Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .

Response to Arguments
1.	Examiner has withdrawn the current 101 rejection to independent claim 18. No further action is needed.
Applicant's arguments filed 4/27/2021 have been fully considered but they are not persuasive. 
2.	Applicant argues that the prior art Knas in view of Osheter does not disclose “generating, by the authenticating device, a secure token based on the secret key value and the current hash value, wherein the current hash value is used as a moving factor”, as recited in independent claims.
In response to Applicants arguments, the Examiner respectfully disagrees with the applicant and would like to show that Knas in view of Osheter discloses generating, by the authenticating device, a secure token based on the secret key value and the current hash value, wherein the current hash value is used as a moving factor. The Examiner points out that Osheter discloses a software application may generate a one-time password based on a time factor using an HMAC-based (hash-based message authentication codes-based) one-time Password algorithm (HOTP). For example, the HOTP algorithm may be executed by a token (one-time password generator), which may be a dedicated token generator device or may be a software application hosted by a user device or other system described herein. The token generates a numeric code. The token may use a secret seed/key and a moving factor which, in event-based OTP, may be a counter (Claim 1).
Examiner asserts that the token in Applicant’s invention is germane to the one-time password in Osheter.
As such the Examiner maintains the rejection.



Claim Rejections - 35 USC § 103
In the event the determination of the status of the application as subject to AIA  35 U.S.C. 102 and 103 (or as subject to pre-AIA  35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status.  
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.


s 1-6 and 8-15 and 18-20 are rejected under 35 U.S.C. 103 as being unpatentable over Knas (US Patent 10867057) in view of Osheter (US Patent Pub. 20170272251).


As per claims 1, 12 and 18:  Knas discloses a computer-implemented method comprising:
retrieving, by an authenticating device and from a blockchain, a current hash value of the blockchain, wherein the authenticating device and an authenticator server each have access to the blockchain, and wherein the authenticating device and the authenticator server share a secret key value (Col 2, lines 33-43; retrieving, by the server, a latest valid blockchain from a plurality of network nodes associated with the blockchain, the latest valid blockchain comprising one or more block instances comprising blockchain data and a corresponding cryptographic hash value, each block instance stored in a database associated with at least one of the plurality of network nodes);
transmitting the secure token to the authenticator server; and receiving an indication of authentication from the authenticator server (Col 20, lines 31-38; analytics server may use a static or dynamic passcode (e.g., a passcode selected by the user or a changing passcode, such as a token-based dynamic passcode) in order to authenticate the user. In some configurations, the analytics server may use one or two of the above-mentioned authentication methods to authenticate the user).

Osheter discloses a software application may generate a one-time password based on a time factor using an HMAC-based (hash-based message authentication codes-based) one-time Password algorithm (HOTP). For example, the HOTP algorithm may be executed by a token (one-time password generator), which may be a dedicated token generator device or may be a software application hosted by a user device or other system described herein. The token generates a numeric code. The token may use a secret seed/key and a moving factor which, in event-based OTP, may be a counter.
Therefore, it would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains, having the teachings of Knas and Osheter in it’s entirety, to modify the technique of Knas for retrieving, by the server, a latest valid blockchain from a plurality of network nodes associated with the blockchain by adopting Osheter's teaching for a token which may use a secret seed/key and a moving factor which, in event-based OTP, may be a counter. The motivation would have been to improve one time password with moving factor.
As per claim 2:  	The combination of Knas in view of Osheter discloses the method of claim 1, wherein retrieving the current hash value further comprises: 
satisfying an access parameter of the block chain; and synchronizing the block chain to the authenticating device (See Knas, Col 8, lines 56-63; The client device 140 may comprise any number of input devices configured to receive any number of data inputs, including various types of data inputs allowing for authentication (e.g., username, passwords, certificates, and biometrics).
As per claim 3:  	The combination of Knas in view of Osheter discloses the method of claim 2, wherein the access parameter comprises an alphanumeric password (See Knas, Col 16, lines 30-35; blockchain key may be a randomly generated alphanumerical string of characters and/or other values).
As per claim 4:  	The combination of Knas in view of Osheter discloses the method of claim 2, wherein the access parameter comprises a geolocation (See Knas, Col 19, lines 19-23; the analytics server may query and identify a location identification associated with a global positioning system coordinates of the user's computing device and match the GPS location with a previously stored GPS location).
As per claim 5:	The combination of Knas in view of Osheter discloses the method of claim 2, wherein the access parameter comprises a time parameter (See Knas, Col 5, lines 50-55; The analytics server 110a may generate each new block instance with a timestamp or other data that links the new block instance with existing block instances on the blockchain).
As per claim 6:	The combination of Knas in view of Osheter discloses the method of claim 2, wherein the access parameter comprises a biometric parameter (See Knas, See Knas, Col 8, lines 56-63; The client device 140 may comprise any number of input devices configured to receive any number of data inputs, including various types of data inputs allowing for authentication (e.g., username, passwords, certificates, and biometrics).
As per claim 8:	The combination of Knas in view of Osheter discloses the method of claim 1, wherein generating the secure token uses a hash-based message authentication code (HMAC) based on a hash mechanism, the secret key value, and the current hash value (See Osheter, Paragraph 24; The result of the second hash function, performed at the second party 120, is the result of the HMAC method and can be used to authenticate a client (e.g., when generating a one-time password) or for authenticating a message (e.g., when computing HMAC for the purpose of message authentication).
As per claim 9:  The combination of Knas in view of Osheter discloses the method of claim 1, wherein generating the secure token further comprises signing the secure token with a private key of the authenticating device, and wherein a public key of the authenticating device is stored in the blockchain (See Knas; Col 10, lines 28-35; data indicated as private by a network node may be encrypted using said network node's public key.  As a result, when attempting to decrypt the same data, the analytics server may request the network node's private key).
As per claim 10:  The combination of Knas in view of Osheter discloses the method of claim 9, wherein prior to retrieving the current hash value, the method further comprises:
registering the authenticating device with the blockchain by storing the public key of the authenticating device in a first block of the blockchain (See Knas; Col 10, lines 28-35; data indicated as private by a network node may be encrypted using said network node's public key.  As a result, when attempting to decrypt the same data, the analytics server may request the network node's private key).
As per claim 11:  The method of claim 1, wherein receiving the indication of authentication from the authenticator server further comprises:  
receiving access privileges to an application executing on the authenticating device (See Knas; Col 10, lines 28-35; data indicated as private by a network node may be encrypted using said network node's public key.  As a result, when attempting to decrypt the same data, the analytics server may request the network node's private key).
As per claim 13:  The combination of Knas in view of Osheter discloses the method of claim 12, wherein determining that the verification token matches the secure token further comprises:
validating a digital signature appended to the secure token using a public key of the authenticating device, wherein the public key of the authenticating device is retrieved from the blockchain (See Knas, The analytics serve may also utilize the multiple private or public keys as an authentication (e-signature) method to illustrate individuals who have accessed or performed an action within the blockchain).
As per claim 14:  The combination of Knas in view of Osheter discloses the method of claim 12, further comprising:
recording the authenticating of the authenticating device in the blockchain using a private key associated with the authenticator server (See Knas; Col 10, lines 28-35; data indicated as private by a network node may be encrypted using said network node's public key.  As a result, when attempting to decrypt the same data, the analytics server may request the network node's private key).
As per claim 15:  The combination of Knas in view of Osheter discloses the method of claim 14, wherein recording the authenticating in the blockchain causes the secure token to be obsoleted (See Knas; Col 20, lines 30-40; the analytics may use a static or dynamic passcode (e.g., a passcode selected by the user or a changing passcode, such as a -based dynamic passcode) in order to authenticate the user).
As per claim 17:  The combination of Knas in view of Osheter discloses the method of claim 12, wherein generating the verification token uses a hash-based message authentication code (HMAC) based on a hash mechanism, the secret key value, and the current hash value (See Osheter, Paragraph 24; The result of the second hash function, performed at the second party 120, is the result of the HMAC method and can be used to authenticate a client (e.g., when generating a one-time password) or for authenticating a message (e.g., when computing HMAC for the purpose of message authentication).
As per claim 19:  The combination of Knas in view of Osheter discloses the system of claim 18, wherein the program instructions were downloaded over a network from a remote server (See Osheter, Paragraph 16; One party, nominated as the first server, receives a value that is an output of a first compression function applied on K, and the other party, nominated as the second server, receives an output of a second compression function applied on K. In some cases, the key K may be padded by an extra constant number to the input block size of the function).
As per claim 20:  The combination of Knas in view of Osheter discloses the system of claim 18, wherein the computer-readable storage medium storing the program instructions is a server data processing system, and wherein the program instructions See Osheter, Paragraph 16; One party, nominated as the first server, receives a value that is an output of a first compression function applied on K, and the other party, nominated as the second server, receives an output of a second compression function applied on K. In some cases, the key K may be padded by an extra constant number to the input block size of the function).

Claims 7 and 16 are rejected under 35 U.S.C. 103 as being unpatentable over Knas (US Patent 10867057) in view of Osheter (US Patent Pub. 20170272251) and in view of Lam (US Patent Pub 20160342977).


As per claims 7 and 16:	The combination of Knas in view of Osheter discloses the method of claim 1, retrieving, by an authenticating device and from a blockchain, a current hash value of the blockchain, wherein the authenticating device and an authenticator server each have access to the blockchain, and wherein the authenticating device and the authenticator server share a secret key value (Col 2, lines 33-43; retrieving, by the server, a latest valid blockchain from a plurality of network nodes associated with the blockchain, the latest valid blockchain comprising one or more block instances comprising blockchain data and a corresponding cryptographic hash value, each block instance stored in a database associated with at least one of the plurality of network nodes);

Lam discloses a Litecoin.TM. may use a scrypt based key derivation function instead of a SHA hash function and may use a Base58-encoded hash instead of a SHA hash, for example. Preferably, the system may be adapted to to communicate between blockchains with at least one differing (Paragraph 144).
Therefore, it would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains, having the teachings of Knas, Osheter and Lam in it’s entirety, to modify the technique of Knas for retrieving, by the server, a latest valid blockchain from a plurality of network nodes associated with the blockchain by adopting Lam's teaching for a key derivation function. The motivation would have been to improve one time password with moving factor.

Conclusion
THIS ACTION IS MADE FINAL.  Applicant is reminded of the extension of time policy as set forth in 37 CFR 1.136(a).  
A shortened statutory period for reply to this final action is set to expire THREE MONTHS from the mailing date of this action.  In the event a first reply is filed within TWO MONTHS of the mailing date of this final action and the advisory action is not mailed until after the end of the THREE-MONTH shortened statutory period, then the shortened statutory period will expire on the date the advisory action is mailed, and any 

Contact Information
Any inquiry concerning this communication or earlier communications from the examiner should be directed to ANTHONY D BROWN whose telephone number is (571)270-1472.  The examiner can normally be reached on 730-330pm.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Jeffrey Pwu can be reached on 571-272-6798.  The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system.  Status information for published applications may be obtained from either Private PAIR or Public PAIR.  Status information for unpublished applications is available through Private PAIR only.  For more information about the PAIR system, see https://ppair-my.uspto.gov/pair/PrivatePair. Should you have questions on access to the Private PAIR system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative or access 






/ANTHONY D BROWN/Primary Examiner, Art Unit 2433