Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .
DETAILED ACTION
Continued Examination Under 37 CFR 1.114
A request for continued examination (RCE) under 37 CFR 1.114, including the fee set forth in 37 CFR 1.17(e), was filed on 03/22/2021 in this application after final rejection.  Since this application is eligible for continued examination under 37 CFR 1.114, and the fee set forth in 37 CFR 1.17(e) has been timely paid, the finality of the previous Office action has been withdrawn pursuant to 37 CFR 1.114.  Applicant’s submission filed on 02/26/2021 has been entered.
In the instant Amendment, claims 1, 13 and 17 amended. Claims 2, 14, and 18 have been cancelled; claim 22-24 has been added. Claims 1, 13 and 17 are independent claims.  Claims 1, 3-6, 8-13, 15-17 and 19-24 have been examined and are pending. This Action is made Non-FINAL.
Response to Arguments
Applicants’ arguments with respect to claims 1-6 and 8-21 have been considered but are moot in view of the new ground(s) of rejection.
Claim Rejections - 35 USC § 103
In the event the determination of the status of the application as subject to AIA  35 U.S.C. 102 and 103 (or as subject to pre-AIA  35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status.  
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102 of this title, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.
Claims 1, 3-6, 11-13, 17 and 21-24 are rejected under 35 U.S.C. 103 as being unpatentable over Watson (US 2018/0089407), in view of Pemmaraju (US 8,484,698) and further in view of Starner (US 10,341,113).
Regarding claim 1, Watson discloses a computer-implemented method comprising: 
receiving, via a first user device in connection with a request to access a protected resource 5associated with the user (access to the user's account) (Watson par. 0007 and 0027. Watson teaches that a method voice authentication within a messaging system is provided. Specifically, and in one embodiment, a randomly generated voice challenge is issued to a user who is successfully logged into session in response to an operation requested by the user to an external service. The messaging platform authenticator authenticates the user for access to the user's account with the messaging platform. See also par. 0039, 0076-0077), a first set of user-generated cryptographic information (a password, fingerprint) and a second set of user-generated cryptographic information (voice) (Watson par. 0007, 0027 and 0046. Watson teaches that a method voice authentication within a messaging system is provided. Specifically, and in one embodiment, a randomly generated voice challenge is issued to a user who is successfully logged into session with a messaging platform in response to an operation requested by the user to an external service. A user accesses messaging client and is authenticated with a user-identifier and credential (such as a password, fingerprint, etc.) by the messaging platform authenticator 121. The voice authenticator is configured for voice authentication (as a second factor, the messaging session login being the first factor) of the user to a true identity during this session or subsequent session initiated by the user. See also par. 0054 and 0059); wherein the second set of user-generated cryptographic information comprises at least a set of voice data (Watson par. 0033. Watson teaches that in response to a voice challenge for a second factor voice authentication, record a new and never-used before randomly generated sentence. See also par. 0057), and wherein the second set of user-generated cryptographic information is unique exclusively to the respective request to access the protected resource (Watson par. 0033 and 0056. Watson teaches that in response to a voice challenge for a second factor voice authentication, record a new and never-used before randomly generated sentence. The voice challenge is not repeated for the user during the session or during any other session with the messaging platform or with other different messaging platforms. See also par. 0079);
(already successfully logged into a session) associated with the protected resource (Watson par. 0027, 0040 and 0054. Watson teaches that initially, a user accesses messaging client 110 and is authenticated with a user-identifier and credential (such as a password, fingerprint, etc.) and the messaging voice authenticator issues a randomly generated voice challenge to a user who has already successfully logged into a session with a messaging platform. The components of the system 100 permit a user to initially log in to a messaging platform session and perform out-of-band session operations with external services by using voice authentication (achieved through the session) to authenticate the user to the user's true identity and then perform that operation on behalf of the user with an external service. See also par. 0034 and 0060); wherein the authentication 10request causes the second set of user-generated cryptographic information to be sent to the user via the second user device (an out-of-band communication) (Watson par. 0040 and 0047-0048. Watson teaches that the identity management service and the voice authenticator to generate a random sentence of words as a challenge to the user and as a second factor voice authentication. The voice challenge is communicated to the bot and onto the user operating the messaging client 110 (mobile) as a message, which includes instructions to record the message and provide the recorded voice message back to the bot. The use can access and log into other different messaging platforms and use the voice authentication for having out-of-band messaging platform operations performed on behalf of the user with the external service. See also par. 0033 0034 and 0086); and
(Watson par. 0047. Watson teaches that the voice challenge is communicated to the bot 131 and onto the user operating the messaging client 110 as a message, which includes instructions to record the message and provide the recorded voice message back to the bot 131. The voice authenticator 141 then authenticates the recorded voice message based on voice metrics and scoring that were resolved during the training session. Assuming the voice authenticator is able to authenticated the recorded voice message. See also par. 0086);
wherein the method is performed by at least one processing device comprising a processor 15coupled to a memory (Watson par. 0050. Watson teaches that the processors of the device that executes the messaging voice authenticator are specifically configured and programmed to process the messaging voice authenticator. See also par. 0080).  
Watson teaches receiving, a request to access a protected resource 5associated with the user; authenticating user and grant or deny the request to access the protected resource (Watson par. 0007, 0047) and perform out-of-band session operations with external services by using voice authentication (Watson par. 0040) however, Watson does not explicitly disclose wherein the authentication 10request causes the second set of user-generated cryptographic information to be sent to the user via the second user device.
However, in an analogous art, Pemmaraju discloses wherein the authentication 10request causes the second set of user-generated cryptographic information (speech password) to be sent to the user via the second user device (out-of-band the call-back) (Pemmaraju Abstract, col. 10; lines and col. 11; lines 24-31 and Fig. 9C (186, 188 and 200). Pemmaraju teaches a multichannel security system for granting and denying access to a host computer in response to a demand from an access-seeking individual and computer. The access-seeker initially presents identification and password data over an access channel which is intercepted and transmitted to the security computer. The security computer then communicates with the access-seeker.  The control module 62 having verified the remote computer 22, the software program hereof is constructed to have the control module 62 at CALLBACK INITIATED BY CONTROL MODULE block 174 initiate out-of-band the call-back procedure to the user 24. The prompt for collecting the speech password is played to the user at PROMPT USER AND COLLECT SPEECH PASSWORD block 200. The user 24, who has previously had his biometric sample, namely the speech pattern, registered with the speech database 128, the voices the speech password at USER VOICES SPEECH PASSWORD block 202 and transmits the same over the telephone at the remote computer 22 to the security computer. See also col. 4; lines 31-49; col. 13; lines 5-23). 
Therefore, it would have been obvious to one of ordinary skill in the art, before the effective filing date of the claimed invention, to modify the voice authentication of Watson using the voice/speech authentication taught in Pemmaraju in order to provide users with a means for secure user authentication by an out-of-band system (Pemmaraju col. 1; lines 20-27).
Watson and Pemmaraju teach receiving, a request to access a protected resource 5associated with the user; authenticating user and grant or deny the request to access the protected resource (Watson par. 0007, 0047); perform out-of-band session operations with (Watson par. 0040) and cryptographic information to be sent to the user via the second user device (Pemmaraju, Abstract) however, Watson and Pemmaraju do not explicitly disclose wherein precluding storage of the user-generated cryptographic information subsequent to the user-generated cryptographic information being sent to the user via the second user device.
However, in an analogous art, Starner discloses precluding storage (deleting) of the user-generated cryptographic information subsequent to the user-generated cryptographic information being sent to the user via the second user device (Starner claim 1 and 2. Starner teaches based at least in part on the biometric data, the wearable computing device generating an authentication message that includes authentication information and identifies the protected information, and sending the authentication message to an authentication server for verification of the authentication information, wherein verification of the authentication information allows access to the protected information via the second computing device and after sending the authentication message to the authentication server for the verification of the authentication information, deleting the biometric data. See also col. 4; lines 27-44).
Therefore, it would have been obvious to one of ordinary skill in the art, before the effective filing date of the claimed invention, to modify the voice authentication of Watson and Pemmaraju using the verification of the authentication information taught in Starner in order to provide users with a means for secure user authentication to allow access to the protected information via the second computing device (Starner abstract).
Regarding claim 3, Watson, Pemmaraju and Starner disclose the computer-implemented method of claim 1, 
Watson further discloses wherein the first set of user- generated cryptographic information comprises at least one of a user identifier and a password (Watson par. 0005 and 0027. Watson teaches that Two-factor authentication is often used to assure a service of a user's true identity. Something a user knows, such as a password may be a first factor whereas a second factor typically seeks to resolve something that user possesses, such as a phone. A user accesses messaging client 110 and is authenticated with a user-identifier and credential (such as a password, fingerprint, etc.)). 
Regarding claim 4, Watson, Pemmaraju and Starner disclose the computer-implemented method of claim 1, 
Watson further discloses wherein the second set of user- 25generated cryptographic information comprises a user-generated set of alphanumeric data (Watson par. 0040. Watson teaches that the components of the system 100 permit a user to initially log in to a messaging platform session and perform out-of-band session operations with external services by using voice authentication).  
Regarding claim 5, Watson, Pemmaraju and Starner disclose the computer-implemented method of claim 1, 
Watson further discloses wherein the second set of user- generated cryptographic information comprises a user-selected set of alphanumeric data (Watson par. 0033. Watson teaches that during registration, the user is requested by the bot 131 to repeat a sentence that is displayed to the user. The sentence is comprised of N randomly selected words obtained from a word list of size L. N is at least 4 randomly selected words and the word list is comprised of at least 1000 random words for providing a minimum level of security and accuracy).  
Regarding claim 6, Watson, Pemmaraju and Starner disclose the computer-implemented method of claim 1, 
Watson further discloses wherein the second set of user- generated cryptographic information comprises a user-generated set of voice data (Watson par. 0033. Watson teaches that during registration, the user is requested by the bot 131 to repeat a sentence that is displayed to the user. The sentence is comprised of N randomly selected words obtained from a word list of size L. N is at least 4 randomly selected words and the word list is comprised of at least 1000 random words for providing a minimum level of security and accuracy).  
Regarding claim 11, Watson, Pemmaraju and Starner disclose the computer-implemented method of claim 1, 
Watson further discloses wherein the second set of user- generated cryptographic information comprises a user-selected set of audiovisual data (Watson par. 0033. Watson teaches that during registration, the user is requested by the bot 131 to repeat a sentence that is displayed to the user).  
Regarding claim 12, Watson, Pemmaraju and Starner disclose the computer-implemented method of claim 1, 
speech) submitted by the user via the second user device and (ii) a non-biometric input (password) submitted by the user via the second user device (Pemmaraju Abstract, col. 10; lines and col. 11; lines 24-31 and Fig. 9C (186, 188 and 200). Pemmaraju teaches a multichannel security system for granting and denying access to a host computer in response to a demand from an access-seeking individual and computer. The access-seeker initially presents identification and password data over an access channel which is intercepted and transmitted to the security computer. The security computer then communicates with the access-seeker.  The control module 62 having verified the remote computer 22, the software program hereof is constructed to have the control module 62 at CALLBACK INITIATED BY CONTROL MODULE block 174 initiate out-of-band the call-back procedure to the user).
Therefore, it would have been obvious to one of ordinary skill in the art, before the effective filing date of the claimed invention, to modify the voice authentication of Watson using the voice/speech authentication taught in Pemmaraju in order to provide users with a means for secure user authentication by an out-of-band system (Pemmaraju col. 1; lines 20-27).    
Regarding claim 13; claim 13 is directed to a non-transitory computer-readable storage medium associated with the computer implemented method claimed in claim 1.  Claim 13 is similar in scope to claim 1, and is therefore rejected under similar rationale. Watson also teaches the additional limitations of claim 13 as follows: 
 (Watson par.0014-15. Watson teaches that Moreover, various components are illustrated as one or more software modules, which reside in non-transitory storage and/or hardware memory as executable instructions that when executed by one or more hardware processors perform the processing discussed herein and below). 
Regarding claim 17; claim 17 is directed to an apparatus associated with the method claimed in claim 1.  Claim 17 is similar in scope to claim 1, and is therefore rejected under similar rationale. Watson also teaches the additional limitations of claim 17 as follows: 
at least one processing device comprising a processor coupled to a memory (Watson par.0014-0015. Watson teaches that Moreover, various components are illustrated as one or more software modules, which reside in non-transitory storage and/or hardware memory as executable instructions that when executed by one or more hardware processors perform the processing discussed herein and below); the at least one processing device (Watson par.0017. Watson teaches that the messaging client can be processed on any processor-enabled device). 
Regarding claim 21; claim 21 is directed to an apparatus associated with the method claimed in claim 12.  Claim 21 is similar in scope to claim 12, and is therefore rejected under similar rationale respectively.
Regarding claim 22; claim 22 is directed to a non-transitory processor-readable storage medium associated with the method claimed in claim 12.  Claim 22 is similar in scope to claim 12, and is therefore rejected under similar rationale respectively.
Regarding claim 23; claim 21 is directed to a non-transitory processor-readable storage medium associated with the method claimed in claim 3.  Claim 23 is similar in scope to claim 3, and is therefore rejected under similar rationale respectively.
Regarding claim 24; claim 24 is directed to an apparatus associated with the method claimed in claim 3.  Claim 24 is similar in scope to claim 3, and is therefore rejected under similar rationale respectively.
Claims 8-10, 15-16 and 19-20 are rejected under 35 U.S.C. 103 as being unpatentable over Watson (US 2018/0089407), in view of Pemmaraju (US 8,484,698), in view of Starner (US 10,341,113) and further in view of Childs (US 2016/0127383).
Regarding claim 8, Watson, Pemmaraju and Starner disclose the computer-implemented method of claim 1, 
Watson further discloses wherein the second set of user-generated cryptographic information (Watson par. 0033. Watson teaches that in response to a voice challenge for a second factor voice authentication and during registration, the user is requested by the bot 131 to repeat a sentence that is displayed to the user);
Watson, Pemmaraju and Starner failed to disclose but Childs discloses wherein the second set of user- generated cryptographic information comprises a user-generated set of image data (Childs par. 0050. Childs teaches that the authentication may require the user to enter credentials (e.g., user name, password, fingerprint data, audio data, video data, image data, etc.), which may be sent to the aggregate service device for authentication.). 
Therefore, it would have been obvious to one of ordinary skill in the art, before the effective filing date of the claimed invention, to modify the two-factor/ multi-factor authentication of Watson, Pemmaraju and Starner using the user authentication taught in Childs in order to provide users with a means for secure accessing the aggregate service by authenticating the user (Childs par. 0022).
Regarding claim 9, Watson, Pemmaraju and Starner disclose the computer-implemented method of claim 1, 
Watson further discloses wherein the second set of user-generated cryptographic information (Watson par. 0033. Watson teaches that in response to a voice challenge for a second factor voice authentication and during registration, the user is requested by the bot 131 to repeat a sentence that is displayed to the user);
Watson, Pemmaraju and Starner failed to disclose but Childs discloses wherein the user- generated cryptographic information comprises a user-selected set of image data (Childs par. 0050. Childs teaches that the authentication may require the user to enter credentials (e.g., user name, password, fingerprint data, audio data, video data, image data, etc.), which may be sent to the aggregate service device for authentication). 
Therefore, it would have been obvious to one of ordinary skill in the art, before the effective filing date of the claimed invention, to modify the two-factor/ multi-factor (Childs par. 0022). 
Regarding claim 10, Watson, Pemmaraju and Starner disclose the computer-implemented method of claim 1, 
Watson further discloses wherein the second set of user-generated cryptographic information (Watson par. 0033. Watson teaches that in response to a voice challenge for a second factor voice authentication and during registration, the user is requested by the bot to repeat a sentence that is displayed to the user);
Watson, Pemmaraju and Starner failed to disclose but Childs discloses wherein the user- generated cryptographic information comprises a user-generated set of video data (Childs par. 0050. Childs teaches that the authentication may require the user to enter credentials (e.g., user name, password, fingerprint data, audio data, video data, image data, etc.), which may be sent to the aggregate service device for authentication).  
Therefore, it would have been obvious to one of ordinary skill in the art, before the effective filing date of the claimed invention, to modify the two-factor/ multi-factor authentication of Watson, Pemmaraju and Starner using the user authentication taught in Childs in order to provide users with a means for secure accessing the aggregate service by authenticating the user (Childs par. 0022).
Regarding claim 15, Watson, Pemmaraju and Starner disclose the non-transitory processor-readable storage medium of claim 13, 
 (Watson par. 0033. Watson teaches that during registration, the user is requested by the bot 131 to repeat a sentence that is displayed to the user. The sentence is comprised of N randomly selected words obtained from a word list of size L. N is at least 4 randomly selected words and the word list is comprised of at least 1000 random words for providing a minimum level of security and accuracy)). 
Watson, Pemmaraju and Starner failed to disclose but Childs discloses wherein the user-generated cryptographic information comprises at least one of a user-generated set of image data, and a user-generated set of video data (Childs par. 0050. Childs teaches that the authentication may require the user to enter credentials (e.g., user name, password, fingerprint data, audio data, video data, image data, etc.), which may be sent to the aggregate service device for authentication. The authentication require the user to enter credentials, which may be sent to the aggregate service device for authentication. In one embodiment, these credentials may be packaged as a token to be sent to the aggregate service device for authentication).
Therefore, it would have been obvious to one of ordinary skill in the art, before the effective filing date of the claimed invention, to modify the two-factor/ multi-factor authentication of Watson, Pemmaraju and Starner using the user authentication taught in Childs in order to provide users with a means for secure accessing the aggregate service by authenticating the user (Childs par. 0022).
Regarding claim 16, Watson, Pemmaraju and Starner disclose the non-transitory processor-readable storage medium of claim 13, 
Watson further discloses wherein the second set of user-generated cryptographic information comprises at least one of a user-generated set of alphanumeric data and a user-selected set of voice data (Watson par. 0033. Watson teaches that during registration, the user is requested by the bot 131 to repeat a sentence that is displayed to the user. The sentence is comprised of N randomly selected words obtained from a word list of size L. N is at least 4 randomly selected words and the word list is comprised of at least 1000 random words for providing a minimum level of security and accuracy)).
Watson, Pemmaraju and Starner failed to disclose but Childs discloses wherein the user-generated cryptographic information comprises at least one of a user-selected set of image data, and a user-selected set of video data (Childs par. 0050. Childs teaches that the authentication may require the user to enter credentials (e.g., user name, password, fingerprint data, audio data, video data, image data, etc.), which may be sent to the aggregate service device for authentication. The authentication require the user to enter credentials, which may be sent to the aggregate service device for authentication. In one embodiment, these credentials may be packaged as a token to be sent to the aggregate service device for authentication).
Therefore, it would have been obvious to one of ordinary skill in the art, before the effective filing date of the claimed invention, to modify the two-factor/ multi-factor authentication of Watson, Pemmaraju and Starner using the user authentication taught in (Childs par. 0022).
Regarding claims 19-20; claims 19-20 are directed to an apparatus associated with the method claimed in claims 15-16 respectively.  Claims 19-20 are similar in scope to claims 15-16 respectively, and are therefore rejected under similar rationale respectively.
Conclusion
Any inquiry concerning this communication or earlier communications from the examiner should be directed to SANCHIT K SARKER whose telephone number is (571)270-7907.  The examiner can normally be reached on M-F 8:30 AM-5:30 PM.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, FARID HOMAYOUNMEHR can be reached on 571-272-3739.  The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system.  Status information for published applications may be obtained from either Private PAIR or Public PAIR.  Status information for unpublished applications is available through Private PAIR only.  For more information 






/SANCHIT K SARKER/Examiner, Art Unit 2495