device 102 to search for the bootstrap server 106 and connect to it when first powered-up. This information may be provisioned on client device 102 as part of a factory bootstrap, or as part of a configuration or registration process by an owner of client device 102. In embodiments, the client device 102 may be pre-provisioned with all the information it requires to locate and communicate with server 104 in addition to, or instead of, being pre-provisioned with the information required to locate bootstrap server 106.
When client device 102 is powered-up in system 700, it may use the IP address and SNI of bootstrap server 106 to locate bootstrap server 106. The bootstrap server 106 comprises its own digital certificate (also referred to herein as Cert(B)). The bootstrap server 106 and client device 102 perform a TLS/DTLS handshake process to authenticate (step S702), and so that bootstrap server 106 can verify that client device 102 is permitted to join the system/network 700. The handshake process performed between the bootstrap server 106 and client device 102 involves the client device 102 providing Cert(C) to the bootstrap server 106 so that the bootstrap server can authenticate the client device 102, and involves the bootstrap server 106 providing Cert(B) to the client device 102. Once each machine has authenticated the other in this handshake process, the bootstrap server 106 may provide additional credentials (e.g. cryptographic keys and digital certificates) to client device 102 that may enable the client device 102 to communicate securely with server 104. For example, as shown in step S704, bootstrap server 106 may provide client device 102 with a private key (of a public- private key pair) for communication between the client device 102 and server 104 (shown as Priv(C-S) in Figure 7), a digital certificate for the client device 102 and server 104 (shown as Cert(C-S) in Figure 7), and a digital certificate of the server 104 (shown as Cert(S) in Figure 7). The provisioning process of step S704 is described in more detail with reference to Figure 2. The credentials are provided to client device 102 in a secure manner, i.e. in an encrypted format. The client device 102 may store these credentials in storage 102c alongside the manufacturer-provided credentials.
Client device 102 may need to communicate with server 104 to, for example, provide sensed/measured data to the server 104, to access services/applications via the server 104, to receive updates, instructions/commands, or data from server 104, etc. Typically, client devices and servers establish a secure communication session by performing a TLS/DTLS handshake process to authenticate each other before exchanging messages (i .e. encrypted messages)
The server 104 and client device 102 use, respectively, the URI for Cert (C- S) and the fingerprint of Cert(S), for the authentication/validation process. This is described in more detail with respect to Figures 3 to 6. Once the handshake process has been successfully completed, the secure communication session is established and client device 102 and server 104 may exchange encrypted messages/data.
In embodiments, when the secure communication session is established, the method may further comprise exchanging encrypted messages with the server. The established secure communication session may terminate when the exchanging of encrypted messages is completed, and/or after a specified time period has lapsed. The method may comprise transmitting, to the client device, a message indicating the client device has been authenticated. The method may comprise receiving, from the client device, a message indicating the server has been authenticated by the client device. In embodiments, when the secure communication session is established, the method may comprise exchanging encrypted messages with the client device. The established secure communication session may be terminated when the exchanging of encrypted messages is completed, and/or after a specified time period has lapsed
 PAK does not explicitly disclose, however, Galvin discloses generating, by the arrangement broker system, a session token for the arrangement; providing, by the arrangement broker system and to the second tag, the first security certificate and the session token;  and providing, by the arrangement broker system and to the first tag, the second security certificate and the session token [¶29,  FIG. 4 presents an exemplary scenario 60 featuring an embodiment of these techniques, wherein a source device 12( first tag) and a target device 14(second tag) might establish a communication session 32 with a single information exchange. For example, the source device 12 and the target device 14 may comprise computers having processors 88 and communicating over a wired or wireless communication network, such as the internet or a local area network (LAN.) In this exemplary scenario 60, the source device 12 may be identifiable by a source public certificate 66, and the target device 14 may be identifiable by a target public certificate 72. These public certificates may be maintained by a trusted server (arrangement broker system) (e.g., an authentication server that is configured to store public certificates and to promote the authentication of devices by other devices), or might be exchanged in other ways. The source public certificate 66 might contain, e.g., a source certificate public key 62 that corresponds to a source certificate private key 64 that is retained in secret by a known and authenticated source device 12; and the target public certificate 72 might contain, e.g., a target certificate public key 68 that corresponds to a target certificate private key 70 that is retained in secret by a known and authenticated target device 14. The key pair involved in these public certificates might not be used by the device for encrypting messages 52 during a communication session 32 with the other device, but might be reserved for the authentication of the devices. The source device 12 may have access to the target public certificate 72 comprising the target certificate public key 68, and the target device 14 may have access to the source public certificate 66 comprising the source certificate public key 62. In addition, the source device 12 may have a source address 78 on a particular network, e.g., a TCP/IP address assigned for internet or LAN access, and the target device 14 may have a target address 80 on the same network, which may be used by each device to address messages 52 to the other device. For example, the target address 80 might be specified in the target public certificate 72, thereby authenticating the identity of a target device 14 if it is accessible at the target address 80 and in possession of the target certificate private key 70], and [see FIG. 4 and corresponding text for more detail, source session key (74) and target session key (76) and the session key (86), ¶¶30-31].
It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to combine the teaching of PAK with the teaching of Galvin in order to implement a secure communication session between devices providing security features, such as authentication via public certificate to detect man-in-the-middle [ Galvin, Abstract].
Regarding claim 25, PAK does not explicitly disclose, however, Galvin discloses, further comprising receiving, by the arrangement broker system and from at least one of the first tag or the second tag, a communication that includes the session token [see FIG. 4 and corresponding text for more detail, source session key (74) and target session key (76) and the session key (86), ¶¶30-31]
It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to combine the teaching of PAK with the teaching of Galvin in order to implement a secure communication session between devices providing security features, such as authentication via public certificate to detect man-in-the-middle [ Galvin, Abstract].

Conclusion
The prior art made of record and not relied upon is considered pertinent to applicant's disclosure. 
BISHOP(US2017/0083396) teaches [¶60, a task sequence is a ride delivery workflow set up by a cab sharing company like Uber™. The ride delivery workflow can involve multiple stages, such as (1) receiving a cab request from an end-user, (2) identifying the requested destination area, (3) discovering available Uber cab drivers in the destination area, (4) transmitting the cab request with contact information of the end-user to the available Uber cab drivers, (5) receiving ratification from at least one willing Uber cab driver, (6) notifying the end-user of the imminent cab arrival with cab vehicle information and (7) receiving confirmation from the end-user regarding accepting the cab delivery. Each of these seven stages involves exchange of a substantial amount of data, which gets processed in real-time to generate real-time analytics.

Gillen (US2018/0020333) teaches in one embodiment, each vehicle 100 can be uniquely identified vehicle 100 unique vehicle identifier (e.g., vehicle ID) associated with the vehicle 100. The unique vehicle ID may include characters such as numbers, letters, symbols, and the like. For example, the alphanumeric vehicle ID (e.g., " AS445 " and/or " 1G6AF5SX6D0125409 ") may be associated with each vehicle 100. In another embodiment, the unique vehicle ID may be a license plate, a registration number, or other identification information/data assigned to the vehicle 100.

D’Angelo(US2016/0373882) teaches[0042] The certificate acquisition logic 516 may assist the distributer system 500 in determining that an electronic certificate device 508 is proximate to the proximity communication interface 506 and obtaining the electronic certificate from the electronic certificate device 508 through the interface 506. The memory may hold the obtained electronic certificate 520. The electronic certificate 520 may include certificate data, such as the certificate type (e.g., whether the certificate is a percentage discount certificate, a restaurant ticket, a promotional advertisement, etc.), a certificate amount, an expiration data, a certificate ID number, a certificate name, a certificate quantity, a certificate service provider (e.g., which service provider distributed or issued the certificate) or other information relevant to processing the electronic certificate 520. 
Bergdale (US20150213660) [Systems and Methods for Electronic Ticket Validation Using Proximity Detection].
CA (2399610 A1) [APPARATUS, SYSTEMS AND METHODS FOR WIRELESSLY TRANSACTING FINANCIAL TRANSFERS, ELECTRONICALLY RECORDABLE AUTHORIZATION TRANSFERS, AND OTHER INFORMATION TRANSFERS].
Rodriguez (US2015/0126234) [USER INTERFACE FOR OBJECT TRACKING].
JP 2002215981 A [digital ticket server, reservation management server, Web Server, digital ticket database].
CN 111340567 A [Verification Method, Device of Electronic Ticket, The Store Terminal, The User Terminal and System].
Applicants are encouraged to take advantage of the After Final Consideration Pilot 2.0 (AFCP 2.0) which authorizes non-production time for consideration of responses filed after a final rejection. The purpose of the pilot is to compact prosecution of the case. The request must include 1) A signed AFCP request form (PTO/SB/434 or equivalent) that includes a statement that applicant is requesting consideration under the AFCP; 2) An amendment to at least one independent claim that does not broaden the scope of the independent claim in any aspect; and 3) A statement that applicant is willing and available to participate in any interview initiated by the examiner concerning the present response.  In the limited amount of non-production time if the examiner’s consideration of a proper AFCP 2.0 request and response does not result in a determination that all pending claims are in condition for allowance, the examiner will request an interview with the applicant to discuss the response. For more info, please visit http://www.uspto.gov/patent/initiatives/after-final-consideration-pilot-20
Applicant's amendment necessitated the new ground(s) of rejection presented in this Office action.  Accordingly, THIS ACTION IS MADE FINAL.  See MPEP § 706.07(a).  Applicant is reminded of the extension of time policy as set forth in 37 CFR 1.136(a).  
A shortened statutory period for reply to this final action is set to expire THREE MONTHS from the mailing date of this action.  In the event a first reply is filed within TWO MONTHS of the mailing date of this final action and the advisory action is not mailed until after the end of the THREE-MONTH shortened statutory period, then the shortened statutory period will expire on the date the advisory action is mailed, and any extension fee pursuant to 37 CFR 1.136(a) will be calculated from the mailing date of the advisory action.  In no event, however, will the statutory period for reply expire later than SIX MONTHS from the date of this final action. 

Any inquiry concerning this communication or earlier communications from the examiner should be directed to SHAHRIAR ZARRINEH whose telephone number is (571)272-1207. The examiner can normally be reached Monday-Friday, 8:30am-5:30pm.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Jorge Ortiz-Criado can be reached on 571-272-7624. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. Visit https://www.uspto.gov/patents/apply/patent-center for more information about Patent Center and https://www.uspto.gov/patents/docx for information about filing in DOCX format. For additional questions, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.





/SHAHRIAR ZARRINEH/Examiner, Art Unit 2496