Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .

DETAILED ACTION
The response dated 9/6/2022 was received and considered.
Claims 1-20 are pending.
	
Response to Arguments
Applicant’s arguments (9/6/2022) with respect to the rejection under 35 U.S.C. §102 and obvious type double patenting are persuasive.  However, upon further consideration, a new grounds of rejection is made in view of Yu and US 5,657,388 to Weiss.
Applicant’s remarks (pp. 9-13) argue that Yu utilizes the user to relay the OTP to the host system and thus fails to teach “passing, by the reader device, … to the host device”.  The Examiner notes that Yu discloses displaying the OTP at the reader and, via the user, transferring the OTP to the host device or validation system.  Thus, while the Examiner maintains that such a sequence meets the claim language “passing, by the reader device, … to the host device”, it is believed the intent of the claim language is that the OTP be transferred directly to the host device from the reader.  Therefore, the following is provided to advance prosecution.  Weiss teaches a similar system, where a token is coupled to a token processor to generate an OTP (col. 5, lines 21-57) and the OTP (one-time nonpredictable code) is transmitted to a host processor for validation (col. 4, lines 66-67, col. 5, lines 4-5, lines 60-61).  It would have been obvious to one having ordinary skill in the art before the effective filing date of the claimed invention to modify Yu such that the OTP is passed, by the reader device, to the host device or a validation system to reduce the burden on the user, to reduce or eliminate the need for a display or to utilize a known variation, as taught by Weiss.

Claim Objections
Claims 13 and 20 are objected to because of the following informalities:  In claims 13 and 20, the limitation “receives counter data from the PSD to the reader device” should be replaced with “receives counter data from the PSD at the reader device” (similar amendment made by Applicant in claim 4).  Appropriate correction is required.

Claim Rejections - 35 USC § 103
In the event the determination of the status of the application as subject to AIA  35 U.S.C. 102 and 103 (or as subject to pre-AIA  35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status.  
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.

Claims 1-2, 4-7, 10-11, 13-16 and 19-20 are rejected under 35 U.S.C. 103 as being unpatentable over US 6067621 A to Yu et al. (Yu) in view of US 5,657,388 to Weiss.
Regarding claim 1, Yu discloses a method for access control using a personal security device (PSD) of a user (IC card, Fig. 1), comprising: providing the PSD with a one-time-password (OTP) key (IC card stores secret key, col. 6, lines 47-50); interfacing a reader device (receiver), coupled to a host device (server, col. 7, lines 28-29), with the PSD (receiving card, col. 6, lines 40-41); authenticating the reader device to the PSD (comparing card access key, col. 6, lines 22-27), wherein the OTP key is only readable from the PSD by the reader device when the reader device is authenticated and a secure channel is established between the PSD and a reader device (allowing access via wired connection, col. 6, lines 22-36); receiving the OTP key (secret key) from the PSD at the reader device over the secure channel (read secret key of the IC card, col. 6, lines 57-50);  generating an OTP at the reader device using the OTP key received at the reader device from the PSD (generate one-time password using key, col. 6, lines 47-67); and passing the OTP generated at the reader device to the host device or a validation system connected to the host device for validation (server validates OTP, col. 7, line 27 – col. 8, line 16).The Examiner notes that Yu discloses displaying the OTP at the reader and, via the user, transferring the OTP to the host device or validation system.  Thus, while the Examiner maintains that such a sequence meets the claim language “passing, by the reader device, … to the host device”, it is believed the intent of the claim language is that the OTP be transferred directly to the host device from the reader.  Therefore, the following is provided to advance prosecution.  Weiss teaches a similar system, where a token is coupled to a token processor to generate an OTP (col. 5, lines 21-57) and the OTP (one-time nonpredictable code) is transmitted to a host processor for validation (col. 4, lines 66-67, col. 5, lines 4-5, lines 60-61).  Therefore, it would have been obvious to one having ordinary skill in the art before the effective filing date of the claimed invention to modify Yu such that the OTP is passed, by the reader device, to the host device or a validation system.  One of ordinary skill in the art would have been motivated to perform such a modification to reduce the burden on the user, to reduce or eliminate the need for a display or to utilize a known variation, as taught by Weiss.  
Regarding claim 10, the claim is similar in scope to claim 1 and is therefore rejected using a similar rationale.
Regarding claim 19, the claim is similar in scope to claim 1 and is therefore rejected using a similar rationale.
Regarding claims 2, 11 and 20, Yu discloses validating the OTP and granting access to the user (granting access to the service, col. 11, lines 9-11).
Regarding claims 4 and 13, Yu discloses at least one of: (i) receiving counter data from the PSD at the reader device (inserting counter data into the password stream; (ii) sending counter data or incremented counter data from the reader device to the PSD after an access decision; or (iii) storing counter data on the reader device before or after an access decision (store new counter value, col. 7, lines 21-27).
Regarding claims 5 and 14, Yu discloses wherein the PSD is at least one of: a smart card, a token or a mobile phone (IC card, col. 6, lines 15-20).
Regarding claims 6 and 15, Yu discloses wherein the PSD is a secure memory storage card (IC card stores secret key, col. 6, lines 47-50) that has authentication capabilities and no exposed crypto functions beyond memory access authentication (comparing card access key, col. 6, lines 22-27).
Regarding claims 7 and 16, Yu discloses wherein the OTP is generated at the reader device in a secure environment of the reader device (password generator, col. 6, lines 47-50).

Claims 3 and 12 are rejected under 35 U.S.C. 103 as being unpatentable over Yu and Weiss, as applied to claims 1 and 10 above, in view of US 2010/0149591 A1 to Hase et al. (Hase) and US 2013/0233924 A1 to Burns.
Regarding claims 3 and 12, Yu lacks clearing the OTP key from the reader device.  However, clearing a key received from an attached card is known in the art to prevent loss or unauthorized reuse of secure data, as taught in Hase (¶¶73-74).  Therefore, it would have been obvious to one having ordinary skill in the art before the effective filing date of the claimed invention to modify Yu to include clearing the OTP key after use.  One of ordinary skill in the art would have been motivated to perform such a modification to prevent loss or unauthorized reuse of the OTP key, as taught by Hase.  Yu, as modified, lacks deleting the key from the reader.  However, Burns teaches that it is known to erase a card reader’s memory after the card is removed (¶199).  Therefore, it would have been obvious to one having ordinary skill in the art before the effective filing date of the claimed invention to modify Yu, as modified above, to erase the key from the reader.  One of ordinary skill in the art would have been motivated to perform such a modification, as it was known to clear the reader memory after removal of the card, as taught by Burns. 

Claim 8 and 17 are rejected under 35 U.S.C. 103 as being unpatentable over Yu and Weiss, as applied to claims 1 and 10 above, in view of US 2005/0188202 A1 to Popp.
Regarding claims 8 and 17, Yu discloses that the secret key is initially stored on the IC card, but lacks wherein the PSD is provided with the OTP key at least one of: at a time of manufacture of the PSD or during a field revision of the PSD.  However, Popp teaches that it is known to initialize a token at manufacture (¶6) and updateable in the field (¶¶13-14).  Therefore, it would have been obvious to one having ordinary skill in the art before the effective filing date of the claimed invention to modify Yu such that the PSD is provided with the OTP key at least one of: at a time of manufacture of the PSD or during a field revision of the PSD.  One of ordinary skill in the art would have been motivated to perform such a modification to utilize a known method of initializing or updating secret information on the card, as taught by Popp.

Claim 9 and 18 are rejected under 35 U.S.C. 103 as being unpatentable over Yu and Weiss, as applied to claims 1 and 10 above, in view of US 2015/0049925 A1 to Lowe.
Regarding claims 9 and 18, Yu lacks wherein the interfacing of the reader device and the PSD is via a non-contact interface.  However, Lowe teaches that it was known to interface a reader and a card using contactless medium (¶45) and to employ encryption of the channel to ensure security (¶45).  Therefore, it would have been obvious to one having ordinary skill in the art before the effective filing date of the claimed invention to modify Yu such that the interfacing of the reader device and the PSD is via a non-contact interface.  One of ordinary skill in the art would have been motivated to perform such a modification to utilize a known interface method for a smart card, as taught by Lowe.

Conclusion
The prior art made of record and not relied upon is considered pertinent to applicant's disclosure.
US 20110113245 A1 (Varadarajan; Rammohan) teaches direct OTP transfer (¶29).
US 20070220597 A1 (ISHIDA; Natsuki) teaches communicating an OTP to a host to enable a larger, more robust OTP (¶93).

Applicant's amendment necessitated the new ground(s) of rejection presented in this Office action.  Accordingly, THIS ACTION IS MADE FINAL.  See MPEP § 706.07(a).  Applicant is reminded of the extension of time policy as set forth in 37 CFR 1.136(a).  
A shortened statutory period for reply to this final action is set to expire THREE MONTHS from the mailing date of this action.  In the event a first reply is filed within TWO MONTHS of the mailing date of this final action and the advisory action is not mailed until after the end of the THREE-MONTH shortened statutory period, then the shortened statutory period will expire on the date the advisory action is mailed, and any extension fee pursuant to 37 CFR 1.136(a) will be calculated from the mailing date of the advisory action.  In no event, however, will the statutory period for reply expire later than SIX MONTHS from the date of this final action. 
Any inquiry concerning this communication or earlier communications from the examiner should be directed to MICHAEL J SIMITOSKI whose telephone number is (571)272-3841. The examiner can normally be reached Monday - Friday, 7:00-3:00.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Carl Colin can be reached on 571-272-3862. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. Visit https://www.uspto.gov/patents/apply/patent-center for more information about Patent Center and https://www.uspto.gov/patents/docx for information about filing in DOCX format. For additional questions, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.

/Michael Simitoski/               Primary Examiner, Art Unit 2493                                                                                                                                                                                         
October 12, 2022