Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .


DETAILED ACTION
Claims 1-20 are presented for examination.
This is a first action on the merits based on Applicant’s claims submitted 6/18/2019.      

Information Disclosure Statement
The information disclosure statement (IDS) submitted on 6/18/2019 is in compliance with the provisions of 37 CFR 1.97.  Accordingly, the information disclosure statement is being considered by the examiner.
Applicant is respectfully reminded of the duty to disclose 37 C.F.R. 1.56 all pertinent information and material pertaining to the patentability of applicant’s claimed invention, by continuing to submitting in a timely manner PTO-1449, Information Disclosure Statement (IDS) with the filing of applicant’s application or thereafter.
               
Claim Objections
Claim 3, 12, 16 are objected to because of the following informalities:  Appropriate correction is required.
For claim 3, Examiner is clear that the underlined term recited as follows “displaying the page of waiting for register to the user….at the page of waiting for register…” is referring to the positively recited term “a page waiting for registering” from claim 2.  In order to maintain clear and consistent terms, appropriate correction is required.  The limitations should read “displaying the page  for registering to the user….at the page  for registering…”.
For claim 12, Examiner is clear that the underlined term recited as follows “The apparatus of Claim 11, wherein the device further comprises…” is referring to the previously recited term “an authentication device” from claim 11.  In order to maintain clear and consistent terms, appropriate correction is required.  The limitation should be corrected as follows: “The apparatus of Claim 11, wherein the authentication device further comprises…”.
For claim 16, Examiner is clear that the underlined term recited as follows “The apparatus of Claim 12, wherein the apparatus further comprises an authentication device;…” is referring to the previously recited term “an authentication device” from claim 11.  In order to maintain clear and consistent terms and to appropriately refer back to a positively recited term, appropriate correction is required.  The limitation should be corrected as follows: “The apparatus of Claim 12, wherein the apparatus further comprises the authentication device;…”.

CLAIM INTERPRETATION
The following is a quotation of 35 U.S.C. 112(f):
(f) Element in Claim for a Combination. – An element in a claim for a combination may be expressed as a means or step for performing a specified function without the recital of structure, material, or acts in support thereof, and such claim shall be construed to cover the corresponding structure, material, or acts described in the specification and equivalents thereof. 

The following is a quotation of pre-AIA  35 U.S.C. 112, sixth paragraph:
An element in a claim for a combination may be expressed as a means or step for performing a specified function without the recital of structure, material, or acts in support thereof, and such claim shall be construed to cover the corresponding structure, material, or acts described in the specification and equivalents thereof.

The claims in this application are given their broadest reasonable interpretation using the plain meaning of the claim language in light of the specification as it would be understood by one of ordinary skill in the art.  The broadest reasonable interpretation of a claim element (also commonly referred to as a claim limitation) is limited by the description in the specification when 35 U.S.C. 112(f) or pre-AIA  35 U.S.C. 112, sixth paragraph, is invoked. 
As explained in MPEP § 2181, subsection I, claim limitations that meet the following three-prong test will be interpreted under 35 U.S.C. 112(f) or pre-AIA  35 U.S.C. 112, sixth paragraph:
(A)	the claim limitation uses the term “means” or “step” or a term used as a substitute for “means” that is a generic placeholder (also called a nonce term or a non-structural term having no specific structural meaning) for performing the claimed function; 
(B)	the term “means” or “step” or the generic placeholder is modified by functional language, typically, but not always linked by the transition word “for” (e.g., “means for”) or another linking word or phrase, such as “configured to” or “so that”; and 
(C)	the term “means” or “step” or the generic placeholder is not modified by sufficient structure, material, or acts for performing the claimed function. 
Use of the word “means” (or “step”) in a claim with functional language creates a rebuttable presumption that the claim limitation is to be treated in accordance with 35 U.S.C. 112(f) or pre-AIA  35 U.S.C. 112, sixth paragraph. The presumption that the claim limitation is interpreted under 35 U.S.C. 112(f) or pre-AIA  35 U.S.C. 112, sixth paragraph, is rebutted when the claim limitation recites sufficient structure, material, or acts to entirely perform the recited function. 
Absence of the word “means” (or “step”) in a claim creates a rebuttable presumption that the claim limitation is not to be treated in accordance with 35 U.S.C. 112(f) or pre-AIA  35 U.S.C. 112, sixth paragraph. The presumption that the claim limitation is not interpreted under 35 U.S.C. 112(f) or pre-AIA  35 U.S.C. 112, sixth paragraph, is rebutted when the claim limitation recites function without reciting sufficient structure, material or acts to entirely perform the recited function. 
Claim limitations in this application that use the word “means” (or “step”) are being interpreted under 35 U.S.C. 112(f) or pre-AIA  35 U.S.C. 112, sixth paragraph, except as otherwise indicated in an Office action. Conversely, claim limitations in this application that do not use the word “means” (or “step”) are not being interpreted under 35 U.S.C. 112(f) or pre-AIA  35 U.S.C. 112, sixth paragraph, except as otherwise indicated in an Office action.
This application includes one or more claim limitations that do not use the word “means,” but are nonetheless being interpreted under 35 U.S.C. 112(f) or pre-AIA  35 U.S.C. 112, sixth paragraph, because the claim limitation(s) uses a generic placeholder that is coupled with functional language without reciting sufficient structure to perform the recited function and the generic placeholder is not preceded by a structural modifier.  Such claim limitation(s) is/are: a first receiving module, a first sending module, a tenth receiving module, a second determining module, an eleventh receiving module, a tenth sending module, a second receiving module, a first determining module, a second sending module, a third sending module, a fourth receiving module, a fifth sending module, a sixth receiving module, a seventh sending module, a ninth receiving module, a ninth sending module, a third receiving module, a fourth sending module, a seventh receiving module, a first verifying module, a first associating module, an eighth sending module, a fifth receiving module, a first obtaining module, a first generating module and a sixth sending module, a twelfth receiving module, an eleventh sending module, a first displaying module, a thirteenth receiving module and a second displaying module in claims 10-20, and a first generating unit, a first sending unit, a second generating unit and a second sending unit in claims 13-14.
Because this/these claim limitation(s) is/are being interpreted under 35 U.S.C. 112(f) or pre-AIA  35 U.S.C. 112, sixth paragraph, it/they is/are being interpreted to cover the corresponding structure described in the specification as performing the claimed function, and equivalents thereof.
If applicant does not intend to have this/these limitation(s) interpreted under 35 U.S.C. 112(f) or pre-AIA  35 U.S.C. 112, sixth paragraph, applicant may:  (1) amend the claim limitation(s) to avoid it/them being interpreted under 35 U.S.C. 112(f) or pre-AIA  35 U.S.C. 112, sixth paragraph (e.g., by reciting sufficient structure to perform the claimed function); or (2) present a sufficient showing that the claim limitation(s) recite(s) sufficient structure to perform the claimed function so as to avoid it/them being interpreted under 35 U.S.C. 112(f) or pre-AIA  35 U.S.C. 112, sixth paragraph.

Claim Rejections - 35 U.S.C. 112
The following is a quotation of 35 U.S.C. 112(b):
(b)  CONCLUSION.—The specification shall conclude with one or more claims particularly pointing out and distinctly claiming the subject matter which the inventor or a joint inventor regards as the invention.
The following is a quotation of 35 U.S.C. 112 (pre-AIA ), second paragraph:
The specification shall conclude with one or more claims particularly pointing out and distinctly claiming the subject matter which the applicant regards as his invention.
Claims 8, 10-12, 15, 17, and 20 rejected under 35 U.S.C. 112(b) or 35 U.S.C. 112 (pre-AIA ), second paragraph, as being indefinite for failing to particularly point out and distinctly claim the subject matter which the inventor or a joint inventor, or for pre-AIA  the applicant regards as the invention.
The claim(s) are narrative in form and replete with indefinite language. The structure which goes to make up the apparatus must be clearly and positively specified. The structure must be organized and correlated in such a manner as to present a complete operative device. 
Examiner will state various examples of indefinite language throughout the claims.  
For claim 8, the limitation reading “using the hardware public key to verify the first signing value…” lacks proper antecedent basis.  The underlined term has not been previously recited, therefore it is not clear as to what this is referring to.  Appropriate correction is required.
For examination purposes, the limitation will be interpreted as “using a hardware public key to verify the first signing value…”
For claim 10, the limitation reading “the user registration information and the registration result identification corresponding to the …” contains the underlined term that lacks proper antecedent basis.  The “registration result identification” has not been previously positively recited, therefore it is unclear as to what this term is referring to.  Appropriate correction is required.
For examination purposes, the limitation will be interpreted as “the user registration information and a registration result identification corresponding to the …”.
For claim 10, the limitation reading “corresponding to the user register information from the website…” lacks proper antecedent basis.  The underlined term has not been positively recited and it is unclear as to what this is referring to.  Appropriate correction is required.
For examination purposes, the limitation will be interpreted as “corresponding to the user registration information from the website…”
For claim 10, the limitation reciting “to determine whether the user has registered…” lacks proper antecedent.  The underlined term has not been positively recited and it is unclear as to what this is referring to.  Appropriate correction is required.
For examination purposes, the limitation will be interpreted as “to determine whether a user has registered successfully…”.
 For claim 10, the limitation reading “configured to receive the obtaining register request including the user identification...” lacks proper antecedent basis.  The underlined term has not been positively recited and it is unclear as to what this is referring to.  Appropriate correction is required.
For examination purposes, the limitation will be interpreted as “configured to receive the obtaining device register request including the user identification...”.
For claim 10, the limitation reading “configured to send the user register request including a first...” lacks proper antecedent basis.  The underlined term has not been positively recited and it is unclear as to what this is referring to.  Appropriate correction is required.
For examination purposes, the limitation will be interpreted as “configured to send the device registering request including a first...”.
For claim 10, the limitation reading “the first signing value and the hardware certificate after the first obtaining...” lacks proper antecedent basis.  The underlined term has not been positively recited and it is unclear as to what this is referring to.  Appropriate correction is required.
For examination purposes, the limitation will be interpreted as “the first signing value and a hardware certificate after the first obtaining...”.
For claim 10, the limitation reading “after the thirteenth receiving module receives the information of successfully registering; display that the user failed to be registered after the thirteenth receiving module receives the information of failed registering;…” contains the underlined terms which seem ambiguous terms.  The terms “information of successfully registering” and “information of failed registering ” have been positively recited twice and for the sake of patent laws, it is unclear if these are one and the same or do they refer to different elements.  Therefore, when the claim refers back to “the information of successfully registering” and “the information of failed registering”, it is unclear to which of the two positively recited elements these are referring to. 
For claim 11, the limitation reciting “to determine whether the user has been registered…” lacks proper antecedent.  The underlined term has not been positively recited and it is unclear as to what this is referring to.  Appropriate correction is required.
For examination purposes, the limitation will be interpreted as “to determine whether a user has been registered successfully…”.
For claim 11, the limitation reciting “which comprises the user identification in the user registration information…” lacks proper antecedent.  The underlined term has not been positively recited and it is unclear as to what this is referring to.  Appropriate correction is required.
For examination purposes, the limitation will be interpreted as “which comprises a user identification in the user registration information…”.
For claim 11, the limitation reciting “configured to receive the device registration data generated by the authentication device…” lacks proper antecedent.  The underlined term has not been positively recited and it is unclear as to what this is referring to.  Appropriate correction is required.
For examination purposes, the limitation will be interpreted as “configured to receive a device registration data generated by the authentication device…”.
For claim 12, the limitation reciting “the browser comprises a twelfth receiving module, the first displaying module and the eleventh sending module; …” lacks proper antecedent.  The underlined terms have not been positively recited and it is unclear as to what these are referring to.  Appropriate correction is required.
For examination purposes, the limitation will be interpreted as “the browser comprises a twelfth receiving module, a first displaying module and a eleventh sending module; …”.
For claim 15, the limitation reciting “the key handle to generate the first signing value, organize the device…” lacks proper antecedent.  The underlined term has not been positively recited and it is unclear as to what this is referring to.  Appropriate correction is required.
For examination purposes, the limitation will be interpreted as “the key handle to generate a first signing value, organize the device…”.
For claim 17, the limitation reciting “verify the first signing value to obtain the first authentication result;…” lacks proper antecedent.  The underlined term has not been positively recited and it is unclear as to what this is referring to.  Appropriate correction is required.
For examination purposes, the limitation will be interpreted as “verify the first signing value to obtain a first authentication result; …”.
For claim 20, the limitation reciting “configured to receive the second authenticating result from the authentication server …” lacks proper antecedent.  The underlined term has not been positively recited and it is unclear as to what this is referring to.  Appropriate correction is required.
For examination purposes, the limitation will be interpreted as “configured to receive a second authenticating result from the authentication server; …”.
----------------------------------
Claims 10-20 contain claim limitations: a first receiving module, a first sending module, a tenth receiving module, a second determining module, an eleventh receiving module, a tenth sending module, a second receiving module, a first determining module, a second sending module, a third sending module, a fourth receiving module, a fifth sending module, a sixth receiving module, a seventh sending module, a ninth receiving module, a ninth sending module, a third receiving module, a fourth sending module, a seventh receiving module, a first verifying module, a first associating module, an eighth sending module, a fifth receiving module, a first obtaining module, a first generating module and a sixth sending module, a twelfth receiving module, an eleventh sending module, a first displaying module, a thirteenth receiving module and a second displaying module, a first generating unit, a first sending unit, a second generating unit and a second sending unit, which invokes 35 U.S.C. 112(f) or pre-AIA  35 U.S.C. 112, sixth paragraph. However, the written description fails to disclose the corresponding structure, material, or acts for performing the entire claimed function and to clearly link the structure, material, or acts to the function. 
There is insufficient disclosure of the corresponding structure, material, or acts for performing the entire claimed function as there is no clear linkage between the structure, material, or acts and the function.  Examiner notes that throughout the applicants' Specification, a search for the term "modules" yields results showing, for example, in paragraphs [0024]-[0029] of US PG Pub 2019/0386993 A1, that the 1) authentication server comprises: a third receiving module, a fourth sending module, a seventh receiving module, a first verifying module, a first associating module and an eighth4 sending module; 2) authentication device comprises: a fifth receiving module, a first obtaining module, a first generating module and a sixth sending module; 3) browser comprises: a twelfth receiving module, an eleventh sending module, the first displaying module, a thirteenth receiving module and a second displaying module; 4) registration plugin comprises: a second receiving module, a first determining module, a second sending module, a third sending module, a fourth receiving module, a fifth sending module, a sixth receiving module, a seventh sending module, a ninth receiving module, and a ninth sending module; 5) the fifth sending unit comprises of first generating unit, second generating unit, first sending unit, and second sending unit; and 6) website comprises: a first receiving module, a first sending module, a tenth receiving module, a second determining module, an eleventh module and a tenth sending module.  However, a search in the Specification for the corresponding hardware for all the modules and units claimed yields no results that clearly links the corresponding structure to the functions claimed.  The specification fails to explicitly disclose that either 1) each module or unit claimed is a software residing in the server or device or 2) the module or unit claimed are particular servers or devices.  The specification must clearly indicate the structure of each “means for” (i.e. module for and unit for) claimed. Therefore, the claim is indefinite and is rejected under 35 U.S.C. 112(b) or pre-AIA  35 U.S.C. 112, second paragraph.
	Applicant may:
	(a)        Amend the claim so that the claim limitation will no longer be interpreted as a limitation under 35 U.S.C. 112(f) or pre-AIA  35 U.S.C. 112, sixth paragraph; 
	(b)        Amend the written description of the specification such that it expressly recites what structure, material, or acts perform the entire claimed function, without introducing any new matter (35 U.S.C. 132(a)); or 
	(c)        Amend the written description of the specification such that it clearly links the structure, material, or acts disclosed therein to the function recited in the claim, without introducing any new matter (35 U.S.C. 132(a)).
If applicant is of the opinion that the written description of the specification already implicitly or inherently discloses the corresponding structure, material, or acts and clearly links them to the function so that one of ordinary skill in the art would recognize what structure, material, or acts perform the claimed function, applicant should clarify the record by either: 
	(a)        Amending the written description of the specification such that it expressly recites the corresponding structure, material, or acts for performing the claimed function and clearly links or associates the structure, material, or acts to the claimed function, without introducing any new matter (35 U.S.C. 132(a)); or 
	(b)        Stating on the record what the corresponding structure, material, or acts, which are implicitly or inherently set forth in the written description of the specification, perform the claimed function. For more information, see 37 CFR 1.75(d) and MPEP §§ 608.01(o) and 2181.

Claim Rejections - 35 USC § 103
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent may not be obtained though the invention is not identically disclosed or described as set forth in section 102 of this title, if the differences between the subject matter sought to be patented and the prior art are such that the subject matter as a whole would have been obvious at the time the invention was made to a person having ordinary skill in the art to which said subject matter pertains.  Patentability shall not be negatived by the manner in which the invention was made.
Claims 1, 11 rejected under 35 U.S.C. 103 as being unpatentable over Lu et al. (WO 2017041621 A1, hereinafter “Lu”) in view of Briceno et al. (US 2014/0289833 A1, hereinafter “Briceno”).  Note: Lu is the published WIPO document of CN105162785 A published on December 16, 2015 and discloses same subject matter.       

Regarding claim 1, Lu teaches:
A method for integrating an authentication device and a website, wherein said method comprises a registering process, the registering process comprises: 
Step tI, receiving, by a registration plugin, user registration information  (par 49, user ID) and a registration result identification (par 49, application ID) corresponding to the user registration information [from the website] (par 48, the application ID and user ID has been inputted by user via URI; Examiner notes that the URI implies the communication of browser with a website); 
Step t2, determining, by the registration plugin, whether any user is registered successfully according to the registration result identification (par 81, client receives the success message to determine the registration is successful), if yes, sending information that the user has been registered to the website and ending the registering process (par 81, client receives the success message to determine the registration is successful); 
otherwise, sending an obtaining device registering request (par 50, sending device authentication request), which comprises a user identification in the user registration information  (par 51, contains application ID and user ID), to an authentication server (par 50-52, the device authentication request is sent to server), then executing Step t3; 
Step t3, receiving, by the registration plugin, a device registering request from the authentication server (par 53, the client receives the registration data); 
Step t4, sending, by the registration plugin, the device registering request to an authentication device via a browser (par 60, client sends registration request information to authentication device), waiting for the authentication device to generate device registration data (par 66, client receives the registration response information from the authentication device); 
Step t5, receiving, by the registration plugin, the device registration data generated by the authentication device via the browser (par 66, client receives the registration response information from the authentication device); 
Step t6, sending, by the registration plugin, a first authentication request including the device registration data to the authentication server (par 69, client sends key registration request to the server);
Step t7, receiving, by the registration plugin, a first authentication result from the authentication server (par 81, the client receives the information returned by the server); and 
Step t8, sending, by the registration plugin, the first authentication result [to the website] (par 81, the client receives the information returned by the server), in which the first authentication result is used for the website to authenticate whether the user has been registered successfully (par 81, client receives the success message to determine the registration is successful).
 Lu teaches a client, a browser (par 49) to perform authentication of a device with an authentication server.  It would be evident, since it is known in the art, that a browser accesses websites and displays it to a device (see Wikipedia for Web Browser).  Moreover, Briceno supports and also suggests:
the register plugin  (fig. 47, ST PLUGIN 4705) receiving user registration information (fig. 47, send enhanced security notification after the result of user’s login or enrollment is not enrolled in enhanced security) from the website (fig. 47, i.e. website),
the register plugin (fig. 47, ST PLUGIN 4705) sends first authentication result (par 497, i.e. information about authentication device attached to the system) to the website (par 498, i.e. information is received by the website)

Accordingly, it would have been obvious to one having ordinary skill in the art before the effective filing date of the invention to have implemented a website-based registration of an authentication device, as taught by Briceno, to Lu’s invention.  The motivation to do so would have been in order for a user to register biometric or authentication devices with servers over a network and to subsequently authenticate with servers using data exchanged during the registration process in order to perform secure online transactions (Briceno: par 8).

Regarding claim 11, all claim limitations are set forth and rejected as discussed in claim 1.  Furthermore, Lu also teaches the additional limitations as follows:
An apparatus for integrating an authentication device and a website, wherein said apparatus comprises a registration plugin; the registration plugin comprises: a second receiving module, a first determining module, a second sending module, a third sending module, a fourth receiving module, a fifth sending module, a sixth receiving module, a seventh sending module, a ninth receiving module and a ninth sending module (par 11, the client is comprised of 8 different modules: first generating module, a first sending module, a first receiving module, a second generating module, a third generating module, and a fourth generating module. A generating module and a first judging module); 

Lu discloses a client as in the claimed invention except Lu does not name its modules the same way and there seem not to be as many modules as the claimed invention.  Yet, it would have been obvious matter of design choice to create as many modules as Lu’s invention since the Applicant has not disclosed that not having same number of modules to implement the functions claimed solves any stated problem or is for any particular purpose and it appears that the invention would perform equally well with the modules as disclosed in Lu.  

Allowable Subject Matter
Claims  2-9, 12-20 objected to as being dependent upon a rejected base claim, but would be allowable if rewritten in independent form including all of the limitations of the base claim and any intervening claims.
Claim 10 would be allowable if rewritten to overcome the rejection(s) under 35 U.S.C. 112, 2nd paragraph, set forth in this Office action.
Pertinent references:
Yang (US 9,654,469 B1) teaches a system, apparatus, method, and machine readable medium are described for performing user authentication. For example, one embodiment of a system comprises: media capture logic implemented as a component within a browser executed on a client, the media capture logic configured to capture a user's voice from a microphone on a client or images of the user's face or other portion of the user's body from a camera on the client, the media capture logic exposing an application programming interface (API); and a web authentication application implemented as another component within the browser for communicating with an authentication server to perform biometric authentication of a user, the web authentication application making calls to the API of the media capture logic to capture raw biometric data comprising the user's voice from the microphone and/or images of the user's face or other portion of the user's body from the camera, the web authentication application to implement a biometric authentication process to authenticate the user with the raw biometric data.

Lindemann (US 2017/0048218 A1) teaches a system, apparatus, method, and machine readable medium are described for enhanced security during registration. For example, one embodiment of a method comprises: receiving a request at a relying party to register an authenticator; sending a code from the user to the relying party through an authenticated out-of-band communication channel; and verifying the identity of the user using the code and responsively registering the authenticator in response to a positive verification.

Conclusion
Any inquiry concerning this communication or earlier communications from the examiner should be directed to LIZBETH TORRES-DIAZ whose telephone number is (571)272-178772-1787.  The examiner can normally be reached on 9:00a-4:30p.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Farid Homayounmehr, can be reached on (571)272-3739.  The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system.  Status information for published applications may be obtained from either Private PAIR or Public PAIR.  Status information for unpublished applications is available through Private PAIR only.  For more information about the PAIR system, see http://pair-direct.uspto.gov. Should you have questions on access to the Private PAIR system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative or access to the automated information system, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.


/LIZBETH TORRES-DIAZ/Examiner, Art Unit 2495                                                                                                                                                                                                        
/13 August 2021/
/ltd/