Prosecution Insights
Browse Companies Examiners Firms Draft Your Response
Office ActionsGrowpath LLC › 18427679
Last updated: April 19, 2026
Application No. 18/427,679

User Authentication Systems and Methods

Final Rejection §103§DP
Filed
Jan 30, 2024
Examiner
MALINOWSKI, WALTER J
Art Unit
2439
Tech Center
2400 — Computer Networks
Assignee
Growpath LLC
OA Round
2 (Final)
69%
Grant Probability
Favorable
3-4
OA Rounds
3y 2m
To Grant
99%
With Interview

Interview Optional

+52.1% interview lift. This examiner has a relatively high allow rate; a written response may suffice.
Based on 335 resolved cases, 2023–2026

Examiner Intelligence

MALINOWSKI, WALTER J View full profile →
Grants 69% — above average
69%
Career Allow Rate
232 granted / 335 resolved
+11.3% vs TC avg
Strong +52% interview lift
Without
With
+52.1%
Interview Lift
resolved cases with interview
Typical timeline
3y 2m
Avg Prosecution
22 currently pending
Career history
357
Total Applications
across all art units

Statute-Specific Performance

§101
12.9%
-27.1% vs TC avg
§103
64.6%
+24.6% vs TC avg
§102
4.1%
-35.9% vs TC avg
§112
8.2%
-31.8% vs TC avg
Black line = Tech Center average estimate • Based on career data from 335 resolved cases

Office Action

§103 §DP
Notice of Pre-AIA or AIA Status The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA . DETAILED ACTION This Office Action is in response to the amendment filed 8/19/2025 for application 18/427,679. Claims 1-18 and 31-42 have been examined and are pending. Claims 1, 2, 6-8, 12-14, and 18 have been amended. Claims 31-42 have been added. Claims 1, 7, 13, 31, and 37 are independent claims. This Action is made FINAL. Response to Arguments The double patent rejections are maintained. Applicant’s arguments with respect to claim(s) 1-18 and 31-42 have been considered but are moot because the new ground of rejection does not rely on any reference applied in the prior rejection of record for any teaching or matter specifically challenged in the argument. The Examiner respectfully suggests that the claims be further amended and details in the specification be incorporated to distinguish the claimed invention over prior art of record. Should the Applicant desire an interview to further clarify the claim interpretation/rejections, please contact the Examiner at (571) 272 5368 to schedule an interview. Double Patenting The nonstatutory double patenting rejection is based on a judicially created doctrine grounded in public policy (a policy reflected in the statute) so as to prevent the unjustified or improper timewise extension of the “right to exclude” granted by a patent and to prevent possible harassment by multiple assignees. A nonstatutory double patenting rejection is appropriate where the conflicting claims are not identical, but at least one examined application claim is not patentably distinct from the reference claim(s) because the examined application claim is either anticipated by, or would have been obvious over, the reference claim(s). See, e.g., In re Berg, 140 F.3d 1428, 46 USPQ2d 1226 (Fed. Cir. 1998); In re Goodman, 11 F.3d 1046, 29 USPQ2d 2010 (Fed. Cir. 1993); In re Longi, 759 F.2d 887, 225 USPQ 645 (Fed. Cir. 1985); In re Van Ornum, 686 F.2d 937, 214 USPQ 761 (CCPA 1982); In re Vogel, 422 F.2d 438, 164 USPQ 619 (CCPA 1970); In re Thorington, 418 F.2d 528, 163 USPQ 644 (CCPA 1969). A timely filed terminal disclaimer in compliance with 37 CFR 1.321(c) or 1.321(d) may be used to overcome an actual or provisional rejection based on nonstatutory double patenting provided the reference application or patent either is shown to be commonly owned with the examined application, or claims an invention made as a result of activities undertaken within the scope of a joint research agreement. See MPEP § 717.02 for applications subject to examination under the first inventor to file provisions of the AIA as explained in MPEP § 2159. See MPEP §§ 706.02(l)(1) - 706.02(l)(3) for applications not subject to examination under the first inventor to file provisions of the AIA . A terminal disclaimer must be signed in compliance with 37 CFR 1.321(b). The USPTO Internet website contains terminal disclaimer forms which may be used. Please visit www.uspto.gov/patent/patents-forms. The filing date of the application in which the form is filed determines what form (e.g., PTO/SB/25, PTO/SB/26, PTO/AIA /25, or PTO/AIA /26) should be used. A web-based eTerminal Disclaimer may be filled out completely online using web-screens. An eTerminal Disclaimer that meets all requirements is auto-processed and approved immediately upon submission. For more information about eTerminal Disclaimers, refer to www.uspto.gov/patents/process/file/efs/guidance/eTD-info-I.jsp. Claims 1-18 and 31-42 are rejected on the ground of nonstatutory double patenting as being unpatentable over claims 1-18 of U.S. Patent No. 10,097,538. Although the claims at issue are not identical, they are not patentably distinct from each other because all limitations recited in claims 1-18 and 31-42 of the instant application are encompassed by limitations recited in claims 1-18 of U.S. Patent No. 10,097,538 (see table below). Instant Application 18/427,679 U.S. Patent No. 10,097,538 Claim 1 (Currently Amended): A method comprising: receiving, at a server, from a trusted client computer device, a request to authenticate a mobile device of a user, the mobile device bearing a mobile app, the user having login credentials stored at the server, the trusted client computer device being different from the mobile device; receiving, by the server, a user-supplied image file from the trusted client computer device; storing, by the server, in a memory, the user-supplied image file; converting, by the server, the user-supplied image file to a first byte array; receiving, by the server, a mobile-supplied image file from the mobile device of the user and converting the mobile-supplied image file to a second byte array; authenticating, by the server, the mobile device of the user in response to the second byte array matching the first byte array and in response to . 1. A method comprising: receiving, at a server, from a trusted client computer device, a request to authenticate a mobile device of a user, the mobile device bearing a mobile app, the user having login credentials stored at the server, the trusted client computer device being different from the mobile device; storing, at the server, a list of Internet Protocol (IP) addresses of authorized client devices, wherein the trusted client computer device has an IP address included in the list or the trusted client device is coupled to the server using a Universal Second Factor (U2F) key; requesting, by the server, from the trusted client computer device, a user-supplied memorable image file to be selected from a plurality of image files available to the user of the trusted client computer device including image files created by the user and image files not created by the user, and an International Mobile Equipment Identity (IMEI), and a phone number for a mobile device; receiving, by the server, the user-supplied memorable image file, the IMEI, and the phone number of the mobile device; storing, by the server, in a memory, the user-supplied memorable image file, the IMEI, and the phone number of the mobile device; converting, by the server, the user-supplied memorable image file to a first byte array by renaming a file containing the user-supplied memorable image file to a .txt file; associating, by the server, in the memory, the user-supplied memorable image file, the IMEI, and the phone number, with the login credentials of the user; generating, by the server, a one-time activation Personal Identification Number (PIN); requesting, by the server, a mobile-supplied image file and login credentials from the mobile device of the user; receiving, by the server, the mobile-supplied image file from the mobile device of the user and converting the mobile-supplied image file to a second byte array; activating the mobile app in response to the user entering the PIN in the mobile app; and authenticating, by the server, the mobile device of the user in response to the second byte array matching the first byte array and in response to the login credentials of the user from the mobile device of the user matching the stored login credentials of the user, without requiring the PIN after the mobile app has been activated. Claims 1-18 and 31-42 are rejected on the ground of nonstatutory double patenting as being unpatentable over claims 1-30 of U.S. Patent No. 11,265,311. Although the claims at issue are not identical, they are not patentably distinct from each other because all limitations recited in claims 1-18 and 31-42 of the instant application are encompassed by limitations recited in claims 1-18 of U.S. Patent No. 11,265,311 (see table below). Instant Application 18/427,679 U.S. Patent No. 11,265,311 Claim 1 (Currently Amended): A method comprising: receiving, at a server, from a trusted client computer device, a request to authenticate a mobile device of a user, the mobile device bearing a mobile app, the user having login credentials stored at the server, the trusted client computer device being different from the mobile device; receiving, by the server, a user-supplied image file from the trusted client computer device; storing, by the server, in a memory, the user-supplied image file; converting, by the server, the user-supplied image file to a first byte array; receiving, by the server, a mobile-supplied image file from the mobile device of the user and converting the mobile-supplied image file to a second byte array; authenticating, by the server, the mobile device of the user in response to the second byte array matching the first byte array and in response to . 1. A method comprising: receiving, at a server, from a trusted client computer device, a request to authenticate a mobile device of a user, the mobile device bearing a mobile app, the user having login credentials stored at the server, the trusted client computer device being different from the mobile device; storing, at the server, a list of Internet Protocol (IP) addresses of authorized client devices, wherein the trusted client computer device has an IP address included in the list; requesting, by the server, from the trusted client computer device, a user-supplied memorable image file to be selected from a plurality of image files available to the user of the trusted client computer device including image files created by the user and image files not created by the user, and an International Mobile Equipment Identity (IMEI), and a phone number for a mobile device; receiving, by the server, the user-supplied memorable image file, the IMEI, and the phone number of the mobile device; storing, by the server, in a memory, the user-supplied memorable image file, the IMEI, and the phone number of the mobile device; converting, by the server, the user-supplied memorable image file to a first byte array by renaming a file containing the user-supplied memorable image file to a .txt file; associating, by the server, in the memory, the user-supplied memorable image file, the IMEI, and the phone number, with the login credentials of the user; generating, by the server, a one-time activation Personal Identification Number (PIN); requesting, by the server, a mobile-supplied image file and login credentials from the mobile device of the user; receiving, by the server, the mobile-supplied image file from the mobile device of the user and converting the mobile-supplied image file to a second byte array; activating the mobile app in response to the user entering the PIN in the mobile app; and authenticating, by the server, the mobile device of the user in response to the second byte array matching the first byte array and in response to the login credentials of the user from the mobile device of the user matching the stored login credentials of the user, without requiring the PIN after the mobile app has been activated. Claims 1-18 and 31-42 are rejected on the ground of nonstatutory double patenting as being unpatentable over claims 1-25 of U.S. Patent No. 11,924,197. Although the claims at issue are not identical, they are not patentably distinct from each other because all limitations recited in claims 1-18 and 31-42 of the instant application are encompassed by limitations recited in claims 1-25 of U.S. Patent No. 11,924,197 (see table below). Instant Application 18/427,679 U.S. Patent No. 11,924,197 Claim 1 (Currently Amended): A method comprising: receiving, at a server, from a trusted client computer device, a request to authenticate a mobile device of a user, the mobile device bearing a mobile app, the user having login credentials stored at the server, the trusted client computer device being different from the mobile device; receiving, by the server, a user-supplied image file from the trusted client computer device; storing, by the server, in a memory, the user-supplied image file; converting, by the server, the user-supplied image file to a first byte array; receiving, by the server, a mobile-supplied image file from the mobile device of the user and converting the mobile-supplied image file to a second byte array; authenticating, by the server, the mobile device of the user in response to the second byte array matching the first byte array and in response to . 1. A method comprising: receiving, at a server, from a trusted client computer device, a request to authenticate a mobile device of a user, the mobile device bearing a mobile app, the user having login credentials stored at the server, the trusted client computer device being different from the mobile device, and the trusted client computer being coupled to the server using a Universal Second Factor (U2F) key; storing, at the server, a list of Internet Protocol (IP) addresses of authorized client devices, wherein the trusted client computer device has an IP address included in the list; requesting, by the server, from the trusted client computer device, a user-supplied memorable image file to be selected from a plurality of image files available to the user of the trusted client computer device including image files created by the user and image files not created by the user; receiving, by the server, the user-supplied memorable image file; storing, by the server, in a memory, the user-supplied memorable image file; converting, by the server, the user-supplied memorable image file to a first byte array by renaming a file containing the user-supplied memorable image file to a .txt file; associating, by the server, in the memory, the user-supplied memorable image file with the login credentials of the user; generating, by the server, a one-time activation Personal Identification Number (PIN); requesting, by the server, a mobile-supplied image file and login credentials from the mobile device of the user; receiving, by the server, the mobile-supplied image file from the mobile device of the user and converting the mobile-supplied image file to a second byte array; activating the mobile app in response to the user entering the PIN in the mobile app; and authenticating, by the server, the mobile device of the user in response to the second byte array matching the first byte array and in response to the login credentials of the user from the mobile device of the user matching the stored login credentials of the user, without requiring the PIN after the mobile app has been activated. Claim Objections Claim 13 is objected to because of the following informalities: on lines 15-16, the phone number lacks an antecedent basis. Appropriate correction is required. Claim Rejections - 35 USC § 103 In the event the determination of the status of the application as subject to AIA 35 U.S.C. 102 and 103 (or as subject to pre-AIA 35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status. The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action: A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically discloses as set forth in section 102 of this title, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made. Claims 1, 2, 4, 7, 8, 10, 13, 14, 16, 31, 32, 34, 37, 38, and 40 are rejected under 35 U.S.C. 103 as being unpatentable over Bao (US20170171200), filed March 2, 2016, in view of Chin (US20170083750), filed September 3, 2016, and Kamiya (US5040223), filed February 17, 1989. Regarding claim 1, Bao discloses a method comprising: receiving, at a server, from a trusted client computer device, a request to authenticate (Bao, paragraph 0058, client application server 230 may communicate a request to authenticate user device 210 to network authentication server 220); a mobile device of a user, the mobile device bearing a mobile app, the user having login credentials stored at the server (Bao, paragraph 0015, authenticating a user device based on a mobile device number; paragraph 0049, registering for the authentication support service and providing client credentials to network authentication server 220); the trusted client computer device being different from the mobile device (Bao, paragraph 0039; paragraph 0049, “this may include informing network authentication server 220 that user device 210 has requested and authorized network authentication server 220 to assist with logging in user device 210 via the two-factor authentication service required by client application server 230. In some implementations, registering for the authentication support service may also include client application server 230 providing one or more types of information identifying user device 210”); authenticating, by the server, the mobile device of the user (Bao, paragraph 0015, authenticating a user device; paragraph 0016, authenticating a user device); in response to login credentials of the user from the mobile device of the user matching the stored login credentials of the user (Bao, paragraph 0058, authentication server 220 may validate client credentials). Bao does not explicitly disclose receiving, by the server, a user-supplied image file from the trusted client computer device; storing, by the server, in a memory, the user-supplied image file; receiving, by the server, a mobile-supplied image file from the mobile device of the user. However, in an analogous art, Chin discloses receiving, by the server, a user-supplied image file from the trusted client computer device (Chin, paragraph 0047, third party device 14 receives registered fingerprint data from the fingerprint database 12. Comparison result send by third party device to fingerprint identifying apparatus for completing the authentication after the third party device 14 compares the fingerprint combination with the registered fingerprint data to generate the comparison result); storing, by the server, in a memory, the user-supplied image file (Chin, paragraph 0061, registered fingerprint stored in the third party device 14); receiving, by the server, a mobile-supplied image file from the mobile device of the user (Chin, fingerprint identifying apparatus 10 sends fingerprint to third party device 14). Therefore, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to combine the teachings of Chin with method/ server/ computer program product/ method/ server of Bao to include receiving, by the server, a user-supplied image file from the trusted client computer device; storing, by the server, in a memory, the user-supplied image file; receiving, by the server, a mobile-supplied image file from the mobile device of the user to provide users with the benefits of an effective and complicated fingerprint identifying schemed providing a high level of security (Chin: paragraphs 0005 and 0006). Bao and Chin do not explicitly disclose converting, by the server, the user-supplied image file to a first byte array; converting the mobile-supplied image file to a second byte array; in response to the second byte array matching the first byte array. However, in an analogous art, Kamiya discloses converting, by the server, the user-supplied image file to a first byte array (Kamiya, col. 3, lines 48, through col. 4, line 7, “When verification is required, the input fingerprint is first converted to an array of pixels”); converting the mobile-supplied image file to a second byte array (Kamiya, col. 3, lines 48, through col. 4, line 7, “When verification is required, the input fingerprint is first converted to an array of pixels, and temporarily stored in memory”); in response to the second byte array matching the first byte array (Kamiya, col 8, lines 3-5, verification executed in two stages; col. 3, lines 48, through col. 4, line 7, “When verification is required, the input fingerprint is first converted to an array of pixels, and temporarily stored in memory. A judgement is then made as to whether the degree of correlation is within a first range, indicating that the input fingerprint is definitely accepted as identical to the registered fingerprint”). Therefore, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to combine the teachings of Kamiya with method/ server/ computer program product/ method/ server of Bao and Chin to include converting, by the server, the user-supplied image file to a first byte array; converting the mobile-supplied image file to a second byte array; in response to the second byte array matching the first byte array to provide users with the benefits of a high overall verification rate and a low rate of incorrect rejections of input fingerprints (Kamiya: col. 3, lines 22-26). Regarding claim 2, Bao, Chin, and Kamiya disclose the method of claim 1 wherein the image file is created without use of a camera (Chin, paragraph 0046, pre-stored registered fingerprint data). Regarding claim 4, disclose the method of claim 1 and further comprising authenticating, by the server, the mobile device of the user only if the second byte array matches the first byte array identically (Kamiya, col. 3, lines 48, through col. 4, line 7, “When verification is required, the input fingerprint is first converted to an array of pixels, and temporarily stored in memory. A judgement is then made as to whether the degree of correlation is within a first range, indicating that the input fingerprint is definitely accepted as identical to the registered fingerprint, within a second range. If the degree of correlation found in this second stage is above a specific threshold value, then the input fingerprint is accepted, while if it is below that threshold value, the input fingerprint is rejected.”). Regarding claim 7, Bao discloses a server configured to receive, from a trusted client computer device, a request to authenticate (Bao, paragraph 0058, client application server 230 may communicate a request to authenticate user device 210 to network authentication server 220); a mobile device of a user, the mobile device bearing a mobile app, the user having login credentials stored at the server (Bao, paragraph 0015, authenticating a user device based on a mobile device number; paragraph 0049, registering for the authentication support service and providing client credentials to network authentication server 220), the trusted client computer device being different from the mobile device (Bao, paragraph 0039; paragraph 0049, “this may include informing network authentication server 220 that user device 210 has requested and authorized network authentication server 220 to assist with logging in user device 210 via the two-factor authentication service required by client application server 230. In some implementations, registering for the authentication support service may also include client application server 230 providing one or more types of information identifying user device 210”), the server including a processor; and a memory for storing computer instructions that, when executed by the processor, cause the server to: (Bao, paragraph 0150, processor, memory, FIG. 1A shows server); authenticate the mobile device of the user (Bao, paragraph 0015, authenticating a user device; paragraph 0016, authenticating a user device); in response to login credentials of the user from the mobile device of the user matching the user's stored login credentials (Bao, paragraph 0058, authentication server 220 may validate client credentials). Bao does not explicitly disclose receive a user-supplied image file from the trusted client computer device; store, in the memory, the user-supplied image file; receive a mobile-supplied image file from the mobile device of the user. However, in an analogous art, Chin discloses receive a user-supplied image file from the trusted client computer device (Chin, paragraph 0047, third party device 14 receives registered fingerprint data from the fingerprint database 12. Comparison result send by third party device to fingerprint identifying apparatus for completing the authentication after the third party device 14 compares the fingerprint combination with the registered fingerprint data to generate the comparison result); store, in the memory, the user-supplied image file (Chin, paragraph 0061, registered fingerprint stored in the third party device 14); receive a mobile-supplied image file from the mobile device of the user (Chin, fingerprint identifying apparatus 10 sends fingerprint to third party device 14). Therefore, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to combine the teachings of Chin with method/ server/ computer program product/ method/ server of Bao to include receive a user-supplied image file from the trusted client computer device; store, in the memory, the user-supplied image file; receive a mobile-supplied image file from the mobile device of the user to provide users with the benefits of an effective and complicated fingerprint identifying schemed providing a high level of security (Chin: paragraphs 0005 and 0006). Bao and Chin disclose authenticate the mobile device of the user, but do not explicitly disclose convert the user-supplied image file to a first byte array; converting the mobile-supplied image file to a second byte array; authenticate the mobile device of the user in response to the second byte array matching the first byte array and in response to login credentials of the user from the mobile device of the user matching the user's stored login credentials. However, in an analogous art, Kamiya discloses convert the user-supplied image file to a first byte array (Kamiya, col. 3, lines 48, through col. 4, line 7, “When verification is required, the input fingerprint is first converted to an array of pixels”); converting the mobile-supplied image file to a second byte array; and (Kamiya, col. 3, lines 48, through col. 4, line 7, “When verification is required, the input fingerprint is first converted to an array of pixels, and temporarily stored in memory”); authenticate the mobile device of the user in response to the second byte array matching the first byte array and in response to login credentials of the user from the mobile device of the user matching the user's stored login credentials (Kamiya, col 8, lines 3-5, verification executed in two stages; col. 3, lines 48, through col. 4, line 7, “When verification is required, the input fingerprint is first converted to an array of pixels, and temporarily stored in memory. A judgement is then made as to whether the degree of correlation is within a first range, indicating that the input fingerprint is definitely accepted as identical to the registered fingerprint”). Therefore, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to combine the teachings of Kamiya with method/ server/ computer program product/ method/ server of Bao and Chin to include convert the user-supplied image file to a first byte array; converting the mobile-supplied image file to a second byte array; authenticate the mobile device of the user in response to the second byte array matching the first byte array and in response to login credentials of the user from the mobile device of the user matching the user's stored login credentials to provide users with the benefits of a high overall verification rate and a low rate of incorrect rejections of input fingerprints (Kamiya: col. 3, lines 22-26). Regarding claim 8, Bao, Chin, and Kamiya disclose the server of claim 7 and configured to receive an image file created without use of a camera (Chin, paragraph 0046, pre-stored registered fingerprint data). Regarding claim 10, Bao, Chin, and Kamiya disclose the server of claim 7 and configured to authenticate the mobile device of the user only if the second byte array matches the first byte array identically (Kamiya, col. 3, lines 48, through col. 4, line 7, “When verification is required, the input fingerprint is first converted to an array of pixels, and temporarily stored in memory. A judgement is then made as to whether the degree of correlation is within a first range, indicating that the input fingerprint is definitely accepted as identical to the registered fingerprint, within a second range. If the degree of correlation found in this second stage is above a specific threshold value, then the input fingerprint is accepted, while if it is below that threshold value, the input fingerprint is rejected.”). Regarding claim 13, Bao discloses a computer program product comprising a non-transitory computer readable medium bearing computer program code which, when programmed into a server having a memory causes the server to (Bao, paragraph 0150, processor memory, FIG. 1A shows server): receive, from a trusted client computer device, a request to authenticate (Bao, paragraph 0058, client application server 230 may communicate a request to authenticate user device 210 to network authentication server 220); a mobile device of a user, the mobile device bearing a mobile app, the user having login credentials stored at the server (Bao, paragraph 0015, authenticating a user device based on a mobile device number; paragraph 0049, registering for the authentication support service and providing client credentials to network authentication server 220); the trusted client computer device being different from the mobile device (Bao, paragraph 0039; paragraph 0049, “this may include informing network authentication server 220 that user device 210 has requested and authorized network authentication server 220 to assist with logging in user device 210 via the two-factor authentication service required by client application server 230. In some implementations, registering for the authentication support service may also include client application server 230 providing one or more types of information identifying user device 210”); the phone number of the mobile device (Bao, paragraph 0003, mobile device number (MDN), paragraph 0037, network authentication server may have access to user device MDNs); authenticate the mobile device of the user (Bao, paragraph 0015, authenticating a user device; paragraph 0016, authenticating a user device); in response to login credentials of the user from the mobile device of the user matching the user's stored login credentials (Bao, paragraph 0058, authentication server 220 may validate client credentials). Bao does discloses the phone number of the mobile device, but does not explicitly disclose receive a user-supplied image file from the trusted client computer device; store, in the memory, the user-supplied image file, and the phone number of the mobile device; receive a mobile-supplied image file from the mobile device of the user. However, in an analogous art, Chin discloses receive a user-supplied image file from the trusted client computer device (Chin, paragraph 0047, third party device 14 receives registered fingerprint data from the fingerprint database 12. Comparison result send by third party device to fingerprint identifying apparatus for completing the authentication after the third party device 14 compares the fingerprint combination with the registered fingerprint data to generate the comparison result); store, in the memory, the user-supplied image file, and the phone number of the mobile device; (Chin, paragraph 0061, registered fingerprint stored in the third party device 14) receive a mobile-supplied image file from the mobile device of the user and (Chin, fingerprint identifying apparatus 10 sends fingerprint to third party device 14). Therefore, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to combine the teachings of Chin with method/ server/ computer program product/ method/ server of Bao to include receive a user-supplied image file from the trusted client computer device; store, in the memory, the user-supplied image file, and the phone number of the mobile device; receive a mobile-supplied image file from the mobile device of the user to provide users with the benefits of an effective and complicated fingerprint identifying schemed providing a high level of security (Chin: paragraphs 0005 and 0006). Bao and Chin disclose authenticate the mobile device of the user in response to the second byte array matching the first byte array and in response to login credentials of the user from the mobile device of the user matching the user's stored login credentials, but do not explicitly disclose convert the user-supplied image file to a first byte array; convert the mobile-supplied image file to a second byte array; authenticate the mobile device of the user in response to the second byte array matching the first byte array and in response to login credentials of the user from the mobile device of the user matching the user's stored login credentials. However, in an analogous art, Kamiya discloses convert the user-supplied image file to a first byte array (Kamiya, col. 3, lines 48, through col. 4, line 7, “When verification is required, the input fingerprint is first converted to an array of pixels”); convert the mobile-supplied image file to a second byte array (Kamiya, col. 3, lines 48, through col. 4, line 7, “When verification is required, the input fingerprint is first converted to an array of pixels, and temporarily stored in memory”); authenticate the mobile device of the user in response to the second byte array matching the first byte array and in response to login credentials of the user from the mobile device of the user matching the user's stored login credentials (Kamiya, col 8, lines 3-5, verification executed in two stages; col. 3, lines 48, through col. 4, line 7, “When verification is required, the input fingerprint is first converted to an array of pixels, and temporarily stored in memory. A judgement is then made as to whether the degree of correlation is within a first range, indicating that the input fingerprint is definitely accepted as identical to the registered fingerprint”). Therefore, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to combine the teachings of Kamiya with method/ server/ computer program product/ method/ server of Bao and Chin to include convert the user-supplied image file to a first byte array; convert the mobile-supplied image file to a second byte array; authenticate the mobile device of the user in response to the second byte array matching the first byte array and in response to login credentials of the user from the mobile device of the user matching the user's stored login credentials to provide users with the benefits of a high overall verification rate and a low rate of incorrect rejections of input fingerprints (Kamiya: col. 3, lines 22-26). Regarding claim 14, Bao, Chin, and Kamiya disclose the computer program product of claim 13, wherein the image file is created without use of a camera (Chin, paragraph 0046, pre-stored registered fingerprint data). Regarding claim 16, Bao, Chin, and Kamiya disclose the computer program product of claim 13 and further comprising code configured to cause the server to authenticate the mobile device of the user only if the second byte array matches the first byte array identically (Kamiya, col. 3, lines 48, through col. 4, line 7, “When verification is required, the input fingerprint is first converted to an array of pixels, and temporarily stored in memory. A judgement is then made as to whether the degree of correlation is within a first range, indicating that the input fingerprint is definitely accepted as identical to the registered fingerprint, within a second range. If the degree of correlation found in this second stage is above a specific threshold value, then the input fingerprint is accepted, while if it is below that threshold value, the input fingerprint is rejected.”). Regarding claim 31, Bao discloses a method comprising: receiving, at a server, from a trusted client computer device, a request to authenticate (Bao, paragraph 0058, client application server 230 may communicate a request to authenticate user device 210 to network authentication server 220); a mobile device of a user, the mobile device bearing a mobile app, the user having login credentials stored at the server (Bao, paragraph 0015, authenticating a user device based on a mobile device number; paragraph 0049, registering for the authentication support service and providing client credentials to network authentication server 220); the trusted client computer device being different from the mobile device (Bao, paragraph 0039; paragraph 0049, “this may include informing network authentication server 220 that user device 210 has requested and authorized network authentication server 220 to assist with logging in user device 210 via the two-factor authentication service required by client application server 230. In some implementations, registering for the authentication support service may also include client application server 230 providing one or more types of information identifying user device 210”); authenticating, by the server, the mobile device of the user (Bao, paragraph 0015, authenticating a user device; paragraph 0016, authenticating a user device); in response to (Bao, paragraph 0058, authentication server 220 may validate client credentials). Bao does not explicitly disclose receiving, by the server, a user-supplied image file from the trusted client computer device; storing, by the server, in a memory, the user-supplied image file; receiving, by the server, a mobile-supplied image file from the mobile device of the user. However, in an analogous art, Chin discloses receiving, by the server, a user-supplied image file from the trusted client computer device (Chin, paragraph 0047, third party device 14 receives registered fingerprint data from the fingerprint database 12. Comparison result send by third party device to fingerprint identifying apparatus for completing the authentication after the third party device 14 compares the fingerprint combination with the registered fingerprint data to generate the comparison result); storing, by the server, in a memory, the user-supplied image file (Chin, paragraph 0061, registered fingerprint stored in the third party device 14); receiving, by the server, a mobile-supplied image file from the mobile device of the user and (Chin, fingerprint identifying apparatus 10 sends fingerprint to third party device 14). Therefore, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to combine the teachings of Chin with method/ server/ computer program product/ method/ server of Bao to include receiving, by the server, a user-supplied image file from the trusted client computer device; storing, by the server, in a memory, the user-supplied image file; receiving, by the server, a mobile-supplied image file from the mobile device of the user to provide users with the benefits of an effective and complicated fingerprint identifying schemed providing a high level of security (Chin: paragraphs 0005 and 0006). Bao and Chin do not explicitly disclose converting, by the server, the us; r-supplied image file to a first byte array; converting the mobile-supplied image file to a second byte array; in response to the second byte array matching the first byte array. However, in an analogous art, Kamiya discloses converting, by the server, the user-supplied image file to a first byte array (Kamiya, col. 3, lines 48, through col. 4, line 7, “When verification is required, the input fingerprint is first converted to an array of pixels”); converting the mobile-supplied image file to a second byte array (Kamiya, col. 3, lines 48, through col. 4, line 7, “When verification is required, the input fingerprint is first converted to an array of pixels, and temporarily stored in memory”); in response to the second byte array matching the first byte array (Kamiya, col 8, lines 3-5, verification executed in two stages; col. 3, lines 48, through col. 4, line 7, “When verification is required, the input fingerprint is first converted to an array of pixels, and temporarily stored in memory. A judgement is then made as to whether the degree of correlation is within a first range, indicating that the input fingerprint is definitely accepted as identical to the registered fingerprint”). Therefore, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to combine the teachings of Kamiya with method/ server/ computer program product/ method/ server of Bao and Chin to include converting, by the server, the us; r-supplied image file to a first byte array; converting the mobile-supplied image file to a second byte array; in response to the second byte array matching the first byte array to provide users with the benefits of a high overall verification rate and a low rate of incorrect rejections of input fingerprints (Kamiya: col. 3, lines 22-26). Regarding claim 32, Bao, Chin, and Kamiya disclose the method of claim 31 wherein the image file is created without use of a camera (Chin, paragraph 0046, pre-stored registered fingerprint data). Regarding claim 34, Bao, Chin, and Kamiya disclose the method of claim 31 and further comprising authenticating, by the server, the mobile device of the user only if the second byte array matches the first byte array identically (Kamiya, col. 3, lines 48, through col. 4, line 7, “When verification is required, the input fingerprint is first converted to an array of pixels, and temporarily stored in memory. A judgement is then made as to whether the degree of correlation is within a first range, indicating that the input fingerprint is definitely accepted as identical to the registered fingerprint, within a second range. If the degree of correlation found in this second stage is above a specific threshold value, then the input fingerprint is accepted, while if it is below that threshold value, the input fingerprint is rejected.”). Regarding claim 37, Bao discloses a server configured to receive, from a trusted client computer device, a request to authenticate (Bao, paragraph 0058, client application server 230 may communicate a request to authenticate user device 210 to network authentication server 220); a mobile device of a user, the mobile device bearing a mobile app, the user having login credentials stored at the server (Bao, paragraph 0015, authenticating a user device based on a mobile device number; paragraph 0049, registering for the authentication support service and providing client credentials to network authentication server 220); the trusted client computer device being different from the mobile device (Bao, paragraph 0039; paragraph 0049, “this may include informing network authentication server 220 that user device 210 has requested and authorized network authentication server 220 to assist with logging in user device 210 via the two-factor authentication service required by client application server 230. In some implementations, registering for the authentication support service may also include client application server 230 providing one or more types of information identifying user device 210”), the server including a processor; and a memory for storing computer instructions that, when executed by the processor, cause the server to: (Bao, paragraph 0150, processor, memory, FIG. 1A shows server); authenticate the mobile device of the user (Bao, paragraph 0015, authenticating a user device; paragraph 0016, authenticating a user device); in response to login credentials of the user from the mobile device of the user matching the user's stored login credentials (Bao, paragraph 0058, authentication server 220 may validate client credentials). Bao does not explicitly disclose receive a user-supplied image file from the trusted client computer device; store, in the memory, the user-supplied image file; receive a mobile-supplied image file from the mobile device of the user. However, in an analogous art, Chin discloses receive a user-supplied image file from the trusted client computer device (Chin, paragraph 0047, third party device 14 receives registered fingerprint data from the fingerprint database 12. Comparison result send by third party device to fingerprint identifying apparatus for completing the authentication after the third party device 14 compares the fingerprint combination with the registered fingerprint data to generate the comparison result); store, in the memory, the user-supplied image file; (Chin, paragraph 0061, registered fingerprint stored in the third party device 14); receive a mobile-supplied image file from the mobile device of the user and (Chin, fingerprint identifying apparatus 10 sends fingerprint to third party device 14). Therefore, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to combine the teachings of Chin with method/ server/ computer program product/ method/ server of Bao to include receive a user-supplied image file from the trusted client computer device; store, in the memory, the user-supplied image file; receive a mobile-supplied image file from the mobile device of the user to provide users with the benefits of an effective and complicated fingerprint identifying schemed providing a high level of security (Chin: paragraphs 0005 and 0006). Bao and Chin do not explicitly disclose convert the user-supplied image file to a first byte array; convert the mobile-supplied image file to a second byte array; in response to the second byte array matching the first byte array. However, in an analogous art, Kamiya discloses convert the user-supplied image file to a first byte array (Kamiya, col. 3, lines 48, through col. 4, line 7, “When verification is required, the input fingerprint is first converted to an array of pixels”); convert the mobile-supplied image file to a second byte array (Kamiya, col. 3, lines 48, through col. 4, line 7, “When verification is required, the input fingerprint is first converted to an array of pixels, and temporarily stored in memory”); in response to the second byte array matching the first byte array (Kamiya, col 8, lines 3-5, verification executed in two stages; col. 3, lines 48, through col. 4, line 7, “When verification is required, the input fingerprint is first converted to an array of pixels, and temporarily stored in memory. A judgement is then made as to whether the degree of correlation is within a first range, indicating that the input fingerprint is definitely accepted as identical to the registered fingerprint”). Therefore, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to combine the teachings of Kamiya with method/ server/ computer program product/ method/ server of Bao and Chin to include convert the user-supplied image file to a first byte array; convert the mobile-supplied image file to a second byte array; in response to the second byte array matching the first byte array to provide users with the benefits of a high overall verification rate and a low rate of incorrect rejections of input fingerprints (Kamiya: col. 3, lines 22-26). Regarding claim 38, Bao, Chin, and Kamiya disclose the server of claim 37 and configured to receive an image file created without use of a camera.(Chin, paragraph 0046, pre-stored registered fingerprint data). Regarding claim 40, Bao, Chin, and Kamiya disclose the server of claim 37 and configured to authenticate the mobile device of the user only if the second byte array matches the first byte array identically. (Kamiya, col. 3, lines 48, through col. 4, line 7, “When verification is required, the input fingerprint is first converted to an array of pixels, and temporarily stored in memory. A judgement is then made as to whether the degree of correlation is within a first range, indicating that the input fingerprint is definitely accepted as identical to the registered fingerprint, within a second range. If the degree of correlation found in this second stage is above a specific threshold value, then the input fingerprint is accepted, while if it is below that threshold value, the input fingerprint is rejected.”). Claims 3, 9, 15, 33, and 39 are rejected under 35 U.S.C. 103 as being unpatentable over Bao (US20170171200), filed March 2, 2016, in view of Chin (US20170083750), filed September 3, 2016, and Kamiya (US5040223), filed February 17, 1989, and further in view of Froelicher (US20170264600), published on September 14, 2017. Regarding claim 3, Bao, Chin, and Kamiya disclose the method of claim 1. Bao, Chin, and Kamiya do not explicitly disclose wherein the trusted client computer device is coupled to the server using a Universal Second Factor (U2F) key. However, in an analogous art, Froelicher discloses wherein the tru
Read full office action

Prosecution Timeline

Jan 30, 2024
Application Filed
Mar 12, 2025
Non-Final Rejection — §103, §DP
Aug 19, 2025
Response Filed
Nov 10, 2025
Final Rejection — §103, §DP (current)

Precedent Cases

Applications granted by this same examiner with similar technology

19/094,557
Patent 12580897
ANALYZING INDIVIDUAL INFORMATION FROM MULTI-DATABASE SYSTEM
2y 5m to grant Granted Mar 17, 2026
18/067,238
Patent 12574209
DATA PROTECTION USING PORTABLE DATA STRUCTURES
2y 5m to grant Granted Mar 10, 2026
18/160,801
Patent 12568090
SYSTEMS AND METHODS FOR MANAGING DATABASE-LEVEL ROLES FOR DATA SHARING
2y 5m to grant Granted Mar 03, 2026
18/385,293
Patent 12536340
SYSTEM AND METHOD FOR VALIDATING AUTHORSHIP OF AN ELECTRONIC SIGNATURE SESSION
2y 5m to grant Granted Jan 27, 2026
17/931,668
Patent 12517992
DETECTING ATTEMPTS TO DEFEAT FACIAL RECOGNITION
2y 5m to grant Granted Jan 06, 2026
Study what changed to get past this examiner. Based on 5 most recent grants.

AI Strategy Recommendation

Get an AI-powered prosecution strategy using examiner precedents, rejection analysis, and claim mapping.
Powered by AI — typically takes 5-10 seconds

Prosecution Projections

3-4
Expected OA Rounds
69%
Grant Probability
99%
With Interview (+52.1%)
3y 2m
Median Time to Grant
Moderate
PTA Risk
Based on 335 resolved cases by this examiner. Grant probability derived from career allow rate.

Ready to respond to this office action?

IP Author drafts your complete OA response — amendments, arguments, and claim strategy — in minutes, not days.

Start Drafting Your Response →

Data sourced from USPTO Patent File Wrapper (daily) and Office Action Archive (weekly). Analysis generated by IP Author.

Data: USPTO Patent File Wrapper (daily) • Office Action Archive (weekly) • 89M+ prosecution events

© 2026 IP Author — Browse Office ActionsExaminersCompaniesFirms

Sign in with your work email

Enter your email to receive a magic link. No password needed.

Personal email addresses (Gmail, Yahoo, etc.) are not accepted.

Free tier: 3 strategy analyses per month