Notice of Pre-AIA  or AIA  Status
The present application is being examined under the pre-AIA  first to invent provisions. 
Claim Interpretation
The following is a quotation of 35 U.S.C. 112(f):
(f) Element in Claim for a Combination. – An element in a claim for a combination may be expressed as a means or step for performing a specified function without the recital of structure, material, or acts in support thereof, and such claim shall be construed to cover the corresponding structure, material, or acts described in the specification and equivalents thereof. 

The following is a quotation of pre-AIA  35 U.S.C. 112, sixth paragraph:
An element in a claim for a combination may be expressed as a means or step for performing a specified function without the recital of structure, material, or acts in support thereof, and such claim shall be construed to cover the corresponding structure, material, or acts described in the specification and equivalents thereof.

The claims in this application are given their broadest reasonable interpretation using the plain meaning of the claim language in light of the specification as it would be understood by one of ordinary skill in the art.  The broadest reasonable interpretation of a claim element (also commonly referred to as a claim limitation) is limited by the description in the specification when 35 U.S.C. 112(f) or pre-AIA  35 U.S.C. 112, sixth paragraph, is invoked. 
As explained in MPEP § 2181, subsection I, claim limitations that meet the following three-prong test will be interpreted under 35 U.S.C. 112(f) or pre-AIA  35 U.S.C. 112, sixth paragraph:
(A)	the claim limitation uses the term “means” or “step” or a term used as a substitute for “means” that is a generic placeholder (also called a nonce term or a non-
(B)	the term “means” or “step” or the generic placeholder is modified by functional language, typically, but not always linked by the transition word “for” (e.g., “means for”) or another linking word or phrase, such as “configured to” or “so that”; and 
(C)	the term “means” or “step” or the generic placeholder is not modified by sufficient structure, material, or acts for performing the claimed function. 
Use of the word “means” (or “step”) in a claim with functional language creates a rebuttable presumption that the claim limitation is to be treated in accordance with 35 U.S.C. 112(f) or pre-AIA  35 U.S.C. 112, sixth paragraph. The presumption that the claim limitation is interpreted under 35 U.S.C. 112(f) or pre-AIA  35 U.S.C. 112, sixth paragraph, is rebutted when the claim limitation recites sufficient structure, material, or acts to entirely perform the recited function. 
Absence of the word “means” (or “step”) in a claim creates a rebuttable presumption that the claim limitation is not to be treated in accordance with 35 U.S.C. 112(f) or pre-AIA  35 U.S.C. 112, sixth paragraph. The presumption that the claim limitation is not interpreted under 35 U.S.C. 112(f) or pre-AIA  35 U.S.C. 112, sixth paragraph, is rebutted when the claim limitation recites function without reciting sufficient structure, material or acts to entirely perform the recited function. 
Claim limitations in this application that use the word “means” (or “step”) are being interpreted under 35 U.S.C. 112(f) or pre-AIA  35 U.S.C. 112, sixth paragraph, except as otherwise indicated in an Office action. Conversely, claim limitations in this 
This application includes one or more claim limitations that do not use the word “means,” but are nonetheless being interpreted under 35 U.S.C. 112(f) or pre-AIA  35 U.S.C. 112, sixth paragraph, because the claim limitation(s) uses a generic placeholder that is coupled with functional language without reciting sufficient structure to perform the recited function and the generic placeholder is not preceded by a structural modifier.  Such claim limitation(s) is/are: “the first computing device configured to send” in claim 25 and  “the first computing device configured to receive” in claim 31.
Because this/these claim limitation(s) is/are being interpreted under 35 U.S.C. 112(f) or pre-AIA  35 U.S.C. 112, sixth paragraph, it/they is/are being interpreted to cover the corresponding structure described in the specification as performing the claimed function, and equivalents thereof.
If applicant does not intend to have this/these limitation(s) interpreted under 35 U.S.C. 112(f) or pre-AIA  35 U.S.C. 112, sixth paragraph, applicant may:  (1) amend the claim limitation(s) to avoid it/them being interpreted under 35 U.S.C. 112(f) or pre-AIA  35 U.S.C. 112, sixth paragraph (e.g., by reciting sufficient structure to perform the claimed function); or (2) present a sufficient showing that the claim limitation(s) recite(s) sufficient structure to perform the claimed function so as to avoid it/them being interpreted under 35 U.S.C. 112(f) or pre-AIA  35 U.S.C. 112, sixth paragraph.

Claim Rejections - 35 USC § 112
The following is a quotation of 35 U.S.C. 112(b):
(b)  CONCLUSION.—The specification shall conclude with one or more claims particularly pointing out and distinctly claiming the subject matter which the inventor or a joint inventor regards as the invention.


The following is a quotation of 35 U.S.C. 112 (pre-AIA ), second paragraph:
The specification shall conclude with one or more claims particularly pointing out and distinctly claiming the subject matter which the applicant regards as his invention.


Claims 25-36 are rejected under 35 U.S.C. 112(b) or 35 U.S.C. 112 (pre-AIA ), second paragraph, as being indefinite for failing to particularly point out and distinctly claim the subject matter which the inventor or a joint inventor, or for pre-AIA  the applicant regards as the invention. Claim limitations “the first computing device configured to send” in claim 25 and  “ the first computing device configured to receive” in claim 31, invokes 35 U.S.C. 112(f) or pre-AIA  35 U.S.C. 112, sixth paragraph. However, the written description fails to disclose the corresponding structure, material, or acts for performing the entire claimed function and to clearly link the structure, material, or acts to the function. Therefore, the claim is indefinite and is rejected under 35 U.S.C. 112(b) or pre-AIA  35 U.S.C. 112, second paragraph.
Applicant may:
(a)        Amend the claim so that the claim limitation will no longer be interpreted as a limitation under 35 U.S.C. 112(f) or pre-AIA  35 U.S.C. 112, sixth paragraph; 
(b)        Amend the written description of the specification such that it expressly recites what structure, material, or acts perform the entire claimed function, without introducing any new matter (35 U.S.C. 132(a)); or 
(c)        Amend the written description of the specification such that it clearly links the structure, material, or acts disclosed therein to the function recited in the claim, without introducing any new matter (35 U.S.C. 132(a)).
If applicant is of the opinion that the written description of the specification already implicitly or inherently discloses the corresponding structure, material, or acts and clearly links them to the function so that one of ordinary skill in the art would recognize what structure, material, or acts perform the claimed function, applicant should clarify the record by either: 
(a)    Amending the written description of the specification such that it expressly recites the corresponding structure, material, or acts for performing the claimed function and clearly links or associates the structure, material, or acts to the claimed function, without introducing any new matter (35 U.S.C. 132(a)); or (b) Stating on the record what the corresponding structure, material, or acts, which are implicitly or inherently set forth in the written description of the specification, perform the claimed function. For more information, see 37 CFR 1.75(d) and MPEP §§ 608.01(o) and 2181.

Double Patenting
The nonstatutory double patenting rejection is based on a judicially created doctrine grounded in public policy (a policy reflected in the statute) so as to prevent the unjustified or improper time-wise extension of the “right to exclude” granted by a patent and to prevent possible harassment by multiple assignees.  A nonstatutory double patenting rejection is appropriate where the claims at issue are not identical, but at least one examined application claim is not patentably distinct from the reference claim(s) because the examined application claim is either anticipated by, or would have been obvious over, the reference claim(s). See, e.g., In re Berg, 140 F.3d 1428, 46 USPQ2d 1226 (Fed. Cir. 1998); In re Goodman, 11 F.3d 1046, 29 USPQ2d 2010 (Fed. Cir. 1993); In re Longi, 759 F.2d 887, 225 USPQ 645 (Fed. Cir. 1985); In re Van Ornum, 686 F.2d 937, 214 USPQ 761 (CCPA 1982); In re Vogel, 422 F.2d 438, 164 USPQ 619 (CCPA 1970); and In re Thorington, 418 F.2d 528, 163 USPQ 644 (CCPA 1969).
A timely filed terminal disclaimer in compliance with 37 CFR 1.321(c) or 1.321(d) may be used to overcome an actual rejection based on a nonstatutory double patenting ground provided the reference application or patent either is shown to be commonly owned with this application, or claims an invention made as a result of activities undertaken within the scope of a joint research agreement. A terminal disclaimer must be signed in compliance with 37 CFR 1.321(b).
The USPTO internet Web site contains terminal disclaimer forms which may be used.  Please visit http://www.uspto.gov/forms/.  The filing date of the application will determine what form should be used.  A web-based eTerminal Disclaimer may be filled out completely online using web-screens. An eTerminal Disclaimer that meets all requirements is auto-processed and approved immediately upon submission.  For more information about eTerminal Disclaimers, refer to http://www.uspto.gov/patents/process/file/efs/guidance/eTD-info-I.jsp.  
Claims 1-36 of instant Application US 16/562,066 are rejected on the ground of nonstatutory double patenting as being unpatentable over claims 1-37  of US patent  US 10484364. Although the conflicting claims are not identical, they are not patentably distinct from each other because the claims both in the present application and the US patent discloses a method and systems providing security to application (s) is/are remotely executed in the user device.
The table below shows the comparison of claims of the instant application with that of the US application US10484364. Examiner has underlined (if any) the limitations not disclosed by the claims of conflicting US patent US10484364.
Claim No.
Limitations of Instant Application       US16/562066.
Limitations of the US patent 10484364.
Claim No.
1 
1. (New) A method comprising: receiving, from a computing device, an authentication request comprising a user name and a password associated with the user name, wherein: the user name is based on a digital certificate issued by a trusted authority; and the password is encrypted based on the digital certificate; decrypting the password, based on a public key, to create a decrypted password; determining, based on the password and a validity of the digital certificate, whether to grant the authentication request.
1. A method comprising: receiving, from a computing device, an authentication request comprising a user name and comprising a password associated with the user name, wherein: the user name is based on a digital certificate issued by a trusted authority and comprises: a portion of the digital certificate; and a public key for the computing device; and the password is encrypted, and is based on the portion of the digital certificate; extracting the public key from the user name; decrypting the password, based on the public key, to create a decrypted password; hashing the portion of the digital certificate; verifying, based on a validity of the portion of the digital certificate, the authentication request; determining that the decrypted password corresponds to the hashed portion of the digital certificate; and based on the verifying and the determining, granting the authentication request from the computing device.
1 
7
7. (New) A method comprising: receiving, by a computing device and from a trusted authority, a digital certificate issued to the computing device; generating, by the computing device, a user name that is based on the digital certificate; generating, by the computing device, a password associated with the user name, wherein the password is encrypted based on the digital certificate; sending, from the computing device and to an authentication device, an authentication request comprising the user name and the password; and receiving, based on the authentication request and based on a validity of the digital certificate, approval of the authentication request.


























13. (New) An apparatus comprising: one or more processors; and memory storing instructions that, when executed by the one or more processors, cause the apparatus to: receive, from a computing device, an authentication request comprising a user name and a password associated with the user name, wherein: the user name is based on a digital certificate issued by a trusted authority; and the password is encrypted based on the digital certificate; decrypt the password, based on a public key, to create a decrypted password; determine, based on the password and a validity of the digital certificate, whether to grant the authentication request.
7. A method comprising: receiving, from a computing device, an authentication request comprising a user name and comprising a password associated with the user name, wherein: the user name is based on a digital certificate issued by a trusted authority and comprises: a portion of the digital certificate; and a public key for the computing device; and the password is encrypted, and is based on the portion of the digital certificate; validating the portion of the digital certificate; extracting the public key from the user name; decrypting the password, based on the public key, to create a decrypted password; converting, to a different format, the portion of the digital certificate; verifying, based on the validating of the portion of the digital certificate, the authentication request; determining that the decrypted password corresponds to the converted portion; and based on the verifying and the determining, granting the authentication request from the computing device.











20. A system comprising: a first computing device configured to send an authentication request; and a second computing device comprising: one or more processors; and memory storing instructions that, when executed by the one or more processors, cause the second computing device to: receive, from the first computing device, the authentication request, wherein the authentication request comprises a user name and comprises a password associated with the user name, and wherein: the user name is based on a digital certificate issued by a trusted authority and comprises: a portion of the digital certificate; and a public key for the first computing device; and the password is encrypted, and is based on the portion of the digital certificate; extract the public key from the user name; decrypt the password, based on the public key, to create a decrypted password; hash the portion of the digital certificate; verify, based on a validity of the portion of the digital certificate, the authentication request; determine that the decrypted password corresponds to the hashed portion of the digital certificate; and based on the verifying and the determining, grant the authentication request from the first computing device.



7
19
19. (New) An apparatus comprising: one or more processors; and memory storing instructions that, when executed by the one or more processors, cause the apparatus to: receive, from a trusted authority, a digital certificate issued to the apparatus; generate, a user name that is based on the digital certificate; generate, a password associated with the user name, wherein the password is encrypted based on the digital certificate; send, to an authentication device, an authentication request comprising the user name and the password; and receive, based on the authentication request and based on a validity of the digital certificate, approval of the authentication request.

























25. (New) A system comprising: a first computing device and a second computing device; wherein the first computing device is configured to send an authentication request comprising a user name and a password associated with the user name, wherein: the user name is based on a digital certificate issued by a trusted authority; and the password is encrypted based on the digital certificate; and wherein the second computing device comprising: one or more processors; and memory storing instructions that, when executed by the one or more processors, cause the second computing device to: receive, from the first computing device, the authentication request; decrypt the password, based on a public key, to create a decrypted password; and determine, based on the password and a validity of the digital certificate, whether to grant the authentication request.




















31. (New) A system comprising: a first computing device and a second computing device; wherein the first computing device is configured to receive an authentication request; and wherein the second computing device comprising: one or more processors; and memory storing instructions that, when executed by the one or more processors, cause the second computing device to: receive, from a trusted authority, a digital certificate issued to the second computing device; generate, a user name that is based on the digital certificate; generate, a password associated with the user name, wherein the password is encrypted based on the digital certificate; send, to the first computing device, the authentication request comprising the user name and the password; and  8Application No. 16/562,066Docket No.: 007412.04613\US Preliminary Amendment receive, based on the authentication request and based on a validity of the digital certificate, approval of the authentication request.
23. A system comprising: a first computing device configured to send an authentication request; and a second computing device comprising: one or more processors; and memory storing instructions that, when executed by the one or more processors, cause the second computing device to: receive, from the first computing device, the authentication request, wherein the authentication request comprises a user name and comprises a password associated with the user name, and wherein: the user name is based on a digital certificate issued by a trusted authority and comprises: a portion of the digital certificate; and a public key for the first computing device; and the password is encrypted, and is based on the portion of the digital certificate; validate the portion of the digital certificate; extract the public key from the user name; decrypt the password, based on the public key, to create a decrypted password; convert, to a different format, the portion of the digital certificate; verify, based on the validating of the portion of the digital certificate, the authentication request; determine that the decrypted password corresponds to the converted portion; and based on the verifying and the determining, grant the authentication request from the first computing device



26. A system comprising: a first computing device configured to receive an authentication request; and a second computing device comprising: one or more processors; and memory storing instructions that, when executed by the one or more processors, cause the second computing device to: receive, from a trusted authority, a digital certificate issued to the second computing device; generate a user name based on the digital certificate, wherein: the user name is converted from the digital certificate and comprises: a portion of the digital certificate; and a public key for the second computing device; and; generate a password associated with the user name, wherein the password is encrypted, and is generated based on the portion of the digital certificate; send, from the second computing device and to the first computing device, the authentication request, wherein the authentication request comprises the user name and comprises the password, and wherein the user name and the password are generated, by the second computing device, such that a hash of the portion of the digital certificate matches a decrypted password decrypted from the password using the public key; and receive, based on the authentication request, approval of the authentication request.


23. A system comprising: a first computing device configured to send an authentication request; and a second computing device comprising: one or more processors; and memory storing instructions that, when executed by the one or more processors, cause the second computing device to: receive, from the first computing device, the authentication request, wherein the authentication request comprises a user name and comprises a password associated with the user name, and wherein: the user name is based on a digital certificate issued by a trusted authority and comprises: a portion of the digital certificate; and a public key for the first computing device; and the password is encrypted, and is based on the portion of the digital certificate; validate the portion of the digital certificate; extract the public key from the user name; decrypt the password, based on the public key, to create a decrypted password; convert, to a different format, the portion of the digital certificate; verify, based on the validating of the portion of the digital certificate, the authentication request; determine that the decrypted password corresponds to the converted portion; and based on the verifying and the determining, grant the authentication request from the first computing device







23


Claim Rejections - 35 USC § 103
The following is a quotation of pre-AIA  35 U.S.C. 103(a) which forms the basis for all obviousness rejections set forth in this Office action:
(a) A patent may not be obtained though the invention is not identically disclosed or described as set forth in section 102 of this title, if the differences between the subject matter sought to be patented and the prior art are such that the subject matter as a whole would have been obvious at the time the invention was made to a person having ordinary skill in the art to which said subject matter pertains.  Patentability shall not be negatived by the manner in which the invention was made.

Claims 1-4,7-10, 13-16, 19-22, 25-28 & 31- 34 are rejected under 35 USC 103 as being unpatentable over Gupta (US20080133920) in view of  Chandra (US20020138582) 
Regarding claim 1, Gupta teaches:
a method comprising: receiving, from a computing device, an authentication request comprising a user name and bits associated with the user name, wherein: the user name is based on a digital certificate; [0042] In the proposed solution the user presents ((it is obvious that user device (first/second device) sends and other device (could be a server or a remote or second/first computing device) receives)) a General Purpose Certificate called the `Identity Certificate` (IC) (1.1) at the start of the secure session. This would essentially be the normal X509 certificate with no extensions i.e. it will contain the Public Key of the holder along with his credentials (Name, Organization Unit, Organization, Address etc) and the Certificate Serial Number and Certificate Authority's Signature.] 
and  bits associated with the user name,  and the bits is encrypted based on the digital certificate; [0059] Along with the IC, the entities would hold individual bits of information signed (encrypted) by their own private key (which may be signed by the CA or not). It is obvious to a skilled person that this bits is associated with the name as both of them are based on the digital certificate . These would be called the `Application Unit Self Certificate` (AUSC) where the AUSC would be different for different bits of information. Depending upon the transaction the user or the server would determine if additional authentication is required (1.2).]
 decrypting the bits, based on a public key, to create a decrypted bits); determining, based on the bits and a validity of the digital certificate, whether to grant the authentication request.  [0060] At the server end, the server will verify and accept the IC (identity certificate) presented by the client (2.1). It would then determine whether or not any additional authentication was required (2.2) depending on the nature of the transaction as well as configured options. If additional authentication is necessary, the server would request such additional data (2.3) from the clients. Finally, the server would validate the AUSCs presented ( it is obvious that server/first/second/remote device will decrypt the presented encrypted bits or AUSCs for validation purposes)  by the clients (2.4) by verifying the certification of the AUSCs presented by the client by the certification authority and other requirements specified on the configuration data.]
Although Gupta teaches user name, signed (encrypted) bits (bits from digital certificate), digital certificate, certificate authority and  authentication, Gupta does not teach explicitly, however, Chandra teaches:
password, [0647] In one embodiment, four types of authentication mechanisms are provided. PKI verification provides the framework with the ability to participate in a single sign on arrangement with a PKI environment. To invoke such verification, an object or method passes the name of the user, a digitally signed version of their name, and the symbol PKI_VERIFICATION as parameter values. SSL-only verification is like weak verification, discussed below, in that the user name and password are passed as parameters. ]
digital certificate issued by trusted authority,  [0647] In one embodiment……from the interface. Certificate-based SSL verification is like PKI verification in that the name of the user is passed in one parameter and their SSL certificate is passed in another parameter. The certificate is then validated with the CA of the SSL certificate (either Verisign, Cylink, or Entrust). Weak verification passes a name and password as parameters and provides relatively low security. It is obvious to a skilled person that  the certificate is received from a trusted or known source]
Before the effective filing date of the claimed invention, it would have been obvious to one with ordinary skill in the art to combine the teachings of Gupta with the disclosure of Chandra. The motivation or suggestion would have been to implement a system that will provide an efficient techniques for secure authentication of a user or a device. (paras 0195-0196, Chandra)
Regarding claims 2, 8  & 14, 20, 26 & 32, Gupta teaches wherein the digital certificate comprises a value to authenticate the computing device.  [0042] In the proposed solution the user presents a General Purpose Certificate called the `Identity Certificate` (IC) (1.1) at the start of the secure session. This would essentially be the normal X509 certificate with no extensions i.e. it will contain the Public Key of the holder along with his credentials (Name, Organization Unit, Organization, Address etc) and the Certificate Serial Number and Certificate Authority's Signature. It is obvious that digital certificate contains “name’ ( a value) , ‘public key” (a value) of the owner for whom the certificate has v]been issued. These values may be used to authenticate the computing device for which the certificate has been issued] 
Regarding claim 3, 15 & 27, although Gupta teaches digital certificate, he does not tech explicitly, however, Chandra teaches validating, based on a communication with the trusted authority, the digital certificate.  [0647] In one embodiment……from the interface. Certificate-based SSL verification is like PKI verification in that the name of the user is passed in one parameter and their SSL certificate is passed in another parameter. The certificate is then validated with the CA of the SSL certificate (either Verisign, Cylink, or Entrust). Weak verification passes a name and password as parameters and provides relatively low security. It is obvious to skilled person that  the certificate is received from a trusted or known source]
Before the effective filing date of the claimed invention, it would have been obvious to one with ordinary skill in the art to combine the teachings of Gupta with the disclosure of Chandra. The motivation or suggestion would have been to implement a system that will provide an efficient techniques for secure authentication of a user or a device. (paras 0195-0196, Chandra)
Regarding claims 4, 10, 16, 22, 28 & 34,  although Gupta teaches digital certificate, he does not tech explicitly, however, Chandra teaches  verifying a path for the digital certificate; and validating, based on the verifying the path, the portion of the digital certificate.  [0647] In one embodiment……from the interface. Certificate-based SSL verification is like PKI verification in that the name of the user is passed in one parameter and their SSL certificate is passed in another parameter. The certificate is then validated with the CA of the SSL certificate (either Verisign, Cylink, or Entrust). Weak verification passes a name and password as parameters and provides relatively low security. It is obvious to skilled person that  the certificate is received from a trusted or known source (path is verified) also name-a portion of the certificate is also verified.]
Before the effective filing date of the claimed invention, it would have been obvious to one with ordinary skill in the art to combine the teachings of Gupta with the disclosure of Chandra. The motivation or suggestion would have been to implement a system that will provide an efficient techniques for secure authentication of a user or a device. (paras 0195-0196, Chandra)
Regarding claim 7, Gupta teaches  a method comprising: receiving, by a computing device and a digital certificate issued to the computing device; [0042] In the proposed solution the user presents ((it is obvious that user device (first/second device) sends and other device (could be a server or a remote or second/first computing device) receives)) a General Purpose Certificate called the `Identity Certificate` (IC) (1.1) at the start of the secure session. This would essentially be the normal X509 certificate with no extensions i.e. it will contain the Public Key of the holder along with his credentials (Name, Organization Unit, Organization, Address etc) and the Certificate Serial Number and Certificate Authority's Signature.] 
generating, by the computing device, a user name that is based on the digital certificate; generating, by the computing device, bits associated with the user name, wherein the password is encrypted based on the digital certificate; [0042] In the proposed solution the user presents ((it is obvious that user device (first/second device) sends and other device (could be a server or a remote or second/first computing device) receives)) a General Purpose Certificate called the `Identity Certificate` (IC) (1.1) at the start of the secure session. This would essentially be the normal X509 certificate with no extensions i.e. it will contain the Public Key of the holder along with his credentials (Name, Organization Unit, Organization, Address etc) and the Certificate Serial Number and Certificate Authority's Signature.] 
sending, from the computing device and to an authentication device, an authentication request comprising the user name and the bits;  [0060] At the server end, the server will verify and accept the IC (identity certificate) presented by the client (2.1). It would then determine whether or not any additional authentication was required (2.2) depending on the nature of the transaction as well as configured options. If additional authentication is necessary, the server would request such additional data (2.3) from the clients. Finally, the server would validate the AUSCs presented ( it is obvious that server/first/second/remote device will decrypt the presented encrypted bits or AUSCs for validation purposes)  by the clients (2.4) by verifying the certification of the AUSCs presented by the client by the certification authority and other requirements specified on the configuration data.]
 and receiving, based on the authentication request and based on a validity of the digital certificate, approval of the authentication request.  [0060] At the server end, ….. Finally, the server would validate the AUSCs presented ( it is obvious that server/first/second/remote device will decrypt the presented encrypted bits or AUSCs for validation purposes)  by the clients (2.4) by verifying the certification of the AUSCs presented by the client by the certification authority and other requirements specified on the configuration data. It is obvious to skilled person in the art after authentication by server user/client/device will receive an authentication approval indication/prompt]
Although Gupta teaches user name, signed (encrypted) bits (bits from digital certificate), digital certificate, certificate authority and  authentication, Gupta does not teach explicitly, however, Chandra teaches:
password, [0647] In one embodiment, four types of authentication mechanisms are provided. PKI verification provides the framework with the ability to participate in a single sign on arrangement with a PKI environment. To invoke such verification, an object or method passes the name of the user, a digitally signed version of their name, and the symbol PKI_VERIFICATION as parameter values. SSL-only verification is like weak verification, discussed below, in that the user name and password are passed as parameters. ]
receiving form a trusted authority, a digital certificate,  [0647] In one embodiment……from the interface. Certificate-based SSL verification is like PKI verification in that the name of the user is passed in one parameter and their SSL certificate is passed in another parameter. The certificate is then validated with the CA of the SSL certificate (either Verisign, Cylink, or Entrust). Weak verification passes a name and password as parameters and provides relatively low security. It is obvious to a skilled person that  the certificate is received from a trusted or known source]
Before the effective filing date of the claimed invention, it would have been obvious to one with ordinary skill in the art to combine the teachings of Gupta with the disclosure of Chandra. The motivation or suggestion would have been to implement a system that will provide an efficient techniques for secure authentication of a user or a device. (paras 0195-0196, Chandra)
Regarding claims 9, 21 & 33, although Gupta teaches user name, signed (encrypted) bits (bits from digital certificate), digital certificate, certificate authority and  authentication, Gupta does not teach explicitly, however, Chandra teaches wherein the password is generated based on a private key for the computing device, and the private key is associated with the public key.  [0647] In one embodiment, four types of authentication mechanisms are provided. PKI verification provides the framework with the ability to participate in a single sign on arrangement with a PKI environment. To invoke such verification, an object or method passes the name of the user, a digitally signed version of their name, and the symbol PKI_VERIFICATION as parameter values. SSL-only verification is like weak verification, discussed below, in that the user name and password are passed as parameters. It is obvious to a skilled person in the art that since PKI parameters are used private key is obviously associated with a public key ]
  Before the effective filing date of the claimed invention, it would have been obvious to one with ordinary skill in the art to combine the teachings of Gupta with the disclosure of Chandra. The motivation or suggestion would have been to implement a system that will provide an efficient techniques for secure authentication of a user or a device. (paras 0195-0196, Chandra)
Regarding claim 13, the claim is interpreted to be same claim 1and rejected for the same reasons as set forth for claim 1. 
Regarding claim 19, Gupta teaches:
 an apparatus comprising: one or more processors; and memory storing instructions that, when executed by the one or more processors, cause the apparatus to: receive, a digital certificate issued to the apparatus; [0042] In the proposed solution the user presents ((it is obvious that user device (first/second device) sends and other device (could be a server or a remote or second/first computing device) receives a General Purpose Certificate called the `Identity Certificate` (IC) (1.1) at the start of the secure session. This would essentially be the normal X509 certificate with no extensions i.e. it will contain the Public Key of the holder along with his credentials (Name, Organization Unit, Organization, Address etc) and the Certificate Serial Number and Certificate Authority's Signature.] 
generate, a user name that is based on the digital certificate; [0042] In the proposed solution the user presents ((it is obvious that user device (first/second device) sends and other device (could be a server or a remote or second/first computing device) receives a General Purpose Certificate called the `Identity Certificate` (IC) (1.1) at the start of the secure session. This would essentially be the normal X509 certificate with no extensions i.e. it will contain the Public Key of the holder along with his credentials (Name, Organization Unit, Organization, Address etc) and the Certificate Serial Number and Certificate Authority's Signature (trusted authority). It is obvious to s killed person that since digital certificate contains name of the to whom the certificate is issued and hence a name can be easily retrieved/generated from the certificate.]] 
generate, bits  associated with the user name, wherein the bits are encrypted based on the digital certificate; [0059] Along with the IC, the entities would hold individual bits of information signed (encrypted) by their own private key (which may be signed by the CA or not). It is obvious to a skilled person that this bits is associated with the name as both of them are based on the digital certificate . These would be called the `Application Unit Self Certificate` (AUSC) where the AUSC would be different for different bits of information. Depending upon the transaction the user or the server would determine if additional authentication is required (1.2).It is obvious that since encrypted/signed bits and the name are based on digital certificate they are associated/related]
send, to an authentication device, an authentication request comprising the user name and the encrypted bits; [0060] At the server end, the server will verify and accept the IC (identity certificate) presented by the client (2.1). It would then determine whether or not any additional authentication was required (2.2) depending on the nature of the transaction as well as configured options. If additional authentication is necessary, the server would request such additional data (2.3) from the clients. Finally, the server would validate the AUSCs presented ( it is obvious that server receives authentication parameter – the name and encrypted bits from the first/second/remote/client device]
 receive, based on the authentication request and based on a validity of the digital certificate, approval of the authentication request.  [0060] At the server end, …... If additional authentication is necessary, the server would request such additional data (2.3) from the clients. Finally, the server would validate the AUSCs presented ( it is obvious that server/first/second/remote device will decrypt the presented encrypted bits or AUSCs for validation purposes)  by the clients (2.4) by verifying the certification of the AUSCs presented by the client by the certification authority and other requirements specified on the configuration data. It is obvious to a skilled person after authentication server will indicate to the client device/first/second device that authentication is successful.]
Although Gupta teaches user name, signed (encrypted) bits (bits from digital certificate), digital certificate, certificate authority and  authentication, Gupta does not teach explicitly, however, Chandra teaches:
password, [0647] In one embodiment, four types of authentication mechanisms are provided. PKI verification provides the framework with the ability to participate in a single sign on arrangement with a PKI environment. To invoke such verification, an object or method passes the name of the user, a digitally signed version of their name, and the symbol PKI_VERIFICATION as parameter values. SSL-only verification is like weak verification, discussed below, in that the user name and password are passed as parameters. ]
receive, from a trusted authority, a digital certificate issued to the apparatus, [0647] In one embodiment……from the interface. Certificate-based SSL verification is like PKI verification in that the name of the user is passed in one parameter and their SSL certificate is passed in another parameter. The certificate is then validated with the CA of the SSL certificate (either Verisign, Cylink, or Entrust). Weak verification passes a name and password as parameters and provides relatively low security. It is obvious to a skilled person that  the certificate is received from a trusted or known source]
Before the effective filing date of the claimed invention, it would have been obvious to one with ordinary skill in the art to combine the teachings of Gupta with the disclosure of Chandra. The motivation or suggestion would have been to implement a system that will provide an efficient techniques for secure authentication of a user or a device. (paras 0195-0196, Chandra)
Regarding claim 25,  Gupta teaches:
 a system comprising: a first computing device and a second computing device; [0042] In the proposed solution the user presents ((it is obvious that user device (first/second device) sends and other device (could be a server or a remote or second/first computing device) receives a General Purpose Certificate called the `Identity Certificate` (IC) (1.1) at the start of the secure session. 
wherein the first computing device is configured to send an authentication request comprising a user name and bits associated with the user name, [0042] In the proposed solution the user presents ((it is obvious that user device (first/second device) sends and other device (could be a server or a remote or second/first computing device) receives a General Purpose Certificate called the `Identity Certificate` (IC) (1.1) at the start of the secure session. 0059] Along with the IC, the entities would hold individual bits of information signed (encrypted) by their own private key (which may be signed by the CA or not). It is obvious to a skilled person that this bits is associated with the name as both of them are based on the digital certificate . These would be called the `Application Unit Self Certificate` (AUSC) where the AUSC would be different for different bits of information. Depending upon the transaction the user or the server would determine if additional authentication is required (1.2).]
wherein: the user name is based on a digital certificate; [0042] In the proposed solution the user presents ((it is obvious that user device (first/second device) sends and other device (could be a server or a remote or second/first computing device) receives a General Purpose Certificate called the `Identity Certificate` (IC) (1.1) at the start of the secure session. This would essentially be the normal X509 certificate with no extensions i.e. it will contain the Public Key of the holder along with his credentials (Name, Organization Unit, Organization, Address etc) and the Certificate Serial Number and Certificate Authority's Signature (trusted authority). It is obvious to s killed person that since digital certificate contains name of the to whom the certificate is issued and hence a name can be easily retrieved/generated from the certificate.]] 
the bits is encrypted based on the digital certificate0059] Along with the IC, the entities would hold individual bits of information signed (encrypted) by their own private key (which may be signed by the CA or not). It is obvious to a skilled person that this bits is associated with the name as both of them are based on the digital certificate . These would be called the `Application Unit Self Certificate` (AUSC) where the AUSC would be different for different bits of information. Depending upon the transaction the user or the server would determine if additional authentication is required (1.2).It is obvious that since encrypted/signed bits and the name are based on digital certificate they are associated/related]
wherein the second computing device comprising: one or more processors; and memory storing instructions that, when executed by the one or more processors, cause the second computing device to: receive, from the first computing device, the authentication request; [0060] At the server end, the server will verify and accept the IC (identity certificate) presented by the client (2.1). It would then determine whether or not any additional authentication was required (2.2) depending on the nature of the transaction as well as configured options.]
decrypt the bits, based on a public key, to create a decrypted password; and determine, based on the password and a validity of the digital certificate, whether to grant the authentication request.  [0060] At the server end, the server will verify and accept the IC (identity certificate) presented by the client (2.1). ….. Finally, the server would validate the AUSCs presented ( it is obvious that server/first/second/remote device will decrypt the presented encrypted bits or AUSCs for validation purposes)  by the clients (2.4) by verifying the certification of the AUSCs presented by the client by the certification authority and other requirements specified on the configuration data.]
Although Gupta teaches user name, signed (encrypted) bits (bits from digital certificate), digital certificate, certificate authority and  authentication, Gupta does not teach explicitly, however, Chandra teaches:
password, [0647] In one embodiment, four types of authentication mechanisms are provided. PKI verification provides the framework with the ability to participate in a single sign on arrangement with a PKI environment. To invoke such verification, an object or method passes the name of the user, a digitally signed version of their name, and the symbol PKI_VERIFICATION as parameter values. SSL-only verification is like weak verification, discussed below, in that the user name and password are passed as parameters. ]
a digital certificate issued by a trusted authority, [0647] In one embodiment……from the interface. Certificate-based SSL verification is like PKI verification in that the name of the user is passed in one parameter and their SSL certificate is passed in another parameter. The certificate is then validated with the CA of the SSL certificate (either Verisign, Cylink, or Entrust). Weak verification passes a name and password as parameters and provides relatively low security. It is obvious to a skilled person that  the certificate is received from a trusted or known source]
Before the effective filing date of the claimed invention, it would have been obvious to one with ordinary skill in the art to combine the teachings of Gupta with the disclosure of Chandra. The motivation or suggestion would have been to implement a system that will provide an efficient techniques for secure authentication of a user or a device. (paras 0195-0196, Chandra)
Regarding claim 31,  this claim is interpreted to be similar (having similar limitations only change of device perspective) limitations to claim 25  and rejected for the same reasons as set forth for claim 25.  

Claims 5-6, 11-12, 17-18, 23-24, 29-30 & 35-36 are rejected under 35 USC 103 as being unpatentable over Gupta in view of  Chandra and Chen (US20080022377)
Regarding claims 5, 11, 17, 23, 29 & 35, although Gupta and Chandra teaches authentication using a digital certificate, they do not teach, however, Chen teaches wherein the user name further comprises a timestamp associated with a generation time of the user name.  [0029] Additional information components may also be included in the user name. For example, an identifier for the time (timestamp) at which the credential was created may be encoded into the user name, such as by concatenation. In such a situation, the system 100 may be established to permit authentication for only a limited period of time after a credential is created. In such a matter, the system 100 may create a moving target for any malicious eavesdroppers attempting to determine the appropriate codes for the system 100. In particular, once an eavesdropper determines the appropriate information for a credential, the credential will be expired.] 
Before the effective filing date of the claimed invention, it would have been obvious to one with ordinary skill in the art to combine the teachings of Gupta and Chandra with the disclosure of Chandra. The motivation or suggestion would have been to implement a system that will provide efficient techniques to prevent hacking of private information during authentication procedure. (paras 0002-0005, Chen]
Regarding claims 6, 12, 24, 30 & 36, although Gupta and Chandra teaches authentication using a digital certificate, they do not teach, however, Chen teaches  wherein the user name further comprises a timestamp associated with a generation time of the user name, the method further comprising extracting and verifying the timestamp. [0049] Credential decryptor 220 may receive messages through interface 218, such as session identifiers for authenticated a communication session for a user such as client 202. Credential decryptor 220 may draw upon key manager 228 to obtain a key for decrypting the received information. Key manager 228 may be configured similarly to key manager 214, and the key managers 228, 214 may both receive and use a common key so as to enable decryption by credential decryptor 220 of information encrypted by encryption module 210. A decrypted credential may then be parsed to obtain relevant portions of information from it, and may be verify to ensure that it is a timely or otherwise appropriate credential. For example, credential parser 224 may be configured to analyze and to separate password information from the rest of the received information. In addition, credential parser 224 A. also extract other information such as a timestamp. He parsing may occur according to a predetermined standard, such as by splitting the received information at predetermined positions in a received and decrypted string.]
Before the effective filing date of the claimed invention, it would have been obvious to one with ordinary skill in the art to combine the teachings of Gupta and Chandra with the disclosure of Chandra. The motivation or suggestion would have been to implement a system that will provide efficient techniques to prevent hacking of private information during authentication procedure. (paras 0002-0005, Chen]
Regarding claim 18., although Gupta and Chandra teaches authentication using a digital certificate, they do not teach, however, Chen teaches  wherein: the user name further comprises a timestamp associated with a generation time of the user name; and the instructions, when executed by the one or more processors, cause the apparatus to extract and verify the timestamp. [0029] Additional information components may also be included in the user name. For example, an identifier for the time (timestamp) at which the credential was created may be encoded into the user name, such as by concatenation. 0049] Credential decryptor 220 may receive messages through interface 218, such as session identifiers for authenticated a communication session for a user such as client 202. Credential decryptor 220 may draw upon key manager 228 to obtain a key for decrypting the received information. Key manager 228 may be configured similarly to key manager 214, and the key managers 228, 214 may both receive and use a common key so as to enable decryption by credential decryptor 220 of information encrypted by encryption module 210. A decrypted credential may then be parsed to obtain relevant portions of information from it, and may be verify to ensure that it is a timely or otherwise appropriate credential. For example, credential parser 224 may be configured to analyze and to separate password information from the rest of the received information. In addition, credential parser 224 A. also extract other information such as a timestamp. He parsing may occur according to a predetermined standard, such as by splitting the received information at predetermined positions in a received and decrypted string.]
Before the effective filing date of the claimed invention, it would have been obvious to one with ordinary skill in the art to combine the teachings of Gupta and Chandra with the disclosure of Chandra. The motivation or suggestion would have been to implement a system that will provide efficient techniques to prevent hacking of private information during authentication procedure. (paras 0002-0005, Chen]

Conclusion
Any inquiry concerning this communication or earlier communications from the examiner should be directed to SHER KHAN whose telephone number is (571)272-8574.  The examiner can normally be reached on Monday-Friday-8:00am - 5:00pm (EST).If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Eleni Shiferaw can be reached on 571-272-3867.  The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300. Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system. Status information for published applications may be obtained from either Private PAIR or Public PAIR.  Status information for unpublished applications is available through Private PAIR only.  For more information about the PAIR system, see http://pair-direct.uspto.gov. Should you have questions on access to the Private PAIR system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative or access to the automated information system, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.

/SHER A KHAN/Primary Examiner, Art Unit 2497