DETAILED ACTION
This action is in response to new application filed 9/10/2019 titled “	SECURE ONE-TIME PASSWORD (OTP) AUTHENTICATION”. Claims 1-19 were received for consideration and are pending.
 
Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .

Claim Rejections - 35 USC § 102
The following is a quotation of the appropriate paragraphs of 35 U.S.C. 102 that form the basis for the rejections under this section made in this Office action:
A person shall be entitled to a patent unless –

(a)(1) the claimed invention was patented, described in a printed publication, or in public use, on sale, or otherwise available to the public before the effective filing date of the claimed invention.

(a)(2) the claimed invention was described in a patent issued under section 151, or in an application for patent published or deemed published under section 122(b), in which the patent or application, as the case may be, names another inventor and was effectively filed before the effective filing date of the claimed invention.

Claim(s) 1, 3-5, 9 and 17-19 are rejected under 35 U.S.C. 102(a)(1)/(A)/(2) as being antisapated by HU et al (2017/0085557).
With respect to claim 1 HU teaches a computer implemented method of authenticating a user according to a secure One Time Password (OTP), comprising: 	
using at least one processor of an authentication system for: 
generating a challenge encoding a first public key of a temporary key pair generated for use during a specific authentication process (see HU paragraph 0055 i.e. B, and calculates a digital signature SigB=SIG(CSB, IDa.parallel.NB.parallel.QB) using its own private key CSB, where SIG represents a digital signature algorithm, IDA and IDB represent identification information of the entity A and the entity B respectively, QB represents a temporary public key of the entity B); 
storing a first private key of the temporary key pair (see HU paragraph 0061 i.e. entity B calculates secret information z=f(dB,Qa) using temporary private key dB generated in advance by the entity B); 
outputting the challenge to a code generation device associated with a user (see HU paragraph 0055 i.e. the entity B transmits a second identity authentication message including NA parallel NB parallel CertB parallel QB parallel.SigB to the entity A, where CertB represents a certificate of the entity B)); 
receiving an OTP code derived by the code generation device from an outcome of a key agreement algorithm applied to the first public key extracted from the challenge and a second private key of an authentication key pair uniquely associated with the code generation device (see HU paragraph 0058 i.e. In the operation 6, the entity A calculates secret information z=f(dA, QB) using a temporary private key dA generated in advance by the entity A, and the temporary public key QBA of the entity B based on the ECDH key exchange protocol, where f represents a key calculation function … entity A may convert the calculated secret information z into a string of characters Z, and calculate a key MK=KDF(NA, NB, Z, IDA, IDB), where KDF represents a key derivation algorithm, the entity A may calculate a message authentication code MacTagA=MAC1(MK, IDA, IDB, QA, QB), where MAC1 represents a message A.parallel.NB.parallelA.parallel.SigA.parallel.Mac- TagA to the entity B); 
deriving a reference OTP code from an outcome of the key agreement algorithm applied to the first private key and a second public key of the authentication key pair (see HU paragraph 0061 i.e. the entity B calculates secret information z=f(dB, QA) using a temporary private key dB generated in advance by the entity B, and the temporary public key QA of the entity A based on the ECDH key exchange protocol, and if the secret information is calculated in error, then the entity B may terminate the authentication; otherwise, the entity B may convert the calculated secret information z into a string of characters Z, calculate a key MK=KDF(NA, NB, Z, IDA, IDB), calculate a message authentication code MacTagA=MAC1(MK, IDA, IDB, QA, QB)); and 
authenticating the user according to a match between the OTP code and the reference OTP code (see HU paragraph 0061 i.e. entity B may convert the calculated secret information z into a string of characters Z, calculate a key MK=KDF(NA, NB, Z, IDA, IDB), calculate a message authentication code MacTagA=MAC1(MK, IDA, IDB, QA, QB), and compare it with MacTagA in the received third identity authentication message transmitted by the entity A, and if they are not consistent, then the entity B may terminate the authentication; otherwise, the entity B may determine that the entity A is legal).

With respect to claim 3 HU teaches the computer implemented method of claim 1, wherein the temporary key pair is invalidated after the specific authentication process 

With respect to claim 4 HU teaches the computer implemented method of claim 1, wherein the outcome of the key agreement algorithm applied to the first private key and the second public key equals the outcome of the key agreement algorithm applied to the second private key and the first public key (see HU paragraph 0058 i.e. In the operation 6, the entity A calculates secret information z=f(dA, QB) using a temporary private key dA generated in advance by the entity A, and the temporary public key QBA of the entity B based on the ECDH key exchange protocol, where f represents a key calculation function… entity A may convert the calculated secret information z into a string of characters Z, and calculate a key MK=KDF(NA, NB, Z, IDA, IDB), where KDF represents a key derivation algorithm, the entity A may calculate a message authentication code MacTagA=MAC1(MK, IDA, IDB, QA, QB), where MAC1 represents a message authentication code calculation function, and the entity A may transmit a third identity authentication message including NA.parallel.NB.parallelA.parallel.SigA.parallel.MacTagA to the entity B) and paragraph 0061 i.e. entity B may convert the calculated secret information z into a string of characters Z, calculate a key MK=KDF(NA, NB, Z, IDA, IDB), calculate a message authentication code MacTagA=MAC1(MK, IDA, IDB, QA, QB), and compare it with MacTagA in the received third identity authentication message transmitted by the entity A, and if they are not consistent, then the entity B may terminate the authentication; otherwise, the entity B may determine that the entity A is legal).

With respect to claim 5 HU teaches the computer implemented method of claim 1, wherein the key agreement algorithm is Ellipse Curve Diffie-Hellman (ECDH) algorithm (see HU paragraph 0061 i.e. the entity B calculates secret information z=f(dB, QA) using a temporary private key dB generated in advance by the entity B, and the temporary public key QA of the entity A based on the ECDH key exchange protocol, and if the secret information is calculated in error, then the entity B may terminate the authentication; otherwise, the entity B may convert the calculated secret information z into a string of characters Z, calculate a key MK=KDF(NA, NB, Z, IDA, IDB), calculate a message authentication code MacTagA=MAC1(MK, IDA, IDB, QA, QB)).

With respect to claim 9 HU teaches the method of claim 1, wherein the second public key is locally stored (see HU paragraph 0060 i.e. the entity B checks to see whether the temporary public key QA of the entity A has been stored).

With respect to claim 17 HU teaches an authentication system for authenticating a user according to a secure One Time Password (OTP), comprising: a program store storing a code; and at least one processor coupled to the program store for executing the stored code, the code comprising: 
code instructions to generate a challenge encoding a first public key of a temporary key pair generated for use during a specific authentication process (see HU paragraph 0055 i.e. the entity B generates a random number NB, and calculates a digital signature SigB=SIG(CSB, IDa.parallel.NB.parallel.QB) using its own private key CSB, A and IDB represent identification information of the entity A and the entity B respectively, QB represents a temporary public key of the entity B); 
code instructions to store a first private key of the temporary key pair (see HU paragraph 0061 i.e. entity B calculates secret information z=f(dB,Qa) using temporary private key dB generated in advance by the entity B); 
code instructions to output the challenge to a code generation device associated with a user (see HU paragraph 0055 i.e. the entity B transmits a second identity authentication message including NA parallel NB parallel CertB parallel QB parallel.SigB to the entity A, where CertB represents a certificate of the entity B)); 
code instructions to receive an OTP code derived by the code generation device from an outcome of a key agreement algorithm applied to the first public key extracted from the challenge and a second private key of an authentication key pair uniquely associated with the code generation device (see HU paragraph 0058 i.e. In the operation 6, the entity A calculates secret information z=f(dA, QB) using a temporary private key dA generated in advance by the entity A, and the temporary public key QBA of the entity B based on the ECDH key exchange protocol, where f represents a key calculation function … entity A may convert the calculated secret information z into a string of characters Z, and calculate a key MK=KDF(NA, NB, Z, IDA, IDB), where KDF represents a key derivation algorithm, the entity A may calculate a message authentication code MacTagA=MAC1(MK, IDA, IDB, QA, QB), where MAC1 represents a message authentication code calculation function, and the entity A may transmit a third A.parallel.NB.parallelA.parallel.SigA.parallel.Mac- TagA to the entity B); 
code instructions to derive a reference OTP code from an outcome of the key agreement algorithm applied to the first private key and a second public key of the authentication key pair (see HU paragraph 0061 i.e. the entity B calculates secret information z=f(dB, QA) using a temporary private key dB generated in advance by the entity B, and the temporary public key QA of the entity A based on the ECDH key exchange protocol, and if the secret information is calculated in error, then the entity B may terminate the authentication; otherwise, the entity B may convert the calculated secret information z into a string of characters Z, calculate a key MK=KDF(NA, NB, Z, IDA, IDB), calculate a message authentication code MacTagA=MAC1(MK, IDA, IDB, QA, QB)); and 
code instructions to authenticate the user according to a match between the OTP code and the reference OTP code (see HU paragraph 0061 i.e. entity B may convert the calculated secret information z into a string of characters Z, calculate a key MK=KDF(NA, NB, Z, IDA, IDB), calculate a message authentication code MacTagA=MAC1(MK, IDA, IDB, QA, QB), and compare it with MacTagA in the received third identity authentication message transmitted by the entity A, and if they are not consistent, then the entity B may terminate the authentication; otherwise, the entity B may determine that the entity A is legal).


using at least one processor of a code generation device associated with a user for: 
receiving a challenge encoding a first public key of a temporary key pair generated by an authentication system for use during a specific authentication process (see HU paragraph 0055 i.e. the entity B transmits a second identity authentication message including NA parallel NB parallel CertB parallel QB parallel.SigB to the entity A, where CertB represents a certificate of the entity B)); 
deriving an OTP code from an outcome of a key agreement algorithm applied to the first public key extracted from the challenge and a second private key of an authentication key pair uniquely associated with the code generation device (see HU paragraph 0058 i.e. In the operation 6, the entity A calculates secret information z=f(dA, QB) using a temporary private key dA generated in advance by the entity A, and the temporary public key QBA of the entity B based on the ECDH key exchange protocol, where f represents a key calculation function … entity A may convert the calculated secret information z into a string of characters Z, and calculate a key MK=KDF(NA, NB, Z, IDA, IDB), where KDF represents a key derivation algorithm, the entity A may calculate a message authentication code MacTagA=MAC1(MK, IDA, IDB, QA, QB), where MAC1 represents a message authentication code calculation function, and the entity A may transmit a third identity authentication message including NA.parallel.NB.parallelA.parallel.SigA.parallel.Mac- TagA to the entity B); and 
A.parallel.NB.parallelA.parallel.SigA.parallel.Mac- TagA to the entity B ans paragraph 0061 i.e. entity B may convert the calculated secret information z into a string of characters Z, calculate a key MK=KDF(NA, NB, Z, IDA, IDB), calculate a message authentication code MacTagA=MAC1(MK, IDA, IDB, QA, QB), and compare it with MacTagA in the received third identity authentication message transmitted by the entity A, and if they are not consistent, then the entity B may terminate the authentication; otherwise, the entity B may determine that the entity A is legal).

With respect to claim 19 HU teaches a code generation device for generating a secure One Time Password (OTP) used for authenticating an associated user, comprising: a program store storing a code; and at least one processor coupled to the program store for executing the stored code, the code comprising: 
code instructions to receive a challenge encoding a first public key of a temporary key pair generated by an authentication system for use during a specific authentication process (see HU paragraph 0055 i.e. the entity B transmits a second identity authentication message including NA parallel NB parallel CertB parallel QB parallel.SigB to the entity A, where CertB represents a certificate of the entity B)); 
A, QB) using a temporary private key dA generated in advance by the entity A, and the temporary public key QBA of the entity B based on the ECDH key exchange protocol, where f represents a key calculation function … entity A may convert the calculated secret information z into a string of characters Z, and calculate a key MK=KDF(NA, NB, Z, IDA, IDB), where KDF represents a key derivation algorithm, the entity A may calculate a message authentication code MacTagA=MAC1(MK, IDA, IDB, QA, QB), where MAC1 represents a message authentication code calculation function, and the entity A may transmit a third identity authentication message including NA.parallel.NB.parallelA.parallel.SigA.parallel.Mac- TagA to the entity B); and 
code instructions to output the OTP code to the authentication system which authenticates the user according to a match between the OTP code and a reference OTP code derived from an outcome of the key agreement algorithm applied to a first private key of the temporary key pair and a second public key of the authentication key pair (see HU paragraph 0058 i.e. the entity A may transmit a third identity authentication message including NA.parallel.NB.parallelA.parallel.SigA.parallel.Mac- TagA to the entity B ans paragraph 0061 i.e. entity B may convert the calculated secret information z into a string of characters Z, calculate a key MK=KDF(NA, NB, Z, IDA, IDB), calculate a message authentication code MacTagA=MAC1(MK, IDA, IDB, QA, QB), and compare it with MacTagA in the received third identity authentication message transmitted by the .

Claim Rejections - 35 USC § 103
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.

Claims 2 and 10 are rejected under 35 U.S.C. 103 as being unpatentable over HU et al (US 2017/0085557) in view of Baca et al (US 2014/0250490).
With respect to claim 2, HU teaches the computer implemented method of claim 1, but does not disclose wherein the user is granted access to at least one service in case of a successful authentication process.
	Baca teaches wherein the user is granted access to at least one service in case of a successful authentication process (see Baca paragraph 0026 i.e. When a user wishes to access the private network 104 using client device 102, the user may authenticate himself or herself to the client device 102 and the client device 102 may then attempt to authenticate to private network 104. The session OTP stored in the local session OTP store 124 ("local session OTP") may be provided to the authenticator 108 as part of the authentication process. The client session OTP validation module 150 is configured to receive the local session OTP and to compare the received local session OTP to the session OTP stored in client session OTP store 152 ("client session OTP"). 
It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to modify Hu in view of Baca to have a user authenticate himself or herself to the client device to access the private network and then have client device attempt to authenticate to private network as a way to authenticate both the user and the device accessing the private network (Baca paragraph 0026). Therefore one would have been motivated to have a user authenticate himself or herself to the client device (i.e code generating device) to access the private network and then have client device attempt to authenticate to private network

With respect to claim 10, HU teaches the method of claim 1, but does not teach further comprising the OTP code is generated by the code generation device in response to a successful local authentication sequence conducted between the user and the code generation device, the local authentication sequence is based on at least one of: biometric authentication, verification of a code stored in an attachable storage media attached to the code generation device and verification of a code uniquely associated with the user received from the user operating at least one input interface of the code generation device.
Baca teaches further comprising the OTP code is generated by the code generation device in response to a successful local authentication sequence conducted between the user and the code generation device, the local authentication sequence is 
It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to modify Hu in view of Baca to have a user authenticate himself or herself to the client device to access the private network and then have client device attempt to authenticate to private network as a way to authenticate both the user and the device accessing the private network (Baca paragraph 0026). Therefore one would have been motivated to have a user authenticate himself or herself to the client device (i.e code generating device) to access the private network and then have client device attempt to authenticate to private network

Claims 6 and 8 are rejected under 35 U.S.C. 103 as being unpatentable over HU et al (US 2017/0085557) in view of Claes et al (US 20160191494)
With respect to claim 6 HU teaches the method of claim 1, but does not disclose wherein the challenge is output to the code generation device by projecting a visually encoded version of the challenge via a display which is scanned by the code generation device.
Cleas teaches wherein the challenge is output to the code generation device by projecting a visually encoded version of the challenge via a display which is scanned by 
It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to modify HU in view of Claes to have transmitted date from one device to another using user input interface for receiving inputs from the user, such as for example a challenge or receive input data using another input mechanism (e.g. using a camera to capture an image encoded with data such as for example a 2D-barcode or a QR-code) (See Claes paragraph 0069). Therefore one would have been motivated to have transmitted to the using user input interface for receiving inputs from the user or receive input data using a camera to capture an image encoded with data such as for example a 2D-barcode or a QR-code.

	With respect to claim 8 HU teaches the method of claim 1, but does not disclose wherein the OTP code is received via at least one input interface operated by the user to insert the OTP code generated by the code generation device.

It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to modify HU in view of Claes to have transmitted date from one device to another using user input interface for receiving inputs from the user, such as for example a challenge or receive input data using another input mechanism (e.g. using a camera to capture an image encoded with data such as for example a 2D-barcode or a QR-code) (See Claes paragraph 0069). Therefore one would have been motivated to have transmitted to the using user input interface for receiving inputs from the user or receive input data using a camera to capture an image encoded with data such as for example a 2D-barcode or a QR-code.

7 is rejected under 35 U.S.C. 103 as being unpatentable over HU et al (US 2017/0085557) in view of Bendersky et al (US 2020/0053096).
With respect to claim 7, Hu teaches the method of claim 1, but does not disclose wherein the challenge is output to the code generation device by generating an audible version of the challenge via at least one audio output interface, the audible version is captured by the code generation device.
Bendersky teaches wherein the challenge is output to the code generation device by generating an audible version of the challenge via at least one audio output interface, the audible version is captured by the code generation device (see Bendersky paragraph 0169 i.e. The transmission technique may take several forms. For example, the cryptographic key may be transmitted from the auxiliary device 1603 using the various near-field or short-range techniques discussed above in connection with FIGS. 2 and 3, such as bar code scanning (e.g., QR codes, or two-dimensional codes), infrared signals, Bluetooth communications, audible (e.g., vocal) communication, image recognition, etc)
It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to modify HU in view of Bendersky to have transmitted date from one device to another using the various near-field or short-range techniques discussed above in connection with FIGS. 2 and 3, such as bar code scanning (e.g., QR codes, or two-dimensional codes), infrared signals, Bluetooth communications, audible (e.g., vocal) communication, image recognition, etc (see Bendersky paragraph 0169). Therefore one would have been motivated to have transmitted date audible (e.g., vocal) communication as one of many ways to send data.

	
Claims 11-14 are rejected under 35 U.S.C. 103 as being unpatentable over HU et al (US 2017/0085557) in view of Kausik et al (US 6,263,446).
With respect to claim 11 HU teaches the method of claim 1, but does not disclose further comprising generating the challenge and the reference OTP code in advance for protecting at least one locally stored protected data item associated with the code generation device, the challenge and the reference OTP code are used during a future authentication process conducted to authenticate the user for accessing the at least one locally stored data item.  
Kausik teaches further comprising generating the challenge and the reference OTP code in advance for protecting at least one locally stored protected data item associated with the code generation device, the challenge and the reference OTP code are used during a future authentication process conducted to authenticate the user for accessing the at least one locally stored data item (see Kausik column 4 lines 48 – column 5 line 34 i.e. the wallet might itself be protected by a shared secret. For example, FIG. 2 shows an exemplary embodiment of a wallet in which a private key is protected by a PIN. The PIN (more generally, a shared secret) might be the shared secret transmitted by the user to the Credential Server 160, as discussed previously, and the private key (more generally, the authentication credential) in the wallet might be decrypted by Credential Server 160 and provided in the clear to the user at Browser 140. Alternatively, the entire wallet (including the authentication credential in encrypted form) might be provided to the user, for the user to decrypt locally at Browser 140. With either approach, the process of decrypting the PIN-protected authentication credential 
It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to modify HU in view of Kausik to have used the otp received form the authenticating device to decrypt a private key used to then authenticate the user of the key wallet (see Kausik column 4 lines 64 – column 5 line 24). Therefore one would have been motivated to have used the otp received form the authenticating device to decrypt a private key then is then used to authenticate the user.


With respect to claim 12 HU teaches the method of claim 11, but does not disclose wherein the at least one locally stored protected data item is a third private key associated with the code generation device and used for further authenticating the user. 
Kausik teaches wherein the at least one locally stored protected data item is a third private key associated with the code generation device and used for further authenticating the user (see Kausik column 4 lines 48 – column 5 line 34 i.e. the wallet 
It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to modify HU in view of Kausik to have used the otp received form the authenticating device to decrypt a private key used to then authenticate the user of the key wallet (see Kausik column 4 lines 64 – column 5 line 

With respect to claim 13 HU teaches the method of claim 11, but does not disclose wherein the at least one locally stored protected data item is protected by storing the at least one locally stored protected data item in at least one local protected hardware resource which is accessible using the OTP code.
Kausik teaches wherein the at least one locally stored protected data item is protected by storing the at least one locally stored protected data item in at least one local protected hardware resource which is accessible using the OTP code (see Kausik column 4 lines 48 – column 5 line 34 i.e. the wallet might itself be protected by a shared secret. For example, FIG. 2 shows an exemplary embodiment of a wallet in which a private key is protected by a PIN. The PIN (more generally, a shared secret) might be the shared secret transmitted by the user to the Credential Server 160, as discussed previously, and the private key (more generally, the authentication credential) in the wallet might be decrypted by Credential Server 160 and provided in the clear to the user at Browser 140. Alternatively, the entire wallet (including the authentication credential in encrypted form) might be provided to the user, for the user to decrypt locally at Browser 140. With either approach, the process of decrypting the PIN-protected authentication credential as follows. The user enters a PIN 200 (more generally, an access code) to unlock the wallet, and the PIN is passed through a one-to-one hash function 210. The hash function may also include a salt value or other security-enhancing feature, as will be appreciated by persons skilled in the art. The hashed value 215 of the entered PIN is 
It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to modify HU in view of Kausik to have used the otp received form the authenticating device to decrypt a private key used to then authenticate the user of the key wallet (see Kausik column 4 lines 64 – column 5 line 24). Therefore one would have been motivated to have used the otp received form the authenticating device to decrypt a private key then is then used to authenticate the user.

With respect to claim 14 HU teaches the method of claim 11, but does not disclose wherein the at least one locally stored protected data item is protected by storing an encrypted version of the at least one locally stored protected data item encrypted using the OTP code.
Kausik teaches wherein the at least one locally stored protected data item is protected by storing an encrypted version of the at least one locally stored protected data item encrypted using the OTP code (see Kausik column 4 lines 48 – column 5 line 34 i.e. the wallet might itself be protected by a shared secret. For example, FIG. 2 shows an exemplary embodiment of a wallet in which a private key is protected by a PIN. The PIN (more generally, a shared secret) might be the shared secret transmitted 
It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to modify HU in view of Kausik to have used the otp received form the authenticating device to decrypt a private key used to then authenticate the user of the key wallet (see Kausik column 4 lines 64 – column 5 line 24). Therefore one would have been motivated to have used the otp received form the authenticating device to decrypt a private key then is then used to authenticate the user.

s 15-16 are rejected under 35 U.S.C. 103 as being unpatentable over HU et al (US 2017/0085557) in view of Kausik et al (US 6,263,446) in view of Baca et al (US 2014/0250490).
With respect to claim 15 HU in view Kausik teaches the method of claim 11, but does not disclose wherein the challenge is locally stored for the future authentication process and outputted to the code generation device during the future authentication process initiated in response to a user access request requiring authentication.
Baca teaches wherein the challenge is locally stored for the future authentication process and outputted to the code generation device during the future authentication process initiated in response to a user access request requiring authentication (see Baca figure 2 steps 222-224 and paragraph 0036-0037 i.e. The operations of flowchart 300 may be performed by a client device, e.g., client device 102 and correspond to operation 222 of FIG. 2. In particular, flowchart 300 depicts exemplary operations configured to generate a session OTP to be provided to an authenticator to be used to authenticate client device at a next session. Program flow may begin with an indication that a session is ending 302. Operation 304 includes retrieving (capturing) selected device attributes. The specific device attributes captured may be based on session OTP rules. A new session OTP may be generated based, at least in part, on selected device attributes and session OTP rules at operation 306. Operation 308 includes storing the new session OTP in a local session OTP on the client device and providing the new session OTP to the authenticator. The session may then end at operation 310).
It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to modify HU in view of Baca to generate a new 

With respect to claim 16 HU in view Kausik teaches the method of claim 11, but does not disclose wherein the challenge and the reference OTP code are discarded after the future authentication process is complete and a new challenge and a new reference OTP code are generated for protecting the at least one locally stored protected data item, the new challenge and new reference OTP code are used during a subsequent future authentication process conducted to authenticate the user for accessing the at least one locally stored data item.
Baca teaches wherein the challenge and the reference OTP code are discarded after the future authentication process is complete and a new challenge and a new reference OTP code are generated for protecting the at least one locally stored protected data item, the new challenge and new reference OTP code are used during a subsequent future authentication process conducted to authenticate the user for accessing the at least one locally stored data item (see Baca figure 2 steps 222-224 and paragrapgh 0036-0037 i.e. The operations of flowchart 300 may be performed by a client device, e.g., client device 102 and correspond to operation 222 of FIG. 2. In particular, flowchart 300 depicts exemplary operations configured to generate a session OTP to be provided to an authenticator to be used to authenticate client device at a next 
It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to modify HU in view of Baca to generate a new session OTP at least in part, on selected device attributes and session OTP rules and storing the new session OTP in a local session OTP on the client device that can later be provided to the authenticator for authentication for the next session (See Baca paragraph 0036-0037). Therefore one would have been motivated to have generated a new OTP to provided to the authenticator for authentication for the next session.

Conclusion
Any inquiry concerning this communication or earlier communications from the examiner should be directed to DEVIN E ALMEIDA whose telephone number is (571)270-1018.  The examiner can normally be reached on Monday-Thursday from 7:30 A.M. to 5:00 P.M.  The examiner can also be reached on alternate Fridays from 7:30 A.M. to 4:00 P.M. 
Saleh Najjar, can be reached on 571-272-4006. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system.  Status information for published applications may be obtained from either Private PAIR or Public PAIR.  Status information for unpublished applications is available through Private PAIR only.  For more information about the PAIR system, see http://pair-direct.uspto.gov. Should you have questions on access to the Private PAIR system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free).

/DEVIN E ALMEIDA/Examiner, Art Unit 2492                                                                                                                                                                                                        
/SALEH NAJJAR/Supervisory Patent Examiner, Art Unit 2492