Notice of Pre-AIA or AIA Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .
DETAILED ACTION
Continued Examination Under 37 CFR 1.114
A request for continued examination under 37 CFR 1.114, including the fee set forth in 37 CFR 1.17(e), was filed in this application after final rejection. Since this application is eligible for continued examination under 37 CFR 1.114, and the fee set forth in 37 CFR 1.17(e) has been timely paid, the finality of the previous Office action has been withdrawn pursuant to 37 CFR 1.114. Applicant’s submission filed on 12/19//2925 has been entered.
This Office Action is in response to the communication and claim amendment
filed on 11/14/2025; claims 1, 8, and 15 have been amended; Claims 3, 10, and 17 have been canceled; claims 1, 8, and 15 are independent claims. Claims 1-2, 4-7, 8-9, 11-14, 15-16, 18-21, and 22-23 have been examined and are pending. This Action is made Non-FINAL.
Response to Arguments\
The rejection of claims 1-2, 4-9, 11-16, and 18-23 under 35 U.S.C. § 112 1st paragraph, is maintained for the following reasons:
Applicant argues that "the amendments to claims 1, 8, and 15 resolve the alleged issues described in the Office Action" and that "the rejections under § 112 are rendered moot and should be withdrawn."
The Examiner respectfully disagrees. The Applicant's argument is not persuasive for the following reasons.
The prior 112(a) written description rejection was directed to the timer condition in claim 1 - specifically, the requirement that providing the code must occur "before the timer reaches a predetermined amount of time." The Examiner emphasized this specific limitation as lacking written description support in the specification.
In the RCE amendment, the Applicant deleted the phrase "during the communication and" and changing the limitation from "providing the code to the requesting user during the communication and before the timer reaches a predetermined amount of time" to "providing the code to the requesting user before the timer reaches a predetermined amount of time."
However, the deletion of "during the communication and" does not resolve the written description deficiency because the 112(a) rejection was never based on that phrase. The rejection was based on the limitation "before the timer reaches a predetermined amount of time" as a prerequisite condition for the step of providing the code to the requesting user. This limitation remains in the amended claim, unchanged.The Applicant has not explained how deleting "during the communication and" resolves the timer-related written description issue. The Applicant has not pointed to any portion of the specification that supports the timer as a condition on the act of providing the code to the requesting user. The Applicant has not addressed the substance of the 112(a) rejection. The Applicant's conclusory statement that the amendments "resolve the alleged issues" without any supporting explanation is insufficient to overcome the rejection.
Accordingly, the 112(a) rejection is maintained.
Applicants’ arguments in the instant amendment, filed on 11/14/2025, with respect to limitations listed below, have been fully considered but they are not persuasive.
Applicants argue: he combination of Johnson, Har, Muto, and Kleinhans fails to disclose “storing the code received from the requesting user in a secure database at a network location, wherein authorized users are enabled to access the secure database and view codes stored in the secure database” (Applicant Remarks/Arguments, pages 8-11).
The Examiner disagrees with the Applicants. The Examiner respectfully submits that the combination of Johnson, Har, Muto, and Kleinhans does disclose the aforementioned limitations as follows:
The combination of Johnson and Har teaches storing the code received from the requesting user in a secure database at a network location (Har: pars. [0019], [0035], user prompted for credentials (password, PIN code), user enters code, sent to server; Johnson: par. [0011], database stored user-generated security codes for authentication; Har: pars. [0018], [0044], fig. 4, server 408 store at net network location maintain secure data store containing user credentials).
The combination of Johnson and Har further teaches wherein authorized users are enabled to access the secure database and view codes stored in the secure database (Johnson: par. [0011], "to allow a user to use the data base to store, retrieve, and/or change the data" [i.e., authorized/enrolled users are enabled to access the database and retrieve (i.e., view) data stored therein]; Har: par. [0018], the data store contains "passwords, PIN codes" [i.e., the data stored in the secure database includes codes]). The combination of Johnson and Har teaches that authorized users are enabled to access a secure database (Johnson par. [0011]) and that the secure database stores codes such as passwords and PIN codes (Har par. [0018]). Together, the combination teaches that authorized users are enabled to access the secure database and view codes stored therein.
It is respectfully submitted that the combination of Johnson, Har, Muto, and Kleinhans as a whole does teach the aforementioned limitations.
The Examiner respectfully suggests that the claim be further amended; details in the specification be incorporated, to distinguish the claimed invention over prior art of record. Should the Applicant desire an interview to further clarify the claim interpretation/rejections, please contact the Examiner at (571) 270 1380 to schedule an interview.
Claim Rejections - 35 USC § 112
The following is a quotation of the first paragraph of 35 U.S.C. 112(a):
(a) IN GENERAL.—The specification shall contain a written description of the invention, and of the manner and process of making and using it, in such full, clear, concise, and exact terms as to enable any person skilled in the art to which it pertains, or with which it is most nearly connected, to make and use the same, and shall set forth the best mode contemplated by the inventor or joint inventor of carrying out the invention.
The following is a quotation of the first paragraph of pre-AIA 35 U.S.C. 112:
The specification shall contain a written description of the invention, and of the manner and process of making and using it, in such full, clear, concise, and exact terms as to enable any person skilled in the art to which it pertains, or with which it is most nearly connected, to make and use the same, and shall set forth the best mode contemplated by the inventor of carrying out his invention.
Claims 1-2, 4-9, 11-16, and 18-23 are rejected under 35 U.S.C. 112(a) or 35 U.S.C. 112 (pre-AIA ), first paragraph, as failing to comply with the written description requirement. The claim(s) contains subject matter which was not described in the specification in such a way as to reasonably convey to one skilled in the relevant art that the inventor or a joint inventor, or for applications subject to pre-AIA 35 U.S.C. 112, the inventor(s), at the time the application was filed, had possession of the claimed invention.
Regarding claims 1, 8, and 15; claims 1, 8, and 15 recite the limitation “providing the code to the requesting user before the timer reaches a predetermined amount of time.” lines 16-17, lines 17-18, lines 16-17, respectively; (emphasis added). However, “providing the code to the requesting user before the timer reaches a predetermined amount of time.” was not describe in the specification. However, the specification fails to describe the timer as a prerequisite condition for the act of providing the code to the requesting user.At most, the specification discloses the following regarding timing:(1) Paragraph [0038] discloses that a code may be associated with a deadline, time limit, or expiration factor, and the user may enter a time limit such as 24 hours, 30 seconds, or a deadline or expiration date such as January 5, 2027. This describes the creation of a time limit associated with the code, but does not describe the timer as a condition on providing the code to the requesting user.(2) Paragraph [0054] discloses that a code may be set to expire within a given amount of time after the code is entered. This describes code expiration, but does not describe the timer as a condition on providing the code to the requesting user.(3) Paragraph [0055] discloses that after the code is entered, a counter may begin, and the counter may run from the time the code is submitted by the recipient until the end of the expiration time limit. This describes when the counter starts and stops, but does not describe the timer as a condition on the act of providing the code to the requesting user.(4) Paragraph [0056] discloses that if the caller takes too long to view the code, and does not view the code prior to the expiration of the time limit, the code may be removed from the database. This describes a consequence of timer expiration - code removal from the database - but does not describe the timer as a condition on providing the code to the requesting user.(5) Paragraphs [0075], [0082], and [0089] each disclose that "a timer is started, wherein if the timer reaches a predetermined amount of time prior to the first code being received, a new prompt is transmitted to the second user." This describes a consequence of timer expiration - transmission of a new prompt - but does not describe the timer as a condition on providing the code to the requesting user.In summary, the specification describes the timer as controlling two system-side consequences: (a) the expiration and removal of the code from the database (paragraphs [0054], [0056]), and (b) the triggering of a new prompt when the code is not received in time (paragraphs [0075], [0082], [0089]). The specification does not describe the timer as a prerequisite condition for the human-to-human act of providing the code from the requested user to the requesting user as recited in claim steps “providing the code to the requesting user before the timer reaches a predetermined amount of time.”.While timing concepts exist independently in the specification, there is no disclosure of the timer serving as a temporal condition that must be satisfied for the step of providing the code from the requested user to the requesting user. The specification fails to convey to one skilled in the art, at the time the application was filed, that the inventor had possession of the claimed invention as currently amended.The Examiner respectfully requests the Applicant to point out and explain in full detail where in the specification support can be found for the limitation "before the timer reaches a predetermined amount of time" as a condition on the step of "providing the code to the requesting user." Applicant is required to cancel the new matter in the reply to this Office Action.
Regarding claims 2, 4-7, 22, and 23 are dependent on claim 1, and therefore inherit the 35 U.S.C 112, first paragraph as failing to comply the written description requirement of the independent claim.
Regarding claims 9 and 11-14 are dependent on claim 8, and therefore inherit the 35 U.S.C 112, first paragraph as failing to comply the written description requirement of the independent claim.
Regarding claims 16 and 18-21 are dependent on claim 15, and therefore inherit the 35 U.S.C 112, first paragraph as failing to comply the written description requirement of the independent claim.
Claim Rejections - 35 USC § 103
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.
Claims 1-2, 5, 8-9, 12, 15-16, 19, and 22-23 are rejected under 35 U.S.C. 103 as being unpatentable over Johnson (“Johnson,” US 2008/0262973) in view of Har et al. (“Har,” US 2012/0144198), and Muto et al. (“Muto,” US 11,550,894), and further in view of Kleinhans et al. (“Kleinhans,” US 2021/0264383).
Regarding claim 1, Johnson teaches a computer implemented method of authenticating a requested user, the method comprising performing operations as follows on a processor of a computer system:
registering the requested user (Johnson: par. 0011, At the time of enrollment or first use of the system by the user, the unique security code generated may be used to generate a biometric template or a range of values that may subsequently be used to identify the user and to allow a user to use the data base to store, retrieve, and/or change the data. This biometric template may be used to identify the user any time the user attempts to engage in an authorized transaction or attempts to access the data base; par. 0055).
Johnson does not explicitly disclose receiving, from a requesting user, a request for authenticating the requested user, wherein the requesting user and the requested user are participants in a communication session; transmitting, in response to receiving the request from the requesting user, a prompt to the requesting user; receiving, in response to the prompt, a code from the requesting user; storing the code received from the requesting user in a secure database at a network location, wherein authorized users are enabled to access the secure database and view codes stored in the secure database; and “enabling access to the secure database for a user device associated with the requested user, wherein the requested user is enabled to authenticate the requested user by accessing the code in the secure database and providing the code to the requesting user before the timer reaches a predetermined amount of time.”
However, in an analogous art, Har teaches
receiving, from a requesting user, a request for authenticating the requested user (Har: par. 0016, The authentication request can include information desired by the requesting user for confirmation the receiving user’s identity; fig. 2, steps 202-206; par. 0034, At 202 a caller can initiate a call to a callee. The caller can initiate the call on a mobile device over a cellular voice channel, from a computer over a data channel or from a landline telephone over a voice channel. The caller can be a first user or a second user. The callee can be a first user or a second user. At least one of the first user or the second user uses a mobile device. At 204 an authentication request can be sent by the first user or the second user over a data channel to a third party trusted authentication server. The authentication request can request the authentication server to authenticate the first user to the second user), wherein the requesting user and the requested user are participants in a communication session (Har: fig.1, CALLER (114), CALLEE (116), par. 0022; See also, fig. 2, par. 0034).
transmitting, in response to receiving the request from the requesting user, a prompt to the requesting user (Har: par. 0019 If authentication of the second user is requested by the first user, the second user can be prompted for credentials including but not limited to a password or personal identification number (PIN) code and/or other information. The second user can enter the information for which he is prompted and can encrypt and/or sign the confirmation message. The encrypted and/or signed message can be sent to the authentication server. The authentication server can decrypt and/or validate the digital signature to authenticate the confirmation message and thus the second user; par. 0035, …at 216 the second user can be prompted for credentials (password, PIN code, etc.), which can be validated by the third party trusted server at 218 before the confirmation message is returned to the first user at 220).
receiving, in response to the prompt, a code from the requesting user (Har: par. 0019 If authentication of the second user is requested by the first user, the second user can be prompted for credentials including but not limited to a password or personal identification number (PIN) code and/or other information. The second user can enter the information for which he is prompted and can encrypt and/or sign the confirmation message. The encrypted and/or signed message can be sent to the authentication server. The authentication server can decrypt and/or validate the digital signature to authenticate the confirmation message and thus the second user; par. 0035, …at 216 the second user can be prompted for credentials (password, PIN code, etc.), which can be validated by the third party trusted server at 218 before the confirmation message is returned to the first user at 220);
storing the code received from the requesting user in a secure database at a network location (Johnson: par. 0011, At the time of enrollment or first use of the system by the user, the unique security code generated may be used to generate a biometric template or a range of values that may subsequently be used to identify the user and to allow a user to use the data base to store, retrieve, and/or change the data. This biometric template may be used to identify the user any time the user attempts to engage in an authorized transaction or attempts to access the database; par. 0055; Har: par. 0018, a data store of user information that includes the mobile telephone numbers of users, usernames, passwords, PIN codes, the name, address and public keys for users, credentialing information, identification information and so on; fig. 4, Server 408 (i.e. remote server); pars. 0019, 0035, 0044), wherein authorized users are enabled to access the secure database and view codes stored in the secure database (Johnson: par. 0011; Har: par. 0018, par. 0019 If authentication of the second user is requested by the first user, the second user can be prompted for credentials including but not limited to a password or personal identification number (PIN) code and/or other information. The second user can enter the information for which he is prompted and can encrypt and/or sign the confirmation messag);
enabling access to the secure database for a user device associated with the requested user, confirming receipt of identity to requesting user (Har: par. 0003, confirmation response confirming the identity of the second user to the first user can be sent to the first user. The confirmation response can be sent over a data channel (such as an Internet connection or SMS/MMS connection) in parallel to the voice channel transmission).
Therefore, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to combine the teachings of Har with the method and system of Johnson to include receiving, from a requesting user, a request for authenticating the requested user transmitting, in response to receiving the request from the requesting user, a prompt to the requesting user; receiving, in response to the prompt, a code from the requesting user; storing the code received from the requesting user in a secure database at a network location, wherein authorized users are enabled to access the secure database and view codes stored in the secure database; enabling access to the secure database for a user device associated with the requested user, confirming receipt of identity to requesting user. One would have been motivated to provide the system prompts the user of credentials e.g. passwords, to be validated by a third party trusted server before a confirmation message is returned to the another user if identification of the former user is requested, thus preventing unauthorized use of the latter user's certificate by a malicious user of the mobile device (Har: par. 0035).
The combination of Johnson and Har does not explicitly disclose: wherein the requested user is enabled to authenticate the requested user by accessing the code in the secure database and providing the code to requesting user during the communication session;
However, in an analogous art, Muto teaches system wherein
the requested user is enabled to authenticate the requested user by accessing the code (Muto: abstract; Col. 3, lines 30-38, (Muto: abstract; Col. 3, lines 30-38, prescribed code or the like is displayed on a verification device 30 different from a display device 20 so that a user 40 can confirm the nonoccurrence of disguise as shown in FIG. 2. FIG. 2 is a diagram for describing the outline of a confirmation system according to a first embodiment. For example, the user 40 confirms whether the display device 20 works normally by confirming the conformity between a code displayed on the display device 20 and a code displayed on the verification device 30).
providing the code to requesting user during the communication session (Muto: abstract; Col. 3, lines 30-38, prescribed code or the like is displayed on a verification device 30 different from a display device 20 so that a user 40 can confirm the nonoccurrence of disguise as shown in FIG. 2. FIG. 2 is a diagram for describing the outline of a confirmation system according to a first embodiment. For example, the user 40 confirms whether the display device 20 works normally by confirming the conformity between a code displayed on the display device 20 and a code displayed on the verification device 30.).
Therefore, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to combine the teachings of Muto with the method and system of Johnson and Har to include “wherein the requested user is enabled to authenticate the requested user by accessing the code in the secure database” “providing the code to requesting user during the communication session;” One would have been motivated to provide easily and reliable confirm a state in which an input/output screen can be occupied by a Trusted Execution Environment (TEE) (Muto: Col. 2, lines 44-46).
The combination of Johnson, Har, and Muto do not explicitly disclose “starting timer.”, “before the timer reaches a predetermined amount of time.”
However, in an analogous art, Kleinhans discloses that a secret code can be entered and sent to server, wherein secret code can expire after a predetermined amount of time (Kleinhans: par. 0258, The secret code can be entered into the code field 974 and then sent to server 108 in response to selecting a submit USC 978. The secret code can expire after a predetermine amount of time.).
Therefore, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to combine the teaching of Kleinhans with the method and system of Johnson, Har, and Muto to include a timer is started, providing the code to requesting user before the timer reaches a predetermined amount of time. One would have been motivated to provide the vehicle information service provider which increases its ability to provide reliable service information by not receiving vehicle service information unless it has been confirmed that the vehicle information is from a valid and/or known vehicle (Kleinhans: par. 0002).
Regarding claim 2, the combination of Johnson, Har, Muto, and Kleinhans teaches the method of claim 1. The combination of Johnson, Har, Muto, and Kleinhans further comprising receiving confirmation from the requesting user that the requested user provided the code (Johnson: pars. 0011, 0055; Har: par. 0003, confirmation response confirming the identity of the second user to the first user can be sent to the first user. The confirmation response can be sent over a data channel (such as an Internet connection or SMS/MMS connection) in parallel to the voice channel transmission; Muto: abstract; Col. 3, lines 30-38).
Regarding claim 5, the combination of Johnson, Har, Muto, and Kleinhans discloses the method of claim 1. The combination of Johnson, Har, Muto, and Kleinhans further discloses wherein the code is one of a text string, an image, and an audio clip (Har: par. 0019 If authentication of the second user is requested by the first user, the second user can be prompted for credentials including but not limited to a password or personal identification number (PIN) code and/or other information. The second user can enter the information for which he is prompted and can encrypt and/or sign the confirmation message. The encrypted and/or signed message can be sent to the authentication server. The authentication server can decrypt and/or validate the digital signature to authenticate the confirmation message and thus the second user; par. 0035, …at 216 the second user can be prompted for credentials (password, PIN code, etc.), which can be validated by the third party trusted server at 218 before the confirmation message is returned to the first user at 220).
Regarding claim 8, claim 8 is directed to a system, comprising: a processor (Johnson: par. 0013; Har: par. 0024); and a computer-readable storage medium (Johnson: par. 0013; Har: par. 0021) storing computer-readable instructions which, when executed by the processor associated with the method claimed in claim 8; claim 8 is similar in scope to claim 1, and is therefore rejected under similar rationale.
Regarding claim 9, claim 9 is similar in scope to claim 2, and is therefore rejected under similar rationale.
Regarding claim 12, claim 12 is similar in scope to claim 5, and is therefore rejected under similar rationale.
Regarding claim 15, claim 15 is directed to a computer program product, comprising: a non-transitory computer-readable storage medium (Johnson: par. 0048; Har: par. 0038)) having computer-readable program code (Har: par. 00421) embodied therewith, the computer-readable program code associated with the method claimed in claim 15; claim 15 is similar in scope to claim 1, and is therefore rejected under similar rationale.
Regarding claim 16, claim 16 is similar in scope to claim 2, and is therefore rejected under similar rationale.
Regarding claim 19, claim 19 is similar in scope to claim 5, and is therefore rejected under similar rationale
Regarding claim 22, the combination of Johnson, Har, Muto, and Kleinhans teaches the method of claim 1. The combination of Johnson, Har, Muto, and Kleinhans further discloses comprising identifying the requesting user (Har: par. 0003, confirmation response confirming the identity of the second user to the first user can be sent to the first user. The confirmation response can be sent over a data channel (such as an Internet connection or SMS/MMS connection) in parallel to the voice channel transmission).
Regarding claim 23, the combination of Johnson, Har, Muto, and Kleinhans teaches the method of claim 1. The combination of Johnson, Har, Muto, and Kleinhans does not explicitly disclose "transmitting the code in a message to the requesting user".
However, Har teaches that during an authentication process, the authentication server sends messages to both participating users (Har: par. [0027], "The authentication server 102 can look up the mobile telephone number of the second user in its data store and can send the second user a message. The server message can include an indication from the authentication server 102 indicating that the authentication server 102 recognizes the first user. The server message can also include identification information associated with the sender including name, address, any information volunteered by the sender and so on."
It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to modify the combination of Johnson, Har, Muto, and Kleinhans to transmit the code in a message to the requesting user, because:
Har teaches that the authentication server sends messages to both participating users during an authentication process - a message to the second user containing identification information associated with the first user (par. [0027]), and a confirmation response to the first user confirming the identity of the second user (par. [0003]). Furthermore, Har par. [0014] teaches that these user roles are interchangeable.
One of ordinary skill in the art would have recognized that including the code in a message to the requesting user provides the requesting user with a persistent reference copy of the code on the requesting user’s device, enabling accurate comparison when the requested user provides the code back during the communication session. The modification amounts to applying a known technique (sending a confirmation message containing submitted data to the submitting user) to a known system (the authentication system of the combination) to yield a predictable result (the requesting user has a reference copy for verification purposes). See KSR Int’l Co. v. Teleflex Inc., 550 U.S. 398 (2007).
Claims 7, 14, and 21 are rejected under 35 U.S.C. 103 as being unpatentable over Johnson (“Johnson,” US 2008/0262973) in view of Har et al. (“Har,” US 2012/0144198), and Muto et al. (“Muto,” US 11,550,894), and Kleinhans et al. (“Kleinhans,” US 2021/0264383), and further in view Hindocha et al. (“Hindocha,” US 2018/0234242).
Regarding claim 7, the combination of Johnson, Har, Muto, and Kleinhans discloses the method of claim 1. The combination of Johnson, Har, Muto, and Kleinhans discloses wherein transmitting the prompt but does not explicitly discloses displaying a graphical user interface button in a user interface of an application executing on a user device associated with the requesting user.
However, in an analogous art, Hindocha discloses graphical user interface button in a user interface of an application executing on a user device associated with the requesting user (Hindocha: par. 0059, The software function executing on the device 300 also comprises or has access to the information 132, both the values of the unique set of codes “123”, “234”, etc., and the association to the respective pieces of information “1”, “2,”, etc. The information 132 has been communicated to the software function during an installation procedure of the software function. The graphical user interface further comprises a send button 333, which when pressed is arranged to take each character in the text box 330, determining a corresponding code, concatenating the codes to a character string, hashing the resulting string 100000 times and sending the resulting hash value to the central server 130.).
Therefore, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to combine the teachings of Hindocha with the method and system of Johnson, Har, Muto, and Kleinhans to include graphical user interface button in a user interface of an application executing on a user device associated with the requesting user One would have been motivated to store the codes in a safe way by encrypting that can accessible by the electronic device using software function (Hindocha: abstract; par. 0022, 0023).
Regarding claim 14, claim 14 is similar in scope to claim 7, and is therefore rejected under similar rationale.
Regarding claim 21, claim 21 is similar in scope to claim 7, and is therefore rejected under similar rationale.
Claims 4, 11, and 18 are rejected under 35 U.S.C. 103 as being unpatentable over Johnson (“Johnson,” US 2008/0262973) in view of Har et al. (“Har,” US 2012/0144198), and Muto et al. (“Muto,” US 11,550,894), and Kleinhans et al. (“Kleinhans,” US 2021/0264383), and further in view Jurss et al. (“Jurss,” US 2021/0049614).
Regarding claim 4, the combination of Johnson, Har, Muto, and Kleinhans discloses the method of claim 1. The combination of Johnson, Har, Muto, and Kleinhans discloses receiving a request from the requested user to authenticate the requesting user (Har: par. 0012; a first user (a first client) or a second user (a second client) can initiate establishment of a connection over a voice channel such as but not limited to a cellular channel. The first user can use a mobile device such as but not limited to a mobile device as described with respect to FIG. 5. The first user can use a computing device such as but not limited to a computer as described with respect to FIG. 3. The first user can be a caller or a callee; par. 0016). Johnson, Har, Muto, and Kleinhans do not explicitly disclose transmitting a second prompt to the requested user; receiving, in response to the second prompt, a second code from the requested user; and transmitting the second code to a user device associated with the requesting user.
However, in an analogous art, Jurss discloses
transmitting a second prompt to the requested user (Jurss: par. 0102, The process 1400 may include transmitting, by the validation computer, the access code to the first user device at 1406…);
receiving, in response to the second prompt, a second code from the requested user (Jurss: par. 0103, the process 1400 may include receiving, by the validation computer and from an access device, the access code at 1408); and
transmitting the second code to a user device associated with the requesting user (Jurss: par. 0103, the user associated with the first user device may transmit, provide, or other authorize another user associated with a second user device to utilized the access code to conduct a transaction at the access device on their behalf or with their authority).
Therefore, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to combine the teaching of Jurss with the method and system of Johnson, Har, Muto, and Kleinhans to include transmitting a second prompt to the requested user; receiving, in response to the second prompt, a second code from the requested user; and transmitting the second code to a user device associated with the requesting user.” One would have been motivated to transmit to a user device via a particular communication channel and may be associated with an expiration time period, which limits the time period with which the code can be used to conduct a transaction at the access device, thereby increasing security (Jurss: par. 0004).
Regarding claim 11, claim 11 is similar in scope to claim 4, and is therefore rejected under similar rationale.
Regarding claim 18, claim 18 is similar in scope to claim 4, and is therefore rejected under similar rationale.
Claims 6, 13, and 20 are rejected under 35 U.S.C. 103 as being unpatentable over Johnson (“Johnson,” US 2008/0262973) in view of Har et al. (“Har,” US 2012/0144198), and Muto et al. (“Muto,” US 11,550,894), and Kleinhans et al. (“Kleinhans,” US 2021/0264383), and further in view of Ludwig et al. (“Ludwig,” US 2015/0223056).
Regarding claim 6, the combination of Johnson, Har, Muto, and Kleinhans discloses the method of claim 2. The combination of Johnson, Har, Muto, and Kleinhans teaches “wherein upon the timer reaching the predetermined amount of time” but does not explicitly disclose “wherein upon the timer reaching the predetermined amount of time prior to receiving confirmation from the requesting user that the requested user provided the code a second prompt is transmitted to the requesting user”
However, in an analogous art, Ludwig teaches a system where upon timer expiration during a period when expected user interaction has not occurred, the system automatically prompts the user again (Ludwig: par. 0022, One aspect of the embodiments may include a timer that monitors periods of inactivity. If the timer elapses during the period of inactivity, the device may prompt the user to re-enter the passcode prior to allowing the user access to the application).
Therefore, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to combine the teaching of Ludwig with the method and system of Johnson, Har, Muto, and Kleinhans to include ”wherein upon the timer reaching the predetermined amount of time prior to receiving confirmation from the requesting user that the requested user provided the code a second prompt is transmitted to the requesting user” . One would have been motivated to allows a website to add security features such as site keys in which the user is presented with an image or other piece of information that is unique to the user or security questions that identify the user to the website (Ludwig: par. 0016).
Regarding claim 13, claim 13 is similar in scope to claim 6, and is therefore rejected under similar rationale.
Regarding claim 20, claim 20 is similar in scope to claim 6, and is therefore rejected under similar rationale.
Conclusion
Any inquiry concerning this communication or earlier communications from the examiner should be directed to CANH LE whose telephone number is (571)270-1380. The examiner can normally be reached on Monday to Friday 6:00AM to 3:30PM other Friday off.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Luu Pham, can be reached at telephone number 571-270-5002. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of an application may be obtained from Patent Center and the Private Patent Application Information Retrieval (PAIR) system. Status information for published applications may be obtained from Patent Center or Private PAIR. Status information for unpublished applications is available through Patent Center and Private PAIR for authorized users only. Should you have questions about access to the Private PAIR system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free).
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) Form at https://www.uspto.gov/patents/uspto-automated- interview-request-air-form.
/Canh Le/
Examiner, Art Unit 2439
February 17th, 2026
/LUU T PHAM/Supervisory Patent Examiner, Art Unit 2439