DETAILED ACTION
This non-final office action is in response to applicant’s RCE file on 11/16/2020 for response of office action mailed on 05/14/2020. Claim 1-10, 13-16, 18, 21-22, and 25-30 have been cancelled. Claims 31-45 have been added. Claim 31-45 are now pending.


Continued Examination Under 37 CFR 1.114
A request for continued examination under 37 CFR 1.114, including the fee set forth in 37 CFR 1.17(e), was filed in this application after final rejection. Since this application is eligible for continued examination under 37 CFR 1.114, and the fee set forth in 37 CFR 1.17(e) has been timely paid, the finality of the previous Office action has been withdrawn pursuant to 37 CFR 1.114. Applicant's submission filed on 11/16/2020 has been entered.

Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .

Claim Objections
Claims 37, 44 and 45 are objected because of following informalities:
In line 1 of claim 37, examiner suggests to add “An” on the front of Apparatus
In line 1 of claim 44, examiner suggests to replace “method of claim 37” with - - apparatus of claim 37 - -.
In line 1 of claim 45, examiner suggests to replace “method of claim 37” with - - apparatus of claim 37 - -.


Response to Arguments
Claim 1-10, 13-16, 18, 21-22, and 25-30 have been cancelled, therefore, all rejections have been withdrawn.
As provided in further detail below, applicant’s arguments regarding that the references fail to show certain features are unpersuasive in view of the grounds of rejection discussed in detail. Please note that during patent examination, the pending claims even when interpreted in view of the specification must be “given their broadest reasonable interpretation.” Phillips v. AWH Corp., 415 F.3d 1303, 1316, 75 USPQ2d 1321, 1329 (Fed. Cir. 2005), In re Am. Acad, of Sci. Tech. Ctr., 367 F.3d 1359, 1364, 70 USPQ2d 1827, 1830] (Fed. Cir. 2004). As such, although the claims are interpreted in light of the specification, limitations from the specification are not read into the claims
Regarding the arguments on independent claim 31 on page 8, applicant first argues that “It is noted that the problem which Fukuta sets out to solve relates to the observation that data stored on a storage device located outside of the local network is inaccessible or may be blocked by security barriers typically used to protect a local network such as, for example, a firewall. This is not the problem that the present applicant sets out to solve. In one instance, in Fukuta the problem may be addressed by use of a 'relay device'. No such 'relay device' is required in the claimed invention. Rather, in the claimed invention it is a matter of using an authenticating server to carry out an authenticating function of the second device where that same server has been used to set up the original authentication as between the first device and the same server”. Examiner carefully reviewed applicant’s argument but respectfully disagree. Although term “relay” is used in Fukuta throughout, to solve the problem, Fukuta teaches a gateway to authenticate an external device (display device at B’s home) through an internal device (A’s mobile terminal), wherein the authentication between the gateway and A’s mobile terminal has already performed (Para. 0076). Once the external device initiates an access request to the gateway for the content stored on the server inside A’s house, a temporary code is generated and sent to both A’s mobile terminal and the display device (Para. 0104). Only when the temporary codes displayed on both device are same, the access request will be permitted through A’s mobile terminal and the gateway (Para. 0108 and 0110). Therefore, the gateway acting like same authentication server for both A’s mobile terminal and the display device at B’s house. 
Applicant further argues that “Kara with reference to Table A at column 16 (specifically referenced by the Examiner) teaches a system of selecting from a list of devices which have all been pre- authenticated with a server. In the present application the second device for which authentication is sought with respect to the first device is not previously known or authenticated”. Examiner carefully reviewed applicant’s argument but respectfully disagree. Kara teaches authenticating a client access protected resources by a pre-authenticated device vouching (Fig. 5, Table A). Client device in Fig. 5 is the second device and a list of pre-authenticated mobile devices are potential first device. Once the access request from client device is sent to the server, the server sends a list of pre-authenticated devices to the client, the client then selects a mobile device to vouch for client authentication. Once the mobile device is selected, the server sends notification to the mobile device. User of mobile device makes 
At the last, because both Fukuta and Kara teaches authentication of accessing a resource through a second device with help of a pre-authenticated first device.  Fukuta teaches the server transmits message directly to the first device to obtain the permission from the user (Fukuta: Para. 0077; Para. 0078; Para. 0081). Kara teaches the server communicating an option to the second digital device to utilize the first digital device to effect authentication of the user with respect to the second digit device (Kara: table A: Table A: 1646, 1648; Col. 19, line 55 to Col 18, line 8). In Kara, the client device is the second device, the registered mobile device is first device. The person could be the owner of the registered mobile devices and trying to access the third party which could be any protected system website, server through second device (Kara: Col. 19, line 55 to Col. 18, line 8). Once a registered mobile device is selected, authentication notification is sent to the selected mobile device to let mobile device user to either allow the access or deny the access. Therefore it’s obvious to combine those two prior arts.  
Applicant presents no further arguments.

Claim Rejections - 35 USC § 112
The following is a quotation of 35 U.S.C. 112(b):
(b)  CONCLUSION.—The specification shall conclude with one or more claims particularly pointing out and distinctly claiming the subject matter which the inventor or a joint inventor regards as the invention.


The following is a quotation of 35 U.S.C. 112 (pre-AIA ), second paragraph:
The specification shall conclude with one or more claims particularly pointing out and distinctly claiming the subject matter which the applicant regards as his invention.


Claim 37-40 and 44-45 are rejected under 35 U.S.C. 112(b) or 35 U.S.C. 112 (pre-AIA ), second paragraph, as being indefinite for failing to particularly point out and distinctly claim the subject matter which the inventor or a joint inventor, or for pre-AIA  the applicant regards as the invention
Regarding claim 37, it recites “comparison device” in line 11. Claim 37 is an apparatus claim for Based on the step 55 in Fig. 2 and para. 0058 in the specification, it’s the user of the first device who either allow or deny the authentication of the second device. Therefore, it’s not clear where “comparison device” is located.
Dependent claims 38-40 and 44-45 are rejected for carrying same deficiencies. 

Claim Rejections - 35 USC § 101
35 U.S.C. 101 reads as follows:
Whoever invents or discovers any new and useful process, machine, manufacture, or composition of matter, or any new and useful improvement thereof, may obtain a patent therefor, subject to the conditions and requirements of this title.


Claim 36 is rejected under 35 U.S.C. 101 because the claimed invention is directed to non-statutory subject matter. The claim does not fall within at least one of the four categories of patent eligible subject matter. Claim 36 recites “media" and it’s directed to the claim to transitory forms of signal transmission (often referred to as “signals per se”). The claim 36 does not fall within any of the four categories of patent eligible subject matter. Therefore, the claim is not patent eligible.


Claim Rejections - 35 USC § 103
In the event the determination of the status of the application as subject to AIA  35 U.S.C. 102 and 103 (or as subject to pre-AIA  35 U.S.C. 102 and 103) is incorrect, any correction of the statutory 
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.

The factual inquiries set forth in Graham v. John Deere Co., 383 U.S. 1, 148 USPQ 459 (1966), that are applied for establishing a background for determining obviousness under 35 U.S.C. 103 are summarized as follows:
1. Determining the scope and contents of the prior art.
2. Ascertaining the differences between the prior art and the claims at issue.
3. Resolving the level of ordinary skill in the pertinent art.
4. Considering objective evidence present in the application indicating obviousness or nonobviousness.
This application currently names joint inventors. In considering patentability of the claims the examiner presumes that the subject matter of the various claims was commonly owned as of the effective filing date of the claimed invention(s) absent any evidence to the contrary.  Applicant is advised of the obligation under 37 CFR 1.56 to point out the inventor and effective filing dates of each claim that was not commonly owned as of the effective filing date of the later invention in order for the examiner to consider the applicability of 35 U.S.C. 102(b)(2)(C) for any potential 35 U.S.C. 102(a)(2) prior art against the later invention.
Claim 31-42 and 45 rejected under 35 U.S.C. 103 as being unpatentable over Fukuta et al. (US20090089353, hereinafter Fukuta) in view of Karachiwala et al. (US10299118, hereinafter Kara).
Regarding claim 31 and 36, In an environment where a first device (40, 112) may communicate with a server (41, 111) subject to authentication of the first device (40, 112) with respect to the server (41, 111), a second device not previously authenticated with respect to the server; a method of authenticating the second device (42, 115) with respect to the server (41) (Fukuta: Para. 0076: the portable terminal 110 (first device) notifies a public address of the gateway 101 (auth. Server) in the Mr. A's house to one of devices connected with the outside network 200 in Mr. B's house (i.e., the display device 201 (second device) in the illustrated example), on which the content is to be displayedIt is here assumed that communication setting and authentication are already performed between the gateway 101 and the portable terminal 110. In accordance with the received public address, the display device 201 makes a request for acquiring the demanded content to the gateway 101 (operation S2)); said method comprising: a. on request, the server (41, 111) communicating a temporary unique identifier (121) to the second device (42, 115) and the first device (40, 112) (Fukuta: Para. 0104: the display device 201 is assumed to be in a state where it issues a data acquisition request to the gateway 101 in accordance with an instruction from the portable terminal 110. In response, the gateway 101 produces an access ID of the display device 201 and the access ID display content. The display device 201 displays an access ID display content. An access ID of the display device 201 is assumed here to be “65a2 cc74”. Further, the gateway 101 transmits the access permission inquiry, including the access ID of the display device 201, to the portable terminal 110); b. authenticating the second device (42, 115) to the same level (40, 112) as the first device subject to a confirmation step (55) (Fukuta: Para. 0047: First, a portable terminal of a user located outside causes a gateway of an internal network to issue an access ticket, and receives the issued ticket. Then, the user transfers the access ticket from the user's portable terminal located outside to a display device which is present in front of the user at that time. The display device being present in front of the user accesses the gateway of the internal network by using the access ticket. As a result, the user of the portable terminal can access desired data in the internal network and can display the desired data in the internal network protected by the gateway on the display device located outside; Para. 0076: the portable terminal 110 (first device) notifies a public address of the gateway 101 (auth. Server) in the Mr. A's house to one of devices connected with the outside network 200 in Mr. B's house (i.e., the display device 201 (second device) in the illustrated example), on which the content is to be displayedIt is here assumed that communication setting and authentication are already performed between the gateway 101 and the portable terminal 110. In accordance with the received public address, the display device 201 makes a request for acquiring the demanded content to the gateway 101 (operation S2)); and the server (41, 111) sends the temporary unique identifier (121) to the second device (42, 115) and to the first device (40, 112) (50, 52) (Fukuta: Para. 0104: the display device 201 is assumed to be in a state where it issues a data acquisition request to the gateway 101 in accordance with an instruction from the portable terminal 110. In response, the gateway 101 produces an access ID of the display device 201 and the access ID display content. The display device 201 displays an access ID display content. An access ID of the display device 201 is assumed here to be “65a2 cc74”. Further, the gateway 101 transmits the access permission inquiry, including the access ID of the display device 201, to the portable terminal 110) and receives an indication (56) from the first device (40, 112) allowing authentication (Fukuta: Para. 0110: when the user of the portable terminal 110 selects “Y” in reply to the access permission inquiry, i.e., “TRANSMISSION REQUEST FOR ACCESS ID: “65a2 cc74” PERMITTED? Y/N”, which is displayed on the display screen of the portable terminal 110, the portable terminal 110 transmits an access permission to the gateway 101). 
Yet, Fukuta does not explicitly teach wherein authenticated account details of a user account (113) associated to a username (123) are received by the server (41, 111) from the first device (40, 112), an authentication is requested (45) to the server (41, 111) by the second device (42, 115) with the username (123), the server (41, 111) sends a request (52) to the second device (42, 115) to use the first 
However, in the same field of endeavor, Kara teaches wherein authenticated account details of a user account (113) associated to a username (123) are received by the server (41, 111) from the first device (40, 112) (Kara: Fig. 8: register a user and mobile device of the user at an authentication provider (810), generate an identifier to be associated with the user and mobile device (815); store the identifier at the mobile device and authentication provider (820); register the user at the protected server (825); Col. 12, line 13-26: FIG. 7 shows an example of a table 705 that may be stored in authentication provider registration database 550. This table includes a listing usernames 710 (e.g., username A . . . N), a listing of mobile devices 715 (e.g., mobile device IDs A . . . N) associated with the username, and a corresponding set of unique identifiers 720 (e.g., unique identifiers A . . . N). The unique identifiers are stored on the mobile devices and at the authentication provider. For example, as shown in a first record of the table, a mobile device has been registered that has a mobile device ID A that belongs to a user having a username A. An associated unique identifier A is stored on both the mobile device and the authentication provider server), an authentication is requested (45) to the server (41, 111) by the second device (42, 115) with the username (123) (Kara: Fig. 5: client device; Fig. 9: receive from a client a user request to access a protected server (910); Table A: 1642: The third party transmits the username to the authentication server), the server (41, 111) sends a request (52) to the second device (42, 115) to use the first device (40, 112) to vouch for authentication (Kara: Table A: 1644: The authentication server receives the username from the third party and scans the registration database with the username to identify a listing of registered mobile devices associated with the username . 1646: The authentication server transmits the listing of registered mobile devices to the third party for display to the person . 1648: The third party displays on an electronic screen of the client machine the listing of registered mobile devices for the person to select ( e . g . , display in a drop down menu box ) . 1650: The person selects a mobile device to which the authentication notification is to be sent), the server (41, 111) receives from the second device an acceptance (48, 49) of using the first device (40, 112) (Kara: Table A: 1652: The third party transmits an identification of the selected mobile device to the authentication server), the server (41, 111) then sends authentication credentials (57) to the second device (42, 115) thereby authenticating the second device (42, 115) with respect to the server (41, 111) (Kara: Table C: 4: Server will ….verify the passcode matches. it will send an authenticated session id back to the Website allowing user access to the site). 
	Therefore, it would have been obvious to one of ordinary skill in the art before the effective filling date of the claimed invention to modify the method disclosed by Fukuta to include wherein authenticated account details of a user account (113) associated to a username (123) are received by the server (41, 111) from the first device (40, 112), an authentication is requested (45) to the server (41, 111) by the second device (42, 115) with the username (123), the server (41, 111) sends a request (52) to the second device (42, 115) to use the first device (40, 112) to vouch for authentication, the server (41, 111) receives from the second device an acceptance (48, 49) of using the first device (40, 112), the server (41, 111) then sends authentication credentials (57) to the second device (42, 115) thereby authenticating the second device (42, 115) with respect to the server (41, 111) as disclosed by Kara. One of ordinary skill in the art would have been motivated to make this modification in order to enhance the security by authenticating a person for a third party using a registered mobile device as suggested by Kara (Kara: Col. 1, line 45-65).
Regarding claim 32, combination of Fukuta and Kara teaches the method of claim 31. In addition, Fukuta further teaches wherein the confirmation step comprises comparing the temporary unique identifier on the second device and the temporary unique identifier on the first device (Fukuta: Also, the user of the portable terminal 110 visually compares the access ID “65a2 cc74” displayed on the display screen of the portable terminal 110 and representing the desired display device with the access ID “65a2 cc74” displayed on the display screen of the intended display device 201, and visually confirms that the access IDs are identical to each other (operation S54)). 
Regarding claim 33 and 38, combination of Fukuta and Kara teaches the method of claim 31. In addition, Fukuta further teaches wherein confirmation is effected if, and only if, the temporary unique identifier on the second device matches with the temporary unique identifier on the first device (Fukuta: Para. 0108: Also, the user of the portable terminal 110 visually compares the access ID “65a2 cc74” displayed on the display screen of the portable terminal 110 and representing the desired display device with the access ID “65a2 cc74” displayed on the display screen of the intended display device 201, and visually confirms that the access IDs are identical to each other (operation S54); Para. 0110: when the user of the portable terminal 110 selects “Y” in reply to the access permission inquiry, i.e., “TRANSMISSION REQUEST FOR ACCESS ID: “65a2 cc74” PERMITTED? Y/N”, which is displayed on the display screen of the portable terminal 110, the portable terminal 110 transmits an access permission to the gateway 101). 
Regarding claim 34 and 39, combination of Fukuta and Kara teaches the method of claim 31. In addition, Fukuta further teaches wherein the temporary unique identifier is an alpha- numeric sequence (Fukuta: Para. 0104: In response, the gateway 101 produces an access ID of the display device 201 and the access ID display content. The display device 201 displays an access ID display content. An access ID of the display device 201 is assumed here to be “65a2 cc74”). 
Regarding claim 35 and 40, combination of Fukuta and Kara teaches the method of claim 31. In addition, Fukuta further teaches wherein authentication may be established for a single session (Fukuta: Para. 0072: The access management table records, for each access ID produced by the access ID producing function 13 f, a session ID, an IP address, and a User Agent in a corresponding relation, which are prepared in accordance with HTTP). 
Regarding claim 37, Fukuta teaches apparatus for effecting authentication of at least a second device (42, 115) with respect to a server environment (41, 111) where authentication of a first device (40, 112) has been effected; the second device not previously authenticated with respect to the server (Fukuta: Para. 0076: the portable terminal 110 (first device) notifies a public address of the gateway 101 (auth. Server) in the Mr. A's house to one of devices connected with the outside network 200 in Mr. B's house (i.e., the display device 201 (second device) in the illustrated example), on which the content is to be displayedIt is here assumed that communication setting and authentication are already performed between the gateway 101 and the portable terminal 110. In accordance with the received public address, the display device 201 makes a request for acquiring the demanded content to the gateway 101 (operation S2)); the apparatus including: b. a processor which generates a temporary unique identifier (121) as a first step in effecting authentication of at least the second device (42, 115) (Fukuta: Para. 0104: the display device 201 is assumed to be in a state where it issues a data acquisition request to the gateway 101 in accordance with an instruction from the portable terminal 110. In response, the gateway 101 produces an access ID of the display device 201 and the access ID display content); c. a transmitter which transmits the temporary unique identifier (121) to the at least a second device (42, 115) and to the first device (40,112) (Fukuta: Para. 0104: the display device 201 is assumed to be in a state where it issues a data acquisition request to the gateway 101 in accordance with an instruction from the portable terminal 110. In response, the gateway 101 produces an access ID of the display device 201 and the access ID display content. The display device 201 displays an access ID display content. An access ID of the display device 201 is assumed here to be “65a2 cc74”. Further, the gateway 101 transmits the access permission inquiry, including the access ID of the display device 201, to the portable terminal 110); d. a comparison device  Para. 0108: Also, the user of the portable terminal 110 visually compares the access ID “65a2 cc74” displayed on the display screen of the portable terminal 110 and representing the desired display device with the access ID “65a2 cc74” displayed on the display screen of the intended display device 201, and visually confirms that the access IDs are identical to each other (operation S54); Para. 0110: when the user of the portable terminal 110 selects “Y” in reply to the access permission inquiry, i.e., “TRANSMISSION REQUEST FOR ACCESS ID: “65a2 cc74” PERMITTED? Y/N”, which is displayed on the display screen of the portable terminal 110, the portable terminal 110 transmits an access permission to the gateway 101); and the server (41, 111) sends the temporary unique identifier (121) to the second device (42, 115) and to the first device (40, 112) (50, 52) (Fukuta: Para. 0104: the display device 201 is assumed to be in a state where it issues a data acquisition request to the gateway 101 in accordance with an instruction from the portable terminal 110. In response, the gateway 101 produces an access ID of the display device 201 and the access ID display content. The display device 201 displays an access ID display content. An access ID of the display device 201 is assumed here to be “65a2 cc74”. Further, the gateway 101 transmits the access permission inquiry, including the access ID of the display device 201, to the portable terminal 110); and receives an indication (56) from the first device (40, 112) allowing authentication (Fukuta: Para. 0110: when the user of the portable terminal 110 selects “Y” in reply to the access permission inquiry, i.e., “TRANSMISSION REQUEST FOR ACCESS ID: “65a2 cc74” PERMITTED? Y/N”, which is displayed on the display screen of the portable terminal 110, the portable terminal 110 transmits an access permission to the gateway 101). 
Yet, Fukuta does not teach explicitly a memory storing at least a first log-in identifier and an associated authenticating data item; wherein authenticated account details of a user account (113)  he server (41, 111) then sends authentication credentials (57) to the second device (42, 115) thereby authenticating the second device (42, 115) with respect to the server (41, 111). 
However, in the same field of endeavor, Kara teaches a memory storing at least a first log-in identifier and an associated authenticating data item; wherein authenticated account details of a user account (113) associated to a username (123) are received by the server (41, 111) from the first device (40, 112) (Kara: Fig. 8: register a user and mobile device of the user at an authentication provider (810), generate an identifier to be associated with the user and mobile device (815); store the identifier at the mobile device and authentication provider (820); register the user at the protected server (825); Col. 12, line 13-26: FIG. 7 shows an example of a table 705 that may be stored in authentication provider registration database 550. This table includes a listing usernames 710 (e.g., username A . . . N), a listing of mobile devices 715 (e.g., mobile device IDs A . . . N) associated with the username, and a corresponding set of unique identifiers 720 (e.g., unique identifiers A . . . N). The unique identifiers are stored on the mobile devices and at the authentication provider. For example, as shown in a first record of the table, a mobile device has been registered that has a mobile device ID A that belongs to a user having a username A. An associated unique identifier A is stored on both the mobile device and the authentication provider server), an authentication is requested (45) to the server (41, 111) by the second device (42, 115) with the username (123) (Kara: Table A: 1642: The third party transmits the username to the authentication server), the server (41, 111) sends a request (52) to the second device (42, 115) to use the first device (40, 112) to vouch for authentication (Kara: Table A: 1644: The authentication server receives the username from the third party and scans the registration database with the username to identify a listing of registered mobile devices associated with the username . 1646: The authentication server transmits the listing of registered mobile devices to the third party for display to the person . 1648: The third party displays on an electronic screen of the client machine the listing of registered mobile devices for the person to select ( e . g . , display in a drop down menu box ) . 1650: The person selects a mobile device to which the authentication notification is to be sent), the server (41, 111) receives from the second device an acceptance (48, 49) of using the first device (40, 112) (Kara: Table A: 1652: The third party transmits an identification of the selected mobile device to the authentication server), the server (41, 111) then sends authentication credentials (57) to the second device (42, 115) thereby authenticating the second device (42, 115) with respect to the server (41, 111) (Kara: Table C: 4: Server will ….verify the passcode matches. it will send an authenticated session id back to the Website allowing user access to the site). 
Therefore, it would have been obvious to one of ordinary skill in the art before the effective filling date of the claimed invention to modify the system disclosed by Fukuta to include a memory storing at least a first log-in identifier and an associated authenticating data item; wherein authenticated account details of a user account (113) associated to a username (123) are received by the server (41, 111) from the first device (40, 112), an authentication is requested (45) to the server (41, 111) by the second device (42, 115) with the username (123), the server (41, 111) sends a request (52) to the second device (42, 115) to use the first device (40, 112) to vouch for authentication, the server (41, 111) receives from the second device an acceptance (48, 49) of using the first device (40, 112), he server (41, 111) then sends authentication credentials (57) to the second device (42, 115) thereby authenticating the second device (42, 115) with respect to the server (41, 111) as disclosed by Kara. One of ordinary skill in the art would have been motivated to make this modification in order to enhance the 
Regarding claim 41, combination of Fukuta and Kara teaches the method of claim 31. In addition, Kara further teaches wherein protected data is stored with respect to the user account on said server (Kara: Col. 9, line 49-50: The protected server system includes protected resources 555, a protected server registration database 557; Col. 10, line 4-9: Registration database 557 stores a listing of usernames that are registered with the protected server. FIG. 6 shows an example of a table 605 that may be stored in registration database 557. This table includes a listing usernames 610 (e.g., username A . . . N) that are registered with the protected server).
Therefore, it would have been obvious to one of ordinary skill in the art before the effective filling date of the claimed invention to modify the system disclosed by the combination to include wherein protected data is stored with respect to the user account on said server as disclosed by Kara. One of ordinary skill in the art would have been motivated to make this modification in order to enhance the security by authenticating a person for a third party using a registered mobile device as suggested by Kara (Kara: Col. 1, line 45-65).
Regarding claim 42, combination of Fukuta and Kara teaches the method of claim 31. In addition, Kara further teaches wherein protected data is application data stored with respect to the user account on said server (Kara: Col. 9, line 53-59: The protected resources include resources that require user authentication for access. The protected resources can include user accounts, email accounts, banking accounts, brokerage accounts, checking accounts, savings accounts, online shopping accounts, credit card accounts, documents; Col. 10, line 4-9: Registration database 557 stores a listing of usernames that are registered with the protected server. FIG. 6 shows an example of a table 605 that may be stored in registration database 557. This table includes a listing usernames 610 (e.g., username A . . . N) that are registered with the protected server). 

Regarding claim 43, combination of Fukuta and Kara teaches the method of claim 31. In addition, Fukuta further teaches wherein authentication of said first device is effected by entry of a user login identifier and separate authenticating data into said first device (Fukuta: Para. 0036: from the viewpoint of preventing unauthorized access from a portable terminal to a data storage device, e.g., a HDD recorder, a technique of employing fingerprint data of a user of the portable terminal as an identifier for authentication, and allowing only authorized access from the portable terminal to the data storage device has been developed). 
Regarding claim 45, combination of Fukuta and Kara teaches the method of claim 37. In addition, Fukuta further teaches wherein said separate authenticating data is biometric data (Fukuta: Para. 0036: from the viewpoint of preventing unauthorized access from a portable terminal to a data storage device, e.g., a HDD recorder, a technique of employing fingerprint data of a user of the portable terminal as an identifier for authentication, and allowing only authorized access from the portable terminal to the data storage device has been developed). 
Claim 44 is rejected under 35 U.S.C. 103 as being unpatentable over Fukuta in view of Kara, and further in view of Vincent et al. (US20160150406, hereinafter Vincent).
Regarding claim 44, combination of Fukuta and Kara teaches the method of claim 37.
Yet, the combination does not explicitly teach wherein said separate authenticating data is a password.
the security challenge may comprise a request for the user to provide one or more credentials (e.g., a user ID and password) via interaction with user interface 142). 
Therefore, it would have been obvious to one of ordinary skill in the art before the effective filling date of the claimed invention to modify the system disclosed by the combination to include wherein said separate authenticating data is a password as disclosed by Vincent. One of ordinary skill in the art would have been motivated to make this modification in order to facilitate user-authentication-based approval of a device via communication with another device as suggested by Vincent (Vincent: Para. 0005).

Conclusion
The prior art made of record and not relied upon is considered pertinent to applicant's disclosure:
Ligatti et al. US20160180072: authenticating a client on a device via communication with a user mobile device
Chu et al.  US20110197266: authenticating a client on a device via communication with a user mobile device
Pirrwitz et al. US20180048472: authenticating a client on a device by sending OTP to a user mobile device
Paya et al. US20120295587: authenticating a client on a device via communication with a mobile device
Any inquiry concerning this communication or earlier communications from the examiner should be directed to LIN CHANG whose telephone number is (571)272-9998.  The examiner can normally be reached on Monday-Thursday 9AM-6PM EST Friday: Variable.

If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Taghi Arani can be reached on (571)-272-3787. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system.  Status information for published applications may be obtained from either Private PAIR or Public PAIR.  Status information for unpublished applications is available through Private PAIR only.  For more information about the PAIR system, see http://pair-direct.uspto.gov. Should you have questions on access to the Private PAIR system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative or access to the automated information system, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.


/L.C./Examiner, Art Unit 2438                                                                                                                                                                                                                                                                                                                                                                                                         /TAGHI T ARANI/Supervisory Patent Examiner, Art Unit 2438