DETAILED ACTION
The following is final office action in response to applicant’s amendments filed on 01/31/2021 for response of office action mailed on 07/31/2020. Claim 7, 8, 10, 11 and 13 are amended. No claim is added. Claims 1-6 and 9 were previously cancelled. Therefore claims 7-8 and 10-14 now pending.
THIS ACTION IS MADE FINAL. Applicant is reminded of the extension of time policy as set forth in 37 CFR 1.136(a).
A shortened statutory period for reply to this final action is set to expire THREE MONTHS from the mailing date of this action. In the event a first reply is filed within TWO MONTHS of the mailing date of this final action and the advisory action is not mailed until after the end of the THREE-MONTH shortened statutory period, then the shortened statutory period will expire on the date the advisory action is mailed, and any extension fee pursuant to 37 CFR 1.136(a) will be calculated from the mailing date of the advisory action. In no event, however, will the statutory period for reply expire later than SIX MONTHS from the mailing date of this final action.

Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .

Examiner’s Comments
Claim 7 is amended with limitation, “wherein when a password verification value or an authentication agreement value transferred from the mobile authentication agent component is received so that [[as]] the first authentication password value displayed on the service log-in screen and the second authentication password value displayed on the mobile authenticator screen coincide with each other, the authentication service component transmits….”, which is not consistent with what is 

Response to Arguments
Applicant’s amendments to the claim 7, filed on 01/31/2021, with respect to the claim rejection under 35 U.S.C 112 (a) have been fully considered. The amendments overcame the rejection, therefore the rejection has been withdrawn. 
Applicant’s amendments to the claim 7 and 8, filed on 01/31/2021, with respect to the claim rejection under 35 U.S.C 112 indefinite have been fully considered. The amendments overcame the rejections. Therefore the rejections have been withdrawn. 
Applicant’s amendments to the claim 7, 8, 10, 11 and 13, filed on 01/31/2021, with respect to the claim rejection under 35 U.S.C 103 have been fully considered.
Regarding arguments on independent claim 7 on page 8-11, claim 7 is amended with new limitation, wherein the authentication service component is an authentication server that is separated from the online service server. The applicant’s amendments to claim 7 necessitated the new grounds of rejection presented in this office action. Hence, applicant’s arguments with respect to rejection of claim 7 have been considered but are moot in view of the new grounds of rejection. A new prior art is introduced, Khalil et al. (US20150249540). 

For the above reasons, it is believed that the rejections should be sustained. Accordingly, THIS
ACTION IS MADE FINAL. See MPEP 706.07(a). Applicant is reminded of the extension of time policy as
set forth in 37 CFR 1.136(a).


Claim Rejections - 35 USC § 112
The following is a quotation of 35 U.S.C. 112(b):
(b)  CONCLUSION.—The specification shall conclude with one or more claims particularly pointing out and distinctly claiming the subject matter which the inventor or a joint inventor regards as the invention.


The following is a quotation of 35 U.S.C. 112 (pre-AIA ), second paragraph:
The specification shall conclude with one or more claims particularly pointing out and distinctly claiming the subject matter which the applicant regards as his invention.


Claim 7-8 and 10-14 are rejected under 35 U.S.C. 112(b) or 35 U.S.C. 112 (pre-AIA ), second paragraph, as being indefinite for failing to particularly point out and distinctly claim the subject matter which the inventor or a joint inventor, or for pre-AIA  the applicant regards as the invention
Regarding claim 7, claim recites “the authentication password value” multiple times. In line 16-17, it recites “The received first authentication password value to be displayed on the service log-in screen as the authentication password value is received”. There is lack of antecedent basis for the term the authentication password value” because it’s not clear which authentication password value it refers to.
Regarding claim 8 and 10-14, claims are rejected for carrying the deficiencies of claim 7 as well. 



Claim Rejections - 35 USC § 103
In the event the determination of the status of the application as subject to AIA  35 U.S.C. 102 and 103 (or as subject to pre-AIA  35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status.  
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.

The factual inquiries set forth in Graham v. John Deere Co., 383 U.S. 1, 148 USPQ 459 (1966), that are applied for establishing a background for determining obviousness under 35 U.S.C. 103 are summarized as follows:
1. Determining the scope and contents of the prior art.
2. Ascertaining the differences between the prior art and the claims at issue.
3. Resolving the level of ordinary skill in the pertinent art.
4. Considering objective evidence present in the application indicating obviousness or nonobviousness.
This application currently names joint inventors. In considering patentability of the claims the examiner presumes that the subject matter of the various claims was commonly owned as of the effective filing date of the claimed invention(s) absent any evidence to the contrary.  Applicant is advised of the obligation under 37 CFR 1.56 to point out the inventor and effective filing dates of each claim that was not commonly owned as of the effective filing date of the later invention in order for the examiner 
Claim 7 is rejected under 35 U.S.C. 103 as being unpatentable over Richardson (US20180232516) in view of Khalil et al. (US20150249540, hereinafter Khalil). 
Regarding claim 7, Richardson teaches an authentication system performing user-centered authentication, comprising: an authentication service component for an authentication procedure of an online service server (Richardson: Fig. 1B: server 11; Para. 60: Initially a user 10 would set up an authenticated connection to a server 11; Para. 0005: This capability would be highly desirable in that an authentication on one of the user's devices for a site account could be used across multiple devices that the user owns or uses; Para. 0074: The screen of the new device 15 notifies the user that the authentication has been completed successfully and access to the site is enabled; Para. 0091: Para. 0091: On receipt of the authorization signal 127 the server then causes the log-in on second digital device 115 to be treated as authenticated thereby allowing the user to access data and services under that log-in user account 113 on server 111; Para. 0009: identify a user log-in usually but not exclusively in a client server environment); and a mobile authentication agent component for the authentication procedure of an access terminal (Richardson: Para. 0061: To authenticate the user 10 and the user's first digital device 12, in this case a smartphone, the user uses a web-enabled application 17 to register with the server 11; Para. 0092: The example embodiment shows the vouching of an authentication to occur between a personal computer and a smartphone with the smartphone being the vouching device. An alternative embodiment could allow any device the user owns or operates to vouch for any device the user wants to add to their account); wherein the server allows a service log-in screen to be displayed on a screen of the access terminal when there is an access request to the online service server through the access terminal, in which an user ID input window is displayed, but a user password input window is not displayed on the service log-in screen (Richardson: Para. 0064: When the user 10 wishes to authenticate themselves using a new device 15, the user connects the device 15 to the server 11 over a public network such as the Internet 20 using an application such as a web browser 16 and then enters their account name 16 to identify themselves as user 10 to the server 11; Para. 0065: The server 11 then notifies the user 10 that their second device is not yet recognised as an authenticated device and asks the user 10 if they would like to add the device to their account 13; Fig. 4: 
    PNG
    media_image1.png
    282
    324
    media_image1.png
    Greyscale
) (Examiner note: the login window only display input window for username, not for password), and when a user ID as an input of the user ID into the user ID input window on the service log- in screen is completed, the authentication service component confirms a mobile authentication agent component corresponding to the user ID and transmits a first and a second authentication password values to the confirmed mobile authentication agent component and the online service server to be accessed by the access terminal, respectively (Richardson: Fig. 2: enters username in form and submits (46); Para. 0066: Para. 0066: Upon agreeing to proceed, the user is presented with a button to initiate a request from the server 11 to the user's primary vouching device 12 to verify an authenticated connection between the user 10 and the server 11. The user is also presented with a device identification such as a four digit number 18 (temporary ID) which can be used to identify the device; Para. 0067: Subsequently the second digital device 15 displays a screen 21 explaining to the user that they will need to obtain authentication from their vouching device in order to proceed with authenticating their new device 15. They will also be shown temporary ID 21 preferably in the form of a four-digit number that is generated new each time a new device requests authentication. This four-digit number is generated by the server 11 and is used once to identify the requesting device 15 to the vouching device 12 when an authentication request is made; Para. 0078: the server gives the requesting device a temporary unique identity 50 which is then shown to the user on the new device screen 51; Para. 0079: The server 41 then sends an authentication request 52 for the new device to the vouching device 40 which is already authenticated and in use or can use existing authentication credentials to establish and authenticate it and the users identity; Para. 0080: The authentication request is received by the existing device along with the identity of the requesting device 54), wherein the server allows the received first authentication password value to be displayed on the service log-in screen as the authentication password value is received (Richardson: Fig. 2: requesting device is given temporary unique ID (50); requesting device ID is shown to user (51); Device receives authentication request along with ID of requesting device (54); Para. 0088: server 111 generates and issues a temporary ID 121 to second digital device 115. The temporary ID 121 is then displayed on second digital device 115 or is otherwise made available for communication to the user sufficient for the user to verify the temporary ID 121 which has been issued for the second digital device 115)(examiner note: temp ID 121 could be sent to another server), wherein the mobile authentication agent component allows the received second authentication password value to be displayed on a screen of a mobile authenticator as the authentication password value is received (Richardson: Para. 0089: At the same time, subsequently, server 111 issues the same temporary ID 121 to first digital device 112. Again, the first digital device 112 causes the temporary ID 121 to be displayed on first digital device 112 or otherwise made available for communication to the user sufficient for the user to verify the temporary ID 121 which has been issued for the first digital device 112), wherein the mobile authentication agent component is a software application and is installed in User’s first digital device (12), new device (15); Para. 0070: In the case of a smartphone such as an Apple iPhone, a notification message can be then sent to the user's device 12, which in turn can open the user's application 17 to verify the users identity; Para. 0061: To authenticate the user 10 and the user's first digital device 12, in this case a smartphone, the user uses a web-enabled application 17 to register with the server 11), wherein when a password verification value or an authentication agreement value transferred from the mobile authentication agent component is received so that the first authentication password displayed on the service log-in screen and the second authentication password value displayed on the mobile authenticator screen coincide with each other, the authentication service component transmits an authentication success message to allow service authentication for determining whether a service is authentic and user authentication for determining whether a user who requests an access through the access terminal is authentic to be batch- processed (Richardson: Para. 0090: In use, the user is then placed in a position where they can then compare the temporary ID 121 appearing on or otherwise associated with second digital device 115 with the temporary ID 121 appearing on or otherwise associated with first digital device 112 during a pre-determined time-frame. In one form, if the two temporary IDs match, then may confirm to first digital device 112 that a match has occurred and trigger by way of choice check-box 126 transmission of an authorisation signal 127 from first digital device 112 to server 111; Para. 0091: On receipt of the authorisation signal 127 the server then causes the log-in on second digital device 115 to be treated as authenticated thereby allowing the user to access data and services under that log-in user account 113 on server 111; Para. 0073: Once the server 11 receives a verification of the identity of the new device 15, the server allows an authenticated session to proceed between the new device 15 and the server 11; Para. 0074: The screen of the new device 15 notifies the user that the authentication has been completed successfully and access to the site is enabled. Additionally a new device identity 19 is added to the user's account 13 on the server 11; Para. 0081: the server shares authentication credentials with the new device 57; Para. 0082: As a result the new device receives the authentication credentials 58 and the new device is allowed to be used to access the users account from the new device 59). 
Yet, Richardson does not explicitly teach wherein the on-line service server allows a service log-in screen to be displayed on a screen of the access terminal, the user ID is transferred from the online service server to the authentication service component; transmits authentication password values to the online service server, the authentication service component transmits an authentication success message to the online service server to allow to allow authentication, wherein the authentication service component is an authentication server that is separated from the online service server.
However, in the same field of endeavor, Khalil teaches wherein the on-line service server allows a service log-in screen to be displayed on a screen of the access terminal (Khalil: Fig. 1A: Third party device (online service server); Para. 0060: As shown in FIG. 6C, and by reference number 625, a third party administrator may interact with the input device to provide third party preferences for the password-less authentication service, 
    PNG
    media_image2.png
    412
    296
    media_image2.png
    Greyscale
), the user ID is transferred from the online service server to the authentication service component (Khalil: Para. 0063: As shown in FIG. 7, process 700 may include receiving an authentication request, from a third party device, associated with a user requesting access to a third party service (block 705)…. For example, a user may interact with client device 230 to request access, using a password-less authentication service, to a third party service provided by third party device 240, which may cause third party device 240 to generate and provide the authentication request to authentication device 220; Para. 0064: The authentication request may include information relating to an access request by the user to the third party service. For example, the user may input a user identifier (e.g., a username, an email address, etc.) via client device 230, and third party device 240 may include the user identifier in the authentication request); transmits authentication password values to the online service server (Khalil: Para. 0036: authentication device 220 may transmit a verification code to a destination associated with the user and/or the third party), the authentication service component transmits an authentication success message to the online service server to allow service and user authentication (Kahlil: Para. 0019: Third party device 240 may request that authentication device 220 authenticate the user …. and may receive an indication that the user has been authentication when authentication device 220 validates the user via mobile device 210; Para. 0082: As further shown in FIG. 7, if access is approved (block 745—YES), then process 700 may include providing an instruction to permit the user to access the third party service (block 755)….. authentication device 220 may provide an instruction, to third party device 240, to permit the user to access to the third party service), wherein the authentication service component is an authentication server that is separated from the online service server (Kahlil: Para. 0016: Fig. 2: As shown in FIG. 2, environment 200 may include a mobile device 210, an authentication device 220, a client device 230, a third party device 240, and a network 250. As further shown, mobile device 210 and client device 230 may be associated with the same user; Para. 0018: Authentication device 220 may authenticate the user, associated with mobile device 210, when the user uses client device 230 (or mobile device 210) to attempt to access a service provided via third party device 240; Para. 0020: server device 240 may include a computing device, such as a server (e.g., a content server, a web server, a host server, a database server, a voice portal server, a payment processing server, a credit card processing server, etc.), a security device (e.g., a firewall, a gateway, an access point, etc.), an interactive voice recognition device, or a similar device. Third party device 240 may provide access to a third party service. When a user uses client device 230 to attempt to access a third party service provided by third party device 240, third party device 240 may contact authentication device 220, requesting that the user be authenticated. Authentication device 220 may use information, received from third party device 240, to identify mobile device 210. Authentication device 210 may authenticate mobile device 210 using techniques described herein, and may verify the identity of the user to third party device 240. Third party device 240 may then permit client device 230 to access a service provided by third party device 240). 
Therefore, it would have been obvious to one of ordinary skill in the art before the effective filling date of the claimed invention to modify the system disclosed by Richardson to include wherein the on-line service server allows a service log-in screen to be displayed on a screen of the access terminal, the user ID is transferred from the online service server to the authentication service component; transmits authentication password values to the online service server, the authentication service component transmits an authentication success message to the online service server to allow service and user authentication, wherein the authentication service component is an authentication server that is separated from the online service server as disclosed by Khalil. One of ordinary skill in the art would have been motivated to make this modification in order to provide user/device/service authentication using user’s mobile phone as suggested by Khalil (Khalil: Para. 0092).
Claim 8 is rejected under 35 U.S.C. 103 as being unpatentable over Richardson in view of  Khalil, and further in view of Reed et al. (US20090249076, hereinafter Reed). 
Regarding claim 8, combination of Richardson and Khalil teaches the authentication system of claim 7. In addition, Richardson teaches wherein an authentication password display window is included in the service log-in screen (Richardson: Fig. 4: 
    PNG
    media_image3.png
    285
    326
    media_image3.png
    Greyscale
; Para. 0088: server 111 generates and issues a temporary ID 121 to second digital device 115. The temporary ID 121 is then displayed on second digital device 115 or is otherwise made available for communication to the user sufficient for the user to verify the temporary ID 121 which has been issued for the second digital device 115), wherein the server allows the first authentication password value to be displayed in the authentication password display window upon receiving the first authentication password value (Richardson:  Para. 0088: server 111 generates and issues a temporary ID 121 to second digital device 115. The temporary ID 121 is then displayed on second digital device 115 or is otherwise made available for communication to the user sufficient for the user to verify the temporary ID 121 which has been issued for the second digital device 115), wherein as the second authentication password value is received, the mobile authentication agent component displays the authentication password display window to which a graphical user interface (GUI) having the same graphic effect as the authentication password display window displayed on the service log-in screen is reflected, on the screen of the mobile authenticator and displays the second authentication password value in the displayed authentication password display window (Richardson: Fig. 4: 
    PNG
    media_image4.png
    310
    292
    media_image4.png
    Greyscale
; Para. 0089: At the same time, subsequently, server 111 issues the same temporary ID 121 to first digital device 112. Again, the first digital device 112 causes the temporary ID 121 to be displayed on first digital device 112 or otherwise made available for communication to the user sufficient for the user to verify the temporary ID 121 which has been issued for the first digital device 112). 
Yet, the combination does not teach the service log-in screen which allows a graphic effect allowing the lapse of a password valid time of the corresponding authentication password value to be visually guided to be reflected in the authentication password display window.
However, in the same field of endeavor, Reed teaches the service log-in screen which allows a graphic effect allowing the lapse of a password valid time of the corresponding authentication password value to be visually guided to be reflected in the authentication password display window (Reed: Para. 0242: As shown in FIG. 21B, the details of a guest user are displayed in guest details pane 2210. The guest user details displayed may include, but are not limited to the guest user's login ID, temporary password, and the guest user's access expiration date). 
Therefore, it would have been obvious to one of ordinary skill in the art before the effective filling date of the claimed invention to modify the system disclosed by the combination to include the service log-in screen which allows a graphic effect allowing the lapse of a password valid time of the .
Claim 10 and 11 are rejected under 35 U.S.C. 103 as being unpatentable over Richardson in view of Khalil and Reed, and further in view of Fukeda et al. (US20070124682, hereinafter Fukeda).
Regarding claim 10, combination of Richardson, Khalil, and Reed teaches the authentication system of claim 8. 
In addition, Richardson further teaches wherein the first and the second authentication password value are displayed in the authentication password display window by a number string or a character string (Richardson: Para. 0088: server 111 generates and issues a temporary ID 121 to second digital device 115. The temporary ID 121 is then displayed on second digital device 115 or is otherwise made available for communication to the user sufficient for the user to verify the temporary ID 121 which has been issued for the second digital device 115; Para. 0089: At the same time, subsequently, server 111 issues the same temporary ID 121 to first digital device 112. Again, the first digital device 112 causes the temporary ID 121 to be displayed on first digital device 112 or otherwise made available for communication to the user sufficient for the user to verify the temporary ID 121 which has been issued for the first digital device 112).
In addition, Reed teaches the password valid time is displayed in the authentication password display window (Reed: Para. 0242: As shown in FIG. 21B, the details of a guest user are displayed in guest details pane 2210. The guest user details displayed may include, but are not limited to the guest user's login ID, temporary password, and the guest user's access expiration date). 
Yet, the combination does not teach the valid time is displayed in a time lapse bar shape to visually guide the lapse of a password valid time.
The progress display control part 12 performs control for displaying a progress of a conference on the display unit 20. Progress of each subject is displayed by a bar extending according to a lapse of time). 
Therefore, it would have been obvious to one of ordinary skill in the art before the effective filling date of the claimed invention to modify the system disclosed by the combination to include wherein the valid time is displayed in a time lapse bar shape to visually guide the lapse of a password valid time as disclosed by Fukeda. One of ordinary skill in the art would have been motivated to make this modification in order to display proceeding time as suggested by Fukeda (Fukeda: Para. 0039). 
Regarding claim 11, combination of Richardson, Khalil, Reed and Fukeda teaches the authentication system of claim 10. In addition, Richardson further teaches wherein the authentication service component updates and generates the first and second authentication password value with the lapse of the password valid time and retransmits the updated and generated authentication pass word value to the online service server and the mobile authentication agent component (Richardson:  Para. 0090: the user is then placed in a position where they can then compare the temporary ID 121 appearing on or otherwise associated with second digital device 115 with the temporary ID 121 appearing on or otherwise associated with first digital device 112 during a pre-determined time-frame. In one form, if the two temporary IDs match, then may confirm to first digital device 112 that a match has occurred and trigger by way of choice check-box 126 transmission of an authorisation signal 127 from first digital device 112 to server 111). 
In addition, Reed teaches the authentication password value and the password valid time are updated and displayed in the authentication password display window with the update of the authentication password value (Reed: Para. 0242: As shown in FIG. 21B, the details of a guest user are displayed in guest details pane 2210. The guest user details displayed may include, but are not limited to the guest user's login ID, temporary password, and the guest user's access expiration date). 
Claim 12 is rejected under 35 U.S.C. 103 as being unpatentable over in view of Richardson in view of Khalil, and further in view of Keeler et al. (US20030233580, hereinafter Keeler).
Regarding claim 12, combination of Richardson and Khalil teaches the authentication system of Claim 7. 
Yet, the combination does not teach wherein after service access is permitted to the online service server in association with the access terminal with the transmission of the authentication success message, when an access closing value is received from the mobile authentication agent component to the authentication service component, the authentication service component confirms whether a transmission subject of the access closing value is the registered mobile authentication agent component corresponding to a service user and transmits an access closing request message to the online service server when it is confirmed that the access closing value is received from the registered mobile authentication agent component.
However, in the same field of endeavor, Keeler teaches wherein after service access is permitted to the online service server in association with the access terminal with the transmission of the authentication success message, when an access closing value is received from the mobile authentication agent component to the authentication service component, the authentication service component confirms whether a transmission subject of the access closing value is the registered mobile authentication agent component corresponding to a service user and transmits an access closing request message to the online service server when it is confirmed that the access closing value is received from the registered mobile authentication agent component (Keeler: Para. 0012: The network provider may then send the username and password to a roaming partner for authentication/authorization…..the roaming partner may determine whether the user account is authenticated….If the authentication response indicates that the user account has been authenticated, then the network provider may authorize access to the network for the user; Para. 0013: In authorizing access to the network, the network provider may send an authorization response to the client software. The authorization response may comprise a logoff address which is usable by the client software to initiate a logoff for the user account; Para. 0141: The authentication/authorization page may also include a parameter which specifies the logout URL….To initiate a logoff, the client software may send an HTTP POST operation to the system servicing the logoff URL. The POST operation may include the session key parameter returned by the last successful login operation; Para. 0142: When a logoff attempt is received by the network of the network provider 162, the router may return an HTML logoff response page including an HTML comment string of the form “<!—error={error number}—>”. The error number may be defined appropriately (e.g., 0=successful logoff, 4=not logged in, and 255=undefined system error)
Therefore, it would have been obvious to one of ordinary skill in the art before the effective filling date of the claimed invention to modify the system disclosed by the combination to include wherein after service access is permitted to the online service server in association with the access terminal with the transmission of the authentication success message, when an access closing value is received from the mobile authentication agent component to the authentication service component, the authentication service component confirms whether a transmission subject of the access closing value is the registered mobile authentication agent component corresponding to a service user and transmits an access closing request message to the online service server when it is confirmed that the access closing value is received from the registered mobile authentication agent component as disclosed by Keeler. One of ordinary skill in the art would have been motivated to make this modification in order to terminate session promptly as suggested by Keeler (Keeler: Para. 0142)
Claim 13 is rejected under 35 U.S.C. 103 as being unpatentable over Richardson in view of Khalil, and further in view of Oberheide et al. (US20140245396, hereinafter Oberheide). 
Regarding claim 13, combination of Richardson and Khalil teaches the authentication system of claim 7. 
Yet, the combination does not teaches wherein when an access blocking value is received from the mobile authentication agent component receiving the second authentication password value to the authentication service component, the authentication service component confirms whether the transmission subject of the access blocking value is the registered mobile authentication agent component corresponding to the service user and transmits an access blocking request message to the online service server when it is confirmed that the access blocking value is received from the registered mobile authentication agent component.
However, in the same field of endeavor, Oberheide teaches wherein when an access blocking value is received from the mobile authentication agent component receiving the authentication password value to the authentication service component, the authentication service component confirms whether the transmission subject of the access blocking value is the registered mobile authentication agent component corresponding to the service user and transmits an access blocking request message to the online service server when it is confirmed that the access blocking value is received from the registered mobile authentication agent component (Oberheide: Para. 0047: Step S240, which includes validating an application response, functions to obtain user confirmation. The application response is preferably received at the TFA service…. The user can confirm or deny the request as shown in FIG. 9. …. The TFA SDK can additionally facilitate transmitting the obtained application response to the TFA service. Alternatively, the confirmation response may be communicated to the TFA service by the application or any suitable component of the device. The TFA service can validate, assess, verify, or check the response obtained from the application; Para. 0048: Step S250, which includes transmitting an assessment, functions to transfer the result of the second factor of authentication to the service provider….If the user denied or canceled the authentication request, the TFA service preferably communicates an indication of the failure of the second factor of authentication. The failure can be explicit in that the authentication request is canceled, denied, or is responded to with an error. The failure can alternatively be implicit such as with a null response. Other response options such as an option to report fraud can additionally be delivered to the service provider, but alternatively, the reported fraud may be managed within the TFA service to detect fraudulent requests. The web application will preferably use the assessment in enforcing the user request occurring within the web application. For example, if the user was attempting to login to the web application, the transmitted assessment is used in allowing or denying the login request. The service provider may use the TFA response for any suitable alternative purpose). 
Therefore, it would have been obvious to one of ordinary skill in the art before the effective filling date of the claimed invention to modify the system disclosed by the combination to include wherein when an access blocking value is received from the mobile authentication agent component receiving the authentication password value to the authentication service component, the authentication service component confirms whether the transmission subject of the access blocking value is the registered mobile authentication agent component corresponding to the service user and transmits an access blocking request message to the online service server when it is confirmed that the access blocking value is received from the registered mobile authentication agent component as disclosed by Oberheide. One of ordinary skill in the art would have been motivated to make this modification in order to provide an additional factor of authentication as suggested by Oberheide (Oberheide: Para. 0003).
Claim 14 rejected under 35 U.S.C. 103 as being unpatentable over Richardson in view of Khalil and Oberheide, and further in view of Kim (US7418257).
Regarding claim 14, combination of Richardson, Khalil and Oberheide teaches the authentication system of Claim 13. 
Yet, the combination does not teach wherein the authentication service component keeps related information regarding the access terminal in which the access is blocked and automatically blocks an authentication request when the authentication request of the same condition is reattempted from the access terminal in which the access is blocked.
However, in the same field of endeavor, Kim teaches wherein the authentication service component keeps related information regarding the access terminal in which the access is blocked and automatically blocks an authentication request when the authentication request of the same condition is reattempted from the access terminal in which the access is blocked (Kim: Claim 4: a system for automatically blocking a voice call connection, comprising: a wireless network for receiving a voice call initiation message including the authentication information; Col. 13, line 32-33: blocking a cloned terminal from accessing to a wireless data service; Col 13, line 46-47: cloned mobile terminal is configured to be blocked)
Therefore, it would have been obvious to one of ordinary skill in the art before the effective filling date of the claimed invention to modify the system disclosed by the combination to include wherein the authentication service component keeps related information regarding the access terminal in which the access is blocked and automatically blocks an authentication request when the authentication request of the same condition is reattempted from the access terminal in which the access is blocked as disclosed by Kim. One of ordinary skill in the art would have been motivated to make this modification in order to only provide service to the legitimate terminal as suggested by Kim (Kim: Col. 2, line 52-66). 

Conclusion
The prior art made of record and not relied upon is considered pertinent to applicant's disclosure:
Karachiwala et al. US10299118: authentication a user through user’s mobile device
Any inquiry concerning this communication or earlier communications from the examiner should be directed to LIN CHANG whose telephone number is (571)272-9998.  The examiner can normally be reached on Monday-Thursday 9AM-6PM EST Friday: Variable.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Taghi Arani can be reached on (571)-272-3787. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system.  Status information for published applications may be obtained from either Private PAIR or Public PAIR.  Status information for unpublished applications is available through Private PAIR only.  For more information about the PAIR system, see http://pair-direct.uspto.gov. Should you have questions on access to the Private PAIR system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative or access to the automated information system, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.


/L.C./Examiner, Art Unit 2438                                                                                                                                                                                                                                                                                                                                                                                                               /TAGHI T ARANI/