`USAA v. Asghari-Kamrani et al.
`CBM2016-00063
`CBM2016-00064
`
`
`
`In the Claims:
`
`Please amend the claims as follows:
`
`U.S. Patent Application No. 12/210,926
`
`Attorney Docket No. KAMR002USO
`
`1. (Currently Amended) A method for authenticating a user during an electronic
`
`transaction between the user and an EXtemal—Entity, the method comprising:
`
`receiving electronically a request for a dynamic SecureCode for the user by a Central-
`
`Entity during the transaction between the user and the EXternal—Entity;
`
`generating during the transaction a dynamic SecureCode for the user in response to the
`
`request, wherein the dynamic SecureCode is valid for a predefined time and becomes invalid
`
`after being used;
`
`providing said generated SecureCode to the user during the transaction;
`
`receiving electronically by a Central—Entity a request for authenticating the user based on
`
`a digital identity during the transaction, which digital identity includes the SecureCode; and
`
`authenticating by the Central—Entity the user during the transaction if the digital identity is
`
`valid.
`
`2. (Original) A method as recited in claim 1, wherein said user has a pre—eXisting
`
`relationship with the EXternal—Entity.
`
`3. (Original) A method as recited in claim 1, wherein said user has no pre—eXisting
`
`relationship with the EXternal—Entity.
`
`4. (Previously Presented) A method as recited in claim 1, further comprising:
`
`
`
`U.S. Patent Application No. 12/210,926
`
`Attorney Docket No. KAMR002USO
`
`combining said generated SecureCode with a user—specific information using a
`
`predetermined algorithm to form a combined Secure—Code and user specific information;
`
`maintaining the combined Secure—Code and user specific information at the Central-
`
`Entity;
`
`using the predetermined algorithm to combine received user specific information received
`
`by the Central—Entity with a received SecureCode received by the Central—Entity to form a
`
`combined received SecureCode and received user specific information;
`
`comparing the combined Secure—Code and user specific information with the combined
`
`received SecureCode and received user specific information to validate the user.
`
`5-1 1. (Cancelled)
`
`12. (Previously Presented) A method as recited in claim 1, wherein said EXternal—Entity
`
`receives the user’s digital identity.
`
`13. (Previously Presented) A method as recited in claim 1, wherein said EXternal—Entity
`
`submits a digital identity to the Central—Entity.
`
`14. (Previously Presented) The method of claim 1, wherein said digital identity includes a
`
`user—specific information.
`
`15. (Currently Amended) The method of claim 14, wherein the user specific information
`
`comprises one or more of the following: an alphanumeric name, an ID, a login name, and an
`
`
`
`U.S. Patent Application No. 12/210,926
`
`Attorney Docket No. KAMR002USO
`
`
`
`16. (Original) The method of claim 1, wherein the transaction corresponds to a financial
`
`transaction.
`
`17. (Original) The method of claim 1, wherein the transaction corresponds to a non-
`
`financial transaction.
`
`18. (Previously Presented) The method of claim 1, wherein the transaction corresponds to
`
`access to restricted web—site or restricted computer/server.
`
`19. (Previously Presented) The method of claim 1, wherein said transaction occurs over a
`
`communication network, wherein said communication network comprises one or more of the
`
`following: an Internet, a wireless network, a mobile network, a satellite network, and a private
`
`network.
`
`20. (Previously Presented) The method of claim 1, wherein said transaction occurs over a
`
`communication network to which is coupled said user, said Central—Entity, and said EXtemal—
`
`Entity.
`
`21. (Currently Amended) An apparatus for authenticating a user during an electronic
`
`
`
`U.S. Patent Application No. 12/210,926
`
`Attorney Docket No. KAMR002USO
`
`transaction with an EXternal—Entity, the apparatus comprising:
`
`a first Central—Entity computer adapted to:
`
`generate a dynamic SecureCode for the user in response to a request during the
`
`transaction, wherein the dynamic SecureCode is valid for a predefined time and becomes
`
`invalid after being used; and
`
`provide said SecureCode to the user;
`
`a second Central—Entity computer adapted to validate a digital identity, which includes
`
`said SecureCode, and authenticate the user if the digital identity is valid.
`
`22. (Previously Presented) The apparatus as recited in claim 21, wherein said user has a
`
`pre—eXisting relationship with the EXternal—Entity.
`
`23. (Previously Presented) The apparatus as recited in claim 21, wherein said user has no
`
`pre—eXisting relationship with the EXternal—Entity.
`
`24. (Previously Presented) The apparatus as recited in claim 21, wherein said EXtemal—
`
`Entity and said Central—Entity use a SecureCode that is algorithmically combined with said user-
`
`specific information.
`
`25-31. (Cancelled)
`
`32. (Previously Presented) The apparatus as recited in claim 21, wherein the user submits
`
`a digital identity to the EXternal—Entity.
`
`
`
`U.S. Patent Application No. 12/210,926
`
`Attorney Docket No. KAMR002USO
`
`33. (Previously Presented) The apparatus as recited in claim 21, wherein the External-
`
`Entity submits a digital identity to the Central—Entity.
`
`34. (Previously Presented) The apparatus of claim 21, wherein the digital identity
`
`includes a user—specific information.
`
`35. (Currently Amended) The apparatus of claim 34, wherein the user specific
`
`information comprises one or more of the following; an alphanumeric name, an ID, a login name,
`
`
`
`36. (Previously Presented) The apparatus of claim 21, wherein the transaction
`
`corresponds to a financial transaction.
`
`37. (Previously Presented) The apparatus of claim 21, wherein the transaction
`
`corresponds to a non—financial transaction.
`
`38. (Previously Presented) The apparatus of claim 21, wherein the transaction
`
`corresponds to access to restricted web—site or restricted computer/server.
`
`39. (Previously Presented) The apparatus of claim 21, wherein said transaction occurs
`
`
`
`U.S. Patent Application No. 12/210,926
`
`Attorney Docket No. KAMR002USO
`
`over a communication network and wherein said communication network comprises one or more
`
`of the following; an Internet, a wireless network, a mobile network, a satellite network, and a
`
`private network.
`
`40. (Previously Presented) The apparatus of claim 21, wherein said transaction occurs
`
`over a communication network to which is coupled said user, said Central—Entity, and said
`
`EXtemal—Entity.
`
`41. (Previously Presented) A method as recited in claim 4, wherein said EXternal—Entity is
`
`using said algorithmically combined SecureCode to authenticate a user’s identity.
`
`42. (Cancelled)
`
`43. (Previously Presented) A method as recited in claim 4, wherein said Central—Entity is
`
`using said algorithmically combined SecureCode to authenticate a user’s identity.
`
`44. (Original) A method as recited in claim 1, wherein said EXternal—Entity and said
`
`Central—Entity are the same entity.
`
`45. (Currently Amended) The method as recited in claim 1, wherein said Central—Entity
`
`invalidates the SecureCode after authenticating the use
`
`
`
`U.S. Patent Application No. 12/210,926
`
`Attorney Docket No. KAMR002USO
`
`46. (Currently Amended) The method as recited in claim 1, wherein the Central—Entity
`
` invalidates the SecureCode 2-‘::—=—==-‘—:——=—-+——————
`
`after a predefined period of time passes from
`
`when the SecureCode was generated.
`
`47. (Currently Amended) The method as recited in claim 1, wherein said Central—Entity
`
`generates the SecureCode with dependence on the user information%%
`
`values.
`
`48. (Currently Amended) The method as recited in claim 47, wherein said eneer—mere
`
`flp user information comprises one or more of the following: an alphanumeric
`
`name, amuniqueléeyg an ID, a login name, and an identification phrase
`
`
`
`49. (Cancelled)
`
`50. (Currently Amended) A method for authenticating a user during an electronic
`
`transaction between the user and an EXtemal—Entity, the method comprising:
`
`receiving electronically a request for a dynamic SecureCode for the user by a Central-
`
`Entity during the transaction between the user and the EXternal—Entity;
`
`generating during the transaction a dynamic SecureCode for the user in response to the
`
`request, wherein the dynamic SecureCode is valid for a predefined time and becomes invalid
`
`after being used;
`
`
`
`U.S. Patent Application No. 12/210,926
`
`Attorney Docket No. KAMR002USO
`
`providing said generated SecureCode to the user during the transaction;
`
`receiving electronically by a Central—Entity a request for authenticating the user based on
`
`a digital identity during the transaction, which digital identity includes the SecureCode; and
`
`authenticating by the Central—Entity the user during the transaction if the digital identity is
`
`valid, wherein said SecureCode is alphanumeric.
`
`51. (Original) The method as recited in claim 1, wherein said user communicates with
`
`said Central—Entity over a communication network.
`
`52. (Currently Amended) An apparatus for authenticating a user during an electronic
`
`transaction with an EXternal—Entity, the apparatus comprising:
`
`a first Central—Entity computer adapted to:
`
`generate a dynamic SecureCode for the user in response to a request during the
`
`transaction, wherein the dynamic SecureCode is valid for a predefined time and becomes
`
`invalid after being used; and
`
`provide said SecureCode to the user;
`
`a second Central—Entity computer adapted to validate a digital identity, which includes
`
`said SecureCode, and authenticate the user if the digital identity is valid, wherein said
`
`SecureCode is alphanumeric.
`
`53. (Original) The method as recited in claim 1, wherein said user communicates with
`
`said EXtemal—Entity over a communication network.
`
`
`
`U.S. Patent Application No. 12/210,926
`
`Attorney Docket No. KAMR002USO
`
`54. (Previously Presented) The apparatus as recited in claim 21, wherein said user
`
`communicates with said Central—Entity over a communication network.
`
`55. (Previously Presented) The apparatus as recited in claim 21, wherein said user
`
`communicates with said EXternal—Entity over a communication network.
`
`56-57. (Cancelled)
`
`5 8. (Previously Presented) The method as recited in claim 1, wherein said SecureCode is
`
`generated based on a request submitted by said user over a communication network.
`
`5 9. (Cancelled)
`
`60. (Previously Presented) The method as recited in claim 5 8, wherein said request is
`
`initiated by said user through a standard interface provided to said user.
`
`6 l -62. (Cancelled)
`
`63. (Previously Presented) The apparatus according to claim 21, wherein said first
`
`Central—Entity computer and said second Central—Entity computer are the same.
`
`64. (Previously Presented) The apparatus according to claim 21, wherein said first
`
`Central—Entity computer and said second Central—Entity computer are different.
`
`-10-
`
`
`
`U.S. Patent Application No. 12/210,926
`
`Attorney Docket No. KAMR002USO
`
`65. (Previously Presented) A method as recited in claim 1, wherein said digital identity
`
`comprises the SecureCode and a user—specific information.
`
`66. (Previously Presented) A method as recited in claim 1, wherein said digital identity
`
`comprises the SecureCode.
`
`67. (Previously Presented) A method as recited in claim 1, wherein said digital identity is
`
`invalid if the SecureCode is invalid.
`
`68. (Previously Presented) A method as recited in claim 1, wherein said digital identity is
`
`valid if at least the SecureCode is valid.
`
`69. (Previously Presented) A method as recited in claim 1, wherein said EXternal—Entity
`
`authenticates the user upon receiving an affirmation authentication message from the Central-
`
`Entity.
`
`70. (Previously Presented) A method as recited in claim 1, wherein said EXternal—Entity
`
`authenticates the user if said Central—Entity authenticates the user based on the SecureCode.
`
`71. (Previously Presented) The apparatus of claim 21, wherein said digital identity is
`
`invalid if the SecureCode is invalid.
`
`-11-
`
`
`
`U.S. Patent Application No. 12/210,926
`
`Attorney Docket No. KAMR002USO
`
`72. (Previously Presented) The apparatus of claim 21, wherein said digital identity is
`
`valid if at least the SecureCode is valid.
`
`73. (Previously Presented) The apparatus of claim 21, wherein said EXternal—Entity
`
`authenticates the user upon receiving an affirmation authentication message from the Central-
`
`Entity.
`
`74. (Previously Presented) The apparatus of claim 21, wherein said digital identity
`
`comprises the SecureCode.
`
`75. (Currently Amended) The apparatus of claim 21, wherein said Central—Entity
`
`
`
`
`
`
`
`
`
`
`
` invalidatestheSecureCode :-.:-—--: ' :' : - .:- :. -:' - after
`
`
`
`authenticating the user.
`
`76. (Currently Amended) The apparatus of claim 21, wherein the Central—Entity
`
`
`
`
`
`
`
`
`
` SecureCod - - - -- - : '- : ' - -. - after a predefined period of time passes E
`
`the SecureCode was generated.
`
`77. (Previously Presented) The apparatus of claim 21, wherein said Central—Entity
`
`generates the SecureCode based on said user information .
`
`78. (Currently Amended) The apparatus of claim 77, wherein said eneer—mere
`
`-12-
`
`
`
`U.S. Patent Application No. 12/210,926
`
`Attorney Docket No. KAMR002USO
`
`flp user information comprises one or more of the following: an alphanumeric
`
`name, an—u-niquekeyg an ID, a login name, a password, and an identification phrase
`
`
`
`79. (Currently Amended) The method of claim 65, wherein the user specific information
`
`comprises one or more of the following: an alphanumeric name, an ID, a login name, and an
`
`
`
`identification phrase ~ - - - ' -
`
`
`
`80. (Previously Presented) The apparatus of claim 21, wherein said EXternal—Entity
`
`authenticates the user if said Central—Entity authenticates the user based on the SecureCode.
`
`8 1. (New) The apparatus of claim 21, wherein said EXternal—Entity and Central—Entity are
`
`the same entity.
`
`82. (New) A method as recited in claim 50, wherein said EXternal—Entity and Central-
`
`Entity are the same entity.
`
`83. (New) The method of claim 50, wherein said digital identity includes a user—specific
`
`information.
`
`-13-
`
`
`
`U.S. Patent Application No. 12/210,926
`
`Attorney Docket No. KAMR002USO
`
`84. (New) The method of claim 83, wherein the user—specific information includes user-
`
`identifying information.
`
`85. (New) The method of claim 83, wherein the user—specific information comprises one
`
`or more of the following: an alphanumeric name, an ID, a login name, and an identification
`
`phrase.
`
`86. (New) The apparatus of claim 52, wherein said EXternal—Entity and Central—Entity are
`
`the same entity.
`
`87. (New) The apparatus of claim 52, wherein said digital identity includes an user-
`
`specific information.
`
`88. (New) The apparatus of claim 87, wherein the user—specific information includes
`
`user—identifying information.
`
`89. (New) The method of claim 87, wherein the user—specific information comprises one
`
`or more of the following: an alphanumeric name, an ID, a login name, and an identification
`
`phrase.
`
`90. (New) The method of claim 14, wherein the user—specific information includes user-
`
`identifying information.
`
`-14-
`
`
`
`U.S. Patent Application No. 12/210,926
`
`Attorney Docket No. KAMR002USO
`
`91. (New) The apparatus of claim 34, wherein the user—specific information includes
`
`user—identifying information.
`
`.15.
`
`
`
`U.S. Patent Application No. 12/210,926
`
`Attorney Docket No. KAMR002USO
`
`REMARKS
`
`Claims 1-4, 12-24, 32-41, 43-48, 50-55, 58, 60 and 63-80 were previously pending.
`
`Claims 5-11, 25-31, 42, 49, 56-57, 59 and 61-62 have been previously cancelled without
`
`disclaimer of or prejudice to the subject matter contained therein. Claims 1, 15, 21, 35, 45, 46,
`
`47, 48, 50, 52, and 75-79 have been amended to more particularly recite the claimed invention.
`
`Claims 81-91 have been added to further claim the present invention. Claims 1-4, 12-24, 32-41,
`
`43-48, 50-55, 58, 60 and 63-91 remain pending.
`
`CLAIMS REMAIN PATENTABLE OVER FRANKLIN ET AL. AND FOX ET AL.
`
`TAKEN ALONE OR IN COMBINATION
`
`The Office Action rejected claims 1-4, 12-24, 32-41, 43, 45-48, 50-55, 58, 60 and 63-80
`
`under 35 U.S.C. § 103(a) as being unpatentable over by U.S. Patent No. 5,883,810 A to Franklin
`
`et al. [hereinafter “Franklin et al.”] in view of U.S. Patent Publication No. 2002/0069174 A1 by
`
`Fox et al. [hereinafter “Fox et al.”]. Generally, the Office Action contends that Franklin et al.
`
`discloses all of the elements of the claims, except for certain missing features that it contends can
`
`be found in Fox et al., and further contends that it would have been obvious to one of ordinary
`
`skill in the art to modify the system of Franklin et al. using these certain missing features from
`
`Fox et al. for various specified reasons. For example with regard to claim 1, the Office Action
`
`asserts that Franklin discloses all of the elements of the claim at issue, except for “receiving
`
`electronically by a Central-Entity a request for authenticating the user based on a digital identity
`
`during the transaction, which digital identity includes the SecureCode” and “authenticating by the
`
`Central-Entity the user during the transaction if the digital identity is valid.” The Applicants
`
`respectfully disagree with the Office Action’s characterization of these references vis-a-vis the
`
`-16-
`
`
`
`U.S. Patent Application No. 12/210,926
`
`Attorney Docket No. KAMR002USO
`
`claims at issue and respectfully request reconsideration and withdrawal of the rejection in light of
`
`the following remarks.
`
`Factual Inquiries Set Forth in Graham v. John Deere Show Non-Obviousness
`
`1. Determining Scope of Prior Art
`
`Franklin et al. teaches the use of a temporary transaction number to replace one’s actual
`
`credit card number to avoid exposing the actual credit card number to fraud. However, Franklin
`
`fails to teach any authentication method, since Franklin et al. relates merely to authorization of
`
`payment, which is not the same as authentication of the user. See Afi‘. Hosseinzadelz filed
`
`11/] 7/201 I,W7; Afi‘. Hewittfiled 11/] 7/201], WII; Afi‘. N.Kamranifiled 11/] 7/201], W6; Afi‘.
`
`K.Kamrani filed 11/] 7/201], W6.
`
`Fox et al. teaches using a digital signature as the basis for authentication because only a
`
`Valid digitally signed certificate is used for authenticating the user. See Afi‘. Hosseinzadelz filed
`
`11/] 7/201 I,W9; Afi‘. Hewittfiled 11/] 7/201], W13; Afi‘. N.Kamranifiled 11/] 7/201], W8; Afi‘.
`
`K.Kamranifiled 11/] 7/201], W8.
`
`2. Ascertaining the Diflerences Between the Prior Art and Claims at Issue
`
`The Claims at issue include the limitations that the dynamic SecureCode is generated
`
`during the transaction between the user and the EXtemal—Entity and that the so generated
`
`dynamic code is then used to authenticate the user. Franklin et al. does not authenticate a user
`
`based on any code generated during the transaction between the user and the merchant because
`
`there is no authentication being performed in Franklin et al. See Afi‘. Hosseinzadelz filed
`
`1/] 8/201], W9—I4; Afi”. Laingfiled 1/] 1/201 I,W9—I4; Afi‘. Hewittfiled 1/] 8/201 I,W9—I4; Afi‘.
`
`N.Kamranifiled 1/] 8/201], WI 0-16; Afi‘. K.Kamranifiled 1/] 8/201], W9—I4.
`
`-17-
`
`
`
`U.S. Patent Application No. 12/210,926
`
`Attorney Docket No. KAMR002USO
`
`Fox et al. does not authenticate a user based on a code generated during the transaction,
`
`but requires use of a digital key obtained offline to digitally sign a certificate, which is then used
`
`for authentication of the user. See Afi‘. Hosseinzadelz filed 11/] 7/201], W10; Afi‘. Hewitt filed
`
`11/] 7/201], W14; Afi‘. N.Kamranifiled 11/] 7/201], W9; Afi‘. K.Kamranifiled 11/] 7/201], W9.
`
`Thus, neither reference generates a dynamic SecureCode during the transaction that is then used
`
`to authenticate the user for the transaction. Without these features, the suggested combination
`
`fails to state a primafacie case of obViousness.
`
`Response to Office Action Remarks
`
`The Office Action’s argument includes several flaws in its logic. To show the presence
`
`of some claim elements in the prior art of Franklin et al., the Office Action equates the recited
`
`dynamic SecureCode to the temporary transaction number of Franklin et al. But then in a slight
`
`of hand, the Office Action equates the GRC of Fox et al. to the recited dynamic SecureCode for
`
`later claim steps. So, for certain claim steps, the Office Action uses the temporary transaction
`
`number of Franklin et al. as the recited dynamic SecureCode and for other claim steps the Office
`
`Action uses the GRC as the recited dynamic SecureCode. A proper argument should use the
`
`same element in one reference for the same element throughout the claim. In short, the Office
`
`Action has not presented any prior art showing the use of a dynamic SecureCode in the manner
`
`recited and the differences between the prior art and the claims remain significant.
`
`Each of the temporary transaction number and the GRC include features that preclude
`
`their use in the claimed method.
`
`The second factual inquiry under the Graham v. John Deere C0. test requires ascertaining
`
`the differences between the prior art and the claims at issue. The first difference is that the same
`
`dynamic SecureCode requested during authentication of the individual is then generated and sent
`
`-18-
`
`
`
`U.S. Patent Application No. 12/210,926
`
`Attorney Docket No. KAMR002USO
`
`to the user. The same dynamic SecureCode is then received as part of an authentication request
`
`and the user is authenticated based on the same dynamic SecureCode.
`
`The temporary transaction number of Franklin et al. cannot be used to authenticate the
`
`individual because it is the same as a credit card number — which is never used to authenticate
`
`people. See Afi‘. Hosseinzadelzfiled I/I8/2011, W944; Afi‘. Laingfiled I/II/20II,W9—I4; Afi‘.
`
`Hewitt filed I/I8/2011, W944; Afi‘. N.Kamrani filed I/I8/2011, WI 0-16; Afi‘. K.Kamrani filed
`
`1/] 8/201], W944.
`
`The GRC of Fox et al. is issued at the time of registration and such is not generated
`
`during the transaction. Col. 9, lines 62-65, GUMP Method Registration Protocol. See Afi”.
`
`Hosseinzadelzfiled II/I 7/20II,W9—20; Afi”. Hewittfiled 11/] 7/201], WI3—24; Afi‘. N.Kamranifiled
`
`I 1/] 7/201], W94 9; Afi‘. K.Kamrani filed I 1/] 7/201], W94 9. Moreover, the authentication
`
`process used in Fox et al. requires use of a public/private key combination that must be obtained
`
`out—of—band. See Afi”. Hosseinzadelz filed 11/] 7/201], W9—20; Afi‘. Hewittfiled 11/] 7/201], W13-
`
`24; Afi‘. N.Kamrani filed I 1/] 7/201], W9—I9; Afi‘. K.Kamrani filed I 1/] 7/201], W949.
`
`Consequently, the GRC of F0x et al. cannot replace the temporary transaction number of
`
`Franklin et al. to arrive at the claimed invention because the GRC cannot be generated during the
`
`transaction, and requires elements that must be obtained offline or at least outside the transaction
`
`between the user and the EXternal—Entity, which is required in the claims at issue. The only
`
`reason that the digitally signed GRC of Fox et al. can be used for authentication purposes is
`
`because it employs a public/private key that is used to sign the GRC; as a result the GRC by itself
`
`is not used to authenticate the individual but rather the digitally signed GRC is used for
`
`authentication so that only a GRC that is properly signed is considered authentic. See Afi‘.
`
`Hosseinzadelzfiled II/I 7/20II,W9—20; Afi”. Hewittfiled 11/] 7/201], WI3—24; Afi‘. N.Kamranifiled
`
`-19-
`
`
`
`U.S. Patent Application No. 12/210,926
`
`Attorney Docket No. KAMR002USO
`
`I 1/] 7/201], W9—I 9; Afi”. K. Kamrani filed I 1/] 7/201], W9—I 9. Without the digital signature, the
`
`GRC is not used for authentication and Fox et al. requires that the authentication is only valid if
`
`the signature is valid. Id.
`
`Furthermore, the temporary transaction number of Fox er al. is used to protect the actual
`
`credit card number from being exposed on the Internet during an online transaction. Combining
`
`Fox et al. with Franklin et al. would eliminate the need for the temporary transaction number.
`
`Because in F0x et al. the temporary transaction numbers or actual credit card numbers have no
`
`value without the user’s digital signature. See Fox et al., column 8, line 29-32 which states “If a
`
`digital signature and signature check were required on every credit card transaction, then the card
`
`number alone would have no value.”
`
`Moreover, one of ordinary skill in the art upon reading Fox et al. and Franklin er al.
`
`would not consider authenticating the individual using the temporary transaction number because
`
`Fox et al. teaches using a digital signature as the basis for authentication, which digital signature
`
`has a tremendous investment associated with it from obtaining the keys to perform the digital
`
`signature. Id.
`
`The Office Action equates the claimed “dynamic SecureCode” of the present invention
`
`with the GRC of Fox et al., which describes the GRC as follows:
`
`The Internet analog of an SOF is a Certified Public Signature Key
`
`(CPSK). The GUMP Registration Meta—Protocol (GRMP) is a
`
`framework for designing and implementing a financial institution's
`
`certification policies to produce a client's CPSK, packaged as a
`
`GUMP Relationship Certificate (GRC). The GRC, of course,
`
`is
`
`public information that can be sent with transaction packets, stored in
`online directories, and cached on distributed machines without
`
`concern that it might be accessed by unauthorized parties.
`
`W[007I]
`
`However, the GRC of Fox et al. is not used to authenticate the user. Rather the digital
`
`-20-
`
`
`
`U.S. Patent Application No. 12/210,926
`
`Attorney Docket No. KAMR002USO
`
`signature is used to authenticate the user. See Afi‘. Hosseinzadeh filed I 1/] 7/20] I, W9—20; Afi‘.
`
`Hewittfiled II/I 7/20II, WI3—24; Afi‘. N.Kamranifiled II/I 7/2011, W9—I9; Afi‘. K.Kamram'filed
`
`II/I 7/20] I, W9—I9.
`
`The Office Action states “Fox discloses that a financial institution issues upon a request a
`
`certificate which includes a one—time secret (OTS) to the buyer, to conduct the electronic
`
`transaction with the seller where the GRC corresponds to the recited dynamic code because it is
`
`issued to the client for one electronic transaction and includes the OTS.” Yet one of skill in the
`
`art of user authentication and electronic transactions would understand that this statement is
`
`inaccurate. See Afi”. Hosseinzadehfiled II/I 7/20II,W2I—22; Afi”. Hewittfiled II/I 7/20II, W27-
`
`28; Afi‘. N.Kamranifiled II/I 7/2011, W2I—22; Afi‘. K.Kamranifiled II/I 7/20II, W2I—22.
`
`The OTS in the GRC is only used to tie the client’s public key to the GRC, and the OTS is an
`
`unsecret from the time the user receives digitally signed GRC certificate from the institution. Id.
`
`Fox et al. discloses that the institution digitally signs and sends back a GRC binding the client’s
`
`public signature key to the OTS. Id. From this point on, the OTS becomes an unsecret (Column
`
`3, line 1-7). Id. Fox et al. suggests that the OTS be derived from the user’s financial account
`
`numbers, which are static. Id. GRC does not correspond to recited dynamic code because GRC is
`
`public information and OTS is not a secret number from the time the user receives GRC from a
`
`financial institutions. Id.
`
`The statement from the Office Action“the GRC corresponds to the recited dynamic code”
`
`is inaccurate. Id. In Fox et al. a financial institution verifies the identity of the user by verifying
`
`user’s digital signature using user’s public key. Id. If a user does not digitally sign the GRC or
`
`any other document, the financial institution would not be able to verify the user and the
`
`document (GRC). Id. Therefore the statement “GRC correspond to dynamic code” is an invalid
`
`-21-
`
`
`
`U.S. Patent Application No. 12/210,926
`
`Attorney Docket No. KAMR002USO
`
`statement. Id. The claimed invention does not require a digital signature and public key protocol
`
`to verify a user. Id.
`
`In the present invention, a dynamic code authenticates a user whereas in F0x
`
`et al. a GRC does not authenticate a user. Id.
`
`In Fox et al., it is the user’s digital signature and
`
`public key that verifies the user who controls the private key. Id.
`
`Furthermore, Fox et al. teaches away from using the GRC by itself for authentication. See
`
`Afi‘. Hosseinzadelz filed I 1/] 7/20] I, W9—20; Afi‘. Hewitt filed I 1/] 7/201], WI 3 -24; Afi‘. N.Kamrani
`
`filed I 1/] 7/20] I, W9—I9; Afi‘. K.Kamrani filed II/I 7/2011, W9—I9. Upon reading Fox et al., one of
`
`skill in the art would be taught to rely on the digital signature for authentication, but using the
`
`GRC by itself without a digital signature would be directly opposed to the teaching of Fox et al.
`
`Therefore, Fox et al. teaches away from using the GRC as the basis for authentication. As such,
`
`one of ordinary skill in the art would not modify Franklin et al. in the manner suggested by the
`
`Office Action because he would rely upon the teaching from Fox et al. of using a digital
`
`signature as the basis for authentication. But, the digital signature capability cannot be generated
`
`during the transaction as claimed, hence the claimed invention would not have been obvious to
`
`one of ordinary skill in the art based on Fox et al. and Franklin et al.
`
`Thus, for at least these reasons the Applicants respectfully submit that the claims at issue
`
`are neither anticipated by nor rendered obvious by Franklin et al. and Fox et al. , either taken
`
`alone or in combination. Reconsideration and withdrawal of the rejection of these claims is
`
`respectfully requested.
`
`CLAIMS REMAIN PATENTABLE OVER FRANKLIN ET AL. AND FOX ET AL.
`
`TAKEN ALONE OR IN COMBINATION WITH CERTAIN OFFICIAL NOTICE
`
`-22-
`
`
`
`U.S. Patent Application No. 12/210,926
`
`Attorney Docket No. KAMR002USO
`
`The Office Action rejected claim 44 under 35 U.S.C. § l03(a) as being unpatentable over
`
`the combination of Franklin et al. and Fox et al. and further in View of certain Official Notice.
`
`The Office Action contends that the above mentioned combination of Franklin er al. and Fox et
`
`al. discloses all of the elements of the claim at issue, except for “wherein the EXternal—Entity and
`
`the Central—Entity are the same,” for which the Office Action provides certain Official Notice.
`
`The Office Action takes Official Notice for this teaching missing from Franklin et al. and Fox et
`
`al. Even assuming argaendo that the Office Action’s application of Official Notice in
`
`combination with Franklin et al. and Fox et al. is proper, because this claim ultimately depends
`
`from independent claim 1, which has been shown to be patentable over the combination of
`
`Franklin et al. and Fox et al., claim 44 remains patentable over the combination of Franklin et
`
`al., Fox et al. and the certain Official Notice for at least the same reasons discussed above. The
`
`Applicants therefore respectfully request reconsideration and withdrawal of the rejection of claim
`
`44.
`
`CONCLUSION
`
`The Applicant respectfully submits this application is in condition for allowance and
`
`requests issuance of a Notice of Allowance.
`
`Although not believed necessary, the Office is hereby authorized to charge any fees
`
`required under 37 C.F.R. § l.l6 or § l.l7 or credit any overpayments to the deposit account of
`
`MICHAEL P FORTKORT PC, Deposit Account No. 50-3776.
`
`In the event the prosecution of this Application can be efficiently advanced by a phone
`
`discussion, it is requested that the undersigned attorney be called at (703) 435-9390.
`
`Respectfully submitted,
`
`-23-
`
`
`
`U.S. Patent Application No. 12/210,926
`
`Attorney Docket No. KAMR002USO
`
`By
`
`/Michael P. Fortkort/
`
`Michael P. Fortkort
`
`(Reg. No. 35,141)
`
`
`Date: November 17 2011
`
`MICHAEL P FORTKORT PC
`
`The International Law Center
`
`13164 Lazy Glen Lane
`
`Oak Hill, Virginia 20171
`
`Please direct telephone calls to:
`Michael P. Fortkort
`
`703-435-9390
`
`703-435-8857 (facsimile)
`
`-24-
`
`
`
`Certification Under 37 C.F.R.
`
`1.8
`
`I hereby certify that on November 17, 2011 this correspondence is being: (a) deposited with
`the United States Postal Service in an envelope addressed to Commissioner for Patents, P.O.
`Box 1450, Alexandria, Virginia 22313-1450; or (b) transmitted via facsimile to facsimile
`number 571-273-8300; or (c) electronically filed with the U.S. Patent Office.
`
`
`Date: November 17 2011
`
`Signature:
`
`/Michael P. Fortkort/
`Michael P. Fortkort
`(Reg. No. 35,141)
`
`IN THE UNITED STATES PATENT & TRADEMARK OFFICE
`
`APPLICANT: NADER ASGHARI-IQAMRANI and IQAMRAN ASGHARI-IQAMRANI
`
`SERIAL NO.: 12/210,926
`
`FILING DATE: September 15, 2008
`
`EXAMINER: Mr. Abdulhakim Nobahar
`
`ART UNIT: 2432
`
`TITLE: CENTRALIZED IDENTIFICATION AND AUTHENTICATION SYSTEM AND
`METHOD
`
`ATTORNEY DOCKET: KAMR002USO
`
`CONFIRMATION NO.: 7516
`
`VIA ELECTRONIC FILING SYSTEM
`ASSISTANT COMMISSIONER FOR PATENTS
`
`WASHINGTO