Notice of Pre-AIA  or AIA  Status
1.	The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .

Remark
2.	Examiner would like to thank the attorney of record Rick Dunning for the telephone interview on 3/25/2021. 
3.	Examiner request Applicant review relevant prior art under the conclusion of this office action.

Response to Arguments
4.	Applicant’s arguments filed on 3/30/2021, with respect to the 35 U.S.C 35 U.S.C. § 103 rejections of 1-20 as allegedly being unpatentable over U.S. Patent No. 9,817,958 B1 to McCORKENDALE (hereinafter referred to as McCorkendale) in view of U.S. Publication No. 2009/0006544 A1 to LIU et al. (hereinafter referred to as Liu)
 have been fully considered and are persuasive.  Therefore, the rejection has been withdrawn.  However, upon further consideration, a new ground(s) of rejection is made in view of arguments.

Claim Rejections - 35 USC § 103
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have 

5. 	Claims 1-20 are rejected under 35 U.S.C. 103 as being unpatentable over U.S. Patent No. 9,817,958 hereinafter McCorkendale in view Liu in view of U.S. Publication No. 20090006544 hereinafter Liu, and further in view of U.S. Publication No. 20140259130 hereinafter Li.

As per claim 1, McCorkendale discloses:
A computer-implemented verification method (Col. 1 Lines 29-42 “As will be described in greater detail below, the instant disclosure describes various systems and methods for authenticating a user based on information gathered from one or more devices with which the user interacts, resulting in a shared secret that is known by the user but that is not based on publically available information and/or easily guessed using brute force.”), comprising:
generating, by a server, a security question for verifying a target user (Col. 9 Lines 30-33 “Returning to FIG. 3, at step 306, one or more of the systems described herein may generate, based on the gathered information, an authentication protocol for authenticating the user.” Col. 9 Line 37-40 “In one
example, generating module 108 may generate one or more security questions that are based on information 122.”);
determining, by the server, an answer for the target user to match the security question (Col. 9 Lines 40-42 “In this example, generating module 108 may also designate correct answers to the security questions that are also based on information 122.”);
(Fig. 7, Col. 9 Lines 43-49 “The types of security questions that generating module 108 may generate are vast and varied. FIG. 7 gives five specific examples of security questions (i.e., security questions 700) that generating module 108 may generate for a specific date (e.g., Apr. 31,2015) based on the information provided in FIG. 6. Each specific example will now be discussed, in turn.”),
determining users' data corresponding to the category identification of the answer for the target user (Fig 3. Element 304, Col. 7 Lines 43-52 “other examples, gathering module 106 may gather digital content accessed by digital device 202. For example, gathering module 106 may identify websites visited by the user via digital device 202, movies watched by the user via digital device 202, songs played by the user via digital device 202, etc. In one embodiment, gathering module 106 may identify content (e.g., a website) accessed by digital device 202 by monitoring content identified by security software (such as NORTON COMMUNITY WATCH) running on digital device 202.” Fig. 6. Col. 8 Lines 25-43 “FIG. 6 provides a specific example of the kind of information that may be included in information 122. As shown in FIG. 6, information 122 may provide information about how the user interacts with a tablet device, a smart TV device, a smart garage door, a motion sensor, a smart coffeemaker, and a wearable fitness device. In this specific example, information 122 indicates that (1) the user accessed the novel "MOBY DICK" via an AMAZON KINDLE at 15:45 on Apr. 30, 2015, (2) the user accessed the film 
searching, in the determined users' data, for one or more pieces of the users' data related to the answer for the target user (Fig. 7, Col. 12 Line 60 - Col 13 Line 2 “As discussed above in connection with step 306, in one example, authentication protocol 126 may prescribe authenticating the user if the user successfully answers one or more security questions based on information 122. In these examples, authentication module 110 may present the one or more security questions to the user and receive answers from the user. Upon receiving the answers, authentication module 110 may determine whether the answers 
and verifying the target user according to the received selection (Fig. 7, Col. 13 Lines 3-18 “If authentication module 110 determines that the answers received from the user match the correct answers, authentication module 110 may authenticate the user in response to the determination. Otherwise, if authentication module 110 determines that the answers received from the user do not match the correct answer, authentication module 110 may deny authentication. Additionally or alternatively (e.g., if authentication module 110 determines that the answers received from the user do not match the correct answer), authentication module 110 may require additional action on the part of the user in order to be authenticated. For example, authentication module 110 may require the user to correctly answer one or more additional security questions or may require the user to complete an additional authentication requirement (e.g., call a service associated with authentication module 110 to be authenticated by phone).”)

McCorkendale does not disclose:
searching, for one or more pieces of the users' data semantically related to the answer for the target user to serve as the one or more distraction answers;
sending, by the server, the security question, the answer for the target user, and the one or more distraction answers over a communication network to a terminal used by the user;


Liu discloses:
obtaining data semantically related to the answer for the target user to serve as the one or more distraction answers (para 0040 “In the registration process, when a user registers a new account or logs into an account without enhanced association information, Process Server 2 requests the user to configure enhanced association information.” Para 0041 “The enhanced association information includes questions and answers closely related to the owner of the account, e.g., age, height, favorites, birthplace, mother school, etc.” Para 0042 “In the verification process, Process Server 2 receives a service request, e.g., to modify the password of an account, to pay online, or to operate on other sensitive information related to the account, from Client Terminal 1 (the account corresponding to Client Terminal 1 may be invalid at present), Process Server 2 enters the verification process, i.e. Step S24 to verify the identity of the user using Client Terminal 1 according to the enhanced association information configured in advance by the owner of the account.” Para 0043 “Verification Module 21 acquires the enhanced association information of the account, i.e., saved questions and answers, from Database Server 3; the saved questions and answers are transmitted to Verification Module 21 as a picture. Database Server 3 generates a number of false answers to the questions according to the correct 
sending, by the server, the security question, the answer for the target user, and the one or more distraction answers over a communication network to a terminal used by the user (para 0036 “Client Terminal 1 is connected to Process Server 2 via a network and an IM client is installed in Client Terminal 1.” Para 0044 “Afterward, in Step S25, Process Server 2 randomly selects a preset number of questions, correct answers and false answers to the questions according to the security level corresponding to the service request from Client Terminal, generates verification information in the form of a picture, and sends the verification information to Client Terminal 1. Since the questions and answers are transmitted as a picture and are display in a random order, it is not easily to intercept the questions and answers by Trojan horses programs.”);
receiving, by the server from the terminal over the communication network, a selection by the target user of the answer for the target user or one of the one or more distraction answers (para 0045 “In Step S26, Client Terminal 1 answers the questions in the received verification information and submits verification answers to Process Server 2.”)
Therefore, it would have been obvious to one of ordinary skill in the art before the effective filing date of claimed invention authenticating a user based on information gathered from one or more devices of McCorkendale to include the method of searching, sending and receiving questions/answers over a communication network, as taught Liu.


McCorkendale in view of Liu does not disclose:
searching, for one or more pieces of the users' data semantically related to the answer for the target user to serve as the one or more distraction answers

	Li discloses:
searching, for one or more pieces of the users' data semantically related to the answer for the target user to serve as the one or more distraction answers (para 0043 “A requesting device 402 may send context data 403 to a proxy device 404 on an intermittent or periodic basis. The proxy device 404 may include a server or computing resource coupled to the requesting device 402 by a network. The context data 403 may be derived from a user's interactions with the requesting device 402, from data stored or accessed by one or more applications on the requesting device 402, or from other external sources (e.g., a social network, or other public data sources).” para 0045 “The proxy device 404 may, at 412, generate one or more challenge questions in response to the request 410, as well as a correct response to the one or more challenge questions. The proxy device 404 may also generate one or more false answers (block 414) in addition to the challenge questions generated. The challenge questions and false answers may both be based on context data 403 supplied to the proxy device 404 by the requesting device 402.”)

The motivation would have been to present questions and distraction answers to a user to properly verify a user.
	
As per claim 2, McCorkendale in view Liu and Li discloses:
The method according to claim 1, wherein the method further comprises the following steps for obtaining the users' data: acquiring, by the server, data from a plurality of users, the acquired data forming the users' data; determining, by the server, a category identification of each piece of the users' data; categorizing, by the server, the users' data into categories according to the category identification of each piece of the users' data, each category corresponding to a category identification; and generating, by the server, one or more answer libraries each corresponding to a category identification for each category of the users' data (McCorkendale Figs. 3, 6, and 7, Col. 4 Lines 21-27 and Col. 11-24).

As per claim 3, McCorkendale in view Liu and Li discloses:
The method according to claim 2, wherein the users' data comprises: at least one of operation data generated based on operations of the users and the 

As per claim 4, McCorkendale in view Liu and Li discloses:
The method according to claim 2, wherein each category identification comprises: at least one personal data attribute identification or at least one operation data attribute identification (McCorkendale Figs. 3, 6, and 7, Col. 7 Line 4- Col. 9 Line 29).

As per claim 5, McCorkendale in view Liu and Li discloses:
The method according to claim 4, wherein determining users' data corresponding to the category identification of the answer for the target user and searching, in the determined users' data, for one or more pieces of the users' data related to the answer for the target user to serve as one or more distraction answers comprise:
when the category identification of the answer for the target user includes an operation data attribute identification, determining, by the server, an answer library corresponding to the operation data attribute identification, searching, by the server, in the determined answer library for users' data corresponding to a personal data attribute identification of the target user, and searching, by the server, in the users' data corresponding to the personal data attribute identification of the target user, for the one or more pieces of the users' data related to the answer for the target user according to semantics or 

As per claim 6, McCorkendale in view Liu and Li discloses:
The method according to claim 5, wherein searching for the one or more pieces of the users' data related to the answer for the target user according to semantics and/or characters of the answer for the target user comprises: determining, by the server, according to the semantics and/or characters of the answer for the target user, a similarity between the answer for the target user and each piece of the users' data corresponding to the personal data attribute identification of the target user; and searching, by the server, for the one or more pieces of the users' data related to the answer for the target user according to the similarity (McCorkendale Figs. 6 and 7, Col. 9 Line 50- Col. 10 Line 50).
As per claim 7, McCorkendale in view Liu and Li discloses:
The method according to claim 6, wherein searching for the one or more pieces of the users' data related to the answer for the target user according to semantics and/or characters of the answer for the target user comprises: if the number of the pieces of the users' data found according to the similarity is greater than a threshold, selecting , by the server, according to the similarity, 

As per claim 8, McCorkendale in view Liu and Li discloses:
The method according to claim 2, wherein determining users' data corresponding to the category identification of the answer for the target user and searching, in the determined users' data, for one or more pieces of the users' data related to the answer for the target user to serve as one or more distraction answers comprises: when the category identification of the answer for the target user includes a personal data attribute identification, determining, by the server, an answer library corresponding to the personal data attribute identification, and searching, by the server, in the determined answer library for the one or more pieces of the users' data related to the answer for the target user according to semantics or characters of the answer for the target user to serve as the one or more distraction answers (McCorkendale Figs. 6 and 7, Col. 9 Line 50- Col. 10 Line 50).

As per claim 9, McCorkendale in view Liu and Li discloses:
The method according to claim 2, wherein acquiring data from a plurality of users comprises: when the data from the plurality of users changes, acquiring, by the server, changed data; and wherein the method further comprises: updating, by the server, the answer libraries with the changed data (McCorkendale Col. 9 Lines 7-22 and Col. 11 Lines 4-12).
As per claim 10, McCorkendale in view Liu discloses:
The method according to claim 2, wherein acquiring, by the server, data from a plurality of users comprises: acquiring data from the plurality of users according to a set period; and wherein the method further comprises: updating, by the server, the answer libraries with the data acquired from the plurality of users according to the set period (McCorkendale Col. 9 Lines 7-22).

As per claim 11, the implementation of the method of claim 1 will execute the verification device of claim 11. The claim is analyzed with respect for claim 1.

As per claim 12, the claim is analyzed with respect to claim 2.

As per claim 13, the claim is analyzed with respect to claim 3.

As per claim 14, the claim is analyzed with respect to claim 4.

As per claim 15, the claim is analyzed with respect to claim 5.

As per claim 16, the claim is analyzed with respect to claim 6.

As per claim 17, the claim is analyzed with respect to claim 7.

As per claim 18, the claim is analyzed with respect to claim 8.

As per claim 19, the claim is analyzed with respect to claim 9.

As per claim 20, the implementation of the method of claim 1 will execute the non-transitory computer-readable (Col. 2 Lines 38-49) of claim 20. The claim is analyzed with respect for claim 1.

Conclusion
6.	The prior art made of record and not relied upon is considered pertinent to applicant's disclosure. 
A. 	US 20170078262 discloses on 0048 “In an aspect, the at least one false answer 116 may be derived from the aggregated user data accessible by the authentication system 110. For example, the at least one false answer 116 may correspond to one or more data points in the aggregated data but failing one or more criteria of the authentication question 112. In a further aspect, the at least one false answer 116 may be selected from a pool of potential false answers 116 for a given authentication question 112. In an aspect, transmitting the authentication question 112 and selectable options may be performed by encoding a user interface 109 for rendering by a user device 102. The user interface 109 may include a collection of selectable elements 117 each corresponding to one of the selectable options for the given authentication question 112.”

B. 	US 9633322 discloses on Col. 10 Lines 23-34 “In some embodiments, the system may automatically choose and present, based at least in part on difficulty level of questions, trick questions (also referred to as "false questions") to the consumers. For example, the false question may be: "What is the name of your daughter's first elementary school" when the system, in fact, knows that the identify used in requesting a new account does not have a daughter. In another example, the question may be: "Please indicate which branch of the ABCD Bank is the one that you visit most frequently" when in fact the system is aware that the identity used in requesting a new account does not have an account at the ABCD Bank.” This illustrates the system finding in the registered data that one or more pieces of user data semantically related to the answer for the target user to serve as one or more distraction answers. Also in Col. 10 Lines 35-52 “In addition to false questions, the system may also provide false answers. For example, the system may mix real answers and false answers and present the mixed set of answers to both real and false questions to a consumer. In some embodiments, the false questions and false answers are generated randomly and automatically by the system. In some other embodiments, the false questions may also be ranked as to their respective levels of difficulty and presented to consumers by the system based on the chosen level of difficulty. For example, if a consumer is deemed high risk, the system may choose more difficult false questions and present them to the consumer. Examples of relatively easy authentication questions may be "What is your date of birth?" and "What is your mother's maiden name?" Examples of more difficult authentication questions include, for example, "What is your address from 1999-2001?" and "Did you have a car loan for approximately $40,000 in 2005 with CarBuyingCo?".”

NPL “Pictures or Questions? Examining User Responses to Association-Based Authentication” hereinafter Renaud dated 2010 discloses on pg. 103, first Col, first paragraph “People appear to provide (possibly false) answers at enrolment which they hope to remember later, but do not. It is an unfortunate fact that humans tend to overestimate their ability to remember things [22]. Interestingly, one of the participants provided her own name as the answer to her questions at enrolment. Unfortunately she had forgotten this when she returned a week later, and provided valid (but incorrect) answers.” People registered false answers to questions


Any inquiry concerning this communication or earlier communications from the examiner should be directed to GARY S GRACIA whose telephone number is (571)270-5192.  The examiner can normally be reached on Monday-Friday 9am-6pm.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Ashok Patel can be reached on 5712723972.  The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system.  Status information for published applications may be obtained from either Private PAIR or Public PAIR.  Status information for unpublished applications is available through Private PAIR only.  For more information about the PAIR system, see https://ppair-my.uspto.gov/pair/PrivatePair. Should you have questions on access to the Private PAIR system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative or access to the automated information system, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.






/GARY S GRACIA/Primary Examiner, Art Unit 2491