SYSTEM OF DEVICE AUTHENTICATION

§102 §103 §112

Notice of Pre-AIA or AIA Status The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA . Examiner’s Remark At the time of writing of the instant action, the Examiner is aware of potential avenues for advancing prosecution and encourages Applicant to contact the Examiner to advance prosecution. Claim Objections Claims 19 and 20 are objected to because of the following informalities: Claim 19 recites “utilise” and should be replaced with “utilize”. Claim 20 recites “authorise” and “authorised”, and should be replaced with “authorize” and “authorized”. Appropriate correction is required. Claim Rejections - 35 USC § 112 The following is a quotation of 35 U.S.C. 112(b): (B) CONCLUSION.—The specification shall conclude with one or more claims particularly pointing out and distinctly claiming the subject matter which the inventor or a joint inventor regards as the invention. The following is a quotation of 35 U.S.C. 112 (pre-AIA ), second paragraph: The specification shall conclude with one or more claims particularly pointing out and distinctly claiming the subject matter which the applicant regards as his invention. Claims 19, 21, 22 and 25-37 are rejected under 35 U.S.C. 112(b) or 35 U.S.C. 112 (pre-AIA ), second paragraph, as being indefinite for failing to particularly point out and distinctly claim the subject matter which the inventor or a joint inventor, or for pre-AIA the applicant regards as the invention. Claim 19 recites “a login sequence on a second digital device” (emphasis added by the Examiner) and it is unclear as to whether the recited login sequence is referring to the previously recited login sequence or a distinct login sequence; when a claim is amenable to two or plausible claim constructions, the claim is indefinite for failing to particularly point out and distinctly claim the subject matter the Applicant considers to be the invention. Ex parte Miyazaki, 89 USPQ2d 1207, 1215 (BPAI 2008) (precedential). Claim 19 recites “account use for the user is enabled on the second digital device” (emphasis added by the Examiner) and it is unclear as to whether the language is referring to the previously recited account or a distinct account; when a claim is amenable to two or plausible claim constructions, the claim is indefinite for failing to particularly point out and distinctly claim the subject matter the Applicant considers to be the invention. Ex parte Miyazaki, 89 USPQ2d 1207, 1215 (BPAI 2008) (precedential). Claim 19 recites “the user communicating agreement or otherwise” and “if the user communicates agreement” (emphasis added by the Examiner) and it is unclear as to whether the language is referring to the previously recited agreement or whether the recited agreements are distinct; when a claim is amenable to two or plausible claim constructions, the claim is indefinite for failing to particularly point out and distinctly claim the subject matter the Applicant considers to be the invention. Ex parte Miyazaki, 89 USPQ2d 1207, 1215 (BPAI 2008) (precedential). Claim 28 recites “authenticating the second device to the same level as the first device subject to a confirmation step” (emphasis added by the Examiner) and lacks explicit antecedent basis. Claim 28 recites “authenticating the second device to the same level as the first device subject to a confirmation step” (emphasis added by the Examiner) and it is unclear as to the metes and bounds of the authentication level being “the same”. Claims 30, 32 & 33 each recite “the form” and each recitation lacks antecedent basis. Claim 34 recites: “and the identifier on the first device.” (emphasis added by the Examiner) and lacks explicit antecedent basis. Claim 34 recites: “and the identifier on the first device.” (emphasis added by the Examiner) and it is unclear as to whether such language is referring to the identifier from the identifier communicated by the server or a distinct identifier; when a claim is amenable to two or plausible claim constructions, the claim is indefinite for failing to particularly point out and distinctly claim the subject matter the Applicant considers to be the invention. Ex parte Miyazaki, 89 USPQ2d 1207, 1215 (BPAI 2008) (precedential). Claim 36 recites “the identifier” and it is unclear as to which identifier is being explicitly referenced as the claims recite numerous identifiers. When a claim is amenable to two or plausible claim constructions, the claim is indefinite for failing to particularly point out and distinctly claim the subject matter the Applicant considers to be the invention. Ex parte Miyazaki, 89 USPQ2d 1207, 1215 (BPAI 2008) (precedential). Any claim not specifically addressed above is being rejected as incorporating the deficiencies of a claim upon which it depends. In the event the determination of the status of the application as subject to AIA 35 U.S.C. 102 and 103 (or as subject to pre-AIA 35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status. Claim Rejections - 35 USC § 102 The following is a quotation of the appropriate paragraphs of 35 U.S.C. 102 that form the basis for the rejections under this section made in this Office action: A person shall be entitled to a patent unless – (a)(2) the claimed invention was described in a patent issued under section 151, or in an application for patent published or deemed published under section 122(b), in which the patent or application, as the case may be, names another inventor and was effectively filed before the effective filing date of the claimed invention. Claims 28-32 are rejected under 35 U.S.C. 102(a)(2) as being anticipated by Chang et al (U.S. Pat 10205718 B1), hereinafter referred to as Chang. Re claim 28: Chang teaches in an environment where a first device may communicate with a server subject to authentication of the device with respect to the server, a method of authenticating a second device with respect to the server; said method comprising: a. On request, the server communicating an identifier to the second device and the first device; b. Authenticating the second device to the same level as the first device subject to a confirmation step (Fig 2; col 8, lines 20-49; Fig 3; col 9, lines 51-65). Re claim 29: Chang teaches communication with the server by the first device comprises a login sequence (col 1, line 65 – col 2, line 11; col 4, lines 26-40; col 5, line 56 – col 7, line 48). Re claim 30: Chang teaches communication with the server by the first device comprises a login sequence in the form of communication of a username to the server (col 1, line 65 – col 2, line 11; col 4, lines 26-40; col 5, line 56 – col 7, line 48). Re claim 31: Chang teaches communication with the server by the first device comprises a login sequence followed by an authentication sequence (col 1, line 65 – col 2, line 11; col 4, lines 26-40; col 5, line 56 – col 7, line 48). Re claim 32: Chang teaches communication with the server by the first device comprises a login sequence followed by an authentication sequence; the authentication sequence in the form of a password (col 1, line 65 – col 2, line 11; col 4, lines 26-40; col 5, line 56 – col 7, line 48). Claim Rejections - 35 USC § 103 The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action: A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102 of this title, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made. Claims 19-26 are rejected under 35 U.S.C. 103 as being unpatentable over Straub et al (U.S. Pat Ap Pub 2016/0134488 A1), hereinafter referred to as Straub, in view of McDowell et al (U.S. Pat App Pub 2009/0260064 A1), hereinafter referred to as McDowell, in further view of Allinson et al (U.S. Pat App Pub 2016/0285633 A1), hereinafter referred to as Allinson. Re claim 19: Straub teaches a method of authenticating a user with respect to more than one digital device; said user having an account on a server; said method comprising: a. the user effecting a login sequence and an authenticating sequence on a first digital device as referenced and recorded on the server thereby to authenticate the user with respect to the first digital device; b. the user subsequently effecting a login sequence on a second digital device; the second digital device communicating the user login sequence to the server; c. the server communicating an option to the second digital device to utilise the first digital device to effect authentication of the user with respect to the second digital device; d. on receipt of a request from the second digital device to effect authentication by use of the first digital device: i. the server issuing a temporary unique ID to the second digital device; ii. the server sending an authentication request to the first digital device; iii. the authentication request including transmission of the temporary unique ID issued to the second digital device; iv. communicating the temporary unique ID from the first digital device to the user thereby to permit the user to determine whether to agree to the authentication request; v. the user communicating agreement or otherwise by communication effected from the first digital device to the server, vi. if the user communicates agreement then account use for the user is enabled on the second digital device (Fig 2: ¶35-¶46; Fig 3: ¶47-¶55; Fig 4A-4B; ¶56-¶81). McDowell teaches the server communicating an option to the second digital device to utilise the first digital device to effect authentication of the user with respect to the second digital device (Figs 3 & 4; ¶34-¶37; ¶39; ¶42; ¶45; ¶47-¶52); iv. communicating the temporary unique ID from the first digital device to the user thereby to permit the user to determine whether to agree to the authentication request; v. the user communicating agreement or otherwise by communication effected from the first digital device to the server, vi. if the user communicates agreement then account use for the user is enabled on the second digital device (Figs 3 & 4; ¶34-¶37; ¶39; ¶42; ¶45; ¶47-¶52; the Examiner notes the extensive conditional language and intended use which may lack patentable weight). It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to have modified the teachings of Straub with the teachings of McDowell, for the purpose of enhancing security via re-authentication of user credentials on an unregistered device corresponding to a registered device previously logged-in by the same user; doing so prevents unauthorized transactions from unknown devices. Allinson explicitly teaches iv. communicating the temporary unique ID from the first digital device to the user thereby to permit the user to determine whether to agree to the authentication request; v. the user communicating agreement or otherwise by communication effected from the first digital device to the server, vi. if the user communicates agreement then account use for the user is enabled on the second digital device (¶4; Fig 4; ¶48; Figs 5A, 5B, 6A & 6B; ¶52-¶53; ¶59-¶62; Fig 8; ¶69). It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to have modified the teachings of Straub and McDowell with the teachings of Allinson, for the purpose of preventing a user’s account from being hacked and to provide seamless access to services from multiple devices; such rationale is explicitly taught by Allinson, ¶1. Re claim 20: Straub teaches a method of authenticating a user session instigated by a user on a digital device with respect to a given user login identity on a server; said method comprising: a. authenticating a first digital device for a first user login identity as recorded on the server; b. thereby to commit transfer of protected data between the first digital device and the server; c. subsequently authenticating a second digital device for said first user login identity as recorded on said server by the steps of: d. said user entering said first user login identity on said second digital device; e. said second digital device being issued by said server with a temporary identifier in response to said user entering said first user login identity on said second digital device; f. said server then transmitting said temporary identifier to said first digital device for communication to said user by said first digital device; g. said user responding to said communication of said temporary identifier to said user by said first digital device by causing said first digital device to communicate and authorise said second digital device command to said server if a response condition is satisfied; whereby said first user login identity is authorised for said second digital device; and wherein: h. if the user communicates agreement then account use for the user is enabled on the second digital device (Fig 2: ¶35-¶46; Fig 3: ¶47-¶55; Fig 4A-4B; ¶56-¶81). McDowell teaches: e. said second digital device being issued by said server with a temporary identifier in response to said user entering said first user login identity on said second digital device; f. said server then transmitting said temporary identifier to said first digital device for communication to said user by said first digital device; g. said user responding to said communication of said temporary identifier to said user by said first digital device by causing said first digital device to communicate (Figs 3 & 4; ¶34-¶37; ¶39; ¶42; ¶45; ¶47-¶52) and authorise said second digital device command to said server if a response condition is satisfied; whereby said first user login identity is authorised for said second digital device (Figs 3 & 4; ¶34-¶37; ¶39; ¶42; ¶45; ¶47-¶52; the Examiner notes the extensive conditional language and intended use which may lack patentable weight). It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to have modified the teachings of Straub with the teachings of McDowell, for the purpose of enhancing security via re-authentication of user credentials on an unregistered device corresponding to a registered device previously logged-in by the same user; doing so prevents unauthorized transactions from unknown devices. Allinson explicitly teaches h. if the user communicates agreement then account use for the user is enabled on the second digital device (¶4; Fig 4; ¶48; Figs 5A, 5B, 6A & 6B; ¶52-¶53; ¶59-¶62; Fig 8; ¶69). It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to have modified the teachings of Straub and McDowell with the teachings of Allinson, for the purpose of preventing a user’s account from being hacked and to provide seamless access to services from multiple devices; such rationale is explicitly taught by Allinson, ¶1. Re claim 21: The combination of Straub, McDowell and Allinson teaches said response condition is a positive comparison of the temporary identifier communicated by said first digital device with the temporary identifier communicated to said second digital device by said server (Straub: Fig 2: ¶35-¶46; Fig 3: ¶47-¶55; Fig 4A-4B; ¶56-¶81; Allinson: ¶4; Fig 4; ¶48; Figs 5A, 5B, 6A & 6B; ¶52-¶53; ¶59-¶62; Fig 8; ¶69). Re claim 22: The combination of Straub, McDowell and Allinson teaches the temporary identifier is an alphanumeric sequence (Straub: Fig 2: ¶35-¶46; Fig 3: ¶47-¶55; Fig 4A-4B; ¶56-¶81; Allinson: ¶4; Fig 4; ¶48; Figs 5A, 5B, 6A & 6B; ¶52-¶53; ¶59-¶62; Fig 8; ¶69). Re claim 23: The combination of Straub, McDowell and Allinson teaches protected data is data stored with respect to said first user login on said server (Straub: Fig 2: ¶35-¶46; Fig 3: ¶47-¶55; Fig 4A-4B; ¶56-¶81; McDowell: Figs 3 & 4; ¶34-¶37; ¶39; ¶42; ¶45; ¶47-¶52; Allinson: ¶4; Fig 4; ¶48; Figs 5A, 5B, 6A & 6B; ¶52-¶53; ¶59-¶62; Fig 8; ¶69). Re claim 24: The combination of Straub, McDowell and Allinson teaches protected data is application data stored with respect to said first user login on said server (Straub: Fig 2: ¶35-¶46; Fig 3: ¶47-¶55; Fig 4A-4B; ¶56-¶81; McDowell: Figs 3 & 4; ¶34-¶37; ¶39; ¶42; ¶45; ¶47-¶52; Allinson: ¶4; Fig 4; ¶48; Figs 5A, 5B, 6A & 6B; ¶52-¶53; ¶59-¶62; Fig 8; ¶69). Re claim 25: The combination of Straub, McDowell and Allinson teaches authentication of said first digital device is effected by entry of a user login identifier and separate authenticating data into said first digital device (Straub: Fig 2: ¶35-¶46; Fig 3: ¶47-¶55; Fig 4A-4B; ¶56-¶81; McDowell: Figs 3 & 4; ¶34-¶37; ¶39; ¶42; ¶45; ¶47-¶52; Allinson: ¶4; Fig 4; ¶48; Figs 5A, 5B, 6A & 6B; ¶52-¶53; ¶59-¶62; Fig 8; ¶69). Re claim 26: The combination of Straub, McDowell and Allinson teaches said separate authenticating data is a password (Straub: Fig 2: ¶35-¶46; Fig 3: ¶47-¶55; Fig 4A-4B; ¶56-¶81; McDowell: Figs 3 & 4; ¶34-¶37; ¶39; ¶42; ¶45; ¶47-¶52; Allinson: ¶4; Fig 4; ¶48; Figs 5A, 5B, 6A & 6B; ¶52-¶53; ¶59-¶62; Fig 8; ¶69). Claim 27 is rejected under 35 U.S.C. 103 as being unpatentable over Straub et al (U.S. Pat Ap Pub 2016/0134488 A1), hereinafter referred to as Straub, McDowell et al (U.S. Pat App Pub 2009/0260064 A1), hereinafter referred to as McDowell, and Allinson et al (U.S. Pat App Pub 2016/0285633 A1), hereinafter referred to as Allinson, in further view of Neuman et al (U.S. Pat App Pub 2013/0263211 A1), hereinafter referred to as Neuman. Re claim 27: The combination of Straub, McDowell and Allinson teaches all the limitations of claim 25 as previously stated. Neuman teaches said separate authenticating data is biometric data (¶18; ¶51; ¶66; ¶77; ¶101-¶102; ¶148). It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to have modified the teachings of Straub, McDowell and Allinson with the teachings of Neuman, for the purpose of providing predictable variations in the art of credential authentication where biometric authentication yields the predictable result of enhanced authentication versus otp/password authentication Claim 33 is rejected under 35 U.S.C. 103 as being unpatentable over Chang et al (u.S. Pat 10205718 B1), hereinafter referred to as Chang, in view of Zhang (U.S. Pat App Pub 2014/0033286 A1), hereinafter referred to as Zhang. Re claim 33: Chang teaches all the limitations of claim 28 as previously stated. Zhang teaches communication with the server by the first device comprises a login sequence followed by an authentication sequence; the authentication sequence in the form of a temporary unique ID (Fig 5; ¶111-¶119). It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to have modified the teachings of Chang with the teachings of Zhang, for the purpose of providing predictable variations in the art of user authentication via the use of unique identifiers associated with user authentication information. Claims 34-37 are rejected under 35 U.S.C. 103 as being unpatentable over Chang et al (u.S. Pat 10205718 B1), hereinafter referred to as Chang, in view of Wu et al (U.S. Pat 9323916 B1), hereinafter referred to as Wu. Re claim 34: Chang teaches all the limitations of claim 28 as previously stated. Wu teaches the confirmation step comprises comparing the identifier on the second device and the identifier on the first device (col 4, line 33 – col 5, line 6; page 9, claim 1). It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to have modified the teachings of Chang with the teachings of Zhang, for the purpose of providing predictable variations in the art of access control by preventing an unintended third party outside of a physical location from gaining unauthorized access to content via an unauthorized device; such rationale is taught by Wu: col 6, line 63 – col 7, line 12. Re claim 35: Chang teaches all the limitations of claim 28 as previously stated. Wu teaches the confirmation step is effected if, and only if, the identifier on the second device matches with the identifier on the first device (col 4, line 33 – col 5, line 6; page 9, claim 1). It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to have modified the teachings of Chang with the teachings of Wu, for the purpose of providing predictable variations in the art of access control by preventing an unintended third party outside of a physical location from gaining unauthorized access to content via an unauthorized device; such rationale is taught by Wu: col 6, line 63 – col 7, line 12. Re claim 36: The combination of Chang and Wu teaches the identifier is an alpha-numeric sequence (Wu: col 4, line 33 – col 5, line 6; page 9, claim 1). Re claim 37: Chang teaches all the limitations of claim 28 as previously stated. Wu teaches the authenticating the second device is established for a single session (col 4, line 33 – col 5, line 6; page 9, claim 1). It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to have modified the teachings of Chang with the teachings of Wu, for the purpose of providing predictable variations in the art of access control by preventing an unintended third party outside of a physical location from gaining unauthorized access to content via an unauthorized device; such rationale is taught by Wu: col 6, line 63 – col 7, line 12. Conclusion Examiner's Note: The Examiner identified and designated “the particular part[s] [of the references] relied on” as provided in 37 C.F.R § 1.104(c)(2). A reference is not limited to the disclosure of specific working examples. In re Mills, 470 F.2d 649, 651 (CCPA 1972); In re Fracalossi, 681 F.2d 792, 794 n.1 (CCPA 1982) (A prior art reference’s disclosure is not limited to its examples.). Nor do disclosed examples teach away from a reference’s broader disclosure. In re Susi, 440 F.2d 442, 446 n.3 (CCPA 1971); In re Boe, 355 F.2d 961, 965 (CCPA 1966) (All of the disclosures in a prior art reference “must be evaluated for what they fairly teach one of ordinary skill in the art.”). “The prima facie case is merely a procedural device that enables an appropriate shift of the burden of production.” Hyatt v. Dudas, 492 F.3d. 1365, 1369 (Fed. Cir. 2007) (citing In re Oetiker, 977 F.2d 1443, 1445 (Fed. Cir. 1992)). The court has, thus, held that the USPTO carries its procedural burden of establishing a prima facie case when its rejection satisfies the requirements of 35 U.S.C. § 132 by notifying the applicant of the reasons for rejection, “together with such information and references as may be useful in judging of the propriety of continuing the prosecution of [the] application.” See In re Jung, 637 F.3d 1356, 1362 (Fed. Cir. 2011). MPEP 2123 [R – 08.2012] states: "The use of patents as references is not limited to what the patentees describe as their own inventions or to the problems with which they are concerned. They are part of the literature of the art, relevant for all they contain." In re Heck, 699 F.2d 1331, 1332-33, 216 USPQ 1038, 1039 (Fed. Cir. 1983) (quoting In re Lemelson, 397 F.2d 1006, 1009, 158 USPQ 275, 277 (CCPA 1968)). PNG media_image1.png 18 19 media_image1.png Greyscale A reference may be relied upon for all that it would have reasonably suggested to one having ordinary skill the art, including nonpreferred embodiments. Merck & Co. v. Biocraft Laboratories, 874 F.2d 804, 10 USPQ2d 1843 (Fed. Cir.), cert. denied, 493 U.S. 975 (1989). See also Upsher-Smith Labs. v. Pamlab, LLC, 412 F.3d 1319, 1323, 75 USPQ2d 1213, 1215 (Fed. Cir. 2005) (reference disclosing optional inclusion of a particular component teaches compositions that both do and do not contain that component); Celeritas Technologies Ltd. v. Rockwell International Corp., 150 F.3d 1354, 1361, 47 USPQ2d 1516, 1522-23 (Fed. Cir. 1998) (The court held that the prior art anticipated the claims even though it taught away from the claimed invention. "The fact that a modem with a single carrier data signal is shown to be less than optimal does not vitiate the fact that it is disclosed."). In the case of amending the claimed invention, Applicant is respectfully requested to indicate the portion(s) of the specification which dictate(s) the structure relied on for proper interpretation and also to verify and ascertain the metes and bounds of the claimed invention. See: Ralston Purina Co. v. FarMar-Co, Inc., 772 F.2d 1570, 1575 (Fed. Cir. 1985), In re Kaslow, 707 F.2d 1366, 1375 (Fed. Cir. 1983), Ariad Pharmaceuticals, Inc. v. Eli Lilly and Co., 598 F.3d 1336, 1352 (Fed. Cir. 2010), Purdue Pharma L.P. v. Faulding, Inc., 230 F.3d 1320, 1323 (Fed. Cir. 2000), Vas-Cath Inc. v. Mahurkar, 935 F.2d 1555, 1560 (Fed. Cir. 1991) and TurboCare Div. of Demag Delavel Turbomachinery Corp. v. Gen. Elec. Co., 264 F.3d 1111, 1118 (Fed. Cir. 2001) The prior art made of record and not relied upon is considered pertinent to applicant's disclosure. See PTOL-892. Any inquiry concerning this communication or earlier communications from the examiner should be directed to DARREN B SCHWARTZ whose telephone number is (571)270-3850. The examiner can normally be reached 9am-7pm EST, Monday-Thursday, 9am-5pm EST, Friday. Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice. If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Joseph P Hirl can be reached at (571)272-3685. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300. Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. Visit https://www.uspto.gov/patents/apply/patent-center for more information about Patent Center and https://www.uspto.gov/patents/docx for information about filing in DOCX format. For additional questions, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000. /DARREN B SCHWARTZ/ Primary Examiner, Art Unit 2435