Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .
	The Amendment filed 6/15/2022 has been entered, claim 3 has been canceled and claim 17 has been newly added. 
  
Response to Applicant’s Amendments / Arguments Regarding 35 U.S.C. § 103
Response to Applicant’s Amendments / Arguments

	 The applicant’s remarks, on pages 11 of the response / amendment regarding the independent claims, which is included below single spaced, and with the examiner’s comments double spaced, and the examiner’s emphasis of the applicant’s arguments in underline, is included below. The applicant argues the features which allegedly distinguish over the previously cited references cited in the 35 U.S.C. § 103 rejections.
A.   Rejections of Independent Claims 1, 15, and 16 
The Applicant submits that the combination of Doyle and Smith does not teach, suggest or render obvious at least, for example, the newly presented features of "receive a second authentication command from the second information processing device based on the established connection with the second information processing device and the identification information embedded in the code, wherein the second authentication command is received after the first part of the authentication is performed by the second information processing device ... based on the part of the information necessary for the first part of the authentication; and perform a second part of the authentication based on the second authentication command," as recited in amended independent claim 1. 
Therefore, amended independent claim 1 is not taught, suggested or rendered obvious over the combination of Doyle and Smith. 

The applicant argues that the references cited in the rejections of the independent claims do not remedy the deficiencies of Doyle and Smith.
The applicant’s remarks, on pages 13-14 of the response / amendment regarding dependent claim 8, which is included below single spaced, and with the examiner’s comments double spaced, and the examiner’s emphasis of the applicant’s arguments in underline, is included below. The applicant argues the features which allegedly distinguish over the previously cited references cited in the 35 U.S.C. § 103 rejections.
E. 	Rejection of Dependent Claim 8 
Patil is not shown to remedy the above-noted deficiencies of Doyle, Smith, and Tallon. Therefore, the Applicant respectfully submits that claim 8 is not shown to be taught, suggested, or rendered obvious over the references cited in the Office Action based at least on the dependency on amended independent claim 1. Further, claim 8 separately recites subject matter not shown to be described or suggested by any of the cited references, whether taken individually or in combination. At least for these reasons, claim 8 is believed to be patentable. 
Furthermore, the Examiner has failed to provide "articulated reasoning with some rationale underpinning to support the legal conclusion of obviousness" in the detailed manner described in KSR. Rather, the Examiner merely provides cursory statements in an attempt to support the claim rejections. In the present instance, Dietrich relates to method for initializing a memory area that is associated with a smart meter, a software product, a security module. However, the instant application is related to a system that enables authentication even in a terminal not capable of RF communication. See at[0005] of
the Specification as originally filed. Therefore, a person of ordinary skill in the field of Applicant's invention would not look at the disclosure of Dietrich at the time the invention was made, to combine it with the other references as suggested in the Office Action. Neither the Examiner has provided any rationale for the combination of Dietrich with the other cited references, not there is a suggestion in Dietrich for such a combination. Therefore, the Applicant respectfully submits that the rationale proffered to combine the teachings of Doyle, Smith, Tallon, and Patil is based on hindsight, and is thus improper.

	The applicant is reminded the Dietrich is not cited in the rejection of dependent claim 8, please see rejection of dependent claim 8 included below. Additionally, the motivation for the combination, used in the rejection of claim 8, has been updated for the purpose of clarification. (See below) Thus, the rejection has been maintained.
	
Claim Rejections - 35 USC § 103
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.

Claims 1, 4-5, 9, 11, and 15-16 are rejected under 35 U.S.C. 103 as being unpatentable over U.S. 2012/0138679 to Doyle (hereinafter Doyle), in view of US 2017/0317833 to Smith et al. (hereinafter Smith), and in further view of US 2016/0351080 to Bhatnagar et al. (hereinafter Bhatnagar).
Regarding claim 1, Doyle teaches,
A first information processing device comprising: 
Doyle in Fig. 1 and [0009] depict and describe a mobile telephone (1) which corresponds to the “first information processing device.” Doyle, in the first sentence of [0009] states, “FIG. 1 shows a Cellular, or mobile telephone (1) …” (emphasis added) Additionally, Fig. 1 of Doyle is included below. 
circuity configured to:
The Examiner asserts that the computer hardware (“circuitry”) of the mobile telephone 1 creates the code, as described in the second sentence of [0009] of Doyle.


    PNG
    media_image1.png
    316
    446
    media_image1.png
    Greyscale

Doyle Fig. 1
	Doyle teaches the following, except for the underlined features,
generate a code in which, connection information, identification information, and a part of information necessary for a first part of authentication are embedded, wherein the part of the information necessary for the first part of the authentication includes a first authentication command;
The Examiner asserts that the computer hardware of the mobile telephone 1 creates the code, as described in the second sentence of [0009] of Doyle, which states, “The 2D code shown represents a SKS code generated by first using the computer hardware and software resources of the mobile phone or digital device to capture machine readable unique identity token(s) such as the card identity number (CID) from an inserted microSD (5) or SIM card (4) …” (emphasis added) The Examiner asserts that the identification information in the microSD 5 or SIM card 4 corresponds to “embedded” information.
The Examiner interprets providing the two dimensional code as shown in fig. 3 of Doyle (included below), which includes the card ID information and the time information described in [0009] of Doyle as corresponding to “first authentication command” in the “the information necessary for the authentication” (which is provided in the “code”) because authentication is performed when the “code” is scanned, as shown in fig. 3 of Doyle and described in [0011] of Doyle (included below, in part).  This information is used to establish a connection that is used to perform further authentication.

    PNG
    media_image2.png
    327
    238
    media_image2.png
    Greyscale

Fig. 3 Doyle
  	Doyle states, “[0011] FIG. 3 shows the preferred method for utilizing the code, where the mobile phone or digital device (1) is placed in proximity to a two dimensional barcode scanner (2) which scans the visible SKS Code to obtain the encrypted digital code and sends said captured code via wired or wireless communications to a computer server possessing the private encryption key and thus able to decode and ascertain or authenticate the originally captured physical identity token(s). …” (emphasis added)
Doyle teaches the following,
control display of the code, 
Doyle teaches a display of the mobile phone 1. For example, Doyle in the first sentence of [0009] states, “[0009] FIG. 1 shows a Cellular, or mobile telephone (1) with a liquid crystal display (LCD) (2) or organic light emitting diodes display (OLED) or equivalent electronic display capable of displaying a high resolution machine readable two-dimensional bar code as shown (3).” (emphasis added). Fig. 1 of Doyle is included above. Another relevant portion at the end of [0009] states, “…and then using the standard QR encoding algorithm to create and display the secure SKS code on the digital screen.” (emphasis added)
As stated above, Doyle does not teach the following underlined features,
generate a code in which a part of information necessary for… connection information, … are embedded …
However, Smith teaches the above underlined features, as further discussed below,
Doyle also fails to teach the features recited below,
wherein the connection information is information for establishment of a connection between the first information processing device and a second information processing device that reads the displayed code; 
However, Smith teaches the above features not taught by Doyle,
Smith in the last sentence of [0137] where the scanning of the visual code causes the connection to be established (“connection information is information for establishment of a connection”) between a mobile device and another device (“between the first information processing device and a second information processing device that reads the displayed code”). Additionally, Smith in the middle of [0049] teaches that the Quick Response (QR) code tells the device which endpoint (“connection information”) to send identity data to. A site that is a physical location may use web based devices, applications, or other devices onsite to read and confirm identity so that it is essentially the same as if it was being done online. The examiner interprets this as corresponding to “connection information.” 
Doyle and Smith do not appear to teach the following underlined features,
receive a second authentication command from the second information processing device based on the established connection with the second information processing device and the identification information embedded in the code, 
However, Bhatnagar teaches the above features, 
Bhatnagar also teaches a client extension 14 (browser extension of fig. 4) that generates and displays a QR code with session ID (“identification information” in the code), URL, and other information. (Bhatnagar, second half [0049] & [0050]) Bhatnagar then teaches that the handheld device (“second information processing device”) scans the code from the client extension 14 (“first information processing device”). (Bhatnagar, first two sentences [0055]). 
The examiner interprets the client extension 14 (web browser and browser extension of fig. 4) and the server as corresponding to the “first information processing device, and further interprets the handheld device (phone app of fig. 4) as corresponding to the “second information processing device”
Bhatnagar then teaches the handheld device 16 finds 94 the encrypted user credentials with encryption key from barcode and (in Step E7 of fig. 4) sends the encrypted credentials and session ID (“receive a second authentication command from the second information processing device …    “) to an authentication server (“first information processing device”). (Bhatnagar, third sentence [0055]) 
The examiner interprets the encrypted user credentials in Bhatnagar as corresponding to a response, performed after scanning the barcode in Bhatnagar, [0055]. The examiner notes that the printed publication of the application at [0095] teaches that the RW Authentication Command (“second authentication command”) includes a response. Thus, the encrypted user credentials in Step E7 of [0055] Bhatnagar are a response that corresponds to an “authentication command.”
Bhatnagar teaches the features recited below,
wherein the second authentication command is received after: 
the first part of the authentication is performed by the second information processing device, and 
As discussed above, in [0055] of Bhatnagar, the handheld device scans the barcode in Step E5 and decodes the QR and looks up the URL (see, Step E5 of fig. 4 of Bhatnagar) (“first part of the authentication is performed by the second information processing device”), and then sends the encrypted credentials to the authentication server 12 (“first authentication processing device”).  After E5  is performed, the encrypted credentials and session ID (“second authentication command”) are then sent to the authentication server 12, in Step E7 of [0055] of Bhatnagar. (see also fig. 4 of Bhatnagar) 
the first part of the authentication is performed by the second information processing device based on the part of the information necessary for the first part of the authentication; and 
As discussed above, Bhatnagar teaches “the first part of the authentication is performed by the second information processing device.” (See Bhatnagar, Step E5 of fig. 4 and [0055])
Bhatnagar also teaches that the Session ID (“the part of the information necessary for the first part of the authentication”) is used to generate the QR code (middle of [0049] in Bhatnagar), where generating and displaying the QR code correspond to “the first part of the authentication”, which is performed by the “second information processing device.”
perform a second part of the authentication based on the second authentication command.   
Bhatnagar also teaches that Step E7 of fig. 4 (“second authentication command”) includes the encrypted credentials and the Session ID. 
Before the effective filing date of the invention, it would have been obvious to one of ordinary skill in the art to combine the teachings of Doyle, which teaches using a visual code / QR code to establish a connection, with Smith, which also teaches using a visual code to establish a connection and then uses the established connection to perform additional authentication / verification. One of ordinary skill in the art would have been motivated to perform such an addition to provide the capability of requiring additional information for authentication after the connection is established using a visual / QR code.
Before the effective filing date of the invention, it would have been obvious to one of ordinary skill in the art to combine the teachings of Doyle, which teaches using a visual code / QR code to establish a connection, with Smith, which also teaches using a visual code to establish a connection and then uses the established connection to perform additional authentication / verification, with Bhatnagar, which teaches authenticating a user by using a barcode / QR code that delivers information (i.e., user credentials and Session ID) to a user device, and then the user device responds with information that includes some of the same information (Session ID) in order to authenticate and securely communicate. One of ordinary skill in the art would have been motivated to perform such an addition to provide the capability of using the information in a QR code / barcode given to a device, where the device responds with at least some of the same information in order to perform authentication and establish secure communication. 

Regarding claim 4, Doyle teaches, 
The first information processing device according to claim 1, wherein the first authentication command includes a challenge value generated based on first time information in the first information processing device.
Specifically, Doyle teaches including a time stamp in the “code” (the two dimensional machine readable bar code 3 of Doyle, in Fig. 1 included above)) which the Examiner interprets as corresponding to a “a challenge value generated based on first time information in the first information processing device.” 
Doyle’s Abstract states, “The invention is a method for creating one time-use highly secure 2D barcodes, or secure two-dimensional barcodes, by utilizing machine readable physical tokens such as read only memory (ROM) or biometric data as a precursor and then applying a public key encryption algorithm and a time-stamp to otherwise standard 2D barcode generation schemas.” (emphasis added)
Doyle states, “[0009] FIG. 1 shows a Cellular, or mobile telephone (1) with a liquid crystal display (LCD) (2) or organic light emitting diodes display (OLED) or equivalent electronic display capable of displaying a high resolution machine readable two-dimensional bar code as shown (3). The 2D code shown represents a SKS code generated by first using the computer hardware and software resources of the mobile phone or digital device to capture machine readable unique identity token(s) such as the card identity number (CID) from an inserted microSD (5) or SIM card (4) or a biometric token of the person using the phone (6), then using software running on the device's microprocessor to add a time-stamp using the current GMT time downloaded from the internet over the mobile radio network to which the mobile handset or digital device communicates, forming a concatenation or aggregate of the digitized unique identity token(s) and the time stamp (GMT), encrypting the resulting digital code by using a mathematical encryption algorithm such as public key encryption (PKI) where the public key is stored in the mobile application or a symmetrical encryption algorithm such as the Tiny Encryption Algorithm (TEA) or equivalent and then using the standard QR encoding algorithm to create and display the secure SKS code on the digital screen.” (emphasis added)

Regarding claim 5, Doyle teaches, 
The first information processing device according to claim 4, 
wherein the circuitry is further configured to perform the first part of the authentication based on: 
a comparison result between second time information in the second information processing device that reads the code and the first time information acquired from the challenge value, and 
the part of the information necessary for the first part of the authentication.
The Examiner interprets the comparison between the information in the two dimensional bar code reader 2 of Doyle (see fig. 3) and the time information included in the SKS code 3 of Doyle (see fig. 1) and further described in [0011] of Doyle as corresponding to the above features of claim 5. In the example of Doyle, a three minute time difference (or less) is acceptable.
Doyle states, “[0011] FIG. 3 shows the preferred method for utilizing the code, where the mobile phone or digital device (1) is placed in proximity to a two dimensional barcode scanner (2) which scans the visible SKS Code to obtain the encrypted digital code and sends said captured code via wired or wireless communications to a computer server possessing the private encryption key and thus able to decode and ascertain or authenticate the originally captured physical identity token(s). Since the SKS has been time stamped with the exact time it was generated, all SKS codes generated are time-synchronized on a global basis, and the server can reject as expired or "stale-dated" any code following some pre-determined lapse of time, for example 3 minutes. ….” (emphasis added)

Regarding claim 9, Doyle teaches, 
The first information processing device according to claim 1, wherein the part of the information necessary for the first part of the authentication further includes a card ID.
Doyle teaches using generating the 2-D code based on the card identity number (CID) from a SIM card 4 or microSD 5. 
The second sentence of [0009] of Doyle states, “The 2D code shown represents a SKS code generated by first using the computer hardware and software resources of the mobile phone or digital device to capture machine readable unique identity token(s) such as the card identity number (CID) from an inserted microSD (5) or SIM card (4).” (emphasis added)

Regarding claim 11, Doyle teaches, 
	The first information processing device according to claim 1, wherein the code is a two-dimensional code.
	As shown above in the rejection of claim 1, which includes fig. 1 of Doyle showing a two dimensional bar code.  
The first two sentences of [0009] of Doyle state, “FIG. 1 shows a Cellular, or mobile telephone (1) with a liquid crystal display (LCD) (2) or organic light emitting diodes display (OLED) or equivalent electronic display capable of displaying a high resolution machine readable two-dimensional bar code as shown (3). The 2D code shown represents a SKS code …” (emphasis added)

Regarding claim 15, the Doyle teaches, 
An information processing system comprising: 
a first information processing device including first circuitry configured to: 
Doyle mobile phone or digital device 1 described in [0011] and depicted in fig. 3, which is included below.  Also see the mobile telephone 1 of fig. 1 of Doyle (included above in the rejection of claim 1). 
Doyle teaches the “first circuitry configured to” (recited above) which correspond to the processor and/or the display processor of the mobile phone 1 of fig. 1 (included above) and/or mobile phone or digital device 1 described in [0011] and depicted in fig. 3 (included below). The Examiner asserts that a processor would be an inherent feature of the mobile phone, and that the same processor or a separate processor would have to process information for the display.
Doyle teaches the following, except for the underlined features,
	generate a code in which connection information, identification information, and a part of information necessary for a first part of authentication are embedded, wherein the part of the information necessary for the first part of the authentication includes a first authentication command;
The Examiner asserts that the computer hardware of the mobile telephone 1 creates the code, as described in the second sentence of [0009] of Doyle, which states, “The 2D code shown represents a SKS code generated by first using the computer hardware and software resources of the mobile phone or digital device to capture machine readable unique identity token(s) such as the card identity number (CID) from an inserted microSD (5) or SIM card (4) …” (emphasis added) The Examiner asserts that the identification information in the microSD 5 or SIM card 4 corresponds to “embedded” information.
Doyle teaches the following,
	control display of the code, 
Doyle teaches a display of the mobile phone 1. For example, Doyle in the first sentence of [0009] states, “[0009] FIG. 1 shows a Cellular, or mobile telephone (1) with a liquid crystal display (LCD) (2) or organic light emitting diodes display (OLED) or equivalent electronic display capable of displaying a high resolution machine readable two-dimensional bar code as shown (3).” (emphasis added). Fig. 1 of Doyle is included above. Another relevant portion at the end of [0009] states, “…and then using the standard QR encoding algorithm to create and display the secure SKS code on the digital screen.” (emphasis added)
Doyle also teaches the following,
the second information processing device including second circuitry configured to:
Doyle teaches two dimensional bar code scanner 2 (“second information processing device”) described in [0011] and depicted in fig. 3 (shown below), which is included below. The Examiner asserts that the two dimensional bar code scanner 2 would inherently include a processor that would determine if the “stale date” (i.e., time stamp) in the two dimensional code is within the time period or expired.

    PNG
    media_image2.png
    327
    238
    media_image2.png
    Greyscale

Fig. 3 Doyle
acquire the code; and    
perform the first part of the authentication based on the part of the information necessary for the first part of the authentication.
	The Examiner asserts that the two dimensional bar code scanner 2 would inherently include a processor that would determine if the “stale date” (i.e., time stamp) in the two dimensional code is within the time period or expired. (Doyle, [0011], included below) Thus, the Examiner asserts that the “second circuitry” is taught by the two dimensional bar code scanner 2, which also processes part of the authentication based on information (i.e., the encoded time information of Doyle).  Doyle teaches using the time information, in an authentication process, to determine if the two dimensional code is received within a short time window (e.g., 3 minutes).
	For example, Doyle states, “[0011] FIG. 3 shows the preferred method for utilizing the code, where the mobile phone or digital device (1) is placed in proximity to a two dimensional barcode scanner (2) which scans the visible SKS Code to obtain the encrypted digital code and sends said captured code via wired or wireless communications to a computer server possessing the private encryption key and thus able to decode and ascertain or authenticate the originally captured physical identity token(s). Since the SKS has been time stamped with the exact time it was generated, all SKS codes generated are time-synchronized on a global basis, and the server can reject as expired or "stale-dated" any code following some pre-determined lapse of time, for example 3 minutes. In the case where SKS codes are routed via the internet to computer servers for a transaction purpose, such as linking to an online payment account, a loop back mechanism can be utilized to cause the mobile phone application or digital device's software to again capture and thus ascertain that the correct physical identity precursor token remains present as added security prior to authorizing or completing any transaction.” (emphasis added)
	As stated above, Doyle does not teach the following underlined features,
generate a code in which a part of information necessary for a … connection information, … are embedded … 
However, Smith teaches the above underlined features, as further discussed below,
Doyle also fails to teach the features recited below,
wherein the connection information is information for establishment of a connection between the first information processing device and a second information processing device that reads the displayed code; 
Smith teaches the above features, not taught by Doyle,
Smith in the last sentence of [0137] where the scanning of the visual code causes the connection to be established (“connection information is information for establishment of a connection”) between a mobile device and another device (“between the first information processing device and a second information processing device that reads the displayed code”). Additionally, Smith in the middle of [0049] teaches that the Quick Response (QR) code tells the device which endpoint (“connection information”) to send identity data to. A site that is a physical location may use web based devices, applications, or other devices onsite to read and confirm identity so that it is essentially the same as if it was being done online. The examiner interprets this as corresponding to “connection information.” 
Doyle and Smith do not appear to teach the following underlined features,
receive a second authentication command from the second information processing device based on the established connection with the second information processing device and the identification information embedded in the code, 
However, Bhatnagar teaches the above features, 
Bhatnagar also teaches a client extension 14 (browser extension of fig. 4) that generates and displays a QR code with session ID (“identification information” in the code), URL, and other information. (Bhatnagar, second half [0049] & [0050]) Bhatnagar then teaches that the handheld device (“second information processing device”) scans the code from the client extension 14 (“first information processing device”). (Bhatnagar, first two sentences [0055]). 
The examiner interprets the client extension 14 (web browser and browser extension of fig. 4) and the server as corresponding to the “first information processing device, and further interprets the handheld device (phone app of fig. 4) as corresponding to the “second information processing device”
Bhatnagar then teaches the handheld device 16 finds 94 the encrypted user credentials with encryption key from barcode and (in Step E7 of fig. 4) sends the encrypted credentials and session ID (“receive a second authentication command from the second information processing device …    “) to an authentication server (“first information processing device”). (Bhatnagar, third sentence [0055]) 
The examiner interprets the encrypted user credentials in Bhatnagar as corresponding to a response, performed after scanning the barcode in Bhatnagar, [0055]. The examiner notes that the printed publication of the application at [0095] teaches that the RW Authentication Command (“second authentication command”) includes a response. Thus, the encrypted user credentials in Step E7 of [0055] Bhatnagar are a response that corresponds to an “authentication command.”
Bhatnagar teaches the features recited below,
wherein the second authentication command is received after: 
the first part of the authentication is performed by the second information processing device, and 
As discussed above, in [0055] of Bhatnagar, the handheld device scans the barcode in Step E5 and decodes the QR and looks up the URL (see, Step E5 of fig. 4 of Bhatnagar) (“first part of the authentication is performed by the second information processing device”), and then sends the encrypted credentials to the authentication server 12 (“first authentication processing device”).  After E5  is performed, the encrypted credentials and session ID (“second authentication command”) are then sent to the authentication server 12, in Step E7 of [0055] of Bhatnagar. (see also fig. 4 of Bhatnagar) 
the first part of the authentication is performed by the second information processing device based on the part of the information necessary for the first part of the authentication; and 
As discussed above, Bhatnagar teaches “the first part of the authentication is performed by the second information processing device.” (See Bhatnagar, Step E5 of fig. 4 and [0055])
Bhatnagar also teaches that the Session ID (“the part of the information necessary for the first part of the authentication”) is used to generate the QR code (middle of [0049] in Bhatnagar), where generating and displaying the QR code correspond to “the first part of the authentication”, which is performed by the “second information processing device.”
perform a second part of the authentication based on the second authentication command.
Bhatnagar also teaches that Step E7 of fig. 4 (“second authentication command”) includes the encrypted credentials and the Session ID.  
Before the effective filing date of the invention, it would have been obvious to one of ordinary skill in the art to combine the teachings of Doyle, which teaches using a visual code / QR code to establish a connection, with Smith, which also teaches using a visual code to establish a connection and then uses the established connection to perform additional authentication / verification. One of ordinary skill in the art would have been motivated to perform such an addition to provide the capability of requiring additional information for authentication after the connection is established using a visual / QR code.
Before the effective filing date of the invention, it would have been obvious to one of ordinary skill in the art to combine the teachings of Doyle, which teaches using a visual code / QR code to establish a connection, with Smith, which also teaches using a visual code to establish a connection and then uses the established connection to perform additional authentication / verification, with Bhatnagar, which teaches authenticating a user by using a barcode / QR code that delivers information (i.e., user credentials and Session ID) to a user device, and then the user device responds with information that includes some of the same information (Session ID) in order to authenticate and securely communicate. One of ordinary skill in the art would have been motivated to perform such an addition to provide the capability of using the information in a QR code / barcode given to a device, where the device responds with at least some of the same information in order to perform authentication and establish secure communication. 

Regarding claim 16, the combination of Doyle and Smith teaches, 
A non-transitory computer-readable medium having stored thereon, computer-executable instructions, which when executed by a processor of a first information processing device, cause the processor to execute operations, the operations comprising:
Doyle teaches the “a processor of a first information processing device” that executes a program and displays information in fig. 1 (included above), which depicts the mobile phone 1 or digital device 1 described in [0011] and also depicted in fig. 3 (included above). The Examiner asserts that a processor would be an inherent feature of the mobile phone, and that the same processor or a separate processor would have to process information for the display. The Examiner interprets the software running on Doyle’s mobile phone 1 as the non-transitory computer-readable medium.
Doyle teaches the following, except for the underlined features,
generate a code in which connection information, identification information, and a part of information necessary for a first part of authentication are embedded, wherein the part of the information necessary for the first part of the authentication includes a first authentication command; 
The Examiner asserts that the computer hardware of the mobile telephone 1 creates the code, as described in the second sentence of [0009] of Doyle, which states, “The 2D code shown represents a SKS code generated by first using the computer hardware and software resources of the mobile phone or digital device to capture machine readable unique identity token(s) such as the card identity number (CID) from an inserted microSD (5) or SIM card (4) …” (emphasis added) The Examiner asserts that the identification information in the microSD 5 or SIM card 4 corresponds to “embedded” information.
The Examiner interprets providing the two dimensional code as shown in fig. 3 of Doyle (included below), which includes the card ID information and the time information described in [0009] of Doyle as corresponding to “first authentication command” in the “the information necessary for the authentication” (which is provided in the “code”) because authentication is performed when the “code” is scanned, as shown in fig. 3 of Doyle and described in [0011] of Doyle (included below, in part).  This information is used to establish a connection that is used to perform further authentication.
controlling display of the code,
Doyle teaches a display of the mobile phone 1. For example, Doyle in the first sentence of [0009] states, “[0009] FIG. 1 shows a Cellular, or mobile telephone (1) with a liquid crystal display (LCD) (2) or organic light emitting diodes display (OLED) or equivalent electronic display capable of displaying a high resolution machine readable two-dimensional bar code as shown (3).” (emphasis added). Fig. 1 of Doyle is included above. Another relevant portion at the end of [0009] states, “…and then using the standard QR encoding algorithm to create and display the secure SKS code on the digital screen.” (emphasis added)
As stated above, Doyle does not teach the following underlined features,
generating a code in which a part of the information necessary for a … connection information, … are embedded
However, Smith teaches the above underlined features, as further discussed below,
Doyle also fails to teach the features recited below,
wherein the connection information is information for establishment of a connection between the first information processing device and a second information processing device that reads the displayed code; 
However, Smith teaches the above features not taught by Doyle,
Smith in the last sentence of [0137] where the scanning of the visual code causes the connection to be established (“connection information is information for establishment of a connection”) between a mobile device and another device (“between the first information processing device and a second information processing device that reads the displayed code”). Additionally, Smith in the middle of [0049] teaches that the Quick Response (QR) code tells the device which endpoint (“connection information”) to send identity data to. A site that is a physical location may use web based devices, applications, or other devices onsite to read and confirm identity so that it is essentially the same as if it was being done online. The examiner interprets this as corresponding to “connection information.” 
Doyle and Smith do not appear to teach the following underlined features,
receive a second authentication command from the second information processing device based on the established connection with the second information processing device and the identification information embedded in the code, 
However, Bhatnagar teaches the above features, 
Bhatnagar also teaches a client extension 14 (browser extension of fig. 4) that generates and displays a QR code with session ID (“identification information” in the code), URL, and other information. (Bhatnagar, second half [0049] & [0050]) Bhatnagar then teaches that the handheld device (“second information processing device”) scans the code from the client extension 14 (“first information processing device”). (Bhatnagar, first two sentences [0055]). 
The examiner interprets the client extension 14 (web browser and browser extension of fig. 4) and the server as corresponding to the “first information processing device, and further interprets the handheld device (phone app of fig. 4) as corresponding to the “second information processing device”
Bhatnagar then teaches the handheld device 16 finds 94 the encrypted user credentials with encryption key from barcode and (in Step E7 of fig. 4) sends the encrypted credentials and session ID (“receive a second authentication command from the second information processing device …    “) to an authentication server (“first information processing device”). (Bhatnagar, third sentence [0055]) 
The examiner interprets the encrypted user credentials in Bhatnagar as corresponding to a response, performed after scanning the barcode in Bhatnagar, [0055]. The examiner notes that the printed publication of the application at [0095] teaches that the RW Authentication Command (“second authentication command”) includes a response. Thus, the encrypted user credentials in Step E7 of [0055] Bhatnagar are a response that corresponds to an “authentication command.”
Bhatnagar teaches the features recited below,
wherein the second authentication command is received after: 
the first part of the authentication is performed by the second information processing device, and 
As discussed above, in [0055] of Bhatnagar, the handheld device scans the barcode in Step E5 and decodes the QR and looks up the URL (see, Step E5 of fig. 4 of Bhatnagar) (“first part of the authentication is performed by the second information processing device”), and then sends the encrypted credentials to the authentication server 12 (“first authentication processing device”).  After E5  is performed, the encrypted credentials and session ID (“second authentication command”) are then sent to the authentication server 12, in Step E7 of [0055] of Bhatnagar. (see also fig. 4 of Bhatnagar) 
the first part of the authentication is performed by the second information processing device based on the part of the information necessary for the first part of the authentication; and
As discussed above, Bhatnagar teaches “the first part of the authentication is performed by the second information processing device.” (See Bhatnagar, Step E5 of fig. 4 and [0055])
Bhatnagar also teaches that the Session ID (“the part of the information necessary for the first part of the authentication”) is used to generate the QR code (middle of [0049] in Bhatnagar), where generating and displaying the QR code correspond to “the first part of the authentication”, which is performed by the “second information processing device.”
Page 8 of 16Reply to Office Action of November 2, 2021perform a second part of the authentication based on the second authentication command.
Bhatnagar also teaches that Step E7 of fig. 4 (“second authentication command”) includes the encrypted credentials and the Session ID. 
Before the effective filing date of the invention, it would have been obvious to one of ordinary skill in the art to combine the teachings of Doyle, which teaches using a visual code / QR code to establish a connection, with Smith, which also teaches using a visual code to establish a connection and then uses the established connection to perform additional authentication / verification. One of ordinary skill in the art would have been motivated to perform such an addition to provide the capability of requiring additional information for authentication after the connection is established using a visual / QR code.
Before the effective filing date of the invention, it would have been obvious to one of ordinary skill in the art to combine the teachings of Doyle, which teaches using a visual code / QR code to establish a connection, with Smith, which also teaches using a visual code to establish a connection and then uses the established connection to perform additional authentication / verification, with Bhatnagar, which teaches authenticating a user by using a barcode / QR code that delivers information (i.e., user credentials and Session ID) to a user device, and then the user device responds with information that includes some of the same information (Session ID) in order to authenticate and securely communicate. One of ordinary skill in the art would have been motivated to perform such an addition to provide the capability of using the information in a QR code / barcode given to a device, where the device responds with at least some of the same information in order to perform authentication and establish secure communication. 

Claims 2, 6, and 12-13 are rejected under 35 U.S.C. 103 as being unpatentable over Doyle, in view of Smith, in view of Bhatnagar, and in further view of U.S. 9,553,869 to Dietrich et al. (hereinafter Dietrich). 
Regarding claim 2, Dietrich teaches, 
The first information processing device according to claim 1, further comprising 
a memory area, 
wherein in a case where the first part of the authentication is successful and the second part of the authentication is successful, 
the circuitry is further configured to permit access to the memory area.
	Dietrich teaches access to a memory are based on a successful authentication. Additionally, Dietrich teaches establishing a communication channel that is used for the authentication. Dietrich further teaches accessing a memory area after authentication is completed, as evidenced by claim 20 of Dietrich (included below).  Additionally, (Col. 4, line 19-38 (17)) of Dietrich discusses providing write access to memory, after authorization is determined in (Col. 3, line 62 to Col. 4, line 18 (16)) of Dietrich.
Dietrich in claim 20 states, “A method executed on a first computer system for initializing a memory area, wherein the memory area is associated with a smart meter, wherein the method on the first computer system comprises: establishing a first communication channel between the first computer system and a security module, wherein the security module is associated with the memory area, wherein the first computer system is associated with a set of computers connected by a network; authenticating the first computer system with respect to the security module, sending data from the first computer system to the security module via a secure transmission for storing the data by the security module in the memory area for initializing the memory area after successful authentication of the first computer system with respect to the security module, wherein by way of the data transmitted, a second computer system of a utility company and/or metering point operator is specified, wherein as a result of the specification, access is granted for a communication between the security module and the second computer system by bypassing the first computer system, wherein the second computer system is a computer system of a set of computer systems, and wherein, prior to and subsequent to communication by the second computer system of the utility company and/or metering point operator and the security module being made possible, write access to memory area is possible exclusively for the first computer system of the set of computer systems.” (emphasis added)
Before the effective filing date of the invention, it would have been obvious to one of ordinary skill in the art to combine the teachings of Doyle, which teaches using a visual code / QR code to establish a connection, with Dietrich, which teaches accessing a particular area of memory after as a result of a successful authentication. One of ordinary skill in the art would have been motivated to perform such an addition to provide the capability to use Doyle’s authentication for the purpose of accessing a memory in order to read data or modify the memory. 
	
Regarding claim 6, Doyle teaches, 
The first information processing device according to claim 5, further comprising
a memory area, 
wherein, in a case where the second time information matches the first time information acquired from the challenge value, … 
The Examiner interprets the comparison between the information in the two dimensional bar code reader 2 of Doyle (see fig. 3) and the time information included in the SKS code 3 of Doyle (see fig. 1) and further described in [0011] of Doyle as corresponding to the above features of claim 5. Further, the Examiner interprets the three minute lapse of time in [0011] of Doyle (included below) as corresponding to “matches the time information.” 
For example, Doyle states, “[0011] FIG. 3 shows the preferred method for utilizing the code, where the mobile phone or digital device (1) is placed in proximity to a two dimensional barcode scanner (2) which scans the visible SKS Code to obtain the encrypted digital code and sends said captured code via wired or wireless communications to a computer server possessing the private encryption key and thus able to decode and ascertain or authenticate the originally captured physical identity token(s). Since the SKS has been time stamped with the exact time it was generated, all SKS codes generated are time-synchronized on a global basis, and the server can reject as expired or "stale-dated" any code following some pre-determined lapse of time, for example 3 minutes. In the case where SKS codes are routed via the internet to computer servers for a transaction purpose, such as linking to an online payment account, a loop back mechanism can be utilized to cause the mobile phone application or digital device's software to again capture and thus ascertain that the correct physical identity precursor token remains present as added security prior to authorizing or completing any transaction.” (emphasis added)
Doyle does not teach,
… the first part of the authentication is successful, and the second part of the authentication is successful, 
However, Smith teaches the above features,
As discussed above, Smith in Fig. 10 in S1020 and S1030 teaches establishing a communication channel (“first part of the authentication is successful”) and then in S1040 and S1050 performing another authentication verification (“second part of the authentication is successful”). 
Doyle and Smith do not teach,
the circuitry is further configured to permit access to the memory area by the second information processing device.
However, Dietrich teaches the above features, 
Dietrich teaches accessing a memory area after authentication is completed, as evidenced by claim 20 of Dietrich (included below).  Additionally, (Col. 4, line 19-38 (17)) of Dietrich discusses providing write access to memory, after authorization is determined in (Col. 3, line 62 to Col. 4, line 18 (16)) of Dietrich.
Before the effective filing date of the invention, it would have been obvious to one of ordinary skill in the art to combine the teachings of Doyle, which teaches using a visual code / QR code to establish a connection, with Dietrich, which teaches accessing a particular area of memory after as a result of a successful authentication. One of ordinary skill in the art would have been motivated to perform such an addition to provide the capability to use Doyle’s authentication for the purpose of accessing a memory in order to read data or modify the memory. 

Regarding claim 12, Smith and Dietrich teach, 
The first information processing device according to claim 1, further comprising
a memory area, 
wherein the circuitry is further configured to permit the second information processing device to access the memory area, in a case where the first part of the authentication is successful and the second part of the authentication is successful.
Dietrich teaches the above recited “a memory area” which is accessed based on authentication, because Dietrich teaches access to a memory are based on a successful authentication. 
As discussed above in the rejection of claim 6, Smith teaches a first part and a second part of the authentication being performed.
Before the effective filing date of the invention, it would have been obvious to one of ordinary skill in the art to combine the teachings of Doyle, which teaches using a visual code / QR code to establish a connection, with Dietrich, which teaches accessing a particular area of memory after as a result of a successful authentication. One of ordinary skill in the art would have been motivated to perform such an addition to provide the capability to use Doyle’s authentication for the purpose of accessing a memory in order to read data or modify the memory. 

Regarding claim 13, Dietrich teaches, 
The first information processing device according to claim 1, further comprising 
a memory area, 
wherein the first authentication command includes information indicating an area for which access permission is requested in the memory area.
	Dietrich teaches assigning different memory areas to different smart meters (142, 144, 146, 148), which provide energy consumption data to a gateway 136. The examiner interprets the establishment of a communication channel is associated with initializing a memory area. Thus, establishing the communication channel establishes a memory area associated with a particular smart meter. 
	For example, Dietrich states, “(Col. 10, lines 45-65 (49)) A further aspect of the invention relates to a first computer system for initializing a memory area, whereby the memory area is associated with a smart meter, whereby the first computer system includes: Means for establishing a first communication channel between the first computer system and a security module, whereby the security module is associated with the memory area, …” (emphasis added)
Additionally, Dietrich states, “(Col. 11, lines 29-35 (53)) FIG. 1 shows a block diagram of the entire system for initializing a memory area. In conjunction with the method for initializing a memory area that are shown in FIG. 2, the following is intended to show how a memory area 136 of a gateway 138 that is assigned to a number of smart meters 142, 144, 146, 148, can be initialized, without limiting the generality. (Col. 11, lines 36-42 (54)) Smart meters 142 through 148 thereby serve to acquire various energy consumption values relative to the example of gas (smart meter 142), water (smart meter 144), electricity (smart meter 146) and other forms of energy not specified any further (smart meter 148). The smart meters are thereby connected with interface 118 of gateway 138 via corresponding communication links 192.” (emphasis added)
Before the effective filing date of the invention, it would have been obvious to one of ordinary skill in the art to combine the teachings of Doyle, which teaches using a visual code / QR code to establish a connection, with Dietrich, which teaches accessing a particular area of memory after as a result of a successful authentication. One of ordinary skill in the art would have been motivated to perform such an addition to provide the capability to use Doyle’s authentication for the purpose of accessing a memory in order to read data or modify the memory. 

Claims 7 and 14 are rejected under 35 U.S.C. 103 as being unpatentable over Doyle, in view of Smith, in view of Bhatnagar, and further in view of US 2015/0228133 to Capaldi-Tallon (hereinafter Tallon).
Regarding claim 7, Tallon teaches, 
The first information processing device according to claim 1, wherein the part of the information necessary for the first part of the authentication includes an authentication response to the first authentication command.
Tallon teaches these features because Tallon teaches the use of a scan-able QR code to establish a communication channel (i.e., “authentication command”) in order to connect to an authentication service provider 42 which completes the authentication. See Tallon in [0026] and fig. 4.
The user then completes the authentication by responding to the QR code scanning and providing identity information for verification, as discussed in Steps 43-44 of Tallon (included below). 
Thus, the establishing of the communication channel is the initial part of the authentication, and steps 43-44 of Tallon in [0026] correspond to the “authentication response.”
The third sentence of [0026] of Tallon states, “When the instructions encoded within the QR code are recognized by the smartphone, a communications channel is automatically established (step 42) between the smartphone and a remote authentication service. This may be an internet connection to a web site or it may trigger a telephone call to be made to a predetermined number of a call centre. The user follows the instructions to complete an authentication process (step 43) whereby the authentication service provider verifies the identity of the user, and optionally the smartphone. If the user is successfully authenticated then they are given a valid passcode for unlocking the door (step 44). If the user is not authenticated then they are not given the passcode (step 45). The passcode can then be entered (step 46) on the keypad and, if verified, the keypad will trigger the generation of a door release signal to unlock the door (step 47).” (emphasis added)
Before the effective filing date of the invention, it would have been obvious to one of ordinary skill in the art to combine the teachings of Doyle, which teaches using a visual code / QR code to establish a connection, with Tallon, which teaches the use of a visual code / QR code that establishes communications and includes an authentication response to an authentication command.  One of ordinary skill in the art would have been motivated to perform such an addition to provide the capability of using a command for authentication and a response to that command to perform authentication.

Regarding claim 14, Tallon teaches, 
The first information processing device according to claim 1, wherein the identification information includes address information used for communication with the second information processing device.
	Tallon in, at least [0017] and [0026] describes the two dimensional / visual QR code including a web URL (i.e., “address information”) that is later used to establish an internet connection after (at least partial) authentication.
	Tallon states, “[0017] The keypad 11 is associated with a QR code graphic 12 displayed near, and preferably on, the keypad (see FIGS. 2 and 3). The QR code 12 can be read by a user's mobile telephone 17, commonly known as a smartphone, using an integrated digital camera and conventional barcode scanning software (not shown). As will be described below, the QR code 12 encodes instructions for establishing a communications channel between the smartphone 17 and an authentication service provider 13, 14 across a communications network 22. The instructions may include a telephone number for a call centre 18 or a URL for the landing page 19 of a web site 20.” (emphasis added)
Tallon states, “[0026] FIG. 4 is a simplified flow diagram showing the process for obtaining a valid passcode for unlocking a secure door. If a user does not know the passcode then they scan (step 41) the QR code at a door entry keypad using a smartphone. When the instructions encoded within the QR code are recognized by the smartphone, a communications channel is automatically established (step 42) between the smartphone and a remote authentication service. This may be an internet connection to a web site or it may trigger a telephone call to be made to a predetermined number of a call centre.” (emphasis added)
Before the effective filing date of the invention, it would have been obvious to one of ordinary skill in the art to combine the teachings of Doyle, which teaches using a visual code / QR code to establish a connection, with Tallon, which teaches the use of a visual code / QR code that establishes communications and includes an internet address.  One of ordinary skill in the art would have been motivated to perform such an addition to provide an internet address in the QR / visual code.

Claim 8 is rejected under 35 U.S.C. 103 as being unpatentable over Doyle, in view of Smith, in view of Bhatnagar, in view of Tallon, and in further view of U.S. 2010/0191968 to Patil et al. (hereinafter Patil). 
Regarding claim 8, Patti teaches, 
The first information processing device according to claim 7, wherein the authentication response includes a response value based on a challenge value, a card ID, and an authentication key version.
Patil teaches the above features because Patil describes a response message that included a version number (i.e., “authentication key version”), cell ID, and a challenge. The response 830 is depicted in fig. 8 of Patil, and is shown being transported in the neighborhood discovery response 845 of fig. 8. 
For example, Patil states, “[0054] As further shown in FIG. 8, Neighbor Discovery Response message 830 may include a version number of mesh software 832; a message identifier (e.g., response) 834; a type identifier 836 to identity the tier level of Node B 804; a node identifier (cell ID) 838; a public key 840 of Node B; a checksum 842 of public key 840 (public key checksum 842); and challenge text 844. Public key 840 is used in the connection phase. Public key checksum 842 is added to mitigate undetected corruption or tampering with public key 840, which is most likely need in a man-in-the-middle attack. Public key checksum 842 may be computed as a hash result computed by hashing public key 840 using MD-5 or another hashing function. Challenge text 844 is a combination of the MAC address of Node A and the secret value.” (emphasis added)
Before the effective filing date of the invention, it would have been obvious to one of ordinary skill in the art to combine the teachings of Doyle, which teaches using a visual code / QR code to establish a connection, with Tallon, which teaches the use of a visual code / QR code that establishes communications and includes an authentication response to an authentication command, with Patil, which teaches a response message that includes a version number (i.e., “authentication key version”), cell ID, and a challenge.  One of ordinary skill in the art would have been motivated to perform such an addition to Tallon’s authentication response to an authentication command, to include a response message with specific characteristics that would enable authentication and/or establishing a connection and to maintain authenticity, as taught by Patil.

Claim 10 is rejected under 35 U.S.C. 103 as being unpatentable over Doyle, in view of Smith, in view of Bhatnagar, and in further view of Patil.
Regarding claim 10, Patil teaches, 
The first information processing device according to claim 1, wherein the part of the information necessary for the first part of the authentication includes an authentication key version.
	As discussed above with regards to the rejection of claim 8, Patil teaches the use of a version number (i.e., “authentication key version”) in [0054] of Patil, as further described above in the rejection of claim 8. Thus, Patil also teaches the feature of an “authentication key version” as recited in claim 10.
Before the effective filing date of the invention, it would have been obvious to one of ordinary skill in the art to combine the teachings of Doyle, which teaches using a visual code / QR code to establish a connection, with Patil, which teaches a response message that includes a version number (i.e., “authentication key version”).  One of ordinary skill in the art would have been motivated to perform such an addition to provide a response message with specific characteristics that would enable authentication and/or establishing a connection by using a key version that allows the system to identify a key quickly.

Claim 17 is rejected under 35 U.S.C. 103 as being unpatentable over Doyle, in view of Smith, in view of Bhatnagar, in view of Dietrich, and in further view of US 2015/0088756to Makhotin et al. (hereinafter Makhotin). 
Regarding claim 17, Makhotin teaches the following,
	The first information processing device according to claim 2, wherein the part of the information necessary for the first part of the authentication further includes an authentication response to the first authentication command, the authentication response includes session information, …
The Examiner interprets the feature of the “authentication response” as corresponding to a challenge / nonce that is used to maintain Authenticity. 
Makhotin teaches payment credentials that may include a unique transaction identifier (e.g., nonce) (“authentication response”). (Makhotin, second sentence [0156])
… and the circuitry is further configured to encrypt data in the memory area based on the session information.
Makhotin teaches information provided in an encrypted form using session (“encrypt data in the memory area based on the session information”) derived keys based on a shared master derived key (MDK) associated with the issuer of the payment credentials stored on the secure memory (“memory area”) of the mobile device. (Makhotin, last two sentences [0042])

Conclusion
Any inquiry concerning this communication or earlier communications from the examiner should be directed to BRIAN WILLIAM AVERY whose telephone number is (571) 272-3942.  The examiner can normally be reached on 9AM-5PM.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Farid Homayounmehr can be reached on (571) 272-3739.  
Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system.  Status information for published applications may be obtained from either Private PAIR or Public PAIR.  Status information for unpublished applications is available through Private PAIR only.  For more information about the PAIR system, see https://ppair-my.uspto.gov/pair/PrivatePair. Should you have questions on access to the Private PAIR system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative or access to the automated information system, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.

/B.W.A./

/FARID HOMAYOUNMEHR/Supervisory Patent Examiner, Art Unit 2495