Notice of Pre-AIA  or AIA  Status
The present application is being examined under the pre-AIA  first to invent provisions. 
In the event the determination of the status of the application as subject to AIA  35 U.S.C. 102 and 103 (or as subject to pre-AIA  35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status.

DETAILED ACTION
Claims 2-21 are presented for examination.


Information Disclosure Statement
The information disclosure statement (IDS) submitted on 11/23/2020 has been considered. The submission is in compliance with the provisions of 37 CFR 1.97. Form PTO-1449 is signed and attached hereto.

Drawings
The drawings filed on 06/04/2019 are accepted by the examiner.


Double Patenting
The nonstatutory double patenting rejection is based on a judicially created doctrine grounded in public policy (a policy reflected in the statute) so as to prevent the unjustified or improper timewise extension of the “right to exclude” granted by a patent In re Berg, 140 F.3d 1428, 46 USPQ2d 1226 (Fed. Cir. 1998); In re Goodman, 11 F.3d 1046, 29 USPQ2d 2010 (Fed. Cir. 1993); In re Longi, 759 F.2d 887, 225 USPQ 645 (Fed. Cir. 1985); In re Van Ornum, 686 F.2d 937, 214 USPQ 761 (CCPA 1982); In re Vogel, 422 F.2d 438, 164 USPQ 619 (CCPA 1970); and  In re Thorington, 418 F.2d 528, 163 USPQ 644 (CCPA 1969).
A timely filed terminal disclaimer in compliance with 37 CFR 1.321(c) or 1.321(d) may be used to overcome an actual or provisional rejection based on a nonstatutory double patenting ground provided the conflicting application or patent either is shown to be commonly owned with this application, or claims an invention made as a result of activities undertaken within the scope of a joint research agreement. 
Effective January 1, 1994, a registered attorney or agent of record may sign a terminal disclaimer. A terminal disclaimer signed by the assignee must fully comply with 37 CFR 3.73(b).
Claims Patent # 8424057 (11/966,800) contains every element of claims of the instant application. Claims of the instant application therefore are not patently distinct from the earlier patent claims and as such are unpatentable over obvious-type double patenting. A later patent claim is not patentably distinct from an earlier claim if the later claim is anticipated by the earlier claim. 
anticipated by, the earlier claim.  In re Longi, 759 F.2d at 896, 225 USPQ at 651 (affirming a holding of obviousness-type double patenting because the claims at issue were obvious over claims in four prior art patents); In re Berg, 140 F.3d at 1437, 46 USPQ2d at 1233 (Fed. Cir. 1998) (affirming a holding of obviousness-type double patenting where a patent application claim to a genus is anticipated by a patent claim to a species within that genus). “  ELI LILLY AND COMPANY v BARR LABORATORIES, INC., United States Court of Appeals for the Federal Circuit, ON PETITION FOR REHEARING EN BANC (DECIDED:  May 30, 2001). 
Furthermore, the ODP is not the only outstanding rejection and the claims, if allowed, would improperly extend the "right to exclude" already granted in the patent. A timely filed terminal disclaimer in compliance with 37 CFR 1.321(c) or 1.321(d) may be used to overcome an actual or provisional rejection based on a nonstatutory double patenting ground provided the conflicting application or patent either is shown to be commonly owned with this application, or claims an invention made as a result of activities undertaken within the scope of a joint research agreement. 


Claim Rejections - 35 USC § 103
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102 of this title, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person 


The factual inquiries set forth in Graham v. John Deere Co., 383 U.S. 1, 148 USPQ 459 (1966), that are applied for establishing a background for determining obviousness under 35 U.S.C. 103 are summarized as follows:
1. Determining the scope and contents of the prior art.
2. Ascertaining the differences between the prior art and the claims at issue.
3. Resolving the level of ordinary skill in the pertinent art.
4. Considering objective evidence present in the application indicating obviousness or nonobviousness.
This application currently names joint inventors. In considering patentability of the claims the examiner presumes that the subject matter of the various claims was commonly owned as of the effective filing date of the claimed invention(s) absent any evidence to the contrary.  Applicant is advised of the obligation under 37 CFR 1.56 to point out the inventor and effective filing dates of each claim that was not commonly owned as of the effective filing date of the later invention in order for the examiner to consider the applicability of 35 U.S.C. 102(b)(2)(C) for any potential 35 U.S.C. 102(a)(2) prior art against the later invention.

1.	Claims 2-6, 8-9, 11-13, 15-16, and 18-21 rejected under 35 U.S.C. 103 as being unpatentable over Makino et al. (US Pub No. 2008/0010673, hereinafter “Makino”) in view of Cook et al. (US Pub No. 2009/0328165, hereinafter “Cook”).

Regarding claim 2, Makino does disclose, a server comprising: a non-transitory memory; and one or more hardware processors coupled to the non-transitory memory and configured to cause the server to perform operations comprising: generating a token by the server (Makino, (para. [0170, 0033]), upon receiving the user password "1234",the server generates random authentication data "abcdefg" (hereinafter referred to as a "server random one-time password") (i.e. token)); sending the generated token to the mobile device (Makino, (para. [0170, 0033]), transmits the server random one-time password (i.e. token) to the mobile device of the user); receiving one or more one-time-passwords from the mobile device, the one or more one-time-passwords generated based on the generated token (Makino, (para. [0171, 0065]), upon receiving the server random one-time password "abcdefg", the mobile device generates random authentication data "hijklmn" (hereinafter referred to as a "client random one-time password") where the random authentication data generated by the computer 1 and the random authentication data generated by the computer 2 are combined to generate a random one-time password which is random authentication data updated each time user authentication is performed. The generated random one-time password is stored in the storage means of the computer 1 and the storage means of the computer 2); and authenticating the mobile device to [a website hosted on] the server based on the one or more one-time passwords (Makino, (para. [0065, 0219-0220]), a secure user authentication is performed using the stored random one-time password together with the user password).  

Makino does not explicitly disclose but the analogous art Cook discloses, a website hosted on the server (Cook, (para. [0035-0038]), the client sends the user's login ID and one-time password to the web server for authentication).
Therefore, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to modify the invention of Makino by including a website hosted on the server taught by Cook for the advantage of removing the need for a user to have a separate physical device, e.g., token, per company or service, reduces the cost burden on the companies and allows for two-way authentication via multiple access methods (Cook, (abstract)).

Regarding claim 3, the combination of Makino-Cook does disclose the server of claim 2, wherein: generating the token is performed at a first time period during a computing session with the server (Makino, (para. [0170, 0033]), upon receiving the user password "1234",the server generates random authentication data "abcdefg" (hereinafter referred to as a "server random one-time password") (i.e. token)), receiving the one or more one-time-passwords from the mobile device comprises receiving a first passcode for the first time period (Cook, (para. [0034]), the user enters the PIN portion (i.e. passcode) only along with the login ID), and the operations further comprise extending the computing session in response to receiving one or more one-time-passwords at the first time period (Makino, (para. [0115]), the user authentication for the authorized user is performed without being disturbed by the automatic update of the random one-time password. Consequently, the user authentication requested by the computer 1 succeeds).  

Regarding claim 4, the combination of Makino-Cook does disclose the server of claim 3, wherein: the operations further comprise computing a second one or more one-time-passwords based on the generated token, and extending the computing session is in response to comparing the one or more one time-passwords with the second one or more one-time passwords (Makino, (para. [0135]), a plurality of random authentication data generated by the computer 1 with a plurality of random authentication data generated by the computer 2 so as to generate a plurality of random one-time passwords, which are random authentication data updated each time user authentication is performed; (para. [0115]), where the user authentication for the authorized user is performed without being disturbed by the automatic update of the random one-time password. Consequently, the user authentication requested by the computer 1 succeeds).


Regarding claim 5, the combination of Makino-Cook does disclose the server of claim 2, wherein generating the token is based on receiving information unique to the mobile device (Cook, (para. [0017-0018]), the user's one-time password (i.e. token) consists of a personal identification number (PIN) of the user concatenated with the current sequence value displayed by the sequence generator).  

Regarding claim 6, the combination of Makino-Cook does disclose the server of claim 5, wherein the information unique to the mobile device comprises one or more of: one or more cookies present in the mobile device, hypertext transfer protocol (HTTP) header information present in the mobile device, or information that is manually entered by a user of the mobile device (Cook, (para. [0025]), enters his login ID and one-time password, i.e., a PIN concatenated with the current sequence value, on the service entity's login page).  

Regarding claim 8, the combination of Makino-Cook does disclose the server of claim 5, wherein generating the token comprises encrypting or hashing the information unique to the mobile device (Makino, (para. [0214]), the computer-1-specific information is encrypted using a private key of the computer 1).  

Regarding claim 9, the combination of Makino-Cook does disclose the server of claim 2, wherein the operations further comprise: receiving a second token from the mobile device configured to authenticate the website; calculate one or more second one-time-passwords based on the second token; and sending, to the mobile device, the one or more second one-time-passwords (Makino, (para. [0135]), a plurality of random authentication data generated by the computer 1 with a plurality of random authentication data generated by the computer 2 so as to generate a plurality of random one-time passwords, which are random authentication data updated each time user authentication is performed; Makino, (para. [0171, 0065]), upon receiving the server random one-time password "abcdefg", the mobile device generates random authentication data "hijklmn" (hereinafter referred to as a "client random one-time password") where the random authentication data generated by the computer 1 and the random authentication data generated by the computer 2 are combined to generate a random one-time password which is random authentication data updated each time user authentication is performed. The generated random one-time password is stored in the storage means of the computer 1 and the storage means of the computer 2).  

Regarding claim 11, the substance of the claimed invention is similar to that of claim 1. Accordingly, this claim is rejected under the same rationale.

Regarding claim 12, the substance of the claimed invention is similar to that of claim 5. Accordingly, this claim is rejected under the same rationale.

Regarding claim 13, the substance of the claimed invention is similar to that of claim 6. Accordingly, this claim is rejected under the same rationale.

Regarding claim 15, the substance of the claimed invention is similar to that of claim 8. Accordingly, this claim is rejected under the same rationale.

Regarding claim 16, the substance of the claimed invention is similar to that of claim 9. Accordingly, this claim is rejected under the same rationale.

Regarding claim 18, the substance of the claimed invention is similar to that of claim 1. Accordingly, this claim is rejected under the same rationale.

Regarding claim 19, the substance of the claimed invention is similar to that of claim 6. Accordingly, this claim is rejected under the same rationale.

Regarding claim 20, the substance of the claimed invention is similar to that of claim 8. Accordingly, this claim is rejected under the same rationale.

Regarding claim 21, the substance of the claimed invention is similar to that of claim 9. Accordingly, this claim is rejected under the same rationale.


2.	Claims 7, 10, 14, and 17 are rejected under 35 U.S.C. 103 as being unpatentable over Makino et al. in view of Cook et al., further in view of Boyd et al.  (US Pub No. 2007/0198698, hereinafter “Boyd”).

Regarding claim 7, the combination of Makino-Cook disclose the server of claim 5. 
Makino-Cook does not explicitly disclose but the analogous art Boyd discloses, wherein the information unique to the mobile device comprises hypertext transfer protocol (HTTP) header information with a telephone number of the mobile device (Boyd, (para. [0088]), the command, being a refresh command, causes the client to fetch the file "flowers.jpg" from the domain "contentserver.com". Note that the command instructs the client 451 to transmit two headers with the HTTP fetch when executing the command: the phone number ("min") and the platform ID ("pid") of the mobile device 450).  
Therefore, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to modify the invention of Makino-Cook by including HTTP header information with a telephone number taught by Boyd for the advantage of allowing the content server to regulate how frequently the mobile device retrieves new content (Boyd, (abstract)).

Regarding claim 10, the combination of Makino-Cook-Boyd disclose the server of claim 9, wherein the operations further comprise: sending a push notification to the mobile device comprising cookie information, the cookie information usable to generate the second token by the mobile device (Boyd, (para. [0085]), the client 451 may send headers in the client-transmitted data 465 with a refresh request that describe the mobile device 450 or the state of the mobile device 450. Similarly, the server application 410 may return standard cookies in the server-transmitted data 470 for use in future content updates where token generated using cookie is well known in the art of web technology).


Regarding claim 14, the substance of the claimed invention is similar to that of claim 7. Accordingly, this claim is rejected under the same rationale.

Regarding claim 17, the substance of the claimed invention is similar to that of claim 10. Accordingly, this claim is rejected under the same rationale.


Conclusion
Any inquiry concerning this communication or earlier communications from the examiner should be directed to MORSHED MEHEDI	whose telephone number is (571) 270-7640. The examiner can normally be reached on M - F, 8:00 am to 4:00 pm EST.    If attempts to reach the examiner by telephone are unsuccessful, the examiner's supervisor, Jeffrey L. Nickerson can be reach on (469) 295-9235. The fax number for the organization where this application or proceeding is assigned is (571) 273-8300.
Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system. Status information for published applications may be obtained from their Private PAIR or Public PAIR. Status information for unpublished applications is available through Private PAIR only. For more information about the PAIR system, see http://pair-direct.uspto.gov. should you have questions on access to the Private PAIR system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative or access to the automated information system, call 800-786-9199 (In USA or Canada) or 571-272-1000.

/MORSHED MEHEDI/Primary Examiner, Art Unit 2432