DETAILED ACTION
Notice of Pre-AIA or AIA Status
1. The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .
2. Claims 1-20 are pending. Claims 1, 11, and 16 are in independent forms.
Information Disclosure Statement
3. The information disclosure statements (IDS's) submitted on 11/07/2024 is in compliance with provisions of 37 CFR 1.97. Accordingly, the information disclosure statement is being considered by the examiner.
Drawings
4. The drawings filed on 11/07/2024 are accepted by the examiner.
Double Patenting
5. The non-statutory double patenting rejection is based on a judicially created doctrine grounded in public policy (a policy reflected in the statute) so as to prevent the unjustified or improper timewise extension of the “right to exclude” granted by a patent and to prevent possible harassment by multiple assignees. A non-statutory obviousness-type double patenting rejection is appropriate where the conflicting claims are not identical, but at least one examined application claim is not patentably distinct from the reference claim(s) because the examined application claim is either anticipated by, or would have been obvious over, the reference claim(s). See, e.g., In re Berg, 140 F.3d 1428, 46 USPQ2d 1226 (Fed. Cir. 1998); In re Goodman, 11 F.3d 1046, 29 USPQ2d 2010 (Fed. Cir. 1993); In re Longi, 759 F.2d 887, 225 USPQ 645 (Fed. Cir. 1985); In re Van Ornum, 686 F.2d 937, 214 USPQ 761 (CCPA 1982); In re Vogel, 422 F.2d 438, 164 USPQ 619 (CCPA 1970); and In re Thorington, 418 F.2d 528, 163 USPQ 644 (CCPA 1969).
A timely filed terminal disclaimer in compliance with 37 CFR 1.321(c) or 1.321(d) may be used to overcome an actual or provisional rejection based on a nonstatutory double patenting ground provided the conflicting application or patent either is shown to be commonly owned with this application, or claims an invention made as a result of activities undertaken within the scope of a joint research agreement. A terminal disclaimer must be signed in compliance with 37 CFR 1.321(b).
The USPTO internet Web site contains terminal disclaimer forms which may be used. Please visit http://www.uspto.gov/forms/. The filing date of the application will determine what form should be used. A web-based eTerminal Disclaimer may be filled out completely online using web-screens. An eTerminal Disclaimer that meets all requirements is auto-processed and approved immediately upon submission. For more information about eTerminal Disclaimers, refer to http://www.uspto.gov/patents/process/file/efs/guidance/eTD-info-I.jsp.
Claims 1, 11, and 16 are non-provisionally rejected on the ground of non-statutory double patenting as being unpatentable over claims 1, 11, and 16 of U.S. Patent No. 12,177,657 B1. Although the claims at issue are not identical, they are not patentably distinct from each other because the claims in the U.S. Patent No. 12,177,657 B1 contains every element of claims of the instant application. A later patent claim is not patentably distinct from an earlier patent claim if the later claim is obvious over, or anticipated by, the earlier claim. In re Longi, 759 F.2d at 896, 225 USPQ at 651 (affirming a holding of obviousness-type double patenting because the claims at issue were obvious over claims in four prior art patents); In re Berg, 140 F.3d at 1437, 46 USPQ2d at 1233 (Fed. Cir. 1998) (affirming a holding of obviousness-type double patenting where a patent application claim to a genus is anticipated by a 35 patent claim to a species within that genus). “ELI LILLY AND COMPANY v BARR LABORATORIES, INC., United States Court of Appeals for the Federal Circuit, ON PETITION FOR REHEARING EN BANC (DECIDED: May 30, 2001).
Claims 1, 11, and 16 are rejected on the ground of non-statutory obviousness type double patenting as being unpatentable over claims 1, 11, and 16 of U.S. Patent No. 12,177,657 B1 in view of Queralt et al. (US 2021/0194703 A1) in view of Lundy et al. (US 8,896,416 B1) in view of Marquardt (US 2017/0228520 A1) in view of Grigg et al. (US 2016/0173478 A1). Although the conflicting claims are not identical, they are not patentably distinct from each other because the instant application merely attempts to broaden the scope of the invention by omitting “wherein the individual is associated with a mobile device that is equipped with an authentication app communicatively coupled with an authentication system; responsive to the receiving the validation request, obtaining validation request data from a user validation system; wherein the individual is associated with a mobile device that is equipped with an authentication app communicatively coupled with an authentication system; responsive to the receiving the request, generating request data and providing the request data to the backend system, wherein the request data, when utilized by an end user device associated with the backend system, causes a process to be performed for validating the individual; detecting use of the request data by the end user device; presenting, by a processing system of an end user device including a processor, a selectable option for initiating a validation process; detecting, by the processing system, a user selection of the selectable option; based on the detecting the user selection, transmitting, by the processing system, a validation request to a backend system;”. Since it has been held that omission of an element and its function in a combination where the remaining elements perform the same functions as before involves only routine skill in the art. In re Karison, 136 USPQ 184, Application 18/940,037 is an obvious variant of Patent Application No. 12,177,657. The dependent claims are rejected because of their dependency on independent claims. This is a non-provisional non-statutory obviousness type double patenting rejection because the conflicting claims have been patented.
18/940,037 (Instant application)
12,177,657 (Conflicting application)
Claim 1: A backend device, comprising:
a processing system including a processor;
and a memory that stores executable instructions that, when executed by the processing system, facilitate performance of operations, the operations comprising:
obtaining validation request data from a user validation system in response to a validation request from an end user device for an individual;
enabling, using the validation request data, the end user device to communicate with the user validation system, wherein validation of the individual involves the user validation system triggering an authentication system to provide access information to the end user device for utilization by a mobile device of the individual, the authentication system authenticating the individual and the mobile device after the mobile device utilizes the access information, the authentication system providing, to the user validation system, identification information associated with the individual based on the authenticating, and the user validation system obtaining, based on the identification information, data regarding the individual and determining a validation result using the data; and
obtaining the validation result from the user validation system and causing the validation result to be presented to or by the end user device, wherein the validation result comprises an image of the individual.
Claim 11: A non-transitory machine-readable medium, comprising executable instructions that, when executed by a processing system including a processor of a backend device, facilitate performance of operations, the operations comprising:
obtaining validation request data from a user validation system in response to a validation request from an end user device for an individual;
enabling, using the validation request data, the end user device to communicate with the user validation system, wherein validation of the individual involves the user validation system triggering an authentication system to provide access information to the end user device for utilization by a mobile device of the individual, the authentication system authenticating the individual and the mobile device after the mobile device utilizes the access information, the authentication system providing, to the user validation system, identification information associated with the individual based on the authenticating, and the user validation system obtaining, based on the identification information, data regarding the individual and determining a validation result using the data; and
obtaining the validation result from the user validation system, wherein the validation result comprises an image of the individual.
Claim 16: A method, comprising:
obtaining by a backend device, validation request data from a user validation system in response to a validation request from an end user device for an individual;
enabling, by the backend device using the validation request data, the end user device to communicate with the user validation system, wherein validation of the individual involves the user validation system triggering an authentication system to provide access information to the end user device for utilization by a mobile device of the individual, the authentication system authenticating the individual and the mobile device after the mobile device utilizes the access information, the authentication system providing, to the user validation system, identification information associated with the individual based on the authenticating, and the user validation system obtaining, based on the identification information, data regarding the individual and determining a validation result using the data; and
obtaining, by the backend device, the validation result from the user validation system and
causing the validation result to be presented to or by the end user device, wherein the validation result comprises an image of the individual
Claim 1: A backend device, comprising:
a processing system including a processor; and
a memory that stores executable instructions that, when executed by the processing system, facilitate performance of operations, the operations comprising:
receiving, from an end user device, a validation request for validating an individual, wherein the individual is associated with a mobile device that is equipped with an authentication app communicatively coupled with an authentication system;
responsive to the receiving the validation request, obtaining validation request data from a user validation system;
enabling, using the validation request data, the end user device to communicate with the user validation system so as to facilitate validation of the individual, wherein the validation of the individual involves the user validation system triggering the authentication system to provide access information to the end user device for utilization by the mobile device, the authentication system authenticating the individual and the mobile device after the mobile device utilizes the access information, the authentication system providing, to the user validation system, identification information associated with the individual based on the authenticating, and the user validation system obtaining, based on the identification information, data regarding the individual and determining a validation result using the data; and
obtaining the validation result from the user validation system and causing the validation result to be presented to the end user device, wherein the validation result comprises an identification photo of the individual.
Claim 11: A non-transitory machine-readable medium, comprising executable instructions that, when executed by a processing system including a processor, facilitate performance of operations, the operations comprising:
receiving, from a backend system, a request associated with validating an individual, wherein the individual is associated with a mobile device that is equipped with an authentication app communicatively coupled with an authentication system;
responsive to the receiving the request, generating request data and providing the request data to the backend system, wherein the request data, when utilized by an end user device associated with the backend system, causes a process to be performed for validating the individual;
detecting use of the request data by the end user device;
based on the detecting, triggering the authentication system to provide access information to the end user device to be utilized by the mobile device; after the triggering and authentication processing for the mobile device by the authentication system, obtaining, from the authentication system, identification information associated with the individual;
determining a validation result using data relating to the identification information; and
causing the validation result to be provided to the end user device for presentation, wherein the validation result comprises an identification photo of the individual.
Claim 16: A method, comprising:
presenting, by a processing system of an end user device including a processor, a selectable option for initiating a validation process;
detecting, by the processing system, a user selection of the selectable option;
based on the detecting the user selection, transmitting, by the processing system, a validation request to a backend system;
responsive to the transmitting, obtaining, by the processing system, validation request data from the backend system, wherein the validation request data is provided by a user validation system based on the validation request;
performing, by the processing system and based on the validation request data, an action to cause the user validation system to initiate validation of an individual, wherein the individual is associated with a mobile device that is equipped with an authentication app communicatively coupled with an authentication system;
based upon the performing, obtaining, by the processing system, access information from the authentication system;
presenting, by the processing system, the access information for utilization by the mobile device, wherein the utilization triggers authentication of the individual and the mobile device by the authentication system, providing of identification information associated with the individual by the authentication system to the user validation system, and
determination of a validation result by the user validation system based on data associated with the identification information;
obtaining, by the processing system, the validation result from the user validation system or the backend system; and
causing, by the processing system, the validation result to be presented for user review or consideration, wherein the validation result comprises an identification photo of the individual.
Claim Rejections - 35 USC § 103
6. The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.
7. Claims 1-5 and 10-20 are rejected under 35 U.S.C. 103 as being unpatentable over Queralt et al. US Patent Application Publication No. 2018/0097640 (hereinafter Queralt) in view of Lundy et al. US Patent No. 8,896,416 (hereinafter Lundy).
Regarding claim 1, Queralt discloses a backend device (Fig. 1, FIDO user device 100), comprising:
“a processing system including a processor” (Fig. 2, FIDO authenticator registration process 200); and
a memory that stores executable instructions that, when executed by the processing system, facilitate performance of operations (see Queralt par. 0076-0077, a manager sends and invitation 202 to a user. A registration request 204 is then sent to a relying party app 206, which is then transmitted to a FIDO UAF server/registration portal 214 such that, a FIDO x.509 authenticator is downloaded 208 to the user device), the operations comprising:
“obtaining validation request data from a user validation system in response to a validation request from an end user device for an individual” (see Queralt par. 0053, a system is provided for authenticating a mobile device seeking to access a server of an online service via a network connection and seeking authentication from a first authentication server and a second authentication server, where the system comprises a mobile app associated with the online service stored on a storage on the mobile device. The system is provided such that when the mobile app is opened, a request to access the online service is generated, the request including data associated with the mobile device and the mobile device transmits the request to an online service server associated with the online service. The system is further provided such that the online service server receives the request to access the online service and generates a first authentication request that is transmitted to the first authentication server, the first authentication request including data being associated with the mobile device);
“obtaining the validation result from the user validation system and causing the validation result to be presented to or by the end user device, wherein the validation result comprises an image of the individual” (see Queralt pars. 0091-0092, the Authenticator 632 then unlocks the user authentication and computes the authentication result 642 and sends signed data 644 to the Authenticator Specific Module 628, which in turn, sends the signed data 646 to the FIDO Client 618. The FIDO Client 618 sends a UAF authentication response including the signed data 648 to the Relying Party Mobile App 606. The Relying Party Mobile App 606 sends the UAF authentication response 650 to the FIDO Server 610, which verifies 652 the UAF authentication response. The verification result is then sent 654 to the Relying Party Mobile App 606, which in turn, provides the login information 656 to the User 602);
“enabling, using the validation request data, the end user device to communicate with the user validation system, wherein validation of the individual involves the user validation system triggering an authentication system to provide access information to the end user device for utilization by a mobile device of the individual, (see pars. 0088-0090, the FIDO UAF authentication process 600 is described. The various steps for authentication are depicted including where a User 602 opens 604 a Relying Party Mobile app 606. The Mobile App 606 triggers a UAF authentication request 608, which is sent to FIDO Server 610. A general authorization request 612 is generated and the UAF authentication request is returned 614 to the relying party mobile app 606. The Relying Party Mobile app 606 then sends the UAF authentication request along with the application identification and the TLS bindings 616 to the FIDO Client 618. The FIDO Client 618 seeks to retrieve the Facet identification list identified by the application identification 620, which request is sent to the Relying Party Mobile app 606. The Relying Party Mobile app 606 then returns the Facet identification list 622 to the FIDO Client 618. The FIDO Client 618 then selects an authenticator based on policy 624, which triggers an authentication 626 to the Authenticator Specific Module 628. The Authenticator Specific Module 628 then triggers an authentication including a Key Handle (KH) access token 630 with the Authenticator 632. This triggers a user verification 634, such that when the User 602 identifies themselves, a certificate verification and validation request 636 is sent to PKI Process 638. The PKI Process 638 would then send a user verification 640 back to the Authenticator 632 );
Queralt does not explicitly discloses the authentication system authenticating the individual and the mobile device after the mobile device utilizes the access information, the authentication system providing, to the user validation system, identification information associated with the individual based on the authenticating.
However, in analogues art, Lundy discloses the authentication system authenticating the individual and the mobile device after the mobile device utilizes the access information, the authentication system providing, to the user validation system, identification information associated with the individual based on the authenticating (see Lundy col. 8, lines 3- 65, a flow diagram illustrates overall method 200 for identifying a user by authenticating a mobile device associated with that user, in accordance with an embodiment. Initially, as indicated at block 210, a request to access a secured portion of a website is received from a user. In one embodiment, access information (e.g., login name, password, security message), which is included in the request for access, is submitted by the user at computing device 160 and/or mobile device 110. Incident to receiving the request, the user profile may be searched for security credentials that correspond to the requesting user. The security credentials may then be compared against the access information received in the request according a procedure for validating the set of security credentials. the communications network authorizes the mobile device by using a network-authentication procedure. An illustrative network-authentication procedure extracts the device identifier embedded within, or appended to, a communication from the user's mobile device).
Therefore it would have been obvious to a person of ordinary skill in the art before the effective filing date of the application to Incorporate the teachings of Lundy into the system of Queralt to include a mobile device in proximity to the user while attempting to acquire access at the user interface, the server may authenticate the mobile device and utilize the authentication as user validation (see Lundy col. 3, lines 28-31).
Regarding claims 2, 12, and 17, Queralt in view of Lundy discloses the backend device of claim 1, the non-transitory machine-readable medium of claim 11, the method of claim 16, Queralt further discloses wherein the validation of the individual involves use of personally identifiable information (PII) associated with the individual (see Queralt par. 0010, Mobile devices have brought a rapid convergence of multi-factor authentication, native functionality (i.e. apps), and web browsing. One of the most important recent advances is the phone-as-second-factor. That is, the cell phone is the “something you have”. The overt physical factor is activated by Personal Identification Number (PIN) or password (the something you know), or increasingly, an integrated biometric).
Regarding claim 3, Queralt in view of Lundy discloses the backend device of claim 1, Queralt further discloses wherein the end user device is associated with an entity having a need to validate the individual for purposes of providing a product or service to the individual (see Queralt par. 0017, the result of all this mobile device utilization has been the proliferation of new and differing types of authentication systems. These relatively new authentication systems provide various benefits including for example, the ability to leverage key functions of mobile devices and new computing technics to deliver a more user friendly and frictionless authentication process between the mobile device and the relying party (e.g., the organization providing a service to the individual, device or other)).
Regarding claim 4, Queralt in view of Lundy discloses the backend device of claim 1, Queralt further discloses wherein the end user device is equipped with a validation request app or has access to a web page for obtaining the validation request and for presenting the validation result (see Queralt par. 0080, The authentication request is transmitted to the user device 310 via the relying party application 304. The app 301 sends a certificate validation request 312 to an OCSP server 314 and receives back the validation. The validation or signed assertion 316 is then transmitted to the FIDO enabled relying party application 304. The FIDO enabled relying party application 304 then verifies the result 318 with the FIDO server, and once verified, allows the app 301 to access 320 the FIDO enabled relying party application 304).
Regarding claim 5, Queralt in view of Lundy discloses the backend device of claim 1, Queralt further discloses wherein the validation request data comprises a request code or request ID (see Queralt par. 0082, The mobile app 406 requests the user 402 for a PIN 408 and for the user name and PIN to be submitted 410. The mobile app 406 then verifies the login 412 and triggers a UAF Registration request 414 to a FIDO server 416, which returns the UAF registration request 418 to the relying party mobile app 406).
Regarding claim 10, Queralt in view of Lundy discloses the backend device of claim 1, Lundy further discloses wherein the user validation system comprises a trusted source or database and stores personal information relating to a plurality of individuals that includes the individual (see Lundy col. 7, lines 31-39, the profiles database 130 stores information associated with a subscriber of the services of the communications network and is searchable for such information. In one embodiment, a subscriber profile is generated where information is associated with, or mapped to, a subscriber that utilizes communications network 170 to authenticate user mobile devices. In this embodiment, the associated information may include, for example, indicia of the subscriber, device identifiers associated with user mobile devices, dial-in numbers (discussed above), or any other data that relates to a subscriber or a customer thereof).
Therefore it would have been obvious to a person of ordinary skill in the art before the effective filing date of the application to Incorporate the teachings of Lundy into the system of Queralt to include a mobile device in proximity to the user while attempting to acquire access at the user interface, the server may authenticate the mobile device and utilize the authentication as user validation (see Lundy col. 3, lines 28-31).
Regarding claim 11, Queralt discloses a non-transitory machine-readable medium, comprising executable instructions that, when executed by a processing system including a processor of a backend device, facilitate performance of operations, the operations comprising:
“obtaining validation request data from a user validation system in response to a validation request from an end user device for an individual” (see Queralt pars. 0091-0092, the Authenticator 632 then unlocks the user authentication and computes the authentication result 642 and sends signed data 644 to the Authenticator Specific Module 628, which in turn, sends the signed data 646 to the FIDO Client 618. The FIDO Client 618 sends a UAF authentication response including the signed data 648 to the Relying Party Mobile App 606. The Relying Party Mobile App 606 sends the UAF authentication response 650 to the FIDO Server 610, which verifies 652 the UAF authentication response. The verification result is then sent 654 to the Relying Party Mobile App 606, which in turn, provides the login information 656 to the User 602);
“obtaining the validation result from the user validation system, wherein the validation result comprises an image of the individual” (see Queralt pars. 0091-0092, the Authenticator 632 then unlocks the user authentication and computes the authentication result 642 and sends signed data 644 to the Authenticator Specific Module 628, which in turn, sends the signed data 646 to the FIDO Client 618. The FIDO Client 618 sends a UAF authentication response including the signed data 648 to the Relying Party Mobile App 606. The Relying Party Mobile App 606 sends the UAF authentication response 650 to the FIDO Server 610, which verifies 652 the UAF authentication response. The verification result is then sent 654 to the Relying Party Mobile App 606, which in turn, provides the login information 656 to the User 602);
“enabling, using the validation request data, the end user device to communicate with the user validation system, wherein validation of the individual involves the user validation system triggering an authentication system to provide access information to the end user device for utilization by a mobile device of the individual, (see pars. 0088-0090, the FIDO UAF authentication process 600 is described. The various steps for authentication are depicted including where a User 602 opens 604 a Relying Party Mobile app 606. The Mobile App 606 triggers a UAF authentication request 608, which is sent to FIDO Server 610. A general authorization request 612 is generated and the UAF authentication request is returned 614 to the relying party mobile app 606. The Relying Party Mobile app 606 then sends the UAF authentication request along with the application identification and the TLS bindings 616 to the FIDO Client 618. The FIDO Client 618 seeks to retrieve the Facet identification list identified by the application identification 620, which request is sent to the Relying Party Mobile app 606. The Relying Party Mobile app 606 then returns the Facet identification list 622 to the FIDO Client 618. The FIDO Client 618 then selects an authenticator based on policy 624, which triggers an authentication 626 to the Authenticator Specific Module 628. The Authenticator Specific Module 628 then triggers an authentication including a Key Handle (KH) access token 630 with the Authenticator 632. This triggers a user verification 634, such that when the User 602 identifies themselves, a certificate verification and validation request 636 is sent to PKI Process 638. The PKI Process 638 would then send a user verification 640 back to the Authenticator 632 );
Queralt does not explicitly discloses the authentication system authenticating the individual and the mobile device after the mobile device utilizes the access information, the authentication system providing, to the user validation system, identification information associated with the individual based on the authenticating.
However, in analogues art, Lundy discloses the authentication system authenticating the individual and the mobile device after the mobile device utilizes the access information, the authentication system providing, to the user validation system, identification information associated with the individual based on the authenticating (see Lundy col. 8, lines 3- 65, a flow diagram illustrates overall method 200 for identifying a user by authenticating a mobile device associated with that user, in accordance with an embodiment. Initially, as indicated at block 210, a request to access a secured portion of a website is received from a user. In one embodiment, access information (e.g., login name, password, security message), which is included in the request for access, is submitted by the user at computing device 160 and/or mobile device 110. Incident to receiving the request, the user profile may be searched for security credentials that correspond to the requesting user. The security credentials may then be compared against the access information received in the request according a procedure for validating the set of security credentials. the communications network authorizes the mobile device by using a network-authentication procedure. An illustrative network-authentication procedure extracts the device identifier embedded within, or appended to, a communication from the user's mobile device).
Therefore it would have been obvious to a person of ordinary skill in the art before the effective filing date of the application to Incorporate the teachings of Lundy into the system of Queralt to include a mobile device in proximity to the user while attempting to acquire access at the user interface, the server may authenticate the mobile device and utilize the authentication as user validation (see Lundy col. 3, lines 28-31).
Regarding claim 13, Queralt in view of Lundy discloses the non-transitory machine-readable medium of claim 11,
Lundy further discloses wherein the identification information comprises a subscriber ID associated with the individual or the mobile device (see Lundy col. 6, lines 60-64, col. 11, lines 12-23, Input component 166 allows a user to provide input to computing device 160. In an exemplary embodiment, the user may utilize input component 166 to provide access information (e.g., message, personal ID, password, etc.) to subscriber server 120. a transmission is sent from the communications network to the mobile device that includes a message. In one embodiment, the message is embedded within an instant message (IM), a text, voice mail, digital photo, email, and the like. Further, the message may be conveyed in an easily recognized format, or may be obscured (e.g., requesting the user to identify a previously submitted digital photo, requesting the user to answer a previously submitted query). The next step of this layered authentication process may be providing the message).
Therefore it would have been obvious to a person of ordinary skill in the art before the effective filing date of the application to Incorporate the teachings of Lundy into the system of Queralt to include a mobile device in proximity to the user while attempting to acquire access at the user interface, the server may authenticate the mobile device and utilize the authentication as user validation (see Lundy col. 3, lines 28-31).
Regarding claim 14, Queralt in view of Lundy discloses the non-transitory machine-readable medium of claim 11,
Lundy further discloses wherein the operations further comprise receiving a session ID or authorization code (see Lundy col. 6, line 65- col. 7, line 38, security application 125 initiates a request to validate the set of security credentials, incident to receiving a request for access from a user. In still another step, access of the digitally secured information is granted. In one embodiment, access is granted if communications-network server 140 determines the device identifiers embedded in a mobile-device communication are authentic and the set of security credentials is satisfied by the received access information. Accordingly, the user is granted rights to view and/or manipulate information previously shielded by subscriber server 120. Alternatively, security application 125 may withhold from the user, rights to access at least a portion of the digitally secured information if any one of the set of security credentials is left unsatisfied, subscriber server 120. These steps of the procedure for validating the set of security credentials may be also be performed at any other component operably coupled to communications network 170).
Therefore it would have been obvious to a person of ordinary skill in the art before the effective filing date of the application to Incorporate the teachings of Lundy into the system of Queralt to include a mobile device in proximity to the user while attempting to acquire access at the user interface, the server may authenticate the mobile device and utilize the authentication as user validation (see Lundy col. 3, lines 28-31).
Regarding claims 15 and 19, Queralt in view of Lundy discloses the non-transitory machine-readable medium of claim 11, the method of claim 16,
Queralt further discloses wherein the causing the validation result to be provided to the end user device involves use of a Hypertext Transfer Protocol Secure (HTTPS) POST (see Queralt par. 0017, The recent publication of NIST SP 800-63-3 DIGITAL IDENTITY GUIDELINES outlined notable changes in the identity proofing and authentication of users, such as employees, contractors, private individuals, and commercial entities, working with government IT systems over open networks. See, https://pages.nist.gov/800-63-3/sp800-63-3.html. Two significant changes outlined in the document are (1) the separation of identity assurance from authenticator assurance, and (2) the recognition of technologies like FIDO U2F and UAF within the highest level—Authenticator Assurance Level 3 (AAL3)).
Regarding claim 16, Queralt discloses a method, comprising:
“obtaining. by a backend device, validation request data from a user validation system in response to a validation request from an end user device for an individual” (see Queralt pars. 0091-0092, the Authenticator 632 then unlocks the user authentication and computes the authentication result 642 and sends signed data 644 to the Authenticator Specific Module 628, which in turn, sends the signed data 646 to the FIDO Client 618. The FIDO Client 618 sends a UAF authentication response including the signed data 648 to the Relying Party Mobile App 606. The Relying Party Mobile App 606 sends the UAF authentication response 650 to the FIDO Server 610, which verifies 652 the UAF authentication response. The verification result is then sent 654 to the Relying Party Mobile App 606, which in turn, provides the login information 656 to the User 602);
“obtaining, by the backend device, the validation result from the user validation system and causing the validation result to be presented to or by the end user device, wherein the validation result comprises an image of the individual” (see Queralt pars. 0091-0092, the Authenticator 632 then unlocks the user authentication and computes the authentication result 642 and sends signed data 644 to the Authenticator Specific Module 628, which in turn, sends the signed data 646 to the FIDO Client 618. The FIDO Client 618 sends a UAF authentication response including the signed data 648 to the Relying Party Mobile App 606. The Relying Party Mobile App 606 sends the UAF authentication response 650 to the FIDO Server 610, which verifies 652 the UAF authentication response. The verification result is then sent 654 to the Relying Party Mobile App 606, which in turn, provides the login information 656 to the User 602);
“enabling, by the backend device using the validation request data, the end user device to communicate with the user validation system, wherein validation of the individual involves the user validation system triggering an authentication system to provide access information to the end user device for utilization by a mobile device of the individual, user validation system obtaining, based on the identification information, data regarding the individual and determining a validation result using the data” (see pars. 0088-0090, the FIDO UAF authentication process 600 is described. The various steps for authentication are depicted including where a User 602 opens 604 a Relying Party Mobile app 606. The Mobile App 606 triggers a UAF authentication request 608, which is sent to FIDO Server 610. A general authorization request 612 is generated and the UAF authentication request is returned 614 to the relying party mobile app 606. The Relying Party Mobile app 606 then sends the UAF authentication request along with the application identification and the TLS bindings 616 to the FIDO Client 618. The FIDO Client 618 seeks to retrieve the Facet identification list identified by the application identification 620, which request is sent to the Relying Party Mobile app 606. The Relying Party Mobile app 606 then returns the Facet identification list 622 to the FIDO Client 618. The FIDO Client 618 then selects an authenticator based on policy 624, which triggers an authentication 626 to the Authenticator Specific Module 628. The Authenticator Specific Module 628 then triggers an authentication including a Key Handle (KH) access token 630 with the Authenticator 632. This triggers a user verification 634, such that when the User 602 identifies themselves, a certificate verification and validation request 636 is sent to PKI Process 638. The PKI Process 638 would then send a user verification 640 back to the Authenticator 632 );
Queralt does not explicitly discloses the authentication system authenticating the individual and the mobile device after the mobile device utilizes the access information, the authentication system providing, to the user validation system, identification information associated with the individual based on the authenticating.
However, in analogues art, Lundy discloses the authentication system authenticating the individual and the mobile device after the mobile device utilizes the access information, the authentication system providing, to the user validation system, identification information associated with the individual based on the authenticating (see Lundy col. 8, lines 3- 65, a flow diagram illustrates overall method 200 for identifying a user by authenticating a mobile device associated with that user, in accordance with an embodiment. Initially, as indicated at block 210, a request to access a secured portion of a website is received from a user. In one embodiment, access information (e.g., login name, password, security message), which is included in the request for access, is submitted by the user at computing device 160 and/or mobile device 110. Incident to receiving the request, the user profile may be searched for security credentials that correspond to the requesting user. The security credentials may then be compared against the access information received in the request according a procedure for validating the set of security credentials. the communications network authorizes the mobile device by using a network-authentication procedure. An illustrative network-authentication procedure extracts the device identifier embedded within, or appended to, a communication from the user's mobile device).
Therefore it would have been obvious to a person of ordinary skill in the art before the effective filing date of the application to Incorporate the teachings of Lundy into the system of Queralt to include a mobile device in proximity to the user while attempting to acquire access at the user interface, the server may authenticate the mobile device and utilize the authentication as user validation (see Lundy col. 3, lines 28-31).
Regarding claim 18, Queralt in view of Lundy disclose the method of claim 16,
Lundy further discloses wherein progress information associated with the validation of the individual is presented during one or more of the authenticating of the individual and the mobile device, the providing of the identification information, and the determination of the validation result (see Lundy col. 6, lines 45-59, Each of subscriber server 120, profiles database 130, communications-network server 140, network gateway 150, and computing device 160 shown in FIG. 1 may take the form of various types of computing devices. By way of example only, components 120, 130, 140, 150, and 160 may be a personal computing device, handheld device, consumer electronic device, and the like. Additionally, computing device 160 is configured to present a user interface 165 and even to receive input at an input component 166 in one embodiment. User interface 165 may be presented on any presentation component (not shown) that may be capable of presenting information to a user. In an exemplary embodiment, user interface 165 presents a prompt for the user to provide an input (e.g., message, personal identifier, password, etc.) into an input-entry area).
Therefore it would have been obvious to a person of ordinary skill in the art before the effective filing date of the application to Incorporate the teachings of Lundy into the system of Queralt to include a mobile device in proximity to the user while attempting to acquire access at the user interface, the server may authenticate the mobile device and utilize the authentication as user validation (see Lundy col. 3, lines 28-31).
Regarding claim 20, Queralt in view of Lundy disclose the method of claim 16,
Lundy further discloses wherein the end user device is associated with an account registered with the backend device or the user validation system, and wherein the account permits submission of validation requests to the backend device or the user validation system for validation of individuals (see Lundy col. 4, lines 46-58, a secured portion of a website resides on a subscriber server, where the subscriber server determines whether to grant a user access upon receiving a request for access. In another embodiment, the secured portion of the website includes any information related to a user, user accounts with the subscriber, or data that the user desires to be protected. By way of example, the secured portion of a website is a user's bank account information, as more fully discussed below with reference to FIGS. 7 and 8. Digitally secured information refers to any protected information (e.g., user accounts, addresses, or other data). In an exemplary embodiment, the digitally secured information resides on a subscriber server).
Therefore it would have been obvious to a person of ordinary skill in the art before the effective filing date of the application to Incorporate the teachings of Lundy into the system of Queralt to include a mobile device in proximity to the user while attempting to acquire access at the user interface, the server may authenticate the mobile device and utilize the authentication as user validation (see Lundy col. 3, lines 28-31).
8. Claims 6-8 are rejected under 35 U.S.C. 103 as being unpatentable over Queralt et al. US Patent Application Publication No. 2018/0097640 (hereinafter Queralt) in view of Lundy et al. US Patent No. 8,896,416 (hereinafter Lundy) further in view of Marquardt US Patent Application Publication No. 2017/0118648 (hereinafter Marquardt).
Regarding claim 6, Queralt in view of Lundy discloses the device of claim 1,
Queralt in view of Lundy does not explicitly discloses the backend device of claim 1, wherein the authentication system comprises an authentication management system and a provider-based authentication system, wherein the provider-based authentication system corresponds to a particular network carrier, and wherein the provider-based authentication system is configured to provide mobile or user identity verification via authentication of subscriber accounts or subscriber identity modules (SIMs).
However, in analogues art, Marquardt discloses wherein the authentication system comprises an authentication management system and a provider-based authentication system, wherein the provider-based authentication system corresponds to a particular network carrier, and wherein the provider-based authentication system is configured to provide mobile or user identity verification via authentication of subscriber accounts or subscriber identity modules (SIMs) (see Marquardt par. 0013, Removable SIM technology has set the standard for the development of mobile telephony subscriber identity management techniques over the past 25 years. SIM cards allow mobile network operators to authenticate a subscriber using a secure token that is stored in an integrated circuit (IC) on a small and inexpensive card that can be easily distributed to subscribers. SIM cards also provide subscribers with a means for preserving their identity and other personal information across devices or while upgrading handset technology. SIM cards additionally allow device manufacturers to market a single device to different markets around the world by providing a mechanism for abstracting subscriber and carrier information from the device itself).
Therefore it would have been obvious to a person of ordinary skill in the art before the effective filing date of the application to Incorporate the teachings of Marquardt into the system of Queralt and Lundy to include a subscriber identity module (SIM) card to facilitate communication with a communication network via a subscription for the designated voice or data subscription of the wireless device (see Marquardt par. 0003).
Regarding claim 7, Queralt in view of Lundy in further view of Marquardt discloses the device of claim 6,
Marquardt further discloses wherein the authentication management system is associated with a plurality of provider-based authentication systems corresponding to different network carriers (see Marquardt par. 0021, benefits include transferability of SIM cards between different mobile devices and the ability to use different mobile network accounts with a single device. Accordingly, wireless communication network carriers and mobile device manufacturers have continued to utilize legacy SIM formats).
Therefore it would have been obvious to a person of ordinary skill in the art before the effective filing date of the application to Incorporate the teachings of Marquardt into the system of Queralt and Lundy to include a subscriber identity module (SIM) card to facilitate communication with a communication network via a subscription for the designated voice or data subscription of the wireless device (see Marquardt par. 0003).
Regarding claim 8, Queralt in view of Lundy in further view of Marquardt discloses the device of claim 6,
Queralt further discloses wherein the device is provided or operated by a third-party entity different from entities that provide or operate the provider-based authentication system and the user validation system (see Queralt pars. 0003-0007, There has been a host of other approaches to user authentication including the use of imaging software to visually identify if the person opening the computer, or the use of biometrics to identify a person (e.g., finger print, eye scan, etc.). When there is a need for strongly vetted credentials, Public Key Infrastructure (PKI) has been effectively used When there is a need for strongly vetted credentials, Public Key Infrastructure (PKI) has been effectively used. Digital “identities” issued by trusted third parties that identify users and machines. They may be securely stored in wallets or in directories.).
9. Claim 9 is rejected under 35 U.S.C. 103 as being unpatentable over Queralt et al. US Patent Application Publication No. 2018/0097640 (hereinafter Queralt) in view of Lundy et al. US Patent No. 8,896,416 (hereinafter Lundy) further in view of Grigg et al US Patent Application Publication No. 2016/0173478 (hereinafter Grigg).
Regarding claim 9, Queralt in view of Lundy discloses the device of claim 1,
Queralt in view of Lundy does not explicitly discloses wherein the access information comprises a quick response (QR) code, and wherein the mobile device utilizes the access information by scanning the QR code.
However, in analogues art, Grigg discloses wherein the access information comprises a quick response (QR) code, and wherein the mobile device utilizes the access information by scanning the QR code (see Grigg par. 0052, the user may provide a request to access the framework application in response to scanning visual indicia (e.g. barcode, Quick Response (QR) code, hologram, and the like) associated with the framework application).
Therefore it would have been obvious to a person of ordinary skill in the art before the effective filing date of the application to Incorporate the teachings of Grigg into the system of Queralt and Lundy for a user to provide a request to access the non-framework application in response to scanning visual indicia (e.g. barcode, Quick Response (QR) code, hologram, and the like) associated with the non-framework application. (see Grigg par. 0069).
Conclusion
10. The prior art made of record and not relied upon is considered pertinent to applicant's disclosure.
Ahmed (US 8,347,093 B1): discloses Aspects of the invention pertain to preserving the privacy of users in on-line systems while also enabling verification that the users are who they purport to be. Confidential personal information may be communicated from a user to a trusted third party via a web-based application or other service. However, the personal information is encrypted so that the application or service is unable to access it. The trusted third party accesses the personal information and uses it to verify that a user ID such as an email address is associated with a particular user. This information is provided to the web-based application or service to certify the identity of the user. As a result, the application or server verifies to other users that the certified user is who he/she purports to be.
Any inquiry concerning this communication or earlier communications from the examiner should be directed to SAMUEL AMBAYE whose telephone number is (571)270-7635. The examiner can normally be reached M-F 9:00 AM - 6:00 PM.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Jeffrey Pwu can be reached at (571) 272-6798. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. Visit https://www.uspto.gov/patents/apply/patent-center for more information about Patent Center and https://www.uspto.gov/patents/docx for information about filing in DOCX format. For additional questions, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.
/SAMUEL AMBAYE/Examiner, Art Unit 2433
/JEFFREY C PWU/Supervisory Patent Examiner, Art Unit 2433