Prosecution Insights
Last updated: July 17, 2026
Application No. 19/216,408

ONE TIME VOICE PASSPHRASE TO PROTECT AGAINST MAN-IN-THE-MIDDLE ATTACK

Non-Final OA §103
Filed
May 22, 2025
Priority
May 23, 2024 — provisional 63/650,979
Examiner
DEBNATH, SUMAN
Art Unit
Tech Center
Assignee
Pindrop Security Inc.
OA Round
1 (Non-Final)
75%
Grant Probability
Favorable
1-2
OA Rounds
2y 11m
Est. Remaining
99%
With Interview

Examiner Intelligence

Grants 75% — above average
75%
Career Allowance Rate
310 granted / 413 resolved
+15.1% vs TC avg
Strong +33% interview lift
Without
With
+33.0%
Interview Lift
resolved cases with interview
Typical timeline
4y 0m
Avg Prosecution
9 currently pending
Career history
424
Total Applications
across all art units

Statute-Specific Performance

§101
1.2%
-38.8% vs TC avg
§103
84.8%
+44.8% vs TC avg
§102
11.9%
-28.1% vs TC avg
§112
1.5%
-38.5% vs TC avg
Black line = Tech Center average estimate • Based on career data from 413 resolved cases

Office Action

§103
DETAILED ACTION Notice of Pre-AIA or AIA Status The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA . Claims 1-20 are pending in this application. Information Disclosure Statement The information disclosure statement (IDS) submitted on 07/25/2025. The submission is in compliance with the provisions of 37 CFR 1.97. Accordingly, the information disclosure statement is being considered by the examiner. Double Patenting The nonstatutory double patenting rejection is based on a judicially created doctrine grounded in public policy (a policy reflected in the statute) so as to prevent the unjustified or improper timewise extension of the “right to exclude” granted by a patent and to prevent possible harassment by multiple assignees. A nonstatutory double patenting rejection is appropriate where the conflicting claims are not identical, but at least one examined application claim is not patentably distinct from the reference claim(s) because the examined application claim is either anticipated by, or would have been obvious over, the reference claim(s). See, e.g., In re Berg, 140 F.3d 1428, 46 USPQ2d 1226 (Fed. Cir. 1998); In re Goodman, 11 F.3d 1046, 29 USPQ2d 2010 (Fed. Cir. 1993); In re Longi, 759 F.2d 887, 225 USPQ 645 (Fed. Cir. 1985); In re Van Ornum, 686 F.2d 937, 214 USPQ 761 (CCPA 1982); In re Vogel, 422 F.2d 438, 164 USPQ 619 (CCPA 1970); In re Thorington, 418 F.2d 528, 163 USPQ 644 (CCPA 1969). A timely filed terminal disclaimer in compliance with 37 CFR 1.321(c) or 1.321(d) may be used to overcome an actual or provisional rejection based on nonstatutory double patenting provided the reference application or patent either is shown to be commonly owned with the examined application, or claims an invention made as a result of activities undertaken within the scope of a joint research agreement. See MPEP § 717.02 for applications subject to examination under the first inventor to file provisions of the AIA as explained in MPEP § 2159. See MPEP § 2146 et seq. for applications not subject to examination under the first inventor to file provisions of the AIA . A terminal disclaimer must be signed in compliance with 37 CFR 1.321(b). The filing of a terminal disclaimer by itself is not a complete reply to a nonstatutory double patenting (NSDP) rejection. A complete reply requires that the terminal disclaimer be accompanied by a reply requesting reconsideration of the prior Office action. Even where the NSDP rejection is provisional the reply must be complete. See MPEP § 804, subsection I.B.1. For a reply to a non-final Office action, see 37 CFR 1.111(a). For a reply to final Office action, see 37 CFR 1.113(c). A request for reconsideration while not provided for in 37 CFR 1.113(c) may be filed after final for consideration. See MPEP §§ 706.07(e) and 714.13. The USPTO Internet website contains terminal disclaimer forms which may be used. Please visit www.uspto.gov/patent/patents-forms. The actual filing date of the application in which the form is filed determines what form (e.g., PTO/SB/25, PTO/SB/26, PTO/AIA /25, or PTO/AIA /26) should be used. A web-based eTerminal Disclaimer may be filled out completely online using web-screens. An eTerminal Disclaimer that meets all requirements is auto-processed and approved immediately upon submission. For more information about eTerminal Disclaimers, refer to www.uspto.gov/patents/apply/applying-online/eterminal-disclaimer. Claims 1-3, 5, 7-13, 15 and 17-20 are provisionally rejected on the ground of nonstatutory double patenting as being unpatentable over claims 1-2, 4-5, 7-12, 14-15 and 17-20 of copending Application No. 19/216, 344, (reference application). Although the claims at issue are not identical, they are not patentably distinct from each other because 1-2, 4-5, 7-12, 14-15 and 17-20 of copending Application No. 19/216, 344 contains every element of claims 1-3, 5, 7-13, 15 and 17-20 of the instant application and thus anticipate the clams of the instant application (see Claim Comparison Table below) Instant Application 19/216,408 Co-pending Application 19/216, 344 1. A computer-implemented method for authentication using one-time passwords (OTPs), the method comprising: receiving, by a computer, an OTP response from an inbound user device associated with an operation request, the OTP response having an inbound audio signal including a spoken audio response of an inbound user associated with the inbound user device; generating, by the computer, response content text based upon the spoken audio response of the inbound audio signal; extracting, by the computer, an inbound voiceprint using the inbound audio signal and representing the spoken audio response of the OTP response of the inbound user; generating, by the computer, a speaker recognition score based upon the inbound voiceprint and an enrolled voiceprint associated with an enrolled user; generating, by the computer, a response content score based upon the response content text and OTP text of an OTP associated with the operation request; and authenticating, by the computer, the operation request based upon the speaker recognition score and the response content score. 1. A computer-implemented method for authentication using one-time passwords (OTPs), the method comprising: obtaining, by a computer, an operation request indicating an operation that originated at an inbound user device associated with an inbound user; generating, by the computer, an OTP for the operation request based upon operation information associated with the operation obtained from the inbound user device; generating, by the computer, an OTP prompt having text representing the OTP for display at a user interface of the inbound user device; transmitting, by the computer, an OTP request associated with the operation request to the inbound user device, the OTP request including the OTP prompt; generating, by the computer, a speaker recognition score based upon an inbound voiceprint extracted for an inbound audio signal representing a spoken audio response of an OTP response from the inbound user and an enrolled voiceprint associated with an enrolled user; and authenticating, by the computer, the operation request based upon the speaker recognition score and a content recognition score. 2. The method according to claim 1, further comprising: obtaining, by the computer, the operation request indicating an operation that originated at the inbound user device associated with the inbound user; generating, by the computer, the OTP text of the OTP for the operation request based upon operation information associated with the operation request; and generating, by the computer, an OTP prompt having the OTP text for display at a user interface of the inbound user device. 2. The method according to claim 1, further comprising determining, by the computer, that the operation request indicates a type of secure operation, wherein the computer generates the OTP in response to determining that the operation request indicates the type of secure operation. 3. The method according to claim 2, wherein the computer generates the OTP according to at least a portion of the operation information received from an agent device. 4. The method according to claim 1, wherein the computer generates the OTP according to at least a portion of the operation information received from an agent device. 5. The method according to claim 1, wherein generating the speaker recognition score includes: obtaining, by the computer, from a database the enrolled voiceprint for the enrolled user according to the operation request; and determining, by the computer, a distance as the speaker recognition score between the inbound voiceprint and the enrolled voiceprint. 10. The method according to claim 1, wherein generating the speaker recognition score includes determining, by the computer, a distance between the inbound voiceprint and the enrolled voiceprint. 7. The method according to claim 1, wherein generating the response content score includes: generating, by the computer, the response content text of the OTP response from the inbound user device by applying an automatic speech recognition (ASR) engine on the inbound audio signal; and comparing, by the computer, the response content score against a corresponding response OTP content threshold score. 5. The method according to claim 1, further comprising: generating, by the computer, response content text of the OTP response from the inbound user device by applying an automatic speech recognition (ASR) engine on the inbound audio signal; and generating, by the computer, a response content score based upon the text of the OTP and the response content text. 8. The method according to claim 1, further comprising: extracting, by the computer, one or more inbound fakeprints using a plurality of acoustic features the inbound audio signal of the OTP response of the inbound user; and generating, by the computer, one or more liveness scores for the operation request based upon the one or more inbound fakeprints and one or more enrolled fakeprints. 7. The method according to claim 1, further comprising: extracting, by the computer, one or more inbound fakeprints using a plurality acoustic features of the inbound audio signal; and generating, by the computer, one or more liveness scores for the operation request using one or more enrolled fakeprints. 9. The method according to claim 1, further comprising: extracting, by the computer, one or more fakeprints using metadata obtained in the OTP response from the inbound user device; and generating, by the computer, one or more liveness scores for the operation request using one or more enrolled fakeprints. 8. The method according to claim 1, further comprising: extracting, by the computer, one or more fakeprints using metadata obtained in the OTP response from the inbound user device; and generating, by the computer, one or more liveness scores for the operation request using one or more enrolled fakeprints. 10. The method according to claim 1, further comprising transmitting, by the computer, an authentication result based upon authenticating the operation request to an agent device. 9. The method according to claim 1, further comprising transmitting, by the computer, an authentication result based upon authenticating the operation request to an agent device. 11. A system for authentication using one-time passwords (OTPs), the system comprising: a computer comprising at least one processor, configured to: receive an OTP response from an inbound user device associated with an operation request, the OTP response having an inbound audio signal including a spoken audio response of an inbound user associated with the inbound user device; generate response content text based upon the spoken audio response of the inbound audio signal; extract an inbound voiceprint using the inbound audio signal and representing the spoken audio response of the OTP response of the inbound user; generate a speaker recognition score based upon the inbound voiceprint and an enrolled voiceprint associated with an enrolled user; generate a response content score based upon the response content text and OTP text of an OTP associated with the operation request; and authenticate the operation request based upon the speaker recognition score and the response content score. 11. A system for authentication using one-time passwords (OTPs), the system comprising: a computer comprising at least one processor, configured to: obtain an operation request indicating an operation that originated at an inbound user device associated with an inbound user; generate an OTP for the operation request based upon operation information associated with the operation obtained from the inbound user device; generate an OTP prompt having text representing the OTP for display at a user interface of the inbound user device; transmit an OTP request associated with the operation request to the inbound user device, the OTP request including the OTP prompt; generate a speaker recognition score based upon an inbound voiceprint extracted for an inbound audio signal representing a spoken audio response of an OTP response from the inbound user and an enrolled voiceprint associated with an enrolled user; and authenticate the operation request based upon the speaker recognition score and a content recognition score. 12. The system according to claim 11, wherein the computer is further configured to: obtain the operation request indicating an operation that originated at the inbound user device associated with the inbound user; generate the OTP text of the OTP for the operation request based upon operation information associated with the operation request; and generate an OTP prompt having the OTP text for display at a user interface of the inbound user device. 12. The system according to claim 11, wherein the computer is further configured to determine that the operation request indicates a type of secure operation, and wherein the computer generates the OTP in response to determining that the operation request indicates the type of secure operation. 13. The system according to claim 12, wherein the computer generates the OTP according to at least a portion of the operation information received from an agent device. 14. The system according to claim 11, wherein the computer generates the OTP according to at least a portion of the operation information received from an agent device. 15. The system according to claim 11, wherein when generating the speaker recognition score the computer is further configured to: obtain from a database the enrolled voiceprint for the enrolled user according to the operation request; and determine a distance as the speaker recognition score between the inbound voiceprint and the enrolled voiceprint. 20. The system according to claim 11, wherein generating the speaker recognition score the computer is further configured to determine a distance between the inbound voiceprint and the enrolled voiceprint. 17. The system according to claim 11, wherein when generating the response content score the computer is further configured to: generate the response content text of the OTP response from the inbound user device by applying an automatic speech recognition (ASR) engine on the inbound audio signal; and compare the response content score against a corresponding response OTP content threshold score. 15. The system according to claim 11, wherein the computer is further configured to: generate response content text of the OTP response from the inbound user device by applying an automatic speech recognition (ASR) engine on the inbound audio signal; and generate a response content score based upon the text of the OTP and the response content text. 18. The system according to claim 11, wherein the computer is further configured to: extract one or more inbound fakeprints using a plurality of acoustic features the inbound audio signal of the OTP response of the inbound user; and generate one or more liveness scores for the operation request based upon the one or more inbound fakeprints and one or more enrolled fakeprints. 17. The system according to claim 11, wherein the computer is further configured to: extract one or more inbound fakeprints using a plurality acoustic features of the inbound audio signal; and generate one or more liveness scores for the operation request using one or more enrolled fakeprints. 19. The system according to claim 11, wherein the computer is further configured to: extract one or more fakeprints using metadata obtained in the OTP response from the inbound user device; and generate one or more liveness scores for the operation request using one or more enrolled fakeprints. 18. The system according to claim 11, wherein the computer is further configured to: extract one or more fakeprints using metadata obtained in the OTP response from the inbound user device; and generate one or more liveness scores for the operation request using one or more enrolled fakeprints. 20. The system according to claim 11, wherein the computer is further configured to transmit an authentication result based upon authenticating the operation request to an agent device. 19. The system according to claim 11, wherein the computer is further configured to transmit an authentication result based upon authenticating the operation request to an agent device. This is a provisional nonstatutory double patenting rejection because the patentably indistinct claims have not in fact been patented. In the event the determination of the status of the application as subject to AIA 35 U.S.C. 102 and 103 (or as subject to pre-AIA 35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis (i.e., changing from AIA to pre-AIA ) for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status. Claim Rejections - 35 USC § 103 The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action: A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made. The factual inquiries for establishing a background for determining obviousness under 35 U.S.C. 103 are summarized as follows: 1. Determining the scope and contents of the prior art. 2. Ascertaining the differences between the prior art and the claims at issue. 3. Resolving the level of ordinary skill in the pertinent art. 4. Considering objective evidence present in the application indicating obviousness or nonobviousness. Claims 1, 4-8, 11, 14-18 are rejected under 35 U.S.C. 103 as being unpatentable over Tolba et al. (US 8,862,888 B2) (hereinafter, “Tolba”) in view of Skerpac (US 2013/0132091 A1). As to claim 1, Tolba discloses a computer-implemented method for authentication using one-time passwords (OTPs), the method comprising: receiving, by a computer, an OTP response from an inbound user device associated with an operation request, the OTP response having an inbound audio signal including a spoken audio response of an inbound user associated with the inbound user device (“In accordance with various implementations of the present systems and methods, upon decryption of the OTP and its display by the user's mobile device, the user reads the OTP into the microphone of his computer. The server of the site being accessed receives this spoken OTP (one time password). The password is authenticated and voice recognition is used to further authenticate the user to access the site.” -e.g., see, col. 3, lines 4-19; see also: “The spoken OTP transmitted by the user's computing device is received at 222, such by the server associated with the site being accessed. At 224, the server, or an associated, dedicated voice recognition server, recognizes the user's voice and the OTP to authenticate the user to access the site using the user's computing device and/or the user's mobile device.” -e.g., see, col. 5, lines 23-43; herein, the server/computer receives the spoken OTP audio response (the inbound audio signal containing the spoken audio response) from the user’s device as part of authenticating the operation/request); … extracting, by the computer, an inbound voiceprint using the inbound audio signal and representing the spoken audio response of the OTP response of the inbound user (“At 224, the server, or an associated, dedicated voice recognition server, recognizes the user's voice and the OTP to authenticate the user to access the site using the user's computing device and/or the user's mobile device. This recognition of the user's voice at 224 may employ any number of biometric voice recognition techniques. For example, feature extraction is the processing of the raw speech data resulting in representative voice features, which contain information of the physiological characteristics of the user.” -e.g., see, col. 5, lines 23-43; see also: “SBVS 104 generates, trains, and updates the user's unique set of speech models (the user's voiceprint), stores the speech model securely in a database, and performs the matching process to authenticate a user.” -e.g., see, col. 4, lines 12-23; herein, Feature extraction is performed directly on the raw inbound audio signal of the spoken OTP response to produce representative voice features that form the inbound voiceprint); generating, by the computer, a speaker recognition score based upon the inbound voiceprint and an enrolled voiceprint associated with an enrolled user (“In feature extraction, certain attributes of speech needed by the voice biometric system to differentiate people by their voice may be measured. Such techniques may employ mel-frequency cepstral coefficients. The extracted features may be compared with an archived voiceprint of the claimed user, which was created during the registration of the client, and a matching score may be calculated to provide verification. If the matching score is over a predefined threshold value, then the authorization is considered successful; …” -e.g., see, col. 5, lines 23-43; herein, the inbound voiceprint (extracted from the spoken response audio) is compared to the archived/enrolled voiceprint of the claimed user, and a matching score is calculated; the matching score is the speaker recognition score); … authenticating, by the computer, the operation request based upon the speaker recognition score and the response content score (“The encrypted OTP is decrypted using the user's mobile device and displayed. The OTP then is spoken by the user, and the user's voice and the OTP are recognized to authenticate the user.” -Abstract; see also: (“At 224, the server, or an associated, dedicated voice recognition server, recognizes the user's voice and the OTP to authenticate the user to access the site using the user's computing device and/or the user's mobile device. This recognition of the user's voice at 224 may employ any number of biometric voice recognition techniques.” -e.g., see, see, col. 5, lines 23-43; see also: “… receiving the one time password spoken by the user; and recognizing the user's voice and the one time password as spoken by the user to authenticate the user.” -e.g., see, claim 1 of Tolba; herein, Authentication of the operation/request is performed based on both voice recognition (via the speaker recognition/matching score) and OTP/content recognition score). Tolba doesn’t explicitly disclose generating, by the computer, response content text based upon the spoken audio response of the inbound audio signal; generating, by the computer, a response content score based upon the response content text and OTP text of an OTP associated with the operation request; However, in an analogous art, Skerpac discloses generating, by the computer, response content text based upon the spoken audio response of the inbound audio signal (“Unconstrained or direct speech recognition converts the input speech signal into text. It does so by using a set of trained acoustic models (1230) and language model (1240) as described in detail in the Rutgers Paper. Direct speech recognition derives a likelihood score based on the probability that the words were uttered.” -e.g., see, [0161]; see also: “DPSS uses the CMU Sphinx speech recognition engine in its end-to-end experiments, which supports generated language models.” -e.g., see, [0160]; herein, Speech recognition processing is applied to the inbound spoken audio signal (the OTP response) to convert it into recognized text; this recognized text is the response content text); generating, by the computer, a response content score based upon the response content text and OTP text of an OTP associated with the operation request (“verifying if a set of extracted speech recognition features are representative of the random pass phrase using said speech recognition language and acoustic models;”, “setting a sub-session word match flag on and updating a session word match count if speech verification is positive;” and “setting a minimum number of phrases flag on if the session word match count is equal to or higher than a session word match parameter;” -e.g., see, [0052] – [0054]; see also: “Direct speech recognition derives a likelihood score based on the probability that the words were uttered. Constrained or forced alignment uses a transcription of the input speech and determines how good the speech input aligns to the corresponding transcription and derives an acoustic likelihood score which is high if the transcription matches the input speech. Speech verification (1220) compares the unconstrained and constrained results to provide a verification result.” -e.g., see, [0161]; herein, the recognized response content text (from the spoken audio) is compared/verified against the expected OTP/pass phrase text using speech recognition models; the word match flag/count, verification result, or likelihood/acoustic scores constitute the response content score); Therefore, it would have been obvious to one of ordinary skill in the art before the effective filing date of the invention was to modify the teaching of Tolba with the additional feature of Skerpac in order to improve the accuracy, quantifiability and spoof resistance of the Tolba’s voice and OTP recognition process for secure real-time authentication of the operation request. As to claim 11, it is rejected using the similar rationale as for the rejection of claim 1. As to claim 4, Tolba in view of Skerpac discloses the method according to claim 1, Tolba further discloses comprising transmitting, by the computer, an OTP request to the inbound user device, the OTP request including an OTP prompt for displaying the OTP text at a user interface of the inbound user device (“At 210, the encrypted two-dimensional barcode embodying the OTP is transmitted by the site authentication server to the computing device of the user. An image of the two-dimensional barcode displayed, such as on the user's computing device, is captured at 212 using the user's mobile device. In one implementation, for example, this is accomplished by photographing the image of the two-dimensional barcode using a camera of the user's mobile device. At 214, the two-dimensional barcode of the encrypted OTP is decoded, and the resulting encrypted string is decrypted using the user's mobile device at 216. At 218, the OTP is displayed, such as on a screen of the user's mobile device, in plain text.” -e.g., see, col. 5, lines 7-22; herein, the encoded OTP data (enabling the prompt display) is transmitted to the user’s device as part of the authentication flow tied to the original operation request); As to claim 14, it is rejected using the similar rationale as for the rejection of claim 4. As to claim 5, Tolba in view of Skerpac discloses the method according to claim 1, Tolba further discloses wherein generating the speaker recognition score includes: obtaining, by the computer, from a database the enrolled voiceprint for the enrolled user according to the operation request (“The operations carried out by the authentication server may also include receiving a transmission that includes the OTP, as spoken by the user, for recognition of the OTP to authenticate the user, and for passing along to SBVS 104 for voice recognition processing to compete authentication of the user. SBVS 104 may be a secure server that could be located away from authentication server 102 as a third party service. In accordance with various implementations of the present systems and methods, SBVS 104 generates, trains, and updates the user's unique set of speech models (the user's voiceprint), stores the speech model securely in a database, and performs the matching process to authenticate a user.” -e.g., see, col. 4, lines 12-23; see also: “This recognition of the user's voice at 224 may employ any number of biometric voice recognition techniques. For example, feature extraction is the processing of the raw speech data resulting in representative voice features, which contain information of the physiological characteristics of the user. In feature extraction, certain attributes of speech needed by the voice biometric system to differentiate people by their voice may be measured. Such techniques may employ mel-frequency cepstral coefficients. The extracted features may be compared with an archived voiceprint of the claimed user, which was created during the registration of the client, and a matching score may be calculated to provide verification. If the matching score is over a predefined threshold value, then the authorization is considered successful; …” -e.g., see, col. 5, lines 23-43; herein, the server/computer receives the inbound audio signal of the spoken OTP response. It performs feature extraction on the raw speech data to create representative voice features (inbound voiceprint). These features are compared/matched against the stored/archived voiceprint of the enrolled/claimed user (enrolled voiceprint). A “matching score” is calculated from the comparison. The resulting matching score serves as the speaker recognition score (success if above threshold)); and determining, by the computer, a distance as the speaker recognition score between the inbound voiceprint and the enrolled voiceprint (“In feature extraction, certain attributes of speech needed by the voice biometric system to differentiate people by their voice may be measured. Such techniques may employ mel-frequency cepstral coefficients. The extracted features may be compared with an archived voiceprint of the claimed user, which was created during the registration of the client, and a matching score may be calculated to provide verification. If the matching score is over a predefined threshold value, then the authorization is considered successful; …” -e.g., see, col. 5, lines 23-43; herein, the server/computer receives the inbound audio signal of the spoken OTP response. It performs feature extraction on the raw speech data to create representative voice features (inbound voiceprint). These features are compared/matched against the stored/archived voiceprint of the enrolled/claimed user (enrolled voiceprint). A “matching score” is calculated from the comparison. The resulting matching score serves as the speaker recognition score (success if above threshold)). As to claim 15, it is rejected using the similar rationale as for the rejection of claim 5. As to claim 6, Tolba in view of Skerpac discloses the method according to claim 5, Tolba further comprising comparing, by the computer, the speaker recognition score against a speaker recognition threshold score (“In feature extraction, certain attributes of speech needed by the voice biometric system to differentiate people by their voice may be measured. Such techniques may employ mel-frequency cepstral coefficients. The extracted features may be compared with an archived voiceprint of the claimed user, which was created during the registration of the client, and a matching score may be calculated to provide verification. If the matching score is over a predefined threshold value, then the authorization is considered successful; …” -e.g., see, col. 5, lines 23-43; herein, the server/computer receives the inbound audio signal of the spoken OTP response. It performs feature extraction on the raw speech data to create representative voice features (inbound voiceprint). These features are compared/matched against the stored/archived voiceprint of the enrolled/claimed user (enrolled voiceprint). A “matching score” is calculated from the comparison. The resulting matching score serves as the speaker recognition score (success if above threshold)). As to claim 16, it is rejected using the similar rationale as for the rejection of claim 6. As to claim 7, Tolba in view of Skerpac discloses the method according to claim 1, Tolba further discloses wherein generating the response content score includes: generating, by the computer, the response content text of the OTP response from the inbound user device by applying an automatic speech recognition (ASR) engine on the inbound audio signal; and comparing, by the computer, the response content score against a corresponding response OTP content threshold score (“The OTP then is spoken by the user, and the user's voice and the OTP are recognized to authenticate the user.” -e.g., see, Abstract; see also: “Voice recognition processes automatically recognize who is speaking, based on individual information included in speech waves. Voice recognition uses the acoustic features of speech that have been found to differ between individuals. In accordance with various implementations of the present systems and methods, upon decryption of the OTP and its display by the user's mobile device, the user reads the OTP into the microphone of his computer. The server of the site being accessed receives this spoken OTP (one time password). The password is authenticated and voice recognition is used to further authenticate the user to access the site.” -e.g., see, col. 3, lines 4-19; herein, Spoken OTP response is recognized for content match against generated OTP). As to claim 17, it is rejected using the similar rationale as for the rejection of claim 7. As to claim 8, Tolba in view of Skerpac discloses the method according to claim 1, Tolba further discloses comprising: extracting, by the computer, one or more inbound fakeprints using a plurality of acoustic features the inbound audio signal of the OTP response of the inbound user; and generating, by the computer, one or more liveness scores for the operation request based upon the one or more inbound fakeprints and one or more enrolled fakeprints (“Voice recognition processes automatically recognize who is speaking, based on individual information included in speech waves. Voice recognition uses the acoustic features of speech that have been found to differ between individuals. In accordance with various implementations of the present systems and methods, upon decryption of the OTP and its display by the user's mobile device, the user reads the OTP into the microphone of his computer.” -e.g., see, Tolba: col. 3, lines 4-19; herein, acoustic features support live vs. non-line distinction). As to claim 18, it is rejected using the similar rationale as for the rejection of claim 8. Claims 2-3, 10, 12-13 and 20 are rejected under 35 U.S.C. 103 as being unpatentable over Tolba in view of Skerpac as applied to claims 1 and 11 above, and further in view of Agarwal et al. (US 2023/0370290 A1) (hereinafter, “Agarwal”). As to claim 2, Tolba in view of Skerpac discloses the method according to claim 1, Tolba further discloses comprising: obtaining, by the computer, the operation request indicating an operation that originated at the inbound user device associated with the inbound user (“… receiving a user's identification and password transmitted from the user's mobile device, generating a One Time Password (OTP)” -e.g., see, Abstract; see also: “… a user's identification, such as a username or other "ID," and the user's password for the site being accessed is transmitted at 202, such as from the user's computing device (e.g., user computing device 106 of FIG. 1, for example, the user's PC), and is received by a server associated with the site, (e.g., authentication server 102 of system 100 shown in FIG. 1). At 204, an OTP is generated for the user.” -e.g., see, col. 4, lines 56-62; see also: “Such operations might include receiving a username and password such as transmitted from user computing device 106 or user mobile device 108,” -e.g., see, col. 4, lines 6-9; herein, the computer (authentication server 102) obtains/receives the initial identification and password that was transmitted from the user’s mobile device or computing device (the inbound user device associated with the inbound user). The transmitted data constitutes the operation/access request that originated at the inbound user device. The request indicates the operation of accessing/authenticating to “the site being accessed” (or performing the protected operation on the site). The server processes this request (including initial verification step 302 in related embodiments) before generating the OTP at step 204. This reads on obtaining an operation request from an inbound user device); … generating, by the computer, an OTP prompt having the OTP text for display at a user interface of the inbound user device (“At 218, the OTP is displayed, such as on a screen of the user's mobile device, in plain text. The user reads the OTP aloud at 220, such as into a microphone of the user's computing device, whereupon it may be recorded by the user's computing device and transmitted to an authentication server associated with the site being accessed.” -e.g., see, col. 5, lines 17-22; herein, the plain text OPT is displayed on the screen/UI of the user’s mobile device as the visual prompt). Tolba in view of Skerpac doesn’t explicitly disclose generating, by the computer, the OTP text of the OTP for the operation request based upon operation information associated with the operation request; and However, in an analogous art, Agarwal discloses generating, by the computer, the OTP text of the OTP for the operation request based upon operation information associated with the operation request (“Upon communication initiation between customer 106 and agent 102, a digital identification of customer 106 may be initiated. The digital identification may involve registering the VR device associated with customer 106. The digital identification may also involve generating and authenticating the registered device and/or the mobile device using an OTP. As such, the digital identification may perform identity-based authentication—i.e., authentication of the individual using the mobile device and/or VR device associated with customer 106 and authentication of permissions associated with the individual using the VR device associated with agent 102.” -e.g., see, Agarwal: [0049]). Therefore, it would have been obvious to one of ordinary skill in the art before the effective filing date of the invention was to modify the teaching of Tolba and Skerpac with the additional feature of Agarwal in order to protect non-public information from viewing by certain users during a co-browsing session. As to claim 12, it is rejected using the similar rationale as for the rejection of claim 2. As to claim 3, Tolba in view of Skerpac and Agarwal discloses the method according to claim 2, Agarwal further discloses wherein the computer generates the OTP according to at least a portion of the operation information received from an agent device (“Upon communication initiation between customer 106 and agent 102, a digital identification of customer 106 may be initiated. The digital identification may involve registering the VR device associated with customer 106. The digital identification may also involve generating and authenticating the registered device and/or the mobile device using an OTP. As such, the digital identification may perform identity-based authentication—i.e., authentication of the individual using the mobile device and/or VR device associated with customer 106 and authentication of permissions associated with the individual using the VR device associated with agent 102.” -e.g., see, Agarwal: [0049]). Therefore, it would have been obvious to one of ordinary skill in the art before the effective filing date of the invention was to modify the teaching of Tolba and Skerpac with the additional feature of Agarwal in order to protect non-public information from viewing by certain users during a co-browsing session. As to claim 13, it is rejected using the similar rationale as for the rejection of claim 3. As to claim 10, Tolba in view of Skerpac discloses the method according to claim 1, Tolba in view of Skerpac doesn’t explicitly disclose further comprising transmitting, by the computer, an authentication result based upon authenticating the operation request to an agent device. However, in an analogous art, Agarwal discloses comprising transmitting, by the computer, an authentication result based upon authenticating the operation request to an agent device (“The VR platform may transmit a one-time password (OTP) from the VR platform to a second device associated with the customer. In some embodiments, the second device may be the mobile device. The OTP may be received as a push notification, short message service (SMS), email or any other suitable transmission method. The OTP may be entered by the customer at the mobile device. In some embodiments, the OTP may be entered into the mobile application running on the mobile device. The VR platform may validate the OTP.” -e.g., se, Agarwal: [0036]; see also: Agarwal: [0049]). Therefore, it would have been obvious to one of ordinary skill in the art before the effective filing date of the invention was to modify the teaching of Tolba and Skerpac with the additional feature of Agarwal in order to protect non-public information from viewing by certain users during a co-browsing session. As to claim 20, it is rejected using the similar rationale as for the rejection of claim 10. Claims 9 and 19 are rejected under 35 U.S.C. 103 as being unpatentable over Tolba in view of Skerpac as applied to claims 1 and 11 above, and further in view of Naqvi et al. (US 2022/0343095 A1) (hereinafter, “Naqvi”). As to 9, Tolba in view of Skerpac discloses the method according to claim 1, Tolba in view of Skerpac doesn’t explicitly disclose comprising: extracting, by the computer, one or more fakeprints using metadata obtained in the OTP response from the inbound user device; and generating, by the computer, one or more liveness scores for the operation request using one or more enrolled fakeprints. However, in an analogous art, Naqvi discloses extracting, by the computer, one or more fakeprints using metadata obtained in the OTP response from the inbound user device; and generating, by the computer, one or more liveness scores for the operation request using one or more enrolled fakeprints (“… the unauthorized device 109 may have also provided a spoofed device fingerprint, and the computing device 101 may determine whether to authenticate the unauthorized device 109 based on that spoofed device fingerprint. In some circumstances, if the spoofed device fingerprint is an exact match for a previous device fingerprint received from the user device 107, the authentication may be rejected. For example, the user device 107 is configured to send a different device fingerprint with every transmission, if the computing device 101 receives the same device fingerprint twice, the computing device 101 may detect that a potential replay attack may be occurring. As another example, if the spoofed device fingerprint is significantly different than previously-received device fingerprints, authentication may be rejected.” -e.g., see, Naqvi: [0067]). Therefore, it would have been obvious to one of ordinary skill in the art before the effective filing date of the invention was to modify the teaching of Tolba and Skerpac with the additional feature of Naqvi in order to prevent potential replay attack. As to claim 19, it is rejected using the similar rationale as for the rejection of claim 9. Conclusion Any inquiry concerning this communication or earlier communications from the examiner should be directed to SUMAN DEBNATH whose telephone number is (571)270-1256. The examiner can normally be reached Mon-Fri; 9:00am-5:00pm. Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice. If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Farid Homayounmehr can be reached at 571-272-3739. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300. Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. Visit https://www.uspto.gov/patents/apply/patent-center for more information about Patent Center and https://www.uspto.gov/patents/docx for information about filing in DOCX format. For additional questions, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000. SUMAN DEBNATH Patent Examiner Art Unit 2495 /S.D/Examiner, Art Unit 2495 /FARID HOMAYOUNMEHR/Supervisory Patent Examiner, Art Unit 2495
Read full office action

Prosecution Timeline

May 22, 2025
Application Filed
Jul 01, 2026
Non-Final Rejection mailed — §103 (current)

Precedent Cases

Applications granted by this same examiner with similar technology

Patent 12670807
METHOD AND SYSTEM FOR EVALUATING INDIVIDUAL AND GROUP CYBER THREAT AWARENESS
2y 2m to grant Granted Jun 30, 2026
Patent 12665879
SECURITY GROUP RESOLUTION AT INGRESS ACROSS VIRTUAL NETWORKS
1y 8m to grant Granted Jun 23, 2026
Patent 12639732
CENTRALIZED GATEWAY SERVER FOR PROVIDING ACCESS TO SERVICES
3y 9m to grant Granted May 26, 2026
Patent 12639446
PROTECTING SOFTWARE DEVELOPMENT ENVIRONMENTS FROM MALICIOUS ACTORS
3y 8m to grant Granted May 26, 2026
Patent 12639418
COMPUTER SYSTEM, SERVICE PROCESSING METHOD, READABLE STORAGE MEDIUM, AND CHIP
3y 6m to grant Granted May 26, 2026
Study what changed to get past this examiner. Based on 5 most recent grants.

Strategy Recommendation AI-generated — please review before filing

Get a prosecution strategy drawn from examiner precedents, rejection analysis, and claim mapping.
Typically takes 5-10 seconds — AI-generated, attorney review required before filing

Prosecution Projections

1-2
Expected OA Rounds
75%
Grant Probability
99%
With Interview (+33.0%)
4y 0m (~2y 11m remaining)
Median Time to Grant
Low
PTA Risk
Based on 413 resolved cases by this examiner. Grant probability derived from career allowance rate.

Sign in with your work email

Enter your email to receive a magic link. No password needed.

Personal email addresses (Gmail, Yahoo, etc.) are not accepted.

Free tier: 3 strategy analyses per month