Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .


Claim Objections
Claim 18 is objected to because of the following informalities:  
Claim 18 recites “a first remote system component receiving the SMS message sent by the remote device over the radio-based transmission medium;”
It appears the above should read: “a first remote system component receiving the SMS message sent by the mobile device over the radio-based transmission medium;”

  Appropriate correction is required.


Claim Rejections - 35 USC § 103
In the event the determination of the status of the application as subject to AIA  35 U.S.C. 102 and 103 (or as subject to pre-AIA  35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status.  

The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.


Claims 1 - 4, 10 - 11 are  rejected under 35 U.S.C. 103 as being unpatentable Moshir et. al. (US 20150072654) in view of Bone (GB 2518255).

Regarding claim 1, Moshir discloses  a method of accessing a remote system from a mobile device operated by a user (Abstract; Fig. 1 shows mobile phones, 41, 42, 43 communicating with server 15) , comprising:
providing a mobile application installed on the mobile device ([0014], 1st 5 lines) for selecting a command perform an operation on the remote system ([0087], last 8 lines gives an example of a command issued by the mobile device application to the server; [0088], last 4 lines  and [0134], 1st 7 lines gives further examples), the mobile device providing communication over a radio-based transmission medium ([0002], lines 6 – 8 disclose wireless and cellular; page 4, right column, lines 6 – 11 disclose GSM and CDMA);
sending a pre-shared key (PSK) from the remote system to the mobile device ([0009] discloses, after verification of the mobile device, “The server can be configured to establish an encryption key between the mobile device and the server, which key can be used to provide or enhance encryption of a voice communication made using the mobile device”. [0009] also discloses use for a secure identification  code where “The secure identification code can be provided to a user of the mobile device before the mobile device is registered with the server, such as via an administrator of the server.”; hence two keys/codes are shared);
determining, on the mobile device, operational information ([0142], 2nd last sentence discloses “In various embodiments, GPS coordinates or other location data may be transmitted as a secure SMS message from module 72 on phone 41 to module 61 on server 15”; wherein the operational information is the location of the mobile device) and a command  to be performed ([0087], last 8; [0088], last 4 lines  and [0134], 1st 7 lines gives further examples);
packaging the operational information and command into a short message service (SMS) payload ([0142, 2nd  last sentence; Fig. 3 shows messages communicated between mobile device and server);
encrypting the SMS payload for transmission to the remote system (Title; [0002], last sentence; [0014] 1st 2 sentences discloses secure communications; [0011], lines 9 – 15 disclose encryption to obtain secure communication;  Fig. 3 shows secure bidirectional SMS communication);
receiving the encrypted SMS message payload ([0011], 5th last line discloses “In this configuration, the encrypted registration information can be decrypted at the server”, implying the message is received) in a receiver configured to communicate with the mobile device over the radio-based transmission medium (page 4, right column, lines 6 – 11 disclose GSM and CDMA);
and decrypting the received SMS message for execution of the selected command by the remote system ([0011], 5th last line discloses “In this configuration, the encrypted registration information can be decrypted at the server”).
Moshir does not disclose using a command identifier for the command to be performed. 
In the same field of endeavor, however, Bone discloses a command identifier for the command to be performed (page 88,lines 30 - 33).
Therefore, it would have been obvious to one having ordinary skill in the art, at the time the invention was filed, to use the method, as taught by Bone in the system of Moshir because sending a command identifier instead of the entire command would reduce the data that needs to be sent, as is well known in the art.

Regarding claim 2,  Moshir discloses the operational information comprises a geographic location of the mobile device ([0142], 2nd last sentence).
Moshir does not disclose sending the timestamp of the command selecting.
However, Moshir discloses the opposite: a timestamp is sent by the server to the mobile device ([0142], last sentence). Clearly, these are just obvious variations of each other. In a two-way communication system, both mobile device and the server would be issuing commands and sending data to each other. Hence, one of ordinary skill in the art can have the mobile device application issue commands to the server and send them with timestamps in a similar manner to what Moshir already discloses above. Under Rationales for Obviousness (MPEP 2143, Rationales E & F), this is obvious to try or an obvious variation of what Moshir teaches. 
Therefore, it would have been obvious to one having ordinary skill in the art, at the time the invention was filed, to have the mobile device application send timestamps to the server, as this is a necessary part of two-way communications to record times at which events occurred.

Regarding claim 3, Moshir discloses the radio-based transmission medium comprises one of a GSM or CDMA cellular telephone network interface ([0044] discloses GSM and CDMA).

Regarding claim 4, Moshir discloses defining one or more operational constraints for the mobile device and the user ([0234], 1st sentence discloses “ …. one location coordinate defining at least one region of concern. Thus, in different embodiments, some or all of the regions of concern may be of specific concern to the particular user”; rest of [0234] gives examples of sex offenders; wherein operational constraints would correspond to the region of concern );
defining one or more message constraints for the SMS message ([0106] discloses SMS messages and “…due to the limitation of the number of characters that can be transmitted in an SMS message..:”).
Moshir doesn’t explicitly disclose defining one or more command constraints for the selected command.
However, this is inherent since the number of commands is finite i.e. a maximum number of commands is allowed to keep the identifier size small. So, the constraint is on the number of commands allowed.

Regarding claim 10, Moshir discloses the mobile device is one of a cellular telephone or a tablet computer utilizing the cellular network (Fig. 1, element 41 is cellular/mobile phone; [0044], left column, 5th last line +; [0043]).

Regarding claim 11, Moshir discloses registering the mobile application with the remote system (Abstract; [0009]) by:
receiving credentials of the user in the remote system through a registration process on the mobile device ([0009] discloses “receive a short messaging service (SMS) or multimedia messaging service (MMS) message originated from a mobile device; determine the phone number of the mobile device from which the SMS or MMS message is originated”);
registering a telephone number of the mobile device with the remote system ([0009] discloses “.. and verify the phone number of the mobile device originating the SMS or MMS message against a whitelist to authorize a registration between the mobile device and the server”   );
generating the PSK upon verification of the credentials (verification disclosed in [0009] as “.. and verify the phone number of the mobile device originating the SMS or MMS message against a whitelist to authorize a registration between the mobile device and the server” ; [0009] discloses “The server can be configured to establish an encryption key between the mobile device and the server…”);
transmitting the PSK from the remote system to the mobile device through a secure exchange process ([0009] last sentence discloses transmitting secure identification code. Sharing of encryption key is also inherent since both mobile device/server should know the key for encryption/decryption);
and validating the registration upon acknowledged receipt of the PSK in the mobile device ([0055] discloses “Module 201 then transmits a registration acknowledgement message, encrypted with a unique AES key associated with module 201, to gateway 115. Upon receipt of the registration acknowledgement message at gateway 115, module 201 is registered with gateway 115”; Fig. 4).

Claim  12 rejected is under 35 U.S.C. 103 as being unpatentable Moshir et. al. (US 20150072654) in view of Bone (GB 2518255) and further  in view of Read et al. (US 20130262873).

Regarding claim 12, Moshir does not disclose the secure exchange process comprises a Quick Response (QR) code scan process using a QR code sent from the remote system to the mobile device.
In the same field of endeavor, however, Read discloses the secure exchange process comprises a Quick Response (QR) code scan process using a QR code sent from the remote system to the mobile device ([0020] discloses “The mobile device receives instructions, via a message, relating to enrolling the user of the mobile device in the multi-factor authentication service from the server. The message includes a quick response (QR) code in which an encryption key is encoded. The mobile device reads the QR code to extract the encryption key to encrypt data between the mobile device and the server”).
Therefore, it would have been obvious to one having ordinary skill in the art, at the time the invention was filed, to use the QR code, as taught by Read in the system of Moshir because the QR code provides a quick method for the mobile device to obtain the key, as is well known in the art.

Allowable Subject Matter
Claims 13 - 20 are allowed.

The following is a statement of reasons for the indication of allowable subject matter:  

Regarding claim 13, the prior art fails to disclose:
 validating the recovered command identifier, timestamp, and location against respective validation values set by the remote system to generate a valid message;
and executing an operation identified by the command identifier upon generation of a valid message.
All other limitations of claim 13 are disclosed by the prior art, as in the rejection of claim 1 above.

Regarding claim 18, the prior art fails to disclose:
 a second remote system component validating the received SMS message by comparing the operational information to defined limits and comparing an operation specified by the command identifier to a set of allowable operations.
All other limitations of claim 18 are disclosed by the prior art, as in the rejection of claim 1 above.

Claims 5 – 9 are objected to as being dependent upon a rejected base claim, but would be allowable if rewritten in independent form including all of the limitations of the base claim and any intervening claims.

Other Prior Art Cited
The prior art made of record and not relied upon is considered pertinent to the applicant’s disclosure.

The following patents/publications are cited to further show the state of the art with respect to use of secure messages between a mobile device and a server:

Hoyos et al. (US 11170369) discloses Systems and Methods For Biometric Authentication Of Transactions.
Lee et al. (US 9980141) discloses User Authentication Method Using Phone Number And One Of NFC Apparatus And Beacon.

Contact Information
Any inquiry concerning this communication or earlier communications from the examiner should be directed to ADOLF DSOUZA whose telephone number is (571)272-1043. The examiner can normally be reached Mon - Fri 9 AM - 5 PM.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Chieh M Fan can be reached on 571-272-3042. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. Visit https://www.uspto.gov/patents/apply/patent-center for more information about Patent Center and https://www.uspto.gov/patents/docx for information about filing in DOCX format. For additional questions, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.





/ADOLF DSOUZA/Primary Examiner, Art Unit 2632