Notice of Pre-AIA  or AIA  Status
1.	The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .

Response to Arguments
2.	Applicant’s arguments filed on 11/23/2020, with respect to the 101 rejections of claim 1-20 have been fully considered and are persuasive.  Therefore, the 101 rejections of claim 1-20 rejection has been withdrawn. 

3.	Applicant’s arguments filed on 11/23/2020, with respect to the 35 U.S.C 112 rejections of claims 7 and 17 have been fully considered and are persuasive.  Therefore, the 35 U.S.C 112 rejections of claims 7 and 17 is rejection has been withdrawn. 

4.	Applicant’s arguments filed on 11/23/2020, with respect to the 35 U.S.C. 102 rejection of claim 1-20 anticipated by McCorkendale have been fully considered. However, upon further consideration, a new ground(s) of rejection is made in view of amended claims.

Claim Rejections - 35 USC § 103
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have 

The factual inquiries for establishing a background for determining obviousness under 35 U.S.C. 103 are summarized as follows:
1. Determining the scope and contents of the prior art.
2. Ascertaining the differences between the prior art and the claims at issue.
3. Resolving the level of ordinary skill in the pertinent art.
4. Considering objective evidence present in the application indicating obviousness or nonobviousness.
5.	Claims 1-20 are rejected under 35 U.S.C. 103 as being unpatentable over U.S. Patent No. 9,817,958 hereinafter McCorkendale in view Liu in view of U.S. Publication No. 20090006544 hereinafter Liu.

As per claim 1, McCorkendale discloses:
A computer-implemented verification method (Col. 1 Lines 29-42 “As will be described in greater detail below, the instant disclosure describes various systems and methods for authenticating a user based on information gathered from one or more devices with which the user interacts, resulting in a shared secret that is known by the user but that is not based on publically available information and/or easily guessed using brute force.”), comprising:
generating, by a server, a security question for verifying a target user (Col. 9 Lines 30-33 “Returning to FIG. 3, at step 306, one or more of the systems described herein may generate, based on the gathered information, an authentication protocol for authenticating the user.” Col. 9 Line 37-40 “In one 
determining, by the server, an answer for the target user to match the security question (Col. 9 Lines 40-42 “In this example, generating module 108 may also designate correct answers to the security questions that are also based on information 122.”);
generating, by the server, one or more distractions answers by:
determining a category identification of the answer for the target user (Fig. 7, Col. 9 Lines 43-49 “The types of security questions that generating module 108 may generate are vast and varied. FIG. 7 gives five specific examples of security questions (i.e., security questions 700) that generating module 108 may generate for a specific date (e.g., Apr. 31,2015) based on the information provided in FIG. 6. Each specific example will now be discussed, in turn.”),
determining users' data corresponding to the category identification of the answer for the target user (Fig 3. Element 304, Col. 7 Lines 43-52 “other examples, gathering module 106 may gather digital content accessed by digital device 202. For example, gathering module 106 may identify websites visited by the user via digital device 202, movies watched by the user via digital device 202, songs played by the user via digital device 202, etc. In one embodiment, gathering module 106 may identify content (e.g., a website) accessed by digital device 202 by monitoring content identified by security software (such as NORTON COMMUNITY WATCH) running on digital device 202.” Fig. 6. Col. 8 Lines 25-43 “FIG. 6 provides a specific example of the kind of information that 
searching, in the determined users' data, for one or more pieces of the users' data related to the answer for the target user to serve as one or more distraction answers (Fig. 7, Col. 12 Line 60 - Col 13 Line 2 “As discussed above in connection with step 306, in one example, authentication protocol 126 may 
and verifying the target user according to the received selection (Fig. 7, Col. 13 Lines 3-18 “If authentication module 110 determines that the answers received from the user match the correct answers, authentication module 110 may authenticate the user in response to the determination. Otherwise, if authentication module 110 determines that the answers received from the user do not match the correct answer, authentication module 110 may deny authentication. Additionally or alternatively (e.g., if authentication module 110 determines that the answers received from the user do not match the correct answer), authentication module 110 may require additional action on the part of the user in order to be authenticated. For example, authentication module 110 may require the user to correctly answer one or more additional security questions or may require the user to complete an additional authentication requirement (e.g., call a service associated with authentication module 110 to be authenticated by phone).”)

	McCorkendale does not disclose:

sending, by the server, the security question, the answer for the target user, and the one or more distraction answers over a communication network to a terminal used by the user; 
receiving, by the server from the terminal over the communication network, a selection by the target user of the answer for the target user or one of the one or more distraction answers

	Liu discloses:
searching, for one or more pieces of the users' data semantically related to the answer for the target user to serve as the one or more distraction answers (para 0040 “In the registration process, when a user registers a new account or logs into an account without enhanced association information, Process Server 2 requests the user to configure enhanced association information.” Para 0041 “The enhanced association information includes questions and answers closely related to the owner of the account, e.g., age, height, favorites, birthplace, mother school, etc.” Para 0042 “In the verification process, Process Server 2 receives a service request, e.g., to modify the password of an account, to pay online, or to operate on other sensitive information related to the account, from Client Terminal 1 (the account corresponding to Client Terminal 1 may be invalid at present), Process Server 2 enters the verification process, i.e. Step S24 to verify the identity of the user using Client Terminal 1 according to the enhanced Para 0043 “Verification Module 21 acquires the enhanced association information of the account, i.e., saved questions and answers, from Database Server 3; the saved questions and answers are transmitted to Verification Module 21 as a picture. Database Server 3 generates a number of false answers to the questions according to the correct answers, and the false answers are very close to the correct answers and are meant to be interfering.”); 
sending, by the server, the security question, the answer for the target user, and the one or more distraction answers over a communication network to a terminal used by the user (para 0036 “Client Terminal 1 is connected to Process Server 2 via a network and an IM client is installed in Client Terminal 1.” Para 0044 “Afterward, in Step S25, Process Server 2 randomly selects a preset number of questions, correct answers and false answers to the questions according to the security level corresponding to the service request from Client Terminal, generates verification information in the form of a picture, and sends the verification information to Client Terminal 1. Since the questions and answers are transmitted as a picture and are display in a random order, it is not easily to intercept the questions and answers by Trojan horses programs.”); 
receiving, by the server from the terminal over the communication network, a selection by the target user of the answer for the target user or one of the one or more distraction answers (para 0045 “In Step S26, Client Terminal 1 answers the questions in the received verification information and submits verification answers to Process Server 2.”)

The motivation would have been to present questions and distraction answers to a user to properly verify a user.

As per claim 2, McCorkendale in view Liu discloses:
The method according to claim 1, wherein the method further comprises the following steps for obtaining the users' data: acquiring, by the server, data from a plurality of users, the acquired data forming the users' data; determining, by the server, a category identification of each piece of the users' data; categorizing, by the server, the users' data into categories according to the category identification of each piece of the users' data, each category corresponding to a category identification; and generating, by the server, one or more answer libraries each corresponding to a category identification for each category of the users' data (McCorkendale Figs. 3, 6, and 7, Col. 4 Lines 21-27 and Col. 11-24).

As per claim 3, McCorkendale in view Liu discloses:
The method according to claim 2, wherein the users' data comprises: at least one of operation data generated based on operations of the users and the users' personal data (McCorkendale Figs. 3, 6, and 7, Col. 7 Line 4- Col. 9 Line 29).

As per claim 4, McCorkendale in view Liu discloses:
The method according to claim 2, wherein each category identification comprises: at least one personal data attribute identification or at least one operation data attribute identification (McCorkendale Figs. 3, 6, and 7, Col. 7 Line 4- Col. 9 Line 29).

As per claim 5, McCorkendale in view Liu discloses:
The method according to claim 4, wherein determining users' data corresponding to the category identification of the answer for the target user and searching, in the determined users' data, for one or more pieces of the users' data related to the answer for the target user to serve as one or more distraction answers comprise: 
when the category identification of the answer for the target user includes an operation data attribute identification, determining, by the server, an answer library corresponding to the operation data attribute identification, searching, by the server, in the determined answer library for users' data corresponding to a personal data attribute identification of the target user, and searching, by the server, in the users' data  Figs. 6 and 7, Col. 9 Line 50- Col. 10 Line 37).

As per claim 6, McCorkendale in view Liu discloses:
The method according to claim 5, wherein searching for the one or more pieces of the users' data related to the answer for the target user according to semantics and/or characters of the answer for the target user comprises: determining, by the server,  according to the semantics and/or characters of the answer for the target user, a similarity between the answer for the target user and each piece of the users' data corresponding to the personal data attribute identification of the target user; and searching, by the server, for the one or more pieces of the users' data related to the answer for the target user according to the similarity (McCorkendale Figs. 6 and 7, Col. 9 Line 50- Col. 10 Line 50).

As per claim 7, McCorkendale in view Liu discloses:
The method according to claim 6, wherein searching for the one or more pieces of the users' data related to the answer for the target user according to semantics and/or characters of the answer for the target user comprises: if the number of the pieces of the users' data found according to the similarity is greater than a threshold, selecting , by the server, according to the similarity, a number of pieces of the users' data as the distraction answers from the pieces of the users' data (McCorkendale Figs. 6 and 7, Col. 9 Line 50- Col. 10 Line 50).

As per claim 8, McCorkendale in view Liu discloses:
The method according to claim 2, wherein determining users' data corresponding to the category identification of the answer for the target user and searching, in the determined users' data, for one or more pieces of the users' data related to the answer for the target user to serve as one or more distraction answers comprises: when the category identification of the answer for the target user includes a personal data attribute identification, determining, by the server, an answer library corresponding to the personal data attribute identification, and searching, by the server, in the determined answer library for the one or more pieces of the users' data related to the answer for the target user according to semantics or characters of the answer for the target user to serve as the one or more distraction answers (McCorkendale Figs. 6 and 7, Col. 9 Line 50- Col. 10 Line 50).

As per claim 9, McCorkendale in view Liu discloses:
The method according to claim 2, wherein acquiring data from a plurality of users comprises: when the data from the plurality of users changes, acquiring, by the server, changed data; and wherein the method further comprises: updating, by the server, the answer libraries with the changed data (McCorkendale Col. 9 Lines 7-22 and Col. 11 Lines 4-12).

As per claim 10, McCorkendale in view Liu discloses:
The method according to claim 2, wherein acquiring, by the server, data from a plurality of users comprises: acquiring data from the plurality of users according to a set period; and wherein the method further comprises: updating, by the server, the answer libraries with the data acquired from the plurality of users according to the set period (McCorkendale Col. 9 Lines 7-22).

As per claim 11, the implementation of the method of claim 1 will execute the verification device of claim 11. The claim is analyzed with respect for claim 1.

As per claim 12, the claim is analyzed with respect to claim 2.

As per claim 13, the claim is analyzed with respect to claim 3.

As per claim 14, the claim is analyzed with respect to claim 4.

As per claim 15, the claim is analyzed with respect to claim 5.

As per claim 16, the claim is analyzed with respect to claim 6.

As per claim 17, the claim is analyzed with respect to claim 7.

As per claim 18, the claim is analyzed with respect to claim 8.

As per claim 19, the claim is analyzed with respect to claim 9.

As per claim 20, the implementation of the method of claim 1 will execute the non-transitory computer-readable (Col. 2 Lines 38-49) of claim 20. The claim is analyzed with respect for claim 1.


Conclusion
Applicant's amendment necessitated the new ground(s) of rejection presented in this Office action.  Accordingly, THIS ACTION IS MADE FINAL.  See MPEP § 706.07(a).  Applicant is reminded of the extension of time policy as set forth in 37 CFR 1.136(a).  
A shortened statutory period for reply to this final action is set to expire THREE MONTHS from the mailing date of this action.  In the event a first reply is filed within TWO MONTHS of the mailing date of this final action and the advisory action is not mailed until after the end of the THREE-MONTH shortened statutory period, then the shortened statutory period will expire on the date the advisory action is mailed, and any extension fee pursuant to 37 CFR 1.136(a) will be calculated from the mailing date of the advisory action.  In no event, however, will the statutory period for reply expire later than SIX MONTHS from the date of this final action. 
Any inquiry concerning this communication or earlier communications from the examiner should be directed to GARY S GRACIA whose telephone number is (571)270-5192.  The examiner can normally be reached on Monday-Friday 9am-6pm.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Ashok Patel can be reached on 5712723972.  The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system.  Status information for published applications may be obtained from either Private PAIR or Public PAIR.  Status information for unpublished applications is available through Private PAIR only.  For more information about the PAIR system, see https://ppair-my.uspto.gov/pair/PrivatePair. Should you have questions on access to the Private PAIR system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative or access to the automated information system, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.






/GARY S GRACIA/Primary Examiner, Art Unit 2491