SYSTEM AND METHOD FOR ACCESSING ENCRYPTED DATA REMOTELY

Notice of Pre-AIA or AIA Status The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA . DETAILED ACTION This Office Action is in response to the Amendment filed on 08/10/2023. In the instant Amendment, claim 1 was amended; claims 10-15 were cancelled; claim 1 is an independent claim; claims 1-9 have been examined and are pending. Reopening of Prosecution After Appeal Brief In view of the appeal brief filed on 08/10/2023, PROSECUTION IS HEREBY REOPENED as set forth below. To avoid abandonment of the application, appellant must exercise one of the following two options: (1) file a reply under 37 CFR 1.111 (if this Office Action is non-final) or a reply under 37 C.F.R. 1.113 (if this Office Action is final); or, (2) initiate a new appeal by filing a notice of appeal under 37 CFR 41.31 followed by an appeal brief under 37 CFR 41.37. The previously paid notice of appeal fee and appeal brief fee can be applied to the new appeal. If, however, the appeal fees set forth in 37 CFR 41.20 have been increased since they were previously paid, then appellant must pay the difference between the increased fees and the amount previously paid. A Supervisory Patent Examiner (SPE) has approved of reopening prosecution by signing below: /LUU T PHAM/Supervisory Patent Examiner, Art Unit 2439 Response to Arguments Appellant's arguments with respect to claim 1 has been considered but are moot because the new ground of rejection does not rely on any reference applied in the prior rejection of record for any teaching or matter specifically challenged in the argument. Claim Rejections - 35 USC § 103 In the event the determination of the status of the application as subject to AIA 35 U.S.C. 102 and 103 (or as subject to pre-AIA 35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status. The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action: A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made. Claims 1, 3-4 and 7 are rejected under 35 U.S.C. 103 as being unpatentable over Allinson et al ("Allinson," US 20160285633). Regarding claim 1, Allinson discloses a method of authorizing transmission of login credentials from an authorized device having memory to a secondary device and a service provider, comprising: registering the authorized device having memory storage on an authentication platform; (Allinson, [0002], a first device (e.g. a smart phone) may be registered as having authorization to authenticate a user for accessing a service from a second device (e.g. smart television). The registration of the first device may be maintained on a service login management component (e.g. comprising an authorization database, a server) [authentication platform]. The registration may specify a trust level for the first device. The trust level may be modified based upon at least one of successful authentication or unsuccessful authentication of the user by the first device; Also a third device may be registered as having authorization to authenticate the user for accessing the service from the second device; also see [0003]-[0004]) storing login credentials for at least one service provider in the memory of the authorized device; (Allinson, [0002]-[0004], describes storing a username and device authorization information for the service [service provider] in the memory of the mobile phone [authorized device]). prompting a user via the authorized device to authorize transmission of the login credentials for the at least one service provider from the authorized device to the secondary device and the service provider via the authentication platform; (Allinson, [0004] Responsive to receiving the encrypted request, the first device may prompt the user to specify whether the user wants to authorize a login into the service from the second device. Responsive to the user selecting an option to log the second device into the service, the first device may send a login user authorization notification to the service login management component [authentication component]. Responsive to the service login management component receiving the login user authorization notification from the first device, the service login management component may log the user into the service on the second device (e.g., without prompting the user to enter a password into the second device; also see [0002]-[0003]) and The first embodiment of Allinson fails to explicitly disclose receiving on the authentication platform a request for the login credentials for the at least one service provider from the secondary device; transmitting the requested login credentials for the at least one service provider from the authorized device to the secondary device and the service provider via the authentication platform when authorization is provided by the user via a user interface on the authorized device. However, in an alternative embodiment, Allison discloses receiving on the authentication platform a request for the login credentials for the at least one service provider from the secondary device; (Allinson, FIG 6A shows receiving on the service login management component [authentication platform] 610 a request for username for the at least one service [service provider] from the second device 612; also see [0006]) transmitting the requested login credentials for the at least one service provider from the authorized device to the secondary device and the service provider via the authentication platform when authorization is provided by the user via a user interface on the authorized device (Allinson, FIG 6A, describes sending the username and device authorization information for the service from the mobile phone to the second device and the service via the service login management component [authentication platform] when authorization is provided by the user on the user interface of the mobile phone, FIG 5A describes the first device pushes a token and requests a verification code. The Service management component sends the verification code to the second device where there is a registration page with username, register device and verification code; also see [0006]) Therefore, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to combine the teachings of the alternative embodiment of Allinson with the first embodiment of Allinson to include receiving on the authentication platform a request for the login credentials for the at least one service provider from the secondary device; transmitting the requested login credentials for the at least one service provider from the authorized device to the secondary device and the service provider via the authentication platform when authorization is provided by the user via a user interface on the authorized device. One would have been motivated to facilitate service login (Allinson, [0002]). Regarding claim 3, Allinson discloses the method of claim 1. Allinson further discloses wherein the request for login credentials from the authentication platform to the authorized device is communicated via a push notification service, (Allinson, [0003], describes the access request may specify a username and device authorization information [login credentials] (e.g. an indication that the first device is authorized to authenticate the user for accessing the service from the second device); [0043], the login application may utilize a push notification service for obtaining a push token using for communicating with the service. The user may log into the service using a username/and or password such as from the second device (e.g. using a browser on the second device)). Regarding claim 4, Allinson discloses the method of claim 1. The first embodiment of Allinson fails to explicitly disclose wherein the request for login credentials from the device is initiated by an application executed on the secondary device. However, in an alternative embodiment, Allinson discloses wherein the request for login credentials from the device is initiated by an application executed on the secondary device (Allinson, FIG 6A shows wherein the request for login credential from the first device in initiated by an application executed on the second device). Therefore, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to combine the teachings of the alternative embodiment of Allinson with the first embodiment of Allinson to include wherein the request for login credentials from the device is initiated by an application executed on the secondary device. One would have been motivated to facilitate service login (Allinson, [0002]). Regarding claim 7, Allinson discloses the method of claim 1. The first embodiment of Allinson fails to explicitly disclose wherein the authorized device is a portable device capable of communicating with the authentication platform and/or the secondary device However, in an alternative embodiment, Allinson discloses wherein the authorized device is a portable device capable of communicating with the authentication platform and/or the secondary device (Allinson, [0042] describes a first device may be registered as authorized to authenticate a user login into a service from a second device (e.g., a Smartphone of the user may be used to log the user into a media streaming service on a Smart television without the user having to enter a password for the media streaming service through the Smart television). In this way, the first device (e.g., a mobile device that the user may conveniently carry around) may be used to securely log the user into services on various devices without the user having to enter passwords through Such devices, which improves security of data transmission to the second device (e.g., so that a malicious user is not accessing user data provided by the service to the second device by merely attempting to provide login credentials directly through the second computer) because the first device authenticates the user for accessing the service on the second device). Therefore, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to combine the teachings of the alternative embodiment of Allinson with the first embodiment of Allinson to include wherein the authorized device is a portable device capable of communicating with the authentication platform and/or the secondary device. One would have been motivated to facilitate service login (Allinson, [0002]). Claim 2 is rejected under 35 U.S.C. 103 as being unpatentable over Allinson et al ("Allinson," US 20160285633) and further in view of Tunnell et al (“Tunnell,” US 20160379220). Regarding claim 2, Allinson discloses the method of claim 1. Allinson fails to explicitly disclose wherein the login credentials comprise one or more unique identifiers. However, in an analogous art, Tunnell discloses wherein the login credentials comprise one or more unique identifiers, (Tunnell, [0057] describes user authentication occurs within most human-to-computer interactions by user entry of identification characters, numbers and/or symbols followed by entry of a unique password comprising a second set of characters, numbers and/or symbols called authentication credentials herein) Therefore, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to combine the teachings of Tunnell with the method/system of Allinson to include wherein the login credentials comprise one or more unique identifiers. One would have been motivated to One would have been motivated to provide improved authentication techniques prior to information transfer, storage, backup and retrieval using multiple instances of authentication shared across multiple devices (Tunnell, [0002]). Claim 5 is rejected under 35 U.S.C. 103 as being unpatentable over Allinson et al ("Allinson," US 20160285633) and further in view of Resgies et al (“Resgies,” US 20120159612) Regarding claim 5, Allinson discloses the method of claim 1. Allinson fails to explicitly disclose wherein development, editing and management of the login credentials stored on the memory of the authorized device is performed by a software application operating on the authorized device. However, in an analogous art, Resgies discloses wherein development, editing and management of the login credentials stored on the memory of the authorized device is performed by a software application operating on the authorized device, (Reisgies, FIG 4G allows the development and editing of a password; [0043], credential management; [0030], password manager application; FIG 4F shows a password keeper software application on the mobile phone [authorized device] that allows the user to add new account, login and password; FIG 4G allows the user to generate passwords; [0008] describes a system for storing one or more passwords on a portable communication device having a secured element and user interface) Therefore, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to combine the teachings of Reisgies with the method/system of Allinson to include wherein development, editing and management of the login credentials stored on the memory of the authorized device is performed by a software application operating on the authorized device. One would have been motivated to securely store a digital password key ring in a secure element on a portable communication device (Reisgies, [0002]). Claim 6 is rejected under 35 U.S.C. 103 as being unpatentable over Allinson et al ("Allinson," US 20160285633) and further in view of Cropp at al (“Cropp,” US 20200382545). Regarding claim 6, Allinson discloses the method of claim 1. Allinson fails to explicitly disclose wherein the authentication platform is a network accessible server. However, in an analogous art, Cropp discloses wherein the authentication platform is a network accessible server, (Cropp, [0036], Server 116, server 122, and additional resources may define a network accessible server infrastructure. In example embodiments, servers 116 and server 122 may form a network-accessible server set, such as a cloud computing server network. For example, server 116 and server 122 may comprise a group or collection of servers (e.g., computing devices) that are each accessible by a network such as the Internet (e.g., in a “cloud-based” embodiment) to store, manage, and process data) Therefore, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to combine the teachings of Cropp with the method/system of Allinson to include wherein the authentication platform is a network accessible server. One would have been motivated to provide a method and system to store, manage and process data (Cropp, [0036]). Claim 8 is rejected under 35 U.S.C. 103 as being unpatentable over Allinson et al ("Allinson," US 20160285633) and further in view of Ericson et al (“Ericson,” US 20200213298). Regarding claim 8, Allinson disclose the method of claim 1. Allinson fails to explicitly disclose wherein the service provider requires authentication for access or elevated permissions. However, in an analogous art, Ericson discloses wherein the service provider requires authentication for access (Ericson, [0011], The service provider may require completing an authentication mechanism to provide the requested access; [0012], in response to the requested access, the device or service provider may output an authentication request that requires the user to enter in credentials (e.g., a username, password, and/or personal identification number (PIN)). or elevated permissions. Therefore, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to combine the teachings of Ericson with the method/system of Allinson to include wherein the service provider requires authentication for access or elevated permissions. One would have been motivated to providing authentication through mobile computing devices (Ericson, [0001]) Claim 9 is rejected under 35 U.S.C. 103 as being unpatentable over Allinson et al ("Allinson," US 20160285633) and further in view of Smith et al (“Smith,” US 20140157392) Regarding claim 9, Allinson discloses the method of claim 1. Allinson fails to explicitly disclose transmissions of the requested credentials from the authorized device to the authentication platform and from the authentication platform to the secondary device are encrypted. However, in an analogous art, Smith discloses transmissions of the requested credentials from the authorized device to the authentication platform and from the authentication platform to the secondary device are encrypted, (Smith, [0033]-[0040] describes transmissions and connections between the authorized device which is the smartphone 202 and the authentication platform which is the server maintained by the service provider in 210 and from the server maintained by the service provider to the user desktop with an application as shown in 204 and 212; [0033] describes transmissions of the requested credentials from the authorized device to the server and from the server to the secondary device and secure channels; [0025] describes communications between devices can be accomplished in whole or in part over an encrypted communications channel) Therefore, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to combine the teachings of Smith with the method/system of Allinson to include transmissions of the requested credentials from the authorized device to the authentication platform and from the authentication platform to the secondary device are encrypted. One would have been motivated to provide a system and method for using a separate device to facilitate authentication (Smith, [0003]). Conclusion Any inquiry concerning this communication or earlier communications from the examiner should be directed to JAMES J WILCOX whose telephone number is (571)270-3774. The examiner can normally be reached M-F: 8 A.M. to 5 P.M.. Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice. If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Luu T. Pham can be reached on (571)270-5002. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300. Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. Visit https://www.uspto.gov/patents/apply/patent-center for more information about Patent Center and https://www.uspto.gov/patents/docx for information about filing in DOCX format. For additional questions, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000. /JAMES J WILCOX/Examiner, Art Unit 2439 /LUU T PHAM/Supervisory Patent Examiner, Art Unit 2439