DETAILED ACTION
In a communication received on 11 February 2026, the applicants amended 1, 11, 12, 17, 18, and 24.
Claims 1-2 and 4-25 are pending.
Notice of Pre-AIA or AIA Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .
Response to Arguments
Applicant’s arguments with respect to claim(s) 1, 17, and 24 have been considered but are moot because the new ground of rejection does not rely on any reference applied in the prior rejection of record for any teaching or matter specifically challenged in the argument.
Claim Rejections - 35 USC § 103
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.
Claim(s) 1-2, 4-6, 11-13, 17-21 and 24 is/are rejected under 35 U.S.C. 103 as being unpatentable over Zhang (US 2016/0119313 A1) in view of Grajek et al. (US 2018/0069867 A1), and further in view of Bertocci et al. (US 2024/0073024 A1).
With respect to claim 1, Zhang discloses: a computer-implemented method comprising:
receiving, at a server for a web domain (i.e., receiving a terminal identifier at the server in Zhang, ¶0006),
a first identifier associated with a browser application executing on a client device that is used to access a webpage of the web domain (i.e., login initiated by a an application or website associated with the mobile terminal including a target server identifier in Zhang, ¶0016); and
responsive to determining that the passkey for the web domain is likely to be accessible by the browser application at the client device (i.e., query and determine that based on the terminal ID that an account is associated with the corresponding credentials in Zhang, ¶0016),
causing the browser application to display a control to log in to a first account at the web domain using the passkey (i.e., displaying an icon to login corresponding to the detected account with the mobile terminal in Zhang, ¶0016, ¶0024-0026, fig. 3(a)).
Zhang discloses determining that an account and credential information is bound with the terminal ID of the mobile terminal (¶0016). Zhang do(es) not explicitly disclose the following. Grajek, in order to reduce friction in authenticating user access through dynamic authentication selection (¶0003), discloses:
determining by the server and based on a degree of match between the first identifier and a second identifier (i.e., a known account with corresponding logon patterns including information on previous logon circumstances like password reset or help desk requests in Grajek, ¶0025-0027),
that a passkey for the web domain is likely to be accessible by the browser application at the client device (i.e., in a pre-authentication process, the device provides information for comparison and generation of a confidence score of a match of pre-authorization information and to verified user information; based on a match of the pre-authentication information such as logon behavior/patterns, dynamically selecting authentication procedures for the user; historical correlation determines a match between the user-device and stored user-device identity in Grajek, ¶0023-0024, ¶0037-0038),
the second identifier stored in a database in communication with the server (i.e., logon patterns to compare to can be information stored on internal or external repositories for comparing a match in logon patterns with the device in Grajek, ¶0025-0027).
Based on Zhang in view of Grajek, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to utilize the teachings of Grajek to improve upon those of Zhang in order to reduce friction in authenticating user access through dynamic authentication selection.
Zhang discloses determining that an account and credential information is bound with the terminal ID of the mobile terminal (¶0016). Zhang and Grajek do(es) not explicitly disclose the following. Bertocci, in order to improve security and manual interaction for authentication by configuring passkey authentication for clients (¶0043), discloses: the second identifier associated with a known account, the known account corresponding to a record indicative of creation of the passkey for the web domain (i.e., using the public key of the corresponding passkey to verify subsequent login attempts based on identity platform storing the public key in association with other credentials of the user such as email, username, password in Bertocci, ¶0024, ¶0224-0226).
Based on Zhang in view of Grajek, and further in view of Bertocci, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to utilize the teachings of Bertocci to improve upon those of Zhang in order to improve security and manual interaction for authentication by configuring passkey authentication for clients.
With respect to claim 2, Zhang discloses: the computer-implemented method of claim 1: wherein receiving the first identifier includes receiving, at an input field displayed by the browser application, a user identifier (i.e., input data fields, the mobile terminal acquiring the terminal identifier in Zhang, ¶0030, ¶0036).
With respect to claim 4, Zhang discloses: the computer-implemented method of claim 1, wherein causing the browser application to display the control to log in to the first account using the passkey (i.e., displaying an icon to login corresponding to the detected account with the mobile terminal in Zhang, ¶0016, ¶0024-0026, fig. 3(a)) includes:
causing the browser application to invoke a conditional user interface with a selectable control to initiate passkey login (i.e., buttons for initiating respective login based on the detected user account in Zhang, ¶0036, fig. 3)
With respect to claim 5, Zhang discloses: the computer-implemented method of claim 1, wherein causing the browser application to display the control to log in to the first account using the passkey includes causing the browser application to display a selectable icon to initiate passkey login (i.e., icons can be selected to for quick login flow buttons for initiating respective login based on the detected user account in Zhang, ¶0036, ¶0045, fig. 3).
With respect to claim 6, Zhang discloses: the computer-implemented method of claim 1, wherein the browser application is a first browser application and further comprising:
receiving, at the server, a third identifier associated with a second browser application that is used to access the webpage of the web domain (i.e., any of the plurality of applications/websites with target server identifiers in Zhang, ¶0016);
determining by the server, based on the third identifier, that the passkey for the web domain is not likely to be accessible by the second browser application (i.e., determining at target server identifier whether the server has an account bound with the terminal identifier in Zhang, ¶0016); and
responsive to determining that the passkey for the web domain is not likely to be accessible by the second browser application, causing the second browser application to display a password input field (i.e., if the query result for an associated account with the terminal ID is empty, presenting new user login control in Zhang, ¶0052).
With respect to claim 11, Zhang discloses: the computer-implemented method of claim 1, wherein the first identifier includes a first plurality of identifiers associated with the browser application (i.e., terminal identifier, user account, password; plurality of other software applications and websites may correspond to common or different target server identifiers in Zhang, ¶0016, ¶0027).
With respect to claim 12, Zhang discloses: the computer-implemented method of claim 11, wherein determining that the passkey for the web domain is likely to be accessible by the browser application includes:
accessing, by the server and via the database, a second plurality of identifiers received from data sessions in which the passkey was used to log in to the first account, the second plurality of identifiers including the second identifier (i.e., server stores terminal identifiers corresponding to user accounts and credentials; previously the credentials and terminal identifiers were used to create new binding information with the server based on the login credential used in Zhang, ¶0016-¶0018); and
identifying a respective degree of match between ones of the first plurality of identifiers and corresponding ones of the second plurality of identifiers stored in the database (i.e., query and determine that based on the terminal ID that an account is associated with the corresponding credentials and terminal identifiers stored in the database of the target server in Zhang, ¶0016).
With respect to claim 13, Zhang discloses: the computer-implemented method of claim 1, wherein the first identifier includes an identifier of the client device (i.e., terminal identifier stored in memory such as a serial number in Zhang, ¶0019)
With respect to claim 17, the limitation(s) of claim 17 are similar to those of claim(s) 1. Therefore, claim 17 is rejected with the same reasoning as claim(s) 1.
Zhang further discloses: a system comprising:
at least one non-transitory memory; machine-readable instructions (i.e., processor to execute instructions stored on a computer-readable medium in Zhang, (¶0060); and
at least one processor circuit to execute the machine-readable instructions (i.e., processor to execute instructions stored on a computer-readable medium in Zhang, (¶0060).
With respect to claim 18, the limitation(s) of claim 18 are similar to those of claim(s) 11 and 12. Therefore, claim 18 is rejected with the same reasoning as claim(s) 11 and 12.
With respect to claim 19, the limitation(s) of claim 19 are similar to those of claim(s) 2. Therefore, claim 19 is rejected with the same reasoning as claim(s) 2.
With respect to claim 20, the limitation(s) of claim 20 are similar to those of claim(s) 13. Therefore, claim 20 is rejected with the same reasoning as claim(s) 13.
With respect to claim 21, the limitation(s) of claim 21 are similar to those of claim(s) 4. Therefore, claim 21 is rejected with the same reasoning as claim(s) 4.
With respect to claim 24, the limitation(s) of claim 24 are similar to those of claim(s) 1. Therefore, claim 24 is rejected with the same reasoning as claim(s) 1.
Zhang further discloses: a non-transitory computer readable storage medium storing executable machine-readable instructions (i.e., processor to execute instructions stored on a computer-readable medium in Zhang, (¶0060).
Claim(s) 7-9, 14, and 22 is/are rejected under 35 U.S.C. 103 as being unpatentable over Zhang (US 2016/0119313 A1) in view of Grajek et al. (US 2018/0069867 A1) and Bertocci et al. (US 2024/0073024 A1), and further in view of Rail (US 2003/0110399 A1).
With respect to claim 7, Zhang discloses determining that an account and credential information is bound with the terminal ID of the mobile terminal (¶0016). Zhang, Grajek and Bertocci do(es) not explicitly disclose the following. Rail, in order to save considerable time and frustration of reentering identification and passwords (¶0038), discloses: the computer-implemented method of claim 1, wherein receiving the first identifier includes retrieving the first identifier from a cookie stored by the browser application (i.e., passkey and other identifying information can be stored and retrieved in a buffer associated with the web server and stored on the device in Rail, ¶0038).
Based on Zhang in view of Grajek and Bertocci, and further in view of Rail, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to utilize the teachings of Rail to improve upon those of Zhang in order to save considerable time and frustration of reentering identification and passwords.
With respect to claim 8, Zhang discloses: the computer-implemented method of claim 7, wherein causing the browser application to display the control to log in to the first account using the passkey (i.e., displaying an icon to login corresponding to the detected account with the mobile terminal in Zhang, ¶0016, ¶0024-0026, fig. 3(a))
includes, in response to receiving a request to access a login webpage for the web domain, causing the browser application to display a login webpage with the control to log in to the first account using the passkey (i.e., prompt the user to login corresponding to the user account determined by the query, the mobile terminal presents a login interface to login using the selected credential in Zhang, ¶0035, fig. 3).
With respect to claim 9, Zhang discloses: the computer-implemented method of claim 8, wherein the browser application is a first browser application and further including:
receiving, at the server, a third identifier associated with a second browser application that is used to access the webpage of the web domain (i.e., initiating process of login based on receiving the target server identifier corresponding to the application or website in Zhang, ¶0016);
determining by the server, based on the third identifier, that the passkey for the web domain is not likely to be accessible by the second browser application (i.e., determining at target server identifier whether the server has an account bound with the terminal identifier in Zhang, ¶0016); and
responsive to determining that the passkey for the web domain is not likely to be accessible by the second browser application, causing the second browser application to display a second login webpage without the control to log in to the first account using the passkey (i.e., if the query result for an associated account with the terminal ID is empty, presenting new user login control which logs in without an account bound credential in Zhang, ¶0052).
With respect to claim 14, Zhang discloses determining that an account and credential information is bound with the terminal ID of the mobile terminal (¶0016). Zhang, Grajek, and Bertocci do(es) not explicitly disclose the following. Rail, in order to save considerable time and frustration of reentering identification and passwords (¶0038), discloses: the computer-implemented method of claim 1, wherein receiving the first identifier associated with the browser application includes retrieving a cookie stored by the web domain on the client device (i.e., passkey and other identifying information can be stored and retrieved in a buffer associated with the web server and stored on the device in Rail, ¶0038).
Based on Zhang in view of Grajek, and Bertocci, and further in view of Rail, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to utilize the teachings of Rail to improve upon those of Zhang in order to save considerable time and frustration of reentering identification and passwords.
With respect to claim 22, the limitation(s) of claim 22 are similar to those of claim(s) 14. Therefore, claim 22 is rejected with the same reasoning as claim(s) 14.
Claim(s) 10 and 15 is/are rejected under 35 U.S.C. 103 as being unpatentable over Zhang (US 2016/0119313 A1) in view of Grajek et al. (US 2018/0069867 A1) and Bertocci et al. (US 2024/0073024 A1), and further in view of Mondello et al. (US 2023/0396607 A1).
With respect to claim 10, Zhang discloses determining that an account and credential information is bound with the terminal ID of the mobile terminal (¶0016). Zhang do(es) not explicitly disclose the following. Grajek, in order to reduce friction in authenticating user access through dynamic authentication selection (¶0003), discloses: the computer-implemented method of claim 1, wherein the client device is a first client device, the browser application is a first browser application, and further including:
receiving, at the server, a third identifier associated with a second browser application that is used to access the webpage of the web domain via a second client device (i.e., system uses information on logon patterns from a plurality of application/resources in Grajek, ¶0025)
determining, based on the third identifier, a likelihood that the passkey is stored on the second client device (i.e., in a pre-authentication process, the device provides information for comparison and generation of a confidence score of a match of pre-authorization information and to verified user information; based on a match of the pre-authentication information such as logon behavior/patterns, dynamically selecting authentication procedures for the user; historical correlation determines a match between the user-device and stored user-device identity in Grajek, ¶0023-0024, ¶0037-0038).
Based on Zhang in view of Grajek, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to utilize the teachings of Grajek to improve upon those of Zhang in order to reduce friction in authenticating user access through dynamic authentication selection.
Zhang discloses determining that an account and credential information is bound with the terminal ID of the mobile terminal (¶0016). Zhang, Grajek, and Bertocci do(es) not explicitly disclose the following. Mondello, in order to enhance productivity and reduce processor and battery power wasted on redundant user inputs (¶0024), discloses:
determining a likelihood that the passkey is synchronized between the first client device and the second client device. (i.e., determining that the first device private key is updated responsive to updating the remote device in Mondello, ¶0224-0226).
Based on Zhang in view of Grajek and Bertocci, and further in view of Mondello, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to utilize the teachings of Mondello to improve upon those of Zhang in order to enhance productivity and reduce processor and battery power wasted on redundant user inputs.
With respect to claim 15, Zhang discloses determining that an account and credential information is bound with the terminal ID of the mobile terminal (¶0016). Zhang, Grajek, and Bertocci do(es) not explicitly disclose the following. Mondello, in order to enhance productivity and reduce processor and battery power wasted on redundant user inputs (¶0024), discloses: the computer-implemented method of claim 1, wherein the passkey is a WebAuthn passkey (i.e., passkeys generated from private keys for accessing and authenticating with remote services in Mondello, ¶0024).
Based on Zhang in view of Grajek and Bertocci, and further in view of Mondello, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to utilize the teachings of Mondello to improve upon those of Zhang in order to enhance productivity and reduce processor and battery power wasted on redundant user inputs.
Claim(s) 16, 23, and 25 is/are rejected under 35 U.S.C. 103 as being unpatentable over Zhang (US 2016/0119313 A1) in view of Grajek et al. (US 2018/0069867 A1) and Bertocci et al. (US 2024/0073024 A1), and further in view of Ackerman et al. (US 9,160,742 B1).
With respect to claim 16, Zhang discloses: the computer-implemented method of claim 1, wherein determining that the passkey is likely to be accessible by the browser application (i.e., querying a server with a database to determine corresponding user account and credentials associated with the submitted terminal identifier in Zhang, ¶0006, ¶0016)
Zhang discloses determining that an account and credential information is bound with the terminal ID of the mobile terminal (¶0016). Zhang, Grajek, and Bertocci do(es) not explicitly disclose the following. Ackerman, in order to improvements to authentication without exposing user privacy over third party insecure networks (col. 3 lines 25-38), discloses:
determining, based on the degree of match, a likelihood that the passkey is accessible by the browser application (i.e., predictor values include device identifiers, geolocation, account number to estimate the likelihood that the user has an associated authorization to conduct transactions in Ackerman, col. 3 line 61 to col 4 line 8);
responsive to the likelihood exceeding a threshold, determining the passkey is likely to be accessible by the browser application. (i.e., risk scores corresponding to likelihood of authorized user may be rule-based, machine learning based, and other methods for determining the user is authorized above a level of certainty in Ackerman, col. 3 line 61 to col 4 line 8).
Based on Zhang in view of Grajek and Bertocci, and further in view of Ackerman, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to utilize the teachings of Ackerman to improve upon those of Zhang in order to improvements to authentication without exposing user privacy over third party insecure networks.
With respect to claim 23, the limitation(s) of claim 23 are similar to those of claim(s) 16. Therefore, claim 23 is rejected with the same reasoning as claim(s) 16.
With respect to claim 25, the limitation(s) of claim 25 are similar to those of claim(s) 16. Therefore, claim 25 is rejected with the same reasoning as claim(s) 16.
Conclusion
Any inquiry concerning this communication or earlier communications from the examiner should be directed to SHERMAN L LIN whose telephone number is (571)270-7446. The examiner can normally be reached Monday through Friday 9:00 AM - 5:00 PM (Eastern).
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Joon Hwang can be reached at 571-272-4036. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. Visit https://www.uspto.gov/patents/apply/patent-center for more information about Patent Center and https://www.uspto.gov/patents/docx for information about filing in DOCX format. For additional questions, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.
Sherman Lin
4/4/2026
/S. L./Examiner, Art Unit 2447
/JOON H HWANG/Supervisory Patent Examiner, Art Unit 2447