Acknowledgements
This communication is in response to applicant’s response filed on 04/13/2021.
Claims 1-6, 9-14, and 17 have been amended. 
Claims 1-20 are pending and have been examined.

Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .

Continued Examination Under 37 CFR 1.114
A request for continued examination under 37 CFR 1.114, including the fee set forth in 37 CFR 1.17(e), was filed in this application after final rejection.  Since this application is eligible for continued examination under 37 CFR 1.114, and the fee set forth in 37 CFR 1.17(e) has been timely paid, the finality of the previous Office action has been withdrawn pursuant to 37 CFR 1.114.  Applicant's submission filed on 04/13/21 has been entered.
 
Response to Arguments
Regarding applicant’s arguments:
Regarding applicant’s arguments under Claim Rejections - 35 USC § 103 that the combination of Ruparelia (US 20160364729) in view of Pieczul (US 20140122884) in further view of Saxman (US 20140026193) does not disclose, teach, or suggest the following limitations in amended claim 1: “in response to obtaining the indication, generating the first secure key for the first mobile device based on the first device identifier, wherein the first -2-Application No. 15/193,487secure key comprises the restriction on the usage of the first mobile device for the electronic transaction processing, and wherein the first secure key and the second secure key comprise different restrictions on the electronic transaction processing; and authenticating the user on the first mobile device without requiring, from the user, the password corresponding to the account from the first mobile device or the trusted mobile device,” examiner respectfully argues applicant’s argument is moot in light of the new grounds of rejection necessitated by the claim amendments. 
Applicant makes a similar argument for claims 9 and 17 as claim 1 above. Examiner respectfully argues applicant’s arguments are moot for the same reasons listed above for claim 1.
Applicant argues dependent claims 2-8, 10-16, and 19-20 are allowable based on their dependence upon allowable base claims, examiner respectfully argues applicant’s arguments are moot in light of the new rejections necessitated by the claim amendments for claims 1, 9, and 17.

Claim Rejections - 35 USC § 103
In the event the determination of the status of the application as subject to AIA  35 U.S.C. 102 and 103 (or as subject to pre-AIA  35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status.  
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.


Claims 1-7 and 9-15 are rejected under 35 U.S.C. 103 as being unpatentable over Howard (US 20190095607) in view of Saxman (US 20140026193).

Regarding Claims 1 and 9, Howard teaches obtaining, from a trusted mobile device, a first request to authenticate a user on a first mobile device based on a user identifier for an account of the user (Paragraph 0102, 0048, and 0067 teach a user indicates an intent to use a connected device (i.e., first mobile device); the user may submit a request to provide the connected device with a specific application or upgrade; the connected device establishes a communication session with the user's mobile device (i.e., trusted mobile device) and transmit a device identifier identifying the connected device; the mobile device may also establish a connection with a processing server that provides back end support for the mobile device by maintaining and managing transaction-related activities; the mobile device may transmit information related to the connected device to the processing server, and the processing server may retrieve transaction processing information to be associated with the connected device and may send that transaction processing information to the mobile device); determine, based on the first request, that a valid first secure key used to authenticate the user is not stored on the first mobile device (Paragraphs  0067-0068 and 0061 teach the mobile device may query a database to determine if the mobile device has previously encountered the connected devices; the processing server, which maintains an account associated with a user of the mobile device, may identify one or more rules for generating a subtoken associated with a particular connected device from the device management data and provide instructions to the connected device to cause it to check the validity of a subtoken currently stored by the connected device; for example, the connected device may check a cryptogram associated with the subtoken to determine if it is in fact authentic and operative); determining a first device identifier for the first mobile device based on the determining that the first secure key is not stored on the first mobile device (Paragraph 0067 teaches the request may include a device identifier and the mobile device may query a database of device identifiers (e.g., device management data) to determine the identity of (or a type associated with) the connected device; the processing server may identify one or more rules for generating a subtoken associated with a particular connected device from the device management data; for example, rules such as constraints on use may be associated with a generated subtoken); in response to the obtaining, transmitting a second request to authenticate the user on the first mobile device to the trusted mobile device, wherein the second request comprises the user identifier and the first device identifier (Paragraphs 0068-0069 and 0086-0087 teach the processing server may, based on the received identifiers, identify one or more protocols relevant to the connected devices and convey those protocols to the mobile device; for example, the protocol data may include an and obtaining an indication that the user has approved the second request on the trusted mobile device without the user providing a password corresponding to the user identifier to the first mobile device or the trusted mobile device, wherein the indication is based on a second secure key stored on the trusted mobile device (Paragraphs 0069 and 0062 teach the mobile device may receive a token (or other suitable access credential) from a token server, wherein the server stores and maintains relationships between tokens and actual account numbers used for payment; the mobile device receives an indication that a subtoken is to be generated, and may generate a subtoken from the received token information (i.e., a parent token); the subtoken may be derived from a parent token useable to conduct a transaction; for example, the mobile device may store and manage information related to one or more tokens in access credential data; upon determining that a connected device should be provided with a subtoken, the subtoken generation module may cause the processors to identify an appropriate token in access credential data and generate a subtoken derived from that token); obtaining an indication that the user has approved the second request on the trusted mobile device without the user providing a password corresponding to the user identifier to the first mobile device or the trusted mobile device (Paragraphs 0067 and 0087 teach , wherein the indication is based on a second secure key stored on the trusted mobile device, and wherein the indication comprises a restriction on a usage of the first mobile device for electronic transaction processing (Paragraphs 0067 teaches rules such as constraints may be associated with a generated subtoken; for example, if a subtoken is generated for a refrigerator to buy milk and eggs, than a constraint for that subtoken may be that it can only be used at grocery stores); in response to obtaining the indication, generating the first secure key for the first mobile device based on the first device identifier, wherein the first -2-Application No. 15/193,487secure key comprises the restriction on the usage of the first mobile device for the electronic transaction processing (Paragraph 0069, 0048 teach the subtoken may be derived from a parent token, but may be limited in at least one of duration, the types of transactions that it may be used to conduct, a connected device that may utilize the subtoken, or in any other suitable way; once a subtoken has been generated, it may be provided to the connected device to complete one or more transactions; the transaction processing information may be provisioned onto the mobile device for a particular connected device; the transaction processing information may include an access credential, consumer identifier, protocol information and/or any other suitable information relevant to the connected device), and wherein the first secure key and the second secure key comprise different restrictions on the electronic transaction processing (Paragraph 0062 teaches an exemplary subtoken may reference the same underlying account information as the parent token from which it is derived, but may be of limited duration or use (i.e., parent token is not limited); for example, the subtoken may be single-use, associated with an expiration date, useable for a particular type of transaction or by a particular connected device; the subtoken module may retrieve subtokens from external sources and need not generate them (i.e., subtoken may be retrieved from processing server)); authenticating the user on the first mobile device without requiring, from the user, the password corresponding to the account from the first mobile device or the trusted mobile device (Paragraphs 0070 and 0073-0074 teach the connected device may initiate a transaction using the generated subtoken and transmit the generated transaction request to the transaction server; once the authorization computer has decided whether to approve or decline the transaction, an authorization response message may be returned to the transaction server; the transaction server may, upon receiving the response, determine whether the transaction has been approved or declined; the completion of the transaction may be conducted without human intervention (e.g., without acquiring authorization from a user or otherwise requiring action on a user's behalf)); and storing the first secure key within a first hardware secure element of the first mobile device, wherein the first secure key enables an authentication of the account on the first mobile device using the user identifier in place of the password or a further request to the trusted mobile device (Paragraph 0046 teaches the memory of connected device may include a secure execution 
However, Howard does not explicitly teach obtaining, from a first mobile device, a first request to authenticate a user on a first user device based on a user identifier; and determining, based on the first request, that a first secure key used to authenticate the user is not stored on the first mobile device; determining, based on a location of the first mobile device, the trusted mobile device of a plurality of trusted mobile devices on which the user has been authenticated, wherein the trusted mobile device is associated with the location of the first mobile device.
Saxman from same or similar field of endeavor teaches obtaining, from a first mobile device, a first request to authenticate a user on a first user device based on a user identifier (Paragraphs 0083 and 0023 teach a user at a shared device (i.e., first mobile device) is using a software application that utilizes certain personal information that is stored at a resource server; the software application requests access from the resource server; the credential server and the resource server are distinct servers, but in some implementations the credential server and resource server are implemented on a single server system); determining, based on the first request, that a first secure key used to authenticate the user is not stored on the first mobile device (Paragraphs 0083 and 0023 teach the software application on the shared device (i.e., first mobile device) does not have a valid access token for the software application (e.g., no existing access token at all, the temporary access token is expired, etc.) (i.e., a first secure key is not stored on the first mobile device)); determining, based on a location of the first mobile device, the trusted mobile device of a plurality of trusted mobile devices on which the user has been authenticated, wherein the trusted mobile device is associated with the location of the first mobile device (Paragraphs 0076, 0080, and 0086 teach the user must confirm the personal device (i.e., trusted mobile device) is within the appropriate renewal radius; in some implementations, the renewal radius is measured from the initial location of the personal device (when access was first granted); in other implementations, the renewal radius is measured from the location of the shared user device; thus, if the personal user device is within the renewal radius and the access privileges have not been revoked, the access token is granted/automatically renewed; the personal device stores a permanent access token transmits the token to credential server; in some implementations that use a permanent access token, the user is prompted to confirm that access privileges should be granted).
It would have been prima facie obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to have the base invention in Howard, which teaches generating a first secure key for a first mobile device from a second secure key stored on a trusted mobile device for electronic transaction processing, to incorporate the teachings of Saxman to determine, based  obtain, from a first mobile device, a first request to authenticate a user on a first user device based on a user identifier; and determine, based on the first request, that a first secure key used to authenticate the user is not stored on the first mobile device.
There is motivation to combine Saxman into Howard because the base invention is improved because the temporary token is associated with an access limit based on the physical location of the personal device. A user typically retains possession of the personal device, so as the person moves, so does the personal device. If the personal device moves more than a threshold distance, the user is probably no longer accessing the shared user device, and thus the shared user device no longer has access to the user’s personal information thus protecting the user’s personal information from potential fraudulent use (Saxman Paragraph 0077).
Regarding Claim 1, Howard teaches a system, comprising: a non-transitory memory; and one or more hardware processors coupled to the non-transitory memory and configured to execute instructions from the non-transitory memory to cause the system to perform operations (Paragraphs 0049 and 0112 teach the processing server may be any type of computing device, including a remotely located server computer, configured to perform one or more actions on behalf of the mobile device; the processing server may be configured to provide information related to one or more connected 
Regarding Claim 9, Howard teaches a method (Paragraph 0066 teaches FIG. 3 depicts an example data flow that may be implemented in accordance with at least some embodiments).

	Regarding Claims 2 and 10, the combination of Howard and Saxman teaches all the limitations of claims 1 and 9 above; and Howard further teaches storing the second secure key within a second hardware secure element of the trusted mobile device (Paragraph 0058 teaches the memory of mobile device (i.e., trusted mobile device) may include a secure execution environment such as a secure memory; the secure element (SE) can be a tamper-resistant platform capable of securely hosting applications and their confidential and cryptographic data (e.g. key management) in accordance with the rules and security requirements set forth by a set of well-identified trusted authorities; the parental token (i.e., second secure key) or other access credential data may be stored in the secure execution environment).

	Regarding Claims 3 and 11, the combination of Howard and Saxman teaches all the limitations of claims 2 and 10 above; and Howard further teaches wherein the storing the second secure key further comprises storing a derivative key of the second secure key within the second hardware secure element (Paragraphs 0059 and 0062 teach information provisioned by a processing server onto the mobile device may be stored in the secure memory to protect data at rest and encryption keys; the encryption keys could be unique-derived keys (UDKs), which can be derived from user account information and other unique information; the subtoken module may be configured to generate subtokens in accordance with transaction data and relevant protocol information, wherein the subtoken may be derived from a parent token useable to conduct a transaction; the mobile device may store and manage information related to one or more tokens in access credential data; an exemplary subtoken may reference the same underlying account information as the parent token from which it is derived).

Regarding Claims 4 and 12, the combination of Howard and Saxman teaches all the limitations of claims 2 and 10 above; and Howard further teaches wherein the first secure key is generated based on the second secure key stored on the trusted mobile device (Paragraph 0062 teaches the subtoken module may be configured to identify an appropriate token in access credential and generate subtokens in accordance with transaction data and relevant protocol information, wherein the subtoken may be derived from a parent token useable to conduct a transaction).

Regarding Claims 5 and 13, the combination of Howard and Saxman teaches all the limitations of claims 2 and 10 above; and Howard further teaches determining the second secure key on the trusted mobile device is a primary key for the account (Paragraphs 0033-0035 teach a token may be associated with a protocol set; a “parent token” (i.e., primary key) can be a token which is directly derived or obtained from real credential (e.g., a PAN); a “subtoken” may a token that is derived or obtained from a parent token; if the subtoken is used for payment, the subtoken may be subordinate to the parent token in that funds for the subtoken may be obtained from an account associated with the parent token and/or the real credential associated with the parent token).

Regarding Claims 6 and 14, the combination of Howard and Saxman teaches all the limitations of claims 1 and 9 above; and Howard further teaches wherein the determining the trusted mobile device is performed in response to determining that the first mobile device is within a proximity range of the trusted mobile device (Paragraphs 0047 and 0039 teach a mobile device may be configured to perform a device discovery action that identifies all communicatively enabled electronic devices within range of the mobile device; in another example, the mobile device may connect to a private network (e.g., a home-based or business-based network) and may identify each of the connected devices that are also connected to the private network; the connected devices may be within range of a short range communication means used by the mobile device (e.g., less than about 100, 50, 20, 10, or 5 yards)).

Regarding Claims 7 and 15, the combination of Howard and Saxman teaches all the limitations of claims 1 and 9 above; and Howard further teaches wherein the user is authenticated on the trusted mobile device based on information, other than the password, that identifies the user (Paragraphs 0060 and 0062 teach the contents of the memory in the mobile device include an operating system and one or more application programs or services for implementing the features disclosed herein including at least a module for managing access credentials (e.g., real credentials, parent tokens and subtokens) (i.e., the real credentials or parent tokens authenticate the user to perform transactions) and transaction protocols associated with a connected device (device management module) and/or a module for generating or obtaining (e.g., retrieving) subtokens in accordance with transaction data (subtoken module); the memory may also include protocol data, which provides data associated with one or more transaction protocols and access credential data, which provides information on access credentials for one or more connected devices; a subtoken may be derived from a parent token useable to conduct a transaction).

Claims 8 and 16 are rejected under 35 U.S.C. 103 as being unpatentable over Howard (US 20190095607) in view of Saxman (US 20140026193) in further view of Bhimanaik (US 8,627,438 B1).

Regarding Claims 8 and 16, the combination of Howard and Saxman teaches all the limitations of claim 1 above; however the combination does not selecting the trusted mobile device as a primary trusted device from a plurality of trusted mobile devices.
Bhimanaik from same or similar endeavor teaches selecting the trusted mobile device as a primary trusted device from a plurality of trusted mobile devices (Col. 4, lines 36-40, Col. 5, lines 53-62, and Col. 6, lines 37-41, teach the user may associated multiple trust devices with a particular customer account in the customer account store, and the customer account store may include a lookup table, wherein the authentication module may access the lookup table stored in the customer account store and identify the primary device (i.e., second user device) as a trusted device associated with a particular customer account based on a prior registration event).
It would have been prima facie obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to have modified the combination of Howard and Saxman to incorporate the teachings of Bhimanaik to select the trusted mobile device as a primary trusted device from a plurality of trusted mobile devices.
There is motivation to combine Bhimanaik into the combination of Howard and Saxman because the user may associate multiple devices having different levels of trust with a particular customer account in the customer account store, and the online resource provider may require addition authentication data from devices having a lower level of trust. For example, if the primary device is registered as a trusted device with the user's corporate account, the user may also register a personal device (such as a personal mobile phone) with the corporate account; however, additional authentication data may be required from the .

Claims 17 and 19 are rejected under 35 U.S.C. 103 as being unpatentable over Howard (US 20190095607) in view of Saxman (US 20140026193) in further view of Zhang (US 20140033286).

Regarding Claim 17, Howard teaches system, comprising: a non-transitory memory; and one or more hardware processors coupled to the non-transitory memory and configured to execute instructions from the non-transitory memory to cause the system to perform operations (Paragraphs 0049 and 0112 teach the processing server may be any type of computing device, including a remotely located server computer, configured to perform one or more actions on behalf of the mobile device; the processing server may be configured to provide information related to one or more connected devices to the mobile device; any of the software components or functions described in this application may be implemented as software code to be executed by a processor; the software code may be stored as a series of instructions or commands on a computer readable medium for storage and/or transmission, suitable media include random access memory (RAM), a read only memory (ROM), a magnetic medium such as a hard-drive or a floppy disk, or an optical medium such as a compact disk (CD) or DVD (digital versatile disk), flash memory, and the like; the computer readable medium may be any combination of such storage or comprising: obtaining, from a trusted mobile device, a first request to authenticate a user on a first mobile device based on a user identifier for an account of the user (Paragraph 0102, 0048, and 0067 teach a user indicates an intent to use a connected device (i.e., first mobile device); the user may submit a request to provide the connected device with a specific application or upgrade; the connected device establishes a communication session with the user's mobile device (i.e., trusted mobile device) and transmit a device identifier identifying the connected device; the mobile device may also establish a connection with a processing server that provides back end support for the mobile device by maintaining and managing transaction-related activities; the mobile device may transmit information related to the connected device to the processing server, and the processing server may retrieve transaction processing information to be associated with the connected device and may send that transaction processing information to the mobile device); determine, based on the first request, that a valid first secure key used to authenticate the user is not stored on the first mobile device (Paragraphs  0067-0068 and 0061 teach the mobile device may query a database to determine if the mobile device has previously encountered the connected devices; the processing server, which maintains an account associated with a user of the mobile device, may identify one or more rules for generating a subtoken associated with a particular connected device from the device management data and provide instructions to the connected device to cause it to check the validity of a subtoken currently stored by the connected device; for example, the connected device may check a cryptogram associated with the subtoken to determine if it is in fact authentic and operative); determining a first device identifier for the first mobile device based on the determining that the first secure key is not stored on the first mobile device (Paragraph 0067 teaches the request may include a device identifier and the mobile device may query a database of device identifiers (e.g., device management data) to determine the identity of (or a type associated with) the connected device; the processing server may identify one or more rules for generating a subtoken associated with a particular connected device from the device management data; for example, rules such as constraints on use may be associated with a generated subtoken); determining, based on a location of the first mobile device, the trusted mobile device of a plurality of trusted mobile devices on which the user has been authenticated, wherein the trusted mobile device is associated with the location of the first mobile device (Paragraphs 0068 and 0039 teach the mobile device may detect the connected device upon connecting to a private network or entering within range of the connected device (e.g., via a device discovery process); the connected devices may be located within range of a short range communication means used by the mobile device); in response to the obtaining, transmitting a second request to authenticate the user on the first mobile device to the trusted mobile device, wherein the second request comprises the user identifier and the first device identifier (Paragraphs 0068-0069 and 0086-0087 teach the processing server may, based on the received identifiers, identify one or more protocols relevant to the connected devices and convey those protocols to the mobile device; for example, the protocol data may include an indication of a user's resource preferences and/or resource replenishment preferences; the mobile and obtaining an indication that the user has approved the second request on the trusted mobile device without the user providing a password corresponding to the user identifier to the first mobile device or the trusted mobile device, wherein the indication is based on a second secure key stored on the trusted mobile device (Paragraphs 0069 and 0062 teach the mobile device may receive a token (or other suitable access credential) from a token server, wherein the server stores and maintains relationships between tokens and actual account numbers used for payment; the mobile device receives an indication that a subtoken is to be generated, and may generate a subtoken from the received token information (i.e., a parent token); the subtoken may be derived from a parent token useable to conduct a transaction; for example, the mobile device may store and manage information related to one or more tokens in access credential data; upon determining that a connected device should be provided with a subtoken, the subtoken generation module may cause the processors to identify an appropriate token in access credential data and generate a subtoken derived from that token); obtaining an indication that the user has approved the second request on the trusted mobile device without the user providing a password corresponding to the user identifier to the first mobile device or the trusted mobile device (Paragraphs 0067 and 0087 teach the mobile device may display the transaction to a user of the mobile device to obtain approval , wherein the indication is based on a second secure key stored on the trusted mobile device, and wherein the indication comprises a restriction on a usage of the first mobile device for electronic transaction processing (Paragraphs 0067 teaches rules such as constraints may be associated with a generated subtoken; for example, if a subtoken is generated for a refrigerator to buy milk and eggs, than a constraint for that subtoken may be that it can only be used at grocery stores); in response to obtaining the indication, generating the first secure key for the first mobile device based on the first device identifier, wherein the first -2-Application No. 15/193,487secure key comprises the restriction on the usage of the first mobile device for the electronic transaction processing (Paragraph 0069, 0048 teach the subtoken may be derived from a parent token, but may be limited in at least one of duration, the types of transactions that it may be used to conduct, a connected device that may utilize the subtoken, or in any other suitable way; once a subtoken has been generated, it may be provided to the connected device to complete one or more transactions; the transaction processing information may be provisioned onto the mobile device for a particular connected device; the transaction processing information may include an access credential, consumer identifier, protocol information and/or any other suitable information relevant to the connected device), and wherein the first secure key and the second secure key comprise different restrictions on the electronic transaction processing authenticating the user on the first mobile device without requiring, from the user, the password corresponding to the account from the first mobile device or the trusted mobile device (Paragraphs 0070 and 0073-0074 teach the connected device may initiate a transaction using the generated subtoken and transmit the generated transaction request to the transaction server; once the authorization computer has decided whether to approve or decline the transaction, an authorization response message may be returned to the transaction server; the transaction server may, upon receiving the response, determine whether the transaction has been approved or declined; the completion of the transaction may be conducted without human intervention (e.g., without acquiring authorization from a user or otherwise requiring action on a user's behalf)); and storing the first secure key within a first hardware secure element of the first mobile device, wherein the first secure key enables an authentication of the account on the first mobile device using the user identifier in place of the password or a further request to the trusted mobile device (Paragraph 0046 teaches the memory of connected device may include a secure execution environment such as a secure memory that includes a secure element; the secure 
However, Howard does not explicitly teach obtaining, from a first mobile device, a first request to authenticate a user on a first user device based on a user identifier; and determining, based on the first request, that a first secure key used to authenticate the user is not stored on the first mobile device.
Saxman from same or similar field of endeavor teaches obtaining, from a first mobile device, a first request to authenticate a user on a first user device based on a user identifier (Paragraphs 0083 and 0023 teach a user at a shared device (i.e., first mobile device) is using a software application that utilizes certain personal information that is stored at a resource server; the software application requests access from the resource server; the credential server and the resource server are distinct servers, but in some implementations the credential server and resource server are implemented on a single server system); determining, based on the first request, that a first secure key used to authenticate the user is not stored on the first mobile device (Paragraphs 0083 and 0023 teach the software application on the shared device (i.e., first mobile device) does not have a valid access token for the software 
It would have been prima facie obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to have modified the base invention in Howard, which teaches generating a first secure key for a first mobile device from a second secure key stored on a trusted mobile device for electronic transaction processing, to incorporate the teachings of Saxman to obtain, from a first mobile device, a first request to authenticate a user on a first user device based on a user identifier; and determine, based on the first request, that a first secure key used to authenticate the user is not stored on the first mobile device.
There is motivation to combine Saxman into Howard because the base invention is improved because the shared device (i.e., first mobile device) receives an access token permitting an application executing on the shared user device to use the access token for retrieving at least a portion of the personal information for a limited time. The programs include instructions that detect a physical movement of the personal user device, where the movement meets predefined motion criteria. The programs also include instructions that respond to detecting the physical movement: the instructions send a message to the authentication server to revoke access privileges associated with the access token when the user has left the vicinity of the shared device (Saxman Paragraphs 0007 and 0080).
However, the combination of Howard and Zhang do not explicitly teach obtaining, from a first mobile device, a first request to authenticate a user on a first content viewing application based on a user identifier; obtaining an indication that the user has approved the second request on the trusted mobile device without the user providing a password corresponding to the user identifier; in response to obtaining the indication, obtaining context data descriptive of information being presented to the user in a second content viewing application; and providing the context data to the first content viewing application to enable presentation of the information to the user in the first content viewing application.
Zhang from same or similar field of endeavor teaches obtaining, from a first mobile device, a first request to authenticate a user on a first content viewing application based on a user identifier (Paragraphs 0081, 0060, 0045, and 0111-112 teach the user inputs a web address of a WeChat (i.e., social media app) login page on a computer (i.e., first user device) and the computer sends a page login request to the WeChat server over the Internet, and the display terminal generates a page login request and sends the page login request to the server, and the server receives the information access request from the first client device; the information access request may be triggered, for example, when the user of the first client device clicks on a sign-in button in an account sign-in webpage or when the user clicks on a link to access information associated with another user account, and the server system generates a unique identifier and returns the unique identifier to the first client device, wherein the unique identifier, which may be a 1D bar code, a 2D bar code, or a 3D bar code, is to be displayed on a display of the first client device; moreover, the unique identifier includes authentication information generated by the server system or the information access request (i.e., unique identifier includes user identifier)); obtaining an indication that the user has approved the second request on the trusted mobile device without the user providing a password corresponding to the user identifier (Paragraphs 0082, 0070, 0045, and 0114 teach the user opens the application program for scanning a 2D code in WeChat on the mobile phone (i.e., second user device) and scans (i.e., indication) the 2D code displayed on the WeChat login page on the computer through the application program and generates scanning information and sends the scanning information to the WeChat server; and a determination is made whether the authentication information corresponds to the unique identifier generated by the server system (i.e., checks to see if a one-to-one mapping exists between the account of which login is performed on the application module of the scanning terminal and the authentication identifier in the identification code); more specifically, the second client device generates a first message (i.e., scanning information) that includes user account information saved locally at the client device as well as information provided by the server system when the user logs into his or her account from the second client device); in response to obtaining the indication, obtaining context data descriptive of information being presented to the user in a second content viewing application (Paragraph 0118 teaches after authenticating the information access request, the server system generates a webpage using the information (i.e., context data) acquired from the second client device and associated with the user account information); and providing the context data to the first content viewing application to enable presentation of the information to the user in the first content viewing application (Paragraphs 0118 and 0084 teach the server system returns the webpage to the first client device to be displayed on the display of the first client device; for example, if the application module in the present invention is a 
It would have been prima facie obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to have the modified the base invention in the combination of Howard and Saxman, which teaches receiving a request from a first mobile device to generate a first secure key for the first mobile device from a second secure key stored on a trusted mobile device for electronic transaction processing, to incorporate the teachings of Zhang to obtain, from a first mobile device, a first request to authenticate a user on a first content viewing application based on a user identifier; obtain an indication that the user has approved the second request on the trusted mobile device without the user providing a password corresponding to the user identifier; in response to obtain the indication, obtaining context data descriptive of information being presented to the user in a second content viewing application; and provide the context data to the first content viewing application to enable presentation of the information to the user in the first content viewing application.
There is motivation to combine Zhang into the combination of Howard and Saxman because a method is provided to help facilitate the operation of a user during page login on a display terminal. This page login method is provided so as to 

Regarding Claim 19, the combination of Howard, Saxman, and Zhang teaches all the limitations of claim 17 above; however the combination does not explicitly teach wherein the first content viewing application and the second content viewing application include a first browser and a second browser, respectively.
Zhang further teaches wherein the first content viewing application and the second content viewing application include a first browser and a second browser, respectively (Paragraphs 0058 and 0064 teach the application module of the mobile phone may be a web site (i.e., first content viewing application, and the display terminal (i.e., computer) comprises a web page or login page (i.e., second content viewing application)).
It would have been prima facie obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to have the modified the combination of Howard, Saxman, and Zhang to incorporate the further teachings of Zhang for the first content viewing application and the second content viewing application include a first browser and a second browser, respectively.
There is motivation to further combine Zhang into the combination of Howard, Saxman, and Zhang because of the same reasons listed above for claim 17.

Claim 18 is rejected under 35 U.S.C. 103 as being unpatentable over Howard (US 20190095607) in view of Saxman (US 20140026193) in further view of Zhang (US 20140033286) in further view of Banerjee (US 20160212113).

Regarding Claim 18, the combination of Howard, Saxman, and Zhang teaches all the limitations of claim 17 above; however, the combination does not explicitly teach wherein the operations further comprise: selecting a trusted verification method from a plurality of trusted verification methods; and in response to selecting the trusted verification method, transmitting the second request to the trusted mobile device.
Banerjee from same or similar field of endeavor teaches wherein the operations further comprise: selecting a trusted verification method from a plurality of trusted verification methods (Paragraphs 0008, 0019, 0028, and 0068 teach the requested authentication information is determined based on the authentication policy associated with the protected resource, and the various security policies can also be selected and/or otherwise established during the registration process; furthermore, multi-factor authentication can be selected and/or otherwise triggered in response to an end-user requesting access to a protected resource, wherein the policies can include, by way of example, relative device proximity policies, geofencing policies, biometric identification policies, and/or movement policies; the credential management (ZPL) platform generates and sends an authentication information request to the secondary authentication device that is determined by the policy or policies); and in response to selecting the trusted verification method, transmitting the second request to the trusted mobile device (Paragraph 0068 teaches the authentication information request indicates additional information to be obtained by the secondary authentication device, and although a single request for information is shown, it is appreciated that the credential management (ZPL) platform may request additional information more than once depending on the policy and/or the information obtained in the authentication information responses from the secondary authentication device).
It would have been prima facie obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to have modified the combination of Howard, Saxman, and Zhang to incorporate the teachings of Banerjee to select a trusted verification method from a plurality of trusted verification methods, and in response transmit the second request to the trusted mobile device.
There is motivation to combine Banerjee into the combination of Howard, Saxman, and Zhang because the authentication (multi-factor) module is configured to provide a configurable multi-factor authentication. The multi-factor authentication is configured such that it is not intrusive, time consuming or confusing. The system can provide various multifactor authentication techniques that may seem invisible yet effective at ascertaining the authenticity of the identity of the end client (Banerjee Paragraph 0051).

Claim 20 is rejected under 35 U.S.C. 103 as being unpatentable over Howard (US 20190095607) in view of Saxman (US 20140026193) in further view of Zhang (US 20140033286) in further view of Carlson (US 20140143137).

Regarding Claim 20, the combination of Howard, Saxman, and Zhang teaches all the limitations of claim 17 above; however the combination does not explicitly teach wherein the context data corresponds to a particular stage of a transaction the user is conducting on the trusted mobile device.
Carlson from same or similar field of endeavor teaches wherein the context data corresponds to a particular stage of a transaction the user is conducting on the trusted mobile device (Paragraphs 0121 and 0127 teach the trusted device may generate a transaction request and send the transaction request to the trusted intermediary computer, wherein the transaction request may include an account designation that corresponds to an enrolled user identifier or trusted device identifier (e.g., a username, device serial number, or phone number), a transaction type (e.g., withdraw or transfer), an account type (e.g., checking, savings, etc.), and an amount (e.g., $100), and assuming the received information is validated and the trusted intermediary computer, trusted device, and/or user information matches the information in the pairing identifier entry, the untrusted device may now have all of the typical transaction data that the untrusted device controller may use in order to process the transaction).
It would have been prima facie obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to have modified the combination of Howard, Saxman, and Zhang to incorporate the teachings of Carlson for the context data to correspond to a particular stage of a transaction the user is conducting on the trusted mobile device.
.

Conclusion
The prior art made of record and not relied upon is considered pertinent to applicant's disclosure.
Antonyraj et al. (US 20170250974) teaches a system and method for pairing a mobile device with a computer for password-less login using a network service is provided. The method may include sending a pairing request to a network server from a computing device, wherein the pairing request includes computer authentication data and a computer public key. The network server may pair the mobile device with the computing device; wherein, the computing device may generate a pairing secret key and an associated QR image, which the user is prompted to scan using the mobile device. A pairing agent within the mobile device may validate the computer authentication data and parse the computer public key therefrom. In some embodiments a PIN could be displayed by the computer and entered by the user into the mobile device or silently exchanged between the computer and the mobile device, when proximate to each other, for the mutual authentication data validation. The method may further include registering the user mobile and computer devices for administrative management at the network server for an enterprise deployment or end user self-service management.

Jiang et al. (US 20160316369) teaches an account login method that includes receiving a login request command sent by a second terminal, the login request command carrying an account and a second terminal identifier. The method further includes detecting whether a device lock flag corresponding to the account is unlocked and that a state corresponding to the second terminal identifier is that a device lock is locked If yes, the method further includes acquiring a first terminal identifier corresponding to the account, a state corresponding to the first terminal identifier being that the device lock is unlocked and implementing a login of the account on the second terminal by using a first terminal corresponding to the first terminal identifier.
Any inquiry concerning this communication or earlier communications from the examiner should be directed to COURTNEY JONES whose telephone number is (469)295-9137.  The examiner can normally be reached on 7:30 am - 5:00 pm CST (M-F).
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an 
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Neha Patel can be reached at (571) 270-1492.  The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system.  Status information for published applications may be obtained from either Private PAIR or Public PAIR.  Status information for unpublished applications is available through Private PAIR only.  For more information about the PAIR system, see http://pair-direct.uspto.gov. Should you have questions on access to the Private PAIR system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative or access to the automated information system, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.




/C.P.J./Examiner, Art Unit 3685

/JAY HUANG/Primary Examiner, Art Unit 3685