Prosecution Insights
Last updated: July 17, 2026
Application No. 17/442,694

COMPUTER SYSTEMS AND METHODS INCLUDING HTML BROWSER AUTHORISATION APPROACHES

Final Rejection §103
Filed
Sep 24, 2021
Priority
Mar 28, 2019 — AU 2019901053 +1 more
Examiner
CATTUNGAL, DEREENA T
Art Unit
2431
Tech Center
2400 — Computer Networks
Assignee
Bankvault Pty Ltd.
OA Round
4 (Final)
80%
Grant Probability
Favorable
5-6
OA Rounds
0m
Est. Remaining
99%
With Interview

Examiner Intelligence

Grants 80% — above average
80%
Career Allowance Rate
224 granted / 279 resolved
+22.3% vs TC avg
Strong +30% interview lift
Without
With
+29.7%
Interview Lift
resolved cases with interview
Typical timeline
2y 9m
Avg Prosecution
23 currently pending
Career history
303
Total Applications
across all art units

Statute-Specific Performance

§101
1.8%
-38.2% vs TC avg
§103
85.4%
+45.4% vs TC avg
§102
6.3%
-33.7% vs TC avg
§112
4.3%
-35.7% vs TC avg
Black line = Tech Center average estimate • Based on career data from 279 resolved cases

Office Action

§103
DETAILED ACTION Notice of Pre-AIA or AIA Status 1.The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA . Response to Arguments 2. According to applicant’s arguments filed on 02/23/2026, independent claims1,2 and 21 have been amendment, which made the withdrawal of 112(b) rejection over independent claim(s). 3. Applicant’s arguments with respect 103 rejection have been fully considered but are moot based on the new ground of rejection. Balfanz (US Pat.No.8,256,664) in view of Richardson (WO 2018/0191780) (see, the rejection below). Claim Rejections - 35 USC § 103 4.The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action: A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made. 5. Claim(s) 1-11,13-21,24 and 65-66 are rejected under 35 U.S.C. 103 as being unpatentable Balfanz (US Pat.No.8,256,664) in view of Richardson (WO 2018/0191780) (from IDS filed on 09/24/2021) 6. Regarding claim 1 Balfanz teaches a computer implemented method of enabling an access provider system to secure access to content on a first electronic device in a session, the computer implemented method comprising: receiving encrypted input information and a session identifier at a system service, the encrypted input information being inputted by a user on a second electronic device and being sent from the second electronic device to the system service (Abstract, Figs.1A-B and Col.8, lines.22-67; Col.9, lines.1-35 teaches a first client device 170 may transmit a request for user information such as a personal email account of "www.a.com" to server 110. Client device 170 may establish an HTTP, or HTTPS, connection to server 110. Upon connecting to the server, for example during the HTTP protocols, the client and server may exchange additional information such as client device's IP address or other identifying information. In response to the request, server 110 may generate a session ID to identify the HTTP connection between server 110 and client device 170. Server 110 may associate client device 170 with the generated session ID, and store this association in memory accessibly by server 110. Server 110 may also generate a bar code, for example a QR bar code, incorporating the session ID information as well as a network location associated with the server 110. Server 110 may transmit the QR bar code to client device 170. Upon receiving the QR bar code, client device 170 may display a web page as shown in FIG. 2. The QR bar code 220 may be the bar code generated by the server which incorporates the session ID. The client device 170 may receive the session ID from the server and automatically retransmit it to the server. The client device 170 may identify the instruction to retransmit the session ID by executing JavaScript embedded in the login page received from the server. In response, server 110 may associate the IP address of client device 170 with the session ID and may store this association for later use. Once the first client device 170 has received the encoded information, a second client device 160 [mobile phone] in Fig.3 may be used to read and decode the information contained in the encoded information, such as the session ID and the network location of the server. For example, the encoded information is a bar code and the second client device 160 is an Internet-enabled cell phone with a camera, the user may position the cell phone such that the bar code displayed on the first client device is within a region that may be captured as an image by the camera. In one aspect, the phone may decode the bar code, i.e. extract the session ID and network location associated with the user information from the bar code. Once the second client device has decoded the encoded information, the second client device may transmit the session ID to the server for authentication of the first client device. After identifying the session ID, client device 160 may request confirmation from the user that the user would like to log into server 110 and access www.a.com as shown in fig.4. Fig.6 and Col.10, lines. 39-54 teaches when server 110 receives the consent and session ID from client device 160, the server may associate the session ID with client device 160. Server 110 may then identify which HTTP connection is associated with the session ID. In the example, the server may identify the HTTP connection to client device 170. Server 110 may also identify the requested email account based on the login information used to establish the authenticated connection and transmit the requested email account to client device 170. For example, server 110 may transmit the email account web site, www.a.com, to client device 170. Server 110 may also transmit any private user data, for example, the user's email inbox data, through the HTTP connection to client device 170. As shown in FIG. 6, client device 170 may display web site information 610 received from server 110). But Balfanz fails to teach the input information being inputted keypresses made by a user on a second electronic device. Richardson teaches the input information being inputted keypresses made by a user on a second electronic device (Figs.1,5-6 and 12-13 Para:007-0017 and Para:0123-0132 teaches a virtual machine manager for providing users with first virtual machines, the first virtual machines for being displayed on first electronic devices; a virtual keyboard manager for providing the users with virtual keyboards for providing user input to control the first virtual machines, the virtual keyboards for being displayed on second electronic devices that are different to the first electronic devices. An authenticator configured to provide visual codes for being scanned by the second virtual machines to provide association information; the authenticator being further configured to receive the verification information to associate the second electronic devices with the first virtual machines. Preferably the authenticator is configured to provide the visual codes with association information where the visual codes identify the first virtual machines on a unique basis. Preferably the authenticator is configured to associate each visual code with a first virtual machine on a unique basis, the visual code containing the IP address associated with the first virtual machine. Preferably each visual code also includes an occasional password. Preferably the virtual machine manager is configured to provide the virtual keyboards as applications that authenticate with each first virtual machine, each virtual keyboard corresponding with a first virtual machine and associated with the same session as the session associated with the first virtual machine; each virtual keyboard corresponding with a respective first virtual machine, the respective first virtual machine applying the input of the associated virtual keyboard to the first virtual machine. The first virtual machines are configured to decrypt encrypted keypresses received from the second electronic devices). Therefore, it would have been obvious to one of the ordinary skill in the art before the effective filing date of the invention was filed to modify the teachings of Balfanz to include the input information being inputted keypresses made by a user as taught by Richardson. Balfanz already teaches receiving encrypted input information from the user (see, fig.3, Col.7, lines. 12-19; Col.8, lines.22-49) and the combination with Richardson would not result in any unpredictable result. Furthermore, different ways to enter the code/identifier are obvious variant. 7. Regarding claim 2 Balfanz teaches a computer implemented method of enabling one or more access provider systems to secure access to content on first electronic devices, each secure access being in a respective one of a plurality of sessions, the computer implemented method comprising: receiving encrypted input information and a session identifier at a system service for each session, the encrypted input information being made by each of the users on second electronic devices during the respective session and being sent from the second electronic devices to the system service; the system service processing the encrypted input information for each session into data comprising user verification information based on the encrypted input information, the data further comprising the session identifier for enabling the access provider system to link the user verification information to the session; and transmitting the data from the system service input information to the one or more access provider systems to allow the respective one of the one or more access provider systems to determine whether to authorise access to content on the respective first electronic device for each of the sessions (Abstract, Figs.1A-B and Col.8, lines.22-67 ; Col.9, lines.1-35 teaches a first client device 170 may transmit a request for user information such as a personal email account of "www.a.com" to server 110. Client device 170 may establish an HTTP, or HTTPS, connection to server 110. Upon connecting to the server, for example during the HTTP protocols, the client and server may exchange additional information such as client device's IP address or other identifying information. In response to the request, server 110 may generate a session ID to identify the HTTP connection between server 110 and client device 170. Server 110 may associate client device 170 with the generated session ID, and store this association in memory accessibly by server 110. Server 110 may also generate a bar code, for example a QR bar code, incorporating the session ID information as well as a network location associated with the server 110. Server 110 may transmit the QR bar code to client device 170. Upon receiving the QR bar code, client device 170 may display a web page as shown in FIG. 2. The QR bar code 220 may be the bar code generated by the server which incorporates the session ID. The client device 170 may receive the session ID from the server and automatically retransmit it to the server. The client device 170 may identify the instruction to retransmit the session ID by executing JavaScript embedded in the login page received from the server. In response, server 110 may associate the IP address of client device 170 with the session ID and may store this association for later use. Once the first client device 170 has received the encoded information, a second client device 160 [mobile phone] in Fig.3 may be used to read and decode the information contained in the encoded information, such as the session ID and the network location of the server. For example, the encoded information is a bar code and the second client device 160 is an Internet-enabled cell phone with a camera, the user may position the cell phone such that the bar code displayed on the first client device is within a region that may be captured as an image by the camera. In one aspect, the phone may decode the bar code, i.e. extract the session ID and network location associated with the user information from the bar code. Once the second client device has decoded the encoded information, the second client device may transmit the session ID to the server for authentication of the first client device. After identifying the session ID, client device 160 may request confirmation from the user that the user would like to log into server 110 and access www.a.com as shown in fig.4 Fig.6 and Col.10, lines. 39-54 teaches when server 110 receives the consent and session ID from client device 160, the server may associate the session ID with client device 160. Server 110 may then identify which HTTP connection is associated with the session ID. In the example, the server may identify the HTTP connection to client device 170. Server 110 may also identify the requested email account based on the login information used to establish the authenticated connection and transmit the requested email account to client device 170. For example, server 110 may transmit the email account web site, www.a.com, to client device 170. Server 110 may also transmit any private user data, for example, the user's email inbox data, through the HTTP connection to client device 170. As shown in FIG. 6, client device 170 may display web site information 610 received from server 110). But Balfanz fails to teach the input information being inputted keypresses made by a user on a second electronic device. Richardson teaches the input information being inputted keypresses made by a user on a second electronic device (Figs.1,5-6 and 12-13 Para:007-0017 and Para:0123-0132 teaches a virtual machine manager for providing users with first virtual machines, the first virtual machines for being displayed on first electronic devices; a virtual keyboard manager for providing the users with virtual keyboards for providing user input to control the first virtual machines, the virtual keyboards for being displayed on second electronic devices that are different to the first electronic devices. An authenticator configured to provide visual codes for being scanned by the second virtual machines to provide association information; the authenticator being further configured to receive the verification information to associate the second electronic devices with the first virtual machines. Preferably the authenticator is configured to provide the visual codes with association information where the visual codes identify the first virtual machines on a unique basis. Preferably the authenticator is configured to associate each visual code with a first virtual machine on a unique basis, the visual code containing the IP address associated with the first virtual machine. Preferably each visual code also includes an occasional password. Preferably the virtual machine manager is configured to provide the virtual keyboards as applications that authenticate with each first virtual machine, each virtual keyboard corresponding with a first virtual machine and associated with the same session as the session associated with the first virtual machine; each virtual keyboard corresponding with a respective first virtual machine, the respective first virtual machine applying the input of the associated virtual keyboard to the first virtual machine. The first virtual machines are configured to decrypt encrypted keypresses received from the second electronic devices). Therefore, it would have been obvious to one of the ordinary skill in the art before the effective filing date of the invention was filed to modify the teachings of Balfanz to include the input information being inputted keypresses made by a user as taught by Richardson. Balfanz already teaches receiving encrypted input information from the user (see, fig.3, Col.7, lines. 12-19; Col.8, lines.22-49) and the combination with Richardson would not result in any unpredictable result. Furthermore, different ways to enter the code/identifier are obvious variant. 8. Regarding claim 3 Balfanz teaches the computer implemented method as claimed in claim 2, wherein the method includes the system service having an application interface, the application interface for receiving the encrypted input information and transmitting the received encrypted input information from the system service to the one or more access provider systems (Figs.1A-B,2-3, abstract, Col.8, lines.22-67; Col.9, lines.1-35 teaches the system service having an application interface, the application interface for receiving and transmitting the encrypted/encoded input information). 9. Regarding claim 4 Balfanz teaches the computer implemented method as claimed in claim 3, wherein (i) each access provider system has access to decryption keys for decrypting the transmitted input information; and (ii) the system service does not have access to the decryption keys and is unable to decrypt the received encrypted input information (Abstract, Col.8, lines.22-67; Col.9, lines.1-35 teaches the service provider system has access to decryption keys for decrypting/decoding the transmitted encrypted/encoded input information). 10. Regarding claim 5 Balfanz teaches the computer implemented method as claimed in claim 2 including generating session identifiers; each session identifier for identifying a user input session in association with a corresponding access provider system and a corresponding second electronic device and collating encrypted input information based on the corresponding session identifiers; and providing collated input information associated with each session identifier to the one or more access provider systems based on the corresponding session identifiers ( Balfanz: abstract, Col.8, lines.22-67 Col.9, lines.1-35). 11. Regarding claim 6 Balfanz in view of Richardson teaches the computer implemented method as claimed in claim 5 including each access provider system generating a secret key for each session identifier associated with the access provider system (Richardson: Para:0111-0113 teaches generating a secret key for each session identifier). 12. Regarding claim 7 Balfanz in view of Richardson teaches the computer implemented method as claimed in claim 6 including presenting each session identifier and the corresponding secret key as a visual representation on the first electronic devices for scanning by the second electronic devices (Richardson: Para:0026-0029 and Para:131-0132 teaches presenting the session ID and the corresponding secret key as a visual representation on the first electronic device for scanning by the second electronic device [user hand held mobile device in figs.1,6]). 13. Regarding claim 8 Balfanz in view of Richardson teaches the computer implemented method as claimed in claim 6 including using each secret key in the encryption of information that is inputted by the user for the purposes of obtaining access to content on the corresponding first device (Richardson: Para:0026-0029 and Para:131-0132 teaches each secret key in the encryption of information is inputted by the user for accessing the content). 14. Regarding claim 9 Balfanz in view of Richardson teaches a computer implemented method as claimed in claim 5 including wherein each input information comprises a single keypress, wherein each of a plurality of input information received by the system service that is related to the same session identifier is collated into a collation of received encrypted input information and the collation of received encrypted input information is transmitted to the one or more access provider systems based on the corresponding session identifiers (Balfanz: Abstract, Figs.1A-B and Col.8, lines.22-67 Col.9, lines.1-35 teaches providing collated input information associated with each session identifier to the service provider system. Richardson: Para:0026-0029 and Para:131-0132 teaches the input information comprises a keypress). 15. Regarding claim 10 Balfanz in view of Richardson teaches a computer implemented method as claimed in claim 2, wherein the or each session identifier comprises an identifier of the respective access provider system and the method further comprises storing the respective access provider system identifier in the respective second device, wherein the stored access provider identifier is used again in a subsequent session( Balfanz ; Col.8, lines. 22-30; Richardson: Para:0026-0029 and Para:131-0132 teaches the session identifier comprises an identifier of the respective access provider system and storing the respective identifier in the second device). 16. Regarding claim 11 Balfanz in view of Richardson teaches a computer implemented method as claimed in claim 10, further comprising storing the respective access provider system identifier and one or both of a device identifier or a non-predicable number as a remembered identifier in the respective second device and transmitting the remembered identifier to the access provider system (Richardson: Para:0026-0029 and Para:131-0132 teaches the session identifier comprises an identifier of the respective access provider system and storing the respective identifier in the second device). 17. Regarding claim 13 Balfanz teaches a computer implemented method as claimed in claim 11, wherein he respective access provider system stores the device identifier and the remembered identifier, the remembered identifier being used as a previously received remembered identifier in a subsequent session, wherein during the subsequent session, the respective access provider system receives a device identifier that is used to look up the stored previously receiving remembered identifier, wherein during the subsequent session, the respective access provider system compares a newly received remembered identifier to the previously received remembered identifier, and the comparison is used as an additional authentication of the user and second device combination in a subsequent session (Col.10, lines.15-49 teaches the access provider system compares the received identifier to a previously received identifier). 18. Regarding claim 14 Balfanz teaches the computer implemented method as claimed in claim 2, wherein the method includes receiving requests from the one or more access provider systems to provide input session identifiers, each input session identifier being provided for use in providing secure access to content from an associated access provider system to a user (Fig.7 and Col.10, lines.55-67; Col.11, lines.1-17 teaches the input session identifier is being provided to access the content from the access/service provider system). 19. Regarding claim 15 Balfanz teaches the computer implemented method as claimed in claim 14 wherein the request is made to the system service (Col.8, lines.22-67; Col.9, lines.1-35 teaches the request is made to the system service). 20. Regarding claim 16 Balfanz in view of Richardson teaches a computer implemented method as claimed in claim 2 including transmitting content-agnostic and length-aware input information to corresponding first electronic devices after receiving input information from the second electronic devices for the display of the content-agnostic and length-aware input information on the first electronic device (Balfanz :Fig.3, Col.8, lines.22-67; Col.9, lines.1-35 teaches transmitting encrypted input information [which is content-agnostic and length-aware input] to first electronic device after receiving input information from the second electronic device). 21. Regarding claim 17 Balfanz in view of Richardson teaches a computer implemented method as claimed in claim 2 including transmitting content-agnostic and length-unaware input information to corresponding first electronic devices after receiving input information from the second electronic devices for the display of the content-agnostic and length-aware input information on the first electronic device (Balfanz :Fig.3, Col.8, lines.22-67; Col.9, lines.1-35 teaches transmitting encrypted/encoded input information [which is content-agnostic and length-aware input] to first electronic device after receiving input information from the second electronic device. Bhatnagar; Para:0030-0037). 22. Regarding claim 18 Balfanz teaches the computer implemented method as claimed in claim 2 including receiving display element selection information from the first devices as further input information from the users that is made directly on the first devices (Balfanz: Col.8, lines.22-61 teaches receiving display selection information element. 210 in figs.2,3 from the first devices 170). 23. Regarding claim 19 Balfanz teaches the computer implemented method as claimed in claim 65 including monitoring display element changes on each first user device made directly by the corresponding user (Balfanz: Fig.2,3,6 and Col.8, lines.22-61). 24. Regarding claim 20 Balfanz teaches the computer implemented method as claimed in claim 18 including informing corresponding second electronic devices of display element selection on the first electronic devices (Balfanz: Fig.3, Col.8, lines.22-67; Col.9, lines.1-35). 25. Regarding claim 21 Balfanz teaches a computer implemented method of enabling an access provider system to secure access to content on an electronic device via a first communication channel between the access provider system and the electronic device, the computer implemented method comprising: receiving encrypted input information at a system service via a second communication channel between a second device and the access provider system, the encrypted input information being inputted by a user on a second electronic device; and transmitting input information to the access provider system to allow the access provider system to determine whether to authorize access to the first electronic device (Abstract, Figs.1A-B and Col.8, lines.22-67; Col.9, lines.1-35 teaches a first client device 170 may transmit a request for user information such as a personal email account of "www.a.com" to server 110. Client device 170 may establish an HTTP, or HTTPS, connection to server 110. Upon connecting to the server, for example during the HTTP protocols, the client and server may exchange additional information such as client device's IP address or other identifying information. In response to the request, server 110 may generate a session ID to identify the HTTP connection between server 110 and client device 170. Server 110 may associate client device 170 with the generated session ID, and store this association in memory accessibly by server 110. Server 110 may also generate a bar code, for example a QR bar code, incorporating the session ID information as well as a network location associated with the server 110. Server 110 may transmit the QR bar code to client device 170. Upon receiving the QR bar code, client device 170 may display a web page as shown in FIG. 2. The QR bar code 220 may be the bar code generated by the server which incorporates the session ID. The client device 170 may receive the session ID from the server and automatically retransmit it to the server. The client device 170 may identify the instruction to retransmit the session ID by executing JavaScript embedded in the login page received from the server. In response, server 110 may associate the IP address of client device 170 with the session ID and may store this association for later use. Once the first client device 170 has received the encoded information, a second client device 160 [mobile phone] in Fig.3 may be used to read and decode the information contained in the encoded information, such as the session ID and the network location of the server. For example, the encoded information is a bar code and the second client device 160 is an Internet-enabled cell phone with a camera, the user may position the cell phone such that the bar code displayed on the first client device is within a region that may be captured as an image by the camera. In one aspect, the phone may decode the bar code, i.e. extract the session ID and network location associated with the user information from the bar code. Once the second client device has decoded the encoded information, the second client device may transmit the session ID to the server for authentication of the first client device. After identifying the session ID, client device 160 may request confirmation from the user that the user would like to log into server 110 and access www.a.com as shown in fig.4. Fig.6 and Col.10, lines. 39-54 teaches when server 110 receives the consent and session ID from client device 160, the server may associate the session ID with client device 160. Server 110 may then identify which HTTP connection is associated with the session ID. In the example, the server may identify the HTTP connection to client device 170. Server 110 may also identify the requested email account based on the login information used to establish the authenticated connection and transmit the requested email account to client device 170. For example, server 110 may transmit the email account web site, www.a.com, to client device 170. Server 110 may also transmit any private user data, for example, the user's email inbox data, through the HTTP connection to client device 170. As shown in FIG. 6, client device 170 may display web site information 610 received from server 110). But Balfanz fails to teach the input information being inputted keypresses made by a user on a second electronic device. Richardson teaches the input information being inputted keypresses made by a user on a second electronic device (Figs.1,5-6 and 12-13 Para:007-0017 and Para:0123-0132 teaches a virtual machine manager for providing users with first virtual machines, the first virtual machines for being displayed on first electronic devices; a virtual keyboard manager for providing the users with virtual keyboards for providing user input to control the first virtual machines, the virtual keyboards for being displayed on second electronic devices that are different to the first electronic devices. An authenticator configured to provide visual codes for being scanned by the second virtual machines to provide association information; the authenticator being further configured to receive the verification information to associate the second electronic devices with the first virtual machines. Preferably the authenticator is configured to provide the visual codes with association information where the visual codes identify the first virtual machines on a unique basis. Preferably the authenticator is configured to associate each visual code with a first virtual machine on a unique basis, the visual code containing the IP address associated with the first virtual machine. Preferably each visual code also includes an occasional password. Preferably the virtual machine manager is configured to provide the virtual keyboards as applications that authenticate with each first virtual machine, each virtual keyboard corresponding with a first virtual machine and associated with the same session as the session associated with the first virtual machine; each virtual keyboard corresponding with a respective first virtual machine, the respective first virtual machine applying the input of the associated virtual keyboard to the first virtual machine. The first virtual machines are configured to decrypt encrypted keypresses received from the second electronic devices). Therefore, it would have been obvious to one of the ordinary skill in the art before the effective filing date of the invention was filed to modify the teachings of Balfanz to include the input information being inputted keypresses made by a user as taught by Richardson. Balfanz already teaches receiving encrypted input information from the user (see, fig.3, Col.7, lines. 12-19; Col.8, lines.22-49) and the combination with Richardson would not result in any unpredictable result. Furthermore, different ways to enter the code/identifier are obvious variant. 26. Regarding claim 24 Richardson teaches the computer implemented method as claimed in claim 21, wherein the inputted information is unable to be provided to the access provider system via the first communication channel (Fig.6 shows multi communication channel and para:0026 teaches the inputted information is unable to be provided to the access provider system via the first communication channel). 27. Regarding claim 65 Balfanz teaches the method as claimed in claim 18, wherein this information is received from the user via the first electronic device, and it is sent to the access provider system before verification of the user (Balfanz : Fig.5, Col.10, lines.15-23 teaches Client device 160 [first electronic device] may transmit the username and password to server 110 in order to establish an authenticated connection). 28. Regarding claim 66 Balfanz in view of Richardson teaches the method as claimed in claim 2, comprising transmitting for display of a virtual keyboard on a respective one of the second electronic devices, wherein the user makes keypresses by selecting keys of virtual keyboard (Balfanz: fig.3, Col.8, lines.22-58; Richardson: Para:007-0017 and Para:0123-0132). 29. Regarding claim 67 Balfanz teaches the method as claimed in claim 2, including generating session identifiers; each session identifier for identifying a user input session in association with a corresponding access provider system and a corresponding second electronic device, and receiving requests from the one or more access provider systems to provide input session identifiers, each input session identifier being provided for use in providing secure access to content from an associated access provider system to a user (Balfanz: Fig.1A; Col.7, lines.38-61 teaches server 110 may have access to user information 142. The user information may identify users of the systems, i.e., any entity that interacts with the system and method such as businesses or people. User information may include information such as user names, passwords, account content, and network addresses identifying user devices. Server 110 may access this information when a client device requests access to information at the server. Data 140 may also include session identifiers ("session IDs") 144. Server 110 may generate session IDs using session ID generator 134. When server 110 receives a request for information, such as for access to data associated with a particular user, the server may use session ID generator 134 to establish a session ID for the login. The session IDs may be sent and received by the server and/or client devices and the server may associate one or more client devices with a particular session ID. The particular session ID may be associated with a request for a particular product, such as a user's personal email account or personal calendar). 30. Regarding claim 67 Balfanz teaches the method as claimed in claim 1 including generating session identifiers; each session identifier for identifying a user input session in association with a corresponding access provider system and a corresponding second electronic device, the system service generates the session identifier and provides the session identifier to the second electronic device and the access provider system (Balfanz; Fig.1A Col.7, lines.38-61 teaches server 110 may have access to user information 142. The user information may identify users of the systems, i.e., any entity that interacts with the system and method such as businesses or people. User information may include information such as user names, passwords, account content, and network addresses identifying user devices. Server 110 may access this information when a client device requests access to information at the server. Data 140 may also include session identifiers ("session IDs") 144. Server 110 may generate session IDs using session ID generator 134. When server 110 receives a request for information, such as for access to data associated with a particular user, the server may use session ID generator 134 to establish a session ID for the login. The session IDs may be sent and received by the server and/or client devices and the server may associate one or more client devices with a particular session ID. The particular session ID may be associated with a request for a particular product, such as a user's personal email account or personal calendar). Conclusion Applicant's amendment necessitated the new ground(s) of rejection presented in this Office action. Accordingly, THIS ACTION IS MADE FINAL. See MPEP § 706.07(a). Applicant is reminded of the extension of time policy as set forth in 37 CFR 1.136(a). A shortened statutory period for reply to this final action is set to expire THREE MONTHS from the mailing date of this action. In the event a first reply is filed within TWO MONTHS of the mailing date of this final action and the advisory action is not mailed until after the end of the THREE-MONTH shortened statutory period, then the shortened statutory period will expire on the date the advisory action is mailed, and any nonprovisional extension fee (37 CFR 1.17(a)) pursuant to 37 CFR 1.136(a) will be calculated from the mailing date of the advisory action. In no event, however, will the statutory period for reply expire later than SIX MONTHS from the mailing date of this final action. Any inquiry concerning this communication or earlier communications from the examiner should be directed to DEREENA T CATTUNGAL whose telephone number is (571)270-0506. The examiner can normally be reached Mon-Fri : 7:30 AM-5 PM EST. Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice. If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Lynn Feild can be reached on 571-272-2092. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300. Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. Visit https://www.uspto.gov/patents/apply/patent-center for more information about Patent Center and https://www.uspto.gov/patents/docx for information about filing in DOCX format. For additional questions, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000. /DEREENA T CATTUNGAL/Primary Examiner, Art Unit 2431
Read full office action

Prosecution Timeline

Show 1 earlier event
Jun 12, 2024
Non-Final Rejection mailed — §103
Nov 12, 2024
Response Filed
Feb 11, 2025
Final Rejection mailed — §103
Aug 11, 2025
Request for Continued Examination
Aug 14, 2025
Response after Non-Final Action
Sep 23, 2025
Non-Final Rejection mailed — §103
Feb 23, 2026
Response Filed
Jun 03, 2026
Final Rejection mailed — §103 (current)

Precedent Cases

Applications granted by this same examiner with similar technology

Patent 12683804
Hardened Encoded Message Check for RSA Signature Verification
2y 9m to grant Granted Jul 14, 2026
Patent 12664251
STATEMENT PROOF AND VERIFICATION
1y 8m to grant Granted Jun 23, 2026
Patent 12652180
METHOD, APPARATUS, DEVICE, AND STORAGE MEDIUM FOR DATA PROCESSING
1y 7m to grant Granted Jun 09, 2026
Patent 12645819
MANAGEMENT OF MULTIPLE DIGITAL IDENTITIES USING A CENTRALIZED DISTRIBUTED LEDGER
2y 5m to grant Granted Jun 02, 2026
Patent 12632608
INTEGRATED CIRCUIT DEVICE WITH PROTECTION AGAINST MALICIOUS ATTACKS
3y 4m to grant Granted May 19, 2026
Study what changed to get past this examiner. Based on 5 most recent grants.

Strategy Recommendation AI-generated — please review before filing

Get a prosecution strategy drawn from examiner precedents, rejection analysis, and claim mapping.
Typically takes 5-10 seconds — AI-generated, attorney review required before filing

Prosecution Projections

5-6
Expected OA Rounds
80%
Grant Probability
99%
With Interview (+29.7%)
2y 9m (~0m remaining)
Median Time to Grant
High
PTA Risk
Based on 279 resolved cases by this examiner. Grant probability derived from career allowance rate.

Sign in with your work email

Enter your email to receive a magic link. No password needed.

Personal email addresses (Gmail, Yahoo, etc.) are not accepted.

Free tier: 3 strategy analyses per month