Notice of Pre-AIA  or AIA  Status
The present application is being examined under the pre-AIA  first to invent provisions.
In the event the determination of the status of the application as subject to AIA  35 U.S.C. 102 and 103 (or as subject to pre-AIA  35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status.
This action is in response to the correspondence filed 09/22/2019.
Claims 1-20 are presented for examination.

Double Patenting
The nonstatutory double patenting rejection is based on a judicially created doctrine grounded in public policy (a policy reflected in the statute) so as to prevent the unjustified or improper timewise extension of the “right to exclude” granted by a patent and to prevent possible harassment by multiple assignees. A nonstatutory double patenting rejection is appropriate where the conflicting claims are not identical, but at least one examined application claim is not patentably distinct from the reference claim(s) because the examined application claim is either anticipated by, or would have been obvious over, the reference claim(s). See, e.g., In re Berg, 140 F.3d 1428, 46 USPQ2d 1226 (Fed. Cir. 1998); In re Goodman, 11 F.3d 1046, 29 USPQ2d 2010 (Fed. Cir. 1993); In re Longi, 759 F.2d 887, 225 USPQ 645 (Fed. Cir. 1985); In re Van Ornum, 686 F.2d 937, 214 USPQ 761 (CCPA 1982); In re Vogel, 422 F.2d 438, 164 USPQ 619 (CCPA 1970); In re Thorington, 418 F.2d 528, 163 USPQ 644 (CCPA 1969).
A timely filed terminal disclaimer in compliance with 37 CFR 1.321(c) or 1.321(d) may be used to overcome an actual or provisional rejection based on nonstatutory double patenting provided the reference application or patent either is shown to be commonly owned with the examined application, or claims an invention made as a result of activities undertaken within the scope of a joint research 
The USPTO Internet website contains terminal disclaimer forms which may be used. Please visit www.uspto.gov/patent/patents-forms. The filing date of the application in which the form is filed determines what form (e.g., PTO/SB/25, PTO/SB/26, PTO/AIA /25, or PTO/AIA /26) should be used. A web-based eTerminal Disclaimer may be filled out completely online using web-screens. An eTerminal Disclaimer that meets all requirements is auto-processed and approved immediately upon submission. For more information about eTerminal Disclaimers, refer to www.uspto.gov/patents/process/file/efs/guidance/eTD-info-I.jsp.
Claims 1-20 are rejected on the ground of nonstatutory double patenting as being unpatentable over claims 1-47 of U.S. Patent No. 8,266,432 (‘432) in view of US 2001/0056487 to Yoo. Although the claims at issue are not identical, they are not patentably distinct from each other because each of the limitations of claims 1 and 11 of the present application are anticipated by each of the limitations of claims 1 and 25 of ‘432 except for the limitation of the result denies authentication of the user if the user-authentication code is invalid. However, Yoo teaches the result denies authentication of the user if the user-authentication code is invalid (FIG. 8C, paragraph 48 and claim 25, transmitting the result of the user authentication indicating the identity is not authenticated and the operation is not allowed).
It would have been obvious to one of ordinary skill in the art, at the time the invention was made, to modify the teachings of Jerdonek with the result that denies authentication of the user as taught by Yoo in order to provide feedback including the status of the performed action when preventing unauthorized users from accessing the online system.

Claim Interpretation
The following is a quotation of 35 U.S.C. 112(f):
(f) Element in Claim for a Combination. – An element in a claim for a combination may be expressed as a means or step for performing a specified function without the recital of structure, material, or acts in support thereof, and such claim shall be construed to cover the corresponding structure, material, or acts described in the specification and equivalents thereof. 

The following is a quotation of pre-AIA  35 U.S.C. 112, sixth paragraph:
An element in a claim for a combination may be expressed as a means or step for performing a specified function without the recital of structure, material, or acts in support thereof, and such claim shall be construed to cover the corresponding structure, material, or acts described in the specification and equivalents thereof.
The claims in this application are given their broadest reasonable interpretation using the plain meaning of the claim language in light of the specification as it would be understood by one of ordinary skill in the art.  The broadest reasonable interpretation of a claim element (also commonly referred to as a claim limitation) is limited by the description in the specification when 35 U.S.C. 112(f) or pre-AIA  35 U.S.C. 112, sixth paragraph, is invoked.
As explained in MPEP § 2181, subsection I, claim limitations that meet the following three-prong test will be interpreted under 35 U.S.C. 112(f) or pre-AIA  35 U.S.C. 112, sixth paragraph:
(A)	the claim limitation uses the term “means” or “step” or a term used as a substitute for “means” that is a generic placeholder (also called a nonce term or a non-structural term having no specific structural meaning) for performing the claimed function; 
(B)	the term “means” or “step” or the generic placeholder is modified by functional language, typically, but not always linked by the transition word “for” (e.g., “means for”) or another linking word or phrase, such as “configured to” or “so that”; and 
(C)	the term “means” or “step” or the generic placeholder is not modified by sufficient structure, material, or acts for performing the claimed function.
Use of the word “means” (or “step”) in a claim with functional language creates a rebuttable presumption that the claim limitation is to be treated in accordance with 35 U.S.C. 112(f) or pre-AIA  35 U.S.C. 112, sixth paragraph. The presumption that the claim limitation is interpreted under 35 U.S.C. 112(f) or pre-AIA  35 U.S.C. 112, sixth paragraph, is rebutted when the claim limitation recites sufficient structure, material, or acts to entirely perform the recited function.
Absence of the word “means” (or “step”) in a claim creates a rebuttable presumption that the claim limitation is not to be treated in accordance with 35 U.S.C. 112(f) or pre-AIA  35 U.S.C. 112, sixth paragraph. The presumption that the claim limitation is not interpreted under 35 U.S.C. 112(f) or pre-AIA  35 U.S.C. 112, sixth paragraph, is rebutted when the claim limitation recites function without reciting sufficient structure, material or acts to entirely perform the recited function.
Claim limitations in this application that use the word “means” (or “step”) are being interpreted under 35 U.S.C. 112(f) or pre-AIA  35 U.S.C. 112, sixth paragraph, except as otherwise indicated in an Office action. Conversely, claim limitations in this application that do not use the word “means” (or “step”) are not being interpreted under 35 U.S.C. 112(f) or pre-AIA  35 U.S.C. 112, sixth paragraph, except as otherwise indicated in an Office action.
This application includes one or more claim limitations that do not use the word “means,” but are nonetheless being interpreted under 35 U.S.C. 112(f) or pre-AIA  35 U.S.C. 112, sixth paragraph, because the claim limitation(s) uses a generic placeholder that is coupled with functional language without reciting sufficient structure to perform the recited function and the generic placeholder is not preceded by a structural modifier.  Such claim limitation is: “one or more computing devices configured to perform operations comprising: …” in claim 1.
Because this claim limitation is being interpreted under 35 U.S.C. 112(f) or pre-AIA  35 U.S.C. 112, sixth paragraph, it is being interpreted to cover the corresponding structure described in the specification as performing the claimed function, and equivalents thereof.
If applicant does not intend to have this/these limitation(s) interpreted under 35 U.S.C. 112(f) or pre-AIA  35 U.S.C. 112, sixth paragraph, applicant may:  (1) amend the claim limitation to avoid it being interpreted under 35 U.S.C. 112(f) or pre-AIA  35 U.S.C. 112, sixth paragraph (e.g., by reciting sufficient structure to perform the claimed function); or (2) present a sufficient showing that the claim limitation recites sufficient structure to perform the claimed function so as to avoid it being interpreted under 35 U.S.C. 112(f) or pre-AIA  35 U.S.C. 112, sixth paragraph.

Claim Rejections - 35 USC § 112
The following is a quotation of 35 U.S.C. 112(b):
(b)  CONCLUSION.—The specification shall conclude with one or more claims particularly pointing out and distinctly claiming the subject matter which the inventor or a joint inventor regards as the invention.


The following is a quotation of 35 U.S.C. 112 (pre-AIA ), second paragraph:
The specification shall conclude with one or more claims particularly pointing out and distinctly claiming the subject matter which the applicant regards as his invention.


Claims 1-10 are rejected under 35 U.S.C. 112(b) or 35 U.S.C. 112 (pre-AIA ), second paragraph, as being indefinite for failing to particularly point out and distinctly claim the subject matter which the inventor or a joint inventor, or for pre-AIA  the applicant regards as the invention.
As to claim 1, claim limitation “one or more computing devices configured to perform operations comprising: …” invokes 35 U.S.C. 112(f) or pre-AIA  35 U.S.C. 112, sixth paragraph. However, the written description fails to disclose the corresponding structure, material, or acts for performing the entire claimed function and to clearly link the structure, material, or acts to the function. More specifically, no association between the structure and the function can be found in the specification. Therefore, the claim is indefinite and is rejected under 35 U.S.C. 112(b) or pre-AIA  35 U.S.C. 112, second paragraph.
Applicant may:

(b)        Amend the written description of the specification such that it expressly recites what structure, material, or acts perform the entire claimed function, without introducing any new matter (35 U.S.C. 132(a)); or 
(c)        Amend the written description of the specification such that it clearly links the structure, material, or acts disclosed therein to the function recited in the claim, without introducing any new matter (35 U.S.C. 132(a)).
If applicant is of the opinion that the written description of the specification already implicitly or inherently discloses the corresponding structure, material, or acts and clearly links them to the function so that one of ordinary skill in the art would recognize what structure, material, or acts perform the claimed function, applicant should clarify the record by either: 
(a)        Amending the written description of the specification such that it expressly recites the corresponding structure, material, or acts for performing the claimed function and clearly links or associates the structure, material, or acts to the claimed function, without introducing any new matter (35 U.S.C. 132(a)); or 
(b)        Stating on the record what the corresponding structure, material, or acts, which are implicitly or inherently set forth in the written description of the specification, perform the claimed function. For more information, see 37 CFR 1.75(d) and MPEP §§ 608.01(o) and 2181.
Claims 2-10 do not cure the deficiency of claim 1 and are rejected under 35 USC § 112 for their dependency upon claim 1.

Claim Rejections - 35 USC § 103
The following is a quotation of pre-AIA  35 U.S.C. 103(a) which forms the basis for all obviousness rejections set forth in this Office action:
(a) A patent may not be obtained though the invention is not identically disclosed or described as set forth in section 102, if the differences between the subject matter sought to be patented and the prior art are such that the subject matter as a whole would have been obvious at the time the invention was made to a person having ordinary skill in the art to which said subject matter pertains. Patentability shall not be negatived by the manner in which the invention was made.

The factual inquiries for establishing a background for determining obviousness under pre-AIA  35 U.S.C. 103(a) are summarized as follows:
1. Determining the scope and contents of the prior art.
2. Ascertaining the differences between the prior art and the claims at issue.
3. Resolving the level of ordinary skill in the pertinent art.
4. Considering objective evidence present in the application indicating obviousness or nonobviousness.
Claim 1, 2, 5-12 and 15-20 are rejected under pre-AIA  35 U.S.C. 103(a) as being unpatentable over US 2002/0095569 to Jerdonek in view of US 2002/0116333 to McDonnell et al. (hereinafter McDonnell).
As to claims 1 and 11, Jerdonek teaches a system and method for enhancing online authentication of a user attempting to access an online system, the authentication system comprising one or more computing devices configured to perform operations comprising: receiving, via a computer network, after the user attempts to access the online system (paragraph 44, initial attempt to access private server which is online), a request for a user-authentication code for the user (paragraph 45, request to external sever to obtain one-time password); providing, via the computer network, the user-authentication code in response to the request for the user-authentication code (paragraph 48, one-time password communicated to client system), wherein: the user-authentication code is information (paragraphs 47 and 59, one-time password is generated by the external server and used to later authenticate the client), the user-authentication code is configured to be valid for a predetermined time (paragraph 11, set time limits may be set), the user-authentication code is configured to become invalid after the predetermined time (paragraph 11, not made within a period of time … password is unauthorized, deleted, inactivated), and the user-authentication code is configured to become invalid after a first use to authenticate the user (paragraph 60, after the one-time password has been successfully used, the one-time password is de-activated); receiving, via the computer network, a user-authentication request for authenticating the user from the online system (paragraph 59, authorization data and one-time password sent to the authentication server by the firewall server), the user-authentication request comprising the user-authentication code and user-identification information of the user (paragraph 58, wherein the authorization data includes user name and password combination as well as the one-time password); authenticating the user based on at least the user-authentication code and the user- identification information included in the authentication request (paragraph 59, authentication server determines whether the one-time password is active and the authorization data is correct); and 27Attny. Dkt. No. KAM-002-DIV2providing, via the computer network, a result of the authenticating to the online system in response to the authentication request (paragraph 59, authentication server notifies the firewall server that access is approved), wherein: the result confirms authentication of the user if the user-authentication code is valid (FIG. 4D, paragraph 59, authentication server indicates access approval to firewall server);.
Jerdonek does not explicitly teach the result denies authentication of the user if the user-authentication code is invalid.
However, McDonnell teaches the result denies authentication of the user if the user-authentication code is invalid (paragraphs 10 and 11, the first authentication provider 20 does not authenticate the user 10, then the selective authenticator 16 sends this result to the merchant 14 and the merchant 14 prevents the purchase from being completed at this time).
It would have been obvious to one of ordinary skill in the art, at the time the invention was made, to modify the teachings of Jerdonek with the result that denies authentication of the user as taught by McDonnell in order to provide feedback including the status of the performed action when preventing unauthorized users from accessing the online system.
As to claims 2 and 12, Jerdonek teaches wherein the user-authentication code is a SecureCode (paragraph 69, the one-time password is read as the SecureCode without limitation which further define the SecureCode based on the broadest reasonable interpretation taken by the Examiner in view of the specification).
As to claims 5 and 15, Jerdonek teaches wherein authenticating the user comprises determining whether the user-authentication code received in the authentication request is valid (paragraph 59, authentication server determines whether the one-time password is active and the authorization data is correct).
As to claims 6 and 16, Jerdonek teaches wherein determining whether the user-authentication code received in the authentication request is valid comprises: determining whether the user-authentication request is the first use of the user- authentication code to authenticate the user (paragraphs 59 and 60, wherein a password is deactivated after used and the determination step of the server includes determining whether the password is active); and determining whether a time of the first use is within the predetermined time (paragraphs 11, 59 and 60, wherein a password is inactivated after a set amount of time and the determination step of the server includes determining whether the password is active)
As to claims 7 and 17, Jerdonek teaches wherein the time of the first use is a current time (paragraphs 11, 59 and 60, wherein the determination is upon submitting the one-time password therefore current time if it is first use).
As to claims 8 and 18, Jerdonek teaches wherein after authenticating the user, the user- authentication code is invalid for all subsequent user-authentication requests (paragraph 60, after use the one-time password is deactivated).
As to claims 9 and 19, Jerdonek teaches wherein the user-authentication code is valid for authenticating the user at the time the user receives the user-authentication code (paragraph 56, wherein an already activated one-time password may be sent to the client system).
As to claims 10 and 20, Jerdonek teaches wherein receiving the user-authentication request and providing the result occur during a real-time interaction between the user and the online system (paragraphs 59-61, wherein the steps are automatic and further there is no indication that a delay is included).

Claims 3, 4, 13 and 14 are rejected under pre-AIA  35 U.S.C. 103(a) as being unpatentable over Jerdonek in view of McDonnell in further view of US 2002/0177433 to Bravo et al. (hereinafter Bravo).
As to claims 3 and 13, Jerdonek and McDonnell do not explicitly teach wherein the SecureCode is comprised of alphabetic characters, numeric characters, or a Personal Identification Number (PIN).
However, Bravo teaches wherein the SecureCode is comprised of alphabetic characters, numeric characters, or a Personal Identification Number (PIN) (paragraph 7, a secret alphanumeric PIN or password, therefore comprised of alphabetic characters and/or PIN).
It would have been obvious to one of ordinary skill in the art, at the time the invention was made, to modify the teachings of Jerdonek and McDonnell with the alphanumeric secure code taught by 
As to claims 4 and 14, Jerdonek and McDonnell do not explicitly teach wherein the user-authentication code is variable and has a different value each time the system provides it.
However, Bravo teaches the user-authentication code is variable and has a different value each time the system provides it (paragraph 12, wherein the one-time token is pseudo-random, therefore variable with a different value each time).
It would have been obvious to one of ordinary skill in the art, at the time the invention was made, to modify the teachings of Jerdonek and McDonnell with the pseudo-random code taught by Bravo in order to increase the security of the system by having different codes produced each time which increases entropy.

Conclusion
Any inquiry concerning this communication or earlier communications from the examiner should be directed to MALCOLM CRIBBS whose telephone number is (571)270-1566.  The examiner can normally be reached on Monday-Friday 930a-330p; 430p-630p.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Hadi Armouche can be reached on (571)270-3618.  The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system.  Status information for published applications may be obtained 


MALCOLM . CRIBBS
Examiner
Art Unit 2497



/MALCOLM CRIBBS/Primary Examiner, Art Unit 2497