Notice of Pre-AIA or AIA Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .
DETAILED ACTION
The communication received on 12/04/25 has been entered.
Response to Arguments/Amendments
Applicant's arguments have been considered but are moot in view of the new ground(s) of rejection.
Claims 1-20 are pending.
The text of those sections of Title 35, U.S. Code not included in this action can be found in a prior Office action.
DETAILED ACTION
Claims 1-20 have been examined.
Claim Rejections - 35 USC § 103
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102 of this title, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.
The factual inquiries set forth in Graham v. John Deere Co., 383 U.S. 1, 148 USPQ 459 (1966), that are applied for establishing a background for determining obviousness under 35 U.S.C. 103 are summarized as follows:
1. Determining the scope and contents of the prior art.
2. Ascertaining the differences between the prior art and the claims at issue.
3. Resolving the level of ordinary skill in the pertinent art.
4. Considering objective evidence present in the application indicating obviousness or nonobviousness.
Claim(s) 1-20 is/are rejected under 35 U.S.C. 103 unpatentable over Kefford (USPUB 20030204726) in view of Ganesan (USPUB 20120124651), and further in view of Sanciangco (USPU 20190372949).
Kefford teaches two factor authentication utilizing information server and authentication server (that may be the same entity) and client and mobile (see Fig. 1 and 4, para 39, etc.).
Kefford teaches the client (personal computer) sending a request to the server, the request including user’s name and PIN result in sending one-time password (OTP) transmitted to an identified mobile device (e.g., text messaging SMS, email, etc.), which is entered (type or key) by the end user into client that then send the OTP to the server to perform a login to verify the user (para 35, 43-45).
Given the fact that computing devices provide their functionalities by executing set of computing programs/routines that operate on data stored in memory, the discussed teaching addresses the limitation of claim 1-3, 5, 7-8, 12-14 and 16-18, with the exception of the newly added limitations pertaining to the details of the code received by the receiver device that is transmitted to the server.
Specifically, Kefford fails to teach the code been copied into the memory as a result of user selection of a copy control in an authenticator or messaging application
and the memory comprises a clipboard of the receiver device; in response to user selection of a send-the-code control presented by the receiver application, and
after the receiver application retrieves the copied code from the clipboard and verifies that the copied code conforms to an authentication-code format; and
using an automatic field-insertion or auto-typing operation performed by the requestor application
However, Ganesan suggests such solution (client application (AA), para 7, authentication server SMS/text message, a PIN to the user at the user’s SMS address. By activating execution of the SMSA by the CPU, the user can access his/her SMS account and retrieve the PIN from the SMS message sent by the authentication server. The user then enters the PIN in the space provided in the area A2, for example by cutting and pasting the PIN from the SMS message. After entering the PIN the user clicks on the arrow in the area A2 and the AA 610 sends a second API message to post the PIN, para 83.)
Note pertaining Ganesan’s teaching: a skilled in the art would readily appreciate that copy and paste requires the use of memory that the examiner equate to the clipboard. The programs/routines supporting copying and pasting read on the terms used in the claim language, e.g., send-the-code control, receiver application, etc., and clearly (although not expressly cited) there would have to be some kind of place visible to the user (equated to the prompt) to paste a particular data.
Also, a skilled artisan would recognize that any data has a particular format and in order to be recognized, moved/transferred and unitized by another data structure (especially since programs operate on defined data formats) would have to conformed to the expected data structure of the receiving application/program; thus, it would have to be verified before act upon, e.g., received/paste to another application/program (e.g., authentication-code format used in the claim language).
Additionally, in regard to earlier addressed “prompt”, for the purpose of the expedited prosecution the examiner notes that even if, somehow, Kefford/Ganesan implemented the teaching without a visible prompt, having a visible prompt would old and well-known variant in the art of computing, as illustrated by Sanciangco (credentials filled into fields of the prompt, e.g. para 30-31. Also note MS Windows or various website login prompts frequently used in the art of computing) offering the predictable benefit of usability and customization.
Similarly, although the examiner asserted that the part of the memory storing the code meets the broadest reasonable interpretation of the clipboard, even if a particular more restrictive interpretation was required, Official Notice is taken that using a “clipboard” to store data would have been old and well known in the art at the time the application was filed (e.g. MS Windows) offering the predictable benefit manipulation/operation on data).
As per claims 4 and 15, although Kefford teaches transmitting the code by the receiver application to the requestor application, Kefford does not teach encrypting the transmitted code. However, such solution would have been obvious variant in the art at the time the application was filed (see Sanciangco’s para 26, for example) offering the benefit of increased security.
As per claims 6 and 17, while Kefford teaches sending the code in the receiver application Kefford does not discusses sending being a result of receiving input from the user. However, receiving the input from as related to any particular computing operation, including data transfer (triggered by a user’s input) would [Official Notice is taken] have been obvious old and well known in the art of computing providing the benefit of usability, customization and process control.
As per claims 9-10 and 19, using the direct connection between communicating devices within range would have been well known solution in the art at the time the application as evidenced by both, Kefford (para 44) as well as Sanciagco (e.g. para 20 and 45), and a skilled in the art would readily appreciate that in order for the Bluetooth (or other wireless) devices to communicate, they would first have to connect and/or “pair” (e.g. see Fig. 1 of Sanciagco’s teaching. Note that in the broadest reasonable interpretation pairing could be equated to connecting). As per the term “automatically”, computing devices are based on automation but even if the more restrictive interpretation was required, a skilled in the art would readily appreciate that there are essentially only two connection/pairing options: manual and automatic; each being variant of each other while selecting any of these options would offer the predictable benefit of customization.
Lastly, as per claims 11 and 20, although no express recitation of the obscuring the code at any point during the process of the multiple-factor authentication operation taught by Kefford is cited, Official Notice is taken that obscuring codes (especially sensitive code such taught by Kefford) would have been old and well known in the art at of computer security at the time the application was filed while offering the predictable benefit of increased security.
Conclusion
Applicant's amendment necessitated the new ground(s) of rejection presented in this Office action. Accordingly, THIS ACTION IS MADE FINAL. See MPEP § 706.07(a). Applicant is reminded of the extension of time policy as set forth in 37 CFR 1.136(a).
A shortened statutory period for reply to this final action is set to expire THREE MONTHS from the mailing date of this action. In the event a first reply is filed within TWO MONTHS of the mailing date of this final action and the advisory action is not mailed until after the end of the THREE-MONTH shortened statutory period, then the shortened statutory period will expire on the date the advisory action is mailed, and any extension fee pursuant to 37 CFR 1.136(a) will be calculated from the mailing date of the advisory action. In no event, however, will the statutory period for reply expire later than SIX MONTHS from the date of this final action.
Any inquiry concerning this communication or earlier communications from the examiner should be directed to Peter Poltorak whose telephone number is (571) 272-3840. The examiner can normally be reached Monday through Thursday from 9:00 a.m. to 5:00 p.m.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Jeffrey Pwu can be reached on (571) 272-6798. The fax phone number for the organization where this application or proceeding is assigned is (571) 273-8300.
Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system. Status information for published applications may be obtained from either Private PAIR or Public PAIR. Status information for unpublished applications is available through Private PAIR only. For more information about the PAIR system, see http://pair-direct.uspto.gov. Should you have questions on access to the Private PAIR system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free).
/PIOTR POLTORAK/Primary Examiner, Art Unit 2433