Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .

Claim Rejections - 35 USC § 112
The following is a quotation of 35 U.S.C. 112(b):
(b)  CONCLUSION.—The specification shall conclude with one or more claims particularly pointing out and distinctly claiming the subject matter which the inventor or a joint inventor regards as the invention.


The following is a quotation of 35 U.S.C. 112 (pre-AIA ), second paragraph:
The specification shall conclude with one or more claims particularly pointing out and distinctly claiming the subject matter which the applicant regards as his invention.


Claim 1 is rejected under 35 U.S.C. 112(b) or 35 U.S.C. 112 (pre-AIA ), second paragraph, as being indefinite for failing to particularly point out and distinctly claim the subject matter which the inventor or a joint inventor (or for applications subject to pre-AIA  35 U.S.C. 112, the applicant), regards as the invention.
Claim 1 recites the limitation "the encrypted private key" in the receiving challenge data, receiving the encrypted private key, and automatically sending limitations.  There is insufficient antecedent basis for this limitation in the claim.  For purposes of examination, since the step before the transmission is the encryption of a challenge with a private key, the examiner will treat the limitation as the encrypted challenge.


Claim Rejections - 35 USC § 103
In the event the determination of the status of the application as subject to AIA  35 U.S.C. 102 and 103 (or as subject to pre-AIA  35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status.  
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.

Claim(s) 1-2 is/are rejected under 35 U.S.C. 103 as being unpatentable over Fenton et al. (US 9,942,222) hereafter Fenton in view of Mathias et al. (US 2020/0052905) hereafter Mathias.
1. Fenton discloses a method for multi-factor authentication of a user to an access control system using manual authentication of credentials, and never having to repeat manual authentication as long as the user does not invalidate the credentials, said method comprising: 
pairing a first electronic device and a second electronic device to each other so they may communicate, wherein the first and the second electronic devices are running an authentication program that enables authentication of a user by proving knowledge, possession or inherence of the user (col 7, 36-46, Bluetooth/Wi-Fi in view of the cited portion need to be paired prior to connecting; col 16, 54-col 17, 7, user 102 is authenticated in a multifactor authentication process using sensor data 112 obtained from sensors 110 on the wearable device 104 and on the user device 106. For example, the wearable device 104 may provide proximity data 112(1), latch sensor data 112(2), and fingerprint data 112(3) obtained from sensors 110 onboard the wearable device 104 to the authentication server 122. In some implementations, the user device 106 or another device may relay this data to the authentication server 122 on behalf of the wearable device 104 [the user device relays the information which means there is a pairing]); 
authenticating the identity of the user on the first electronic device (col 16, 54-col 17, 7); 
placing the second electronic device on the user such that the second electronic device remains in physical contact with the user (fig 4 and corresponding text); 
authenticating the identity of the user on the second electronic device (col 16, 54-col 17, 7); 
transmitting a signal from the second electronic device to the first electronic device that the user is authenticated (col 17, 32-40, keepalive data would be relayed; see also col 7, 1-30); 
waiting for the user to come within range of an access control system of a door, and when the user comes within range, verifying that the second electronic device still has valid credentials for the user by not losing physical contact with the user (col 17, 19-31); 
 Fenton does not explicitly disclose receiving challenge data at the first electronic device from the access control system, sending the challenge data to a secure element, encrypting the challenge data with a private key in the secure element, and transmitting the encrypted private key to the access control system; 
receiving the encrypted private key by the access control system and verifying that the user has valid multi-factor authentication credentials by verifying the encrypted private key; 
re-transmitting challenge data to the first electronic device whenever the first electronic device comes within range of the access control system; and 
automatically sending the challenge data to the secure element, encrypting the challenge data with the private key in the secure element, and transmitting the encrypted private key to the access control system without having to re-authenticate the identity of the user.
However, in an analogous art, Mathias discloses access using a mobile device including receiving challenge data at the first electronic device from the access control system, sending the challenge data to a secure element, encrypting the challenge data with a private key in the secure element, and transmitting the encrypted private key to the access control system (para 86-87; see also fig 4 and corresponding text); receiving the encrypted private key by the access control system and verifying that the user has valid multi-factor authentication credentials by verifying the encrypted private key (para 88-89); re-transmitting challenge data to the first electronic device whenever the first electronic device comes within range of the access control system (para 84-89); and automatically sending the challenge data to the secure element, encrypting the challenge data with the private key in the secure element, and transmitting the encrypted private key to the access control system without having to re-authenticate the identity of the user (para 84-89; see also para 93, user authentication may be performed in addition to [this indicates the user is not being authenticated]).  It would have been obvious to a person of ordinary skill in the art before the effective filing date to modify the implementation of Fenton with the implementation of Mathias in order to prevent malicious entities from gaining access through increased security (para 2-3, Abstract).

Claim 2 is similar in scope to claim 1 and is rejected under similar rationale.

Conclusion
Any inquiry concerning this communication or earlier communications from the examiner should be directed to JAMES R TURCHEN whose telephone number is (571)270-1378. The examiner can normally be reached Monday-Friday: 7-3.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Luu Pham can be reached on 571-270-5002. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. Visit https://www.uspto.gov/patents/apply/patent-center for more information about Patent Center and https://www.uspto.gov/patents/docx for information about filing in DOCX format. For additional questions, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.





/JAMES R TURCHEN/               Primary Examiner, Art Unit 2439