AUTHENTICATION RELAY SERVER AND COMPUTER READABLE STORAGE MEDIUM

DETAILED ACTION The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA . Applicant's amendments filed on 03/18/2026 has been received and entered. Currently Claims 1-3, and 5-9 are pending. Continued Examination Under 37 CFR 1.114 A request for continued examination under 37 CFR 1.114, including the fee set forth in 37 CFR 1.17(e), was filed in this application after final rejection. Since this application is eligible for continued examination under 37 CFR 1.114, and the fee set forth in 37 CFR 1.17(e) has been timely paid, the finality of the previous Office action has been withdrawn pursuant to 37 CFR 1.114. Applicant's submission filed on 03/18/2026 has been entered. Response to Arguments Applicant argues on pages 8-9 of applicant’s remarks that the cited references Kim in view of Edwards does not disclose or suggest “in response to the second response being a response related to the constraint, perform the constraint authentication processing for the second response to issue an authentication code authenticating the login for the authentication relay server, create a first response based on the second response, transmit a response comprising the authentication code to the user via a means of contact different from the first response, and complete the login to the authentication server by performing a processing of another first authentication request comprising the authentication code from the system” as recited in the amended claims. The examiner respectfully disagrees. Kim teaches a proxy server performs processing based on the received authentication result and generates an authentication result data based on the received authentication result ([0106], [0112]). In an analogous art, Edwards teaches an intermediate server receives a message and generates and sends an OTP to a user. The user sends the OTP back to intermediate server. The Intermediate server verifies the received OTP and notifies service server that authentication was successful ([0047]-[0050]). It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to modify the invention of Kim of having an authentication proxy server performing authentication processes with the teachings of Edwards to include generating and verifying an OTP in order to provide multifactor authentication of the user by the proxy server. Therefore the combination of Kim in view of Edwards teaches limitation of the claims. In response to applicant’s argument that there is no teaching, suggestion, or motivation to combine the references, the examiner recognizes that obviousness may be established by combining or modifying the teachings of the prior art to produce the claimed invention where there is some teaching, suggestion, or motivation to do so found either in the references themselves or in the knowledge generally available to one of ordinary skill in the art. See In re Fine, 837 F.2d 1071, 5 USPQ2d 1596 (Fed. Cir. 1988), In re Jones, 958 F.2d 347, 21 USPQ2d 1941 (Fed. Cir. 1992), and KSR International Co. v. Teleflex, Inc., 550 U.S. 398, 82 USPQ2d 1385 (2007). The examiner refers to the above motivation for combining Kim and Edwards to teach limitations of the claims. The examiner also refers to the below 103 rejection of the claims. In particular, Kim teaches a proxy server (e.g. intermediary server) performing authentication of users. In the analogous art, Edwards teaches an intermediate server performing authentication of users comprising OTP verification. It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to modify the invention of Kim of having an authentication proxy server performing authentication processes with the teachings of Edwards to include generating and verifying an OTP in order to provide multifactor authentication of the user by the proxy server. Claim Rejections - 35 USC § 103 In the event the determination of the status of the application as subject to AIA 35 U.S.C. 102 and 103 (or as subject to pre-AIA 35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis (i.e., changing from AIA to pre-AIA ) for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status. The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action: A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made. Claims 1-2, 5-6 and 8 are rejected under 35 U.S.C. 103 as being unpatentable over Kim US 2019/0044943, in view of Edwards et al. US 2021/0150014 (hereinafter Edwards). As per claim 1, Kim teaches an authentication relay server that relays between an authentication server providing a user authentication function and a predetermined system used by a user, the authentication relay server comprising: a processor, configured to: receive a first authentication request from the system (Kim paragraph [0063], [0092], [0106], [0112], client sends authentication request to proxy server. Proxy server sends authentication result data to client); in response to the first authentication request being a request related to a constraint, perform a constraint authentication processing different from an authentication processing performed in the authentication server for the first authentication request to create a second authentication request based on the first authentication request, wherein the constraint related to the first authentication request comprises a login to the authentication server by the system used by the user (Kim paragraph [0073], [0095]-[0102], [0112], proxy server performs authentication of client request. Proxy server sends an authentication request to service server.); and transmit the second authentication request to the authentication server and receive a second response of the authentication processing performed in the authentication server from the authentication server (Kim paragraph [0073], [0092], [0102], [0106], [0112], proxy server sends an authentication request to service server. Service server sends authentication result back to proxy server); in response to the second response being a response related to the constraint, perform the constraint authentication processing for the second response to create a first response based on the second response (Kim paragraph [0106], [0112], proxy server performs processing based on the received authentication result and generates an authentication result data based on the received authentication result); and transmit the first response as an authentication result to the system (Kim paragraph [0092], [0106], [0112], Proxy server sends authentication result data to client). Kim does not explicitly disclose in response to a message, issue an authentication code authenticating login for authentication relay server, transmit a response comprising the authentication code to user via a means of contact different from first response, and complete the login to authentication server by performing a processing of another first authentication request comprising the authentication code from system. Edwards teaches in response to a message, issue an authentication code authenticating login for authentication relay server, transmit a response comprising the authentication code to user via a means of contact different from first response, and complete the login to authentication server by performing a processing of another first authentication request comprising the authentication code from system (Edwards paragraph [0047]-[0050], intermediate server receives message and generates and sends OTP to user. User sends OTP back to intermediate server. Intermediate server verifies the received OTP and notifies service server that authentication was successful). Thus it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to modify the invention of Kim of having an authentication proxy server performing authentication processes with the teachings of Edwards to include generating and verifying an OTP in order to provide multifactor authentication of the user by the proxy server. As per claim 2, Kim in view of Edwards teaches the authentication relay server according to claim 1, wherein the processor is further configured to perform display associated with at least the first authentication request on the system (Kim paragraph [0092], [0094], [0106], [0112], proxy server sends authentication result to client. Client displays authentication result). As per claim 5, the claim claims a non-transitory computer readable storage medium essentially corresponding to the server claim 1 above, and is rejected, at least for the same reasons. As per claim 6, Kim in view of Edwards teaches the authentication relay server according to claim 1, wherein the constraint authentication processing is not provided in the authentication server (Kim paragraph [0073], [0095]-[0102], [0112], proxy server performs authentication of client request. Proxy server sends an authentication request to service server. Service server performs authentication of the received request and sends back authentication result to proxy server.)(In other words, proxy server performs authentication processing that the service server does not perform). As per claim 8, Kim in view of Edwards teaches the authentication relay server according to claim 1, wherein the processing of the another first authentication request comprises confirming whether the authentication code in the another first authentication request is identical to the issued authentication code (Edwards paragraph [0050], compare the received OTP to the previously generated OTP). Claim 3 is rejected under 35 U.S.C. 103 as being unpatentable over Kim in view of Edwards, and further in view of Ferguson et al. US 2008/0126478 (hereinafter Ferguson). As per claim 3, Kim in view of Edwards teaches the authentication relay server according to claim 1. Kim in view of Edwards does not explicitly disclose wherein constraint related to first authentication request further comprises to change a password used for second authentication request, and processor confirms whether a password to be changed to in the first authentication request is different from a password used for authentication in authentication server in the past. Ferguson teaches wherein constraint related to first authentication request further comprises to change a password used for second authentication request (Ferguson paragraph [0174], password change request), and processor confirms whether a password to be changed to in the first authentication request is different from a password used for authentication in authentication server in the past (Ferguson paragraph [0178], perform similarity check between the new password and the current password to determine if the two are sufficiently different). Thus it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to modify the invention of Kim in view of Edwards of having an authentication proxy server performing authentication processes with the teachings of Ferguson to include updating a password and checking the new password against the current password in order to allow the user to update their password and to provide similarity checking of the new password by the proxy server. Claim 7 is rejected under 35 U.S.C. 103 as being unpatentable over Kim in view of Edwards, and further in view of Tharoor et al. US 2021/0004793 (hereinafter Tharoor). As per claim 7, Kim in view of Edwards teaches the authentication relay server according to claim 1, wherein the means of contact different from the first response comprises an email or a short message service (SMS) (Kim paragraph [0092], [0106], [0112]; Edwards paragraph [0048], send OTP via text message or email). Kim in view of Edwards does not explicitly disclose an email or a short message service (SMS) pre-registered for the user. Tharoor teaches an email or a short message service (SMS) pre-registered for the user (Tharoor paragraph [0034], send OTP via a registered SMS or registered email). Thus it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to modify the invention of Kim in view of Edwards of having an authentication proxy server performing authentication processes including sending an OTP via SMS or email with the teachings of Tharoor to include sending an OTP via a registered SMS or email because the results would have been predictable and resulted in the proxy server sending the OTP via a registered SMS or email. Claim 9 is rejected under 35 U.S.C. 103 as being unpatentable over Kim in view of Edwards, and further in view of Vellozo Luz et al. US 2013/0340071 (hereinafter Vellozo Lu). As per claim 9, Kim in view of Edwards teaches the authentication relay server according to claim 8, wherein the processor is configured to: the authentication code in the another first authentication request not being identical to the issued authentication code(Edwards paragraph [0050], OTP does not match the previously generated OTP). Kim in view of Edwards does not explicitly disclose in response to authentication code not being identical to issued authentication code, transmit first response comprising error information to system. Vellozo Luz teaches in response to authentication code not being identical to issued authentication code, transmit first response comprising error information to system (Vellozo Luz paragraph [0030], if the OTP does not match send error message). Thus it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to modify the invention of Kim in view of Edwards of having an authentication proxy server performing authentication processes including OTP verification with the teachings of Vellozo Luz to include sending an error message to a client when OTP verification fails in order to indicate to the client that OTP verification failed. Conclusion Any inquiry concerning this communication or earlier communications from the examiner should be directed to HENRY TSANG whose telephone number is (571)270-7959. The examiner can normally be reached M-F 9am - 5pm EST. If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Farid Homayounmehr can be reached at (571) 272-3739. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300. Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. Visit https://www.uspto.gov/patents/apply/patent-center for more information about Patent Center and https://www.uspto.gov/patents/docx for information about filing in DOCX format. For additional questions, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000. /HENRY TSANG/ Primary Examiner, Art Unit 2495