ACCOUNT INFORMATION MANAGEMENT METHOD USING MOBILE DEVICE OF USER

DETAILED ACTION Notice of Pre-AIA or AIA Status The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA . This office Action is in response to Application 18877325 filed on 12/20/2024. Claims 5 and 9 were currently amended via the preliminary amendments. Claim 1 is independent claim. Claims 1-9 have been examined and are pending in this application. This Office Action is made Non-Final. Information Disclosure Statement The information disclosure statement (IDS) submitted on 12/20/2024 is in compliance with the provisions of 37 CFR 1.97. Accordingly, the information disclosure statement is being considered by the examiner. Claim Objections Claims 1-5, 7, and 9 are objected to because of the following informality: Regarding claims 1, 4, and 7, the acronym ‘IP“ “‘URL“ and ‘ID“ are used without spelling out in full at its first occurrence in the claims. Appropriate correction is required. Regarding claims 2-5, 7, and 9, Claim 2 recites the limitations “before the (b), (f) monitoring, by the extension program” to properly recite components and associated functions of a claimed limitation, it’s suggested that the aforementioned limitations be further amended to ““before the step (b), (f) monitoring, by the extension program.” Claim 3 recites the limitations “but after the (f) and before the (b);” it’s suggested that the aforementioned limitations be further amended to “but after the step (f) and before the step (b).” Claim 4 recites the limitations “but after the (f) and before the (b),” and “after the (b);” it’s suggested that the aforementioned limitations be further amended to “but after the step (f) and before the step (b),” and “after the step (b).” Claims 5 and 9 recite the limitations “wherein in the (c),” it’s suggested that the aforementioned limitations be further amended to “wherein in the step (c).” Claim 7 recites the limitations “wherein in the (f),” it’s suggested that the aforementioned limitations be further amended to “wherein in the step (f).” Specification The disclosure is objected to because of the following informalities: [Technical Field] on page 1 should be renamed to Summary of Invention. Claim Rejections - 35 USC § 103 In the event the determination of the status of the application as subject to AIA 35 U.S.C. 102 and 103 (or as subject to pre-AIA 35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status. This application currently names joint inventors. In considering patentability of the claims the examiner presumes that the subject matter of the various claims was commonly owned as of the effective filing date of the claimed invention(s) absent any evidence to the contrary. Applicant is advised of the obligation under 37 CFR 1.56 to point out the inventor and effective filing dates of each claim that was not commonly owned as of the effective filing date of the later invention in order for the examiner to consider the applicability of 35 U.S.C. 102(b)(2)(C) for any potential 35 U.S.C. 102(a)(2) prior art against the later invention. The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action: A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made. Claims 1-2 are rejected under 35 U.S.C. 103 as being unpatentable over Silverstein et al. (“Silverstein,” US 20220385671, published on 12/01/2022) in view of DE GANON et al. (“DE GANON,” US 20180047018, published on 02/15/2018). Regarding Claim 1; Silverstein discloses an account information management method using an extension program installed on a web browser, a mobile password manager which is an application program for account information management installed on a mobile device of a user, and an intermediate server communicating with the extension program and the mobile password manager, the account information management method, comprising (par 0070; the virtual machine service provider can provide, to users, a browser extension application that installed on a computing device and executed when a browser application on the computing device is executed. The browser extension application associated with a user's unique code and/or other credentials used to access the virtual machine service provider. This allow for the browser extension application to automatically access the virtual machine service provider on behalf of the user without need for the user to provide its unique code and/or other credentials. The browser extension application monitor user interaction with the local browser application installed on the user's computing device): (a) encrypting and managing, by the mobile password manager, account information for each website registered by the user (par 0145; the encrypted credential information stored in a repository maintained by the virtual machine service provider, where the encrypted credential information associated with the virtual browser application environment and a profile associated with the authorized user for the virtual browser application environment. This allow the authorized user to access its credential information for websites accessed within the virtual browser application environment, subject to any applicable access control policies and/or alerts. For example, if the authorized user accesses a website within the virtual browser application environment, for which the authorized user's credential information for the website has been previously stored by the browser extension application during an authorized user's access to the website using its native browser application); (b) acquiring, by the mobile password manager, an information recording code, the information recording code recording website connection information corresponding to either domain information or IP information of the website that the user wishes to access through the web browser (par 0164; the authorized user can utilize an authentication device to obtain the one-time password or code that provided to the virtual machine service provider for authentication of the authorized user; par 0048; generating a unique code and corresponding access control policies for an authorized user, the primary user, via the website provided by the virtual machine service provider, provide one or more bookmarks that readily available to the authorized user when accessing the virtual browser application environment via the website [] to define a bookmark, the primary user provide a uniform resource identifier (URI) of the target website and a descriptor for the bookmark. As an illustrative example, if the primary user wishes to define a bookmark corresponding to the website of a financial institution, the primary user can provide the URI of the website (e.g., www.samplebank.com) and a descriptor for this website (e.g., “Sample Bank Home Page”)); (c) acquiring, by the mobile password manager, the account information corresponding to the website connection information recorded in the information recording code based on the account information for each website that is being managed, and transmitting the acquired account information to the intermediate server (par 0164; the authorized user can utilize an authentication device to obtain the one-time password or code that provided to the virtual machine service provider for authentication of the authorized user; par 0146; obtain an authorized user's credentials for accessing one or more websites via the authorized user's native browser application and the virtual browser application environment. For instance, an authorized user may grant, to the browser extension application, access to the authorized user's accounts maintained by one or more third-party credential managers. This may allow the browser extension application to retrieve any required authorized user credentials for accessing one or more websites via the native browser application and/or the virtual browser application); (d) transmitting, by the intermediate server, the account information received from the mobile password manager to the extension program (par 0136; the authorized user prompted to provide its unique code and/or other credentials that used to access the virtual browser application environment via the website or web portal provided by the virtual machine service provider. The virtual machine service provider validate the provided unique code and/or other credentials and transmit instructions to the browser extension application to associate the authorized user with the primary user's virtual browser application environment); and (e) automatically inputting, by the extension program, the account information transmitted from the intermediate server to a login window displayed on the web browser so that the account information corresponding to the website connection information is used for logging in to the website (par 0145; if the authorized user accesses a website within the virtual browser application environment, for which the authorized user's credential information for the website has been previously stored by the browser extension application during an authorized user's access to the website using its native browser application, the virtual browser application may automatically retrieve the authorized user's credentials and enable access to the authorized user's account via the website; par 0048; the primary user, via the website provided by the virtual machine service provider, provide one or more bookmarks that readily available to the authorized user when accessing the virtual browser application environment via the website). Silverstein discloses an information recording code as recited above, but do not explicitly disclose an information recording code generated by the extension program. However, in an analogous art, DE GANON discloses browser extension system/method that includes: an information recording code generated by the extension program (DE GANON: par 0069; the browser extension application store the provided data and generate the secure token, which mapped to the provided data stored at the browser extension application). Therefore, it would have been obvious to a person of ordinary skill in the art, before the effective filing date of the claimed invention to combine the teachings of DE GANON with the method/system of Silverstein to include an information recording code generated by the extension program. One would have been motivated to provide by a web browser application running on the computing device; and in response to detecting the field: automatically populating the field, through the browser extension application, with a secure token mapped to the data (DE GANON: abstract). Regarding Claim 2; The combination of Silverstein and DE GANON disclose the account information management method of claim 1: Silverstein discloses before the (b), (f) monitoring, by the extension program, a user's website login attempt using the web browser when the extension program is activated by a user's selection or is already activated, and extracting the website connection information or generating an asymmetric key when the website login attempt by the user is detected (Silverstein: par 0070; the browser extension application associated with a user's unique code and/or other credentials used to access the virtual machine service provider [] the browser extension application monitor user interaction with the local browser application installed on the user's computing device to determine whether to re-direct the user to the virtual browser application environment. For instance, if an authorized user, using the browser application on its computing device, attempts to access a website subject to an alert defined by the primary user, the browser extension application may automatically re-direct the authorized user to the website maintained by the virtual machine service provider and present, to the authorized user). Claims 3-7 and 9 are rejected under 35 U.S.C. 103 as being unpatentable over Silverstein et al. (US 20220385671) in view of DE GANON et al. (US 20180047018), and further in view of HONG et al. (“HONG,” WO 2013176491 A1, published on 11/28/2013). Regarding Claim 3; The combination of Silverstein and DE GANON disclose the account information management method of claim 2: Silverstein discloses a code is used as the information recording code, but after the (f) and before the (b), generating, by the extension program (Silverstein: par 0070; the browser extension application associated with a user's unique code and/or other credentials used to access the virtual machine service provider [] the browser extension application monitor user interaction with the local browser application installed on the user's computing device to determine whether to re-direct the user to the virtual browser application environment. For instance, if an authorized user, using the browser application on its computing device, attempts to access a website subject to an alert defined by the primary user, the browser extension application may automatically re-direct the authorized user to the website maintained by the virtual machine service provider and present, to the authorized user). DE GANON further discloses code generating, by the extension program (DE GANON: par 0069; the browser extension application store the provided data and generate the secure token, which mapped to the provided data stored at the browser extension application). The motivation is the same that of claim 1 above. The combination of Silverstein and DE GANON disclose a code is used as the information recording code as recited above, but do not explicitly disclose a quick response (QR) code; the QR code in which the website connection information and public key information among the asymmetric keys are recorded, and posting a pop-up window so that the generated QR code is displayed on a web browser screen. However, in an analogous art, HONG discloses authenticating web system/method that includes: a quick response (QR) code (HONG: page 4, par 2; before the web server of the web service displays the QR code including the authentication server URL of the web service on the web browser screen, the web server provides a form for subscription to the user); the QR code in which the website connection information and public key information among the asymmetric keys are recorded, and posting a pop-up window so that the generated QR code is displayed on a web browser screen (HONG: page 4, par 2; before the web server of the web service displays the QR code including the authentication server URL of the web service on the web browser screen, the web server provides a form for subscription to the user; Sending, by the web server, a bit string for identifying the authentication device to the authentication device of the user when the user fills out a form; Generating, by the web server, a code including a public key of a web service and displaying the code on a web browser screen). Therefore, it would have been obvious to a person of ordinary skill in the art, before the effective filing date of the claimed invention to combine the teachings of HONG with the method/system of Silverstein and DE GANON to include a quick response (QR) code; the QR code in which the website connection information and public key information among the asymmetric keys are recorded, and posting a pop-up window so that the generated QR code is displayed on a web browser screen. One would have been motivated to authenticate a web service user in which a web server of a web service displays a code including an authentication server URL of the web service on a web browser screen (HONG: abstract). Regarding Claim 4; The combination of Silverstein and DE GANON disclose the account information management method of claim 2: Silverstein discloses a code is used as the information recording code, but after the (f) and before the (b), transmitting, by the extension program (Silverstein: par 0070; the browser extension application associated with a user's unique code and/or other credentials used to access the virtual machine service provider [] the browser extension application monitor user interaction with the local browser application installed on the user's computing device to determine whether to re-direct the user to the virtual browser application environment. For instance, if an authorized user, using the browser application on its computing device, attempts to access a website subject to an alert defined by the primary user, the browser extension application may automatically re-direct the authorized user to the website maintained by the virtual machine service provider and present, to the authorized user). The combination of Silverstein and DE GANON disclose a code is used as the information recording code as recited above, but do not explicitly disclose a quick response (QR) code; transmitting, by the extension program, a public key among the generated asymmetric keys to the intermediate server; storing, by the intermediate server, the public key received from the extension program and transmitting channel URL information confirming a storage location of the public key to the extension program; generating, by the extension program, the QR code in which the website connection information and the channel URL information are recorded and posting a pop-up window so that the generated QR code is displayed on a web browser screen; and after the (b), acquiring, by the mobile password manager, the public key generated by the extension program based on the channel URL information recorded in the QR code. However, in an analogous art, HONG discloses authenticating web system/method that includes: a quick response (QR) code (HONG: page 4, par 2; before the web server of the web service displays the QR code including the authentication server URL of the web service on the web browser screen, the web server provides a form for subscription to the user); transmitting, by the extension program, a public key among the generated asymmetric keys to the intermediate server (HONG: page 4, par 2; before the web server of the web service displays the QR code including the authentication server URL of the web service on the web browser screen, the web server provides a form for subscription to the user; Sending, by the web server, a bit string for identifying the authentication device to the authentication device of the user when the user fills out a form; Generating, by the web server, a code including a public key of a web service); storing, by the intermediate server, the public key received from the extension program and transmitting channel URL information confirming a storage location of the public key to the extension program (HONG: page 7, par 8; The authentication token includes authentication information (ie, user ID (userID) and a public key (D .sub.pub ) of a key pair generated by the user) and a nonce obtained from a QR code [] if all the contents are encrypted using the public key (W .sub.pub ) of the web server); generating, by the extension program, the QR code in which the website connection information and the channel URL information are recorded and posting a pop-up window so that the generated QR code is displayed on a web browser screen (HONG: page 4, par 2; before the web server of the web service displays the QR code including the authentication server URL of the web service on the web browser screen, the web server provides a form for subscription to the user; Sending, by the web server, a bit string for identifying the authentication device to the authentication device of the user when the user fills out a form; Generating, by the web server, a code including a public key of a web service); and after the (b), acquiring, by the mobile password manager, the public key generated by the extension program based on the channel URL information recorded in the QR code (HONG: page 4, par 2; before the web server of the web service displays the QR code including the authentication server URL of the web service on the web browser screen, the web server provides a form for subscription to the user; Sending, by the web server, a bit string for identifying the authentication device to the authentication device of the user when the user fills out a form; Generating, by the web server, a code including a public key of a web service and displaying the code on a web browser screen). Therefore, it would have been obvious to a person of ordinary skill in the art, before the effective filing date of the claimed invention to combine the teachings of HONG with the method/system of Silverstein and DE GANON to include a quick response (QR) code; transmitting, by the extension program, a public key among the generated asymmetric keys to the intermediate server; storing, by the intermediate server, the public key received from the extension program and transmitting channel URL information confirming a storage location of the public key to the extension program; generating, by the extension program, the QR code in which the website connection information and the channel URL information are recorded and posting a pop-up window so that the generated QR code is displayed on a web browser screen; and after the (b), acquiring, by the mobile password manager, the public key generated by the extension program based on the channel URL information recorded in the QR code. One would have been motivated to authenticate a web service user in which a web server of a web service displays a code including an authentication server URL of the web service on a web browser screen (HONG: Regarding Claim 5; The combination of Silverstein, DE GANON, and HONG disclose the account information management method of claim 3, HONG discloses wherein in the (c), the mobile password manager encrypts the account information corresponding to the website connection information recorded in the QR code using the public key generated by the extension program, and then transmits the encrypted account information to the intermediate server (HONG: page 4, par 2; before the web server of the web service displays the QR code including the authentication server URL of the web service on the web browser screen, the web server provides a form for subscription to the user; Sending, by the web server, a bit string for identifying the authentication device to the authentication device of the user when the user fills out a form; Generating, by the web server, a code including a public key of a web service and displaying the code on a web browser screen; page 7, par 8; The authentication token includes authentication information (ie, user ID (userID) and a public key (D .sub.pub ) of a key pair generated by the user) and a nonce obtained from a QR code [] if all the contents are encrypted using the public key (W .sub.pub ) of the web server). The motivation is the same that of claim 3 above. Regarding Claim 6; The combination of Silverstein, DE GANON, and HONG disclose the account information management method of claim 5, HONG discloses wherein in the step (e), the extension program receives the encrypted account information from the mobile password manager through the intermediate server, decrypts the encrypted account information using a private key among the asymmetric keys, and automatically inputs the decrypted account information into the login window displayed on the web browser (HONG: page 7, pars 8-9; the authentication token includes authentication information (ie, user ID (userID) and a public key (D .sub.pub ) of a key pair generated by the user) and a nonce obtained from a QR code [] if all the contents are encrypted using the public key (W .sub.pub ) of the web server; Next, the authentication server of the web service decrypts the authentication token and checks the signature to check whether it is a normal message. If it is confirmed that the message is a normal message, it checks the authentication information and determines that it is a login attempt of the correct user. Informs the web server of the web service that it has successfully authenticated. As mentioned above, the web server of the web service has registered to receive a message from the authentication server for a predetermined time, and the authentication server responds to this, so that the web server can log in to the user). The motivation is the same that of claim 3 above. Regarding Claim 7; The combination of Silverstein and DE GANON disclose the account information management method of claim 2, The combination of Silverstein and DE GANON disclose all the limitations as recited above, but do not explicitly disclose wherein in the (f), the extension program newly generates the asymmetric key whenever the user selects to activate the extension program or recognizes an ID and password input window in a main text of the website to detect an access attempt to log in to the website. However, in an analogous art, HONG discloses authenticating web system/method that includes: wherein in the (f), the extension program newly generates the asymmetric key whenever the user selects to activate the extension program or recognizes an ID and password input window in a main text of the website to detect an access attempt to log in to the website (HONG: page 4, par 2; before the web server of the web service displays the QR code including the authentication server URL of the web service on the web browser screen, the web server provides a form for subscription to the user; Sending, by the web server, a bit string for identifying the authentication device to the authentication device of the user when the user fills out a form; Generating, by the web server, a code including a public key of a web service and displaying the code on a web browser screen; page 7, par 9; the authentication server of the web service decrypts the authentication token and checks the signature to check whether it is a normal message. If it is confirmed that the message is a normal message, it checks the authentication information and determines that it is a login attempt of the correct user. Informs the web server of the web service that it has successfully authenticated. As mentioned above, the web server of the web service has registered to receive a message from the authentication server for a predetermined time, and the authentication server responds to this, so that the web server can log in to the user). Therefore, it would have been obvious to a person of ordinary skill in the art, before the effective filing date of the claimed invention to combine the teachings of HONG with the method/system of Silverstein and DE GANON to include wherein in the (f), the extension program newly generates the asymmetric key whenever the user selects to activate the extension program or recognizes an ID and password input window in a main text of the website to detect an access attempt to log in to the website. One would have been motivated to authenticate a web service user in which a web server of a web service displays a code including an authentication server URL of the web service on a web browser screen (HONG: abstract). Regarding Claim 9; The combination of Silverstein, DE GANON, and HONG disclose the account information management method of claim 4, HONG discloses wherein in the (c), the mobile password manager encrypts the account information corresponding to the website connection information recorded in the QR code using the public key generated by the extension program, and then transmits the encrypted account information to the intermediate server (HONG: page 4, par 2; before the web server of the web service displays the QR code including the authentication server URL of the web service on the web browser screen, the web server provides a form for subscription to the user; Sending, by the web server, a bit string for identifying the authentication device to the authentication device of the user when the user fills out a form; Generating, by the web server, a code including a public key of a web service and displaying the code on a web browser screen; page 7, par 8; The authentication token includes authentication information (ie, user ID (userID) and a public key (D .sub.pub ) of a key pair generated by the user) and a nonce obtained from a QR code [] if all the contents are encrypted using the public key (W .sub.pub ) of the web server). The motivation is the same that of claim 3 above. Claim 8 is rejected under 35 U.S.C. 103 as being unpatentable over Silverstein et al. (US 20220385671) in view of DE GANON et al. (US 20180047018), and further in view of NAKAGAWA et al. (“NAKAGAWA,” US 20210234858, published on 07/29/2021). Regarding Claim 8; The combination of Silverstein and DE GANON disclose the account information management method of claim 1, The combination of Silverstein and DE GANON disclose all the limitations as recited above, but do not explicitly disclose wherein a biometric authentication procedure for authenticating the user using the mobile password manager is added before at least one of a time of application execution of the mobile password manager, a time of displaying the account information on an app screen through the mobile password manager, and a time of user approval of account information transmission. However, in an analogous art, NAKAGAWA discloses authentication system/method that includes: wherein a biometric authentication procedure for authenticating the user using the mobile password manager is added before at least one of a time of application execution of the mobile password manager, a time of displaying the account information on an app screen through the mobile password manager, and a time of user approval of account information transmission (NAKAGAWA: par 0043; when the registration requesting part 221 receives the user registration request from the authentication application, the registration requesting part 221 sends a login form, which is a page that receives user ID input, to the mobile terminal 4 to acquire first registration request information including the user ID inputted in the login form; par 0057; when the mobile terminal receives the challenge information and the policy information, the authentication application selects the authentication method for biometric authentication; par 0091; when the authentication result indicates that the biometric authentication was successful, the result sending part 123 causes the terminal 3 or the mobile terminal 4 to display information indicating that the user U has been successfully authenticated for a predetermined period of time [] it can be confirmed that the area 41 shows the period of time for which the information indicating successful authentication is displayed). Therefore, it would have been obvious to a person of ordinary skill in the art, before the effective filing date of the claimed invention to combine the teachings of NAKAGAWA with the method/system of Silverstein and DE GANON to include wherein a biometric authentication procedure for authenticating the user using the mobile password manager is added before at least one of a time of application execution of the mobile password manager, a time of displaying the account information on an app screen through the mobile password manager, and a time of user approval of account information transmission. One would have been motivated to provide a function related to the application when the authentication succeeds, the authentication server includes a biometric authentication instructing part that sends a push notification including first instruction information to a mobile terminal (NAKAGAWA: abstract). Conclusion Any inquiry concerning this communication or earlier communications from the examiner should be directed to CHAO WANG whose telephone number is (313)446-6644. The examiner can normally be reached on Monday-Friday 7:30-4:30PM EST. Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice. If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Luu Pham can be reached on (571)270-5002. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300. Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system. Status information for published applications may be obtained from either Private PAIR or Public PAIR. Status information for unpublished applications is available through Private PAIR only. For more information about the PAIR system, see https://ppair-my.uspto.gov/pair/PrivatePair. Should you have questions on access to the Private PAIR system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative or access to the automated information system, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000. /C.W./Examiner, Art Unit 2439 /JAMES R TURCHEN/Primary Examiner, Art Unit 2439