Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .
1.	Claims 1, 7 and 14 have been amended. Claims 2 and 6 have been canceled. Claims 1, 3-5 and 7-15 have been examined.

2.	Applicant's arguments filed 05/31/2022 have been fully considered but they are not persuasive.

Claim Interpretation
3.	For claims 3-4 and 7-9, the phrases “of the group” and “or” has been given the broadest, reasonable interpretation of only requiring a single element from the given list in order to satisfy the requirements of the limitation.

Claim Objections
4.	Claim 3 is objected to because of the following informalities:
Claim 3 depends on claim 2, which has been canceled.
Appropriate correction is required.

5.	In the event the determination of the status of the application as subject to AIA  35 U.S.C. 102 and 103 (or as subject to pre-AIA  35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status.  

6.	The text of those sections of Title 35, U.S. Code not included in this action can be found in a prior Office action.


Claim Rejections - 35 USC § 102
7.	Claims 1, 3-4, 7-8, 11 and 14 are rejected under 35 U.S.C. 102(a)(2) as being anticipated by Hazard et al. (U.S. Patent Application Publication 2019/0108731; hereafter “Hazard”).
	For claim 1, Hazard teaches a method for authenticating a first party to a second party (note paragraph [0028], authentication of user to financial institution), the method comprising:
	providing a token, wherein the token is at least a part of a mobile entity, wherein the token is coupled to a secret being indicative for the identity of the first party (note paragraph [0030], mobile application, i.e. token, is part of a user device, i.e. mobile entity, and is coupled to biometric information, i.e. a secret; note paragraph [0043], step 211, password or passcode, i.e. secret, is coupled to the token), wherein at least a part of the mobile entity has a processing unit coupled to the token (note paragraph [0028], user device includes a processor);
	coupling the token with an access point by establishing a physical contact (note paragraph [0042], user device makes Bluetooth connection to ATM when in proximity, i.e. physical contact as defined by page 4 of Applicant’s Specification; note paragraphs [0025] and [0052], NFC may also be used), using a first communication channel between the token, the processing unit, and the access point (note paragraph [0042], user device makes Bluetooth connection to ATM when in proximity, i.e. physical contact as defined by page 4 of Applicant’s Specification; note paragraphs [0025] and [0052], NFC may also be used);
	transferring the secret to the access point (note paragraph [0043], step 212, user device provides verification information to ATM which may include password or passcode, i.e. secret; note paragraph [0044], ATM collects additional verification information from user device including biometric information, i.e. secret);
	linking the secret with a location information of the access point, thereby providing an authentication token being indicative for the identity and the location of the first party (note paragraph [0044], ATM links user verification information with GPS information collected by the ATM, i.e. location of the first party, by creating fifth electronic data set, i.e. an authentication token); and
	providing the authentication token to the second party (note paragraph [0044], step 213, ATM sends fifth electronic data set to central computer system) using the first communication channel (note paragraph [0043], user device sends verification information to the ATM using first communication channel) 
	establishing a second communication channel between the first party and the second party via the processing unit of the mobile entity and the access point, wherein the bandwidth of the second communication channel is larger than the bandwidth of the first communication channel (note paragraph [0028] and Fig. 3, user device establishes wireless channel with central computer system, which has an internet connection to the ATM, i.e. second communication channel; cellular channel has higher bandwidth than Bluetooth or NFC connection, i.e. first communication channel).


	For claim 14, Hazard teaches a communication system, comprising:
	a token, wherein the token is at least a part of a mobile entity, and wherein the token is coupled to a secret being indicative for the identity of a first party (note paragraph [0030], mobile application, i.e. token, is part of a user device, i.e. mobile entity, and is coupled to biometric information, i.e. a secret; note paragraph [0043], step 211, password or passcode, i.e. secret, is coupled to the token), wherein at least a part of the mobile entity has a processing unit coupled to the token (note paragraph [0028], user device includes a processor);
	an access point (note paragraph [0028], ATM), configured to be coupleable to the token by establishing a physical contact (note paragraph [0042], user device makes Bluetooth connection to ATM when in proximity, i.e. physical contact as defined by page 4 of Applicant’s Specification; note paragraphs [0025] and [0052], NFC may also be used) such that the secret can be transferred to the access point, using a first communication channel between the token, the processing unit, and the access point (note paragraph [0042], user device makes Bluetooth connection to ATM when in proximity; note paragraphs [0025] and [0052], NFC may also be used)
wherein the access point is coupled to a processor (note paragraph [0043], step 212, user device provides verification information to ATM which may include password or passcode, i.e. secret; note paragraph [0044], ATM collects additional verification information from user device including biometric information, i.e. secret), and wherein the processor is configured to link the secret with a location information of the access point, thereby providing an authentication token being indicative for the identity and the location of the first party (note paragraph [0044], ATM links user verification information with GPS information collected by the ATM, i.e. location of the first party, by creating fifth electronic data set, i.e. an authentication token); 
	an authentication unit of a second party (note paragraph [0028], central computer system), configured to receive the authentication token (note paragraph [0044], step 213, ATM sends fifth electronic data set to central computer system) via the first communication channel (note paragraph [0043], user device sends verification information to the ATM using first communication channel); and
	a second communication channel between the first party and the second party via the processing unit of the mobile entity and the access point, wherein the bandwidth of the second communication channel is larger than the bandwidth of the first communication channel (note paragraph [0028] and Fig. 3, user device establishes wireless channel with central computer system, which has an internet connection to the ATM, i.e. second communication channel; cellular channel has higher bandwidth than Bluetooth or NFC connection, i.e. first communication channel).



	For claim 3, Hazard teaches claim 2, wherein the first communication channel comprises one of the group consisting of a galvanic interface, an electrical interface, an electromagnetic interface, an acoustic interface, and an optical interface (note paragraphs [0034]-[0035], [0042] and [0052], communication channel between user device and ATM includes audio emittance, i.e. acoustic; QR code, i.e. optical; Bluetooth, NFC, i.e. electromagnetic).

	For claim 4, Hazard teaches claim 1, wherein the secret is a credential of the group consisting of a PIN code (note paragraph [0043], passcode) and a biometric, in particular a fingerprint (note paragraph [0042], fingerprint) or a heart rate.

	For claim 7, Hazard teaches claim 1, further comprising, after authenticating, enabling a transaction between the first party and the second party through the second communication channel, in particular wherein the transaction is one of the group consisting of reception of goods or services for payment (note paragraph [0031], financial transaction, i.e. service received for payment, is enabled through second communication channel), access to a facility, access to one of a vehicle, a vessel, an apartment, and a home.

	For claim 8, Hazard teaches claim 1, wherein the processing unit, in particular also the token, is embedded in a mobile device, in particular one of the group consisting of a wristwatch, a wristband, a mobile phone (note paragraph [0028], smart cellular phone), a smart card (note paragraph [0052], card with chip/antenna, i.e. smart card), a breast-band, and a body area network.

	For claim 11, Hazard teaches claim 1, wherein the secret comprises a first credential and a second credential, in particular wherein the first credential is more secure than the second credential (note paragraphs [0042]-[0044], passcode and biometric; biometric is more secure than passcode since an attacker can learn and enter a passcode while a real-time biometric is harder to fake).


Claim Rejections - 35 USC § 103
8.	Claim 5 is rejected under 35 U.S.C. 103 as being unpatentable over Hazard as applied to claim 2 above, and further in view of Dolev et al. (U.S. Patent Application Publication 2019/0089717; hereafter “Dolev”).
	For claim 5, Hazard differs from the claimed invention in that they fail to teach:
	further comprising: receiving a session key from the second party via the first communication channel at the processing unit in return to providing the authentication token, in particular wherein the validity of the session key is time-limited.

	Dolev teaches:
	further comprising: receiving a session key from the second party via the first communication channel at the processing unit in return to providing the authentication token (note paragraphs [0056] and [0058], secret value is received over out of band channel, i.e. first communication channel; paragraphs [0061], secret values are used as encryption key), in particular wherein the validity of the session key is time-limited (Note paragraphs [0080] and [0085], secret values are done for each session, e.g. time between reboots and resets).

	It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to combine the transaction authorization of Hazard and the out of band session key of Dolev. It would have been obvious because combining prior art elements (authenticating a transaction using two communication channels of Hazard; sending a secret key over an out of band communication channel to use as encryption key of Dolev) would yield the predictable results of sending a secret value over the first communication channel between the user device and the ATM (Hazard) to use as a session key for encryption (Dolev).


9.	Claims 9-10, 12-13 and 15 are rejected under 35 U.S.C. 103 as being unpatentable over Hazard as applied to claims 1 and 14 above, and further in view of Li (U.S. Patent Application Publication 2019/0095926).
	For claim 9, Hazard differs from the claimed invention in that they fail to teach:
	wherein the token is the finger of a human, in particular wherein coupling comprises a galvanic or capacitive coupling between the finger and the access point.

	Li teaches:
	wherein the token is the finger of a human, in particular wherein coupling comprises a galvanic or capacitive coupling between the finger and the access point (note paragraphs [0042] and [0073], POS device collects fingerprint information when finger, i.e. token, is touching a touch component of the POS, i.e. galvanic or capacitive coupling).

	It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to combine the transaction authorization of Hazard and the collecting fingerprint information through a touch component of the POS of Li. It would have been obvious because a simple substitution of one known element (transmitting fingerprint data through touch of Li) for another (transmitting fingerprint data through Bluetooth of Hazard) would yield the predictable results of sending a secret value over a first communication channel between the user device and the ATM to authorize a transaction (Hazard) where the first communication channel is a touch component of the ATM (Li).


	For claim 10, the combination of Hazard and Li teaches claim 9, wherein the processing unit is embedded in a mobile device carried by the human (note paragraph [0028] of Hazard, user device includes a processor; note paragraph [0024] of Li, user device may be wearable device).

	It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to combine the transaction authorization of Hazard and the collecting fingerprint information through a touch component of the POS of Li. It would have been obvious because a simple substitution of one known element (transmitting fingerprint data through touch of Li) for another (transmitting fingerprint data through Bluetooth of Hazard) would yield the predictable results of sending a secret value over a first communication channel between the user device and the ATM to authorize a transaction (Hazard) where the first communication channel is a touch component of the ATM (Li).


	For claim 12, the combination of Hazard and Li teaches claim 1, wherein the secret is obtained from a body area network (note paragraphs [0024] and [0042] of Li, secret is transmitted through connection between wearable device and POS is through body area network.

	It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to combine the transaction authorization of Hazard and the collecting fingerprint information through a touch component of the POS of Li. It would have been obvious because a simple substitution of one known element (transmitting fingerprint data through touch of Li) for another (transmitting fingerprint data through Bluetooth of Hazard) would yield the predictable results of sending a secret value over a first communication channel between the user device and the ATM to authorize a transaction (Hazard) where the first communication channel is a touch component of the ATM (Li).


	For claim 13, the combination of Hazard and Li teaches claim 1, wherein the access point is at least a part of a point of sale (note paragraph [0024] of Li), and the method further comprises: 	establishing a remote communication between the access point and a network of the second party (note paragraph [0044] of Hazard, steps 213 and 210, connection between ATM and central computer system).

	It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to combine the transaction authorization of Hazard and the collecting fingerprint information through a touch component of the POS of Li. It would have been obvious because a simple substitution of one known element (POS of Li) for another (ATM of Hazard) would yield the predictable results of authorize a transaction (Hazard) where the where the transaction is between a user device and a POS (Li).


	For claim 15, the combination of Hazard and Li teaches claim 14, wherein the access point comprises an interface, in particular configured as a button, more in particular a button comprising a sensor, the processor (note paragraphs [0042] and [0073], POS device collects fingerprint information when finger is touching a touch component of the POS, i.e. sensor in button), and a terminal configured to establish a remote communication between the access point and a communication network of the second party (note paragraph [0044] of Hazard, steps 213 and 210, connection between ATM and central computer system).

	It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to combine the transaction authorization of Hazard and the collecting fingerprint information through a touch component of the POS of Li. It would have been obvious because a simple substitution of one known element (transmitting fingerprint data through touch of Li) for another (transmitting fingerprint data through Bluetooth of Hazard) would yield the predictable results of sending a secret value over a first communication channel between the user device and the ATM to authorize a transaction (Hazard) where the first communication channel is a touch component of the ATM (Li).


Response to Arguments
10.	Applicant argues, “Hazard does not show or suggest ‘a second communication channel between the first party and the second party via the processing unit of the mobile entity and the access point, wherein the bandwidth of the second communication channel is larger than the bandwidth of the first communication channel’ (note Remarks, page 5).
	Examiner disagrees. Hazard discloses that the user device makes a connection to the ATM through a low bandwidth connection when the user device is in proximity to the ATM (note paragraphs [0025], [0042]-[0043] and [0052], e.g. Bluetooth, NFC, QR code, audio sounds). This is a first communication channel.
	As noted in the rejection above, Hazard also discloses the user device connects to the central computer system through a cellular network (note paragraph [0028] and Figure 3).

	It is unclear from Applicant’s argument which part of the limitation Hazard “does not show or suggest” whether it is “a second communication channel between the first party and the second party via the processing unit of the mobile entity and the access point” or “wherein the bandwidth of the second communication channel is larger than the bandwidth of the first communication channel”.
	Applicant states “as acknowledged by the examiner, the wireless channel of Hazard et al. described at paragraph 0028 links the user device to the central computer system as shown in Figure 3 of Hazard” (note Remarks, page 5). So, it appears Applicant is arguing Hazard fails to teach the part of the limitation that states “via the processing unit of the mobile entity and the access point”.
	However, as shown in Figure 3 and elsewhere Hazard discloses the central computer system is connected to the ATM through the internet and that multiple antennas (i.e. different communication channels) of the ATM “may also provide increased bandwidth and speed” (note paragraphs [0020] and [0028]). Therefore, the cellular internet connection (i.e. “second communication channel”) between the user device and the financial institution is “via the processing unit of the mobile entity and the access point” since the data for the transaction is sent from the user device through the internet to the central computer system and then through the internet to the ATM.
	As noted in the rejection above, the cellular internet connection (i.e. “second communication channel”) has a larger bandwidth than the Bluetooth/NFC/QR code (i.e. “first communication channel”).
	Therefore, Hazard teaches “a second communication channel between the first party and the second party via the processing unit of the mobile entity and the access point, wherein the bandwidth of the second communication channel is larger than the bandwidth of the first communication channel” as required by the claims.

Conclusion
11.	THIS ACTION IS MADE FINAL.  Applicant is reminded of the extension of time policy as set forth in 37 CFR 1.136(a).  
A shortened statutory period for reply to this final action is set to expire THREE MONTHS from the mailing date of this action.  In the event a first reply is filed within TWO MONTHS of the mailing date of this final action and the advisory action is not mailed until after the end of the THREE-MONTH shortened statutory period, then the shortened statutory period will expire on the date the advisory action is mailed, and any extension fee pursuant to 37 CFR 1.136(a) will be calculated from the mailing date of the advisory action.  In no event, however, will the statutory period for reply expire later than SIX MONTHS from the mailing date of this final action. 

12.	Any inquiry concerning this communication or earlier communications from the examiner should be directed to DAVID J PEARSON whose telephone number is (571)272-0711. The examiner can normally be reached 6:00 - 5:30 pm; Monday through Thursday.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Taghi Arani can be reached on (571)272-3787. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. Visit https://www.uspto.gov/patents/apply/patent-center for more information about Patent Center and https://www.uspto.gov/patents/docx for information about filing in DOCX format. For additional questions, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.





/David J Pearson/Primary Examiner, Art Unit 2438