DETAILED ACTION
This Office Action is in response filed 12/15/2020 for the application 16/143,669.
Claims 1-20 have been examined and are pending. Claim 1 has been amended.  Claims 1, 8, and 15 are independent claims.
Notice of AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .  This Action is made FINAL.
Response to Arguments
The rejection of claims 1-5 and 7 under 35 USC 101 has been with withdrawn in light of Applicant’s amendment of claim 1.
Applicants’ arguments in the instant Amendment, filed on 12/15/2020, with respect to limitations listed below, have been fully considered but they are not persuasive.
Applicant argues as follows:  Independent claim 1 is rejected under 35 U.S.C. 103 as being unpatentable over Huang in view of Varadarajan. Claim 1 is directed towards a device and recites, among other things, credential related content further including a master password that is associated with a first network resource identifier, and that is associated with network resource identifiers for a remainder of the multiple network resources. By having a master password that is associated with a first network resource identifier, and that is associated with network resource identifiers for a remainder of the multiple network resources, an individual does not have to memorize secrets (e.g. passwords) associated with each of the multiple network resources, and instead needs only 
Examiner respectfully disagrees.  Varadarajan discloses, in paragraph 0047, an input device to collect credential related content including a first network resource identifier related to a first one of multiple network resources, the credential related content further including a master password.  Claims 1 only recites a first network identifier.  A website suggests multiple webpages, each with its own URL/ network identifier.  The password that opens a website also allows a user to access other webpages/ URLs on that website.  
Applicant argues as follows:  The Applicant indicates that the network resource identifiers are website names, a number associated with a website, a letter associated with a website, or the like. Original Specification Pg. [0020], Thus, the recitation requires that the master password be associated with more than one such identifiers, and therefore, more than one website. The Office Action recognizes that Huang does not provide this teaching and utilizes Varadarajan to cure; however, Varadarajan does not cure. Varadarajan simply provides that when a user opens a login page of a website, that a User ID and Password data are provided in the form fields. Varadarajan [0047], The password data identified in Varadarajan is not associated with network source identifiers for a remainder of the multiple network resources (e.g. other websites).    
Examiner respectfully notes that Varadarajan discloses, in paragraph 0102, convert the master password and the first network resource identifier into a secret code where the master password/ password and first network resource identifier/ website URL are hashed into a secret code.  In paragraph 0030, Varadarajan discloses “As shown in FIG. 2, a password storage database 220 may be configured to operate as a client-side password database storing user data such as user passwords.  For example, the password database may store data as a 3-tuple data set (URL 212, User ID 214, Encrypted Password 216).  It will be understood that additional credential formats and credential Mg information may be associated with user access to a particular website or web application.”  Varadarajan, in paragraph 0066, discloses “The browser user interface component 1018 includes a browser renderer component 1016, used to render web pages and content in a browser.”  A website typically includes multiple webpages.  Each webpage is a network resource and may have a unique URL.  This is evidenced by Fitzpatrick (US20180225265), paragraph 0084, which discloses “The webpages (or simply pages) of a website can usually be a single URL, commonly referred to as the web address.  The URLs of the webpages organize the webpages into a hierarchy, although hyperlinking between them conveys the reader's perceived site structure and guides the reader's navigation of the site which generally includes a home page with most of the links to the site's web content.  Each webpage may also be accessed directly through its unique URL.”
Applicant argues as follows:  Claim 1 also recites sending a secret code to an authentication service. Applicant utilizes a code generator of a provisioning application to generate a secret code utilizing a one-way function, such as a hash function based on the master password and first network resource identifier. Huang discloses an authentication 
Examiner respectfully disagrees.  The independent claims were properly made obvious by Huang in view of Varadarajan.  Varadarajan discloses, in paragraph 0102, convert the master password and the first network resource identifier into a secret code.  The binary object includes a password and a verification hash based on the website URL/ network identifier.   Huang, in paragraph 0076, discloses sending the secret code to a first authentication service where the authentication service may undertake one or more processes of transmitting challenges and/or receiving responses to/from the user. In response to applicant's argument that the references fail to show certain features of applicant’s invention, it is noted that the features upon which applicant relies (i.e., a code generator of a provisioning application to generate a secret code utilizing a one-way function) are not recited in the rejected claim(s).  Although the claims are interpreted in light of the specification, limitations from the specification are not read into the claims.  See In re Van Geuns, 988 F.2d 1181, 26 USPQ2d 1057 (Fed. Cir. 1993).
Applicant argues as follows:  Dependent claim 2 is allowable at least based on its dependence on claim 1. In addition, claim 2 recites to receive the master password and a second network resource identifier related to a second one of the multiple network resources, and repeat the convert, receive and send operations in connection with the second one of the multiple network resources. As discussed above, the master password is 
Examiner respectfully disagrees.  Claim 2 is properly rejected by Huang in view of Varadarajan and Hotta.  Hotta in FIG. 1 shows an input device that communicates with machine 10a and machine 10b.  Paragraph 0034 of Hotta discloses that each composite machine has a network communication section 22 for performing communications through networks.  Regarding claim 2, Huang and Varadarajan discloses the device of claim 1.  Huang discloses, in paragraph 0079,  the send operations.  Varadarajan discloses, in paragraph 0047 and 0023, discloses wherein, responsive to execution of the program instructions, the processor to: receive the master password and a second network resource identifier related to a second one of the multiple network resources.  FIG. 4 of Varadarajan shows two different resources each with its own network resource identifier.  Varadarajan, in paragraph 0047, discloses the receive operation and, in paragraph 0102, discloses the convert operation.  Hotta, in FIGs. 4 and 5 and paragraph 0063, discloses repeat the convert, receive and send operations in connection with the second one of the multiple network resources.
Applicant argues as follows:  Dependent claim 5 is at least allowable for being dependent on claim 1. In addition, claim 5 recites the processor to prompt a request for the master password and the first network resource identifier. The Office Action fails to present a prima facie case of obviousness. To support the rejection, Huang is utilized. Huang does not teach or suggest this recitation, and instead discloses an authentication service that issues a set of questions. First, the claim is requiring the processor of the 
Examiner respectfully disagrees.  Claim 5 is properly rejected by Huang in view of Varadarajan.  Regarding claim 5, Huang and Varadarajan disclose the device of claim 1.  Huang discloses, in paragraph 0076, wherein, responsive to execution of the program instructions, the processor to: receive a user request to send the secret code to the first authentication service; in paragraph 0076, prompt a request; and, in paragraph 0076, send the secret code to the first authentication service.  Varadarajan, in paragraph 0102 discloses for the master password and the first network resource identifier.
The Examiner respectfully suggests that the claim be further amended and details in the specification be incorporated to distinguish the claimed invention over prior art of record.  Should the Applicant desire an interview to further clarify the claim interpretation/rejections, please contact the Examiner at (571) 272 5368 to schedule an interview.




Claim Interpretation
The following is a quotation of 35 U.S.C. 112(f):
(f) Element in Claim for a Combination. – An element in a claim for a combination may be expressed as a means or step for performing a specified function without the recital of structure, material, or acts in support thereof, and such claim shall be construed to cover the corresponding structure, material, or acts described in the specification and equivalents thereof. 

The following is a quotation of pre-AIA  35 U.S.C. 112, sixth paragraph:
An element in a claim for a combination may be expressed as a means or step for performing a specified function without the recital of structure, material, or acts in support thereof, and such claim shall be construed to cover the corresponding structure, material, or acts described in the specification and equivalents thereof.

The claims in this application are given their broadest reasonable interpretation using the plain meaning of the claim language in light of the specification as it would be understood by one of ordinary skill in the art.  The broadest reasonable interpretation of a claim element (also commonly referred to as a claim limitation) is limited by the description in the specification when 35 U.S.C. 112(f) or pre-AIA  35 U.S.C. 112, sixth paragraph, is invoked. 
As explained in MPEP § 2181, subsection I, claim limitations that meet the following three-prong test will be interpreted under 35 U.S.C. 112(f) or pre-AIA  35 U.S.C. 112, sixth paragraph:
(A)	the claim limitation uses the term “means” or “step” or a term used as a substitute for “means” that is a generic placeholder (also called a nonce term or a non-structural term having no specific structural meaning) for performing the claimed function; 

(C)	the term “means” or “step” or the generic placeholder is not modified by sufficient structure, material, or acts for performing the claimed function. 
Use of the word “means” (or “step”) in a claim with functional language creates a rebuttable presumption that the claim limitation is to be treated in accordance with 35 U.S.C. 112(f) or pre-AIA  35 U.S.C. 112, sixth paragraph. The presumption that the claim limitation is interpreted under 35 U.S.C. 112(f) or pre-AIA  35 U.S.C. 112, sixth paragraph, is rebutted when the claim limitation recites sufficient structure, material, or acts to entirely perform the recited function. 
Absence of the word “means” (or “step”) in a claim creates a rebuttable presumption that the claim limitation is not to be treated in accordance with 35 U.S.C. 112(f) or pre-AIA  35 U.S.C. 112, sixth paragraph. The presumption that the claim limitation is not interpreted under 35 U.S.C. 112(f) or pre-AIA  35 U.S.C. 112, sixth paragraph, is rebutted when the claim limitation recites function without reciting sufficient structure, material or acts to entirely perform the recited function. 
Claim limitations in this application that use the word “means” (or “step”) are being interpreted under 35 U.S.C. 112(f) or pre-AIA  35 U.S.C. 112, sixth paragraph, except as otherwise indicated in an Office action. Conversely, claim limitations in this application that do not use the word “means” (or “step”) are not being interpreted under 35 U.S.C. 112(f) or pre-AIA  35 U.S.C. 112, sixth paragraph, except as otherwise indicated in an Office action.

Because this/these claim limitation(s) is/are being interpreted under 35 U.S.C. 112(f) or pre-AIA  35 U.S.C. 112, sixth paragraph, it/they is/are being interpreted to cover the corresponding structure described in the specification as performing the claimed function, and equivalents thereof.  Paragraph 0037 of Applicant’s specification: “The input and output devices 309, 310 may each include a variety of visual, audio, and/or mechanical devices.  For example, the input devices 309 can include a visual input device such as an optical sensor or camera, an audio input device such as a microphone, and a mechanical input device such as a keyboard, keypad, selection hard and/or soft buttons, switch, touchpad, touch screen, icons on a touch screen, a touch sensitive areas on a touch sensitive screen and/or any combination thereof.” 
If applicant does not intend to have this/these limitation(s) interpreted under 35 U.S.C. 112(f) or pre-AIA  35 U.S.C. 112, sixth paragraph, applicant may:  (1) amend the claim limitation(s) to avoid it/them being interpreted under 35 U.S.C. 112(f) or pre-AIA  35 U.S.C. 112, sixth paragraph (e.g., by reciting sufficient structure to perform the claimed function); or (2) present a sufficient showing that the claim limitation(s) recite(s) sufficient structure to perform the claimed function so as to avoid it/them being interpreted under 35 U.S.C. 112(f) or pre-AIA  35 U.S.C. 112, sixth paragraph.

Claim Rejections - 35 USC § 103
In the event the determination of the status of the application as subject to AIA  35 U.S.C. 102 and 103 (or as subject to pre-AIA  35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status.  
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.

This application currently names joint inventors. In considering patentability of the claims the examiner presumes that the subject matter of the various claims was commonly owned as of the effective filing date of the claimed invention(s) absent any evidence to the contrary.  Applicant is advised of the obligation under 37 CFR 1.56 to point out the inventor and effective filing dates of each claim that was not commonly owned as of the effective filing date of the later invention in order for the examiner to consider the applicability of 35 U.S.C. 102(b)(2)(C) for any potential 35 U.S.C. 102(a)(2) prior art against the later invention. 
Claims 1, 3-9, 11-13, and 15-20 are rejected under 35 U.S.C. 103 under 35 U.S.C. 103 as being unpatentable over Huang (US20180367526), filed June 19, 2017, in view of Varadarajan (US20170118215), published on filed December 23, 2015.
Regarding claim 1, Huang discloses  device, comprising: a processor (Huang, paragraph 0043, “At least some of the hardware entities 214 perform actions involving access to and use of memory 212, which can be a RAM, a disk driver and/or a Compact Disc Read Only Memory ("CD-ROM").  Hardware entities 214 can include a disk drive unit 216 comprising a computer-readable storage medium 218 on which is stored one or more sets of instructions 220 (e.g., software code) configured to implement one or more of the methodologies, procedures, or functions described herein.  The instructions 220 can also reside, completely or at least partially, within the memory 212 and/or within the CPU 206 during execution thereof by the computing device 200.  The memory 212 and the CPU 206 also can constitute machine-readable media.”);
a local storage medium to store program instructions accessible by the processor; wherein, responsive to execution of the program instructions, the processor to (Huang, paragraph 0043, “Hardware entities 214 can include a disk drive unit 216 comprising a computer-readable storage medium 218 on which is stored one or more sets of instructions 220 (e.g., software code) configured to implement one or more of the methodologies, procedures, or functions described herein.  The instructions 220 can also reside, completely or at least partially, within the memory 212 and/or within the CPU 206 during execution thereof by the computing device 200.  The memory 212 and the CPU 206 also can constitute machine-readable media.”):
(Huang, paragraph 0076, “In an embodiment, the authentication service may undertake one or more processes of transmitting challenges and/or receiving responses to/from the user (or other systems, such as hardware or software associated with the user or third party services providers that constitute part of one or more authentication schemes).  For example, a knowledge based authentication service may issue a set of questions for a user to answer and authenticate the user by comparing the user response with the stored correct answers, and the authentication protocol requirements (for example, an authentication protocol may require 4 out of 5 correct answers for successful authentication).”);
receive a temporary (Huang, paragraph 0080, “ the authentication service, at 424 may also examine a timestamp of the token to determine whether it is within a threshold time limit to decide whether to grant access”);
credential token from the authentication service in connection with the secret code (Huang, paragraph 0077, “Upon receipt of the token back from the at least one authentication service, the receiver may review the authentication parameters to determine 418 whether all the authentication schemes in the received authentication challenge have been executed as per the authentication parameters.”; paragraph 0078, “If at 418, the receiver determines that all the authentication schemes in the authentication challenge have been executed (418: YES), the receiver may transmit 420 the received token with the assertions from the various authentication services back to the resource service to request access.”);
send the temporary credential token to the first one of multiple network resources, the temporary credential token to grant access to a user account on the first one of multiple (Huang, paragraph 0079, “In other words, transmission of a token from the receiver back to the resource service may indicate a conclusion of the identified authentication protocol.  The resource service may then review the assertions included in the token to determine 424 whether the assertions included (or not included) in the received token satisfy the identified authentication protocol, i.e., determines a status of the identified authentication protocol (e.g., success, pass, failure, retry, locked out, need more information, etc.).  If the user authentication is determined to be successful (424: YES), the resource service may grant 426 access to the requested resource.  If the user authentication is not determined to be successful (424: NO), the resource service may deny 428 access to the requested resource.”).
Huang does not explicitly disclose an input device to collect credential related content including a first network resource identifier related to a first one of multiple network resources, the credential related content further including a master password that is associated with the first network resource identifier and that is associated with network resource identifiers for a remainder of the multiple network resources; receive the credential related content including the master password and the first network resource identifier; convert the master password and the first network resource identifier into a secret code.
However, in an analogous art, Varadarajan discloses an input device to collect credential related content including a first network resource identifier related to a first one of multiple network resources, the credential related content further including a master password (Varadarajan, paragraph 0047, “A user opens a login page of a website via a URL, such as a banking website (operation 610).  The user inputs (e.g., types) an existing User ID and Password data in the form fields and submits the login form (operation 620).”);
that is associated with the first network resource identifier and that is associated with network resource identifiers for a remainder of the multiple network resources (Varadarajan, paragraph 0102, “wherein the password value is stored in the storage memory within a binary object that is sealed by code executing within the secure enclave, wherein the binary object includes a password for the website and a verification hash, the verification hash based on the website URL, the user identifier, and the password”);
receive the credential related content including the master password and the first network resource identifier (Varadarajan, paragraph 0047, “A user opens a login page of a website via a URL, such as a banking website (operation 610).  The user inputs (e.g., types) an existing User ID and Password data in the form fields and submits the login form (operation 620).”);
convert the master password and the first network resource identifier into a secret code (Varadarajan, paragraph 0102, “wherein the password value is stored in the storage memory within a binary object that is sealed by code executing within the secure enclave, wherein the binary object includes a password for the website and a verification hash, the verification hash based on the website URL, the user identifier, and the password”).
Therefore, it would have been obvious to a person of ordinary skill in the art, before the effective filing date of the claimed invention to combine the teachings of Varadarajan with the device/method/ computer program product comprising a non-signal computer readable storage medium of Huang to include convert the master password and the first network resource identifier into a secret code.
 (Varadarajan: paragraph 0046).
Regarding claim 3, Huang and Varadarajan disclose the device of claim 1.  Huang discloses wherein the first network resource identifier is selected from the group consisting of website name, counter, and letter (Huang, paragraph 0091, “wherein the binary object includes a password for the website and a verification hash, the verification hash based on the website URL, the user identifier, and the password”).
Regarding claim 4, Huang and Varadarajan disclose the device of claim 1.  Huang discloses wherein a hash function converts the master password and first network resource identifier into the secret code (Huang, paragraph 0091, “wherein the binary object includes a password for the website and a verification hash, the verification hash based on the website URL, the user identifier, and the password”).
Regarding claim 5, Huang and Varadarajan disclose the device of claim 1.  Huang discloses wherein, responsive to execution of the program instructions, the processor to: receive a user request to send the secret code to the first authentication service (Huang, paragraph 0076, “At least one authentication service, may then instantiate, implement, operate or execute 414 the required authentication scheme (as per the authentication protocol) upon receipt of the authentication request from the receiver.”);
prompt a request (Huang, paragraph 0076, “For example, a knowledge based authentication service may issue a set of questions for a user to answer and authenticate the user by comparing the user response with the stored correct answers, and the authentication protocol requirements (for example, an authentication protocol may require 4 out of 5 correct answers for successful authentication); 
send the secret code to the first authentication service. (Huang, paragraph 0076, “In an embodiment, the authentication service may undertake one or more processes of transmitting challenges and/or receiving responses to/from the user (or other systems, such as hardware or software associated with the user or third party services providers that constitute part of one or more authentication schemes).  For example, a knowledge based authentication service may issue a set of questions for a user to answer and authenticate the user by comparing the user response with the stored correct answers, and the authentication protocol requirements (for example, an authentication protocol may require 4 out of 5 correct answers for successful authentication).”).
Varadarajan discloses for the master password and the first network resource identifier (Varadarajan, paragraph 0102, “wherein the password value is stored in the storage memory within a binary object that is sealed by code executing within the secure enclave, wherein the binary object includes a password for the website and a verification hash, the verification hash based on the website URL, the user identifier, and the password”).  The motivation is the same as for the claim from which this claim depends.
Regarding claim 6, Huang and Varadarajan disclose the device of claim 1.  Huang discloses wherein, the device is a mobile device (Huang, paragraph 0038, “Additional embodiments may include a network 104 of mobile telephone networks that use a protocol to communicate among mobile devices, where the protocol can be any one of the following: AMPS; TDMA; CDMA; GSM; GPRS UMTS; or any other protocol able to transmit data among mobile devices.”).
Regarding claim 7, Huang and Varadarajan disclose the device of claim 1.  Huang discloses wherein the first one of multiple network resources is selected from the group consisting of bank website, shopping website, email network, and financial institution website. (Huang, paragraph 0055, “The data store, database or data structure of an authentication service, including information for authenticating a user, may include multiple credentials, data or attributes for authentication schemes provided by the authentication services such as registration of personal information such as secret data including answers to questions, private information, telephone numbers, addresses, dates, relationship details and the like; social network authentication information, cloud email services and the like”).
Regarding claim 8, Huang discloses a computer implemented method, comprising under control of one or more processors programmed with specific executable instructions (Huang, paragraph 0043, “At least some of the hardware entities 214 perform actions involving access to and use of memory 212, which can be a RAM, a disk driver and/or a Compact Disc Read Only Memory ("CD-ROM").  Hardware entities 214 can include a disk drive unit 216 comprising a computer-readable storage medium 218 on which is stored one or more sets of instructions 220 (e.g., software code) configured to implement one or more of the methodologies, procedures, or functions described herein.  The instructions 220 can also reside, completely or at least partially, within the memory 212 and/or within the CPU 206 during execution thereof by the computing device 200.  The memory 212 and the CPU 206 also can constitute machine-readable media.”);
sending the secret code to a first authentication service (Huang, paragraph 0076, “In an embodiment, the authentication service may undertake one or more processes of transmitting challenges and/or receiving responses to/from the user (or other systems, such as hardware or software associated with the user or third party services providers that constitute part of one or more authentication schemes).  For example, a knowledge based authentication service may issue a set of questions for a user to answer and authenticate the user by comparing the user response with the stored correct answers, and the authentication protocol requirements (for example, an authentication protocol may require 4 out of 5 correct answers for successful authentication).”).
Huang does not explicitly disclose collecting credential related content including a first network resource identifier related to a first one of multiple network resources, the credential related content further including a master password that is associated with the first network resource identifier and that is associated with network resource identifiers for a remainder of the multiple network resources; converting the master password and the first network resource identifier into a secret code.
However, in an analogous art, Varadarajan discloses collecting credential related content including a first network resource identifier related to a first one of multiple network resources, the credential related content further including a master password that is associated with the first network resource identifier and that is associated with network resource identifiers for a remainder of the multiple network resources (Varadarajan, paragraph 0047, “A user opens a login page of a website via a URL, such as a banking website (operation 610).  The user inputs (e.g., types) an existing User ID and Password data in the form fields and submits the login form (operation 620).”);
converting the master password and the first network resource identifier into a secret code (Varadarajan, paragraph 0102, “wherein the password value is stored in the storage memory within a binary object that is sealed by code executing within the secure enclave, wherein the binary object includes a password for the website and a verification hash, the verification hash based on the website URL, the user identifier, and the password”).

Therefore, it would have been obvious to a person of ordinary skill in the art, before the effective filing date of the claimed invention to combine the teachings of Varadarajan with the device/method/ computer program product comprising a non-signal computer readable storage medium of Huang to include convert the master password and the first network resource identifier into a secret code.
One would have been motivated to provide users with the benefits of supporting a legacy flow of existing website services (Varadarajan: paragraph 0046).
Regarding claim 9, Huang and Varadarajan disclose the computer implemented method of claim 8.  Huang discloses further comprising: receive a temporary (Huang, paragraph 0080, “ the authentication service, at 424 may also examine a timestamp of the token to determine whether it is within a threshold time limit to decide whether to grant access”);
credential token from the authentication service in connection with the secret code (Huang, paragraph 0077, “Upon receipt of the token back from the at least one authentication service, the receiver may review the authentication parameters to determine 418 whether all the authentication schemes in the received authentication challenge have been executed as per the authentication parameters.”; paragraph 0078, “If at 418, the receiver determines that all the authentication schemes in the authentication challenge have been executed (418: YES), the receiver may transmit 420 the received token with the assertions from the various authentication services back to the resource service to request access.”);
sending the temporary credential token to the first network resource, the temporary credential token to grant access to information on the first network resource (Huang, paragraph 0079, “In other words, transmission of a token from the receiver back to the resource service may indicate a conclusion of the identified authentication protocol.  The resource service may then review the assertions included in the token to determine 424 whether the assertions included (or not included) in the received token satisfy the identified authentication protocol, i.e., determines a status of the identified authentication protocol (e.g., success, pass, failure, retry, locked out, need more information, etc.).  If the user authentication is determined to be successful (424: YES), the resource service may grant 426 access to the requested resource.  If the user authentication is not determined to be successful (424: NO), the resource service may deny 428 access to the requested resource.”).
Regarding claim 11, Huang and Varadarajan disclose the computer implemented method of claim 8.  wherein the secret code is a hash code (Varadarajan, paragraph 0102, “wherein the password value is stored in the storage memory within a binary object that is sealed by code executing within the secure enclave, wherein the binary object includes a password for the website and a verification hash, the verification hash based on the website URL, the user identifier, and the password”).  The motivation is the same as for the claim from which this claim depends.
Regarding claim 12, Huang and Varadarajan disclose the computer implemented method of claim 8.  Huang discloses wherein the first network resource identifier is selected from the group consisting of website name, counter, and letter (Huang, paragraph 0091, “wherein the binary object includes a password for the website and a verification hash, the verification hash based on the website URL, the user identifier, and the password”).
Regarding claim 13, Huang and Varadarajan disclose the computer implemented method of claim 8.  Huang discloses further comprising: receiving a user request to send the secret code to the first authentication service (Huang, paragraph 0076, “At least one authentication service, may then instantiate, implement, operate or execute 414 the required authentication scheme (as per the authentication protocol) upon receipt of the authentication request from the receiver.”);
prompting a request (Huang, paragraph 0076, “For example, a knowledge based authentication service may issue a set of questions for a user to answer and authenticate the user by comparing the user response with the stored correct answers, and the authentication protocol requirements (for example, an authentication protocol may require 4 out of 5 correct answers for successful authentication).  
Varadarajan discloses for the master password and the first network resource identifier (Varadarajan, paragraph 0102, “wherein the password value is stored in the storage memory within a binary object that is sealed by code executing within the secure enclave, wherein the binary object includes a password for the website and a verification hash, the verification hash based on the website URL, the user identifier, and the password”); 
(Varadarajan, paragraph 0102, “wherein the password value is stored in the storage memory within a binary object that is sealed by code executing within the secure enclave, wherein the binary object includes a password for the website and a verification hash, the verification hash based on the website URL, the user identifier, and the password”).  The motivation is the same as for the claim from which this claim depends.
Regarding claim 15, Huang and Varadarajan disclose the computer implemented method of claim 8.  Huang discloses wherein the first one of multiple network resources is selected from the group consisting of bank website, shopping website, email network, and financial institution website (Huang, paragraph 0055, “The data store, database or data structure of an authentication service, including information for authenticating a user, may include multiple credentials, data or attributes for authentication schemes provided by the authentication services such as registration of personal information such as secret data including answers to questions, private information, telephone numbers, addresses, dates, relationship details and the like; social network authentication information, cloud email services and the like”).
Regarding claim 16, Huang discloses a computer program product comprising a non-signal computer readable storage medium comprising computer executable code to (Huang, paragraph 0043, “At least some of the hardware entities 214 perform actions involving access to and use of memory 212, which can be a RAM, a disk driver and/or a Compact Disc Read Only Memory ("CD-ROM").  Hardware entities 214 can include a disk drive unit 216 comprising a computer-readable storage medium 218 on which is stored one or more sets of instructions 220 (e.g., software code) configured to implement one or more of the methodologies, procedures, or functions described herein.  The instructions 220 can also reside, completely or at least partially, within the memory 212 and/or within the CPU 206 during execution thereof by the computing device 200.  The memory 212 and the CPU 206 also can constitute machine-readable media.”);
send the secret code to a first authentication service (Huang, paragraph 0076, “In an embodiment, the authentication service may undertake one or more processes of transmitting challenges and/or receiving responses to/from the user (or other systems, such as hardware or software associated with the user or third party services providers that constitute part of one or more authentication schemes).  For example, a knowledge based authentication service may issue a set of questions for a user to answer and authenticate the user by comparing the user response with the stored correct answers, and the authentication protocol requirements (for example, an authentication protocol may require 4 out of 5 correct answers for successful authentication).”).
Huang does not explicitly disclose collect credential related content including a first network resource identifier related to a first one of multiple network resources on a first computing device, the credential related content further including a master password that is associated with the first network resource identifier and that is associated with network resource identifiers for a remainder of the multiple network resources; convert the master password and the first network resource identifier into a secret code in the first computing device.
However, in an analogous art, Varadarajan discloses collect credential related content including a first network resource identifier related to a first one of multiple network resources on a first computing device, the credential related content further (Varadarajan, paragraph 0047, “A user opens a login page of a website via a URL, such as a banking website (operation 610).  The user inputs (e.g., types) an existing User ID and Password data in the form fields and submits the login form (operation 620).”);
convert the master password and the first network resource identifier into a secret code in the first computing device (Varadarajan, paragraph 0102, “wherein the password value is stored in the storage memory within a binary object that is sealed by code executing within the secure enclave, wherein the binary object includes a password for the website and a verification hash, the verification hash based on the website URL, the user identifier, and the password”).
Therefore, it would have been obvious to a person of ordinary skill in the art, before the effective filing date of the claimed invention to combine the teachings of Varadarajan with the device/method/ computer program product comprising a non-signal computer readable storage medium of Huang to include convert the master password and the first network resource identifier into a secret code.
One would have been motivated to provide users with the benefits of supporting a legacy flow of existing website services (Varadarajan: paragraph 0046).
Regarding claim 17, Huang and Varadarajan disclose the computer program product of claim 16.  Huang discloses the computer executable code to: send the secret code to a first authentication service (Huang, paragraph 0079, “In other words, transmission of a token from the receiver back to the resource service may indicate a conclusion of the identified authentication protocol.  The resource service may then review the assertions included in the token to determine 424 whether the assertions included (or not included) in the received token satisfy the identified authentication protocol, i.e., determines a status of the identified authentication protocol (e.g., success, pass, failure, retry, locked out, need more information, etc.).  If the user authentication is determined to be successful (424: YES), the resource service may grant 426 access to the requested resource.  If the user authentication is not determined to be successful (424: NO), the resource service may deny 428 access to the requested resource.”).
 Varadarajan discloses collect credential related content including the first network resource identifier related to the first one of multiple network resources on a second computing device, the credential related content further including the master password that is associated with the first network resource identifier and that is associated with network resource identifiers for a remainder of the multiple network resources (Varadarajan, paragraph 0047, “A user opens a login page of a website via a URL, such as a banking website (operation 610).  The user inputs (e.g., types) an existing User ID and Password data in the form fields and submits the login form (operation 620).”);
convert the master password and the first network resource identifier into the secret code in the second computing device (Varadarajan, paragraph 0102, “wherein the password value is stored in the storage memory within a binary object that is sealed by code executing within the secure enclave, wherein the binary object includes a password for the website and a verification hash, the verification hash based on the website URL, the user identifier, and the password”).  The motivation is the same as for the claim from which this claim depends.
Regarding claim 18, Huang and Varadarajan disclose the computer program product of claim 16.  Huang discloses wherein the first computing device is a mobile device (Huang, paragraph 0038, “Additional embodiments may include a network 104 of mobile telephone networks that use a protocol to communicate among mobile devices, where the protocol can be any one of the following: AMPS; TDMA; CDMA; GSM; GPRS UMTS; or any other protocol able to transmit data among mobile devices.”).
Regarding claim 19, Huang and Varadarajan disclose the computer program product of claim 16.  Huang discloses wherein the master password is selected from the group consisting of user name and password, QR code, and symbol (Huang, paragraph 0025, “The term "authentication credential" refers to an electronic token or other object unique to a user that the user can present to gain access to a computing system.  Example authentication credentials may include, without limitation, a username, a password, a biometric, an answer to a security question, a combination of any of the foregoing and/or the like.”).
Regarding claim 20, Huang and Varadarajan disclose the computer program product of claim 16.  Varadarajan discloses wherein a hash function converts the master password and the first network resource identifier into the secret code (Varadarajan, paragraph 0102, “wherein the password value is stored in the storage memory within a binary object that is sealed by code executing within the secure enclave, wherein the binary object includes a password for the website and a verification hash, the verification hash based on the website URL, the user identifier, and the password”).  The motivation is the same as for the claim from which this claim depends.
Claims 2, 10, and 14 are rejected under 35 U.S.C. 103 under 35 U.S.C. 103 as being unpatentable over Huang (US20180367526), filed June 19, 2017, in view of Varadarajan (US20170118215), published on filed December 23, 2015, and further in view of Hotta (US20100239093), filed March 12, 2010.
Regarding claim 2, Huang and Varadarajan discloses the device of claim 1.  Huang discloses the send operations (Huang, paragraph 0079, “In other words, transmission of a token from the receiver back to the resource service may indicate a conclusion of the identified authentication protocol.  The resource service may then review the assertions included in the token to determine 424 whether the assertions included (or not included) in the received token satisfy the identified authentication protocol, i.e., determines a status of the identified authentication protocol (e.g., success, pass, failure, retry, locked out, need more information, etc.).  If the user authentication is determined to be successful (424: YES), the resource service may grant 426 access to the requested resource.  If the user authentication is not determined to be successful (424: NO), the resource service may deny 428 access to the requested resource.”).
Varadarajan discloses wherein, responsive to execution of the program instructions, the processor to: receive the master password and a second network resource identifier related to a second one of the multiple network resources (Varadarajan, paragraph 0047, “A user opens a login page of a website via a URL, such as a banking website (operation 610).  The user inputs (e.g., types) an existing User ID and Password data in the form fields and submits the login form (operation 620).”; FIG. 4 shows two different resources each with its own network resource identifier; paragraph 0023, “The web application 132 hosted by the server device 130 may provide content that is specific to the client device 110, including content from an application information database 140 that may be accessed only through the use of a specific identifier (e.g., cookie value, token), credential (e.g., username/password tuple), or like restrictor.”); 
the receive operation (Varadarajan, paragraph 0047, “A user opens a login page of a website via a URL, such as a banking website (operation 610).  The user inputs (e.g., types) an existing User ID and Password data in the form fields and submits the login form (operation 620).”);
the convert operation (Varadarajan, paragraph 0102, “wherein the password value is stored in the storage memory within a binary object that is sealed by code executing within the secure enclave, wherein the binary object includes a password for the website and a verification hash, the verification hash based on the website URL, the user identifier, and the password”).
Huang and Varadarajan do not explicitly disclose repeat the convert, receive and send operations in connection with the second one of the multiple network resources.
However, in an analogous art, Hotta discloses repeat the convert, receive and send operations in connection with the second one of the multiple network resources (Hotta, FIGs. 4 and 5, paragraph 0063, “After the user moves near the second composite machine 10b, the user operates the mobile terminal device 30, accesses the authentication server 40 through a wireless public telephone line (the first communication line) from the mobile terminal device 30 (S21), and transmits again the user ID and the password to the authentication server 40 (S22).”).
Therefore, it would have been obvious to a person of ordinary skill in the art, before the effective filing date of the claimed invention to combine the teachings of Hotta with the device/method/ computer program product comprising a non-signal computer readable storage medium of Huang and Varadarajan to include repeat the convert, receive and send operations in connection with the second one of the multiple network resources.
One would have been motivated to provide users with the benefits of conducting data transfer between an information processing apparatus and a mobile terminal device efficiently with high security by the utilization of two kinds of communication lines held by a mobile terminal device (Hotta: paragraph 0010).
Regarding claim 10, Huang and Varadarajan disclose the computer implemented method of claim 8.  Huang discloses further comprising: sending operations (Huang, paragraph 0079, “In other words, transmission of a token from the receiver back to the resource service may indicate a conclusion of the identified authentication protocol.  The resource service may then review the assertions included in the token to determine 424 whether the assertions included (or not included) in the received token satisfy the identified authentication protocol, i.e., determines a status of the identified authentication protocol (e.g., success, pass, failure, retry, locked out, need more information, etc.).  If the user authentication is determined to be successful (424: YES), the resource service may grant 426 access to the requested resource.  If the user authentication is not determined to be successful (424: NO), the resource service may deny 428 access to the requested resource.”).
(Varadarajan, paragraph 0047, “A user opens a login page of a website via a URL, such as a banking website (operation 610).  The user inputs (e.g., types) an existing User ID and Password data in the form fields and submits the login form (operation 620).”; FIG. 4 shows two different resources each with its own network resource identifier; paragraph 0023, “The web application 132 hosted by the server device 130 may provide content that is specific to the client device 110, including content from an application information database 140 that may be accessed only through the use of a specific identifier (e.g., cookie value, token), credential (e.g., username/password tuple), or like restrictor.”);
the converting operations (Varadarajan, paragraph 0102, “wherein the password value is stored in the storage memory within a binary object that is sealed by code executing within the secure enclave, wherein the binary object includes a password for the website and a verification hash, the verification hash based on the website URL, the user identifier, and the password”).
Huang and Varadarajan do not explicitly disclose repeating the converting and sending operations in connection with the second one of the multiple network resources.
However, in an analogous art, Hotta discloses repeating the converting and sending operations in connection with the second one of the multiple network resources (Hotta, FIGs. 4 and 5, paragraph 0063, “After the user moves near the second composite machine 10b, the user operates the mobile terminal device 30, accesses the authentication server 40 through a wireless public telephone line (the first communication line) from the mobile terminal device 30 (S21), and transmits again the user ID and the password to the authentication server 40 (S22).”).
Therefore, it would have been obvious to a person of ordinary skill in the art, before the effective filing date of the claimed invention to combine the teachings of Hotta with the device/method/ computer program product comprising a non-signal computer readable storage medium of Huang and Varadarajan to include repeating the converting and sending operations in connection with the second one of the multiple network resources.
One would have been motivated to provide users with the benefits of conducting data transfer between an information processing apparatus and a mobile terminal device efficiently with high security by the utilization of two kinds of communication lines held by a mobile terminal device (Hotta: paragraph 0010).
Regarding claim 14, Huang and Varadarajan disclose the computer implemented method of claim 8.   Huang discloses send the secret code to a first authentication service (Huang, paragraph 0076, “In an embodiment, the authentication service may undertake one or more processes of transmitting challenges and/or receiving responses to/from the user (or other systems, such as hardware or software associated with the user or third party services providers that constitute part of one or more authentication schemes).  For example, a knowledge based authentication service may issue a set of questions for a user to answer and authenticate the user by comparing the user response with the stored correct answers, and the authentication protocol requirements (for example, an authentication protocol may require 4 out of 5 correct answers for successful authentication).”).

However, in an analogous art, Hotta discloses further comprising: resending the secret code to the first authentication service (Hotta, FIGs. 4 and 5, paragraph 0063, “After the user moves near the second composite machine 10b, the user operates the mobile terminal device 30, accesses the authentication server 40 through a wireless public telephone line (the first communication line) from the mobile terminal device 30 (S21), and transmits again the user ID and the password to the authentication server 40 (S22).”). 
Therefore, it would have been obvious to a person of ordinary skill in the art, before the effective filing date of the claimed invention to combine the teachings of Hotta with the device/method/ computer program product comprising a non-signal computer readable storage medium of Huang and Varadarajan to include resending the secret code to the first authentication service.
One would have been motivated to provide users with the benefits of conducting data transfer between an information processing apparatus and a mobile terminal device efficiently with high security by the utilization of two kinds of communication lines held by a mobile terminal device (Hotta: paragraph 0010).


Conclusion
THIS ACTION IS MADE FINAL.  Applicant is reminded of the extension of time policy as set forth in 37 CFR 1.136(a).  
A shortened statutory period for reply to this final action is set to expire THREE MONTHS from the mailing date of this action.  In the event a first reply is filed within TWO 
Any inquiry concerning this communication or earlier communications from the examiner should be directed to WALTER J MALINOWSKI whose telephone number is (571)272-5368.  The examiner can normally be reached on 8-6:30 MTWH.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, LUU PHAM can be reached on 5712705002.  The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system.  Status information for published applications may be obtained from either Private PAIR or Public PAIR.  Status information for unpublished applications is available through Private PAIR only.  For more information about the PAIR system, see https://ppair-my.uspto.gov/pair/PrivatePair. Should you have questions on access to the Private PAIR system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative or access to 






/W.J.M/Examiner, Art Unit 2439                                                                                                                                                                                                        
/KARI L SCHMIDT/Primary Examiner, Art Unit 2439