Notice of Pre-AIA  or AIA  Status
The present application is being examined under the pre-AIA  first to invent provisions. 

Claim Objections
Claim 1 is objected to because of the following informalities:  
Line 14 recites “the user’s application” which should be changed to --the user’s application;--. 
Line 17 recites “the user’s application;” which should be changed to --the user’s application; and--.  
Appropriate correction is required.

Double Patenting
The nonstatutory double patenting rejection is based on a judicially created doctrine grounded in public policy (a policy reflected in the statute) so as to prevent the unjustified or improper timewise extension of the “right to exclude” granted by a patent and to prevent possible harassment by multiple assignees. A nonstatutory double patenting rejection is appropriate where the conflicting claims are not identical, but at least one examined application claim is not patentably distinct from the reference claim(s) because the examined application claim is either anticipated by, or would have been obvious over, the reference claim(s). See, e.g., In re Berg, 140 F.3d 1428, 46 USPQ2d 1226 (Fed. Cir. 1998); In re Goodman, 11 F.3d 1046, 29 USPQ2d 2010 (Fed. Cir. 1993); In re Longi, 759 F.2d 887, 225 USPQ 645 (Fed. Cir. 1985); In re Van Ornum, In re Vogel, 422 F.2d 438, 164 USPQ 619 (CCPA 1970); In re Thorington, 418 F.2d 528, 163 USPQ 644 (CCPA 1969).
A timely filed terminal disclaimer in compliance with 37 CFR 1.321(c) or 1.321(d) may be used to overcome an actual or provisional rejection based on nonstatutory double patenting provided the reference application or patent either is shown to be commonly owned with the examined application, or claims an invention made as a result of activities undertaken within the scope of a joint research agreement. See MPEP § 717.02 for applications subject to examination under the first inventor to file provisions of the AIA  as explained in MPEP § 2159. See MPEP § 2146 et seq. for applications not subject to examination under the first inventor to file provisions of the AIA . A terminal disclaimer must be signed in compliance with 37 CFR 1.321(b). 
The USPTO Internet website contains terminal disclaimer forms which may be used. Please visit www.uspto.gov/patent/patents-forms. The filing date of the application in which the form is filed determines what form (e.g., PTO/SB/25, PTO/SB/26, PTO/AIA /25, or PTO/AIA /26) should be used. A web-based eTerminal Disclaimer may be filled out completely online using web-screens. An eTerminal Disclaimer that meets all requirements is auto-processed and approved immediately upon submission. For more information about eTerminal Disclaimers, refer to www.uspto.gov/patents/process/file/efs/guidance/eTD-info-I.jsp.
Claim 1 is rejected on the ground of nonstatutory double patenting as being unpatentable over claims 1-17 of U.S. Patent No. 8,566,957. Although the claims at issue are not identical, they are not patentably distinct from each other because the . 
Claim 1 is rejected on the ground of nonstatutory double patenting as being unpatentable over claims 1-18 of U.S. Patent No. 8,695,071. Although the claims at issue are not identical, they are not patentably distinct from each other because the subject matter recited by instant claim 1 overlaps in scope of claim 1 and its respective dependent claims of the ‘071 patent.
Claim 1 is rejected on the ground of nonstatutory double patenting as being unpatentable over claims 1-20 of U.S. Patent No. 8,713,656. Although the claims at issue are not identical, they are not patentably distinct from each other because the subject matter recited by instant claim 1 overlaps in scope of claim 1 and its respective dependent claims of the ‘656 patent.
Claim 1 is rejected on the ground of nonstatutory double patenting as being unpatentable over claims 1-18 of U.S. Patent No. 8,800,014. Although the claims at issue are not identical, they are not patentably distinct from each other because the subject matter recited by instant claim 1 overlaps in scope of claim 1 and its respective dependent claims of the ‘014 patent.
Claim 1 is rejected on the ground of nonstatutory double patenting as being unpatentable over claim 1-9 of U.S. Patent No. 9,112,847. Although the claims at issue are not identical, they are not patentably distinct from each other because the subject matter recited by instant claim 1 overlaps in scope of respective claims 1, 2, the respective dependent claims of the ‘847 patent.

Claim Rejections - 35 USC § 103
The following is a quotation of pre-AIA  35 U.S.C. 103(a) which forms the basis for all obviousness rejections set forth in this Office action:
(a) A patent may not be obtained though the invention is not identically disclosed or described as set forth in section 102, if the differences between the subject matter sought to be patented and the prior art are such that the subject matter as a whole would have been obvious at the time the invention was made to a person having ordinary skill in the art to which said subject matter pertains. Patentability shall not be negatived by the manner in which the invention was made.

Claim 1 is/are rejected under pre-AIA  35 U.S.C. 103(a) as being unpatentable over “Judell” (US 2012/0239928) in view of “O’Gorman” (US 2007/0094497).

Regarding Claim 1:
Judell teaches:
A method for authenticating for authenticating the identity of a requester of access to a secured resource (Fig. 7) comprising the steps of: 
providing at least one interface (Fig. 4, element 410; ¶0055, “The I/O interface 410 includes a connector 412 that can include a LAN, WAN, or other connection for coupling to the communications network 100. In this manner, electronic information can be sent to and received by the verification server 400 via the I/O interface 410”) adapted to receive and transmit data in communication with a user's application (¶0074, “The user can receive an authentication installation program 604 by downloading the program from the authorizing party's website”), a service client's application (¶0080, “The request 702 can be made to an online merchant after the user has selected the item for purchase and proceeds to complete the transaction in a "checkout" window presented to the user computer by the online merchant's website”), or both; 
“The method 700 can commence with a transaction authorization request 702 initiated form an electronic device such as a user computer to perform an online transaction, for example to purchase an item from an online merchant’s website… where the user is requested to enter an identification such as a user-name and authorizing issuer ID…”), the authorization request message having been received through the at least one interface from the service client's application (¶0055, “… electronic information can be sent to and received by the verification server 400 via the I/O interface 410”; i.e., receive the transaction authorization request via the I/O interface of the authorizing party); 
generating a challenge string with the challenge string being at least a partially random string having a plurality of symbols (¶0082, “The authorizing party generates a challenge request 706, and transmits the challenge request 708 to the user computer… In a preferred embodiment, the challenge request 706 includes a random challenge…”), …; 
transmitting the challenge string though the user's application (Fig. 7, step 710; ¶0083, “The user computer is presented with a request 710 for a password in response to receiving the challenge request. The request can be displayed in a popup window, for example, in a purchasing application installed on the user computer”)
receiving a response string corresponding to the challenge string, the response string having been received through the at least one interface from the user's application (¶0075, “For example, the user can create a phrase, alphanumeric sequence, and the like, for user as a password, and enter it into the user interface. The installation program processes the password, so that it can be provided in response to a challenge request…”; ¶0055, “… electronic information can be sent to and received by the verification server 400 via the I/O interface 410”; i.e., receive the response from the user’s installation program via the at least one interface); 
validating the service client's request to access the secured resource by determining if the response answers the challenge string (Fig. 7, step 718; ¶0085, “The authorizing party decrypts 718 the challenge request using the public key, and compares the decrypted challenge request to the original challenge request. The authorizing party outputs a verification result 720 to the user computer, either verifying the user or denying the request”).
Judell does not disclose:
… wherein at least one of the symbols of the challenge string is a specially-designated symbol indicating the absence from said random string of a single randomly-selected symbol; 
O’Gorman teaches:
… wherein at least one of the symbols of the challenge string (¶0048, “… system 310 can transmit the entire transmitted sequence T before expecting the returned sequence R to be received form the user”; ¶0042, “In generating the challenge and camouflage elements, system 310 forms transmitted sequence T, which is made up of challenge elements … and camouflage elements ….”) is a specially-designated symbol (¶0037, “For example, if the secret string is “4296” … then the system 310 might have the user memorize “red=4, green=2, blue=9, yellow=6”, wherein the substitution symbols “red”, “green”, “blue”, and “yellow” …”) indicating the absence from said “… the user memorizes N randomly generated substitutions… For instance, the sequence that is transmitted as voice signals to the user might be “3, Yellow, 0, 5, Red, Green”, which would mean that the correct string returned as voice signals from the user would be “3, 6, 0, 6, 4, 2””; i.e., a user receives a challenge string comprising of special, substitution symbols (colors) that correspond to randomly-selected alphanumeric characters of a PIN or password, and thus each color indicates the absence of said randomly-selected alphanumeric character); 
	At the time of the invention it would have been obvious to one with ordinary skill in the art to modify Judell’s authentication system by enhancing Judell’s challenge string to include at least one specially-designated symbol indicating an absence of a single randomly-selected symbol, as taught by O’Gorman, in order to prevent eavesdroppers from intercepting challenge/reply authentication messages.
	The motivation is to utilize symbols in a challenge string that are randomly-selected and memorized by a user so that only the user in which the challenge string is sent to can send a reply that verifies the user. This prevents man-in-the-middle attacks on a challenge/response protocol as an eavesdropper could not intercept and replay the challenge or response without shared knowledge of the user’s memorized randomly-selected symbols.

Contact Information
Any inquiry concerning this communication or earlier communications from the examiner should be directed to DANIEL B POTRATZ whose telephone number is (571)270-5329.  The examiner can normally be reached on M-F 10 A.M. - 6 P.M. CST.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.  
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Ashok Patel can be reached on 571-272-3972.  The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system.  Status information for published applications may be obtained from either Private PAIR or Public PAIR.  Status information for unpublished applications is available through Private PAIR only.  For more information about the PAIR system, see http://pair-direct.uspto.gov. Should you have questions on access to the Private PAIR system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative or access to the automated information system, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.




/DANIEL B POTRATZ/Primary Examiner, Art Unit 2491