Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .
This Office action is responsive to communications filed on 08/13/2021. Claims 1-8, 14-17 and 26-33 are pending.

Election/Restrictions
Claims 9-13 and 18-25 are withdrawn from further consideration pursuant to 37 CFR 1.142(b) as being drawn to a nonelected invention, there being no allowable generic or linking claim. Election was made without traverse in the reply filed on 08/13/2021.

Allowable Subject Matter
Claims 6 and 32 are objected to as being dependent upon a rejected base claim, but would be allowable if rewritten in independent form including all of the limitations of the base claim and any intervening claims.
The following is a statement of reasons for the indication of allowable subject matter:  The prior art of record fails to teach generating a hashed file name for a user verification file, the hashed file name comprising the decryption key.

Claim Rejections - 35 USC § 112
The following is a quotation of 35 U.S.C. 112(b):
(b)  CONCLUSION.—The specification shall conclude with one or more claims particularly pointing out and distinctly claiming the subject matter which the inventor or a joint inventor regards as the invention.


The following is a quotation of 35 U.S.C. 112 (pre-AIA ), second paragraph:
The specification shall conclude with one or more claims particularly pointing out and distinctly claiming the subject matter which the applicant regards as his invention.


Claim 16 is rejected under 35 U.S.C. 112(b) or 35 U.S.C. 112 (pre-AIA ), second paragraph, as being indefinite for failing to particularly point out and distinctly claim the subject matter which the inventor or a joint inventor (or for applications subject to pre-AIA  35 U.S.C. 112, the applicant), regards as the invention.
Claim 16 recites the limitation(s) "the formulas" and/or “the set of formulas” in lines 1-2.  There is insufficient antecedent basis for this limitation in the claim.

Claim Rejections - 35 USC § 103
In the event the determination of the status of the application as subject to AIA  35 U.S.C. 102 and 103 (or as subject to pre-AIA  35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status.  
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.


Claims 1, 4, 5, 7, 8, 26-28, 31 and 33 is/are rejected under 35 U.S.C. 103 as being unpatentable over U.S. Pub. No. 2014/0250511 (“Kendall”), and further in view of U.S. Pat. No. 5,821,933 (“Keller”).

Regarding claim 1, Kendall teaches a method of registering a user and client device pair, a server performing the steps of the method comprising: 
a) receiving from the client device a user profile (“the user selects an initial passphrase and this is sent to the app protection server. This passphrase may be combined with a hash value of files that the user (or employer) wants to protect,” ¶ [0153]) and a device profile (“sending the target device's ID to the app protection server (server A) so that it can be used as one of the inputs to the key derivation function,” ¶ [0161]); 
b) building a user ID file (“server A embeds user-specific and device-specific information into a user section of the wrapped app's keystore,” ¶ [0151]), an encryption key, and a decryption key based, at least in part, on the user profile and/or the device profile (“The keystore is encrypted with a passphrase that, as noted above, was generated by combining a passphrase selected by the user at the start of the process and the hash values of files that must be protected from tampering. In one embodiment, the wrapped app first hashes the user-specific files (policies, etc.) and uses those hash values as one of the inputs to the key derivation function,” ¶ [0155]; “sending the target device's ID to the app protection server (server A) so that it can be used as one of the inputs to the key derivation function,” ¶ [0161]); and 

Kendall fails to teach: c) selecting a set of formulas; d) receiving from the client device a user ordered icon selection; and e) assigning uniquely each formula of the set of formulas to each icon of the user ordered icon selection. Keller teaches: c) selecting a set of formulas (“target icons are selected by the selection device 140 to designate which of two or more restricted functions 280 are to be accessed/executed before or after the user enters the sequence 250 of selected code icons 204 that matches the target sequence 480 of the restricted function 280 represented by the target icon,” Col. 4, lines 32-50); d) receiving from the client device a user ordered icon selection (“The user uses a selection device (mouse) 140 to select one or more of the code icons 160 in a sequence 250, e.g. selecting code icon A first, code icon B second, and code icon C third,” Col. 3, line 61 – Col. 4, line 25); and e) assigning uniquely each formula of the set of formulas to each icon of the user ordered icon selection (“target icons are selected by the selection device 140 to designate which of two or more restricted functions 280 are to be accessed/executed before or after the user enters the sequence 250 of selected code icons 204 that matches the target sequence 480 of the restricted function 280 represented by the target icon,” Col. 4, lines 32-50). It would have been obvious to one of ordinary skill in the art before the effective filing date of the invention to incorporate 

Regarding claim 4, Kendall-Keller teaches the invention of claim 1, and further teaches generating a hashed file name for the user ID file (Kendall: “A TOC 1814 contains hash values of keystore files, such as files in user section 1812. Also stored in keystore 1810 is a hash value 1816 which is the hash of TOC 1816,” ¶ [0157]; “certain file names themselves are not encrypted in the keystore of the present invention, while other file names are encrypted,” ¶ [0166]).

Regarding claim 5, Kendall-Keller teaches the invention of claim 4, and further teaches generating a hashed file name comprising a file name associated with the client device (Kendall: “The file names can be encrypted using a key derived from a user's passphrase. As described above, a passphrase is entered into a key generator, a key is generated and used to encrypt the file data and the file names,” ¶ [0166]).

Regarding claim 26, Kendall-Keller teaches the invention of claim 4, and further teaches that generating a hashed file name further comprises generating a hashed file name comprising a file name associated with the user profile (Kendall: “A TOC 1814 contains hash values of keystore files, such as files in user section 1812,” ¶ [0157]; also Fig. 18, USER SECTION 1812 comprising USER DATA and DEVICE DATA).

Regarding claim 27, Kendall-Keller teaches the invention of claim 4, and further teaches that generating a hashed file name further comprises generating a hashed file name comprising a file name associated with the client device and the user profile (Kendall: “A TOC 1814 contains hash values of keystore files, such as files in user section 1812,” ¶ [0157]; also Fig. 18, USER SECTION 1812 comprising USER DATA and DEVICE DATA).

Regarding claim 7, Kendall-Keller teaches the invention of claim 1, and further teaches generating an installation package (Kendall: “At step 1618 the resulting partial or complete keystore on the server is transmitted to the app on the device. At step 1620 the partial or complete keystore is installed in the wrapped app,” ¶ [0147]) comprising the ordered icon selection and the set of formulas (Keller: Figs. 2 and 4, 273).

Regarding claim 8, Kendall-Keller teaches the invention of claim 7, and further teaches sending the installation package to the client device (Kendall: “At step 1618 the resulting partial or complete keystore on the server is transmitted to the app on the device. At step 1620 the partial or complete keystore is installed in the wrapped app,” ¶ [0147]).

Regarding claim 28, Kendall teaches a system for registering a user and client device pair, the system comprising: 
a server (Fig. 18, 1804); 
a verification file stored on the server (Fig. 18, 1810); 

receive from the client device a user profile (“the user selects an initial passphrase and this is sent to the app protection server. This passphrase may be combined with a hash value of files that the user (or employer) wants to protect,” ¶ [0153]) and a device profile (“sending the target device's ID to the app protection server (server A) so that it can be used as one of the inputs to the key derivation function,” ¶ [0161]); 
build a verification file (“server A embeds user-specific and device-specific information into a user section of the wrapped app's keystore,” ¶ [0151]), an encryption key, and a decryption key based, at least in part, on the user profile and/or the device profile (“The keystore is encrypted with a passphrase that, as noted above, was generated by combining a passphrase selected by the user at the start of the process and the hash values of files that must be protected from tampering. In one embodiment, the wrapped app first hashes the user-specific files (policies, etc.) and uses those hash values as one of the inputs to the key derivation function,” ¶ [0155]; “sending the target device's ID to the app protection server (server A) so that it can be used as one of the inputs to the key derivation function,” ¶ [0161]); and 
encrypt the verification file with the encryption key (“The keystore is encrypted with a passphrase that, as noted above, was generated by combining a passphrase selected by the user at the start of the process and the hash values of files that must be protected from tampering. In one embodiment, the 
Kendall fails to teach: selecting a set of formulas; receiving from the client device a user ordered icon selection; and assigning uniquely each formula of the set of formulas to each icon of the user ordered icon selection. Keller teaches: selecting a set of formulas (“target icons are selected by the selection device 140 to designate which of two or more restricted functions 280 are to be accessed/executed before or after the user enters the sequence 250 of selected code icons 204 that matches the target sequence 480 of the restricted function 280 represented by the target icon,” Col. 4, lines 32-50); receiving from the client device a user ordered icon selection (“The user uses a selection device (mouse) 140 to select one or more of the code icons 160 in a sequence 250, e.g. selecting code icon A first, code icon B second, and code icon C third,” Col. 3, line 61 – Col. 4, line 25); and assigning uniquely each formula of the set of formulas to each icon of the user ordered icon selection (“target icons are selected by the selection device 140 to designate which of two or more restricted functions 280 are to be accessed/executed before or after the user enters the sequence 250 of selected code icons 204 that matches the target sequence 480 of the restricted function 280 represented by the target icon,” Col. 4, lines 32-50). It would have been obvious to one of ordinary skill in the art before the effective filing date of the invention to incorporate an icon password, as taught by Keller, into Kendall, in order to allow a user to access restricted functions without a keyboard.

Regarding claim 31, Kendall-Keller teaches the invention of claim 28, and further teaches that the server is further configured to generate a hashed verification file name for the verification file (Kendall: “A TOC 1814 contains hash values of keystore files, such as files in user section 1812. Also stored in keystore 1810 is a hash value 1816 which is the hash of TOC 1816,” ¶ [0157]; “certain file names themselves are not encrypted in the keystore of the present invention, while other file names are encrypted,” ¶ [0166]).

Regarding claim 33, Kendall-Keller teaches the invention of claim 31, and further teaches that the hashed verification file name comprises a file name, the file name associated with the device profile (Kendall: “A TOC 1814 contains hash values of keystore files, such as files in user section 1812,” ¶ [0157]; also Fig. 18, USER SECTION 1812 comprising USER DATA and DEVICE DATA).

Claims 2 and 29 is/are rejected under 35 U.S.C. 103 as being unpatentable over Kendall-Keller as applied to claims 1 and 28 above, and further in view of U.S. Pub. No. 2013/0174240 (“Bidare”).

Regarding claim 2, Kendall-Keller teaches the invention of claim 1, but fails to teach that selecting a set of formulas comprises selecting formulas comprising variables and constants. Bidare teaches selecting formulas comprising variables and constants (“if the user has selected three interlinked images during the phase of registration, a one-time equation containing at least two variables (X and Y) and one constant (M) will 

Regarding claim 29, Kendall-Keller teaches the invention of claim 28, but fails to teach that at least some of the formulas comprise variables and constants. Bidare teaches at least some formulas comprise variables and constants (“if the user has selected three interlinked images during the phase of registration, a one-time equation containing at least two variables (X and Y) and one constant (M) will be provided to the user. Accordingly, three image matrices and three corresponding index-value matrices will be displayed to the user for the purpose of authentication. The three image matrices and index-value matrices enable the user to determine the values of the variables X, Y and the constant M,” ¶ [0128]; “The challenge-generation means 16 generates One-Time Equations which are simple and the value of which can be computed by hand. The one-time equations provided by the challenge-generation means 16 will typically be in the form Ax+By+Cz+M,’ ¶ [0127]). It would have been obvious to one of ordinary skill in .

Claims 3 and 30 is/are rejected under 35 U.S.C. 103 as being unpatentable over Kendall-Keller as applied to claims 1 and 28 above, and further in view of U.S. Pub. No. 2015/0178490 (“Tamboly”).

Regarding claim 3, Kendall-Keller teaches the invention of claim 1, but fails to teach generating a set of icons and forwarding the set of icons to the client device. Tamboly teaches generating a set of icons and forwarding the set of icons to the client device (“Once a user selects a theme, image module 204 may present the user with one or more images associated with the selected theme,” ¶ [0032]; “Image module 204 may create new images and associate them a theme based on the theme,” ¶ [0033]). It would have been obvious to one of ordinary skill in the art before the effective filing date of the invention to incorporate a visual password, as taught by Tamboly, into Kendall-Keller, in order to make a password language, age and literacy neutral.

Regarding claim 30, Kendall-Keller teaches the invention of claim 28, but fails to teach that the server is further configured to generate a set of icons and to forward the set of icons to the client device. Tamboly teaches a server configured to generate a set of icons and to forward the set of icons to the client device (“Once a user selects a theme, image module 204 may present the user with one or more images associated .

Claim 14 is/are rejected under 35 U.S.C. 103 as being unpatentable over U.S. Pub. No. 2015/0047048 (“Charugundla”), and further in view of Tamboly.

Regarding claim 14, Charugundla teaches a method of registering a user and client device pair, a client device performing the steps of the method comprising:
a. generating a user profile (“The inputting of information is mostly implemented with GUI (Graphical User Interface) interfaces that are used to prompt a registering user to input particular profile information,” ¶ [0023]) and a device profile (“The MAC is used as part of the user device information, which includes the IP address of the device and other information that define and identify the specific device used by a user during registration,” ¶ [0023]); and
b. sending to a server the user profile and the device profile (“receiving, by the server, at the communication portal user authentication information, user profile information and user device information during registration,” Claim 2).
Charugundla fails to teach: c. displaying a set of icons; d. receiving a user ordered icon selection based, at least in part, on the set of icons; and e. sending to the server the user ordered icon selection. Tamboly teaches:

d. receiving a user ordered icon selection based, at least in part, on the set of icons (“The user selects one or more images in a certain order to create a visual password,” Abstract); and 
e. sending to the server the user ordered icon selection (“The selected images and order of selection are saved as the user's visual password,” Abstract; “A user's account information may be stored in database 120. Account information may include username, password, visual password, contact information, phone number(s), email addresses, and other information that personally identifies the user as the account holder,” ¶ [0025]).
	It would have been obvious to one of ordinary skill in the art before the effective filing date of the invention to incorporate a visual password, as taught by Tamboly, into Charugundla, in order to make a password language, age and literacy neutral.

Regarding claim 15, Charugundla-Tamboly teaches the invention of claim 14, and further teaches receiving from the server the set of icons (Tamboly: “Once a user selects a theme, image module 204 may present the user with one or more images associated with the selected theme. Each theme may be associated with one or more images that show members of the category represented by the theme,” ¶ [0032]; “Images may be stored in data storage 120. Image module 204 may retrieve images from data storage 120,” ¶ [0033]).

Claim 16 is/are rejected under 35 U.S.C. 103 as being unpatentable over Charugundla-Tamboly as applied to claim 14 above, and further in view of Bidare.

Regarding claim 16, Charugundla-Tamboly teaches the invention of claim 14, but fails to teach that at least some of the formulas of the set of formulas comprise formulas having variables and constants. Bidare teaches at least some of the formulas of the set of formulas comprise formulas having variables and constants (“if the user has selected three interlinked images during the phase of registration, a one-time equation containing at least two variables (X and Y) and one constant (M) will be provided to the user. Accordingly, three image matrices and three corresponding index-value matrices will be displayed to the user for the purpose of authentication. The three image matrices and index-value matrices enable the user to determine the values of the variables X, Y and the constant M,” ¶ [0128]; “The challenge-generation means 16 generates One-Time Equations which are simple and the value of which can be computed by hand. The one-time equations provided by the challenge-generation means 16 will typically be in the form Ax+By+Cz+M,’ ¶ [0127]). It would have been obvious to one of ordinary skill in the art before the effective filing date of the invention to incorporate equations, as taught by Bidare, into Charugundla-Tamboly, in order to prevent spoofing/cloning and man-in-the-middle attacks.

Claim 17 is/are rejected under 35 U.S.C. 103 as being unpatentable over Charugundla-Tamboly-Bidare as applied to claim 16 above, in view of Kendall, and further in view of Keller.

Regarding claim 17, Charugundla-Tamboly-Bidare teaches the invention of claim 16, but fails to teach receiving from the server an installation package comprising a set of formulas and the user ordered icon selection, wherein the set of formulas is associated with the user ordered icon selection. Kendall teaches receiving from the server an installation package comprising a keystore (“At step 1618 the resulting partial or complete keystore on the server is transmitted to the app on the device. At step 1620 the partial or complete keystore is installed in the wrapped app,” ¶ [0147]). It would have been obvious to one of ordinary skill in the art before the effective filing date of the invention to incorporate an installation package, as taught by Kendall, into Charugundla-Tamboly-Bidare, in order to restrict access to an application on a client device.
Charugundla-Tamboly-Bidare-Kendall fails to teach a package comprising a set of formulas and the user ordered icon selection, wherein the set of formulas is associated with the user ordered icon selection. Keller teaches a keystore comprising a set of formulas and the user ordered icon selection, wherein the set of formulas is associated with the user ordered icon selection (Fig. 4, 273 comprising functions 475 associated with icon sequence 480). It would have been obvious to one of ordinary skill in the art before the effective filing date of the invention to incorporate an icon password, as taught by Keller, into Charugundla-Tamboly-Bidare-Kendall, in order to allow a user to access restricted functions without a keyboard.

Conclusion
Any inquiry concerning this communication or earlier communications from the examiner should be directed to JULIAN CHANG whose telephone number is (571)272-8631.  The examiner can normally be reached on Monday-Friday 9AM-5PM.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Emmanuel Moise can be reached on (571)272-3865.  The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system.  Status information for published applications may be obtained from either Private PAIR or Public PAIR.  Status information for unpublished applications is available through Private PAIR only.  For more information about the PAIR system, see https://ppair-my.uspto.gov/pair/PrivatePair. Should you have questions on access to the Private PAIR system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative or access to the automated information system, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.


JULIAN CHANG
Examiner
Art Unit 2455



/Julian Chang/Examiner, Art Unit 2455   

/EMMANUEL L MOISE/Supervisory Patent Examiner, Art Unit 2455