DETAILED ACTION
Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .
This action is the responsive to the communication filed on 04/22/2021.

Response to Arguments
Applicant’s arguments with respect to claim(s) for rejected claims under 35 USC 103(a) have been considered but are moot because the new ground of rejection does not rely on any reference applied in the prior rejection of record for any teaching or matter specifically challenged in the argument.



Claim Rejections - 35 USC § 103
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.


Claims 1-4, 7, 9, 10-11 and 16 are rejected under 35 U.S.C. 103 as being unpatentable over XU US 2016/0321628 in view of Chan et al US 2015/0350186.

As per claim 1, Xu discloses a method of allocating device identifiers, comprising:
 	 receiving a first request, the first request comprising terminal device information and a user authentication password ( par 0123/0126,  send the first  binding request to a payment proxy server, wherein the proxy server received the first request include user information as a password, par 0003User information such as a bank card number and password of a user are intercepted when the user completes input of information about the bank card number  ); 
 	the user authentication password  matching a locally save user authentication password ( [0219] The payment proxy server receives the second password reset request sent by the terminal device, queries, by using the terminal device identifier and the first application identifier that are in the second password reset request, the local password verification information generated by the payment proxy server, determines whether the local password verification information is the same as the password verification information that is in the second password reset request and is input by the user, and if the local password verification information is the same as the password verification information that is in the second password reset request and is input by the user, updates the previous express password to the new express password that is in the second password reset request and is input by the user), 
  	 generating, at a server, a first device identifier corresponding to a terminal device using the user authentication password (par 0123 the payment proxy server generates an associated identifier, i.e.  a first device identifier, according to the first binding request, where the associated identifier is associated with the first user information, the application identifier, and the terminal device identifier.  ); and  
 the payment proxy server, i.e. the server, acquires the first user information, i.e. user identity information, according to the associated identifier, i.e. first device identifier, and then generates preset location information of the first user information according to a preset rule ). 

 	Xu does not explicitly discloses the locally saved user authentication password being generated according to a second request received after the first request; invalidating the user authentication password after expiration of a validity period.
 	Chan discloses the locally saved user authentication password being generated according to a second request received after the first request (par 0033 the client computing device caches, i.e. locally saved, authorization information and information used for obtaining the token, i.e. authentication password. A token cache may be located in the client computing device);
 	 invalidating the user authentication password after expiration of a validity period (par 0035 the access token may be invalidated and/or expired. ).
 
Therefore, it would have been obvious before the effective filing date of the claimed invention to implement the claimed invention by modifying a method of obtaining password for service request of Xu, based on the teaching of time-based usage restrictions placed on the access tokens  of Chan, because doing so would provide a Web services use a new token, can be refresh bases on the expiration of time or validity, of security measures to ensure that clients accessing protected resources are authenticated and authorized to access the protected resources(par 0003).

 As per claim 2, Xu in view of Chen discloses the method according to claim 1, the combination discloses wherein the first request is sent by a terminal device or a user terminal (Xu ,0123, Step 102: Send the first binding request to a payment proxy server); and the second request is sent by the terminal device or the user terminal ( Xu, par 0129 ,Step 105: Send the second binding request to the payment proxy server ).  

As per claim 3, Xu in view of Chen discloses the method according to claim 2, the combination discloses further comprising: sending the first device identifier to the terminal device and/or the user terminal (Xu, 0123, Step 102: Send the first binding request to a payment proxy server).  

As per claim 4, Xu in view of Chen discloses the method according to claim 1, the combination discloses further comprising: saving a binding relation between user's identity information and the first device identifier (Xu, 0044] sending the card binding information to the terminal device, so that the terminal device saves the card binding information).  

As per claim 7, Xu in view of Chen discloses the method according to claim 1, the combination discloses wherein the user authentication password is generated by:  
receiving the second request (Xu, 0011, sending the second binding request to the payment proxy server); 
determining user's identity information, and generating a user authentication password using the user's identity information ( Xu,0022 determining whether the card binding information stored in the terminal device includes first card binding information according to the terminal device identifier and an application identifier of the first application, where the first card binding information includes the terminal device identifier ); and 
saving the user authentication password corresponding to the user's identity information (  Xu, 0044 sending the card binding information to the terminal device, so that the terminal device saves the card binding information).  

As per claim 9, Xu in view of Chen discloses The method according to claim 1, the combination discloses wherein if the received first request does not comprise a user authentication password, the method further comprises:
 generating a second device identifier using the terminal device information included in the received first request ( Xu, 0016 ,generating the second binding request, where the second binding request includes the second user information and the associated identifier).  

As per claim 10, Xu in view of Chen discloses The method according to claim 9,  the combination discloses further comprising: 
returning the generated second device identifier to the terminal device and/or user terminal (Xu, par 0018 receiving card binding information sent by the payment proxy server).  
As per claim 11, Xu in view of Chen discloses The method according to claim 1,  the combination discloses wherein the terminal device information comprises at least one of a device model, a device MAC address, and a product serial number of a device (Xu,  0019, saving the card binding information ).  



As per claim 16, Xu in view of Chen discloses the method according to claim 1, wherein the first request comprises an identity registration request (Xu ,0123, send the first binding request  thus, wherein the associated identifier is associated , i.e. registration with first user information); and the prior  request comprises a request for acquiring an authentication password (Xu, par 0127  Step 104: Generate a second binding request according to the associated identifier, where the second binding request includes second user information and the associated identifier, and the second user information and the first user information are used for forming complete user information and Chen discloses par 0033 the client computing device caches, i.e. locally saved, authorization information and information used for obtaining the token, i.e. authentication password. A token cache may be located in the client computing device).


Claims 5 and 14 are rejected under 35 U.S.C. 103 as being unpatentable over XU US 2016/0321628 in view of Chan et al US 2015/0350186 in view of Dai US 2016/0088151.

As per claim 5, Xu in view of Chan discloses the method according to claim 4, the combination discloses further comprising:  but fails to disclose 
 receiving a cancelation request carrying the first device identifier; and deleting the binding relation between the user's identity information and the first device identifier.  
However, Dai discloses receiving a cancelation request carrying the first device identifier (par 0030 the carrier service server may also receive a request for canceling the binding with the called number sent by the client terminal corresponding to the user ID  ); and deleting the binding relation between the user's identity information and the first device identifier ( par 0030 delete or invalidate the binding relationship between the user ID and the called number in the background database).  

Therefore, it would have been obvious before the effective filing date of the claimed invention to implement the claimed invention by modifying a method of obtaining password for service request of Xu, based on the teaching of time-based usage restrictions placed on the access tokens of Chan, based on the teaching of cancelling the request and deleting the binding relation of identifier of Dai, because doing so would provide a jam free communication between device.

As per claim 14, Xu in view of Chan discloses the method according to claim 1,  the combination fails to  disclose further comprising: receiving a cancelation request carrying the first device identifier; and releasing the first device identifier (emphasis).  

 However, Dai discloses receiving a cancelation request carrying the first device identifier (par 0030 the carrier service server may also receive a request for canceling the binding with the called number sent by the client terminal corresponding to the user ID   ); and releasing the first device identifier (par 0160  updated, i.e. releasing the profile IDs, to the profiles and encrypted accordingly, thus ensuring better quality of the profile IDs stored within databases 90 and 91).  

Therefore, it would have been obvious before the effective filing date of the claimed invention to implement the claimed invention by modifying a method of obtaining password for service request of Xu, based on the teaching of time-based usage restrictions placed on the access tokens of Chan, based on the teaching of cancelling the request and deleting the binding relation of identifier of Dai, because doing so would provide a jam free communication between device.

Claims 17-20 are rejected under 35 U.S.C. 103 as being unpatentable over XU US 2016/0321628 in view of in view of Zhong et al US 2016/0112340 in view of Chan et al US 2015/0350186.

As per claim 17, Xu discloses a method of allocating device identifiers, comprising: 
 acquiring a user authentication password from a server (0085, acquire the first user information, i.e. password, the application identifier, and the terminal device identifier according to the associated identifier ); and 
 sending the user authentication password to a terminal device to trigger the terminal device to acquire a first device identifier corresponding to the terminal device from the server by using the user authentication password ( par 0034 sending the associated identifier to the terminal device, so that the terminal device generates a second binding request according to the associated identifier, where the second binding request includes second user information and the associated identifier, and the second user information and the first user information are used for forming complete user information; and 0142  then the message push server sends the associated identifier to a message push client installed in the terminal device, and then the terminal device acquires the associated identifier by using the message push client,i.e. trigger.) and causing the server to subsequently invalidate the user authentication password ( [0219] The payment proxy server receives the second password reset request sent by the terminal device, queries, by using the terminal device identifier and the first application identifier that are in the second password reset request, the local password verification information generated by the payment proxy server, determines whether the local password verification information is the same as the password verification information that is in the second password reset request and is input by the user, and if the local password verification information is the same as the password verification information that is in the second password reset request and is input by the user, updates the previous express password to the new express password that is in the second password reset request and is input by the user) , 
 the first device identifier being generated at the server and being acquired based on user identity information and the first device identifier having been bound at the server (par 0128 the payment proxy server, i.e. the server, acquires the first user information, i.e. user identity information, according to the associated identifier, i.e. first device identifier, and then generates preset location information of the first user information according to a preset rule). 
 Xu does not explicitly discloses triggering the terminal device, the first device identifier having been bound at the server(emphasis).
Yang discloses triggering the terminal device (0084] After the selection operation is triggered on the binding device information displayed in an interface of a current device, i.e. terminal device, is detected), the first device identifier having been bound at the server( fig.3, 0086 the obtained device identifier and the resource to be shared are sent, i.e. bound, to the server and 0097 a device identifier corresponding to a device that requests to be bound are obtained through a triggered device binding instruction, see 0099 ).
 
Therefore, it would have been obvious before the effective filing date of the claimed invention to implement the claimed invention by modifying a method of obtaining password for service request of Xu, based on the teaching of  trigger the device for binding the device identifier of Zhong, because doing so would provide improvement of sharing resource between devices. 

 The combination fails to disclose the server to subsequently invalidating the user authentication password after expiration of a validity period, the first identifier being generated at the server, and acquiring the first device identifier.

 However Chan disclose the server to subsequently invalidating the user authentication password after expiration of a validity period (par 0035 the access token may be invalidated and/or expired), the first identifier being generated at the server (par 0034  the token service computer generates a token, i.e., the first identifier,.. which may include a time-to-live or an expiration time), and acquiring the first device identifier ( par 0034  obtaining,i.e, acquiring, the access token, i.e. first device identifier).

Therefore, it would have been obvious before the effective filing date of the claimed invention to implement the claimed invention by modifying a method of obtaining password for service request of Xu, based on the teaching of  trigger the device for binding the device identifier of Zhong, because doing so would provide based on the teaching of time-based usage restrictions placed on the access tokens  of Chan, because doing so would provide a Web services use a new token, can be refresh bases on the expiration of time or validity,  of security measures to ensure that clients accessing protected resources are authenticated and authorized to access the protected resources(par 0003). 


As per claim 18, Xu in view of Zhong in view of Chan discloses the method according to claim 17, further comprising: 
 receiving the first device identifier returned by the terminal device (Xu 0032 receiving a first binding request sent by a terminal device in view of Chan par 0034  obtaining,i.e, acquiring, the access token, i.e. first device identifier).  

 	As per claim 19, Xu in view of Zhong in view of Chan discloses the method according to claim 17, wherein acquiring a user authentication password from a server comprises:
 	 sending a request for acquiring an authentication password to the server ( Xu, par 0121 Generate a first binding request, where the first binding request includes first user information, an application identifier, and a terminal device identifier in view Chan  par 0034  obtaining,i.e, acquiring, the access token, i.e. first device identifier ); and receiving a user authentication password generated by the server using the user's identity information and returned by the server ( Xu, par 0134 the terminal device obtains, i.e. receiving, the first card binding information that include password, in view Chan par 0034  obtaining,i.e, acquiring, the access token, i.e. first device identifier ).


 As per clam 20,  Xu discloses a method of allocating device identifiers, comprising: 
 receiving a user authentication password from a user terminal ( 0032 receiving a first binding request sent by a terminal device, wherein the first binding request includes the first user information, i.e. password); 
sending the user authentication password to a terminal device to trigger the terminal device to acquire a first device identifier corresponding to the terminal device from the server by using the user authentication password ( par 0034 sending the associated identifier to the terminal device, so that the terminal device generates a second binding request according to the associated identifier, where the second binding request includes second user information and the associated identifier, and the second user information and the first user information are used for forming complete user information; and 0142  then the message push server sends the associated identifier to a message push client installed in the terminal device, and then the terminal device acquires the associated identifier by using the message push client,i.e. trigger.) and causing the server to subsequently invalidate the user authentication password ( [0219] The payment proxy server receives the second password reset request sent by the terminal device, queries, by using the terminal device identifier and the first application identifier that are in the second password reset request, the local password verification information generated by the payment proxy server, determines whether the local password verification information is the same as the password verification information that is in the second password reset request and is input by the user, and if the local password verification information is the same as the password verification information that is in the second password reset request and is input by the user, updates the previous express password to the new express password that is in the second password reset request and is input by the user) , 
 the first device identifier being generated at the server and being acquired based on user identity information and the first device identifier having been bound at the server (par 0128 the payment proxy server, i.e. the server, acquires the first user information, i.e. user identity information, according to the associated identifier, i.e. first device identifier, and then generates preset location information of the first user information according to a preset rule). 
 Xu does not explicitly discloses triggering the terminal device, the first device identifier having been bound at the server(emphasis).
Yang discloses triggering the terminal device (0084] After the selection operation is triggered on the binding device information displayed in an interface of a current device, i.e. terminal device, is detected), the first device identifier having been bound at the server( fig.3, 0086 the obtained device identifier and the resource to be shared are sent, i.e. bound, to the server and 0097 a device identifier corresponding to a device that requests to be bound are obtained through a triggered device binding instruction, see 0099 ).
 	The combination fails to disclose the server to subsequently invalidating the user authentication password after expiration of a validity period, the first identifier being generated at the server, and acquiring the first device identifier.
 	 However Chan disclose the server to subsequently invalidating the user authentication password after expiration of a validity period (par 0035 the access token may be invalidated and/or expired), the first identifier being generated at the server (par 0034  the token service computer generates a token, i.e, the first identifier,.. which may include a time-to-live or an expiration time), and acquiring the first device identifier ( par 0034  obtaining,i.e, acquiring, the access token, i.e. first device identifier).
Therefore, it would have been obvious before the effective filing date of the claimed invention to implement the claimed invention by modifying a method of obtaining password for service request of Xu, based on the teaching of  trigger the device for binding the device identifier of Zhong, because doing so would provide based on the teaching of time-based usage restrictions placed on the access tokens  of Chan, because doing so would provide a Web services use a new token, can be refresh bases on the expiration of time or validity,  of security measures to ensure that clients accessing protected resources are authenticated and authorized to access the protected resources(par 0003). 


Allowable Subject Matter
Claims 6, 8, 12-13 and 15 are objected to as being dependent upon a rejected base claim, but would be allowable if rewritten in independent form including all of the limitations of the base claim and any intervening claims.


Conclusion
Applicant's amendment necessitated the new ground(s) of rejection presented in this Office action.  Accordingly, THIS ACTION IS MADE FINAL.  See MPEP § 706.07(a).  Applicant is reminded of the extension of time policy as set forth in 37 CFR 1.136(a).  
A shortened statutory period for reply to this final action is set to expire THREE MONTHS from the mailing date of this action.  In the event a first reply is filed within TWO MONTHS of the mailing date of this final action and the advisory action is not mailed until after the end of the THREE-MONTH shortened statutory period, then the shortened statutory period will expire on the date the advisory action is mailed, and any extension fee pursuant to 37 CFR 1.136(a) will be calculated from the mailing date of the advisory action.  In no event, however, will the statutory period for reply expire later than SIX MONTHS from the date of this final action. 

The prior art made of record and not relied upon is considered pertinent to applicant's disclosure. Panchapakesan, US 2016/0191526 [0042] The requesting client device 106 and sender client device 106 may also authenticate one another with the assistance of the file storage application 126 or an authentication server. Upon selection of a particular client device 106 as a sender client device 106, the requesting client device 106 and sender client device 106 can independently obtain an authentication token, or a one-time password, from the file storage application 126. The requesting client device 106 and sender client device 106 can then exchange these authentication tokens. In other words, the requesting client device 106 can transmit its authentication token to the sender client device 106 and vice versa. [0043] Next, the requesting client device 106 and sender client device 106 can verify the authentication token obtained from the other client device 106 by transmitting an authentication request to the file storage application 126 that includes the authentication token, an identifier associated with the client device 106 from which the authentication token was obtained and/or a file identifier corresponding to the file requested by the requesting client device 106. The file storage application 126 can then verify that the requesting client device 106 is entitled to access the requested file as well as that the sender client device 106 is a legitimate transferor of the file. If the tile storage application 126 confirms the authenticity of the client devices 106 and provides an indication to this effect to the respective client devices 106, a file transfer session can be established between the requesting client device 106 and sender client device 106 in which the sender client device 106 can transmit the requested file to the requesting client device 106. 


Conclusion
Any inquiry concerning this communication or earlier communications from the examiner should be directed to ABU S SHOLEMAN whose telephone number is (571)270-7314.  The examiner can normally be reached on EST: 9am-5pm.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Farid Homayounmehr can be reached on 571-272-3739.  The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system.  Status information for published applications may be obtained from either Private PAIR or Public PAIR.  Status information for unpublished applications is available through Private PAIR only.  For more information about the PAIR system, see https://ppair-my.uspto.gov/pair/PrivatePair. Should you have questions on access to the Private PAIR system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative or access to the automated information system, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.






/ABU S SHOLEMAN/Primary Examiner, Art Unit 2495