DETAILED ACTION
Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .
This Office Action is in response to the application 16/288453 filed on 02/28/2019.
Claims 1-20 have been examined and are pending in this application. 

Claim Rejections - 35 USC § 102
The following is a quotation of the appropriate paragraphs of 35 U.S.C. 102 that form the basis for the rejections under this section made in this Office action:
A person shall be entitled to a patent unless –
(a)(1) the claimed invention was patented, described in a printed publication, or in public use, on sale, or otherwise available to the public before the effective filing date of the claimed invention; or


Claim 1, 4, 9-11 and 15-17 are rejected under 35 U.S.C. 102(a)(1) as being anticipated by Law (US 2008/0034216), published on February 7, 2008.

Regarding claim 1: Law discloses a method for symmetric authentication by a first device, the method comprising:
generating a first challenge message containing a first string (Law: ¶0067 the server 320 can generate a random challenge code (the challenge)); 
encrypting the first challenge message (Law: ¶0067 the server 320 can generate a random challenge code (the challenge), encrypt 340 it); 
Law: ¶0067 the server 320 can generate a random challenge code (the challenge), encrypt 340 it and sends 342 to the user 310 [second device]); 
receiving a first answer message from the second device (Law: ¶0067 the user 310 [...] sends 352 the encrypted response code to the server 320);
decrypting the first answer message (Law: ¶0068 the server 320 uses the session key to decrypt 354 the encrypted response code received from the user 310);
authenticating the second device based on determining the decrypted first answer message contains the first string (Law: ¶0050 the first party will then decrypt the received encrypted response code to verify the validity of the secure channel and to authenticate the second party);
upon successful authentication of the second device, the method further comprises:
receiving an encrypted second challenge message from the second device (Law: ¶0069 the user 310 encrypts 356 a randomly generated challenge code with the session key and sends 358 the encrypted challenge code to the server 320);
decrypting the encrypted second challenge message (Law: ¶0069 the server 320 decrypts 360 the encrypted challenge code received from the user 310);
generating a second answer message containing a second string (Law: ¶0069 the server 320 [...] derives a response code from the decrypted challenge code);
encrypting the second answer message (Law: ¶0069 the server 320 [...] encrypts 362 the response code with the session key); and
Law: ¶0069 the server 320 [...] sends 364 the encrypted response code to the user 310).

Regarding claim 4: Law discloses the method of claim 1.
Law further discloses wherein the first challenge message and second challenge message are encrypted using the same key or different keys (Law: ¶0051 the two parties 110 and 120 can use the session keys generated during the authentication process to encrypt and decrypt messages send to and from each other).

Regarding claim 9: Law discloses the method of claim 1.
receiving an acknowledgement of successful authentication of the first device from the second device (Law: ¶0051 the second party can perform a challenge-response to verify the validity of the secure channel and to authenticate the first party); and
permitting the second device access to user information corresponding to the second device (Law: ¶0066 the user 310 and the server 320 can commence 368 transactions through the secure channel).

Regarding claim 10: Sandhu discloses a system for symmetric authentication, the system comprising:
a processor (Law: ¶0035 system 110 is structured to include a processor); and
non-transitory computer-readable storage medium embodying computer program instructions for symmetric authentication (Law: ¶0035 system 110 is structured to include [...] memory, storage), the computer program instructions implementing a method, the method comprising:
generating a first challenge message containing a first string (Law: ¶0067 the server 320 can generate a random challenge code (the challenge)); 
encrypting the first challenge message (Law: ¶0067 the server 320 can generate a random challenge code (the challenge), encrypt 340 it); 
transmitting the encrypted first challenge message to a second device (Law: ¶0067 the server 320 can generate a random challenge code (the challenge), encrypt 340 it and sends 342 to the user 310 [second device]); 
receiving a first answer message from the second device (Law: ¶0067 the user 310 [...] sends 352 the encrypted response code to the server 320);
decrypting the first answer message (Law: ¶0068 the server 320 uses the session key to decrypt 354 the encrypted response code received from the user 310);
authenticating the second device based on determining the decrypted first answer message contains the first string (Law: ¶0050 the first party will then decrypt the received encrypted response code to verify the validity of the secure channel and to authenticate the second party);
upon successful authentication of the second device, the method further comprises:
receiving an encrypted second challenge message from the second device (Law: ¶0069 the user 310 encrypts 356 a randomly generated challenge code with the session key and sends 358 the encrypted challenge code to the server 320);
Law: ¶0069 the server 320 decrypts 360 the encrypted challenge code received from the user 310);
generating a second answer message containing a second string (Law: ¶0069 the server 320 [...] derives a response code from the decrypted challenge code);
encrypting the second answer message (Law: ¶0069 the server 320 [...] encrypts 362 the response code with the session key); and
transmitting the encrypted second answer message to the second device (Law: ¶0069 the server 320 [...] sends 364 the encrypted response code to the user 310).

Regarding claim 11: Claim 11 is similar in scope to claim 4, and is therefore rejected under similar rationale.

Regarding claim 15: Claim 11 is similar in scope to claim 9, and is therefore rejected under similar rationale.

Regarding claim 16: Law discloses a non-transitory computer-readable storage medium embodying computer program instructions for symmetric authentication, the computer program instructions implementing a method, the method comprising:
generating a first challenge message containing a first string (Law: ¶0067 the server 320 can generate a random challenge code (the challenge)); 
encrypting the first challenge message (Law: ¶0067 the server 320 can generate a random challenge code (the challenge), encrypt 340 it); 
Law: ¶0067 the server 320 can generate a random challenge code (the challenge), encrypt 340 it and sends 342 to the user 310 [second device]); 
receiving a first answer message from the second device (Law: ¶0067 the user 310 [...] sends 352 the encrypted response code to the server 320);
decrypting the first answer message (Law: ¶0068 the server 320 uses the session key to decrypt 354 the encrypted response code received from the user 310);
authenticating the second device based on determining the decrypted first answer message contains the first string (Law: ¶0050 the first party will then decrypt the received encrypted response code to verify the validity of the secure channel and to authenticate the second party);
upon successful authentication of the second device, the method further comprises:
receiving an encrypted second challenge message from the second device (Law: ¶0069 the user 310 encrypts 356 a randomly generated challenge code with the session key and sends 358 the encrypted challenge code to the server 320);
decrypting the encrypted second challenge message (Law: ¶0069 the server 320 decrypts 360 the encrypted challenge code received from the user 310);
generating a second answer message containing a second string (Law: ¶0069 the server 320 [...] derives a response code from the decrypted challenge code);
encrypting the second answer message (Law: ¶0069 the server 320 [...] encrypts 362 the response code with the session key); and
Law: ¶0069 the server 320 [...] sends 364 the encrypted response code to the user 310).

Regarding claim 17: Claim 17 is similar in scope to claim 4, and is therefore rejected under similar rationale.


Claim Rejections - 35 USC § 103
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102 of this title, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person.


This application currently names joint inventors. In considering patentability of the claims the examiner presumes that the subject matter of the various claims was commonly owned as of the effective filing date of the claimed invention(s) absent any evidence to the contrary.  Applicant is advised of the obligation under 37 CFR 1.56 to point out the inventor and effective filing dates of each claim that was not commonly owned as of the effective filing date of the later invention in order for the examiner to consider the applicability of 35 U.S.C. 102(b)(2)(C) for any potential 35 U.S.C. 102(a)(2) prior art against the later invention.

Claims 2-3 and 5 are rejected under 35 U.S.C. 103 as being unpatentable over Law (US 2008/0034216), published on February 7, 2008 in view of Vanstone et al. (“Vanstone,” US 2009/0022309), published on January 22, 2009.

Regarding claim 2: Law discloses the method of claim 1.
Law further discloses wherein generating the first challenge message (Law: ¶0067 the server 320 can generate a random challenge code (the challenge)).
Law does not explicitly disclose inserting multiple instances of the first string in the first challenge message and an indicator of a number of the multiple instances.
However Vanstone discloses inserting multiple instances of the first string in the first challenge message and an indicator of a number of the multiple instances (Vanstone: ¶0061 frequencies of all possible successive four character groups are tabulated (step 310) and each group of four characters is assigned a subinterval 212 [e,f) in the unit interval [0,1) (step 320) as before. Next, the bit string b1 b2 b3 ... bn is expressed as a number x=0.b1 b2 b3 ... bn (step 330)).
It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to incorporate teaching of Vanstone with the system and method of Law to include inserting multiple instances of the first string and an indicator of a number of the multiple instances to provide user with a means for representing a cryptographic value in text form (Vanstone: ¶0002).
               Regarding claim 3: Law in view of Vanstone discloses the method of claim 2.
Vanstone: ¶0060 text decompression merely reverses the process above. It converts the bit string to a number in the interval 0 to 1, and then determines the corresponding subintervals, and converts these to the appropriate text; ¶0068 the correspondence between groups of bits and tense of verb, is used in the reverse process).
The motivation is the same that of claim 2 above.

Regarding claim 5: Law discloses the method of claim 1.
Law does not explicitly disclose wherein the second string comprises a sentence, and further comprising determining whether to generate the second answer message based on whether the sentence has proper grammar.
However Vanstone discloses wherein the second string comprises a sentence, and further comprising determining whether to generate the second answer message based on whether the sentence has proper grammar (Vanstone: ¶0065 the initial bits in the bit stream determine the initial sentence; ¶0064 another approach to rendering a cryptographic value legible, the so-called "Grammatical Paragraph Method", is to make grammatically correct text; ¶0094 analyzing the proper text grammatically and semantically).
It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to incorporate teaching of Vanstone with the system and method of Law to include generate the second answer message based on whether the Vanstone: ¶0002).


Claims 6-8, 12-14 and 18-20 are rejected under 35 U.S.C. 103 as being unpatentable over Law (US 2008/0034216), published on February 7, 2008, in view of Hito et al. (“2011/0219427), published on September 8, 2011.

Regarding claim 6: Law discloses the method of claim 1.
Law does not explicitly disclose wherein receiving the first challenge message comprises capturing an image associated with the first challenge message displayed on a third device and converting the image to the first challenge message.
However Hito discloses wherein receiving the first challenge message comprises capturing an image associated with the first challenge message displayed on a third device and converting the image to the first challenge message (Hito: ¶0044 the application uses the camera built into the device, such as camera 136 of device 130 or camera 336 of device 330, to capture the QR Code presented during the authentication request and decodes the information contained in it).
It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to incorporate teaching of Hito with the system and method of Law to include capturing an image associated with the first challenge message displayed on a device to provide user with a means for user authentication or verification (Hito: ¶0002).

Regarding claim 7: Law discloses the method of claim 1.
Law further discloses generating a third challenge message containing a third string (Law: ¶0067 the server 320 can generate a random challenge code (the challenge));
encrypting the third challenge message (Law: ¶0067 the server 320 can generate a random challenge code (the challenge), encrypt 340 it);
transmitting the third challenge message to the second device (Law: ¶0067 the server 320 can generate a random challenge code (the challenge), encrypt 340 it and sends 342 to the user 310 [second device]);
receiving a third answer message from the second device (Law: ¶0067 the user 310 [...] sends 352 the encrypted response code to the server 320);
decrypting the third answer message (Law: ¶0068 the server 320 uses the session key to decrypt 354 the encrypted response code received from the user 310); and
authenticating the second device based on determining the decrypted third answer message contains the third string (Law: ¶0050 the first party will then decrypt the received encrypted response code to verify the validity of the secure channel and to authenticate the second party).
Law does not explicitly disclose transmitting an acknowledgement of the failed authentication to the second device.
However Hito discloses transmitting an acknowledgement of the failed authentication to the second device (Hito: ¶0076 the authentication process will send the status of the request to the client to provide notification of Success or failure 425).
It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to incorporate teaching of Hito with the system and Hito: ¶0002).

Regarding claim 8: Law discloses the method of claim 1.
Law further discloses receiving an encrypted third challenge message from the second device (Law: ¶0069 the user 310 encrypts 356 a randomly generated challenge code with the session key and sends 358 the encrypted challenge code to the server 320);
decrypting the encrypted third challenge message (Law: ¶0069 the server 320 decrypts 360 the encrypted challenge code received from the user 310);
generating a third answer message containing a third string (Law: ¶0069 the server 320 [...] derives a response code from the decrypted challenge code);
encrypting the third answer message (Law: ¶0069 the server 320 [...] encrypts 362 the response code with the session key); and
transmitting the encrypted third answer message to the second device (Law: ¶0069 the server 320 [...] sends 364 the encrypted response code to the user 310).
Law does not explicitly disclose transmitting an acknowledgement of the failed authentication to the second device.
However Hito discloses transmitting an acknowledgement of the failed authentication to the second device (Hito: ¶0076 the authentication process will send the status of the request to the client to provide notification of Success or failure 425).
It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to incorporate teaching of Hito with the system and Hito: ¶0002).

Regarding claims 12-14: Claims 12-14 are similar in scope to claim 6-8, respectively, and are therefore rejected under similar rationale.

Regarding claims 18-20: Claims 18-20 are similar in scope to claim 6-8, respectively, and are therefore rejected under similar rationale.

Conclusion
Any inquiry concerning this communication or earlier communications from the examiner should be directed to Fahimeh Mohammadi whose telephone number is (571)270-7857.  The examiner can normally be reached on Monday - Friday 9:00 - 5:00.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Luu Pham can be reached on 5712705002.  The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system.  Status information for published 






/FAHIMEH MOHAMMADI/    Examiner, Art Unit 2439                                                                                                                                                                                                        



/KARI L SCHMIDT/Primary Examiner, Art Unit 2439