Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .


DETAILED ACTION

Notice to Applicants
This communication is in response to the Amendment filed on 04/06/2021.
Claims 1-20 are under examination.


EXAMINER’S AMENDMENT
An examiner’s amendment to the record appears below. Should the changes and/or additions be unacceptable to applicant, an amendment may be filed as provided by 37 CFR 1.312. To ensure consideration of such amendment, it MUST be submit no later than the payment of the issue fee.
Authorization for this examiner’s amendment was given in a telephone conversation with Applicant’s representative on 04/15/2021, and followed by Email confirmation dated 04/16/2021.

Please replace the current listing of claims with the following:


	a processor coupled to a non-transitory memory containing instructions executable by the processor to cause the system to:
	receive a request from an entity in response to attempted access to entity resources by a user via a primary user computing device;
	determine whether the user is registered with the system; and
	initiate one of a registration process and an authentication process with the user based on the determination;
	wherein a registration process comprises:
	establishing a peer-to-peer exchange of data between at least the system and the primary user computing device and a secondary user computing device;
	generating, via the system, an initial candidate secret and transmitting the initial candidate secret to one of the primary and secondary user computing devices via the peer-to-peer exchange;
	receiving a reciprocal secret from the secondary user computing device based on interaction between the secondary user computing device and the initial candidate secret, wherein the initial candidate secret is specific to the user and the secondary user computing device, and wherein the reciprocal secret is based on the initial candidate secret;
	generating, via the system, a canonical secret including a token and a random confirmation code and transmitting the canonical secret to the secondary user computing device via the peer-to-peer exchange ensuring a bonded device metaphor such that the canonical secret is a definitive secret only known and stored by the system and the secondary user computing device, wherein the token is associated with an expiry date and is stored on the secondary user computing device to be used for authenticating the user during a future authentication session in lieu of the user entering user login credentials for authentication; and
	registering the user with the system in response to receipt of [[a]] the confirmation code from the secondary user computing device.



3.	(Currently Amended) The system of claim 1, wherein, prior to transmitting the initial candidate secret, the system invites the user to install at least one management system software application used for completing the registration process and the future authentication process 
 
4.	(Currently Amended) The system of claim [[3]] 1, wherein the token is used for OTP generation during the future authentication session.

5.	(Currently Amended) The system of claim [[4]] 1, wherein the traditional user login credentials comprise at least one of user identification information and a password.

6.	(Original) The system of claim 5, wherein user identification information comprises at least one of a name of the user, a user ID, an email address of the user, and information likely to be known only to the user.

7.	(Currently Amended) The system of claim [[3]] 1, wherein the token comprises a built-in expiry date.

8.	(Currently Amended) The system of claim [[7]] 1, wherein the expiry date is associated with and controls a grant period during which the user can carry out an authentication session.

9.	(Currently Amended) The system of claim 8, wherein the grant period and expiry date [[is]] are determined by the entity.

10.	(Currently Amended) The system of claim [[3]] 1, wherein [[an]] the future authentication process comprises:

	detecting, via the secondary user computing device, the public session key;
	receiving one or more identifying secrets from the secondary user computing device based on detection of the public session key; and
	receiving an enquiry from the entity concerning an authentication result.

11.	(Original) The system of claim 10, wherein the one or more identifying secrets comprises the token associated with the canonical secret.
 
12.	(Original) The system of claim 10, wherein, upon receipt of a positive authentication result, the user is granted access to entity resources.

13.	(Original) The system of claim 1, wherein the initial candidate secret comprises data associated with a QR code.

14.	(Original) The system of claim 13, wherein transmitting the initial candidate secret to one of the primary and secondary user computing devices comprises displaying the QR code on a display of one of the primary and secondary user computing devices.

15.	(Original) The system of claim 14, wherein interaction between the secondary user computing device and the initial candidate secret comprises a scanning event involving the QR code.

16.	(Currently Amended) The system of claim 1, wherein [[an]] the future authentication process comprises at least one of a biometric factor and a challenge-response factor, wherein a user is authenticated by satisfying at least one of the biometric and challenge-response factors.

17.	(Original) The system of claim 16, wherein a user is authenticated by satisfying both the biometric and challenge-response factors.



19.	(Original) The system of claim 18, wherein the challenge-response factor comprises a passphrase.

20.	(Original) The system of claim 19, wherein a user response to the challenge-response factor comprises a spoken response, which provides both a correct response and matches a biometric identification of a voice.



Allowable Subject Matter
Claims 1-20 are allowed.
The following is an examiner's statement of reasons for allowance: The following is an examiner's statement of reasons for allowance: This communication warrants No Examiner's Reason for Allowance, applicant's reply make evident the reasons for allowance, satisfying the “record as a whole” proviso of the rule 37 CFR 1.104(e). Specifically, applicant’s amendments and arguments filed on 04/06/2021 and Examiner’s amendment make the record clear as to the reasons for allowance for this application, as such the reasons for allowance are in all probability evident from the record and no statement is deemed necessary (see MPEP 1302.14).
Any comments Applicants considers necessary must be submitted no later than the payment of the Issue Fee and to avoid processing delays, should preferable accompany the 


Conclusion
The prior art made of record and not relied upon is considered pertinent to Applicant’s disclosure: 
US 20160248752 A1		MULTI FACTOR USER AUTHENTICATION ON MULTIPLE DEVICES
US 20080256617 A1		Centralized Identity Verification and/or Password Validation
US 20180351944 A1		SYSTEM AND METHOD FOR AUTHENTICATION SERVICE
US 20110197266 A1		METHODS AND SYSTEMS FOR SECURE USER AUTHENTICATION
US 20140201536 A1		One-Time Passcodes with Asymmetric Keys
US 20100262834 A1		ONE TIME PASSWORD KEY RING FOR MOBILE COMPUTING DEVICE
US 20140189359 A1		REMOTE AUTHENTICATION AND TRANSACTION SIGNATURES
US 20140143078 A1		DISTRIBUTED TRANSACTION PROCESSING SYSTEM AND METHODS
US 10057240 B2		Single sign-on to web applications from mobile devices
US 9602853 B2		Cross-platform content management interface
US 20040187018 A1		Multi-factor authentication system

Any inquiry concerning this communication or earlier communications from the examiner should be directed to JASON CHIANG whose telephone number is (571)270-3393.  The examiner can normally be reached on 9 AM to 6 PM.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Lynn Feild can be reached on (571) 272-2092.  The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system.  Status information for published applications may be obtained from either Private PAIR or Public PAIR.  Status information for unpublished applications is available through Private PAIR only.  For more information about the PAIR system, see http://pair-direct.uspto.gov. Should you have questions on access to the Private PAIR system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative or access to the automated information system, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.






/JASON CHIANG/Primary Examiner, Art Unit 2431