DETAILED ACTION
Claims 15-32 and 34 are pending in this application.

Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .

Allowable Subject Matter
Claims 17-19, 21, 23, 25-29, 31, 32 and 34 are objected to as being dependent upon a rejected base claim, but would be allowable if rewritten in independent form including all of the limitations of the base claim and any intervening claims.

Claim Rejections - 35 USC § 103
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.

The factual inquiries for establishing a background for determining obviousness under 35 U.S.C. 103 are summarized as follows:
1. Determining the scope and contents of the prior art.
2. Ascertaining the differences between the prior art and the claims at issue.
3. Resolving the level of ordinary skill in the pertinent art.


Claims 15, 16, 20, 22, 24 and 30 are rejected under 35 U.S.C. 103 as being unpatentable over Venkat et al. (US Patent No. 9,887,992) [hereinafter “Venkat”] in view of Huang (US PGPUB No. 2015/0227946).

As per claim 15, Venkat teaches a method comprising: verifying a transaction to be performed by a software application in dependence upon user credentials (Col. 3, lines 1-5, verifying user credentials to start authenticated session with website which includes payment transactions see Col. 8, lines 31-36); and performing the transaction (Col. 8, lines 35-36, tickets are paid online, i.e. transaction performed, and payments verified); wherein the verification comprises: generating a user verifiable code and an authentication challenge comprising at least a barcode (Abstract, generating optical-machine readable code and security image); transmitting and rendering the barcode to the user (Abstract, transmitting code and image for display by user device); scanning, by the user, of the rendered barcode (Abstract, scanning/extracting data from the code); rendering the another code to the user (Fig. 5a-g, generating security image for comparison by ); transmitting and rendering the user verifiable code to the user (Fig. 25, sight code sent with QR code once on computer and once on mobile device so user can verify); and the user determining to sign the authentication challenge in dependence upon whether the another code matches the user verifiable code (Col. 20, lines 35-40, determining whether to scan and verify QR code after sight code is matched).
see [0093]).  
	At the time of filing, it would have been obvious to one of ordinary skill in the art to combine Venkat with the teachings of Huang, generating another code in dependence upon the scanned barcode, to efficiently transmit further verification information without an out-of-band network, i.e. mobile network.

As per claim 16, the combination of Venkat and Huang teaches the method according to claim 15, further comprising providing a first software application in execution upon a first electronic device comprising a first microprocessor coupled to a communications network and a communications interface (Venkat; Col. 8, lines 31-36, web browser or mobile application installed on user device); providing an authentication server coupled to the communications network (Venkat; Col. 2, lines 7-12, web-based server establishing authentication session); providing a software agent upon the first electronic device in communication with the authentication server via the communications network (Venkat; Col. 2, lines 25-32, functionality on client device that verifies credentials and is in communication with web-based server which is establishing authenticated session) and a second software application upon a second electronic device via the communications interface of the first electronic device (Venkat; Col. 2, lines 18-20, a see also Col. 8, lines 31-36).

As per claim 20, the combination of Venkat and Huang teaches the method according to claim 15, further comprising providing a first software application in execution upon a first electronic device comprising a first microprocessor coupled to a communications network and a communications interface (Venkat; Col. 8, lines 31-36, web browser or mobile application installed on user device); providing an authentication server coupled to the communications network (Venkat; Col. 2, lines 7-12, web-based server establishing authentication session); and providing a second software application in execution upon a second electronic device (Venkat; Col. 2, lines 18-20, a mobile device different from client device connected with establishing authentication session), the second electronic device associated with a user and comprising a second see also Col. 8, lines 31-36).

As per claim 22, the combination of Venkat and Huang teaches the method according to claim 15, further comprising providing a first software application in execution upon a first electronic device comprising a first microprocessor coupled to a communications network and a communications interface (Venkat; Col. 8, lines 31-36, web browser or mobile application installed on user device); and providing a second software application in execution upon a second electronic device, the second electronic device associated with a user and comprising a second microprocessor and another communications interface supporting communications via the communications network to the authentication server (Venkat; Col. 2, lines 18-20, mobile device with full communication and processing capability communicates with web-based server); wherein the first software application and the second software application execute a secure workflow process which requests the authorisation for the transaction and upon receiving authorization verifies and proceeds with the transaction (Venkat; Col. 2, lines see also Col. 8, lines 31-36).

As per claim 24, the combination of Venkat and Huang teaches the method according to claim 15, further comprising providing a first software application in execution upon a first electronic device comprising a first microprocessor coupled to a communications network and a communications interface (Venkat; Col. 8, lines 31-36, web browser or mobile application installed on user device); providing relay service coupled to the communications network (Claim interpretation – “relay service” is described as providing secure network channels) (Venkat; Col. 31, lines 25-35, secure communication channels are available and provided between clients and server); and providing a second software application in execution upon a second electronic device, the second electronic device associated with a user and comprising a second microprocessor and another communications interface supporting communications via the communications network to the authentication server (Venkat; Col. 2, lines 18-20, mobile device with full communication and processing capability communicates with web-based server); wherein the first software application, the authentication server and the second software application execute a secure workflow process which requests the authorisation for the transaction and upon receiving authorization verifies and proceeds with the transaction (Venkat; Col. 2, lines 10-25, mobile device, client device and web-base server work together with web-based or mobile application to verify and process web transactions see also Col. 8, lines 31-36).

As per claim 30, the combination of Venkat and Huang teaches the method according to claim 15, further comprising providing an internet service provider (INTSERP) in execution upon one or more remote servers, each remote server comprising a first microprocessor and coupled to a communications network (Venkat; Col. 7, lines 21-30, servers providing services to client devices via web-based interfaces); providing relay service coupled to the communications network (Claim interpretation – “relay service” is described as providing secure network channels) (Venkat; Col. 31, lines 25-35, secure communication channels are available and provided between clients and server); and providing a software application in execution upon an electronic device, the electronic device associated with a user and comprising a second microprocessor and another communications interface supporting communications via the communications network to the one or more remote servers (Venkat; Col. 8, lines 31-36, web browser or mobile application installed on user device); wherein the software application, the relay service and the INTSERP execute a secure workflow process which requests the authorisation for the transaction and upon receiving authorization verifies and proceeds with the transaction (Venkat; Col. 2, lines 10-25, mobile device, client device and web-base server work together with web-based or mobile application to verify and process web transactions see also Col. 8, lines 31-36).

Response to Arguments
Applicant's arguments with respect to the compliance of the latest amendments with the original presentation of the invention have been fully considered and are persuasive.  Accordingly, the claims have been examined.

Examiner notes that new citations to the cited prior art reference, Venkat, have been provided and a new prior art reference, Huang has been introduced. Furthermore, allowable subject matter has been indicated. No specific arguments have been presented in the latest remarks to be addressed.

To expedite prosecution, Examiner is open to conducting an after final interview to discuss claim amendments to move the case into condition for allowance including incorporating the indicated allowable subject matter.

Conclusion
The prior art made of record and not relied upon is considered pertinent to applicant's disclosure. Houthooft et al. (US PGPUB No. 2016/0219039) and Harris (US PGPUB No. 2015/0379154) discloses sending barcodes to authenticate users and devices. Ahmed et al. ("Privacy Preserving Web Based Transaction Using E-Smart Cards and Image Authentication", doi: 10.1109/ICACCE.2015.60, 2015, pp. 465-470) using images to authenticate users and servers.

Applicant's amendment necessitated the new ground(s) of rejection presented in this Office action.  Accordingly, THIS ACTION IS MADE FINAL.  See MPEP 
A shortened statutory period for reply to this final action is set to expire THREE MONTHS from the mailing date of this action.  In the event a first reply is filed within TWO MONTHS of the mailing date of this final action and the advisory action is not mailed until after the end of the THREE-MONTH shortened statutory period, then the shortened statutory period will expire on the date the advisory action is mailed, and any extension fee pursuant to 37 CFR 1.136(a) will be calculated from the mailing date of the advisory action.  In no event, however, will the statutory period for reply expire later than SIX MONTHS from the date of this final action. 


/PETER C SHAW/Primary Examiner, Art Unit 2493                                                                                                                                                                                                        March 18, 2021