SYSTEMS AND METHODS FOR USER AUTHENTICATION BASED ON MULTIPLE DEVICES

Notice of Pre-AIA or AIA Status The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA . DETAILED ACTION Continued Examination Under 37 CFR 1.114 1. A request for continued examination under 37 CFR 1.114, including the fee set forth in 37 CFR 1.17(e), was filed in this application after final rejection. Since this application is eligible for continued examination under 37 CFR 1.114, and the fee set forth in 37 CFR 1.17(e) has been timely paid, the finality of the previous Office action has been withdrawn pursuant to 37 CFR 1.114. Applicant's submission filed on 7-21-2025 has been entered. 2. Claims 2 - 21 are pending. Claims 2, 4, 8, 14 15, 16 have been amended. Claim 1 has been canceled. Claims 2, 8, 16 are independent. This application was filed on 11-30-2021. Response to Arguments 3. Applicant’s arguments, see Arguments/Remarks Made in an Amendment, filed 7-21-2025, with respect to the rejection(s) under OHare have been fully considered and are persuasive. Therefore, the rejection has been withdrawn. However, upon further consideration, a new ground(s) of rejection is made in view of OHare in view of Profumo. A. Applicant argues on pages 9-10 of Remarks: ... OHare fails to teach the limitations of “wherein different subsets of the plurality of key parts are distributed among the plurality of different computing devices ... obtaining, from a second device of the two or more devices and via a second one of the connections established between the user device and the second device, a second subset of key parts from the different subsets of the plurality of key parts, The Examiner respectfully disagrees. OHare discloses dividing a key into multiple key parts and storing the key parts among a set of storage devices. OHare discloses wherein different subsets of key parts are distributed among the plurality of different computing devices. OHare discloses a subset of size 1 key part. (see OHare paragraph [0303], lines 1-22: The process comprises splitting of the data according to the contents of a generated random number, or key and performing the same cryptographic splitting of the key used in the encryption of splitting of the data to be secured into two or more portions, or shares, of parsed and split data, and preferably into four or more portions of parsed and split data, encrypting all of the portions; paragraph [0092], lines 1-14: trust engine generates and stores cryptographic keys; at least one cryptographic key is associated with each user; when the cryptographic keys include public-key technology, each private key associated with a user is generated within, and not released from, the trust engine; user may perform cryptographic functions using his or her private or public key) And, Profumo discloses a subset of configuration data such as key parts that can be of any size (subset size greater than 1 key part). Profumo discloses processing utilizing a first subset of key parts and a second subset of key parts (subset size greater than 1 key part). (see Profumo page 7: key generation logic 4 also generates a cryptographic key in a plurality of cycles. For example, in the first period, key generation logic 4 may generate an intermediate key based on first part (i.e., a first subset) configuration data 12. Then, in a second period, key generation logic 4 may generate a cryptographic key based on second part of configuration data 12 (i.e., a second subset) and the intermediate key. (generate a first subset of key parts and a second set of key parts; subset size any number of key parts)) B. Applicant argues on pages 9-10 of Remarks: ... wherein each of the first subset of key parts and the second subset of key parts is insufficient by itself to re-generate the authentication key for the authentication request; determining that a combination of the first subset of key parts and the second subset of key parts are sufficient to re-generate the authentication key ... . The Examiner respectfully disagrees. OHare discloses a required number of key parts are needed in order to regenerate an authentication key for an authentication operation. If the authentication operation is successful, then the regeneration of the authentication key was sufficient. If the authentication operation was unsuccessful, then the regeneration of the authentication key was insufficient. (see OHare paragraph [0517], lines 1-6: In order to restore the data, split encryption key may be retrieved and restored; The split operation may then be reversed to restore the ciphertext (need a required number of key parts to generate authentication key for authentication); Encryption key may also be retrieved and restored, and the ciphertext may then be decrypted using the encryption key; (each subset comprising a key part; first subset, second subset)) C. Applicant argues on pages 9-10 of Remarks: ... based on (i) the determining that the combination of the first subset of key parts and the second subset of key parts are sufficient to re-generate the authentication key and (ii) comparing the total security trust score against the multi-device security trust level, generating an authentication response for the authentication request” ... . The Examiner respectfully disagrees. OHare discloses determining a total security score and regenerating an authentication key to be utilized for an authentication operation. OHare discloses a required number of key parts are needed to regenerate an authentication key. If the authentication operation is successful, then the regeneration of the authentication key was sufficient. OHare discloses determining an authentication response to the authentication operation with the authentication key. (see OHare paragraph [0517], lines 1-6: In order to restore the data, split encryption key may be retrieved and restored; The split operation may then be reversed to restore the ciphertext (need a required number of key parts to generate authentication key for authentication); Encryption key may also be retrieved and restored, and the ciphertext may then be decrypted using the encryption key; (each subset comprising a key part; first subset, second subset); paragraph [0178], lines 1-11: third-party system may advantageously serve the requested sensitive data after the third-party system receives a signal indicating positive user authentication from the trust engine; paragraph [0575], lines 1-19: Authorized users (e.g., user 4600 and end user 4640) may be provided with group-wide keys that provide the users with the ability to securely communicate over a network and/or to access secure network resources; The secured network resources will not respond unless the proper credentials (e.g., group keys) are presented; (generate response to authentication request)) And, Profumo discloses a subset of configuration data (information) such as key parts that can be of any size (subset size greater than 1 key part). Profumo discloses processing utilizing a first subset of key parts and a second subset of key parts (subset size greater than 1 key part). (see Profumo page 7: key generation logic 4 also generates a cryptographic key in a plurality of cycles. For example, in the first period, key generation logic 4 may generate an intermediate key based on first part (i.e., a first subset) configuration data 12. Then, in a second period, key generation logic 4 may generate a cryptographic key based on second part of configuration data 12 (i.e., a second subset) and the intermediate key. (generate a first subset of key parts and a second set of key parts; subset size any number of key parts)) D. Applicant argues on page 10 of Remarks: ... Independent claims 8 and 16 also include limitations similar to those described above by reference to claim 2. As such, OHare also do not anticipate claims 8 and 16 for similar reasons discussed above by reference to claim 2. Responses to arguments against independent claim 2 also answer arguments against independent claims 8 and 16, which have similar limitations as independent claim 2. E. Applicant argues on page 10 of Remarks: ... Claims 3-7, 9-15, and 17-21 are also patentable by virtue of their dependencies of their respective independent claims. Responses to arguments against the independent claims also answer arguments against the associated dependent claims. Claim Rejections - 35 USC § 103 4. The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action: A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made. 5. Claims 2 - 21 are rejected under 35 U.S.C. 103 as being unpatentable over O’Hare et al. (US PGPUB No. 20160379005, referred to as “OHare”) in view of Profumo et al. (Patent No. CN 108063664 A). Regarding Claim 2, 8, 16, OHare discloses a system and a method and, comprising: a) a processor; (see OHare paragraph [0596]: Processors 5402 and 5404 are coupled to one another, and also coupled to a memory device and mass storage device), and b) a network interface device; (see OHare paragraph [0444], lines 1-25: The resultant data portions (messages) may be communicated across one or more separate communications paths over network (e.g., the Internet, an intranet, a LAN, WiFi, Bluetooth, any other suitable hard-wired or wireless communications means, or any combination thereof) to recipient system; (network interface)), and c) a computer-readable medium having stored thereon instructions that are executable; (see OHare paragraph [0596]: Processors 5402 and 5404 are coupled to one another, and also coupled to a memory device and mass storage device; Mass storage device may include one or more magnetic disk or tape drives or optical disk drives, for storing data and instructions for use by the CPU; (processor coupled to memory for storing instructions executed by CPU)), to cause the system to perform operations comprising: d) receiving, from a user device associated with a user, an authentication request, for accessing a computing resource; (see OHare paragraph [0174], lines 1-19 a client application, such as Microsoft Word, may use an application program interface (API) or a cryptographic API (CAPI) to request authentication before unlocking a document (authenticate before enabling access to a resource); paragraph [0255], lines 1-12: Trust arbitrage may take place within a framework of cryptographic authentication a vendor or other party will request authentication of a particular user in association with a particular transaction) e) determining a multi-device security trust level required for approving the authentication request based on a plurality of different computing devices associated with the user and at least one of the authentication request or the computing resource, wherein the plurality of different computing devices include at least two different types of computing devices, (see OHare paragraph [0258]: determine the trust level (multiple levels of trust) which is required for a positive authentication for this particular transaction in step 1710. This step may be performed by one of several different methods.; paragraph [0303], lines 1-22: The process comprises splitting of the data according to the contents of a generated random number, or key and performing the same cryptographic splitting of the key used in the encryption of splitting of the data to be secured into two or more portions, or shares, of parsed and split data, and preferably into four or more portions of parsed and split data, encrypting all of the portions, then scattering and storing these portions back into the database, or relocating them to any named device, fixed or removable, depending on the requestor's need for privacy and security; paragraph [0210]: cryptographic system 100 or the trust engine 110 may include the ability to recognize any type of devices, such as, but not limited to, a laptop, a cell phone, a network, a biometric device or the like.) Furthermore, OHare discloses for e) wherein an authentication key generated for the user is divided into a plurality of keys parts, (see OHare paragraph [0303], lines 1-22: The process comprises splitting of the data according to the contents of a generated random number, or key and performing the same cryptographic splitting of the key used in the encryption of splitting of the data to be secured into two or more portions, or shares, of parsed and split data, and preferably into four or more portions of parsed and split data, encrypting all of the portions, then scattering and storing these portions back into the database, or relocating them to any named device, fixed or removable, depending on the requestor's need for privacy and security), wherein different subsets of the plurality of key parts are distributed among the plurality of different computing devices; (see OHare paragraph [0303], lines 1-22: encrypting all of the portions, then scattering (distributing) and storing these portions back into the database, or relocating them to any named device, fixed or removable, depending on the requestor's need for privacy and security; (each subset comprising a key part; first subset, second subset); (a subset of size 1 key part)) Furthermore, OHare discloses for e) wherein each key part from the plurality of key parts is associated with a respective security first score. (see Ohare paragraph [0304]: A cryptographic split (cryptosplit) partitions the data into N number of shares (i.e. sets of key parts). The partitioning can be on any size unit of data, including an individual bit, bits, bytes, kilobytes, megabytes, or larger units, as well as any pattern or combination of data unit sizes whether predetermined or randomly generated. The units can also be of different size, based on either a random or predetermined set of values (i.e. scores). This means the data can be viewed as a sequence of these units. In this manner the size of the data units themselves may render the data more secure, for example by using one or more predetermined or randomly generated pattern, sequence or combination of data unit sizes. The units are then distributed (based on a predetermined set of values) into the N shares.; (a subset of size 1 key part)) The specification discloses the term “score” to represent a value associated with the distribution for storage of objects (i.e. such as key parts, subset of key parts) between a set of multiple storage devices: [00052] Thus, the authentication system 200 may determine different trust scores for the different electronic devices 242-250. In some embodiments, the authentication system 200 may determine a distribution scheme for the electronic devices 242-250 based on the trust scores of the electronic devices 242-250. For example, the distribution scheme may provide for distributing the parts 210a-210i in proportion to the trust scores determined for the electronic devices. Thus, under the distribution scheme, the authentication system 200 may distribute one part of the security key 204 to the networked light switch 242 (based on a trust score of 10’), two parts of the security key 204 to the in-vehicle management system 244 (based on a trust score of ‘20’), three parts of the security key 204 to the smart home entertainment system 246 (based on a trust score of ‘30°), one part of the security key 204 to the networked refrigerator (based on a trust score of ‘10°), and two parts of the security key 204 to the smart watch 250 (based on a trust score of ‘20°). Furthermore, OHare discloses: f) causing the user device to establish connections with two or more devices from the plurality of different computing devices; (see OHare paragraph [0444], lines 1-25: The resultant data portions (messages) may be communicated across one or more separate communications paths over network (e.g., the Internet, an intranet, a LAN, WiFi, Bluetooth, any other suitable hard-wired or wireless communications means, or any combination thereof) to recipient system; (network interface)) g) obtaining, from a first device of the two or more devices and via a first one of the connections established between the user device and the first device, a first subset of key parts from the different subsets of the plurality of key parts; obtaining from a second device of the two or more devices and via a second one of the connections established between the user device and the second device, a second subset of key parts from the different subsets of the plurality of key parts; (OHare discloses a subset of size 1 key part: first subset, second subset). (see OHare paragraph [0303], lines 1-22: The process comprises splitting of the data according to the contents of a generated random number, or key and performing the same cryptographic splitting of the key used in the encryption of splitting of the data to be secured into two or more portions, or shares, of parsed and split data, and preferably into four or more portions of parsed and split data, encrypting all of the portions; paragraph [0092], lines 1-14: trust engine generates and stores cryptographic keys; at least one cryptographic key is associated with each user; when the cryptographic keys include public-key technology, each private key associated with a user is generated within, and not released from, the trust engine; user may perform cryptographic functions using his or her private or public key), and wherein each of the first and second partial authentication responses is insufficient by itself to authenticate the user for the authentication request; (see OHare paragraph [0517], lines 1-6: In order to restore the data, split encryption key may be retrieved and restored; The split operation may then be reversed to restore the ciphertext (need a required number of key parts to generate authentication key for authentication); Encryption key may also be retrieved and restored, and the ciphertext may then be decrypted using the encryption key; (each subset comprising a key part; first subset, second subset)) j) calculating a total security trust score for the authentication request based on the first subset of key parts and the second subset of key parts, wherein a first security trust score associated with the first subset of key parts and a second security trust score associated with the second subset of key parts contribute to the total security trust score; (OHare discloses a subset of size 1 key part: first subset, second subset). (see OHare paragraph [0246], lines 1-13: Once the authentication engine has performed steps 1610 through 1620 for all of the authentication instances provided in the authentication data, the reliability of each instance to evaluate the overall authentication confidence level; This process of combining the individual authentication instance reliabilities into the authentication confidence level may be modeled by various methods relating the individual reliabilities produced; (calculate a total score value based on multiple score values associated with the divided key parts, multiple subsets of key parts)) and k) comparing the total security trust score against the multi-device security trust level, generating an authentication response for the authentication request; and l) transmitting the authentication response via the network interface device. (see OHare paragraph [0178], lines 1-11: third-party system may advantageously serve the requested sensitive data after the third-party system receives a signal indicating positive user authentication from the trust engine (authentication response); paragraph [0575], lines 1-19: Authorized users (e.g., user 4600 and end user 4640) may be provided with group-wide keys that provide the users with the ability to securely communicate over a network and/or to access secure network resources; The secured network resources will not respond enabling access unless the proper credentials (e.g., group keys) are presented; (generate response to authentication request)) Furthermore, O’Hare discloses dividing a key into multiple parts, distributing the parts and reconstructing the parts to reconstruct the key. (see OHare paragraph [0303], lines 1-22: The process comprises splitting of the data according to the contents of a generated random number, or key and performing the same cryptographic splitting of the key used in the encryption of splitting of the data to be secured into two or more portions, or shares, of parsed and split data, and preferably into four or more portions of parsed and split data, encrypting all of the portions; paragraph [0092], lines 1-14: trust engine generates and stores cryptographic keys; at least one cryptographic key is associated with each user; when the cryptographic keys include public-key technology, each private key associated with a user is generated within, and not released from, the trust engine; user may perform cryptographic functions using his or her private or public key), and wherein each of the first and second partial authentication responses is insufficient by itself to authenticate the user for the authentication request; (see OHare paragraph [0517], lines 1-6: In order to restore the data, split encryption key may be retrieved and restored; The split operation may then be reversed to restore the ciphertext; Encryption key may also be retrieved and restored, and the ciphertext may then be decrypted using the encryption key) Although OHare discloses determining a subset of key parts where a subset comprises 1 key part, OHare does not disclose a subset of key parts where a subset comprises multiple key parts. Furthermore, OHare does not specifically disclose for g) obtaining a first subset of key parts from the different subsets of the plurality of key parts; obtaining a second subset of key parts from the different subsets of the plurality of key parts (first subset, second subset; subset size, multiple key parts), and for k) to perform a comparison based on determining that first subset of key parts and second subset of key parts is sufficient to re-generate an authentication key, and for i) determining that a combination of first subset of key parts and second subset of key parts is sufficient to re-generate authentication key. However, Profumo discloses: g) obtaining, from a first device of the two or more devices and via a first one of the connections established between the user device and the first device, a first subset of key parts from the different subsets of the plurality of key parts; obtaining from a second device of the two or more devices and via a second one of the connections established between the user device and the second device, a second subset of key parts from the different subsets of the plurality of key parts, (see Profumo page 7: key generation logic 4 also generates a cryptographic key in a plurality of cycles. For example, in the first period, key generation logic 4 may generate an intermediate key based on first part (i.e., a first subset) configuration data 12. Then, in a second period, key generation logic 4 may generate a cryptographic key based on second part of configuration data 12 (i.e., a second subset) and the intermediate key. (generate a first subset of key parts and a second set of key parts; subset size any number of key parts)) k) based on (i) the determining that the combination of the first subset of key parts and the second subset of key parts is sufficient to re-generate the authentication key; (see Profumo page 7: key generation logic 4 also generates a cryptographic key in a plurality of cycles. For example, in the first period, key generation logic 4 may generate an intermediate key based on first part (i.e., first subset) configuration data 12. Then, in a second period, key generation logic 4 may generate a cryptographic key based on second part of configuration data 12 (i.e., the second subset) and the intermediate key. configuration data, the first portion 12 can be different with the second portion of the configuration data 12. For example, configuration data 12 of the first part and the second part may not overlap, or the configuration data 12 of the first part and the second part can be partially but not completely overlap.) and i) determining that a combination of the first subset of key parts and the second subset of key parts is sufficient to re-generate the authentication key. (see Profumo page 7: key generation logic 4 also generates a cryptographic key in a plurality of cycles. For example, in the first period, key generation logic 4 may generate an intermediate key based on first part (i.e., first subset) configuration data 12. Then, in a second period, key generation logic 4 may generate a cryptographic key based on second part of configuration data 12 (i.e., the second subset of key information) and the intermediate key (i.e. first subset key information). (complete key reconstructed from first subset and second subset) ... configuration data: the first portion 12 can be different with the second portion of the configuration data 12. For example, configuration data 12 of the first part and the second part may not overlap, or the configuration data 12 of the first part and the second part can be partially but not completely overlap.) It would have been obvious to one of ordinary skill in the art, before the effective filing date of the claimed invention, to modify OHare for g) obtaining a first subset of key parts from the different subsets of the plurality of key parts; obtaining a second subset of key parts from the different subsets of the plurality of key parts, and for k) to perform a comparison based on determining that first subset of key parts and second subset of key parts is sufficient to re-generate an authentication key, and for i) determining that a combination of first subset of key parts and second subset of key parts is sufficient to re-generate authentication key as taught by Profumo. One of ordinary skill in the art would have been motivated to employ the teachings of Profumo for the flexibility of a system that enables enhance security of dividing an encryption key into multiple parts for storage within a dispersed network-connected environment. (see Profumo page 7) Furthermore, for Claim 16, OHare discloses wherein a non-transitory computer-readable medium having stored thereon instructions that are executable by a computer system to cause the computer system to perform designated operations. (see OHare paragraph [0596]: Processors 5402 and 5404 are coupled to one another, and also coupled to a memory device and mass storage device; Mass storage device may include one or more magnetic disk or tape drives or optical disk drives, for storing data and instructions for use by the CPU; (processor coupled to memory for storing instructions executed by CPU)) Regarding Claims 3, 10, 17, OHare-Profumo discloses the system of claim 2 and the method of claim 8 and the non-transitory computer-readable medium of claim 16, wherein the operations further comprise: determining if the total security trust score meets a required threshold specified by the required multi-device security trust level; and generating an approval authentication response if the total security trust score meets the required threshold, or generating a rejection authentication response if the total security trust score does not meet the required threshold. (see OHare paragraph [0167], lines 1-10: The authentication request may advantageously include what level of authentication is needed for a particular transaction; the vendor may specify a particular level of confidence that is required for the transaction at issue; If authentication cannot be made to this level of confidence, the transaction will not occur without either further authentication by the user to raise the level of confidence, or a change in the terms of the authentication between the vendor and the server; (determined threshold parameter for confidence or security level for request); paragraph [0246], lines 1-13: Once the authentication engine has performed steps 1610 through 1620 for all of the authentication instances provided in the authentication data, the reliability of each instance to evaluate the overall authentication confidence level; This process of combining the individual authentication instance reliabilities into the authentication confidence level may be modeled by various methods relating the individual reliabilities produced)) Regarding Claims 4, 18, OHare-Profumo discloses the system of claim 2 and the non-transitory computer-readable medium of claim 16, wherein the first security trust score is different from the second security trust score. (see OHare paragraph [0214], lines 1-8: Each type of authentication has particular advantages and disadvantages, and each provides a different level of security (different trust scores); Each type of authentication also requires a different type of data to be known to the authenticating authority in order to verify someone using that form of authentication; paragraph [0125], lines 1-8: for authenticating other transactions, it may be desirable to require a high degree of confidence (i.e. analogous to a score) in the authentication before allowing the transaction to proceed; Such transactions may include transactions of large dollar value or transaction with a high risk if an improper authentication occurs (e.g., remotely logging onto a government computer)) Regarding Claim 5, OHare-Profumo discloses the system of claim 2, wherein the operations further comprise: causing the first and second security authentication information to be distributed to the first and second ones of the two or more devices prior to the receiving the authentication request. (see OHare paragraph [0143], lines 1-21: a data flow of an enrollment process; the enrollment process begins when a user desires to enroll with the trust engine of the cryptographic system; the user system advantageously includes a client-side applet, such as a Java-based, that queries the user to enter enrollment data, such as demographic data and enrollment authentication data; the enrollment authentication data includes user ID, password(s), biometric(s); The client-side applet gathers the enrollment data and transmits the enrollment data, to the trust engine) Regarding Claims 6, 19, OHare-Profumo discloses the system of claim 2 and the non-transitory computer-readable medium of claim 16, wherein the computing resource comprises an Internet server configured to provide access to functionality of a user account of the user. (see OHare paragraph [0565], lines 1-23: one or more software applications executed on system may couple systems to cloud resources; an Internet web browser (Internet server) may be used to couple system to one or more cloud resources over the Internet; paragraph [0176], lines 1-19: authentication of a user may provide the user access to password, login, financial credentials, or the like, associated with multiple online vendors, a local area network, various personal computing devices, Internet service providers, auction providers, investment brokerages; (financial credentials analogous to accounting information associated with a user)) Regarding Claims 7, 11, 20, OHare-Profumo discloses the system of claim 2 and the method of claim 8 and the non-transitory computer-readable medium of claim 16, wherein the operations further comprise: causing the user device to present at least a subset of the plurality of different computing devices that are available for processing the authentication request. (see OHare paragraph [0431], lines 1-10: When a file, document or data element is to be secured, the user is prompted for the target group (available devices, subset of devices) to be used when securing the data; The resulting secured data is only accessible by other members of the target group; This functionality of the methods and systems of the present invention may be used with any other computer system or software platform, any may be integrated into existing application programs or used standalone for file security) Regarding Claim 9, OHare-Profumo discloses the method of claim 8, wherein the operations further comprise: responsive to a user registration request prior to the authentication request, registering the first and second different computing devices for authentication usage for the user and assigning the first and second different computing devices different trust amounts. (see OHare paragraph [0143], lines 1-21: a data flow of an enrollment process according to aspects of the invention; the enrollment process begins when a user desires to enroll with the trust engine of the cryptographic system; the user system advantageously includes a client-side applet, such as a Java-based, that queries the user to enter enrollment data, such as demographic data and enrollment authentication data; paragraph [0224], lines 1-11: reliability may be expressed in different manners; The reliability is desirably expressed in some metric which can be used by the heuristics and algorithms of the authentication engine to calculate the confidence level of each authentication; (different confidence levels for each authentication); paragraph [0246], lines 1-13: Once the authentication engine has performed steps 1610 through 1620 for all of the authentication instances provided in the authentication data, the reliability of each instance to evaluate the overall authentication confidence level; This process of combining the individual authentication instance reliabilities into the authentication confidence level may be modeled by various methods relating the individual reliabilities produced Regarding Claim 12, OHare-Profumo discloses the method of claim 8, wherein the computing resource comprises an Internet server configured to provide access to functionality of a user account of the user. (see OHare paragraph [0176], lines 1-19: authentication of a user may provide the user access to password, login, financial credentials, or the like, associated with multiple online vendors, a local area network, various personal computing devices, Internet service providers (i.e. Internet server), auction providers, investment brokerages; (financial credentials analogous to accounting information associated with a user); paragraph [0565], lines 1-23: one or more software applications executed on system may couple system to cloud resources; an Internet web browser (Internet server) may be used to couple system to one or more cloud resources over the Internet) Regarding Claims 13, 21, OHare-Profumo discloses the method of claim 8, wherein the authentication response is transmitted to the user device. (see OHare paragraph [0178], lines 1-11: third-party system may advantageously serve the requested sensitive data after the third-party system receives a signal indicating positive user authentication from the trust engine; paragraph [0575], lines 1-19: Authorized users (e.g., user 4600 and end user 4640) may be provided with group-wide keys that provide the users with the ability to securely communicate over a network (response to authentication) and/or to access secure network resources; The secured network resources will not respond unless the proper credentials (e.g., group keys) are presented) Regarding Claim 14, OHare-Profumo discloses the method of claim 8, wherein the first device is a smart appliance associated with the user. (see OHare paragraph [0088], lines 1-19: the user system, including almost any computing device capable of sending or receiving information from another computer system; the user system may include, but is not limited to, a computer workstation, an interactive television, an interactive kiosk, a personal mobile computing device, such as a digital assistant, mobile phone, laptop, or the like, a wireless communications device, a smartcard, an embedded computing device, or the like, which can interact with the communication link; (smartcard analogous to smart appliance)) Regarding Claim 15, OHare-Profumo discloses the method of claim 8, wherein the first device is connected to the user device via a first network, and wherein the second device is connected to the user device via a second network different from the first network. (see OHare paragraph [0444], lines 1-25: The resultant data portions (messages) may be communicated across one or more separate communications paths over networks (e.g., the Internet, an intranet, a LAN, WiFi, Bluetooth, any other suitable hard-wired or wireless communications means, or any combination thereof) to recipient system; (network interface); paragraph [0480], lines 1-18: The encrypted portions may be required to be provided and decrypted in order to restore the original data; The different encrypted portions may be encrypted with different encryption keys; this feature may be used to implement a more secure “two man rule” whereby a first user would need to have a particular share encrypted using a first encryption and a second user would need to have a particular share encrypted using a second encryption key; In order to access the original data, both users would need to have their respective encryption keys and provide their respective portions of the original data; a public key may be used to encrypt one or more data portions that may be a mandatory share required to restore the original data; A private key may then be used to decrypt the share in order to be used to restore to the original data) Conclusion Any inquiry concerning this communication or earlier communications from the examiner should be directed to CARLTON JOHNSON whose telephone number is (571)270-1032. The examiner can normally be reached Work: 12-9PM (most days). Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice. If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Shewaye Gelagay can be reached on 571-272-4219. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300. Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. Visit https://www.uspto.gov/patents/apply/patent-center for more information about Patent Center and https://www.uspto.gov/patents/docx for information about filing in DOCX format. For additional questions, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000. /CJ/ September 8, 2025 /TRONG H NGUYEN/Primary Examiner, Art Unit 2436