DEVICE AUTHENTICATION METHOD, TERMINAL DEVICE, SERVER, AND COMPUTER DEVICE

§101 §103

DETAILED ACTION Notice of Pre-AIA or AIA Status The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA . This action is in response to the communication filed on June 19, 2025 in response to the first office action on merit. Remarks Pending claims for reconsideration are claims 1-12, and 14-21. Applicant has Amended claims 1, 14-15, and 18-21. Canceled claims 13. Response to Arguments Applicant’s arguments filed on June 19, 2025 have been fully considered and they are not persuasive. In the remarks, applicant argues in substance: In response to argument (Page 6, Para: last) - Examiner respectfully disagrees with applicant’s argument that in regard to the dependent claim 15 related to the 101 rejection. Applicant explain that “…‘non-volatile computer readable storage medium’ can be implemented through ROM, flash, optical disk, magnetic disk…” but such examples of storage medium does not exclude the transitory medium such as signal. In response to argument (Page 9, Para: last – Page 10: 1-3) - Examiner respectfully disagrees with applicant’s argument that in regard to the independent claim 1 related to the 103 rejection. Applicant suggest the primary prior art teaches away from the claimed invention because it teaches “…if the external device is a disconnected device, this disconnected device cannot pass the authentication and cannot be added to the "operating device list" but should wait or be rejected”. Examiner failed to see where in the claim 1 of the applicant amended claims talks about the “disconnected device” of Jung. The claim 1 talks about adding a device to the device list even if its “physical code information” does not match any of the listed “physical code information” in a preset table and Jung discloses when the device is not on the operating device list i.e., a “preset device table” and the operating device list not full the device is added to the operating device list (Jung, Para 0050, and 0076); therefore, Jung teaches the claimed limitation. Claim Rejections - 35 USC § 101 35 U.S.C. 101 reads as follows: Whoever invents or discovers any new and useful process, machine, manufacture, or composition of matter, or any new and useful improvement thereof, may obtain a patent therefor, subject to the conditions and requirements of this title. Claim 15 is rejected under 35 U.S.C. 101 because the claimed invention is directed to non-statutory subject matter because of claim 15 being directed to a “non-volatile computer-readable storage medium”. There is not found within the Applicant's Specification support for said “non-volatile computer-readable storage medium” being limited to a statutory embodiment. The broadest reasonable interpretation of a claim drawn to a computer readable medium (also called machine readable medium and other such variations) typically covers forms of non-transitory tangible media (or non-transitory media) and transitory propagating signals per se in view of the ordinary and customary meaning of computer readable media, particularly when the specification is silent (or absent of a controlling definition in the specification). See MPEP §2111.01. When the broadest reasonable interpretation of a claim covers a signal per se, the claim must be rejected under 35 U.S.C. § 101 as covering non-statutory subject matter. See In re Nuijten, 500 F.3d 1346, 1356-57 (Fed. Cir. 2007) (transitory embodiments are not directed to statutory subject matter). Appropriate correction is required. Claim Rejections - 35 USC § 103 The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action: A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102 of this title, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made. The factual inquiries set forth in Graham v. John Deere Co., 383 U.S. 1, 148 USPQ 459 (1966), that are applied for establishing a background for determining obviousness under 35 U.S.C. 103 are summarized as follows: 1. Determining the scope and contents of the prior art. 2. Ascertaining the differences between the prior art and the claims at issue. 3. Resolving the level of ordinary skill in the pertinent art. 4. Considering objective evidence present in the application indicating obviousness or nonobviousness. Claims 1, and 14-15 are rejected under 35 U.S.C. 103 as being unpatentable over Jung et al. (U.S. Patent Application Publication No.: US 2012/0054353 A1 / or “Jung” hereinafter) in view of Eichen et al. (U.S. Patent Application Publication No.: US 2016/0292694 A1 / or “Eichen” hereinafter). Regarding claim 1, Jung discloses “A device authentication method, used for a server, wherein the device authentication method comprises” (Para 0018: a method of authenticated access to tethering service is disclosed): “receiving an authentication request sent by at least one terminal device, wherein the authentication request comprises physical code information of the terminal device” (Fig. 3: Step 301; and Para 0068: connection request with MAC address i.e. a “physical code information” . Also, Para 0075: where the connection request also provides SSID and security key); “parsing the authentication request to perform authentication on the physical code information of the terminal device according to a preset device table, wherein the preset device table comprises a preset terminal device codes [Note: a comparison of the physical code information with the preset terminal device code is performed (see, Specification Page 8: Para last)]” (Fig. 3: Step 305; and Para 0070: determination is made where the device MAC address is listed on an operating device list i.e., a “preset device table”); “[in a case that the physical code information of the terminal device matches one of the preset terminal device codes, determining that the terminal device passes authentication]”; “in a case that the physical code information of the terminal device does not match any of the preset terminal device codes in the preset device table and a total quantity of the preset terminal device codes in the preset device table has not reached a threshold, adding the physical code information of the terminal device, whose physical code information does not match any of the preset terminal device codes, to the preset device table [in response to an operation of writing the preset device table and determining that the terminal device passes authentication], wherein the total quantity of the preset terminal device codes comprised in the preset device table is fixed” (Para 0050, and 0076: when the device is not on the operating device list i.e., a “preset device table” and the operating device list not full the device is added to the operating device list ); “and in a case that the physical code information of the terminal device does not match any of the preset terminal device codes in the preset device table and the total quantity of the preset terminal device codes in the preset device table has reached the threshold, determining that the terminal device fails authentication” (Para0051, and 0073: when the operating device list i.e., the “total quantity of preset terminal device codes” is full the connection request is rejected). Furthermore, Jung discloses comparing the MAC addresses to determine if a device is on the list (Jung, Claim 4). But Jung fails to specially disclose authenticating a device by comparing MAC addresses. However, Eichen discloses “in a case that the physical code information of the terminal device matches the preset terminal device code, determining that the terminal device passes authentication” (Eichen, Para 0012: compares MAC address for device authentication); It would have been obvious to an ordinary person skilled in the art before the effective filing date of the claimed invention to employ the teachings of authenticating a device by comparing MAC addresses of Eichen to the system of Jung to create a system where the authenticated device is provided with a particular configuration information (Eichen, Para 0047) and the ordinary person skilled in the art would have been motivated to combine to establish authenticated communication. Regarding claim 14, claim 14 is directed to a device corresponding to the method recited in claim 1. Claim 14 is similar in scope to claim 1, and is therefore, rejected under similar rationale. Regarding claim 15, claim 15 is directed to a non-volatile computer-readable storage medium corresponding to the method recited in claim 1. Claim 15 is similar in scope to claim 1, and is therefore, rejected under similar rationale. Claims 2, 16, and 18 are rejected under 35 U.S.C. 103 as being unpatentable over Jung in view of Eichen and in further view of David Fotevski (U.S. Patent Application Publication No.: US 20150038208 A1 / or “Fotevski” hereinafter). Regarding claim 2, in view of claim 1, Jung discloses comparing the MAC addresses to determine if a device is on the list (Jung, Claim 4). Eichen discloses automatic authentication (Eichen, Para 0017) But Jung and Eichen fail to specially disclose authenticating devices in a concurrent mode. However, Fotevski discloses “wherein in a case of receiving authentication requests sent by a plurality of terminal devices, the server performs authentication on the plurality of terminal devices in a concurrent mode” (Fotevski, Claim 1: authenticates one or more device simultaneously). It would have been obvious to an ordinary person skilled in the art before the effective filing date of the claimed invention to employ the teachings of authenticating devices in a concurrent mode of Fotevski to the system of Jung and Eichen to determine access eligibility to a game of chance and the ordinary person skilled in the art would have been motivated to combine to establish access authority and allow transaction to proceed (Fotevski, Para 0295). Regarding claim 16, claim 16 is directed to a method corresponding to the method recited in claim 2. Claim 16 is similar in scope to claim 2, and is therefore, rejected under similar rationale. Regarding claim 18, claim 18 is directed to a device corresponding to the method recited in claim 2. Claim 16 is similar in scope to claim 2, and is therefore, rejected under similar rationale. Claims 3, 6-7, 9, 11-12, 17, and 19 are rejected under 35 U.S.C. 103 as being unpatentable over Jung, Eichen in view of Fotevski and in further view of Ashfaq Kamal (U.S. Patent Application Publication No.: US 2017 /0243224 A1 / or “Kamal” hereinafter). Regarding claim 3, in view of claim 2, Jung discloses comparing the MAC addresses to determine if a device is on the list (Jung, Claim 4). Eichen discloses user associated with configuration information of a device (Eichen, Para 0045). Fotevski discloses authenticating one or more device simultaneously (Claim 1). But Jung, Eichen, and Fotevski fail to specially disclose authenticating the user of the device based on obtained feature data of the user. However, Kamal discloses “wherein the authentication request further comprises identity feature data used for identity authentication, the device authentication method further comprises: “after the terminal device passes authentication, performing feature extraction on the identity feature data according to a feature extraction model to obtain target feature data” (Kamal, Abstract: a user device and the user identity are authenticated for transaction; and Para 0031: biometric data of the user is extracted and compared for authentication); “and performing identity authentication according to the target feature data” (Kamal, Para 0035: user is authenticated using biometric or other profile data). It would have been obvious to an ordinary person skilled in the art before the effective filing date of the claimed invention to employ the teachings of authenticating the user of the device based on obtained feature data of the user of Kamal to the system of Jung, Eichen, and Fotevski to create a system where the user data and device identification data are matched for the user profile verification and the ordinary person skilled in the art would have been motivated to combine to establish user positive identification and authorization (Kamal, Abstract). Regarding claim 6, in view of claim 3, Jung in view of Eichen disclose “wherein the authentication request is transmitted after being string-encrypted and encoded” (Eichen, Para 0065: information encrypted and anonymized). Regarding claim 7, in view of claim 3, Jung and Eichen in view of Fotevski and in view of Kamal disclose “wherein the server comprises an identity feature database storing a correspondence between user identity information and target feature data, and the performing identity authentication according to the target feature data comprises: acquiring preset identity feature data; and comparing the target feature data with the preset identity feature data to perform identity authentication, establishing user identity information and adding the user identity information and the target feature data to the identity feature database when the identity authentication is successful” (Kamal, Para 0029: user data stored in database are compared with an acquired data for authentication). Regarding claim 9, in view of claim 3, Jung and Eichen in view of Fotevski and in view of Kamal disclose “wherein the server comprises an identity feature database storing a correspondence between user identity information and target feature data, and the performing identity authentication according to the target feature data comprises: comparing the target feature data with target feature data in the identity feature database to perform identity authentication, and determining user identity information corresponding to the target feature data when the identity authentication is successful” (Kamal, Para 0029: user data stored in database are compared with an acquired data for authentication). Regarding claim 11, in view of claim 3, Jung in view of Eichen disclose “wherein the device authentication method comprises: generating an authentication feedback request according to an authentication result or an identity authentication result; and sending the authentication feedback request to a corresponding terminal device” (Eichen, Fig. 4: Steps 450-460; and Para 0053). Regarding claim 12, in view of claim 3, Jung and Eichen in view of Fotevski and in view of Kamal disclose “wherein in a case that a plurality of terminal devices pass authentication, the server performs feature extraction on identity feature data corresponding to the plurality of terminal devices in a concurrent mode” (Kamal, Para 0029: user data stored in database are compared with an acquired data for authentication). Regarding claim 17, claim 17 is directed to a method corresponding to the method recited in claim 3. Claim 17 is similar in scope to claim 3, and is therefore, rejected under similar rationale. Regarding claim 19, claim 19 is directed to a device corresponding to the method recited in claim 3. Claim 19 is similar in scope to claim 3, and is therefore, rejected under similar rationale. Claims 8 and 10 are rejected under 35 U.S.C. 103 as being unpatentable over Jung, Eichen, and Fotevski in view of Kamal and in further view of Moran et al. (U.S. Patent Application Publication No.: US 2016/0055327 A1 / or “Moran” hereinafter). Regarding claim 8, in view of claim 7, Jung discloses comparing the MAC addresses to determine if a device is on the list (Jung, Claim 4). Eichen discloses user associated with configuration information of a device (Eichen, Para 0045). Fotevski discloses authenticating one or more device simultaneously (Claim 1). Kamal discloses a user device and the user identity are authenticated for transaction, and biometric data of the user is extracted and compared for authentication (Kamal, Abstract, Para 0031). But Jung, Eichen, Fotevski, and Kamal fail to specially disclose authenticating the user of the device based on a confidence score being greater than a threshold. However, Moran discloses “wherein the comparing the target feature data with the preset identity feature data to perform identity authentication, establishing the user identity information and adding the user identity information and the target feature data to the identity feature database when the identity authentication is successful comprises: in a case that confidence of a comparison result between the target feature data and the preset identity feature data is greater than a first threshold, determining that the identity authentication is successful” (Moran, Para 0093: an action is allowed based on the confidence score being greater than a threshold). It would have been obvious to an ordinary person skilled in the art before the effective filing date of the claimed invention to employ the teachings of authenticating the user of the device based on a confidence score being greater than a threshold of Moran to the system of Jung, Eichen, Fotevski, and Kamal to create a system where the user authenticated based on biometric data and the ordinary person skilled in the art would have been motivated to combine to establish user positive identification and system access (Moran, Para 0070). Regarding claim 10, in view of claim 9, Jung, Eichen, Fotevski and Kamal in view of Moran disclose “wherein the comparing the target feature data with the target feature data in the identity feature database to perform identity authentication, and determining the user identity information corresponding to the target feature data when the identity authentication is successful comprises: determining that the identity authentication is successful in a case that confidence of a comparison result between the target feature data and the target feature data in the identity feature database is greater than a second threshold” (Moran, Para 0070; and Para 0006). Claims 4-5, and 20-21 are rejected under 35 U.S.C. 103 as being unpatentable over Jung in view of Eichen and in further view of Thompson et al. (U.S. Patent Application Publication No.: US 2017/0041363 A1 / or “Thompson” hereinafter). Regarding claim 4, in view of claim 1, Jung discloses comparing the MAC addresses to determine if a device is on the list (Jung, Claim 4). Eichen discloses automatic authentication (Eichen, Para 0017) But Jung and Eichen fail to specially disclose sending authentication request by means of an Http Post request. However, Thompson discloses “wherein the authentication request is sent by means of an Http Post request” (Thompson, Para 0031 and 0046, authentication credentials are provided by means of an Http Post request). It would have been obvious to an ordinary person skilled in the art before the effective filing date of the claimed invention to employ the teachings of sending authentication request by means of an Http Post request of Thompson to the system of Jung and Eichen where the credentials is provide in the body of message and the ordinary person skilled in the art would have been motivated to combine to enhance security of the system by not having the credential in the in the URL bar (Thompson, Para 0025-0026). Regarding claim 5, in view of claim 4, Jung in view of Eichen and in further view of Thompson disclose “wherein the authentication request transmits data in a JavaScript Object Notation mode” (Thompson, Para 0025-0026, transmitting authentication data in JavaScript Object Notation (JSON)). Regarding claim 20, claim 20 is directed to a device corresponding to the method recited in claim 4. Claim 20 is similar in scope to claim 4, and is therefore, rejected under similar rationale. Regarding claim 21, claim 21 is directed to a device corresponding to the method recited in claim 5. Claim 21 is similar in scope to claim 5, and is therefore, rejected under similar rationale. Relevant Prior Arts The prior art made of record and not relied upon is considered pertinent to applicant's disclosure. Lymberopoulos et al. (US 2015/0213244 A1) discloses “capture multiple biometric features when a user-authentication gesture is performed as a device authentication attempt. The example can compare values of the multiple biometric features to previous values stored for the user. The example can further unlock the computing device in an instance where the values of the multiple biometric features satisfy a similarity threshold relative to the previous values” (Abstract). Conclusion THIS ACTION IS MADE FINAL. Applicant is reminded of the extension of time policy as set forth in 37 CFR 1.136(a). A shortened statutory period for reply to this final action is set to expire THREE MONTHS from the mailing date of this action. In the event a first reply is filed within TWO MONTHS of the mailing date of this final action and the advisory action is not mailed until after the end of the THREE-MONTH shortened statutory period, then the shortened statutory period will expire on the date the advisory action is mailed, and any extension fee pursuant to 37 CFR 1.136(a) will be calculated from the mailing date of the advisory action. In no event, however, will the statutory period for reply expire later than SIX MONTHS from the mailing date of this final action. Contact Information Any inquiry concerning this communication or earlier communications from the examiner should be directed to ABDULLAH ALMAMUN whose telephone number is (571) 270-3392. The examiner can normally be reached on 8 AM - 5 PM. Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice. If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Lynn Feild can be reached on (571) 272-2092. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300. Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system. Status information for published applications may be obtained from either Private PAIR or Public PAIR. Status information for unpublished applications is available through Private PAIR only. For more information about the PAIR system, see http://pair-direct.uspto.gov. Should you have questions on access to the Private PAIR system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative or access to the automated information system, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000. /ABDULLAH ALMAMUN/Examiner, Art Unit 2431 /SARAH SU/Primary Examiner, Art Unit 2431