Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .

DETAILED ACTION
Claims 1-20 are presented for examination.
This is a first action on the merits based on Applicant’s claims submitted 7/22/2019.                     

Information Disclosure Statement
The information disclosure statement (IDS) submitted on 6/23/2020 is in compliance with the provisions of 37 CFR 1.97.  Accordingly, the information disclosure statement is being considered by the examiner.
Applicant is respectfully reminded of the duty to disclose 37 C.F.R. 1.56 all pertinent information and material pertaining to the patentability of applicant’s claimed invention, by continuing to submitting in a timely manner PTO-1449, Information Disclosure Statement (IDS) with the filing of applicant’s application or thereafter.

Claim Rejections - 35 USC § 103
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent may not be obtained though the invention is not identically disclosed or described as set forth in section 102 of this title, if the differences between the subject matter sought to be patented and the prior art are such that the subject matter as a whole would have been obvious at the time the invention was made to a person having ordinary skill in the art to which said subject matter pertains.  Patentability shall not be negatived by the manner in which the invention was made.
Claims 1-2, 9, 14, 18-19 rejected under 35 U.S.C. 103 as being unpatentable over Osborn et al. (US 2012/0023574 A1, hereinafter “Osborn”) in view of Schwartz et al. (US 2208/0005035 A1, hereinafter “Schwartz”).

Regarding claim 1, Osborn teaches:
A method for authenticating to a computer system, the method comprising: 
receiving, at a server (i.e. authentication validation, Fig. 2, item 16, see par 50 refers to authentication server), a request from a user device for authentication (i.e. login from computer device operated by user for authentication, par 46-47), the request specifying a username (Fig. 2, item 14, par 46-47; i.e. enter a login account identifier with username); 
determining, at the server, grid information associated with the username by accessing a repository of grid information (i.e. the image grid includes what has been preselected by the user upon enrollment, see Abstract, par 23-24) for a plurality of usernames (par 44, i.e. users (in plural) preselect grid sequence or authentication sequence; Examiner notes in par 44 is implied that there are plurality of users (in plural) that log in with username to authenticate with predetermined grid sequence, therefore the need for a memory to store such information for users that require such authentication), the grid information specifying a [color] set (i.e. images); 
sending, from the server (fig. 2, from box 16 to box 34, authentication validation [or authentication server], the image grid will be generated upon validation, par 49), the [color] set to the user device (fig. 2, item 34, fig. 5 [i.e. image]; i.e. image grid is displayed), causing the user device to display a grid of a plurality of [colored]  tiles (fig. 5, par 49; i.e. image grid is displayed in tiles); 
receiving, at the server, a sequence of tile selections from the user device (fig. 2, box 38 and 40, par 50; i.e. user select image and sent to authentication/validation server), each tile selection within the sequence of tile selections specifying a user selection of one of the [colored] tiles (par 50, the user selects the image on the grid according to their authentication sequence and then this sequence of image keys is sent to the server for authentication); and 
granting (fig. 2, box 40) or rejecting (fig. 2 box 26) the request for authentication based on the sequence of tile selections and the grid information associated with the username (par 50, successful or failed authentication of sequence of image keys selected by user in computer device as user logged in with username, see fig. 2).  
Osborn teaches the grid information has images on each tile, however Schwartz explicitly suggests:
the grid information specifying a [color] set (par 51-52; the colored grid is generated and each tile filled with one of a plurality of colors)
each colored tile having a color (par 50-51; i.e. color grid, fig. 7) specified by the color set (par 52; i.e. each tile filled with one of a plurality of colors).
 Accordingly, it would have been obvious to one having ordinary skill in the art before the effective filing date of the invention to have implemented a grid with tiles specified by colors, as taught by Schwartz, to Osborn’s invention.  The motivation to do so would have been in order to provide the user with a color grid so then the user can deduce a validation code for a secure authentication transaction over the communication network (Schwartz: Abstract).

Regarding claim 2, the combination of Osborn and Schwartz teach:
The method of claim 1, wherein the grid information includes a grid character set specifying, for each colored tile, a sequence of alphanumeric characters (Osborn: fig. 5, par 54; i.e. each image tile is overlaid with an image key (i.e. character, either alphabetical or numerical – see fig. 5), which displays a sequence of characters on each tile).  

Regarding claim 9, the combination of Osborn and Schwartz teach:
The method of claim 1, comprising, before receiving the request from the user device for authentication, registering the username and the grid information (Osborn: i.e. the image grid includes what has been preselected by the user upon enrollment, see Abstract, par 23-24; Examiner notes that this implies a registering beforehand of the grid image and the corresponding user or username).  

Regarding claim 14, Osborn teaches:
A method for authenticating to a computer system, the method comprising: 
sending, from a user device, a username (Fig. 2, item 14, par 46-47; i.e. enter a login account identifier with username) to a server (i.e. login from computer device operated by user for authentication, par 46-47; i.e. authentication validation, Fig. 2, item 16, see par 50 refers to authentication server); 
receiving, at the user device, a [color] set (i.e. images) from the server (fig. 2, item 34, fig. 5 [i.e. image]; i.e. image grid is displayed) and presenting a grid of a plurality of colored tile (fig. 5, par 49; i.e. image grid is displayed in tiles)s, each colored tile having a color specified by the color set; 
receiving, at the user device, user input (fig. 2, box 38 and 40, par 50; i.e. user select image and sent to authentication/validation server) specifying a sequence of tile selections (i.e. sequence of image keys), each tile selection within the sequence of tile selections specifying a user selection of one of the [colored] tile (par 50, the user selects the image on the grid according to their authentication sequence and then this sequence of image keys is sent to the server for authentication); and  
sending, from the user device, the sequence of tile selections to the serve (par 50, the user selects the image on the grid according to their authentication sequence and then this sequence of image keys is sent to the server for authentication)r; 
receiving, at the user device, an indication of granting (fig. 2, box 40) or rejecting (fig. 2 box 26) a request for authentication (i.e. login from computer device operated by user for authentication, par 46-47) based on the sequence of tile selections (par 50, successful or failed authentication of sequence of image keys selected by user in computer device as user logged in with username, see fig. 2).  
Osborn teaches the grid information has images on each tile, however Schwartz explicitly suggests:
the grid information specifying a [color] set (par 51-52; the colored grid is generated and each tile filled with one of a plurality of colors)
each colored tile having a color (par 50-51; i.e. color grid, fig. 7) specified by the color set (par 52; i.e. each tile filled with one of a plurality of colors).
 Accordingly, it would have been obvious to one having ordinary skill in the art before the effective filing date of the invention to have implemented a grid with tiles specified by colors, as taught by Schwartz, to Osborn’s invention.  The motivation to do so would have been in order to provide the user with a color grid so then the user can deduce a validation code for a secure authentication transaction over the communication network (Schwartz: Abstract).

Regarding claim 18, all the claim limitations are set forth and rejected as it has been discussed in claim 1.  Furthermore, Osborn also teaches the additional limitation as follwos:
A server (par 50, authentication server) for authenticating to a computer system (Fig. 2), the sever comprising: 
one or more processors and memory storing executable instructions for the processors; and an authenticator implemented on the processors and memory (par 50, authentication server)…

Regarding claim 19, all claim limitations are set forth and rejected as it has been discussed in claim 2.  

Claims 3-7, 15-16, 20 rejected under 35 U.S.C. 103 as being unpatentable over Osborn et al. (US 2012/0023574 A1, hereinafter “Osborn”) in view of Schwartz et al. (US 2208/0005035 A1, hereinafter “Schwartz”) in further view of Jansen (US 2004/0230843 A1).

Regarding claim 3, the combination of Osborn and Schwartz teach:
The method of claim 2, wherein granting or rejecting the request for authentication based on the sequence of tile selections and the grid information associated with the username comprises converting the sequence of tile selections into a generated password (fig. 5, image code) by: 
However, Osborn and Schwartz do not teach yet Jensen suggests:
translating each tile selection within the sequence of tile selections into a portion of the generated password using the grid character set (Jansen: par 9: “Each continuous stroke is mapped to a sequence of coordinate pairs by listing the cells through which it passes, in the order in which the stroke traverses the cell boundary”); and 
concatenating the portions of the generated password in order of the sequence of tile selections (Jansen: par 9: “The grid sequences for each stroke that compose a drawing are concatenated together in the order they were drawn to form a password.”, see also par 23). 
Accordingly it would have been obvious to one having ordinary skill in the art before the effective filing date of the invention to have implemented a mechanism to convert the generated password by translating the tile sequence into portions of password and then concatenating the portions to form a newly generated password, as taught by Jensen, to Osborn and Schwartz’s invention.  The motivation to do so would have been to generate a completely different password value each time the user selects the image sequence in order to provide authentication of users of a computer system (Jensen: Abstract).

Regarding claim 4, same rationale for combination of Osborn, Schwartz, and Jensen, which was combined in claim 3, applies here as it encompasses same subject matter.  Therefore, Osborn, Schwartz, and Jensen teach: 
The method of claim 3, wherein the grid information includes a stored password, and wherein granting or rejecting the request for authentication based on the sequence of tile selections and the grid information associated with the username comprises comparing the stored password with the generated password (Jensen: fig. 4 step 40).  

Regarding claim 5, the combination of Osborn and Schwartz teach:
5. The method of claim 2, wherein the sequence of tile selections includes at least six tile selections (Osborn: fig. 5)
	However, the combination of Osborn and Schwartz do not teach yet Jensen suggests:
wherein each sequence of alphanumeric characters of the grid character set is at least three characters long (Jensen: par 25, value matrix assigned to the image, Fig. 4, item 20).
Accordingly, it would have been obvious to one having ordinary skill in the art before the effective filing date of the invention to have implemented a sequence of alphanumeric characters of at least three characters long, as taught by Jensen, to Osborn and Schwartz’s invention.  The motivation to do so would have been to have generate a completely different password value each time the user selects the image sequence in order to provide authentication of users of a computer system (Jensen: Abstract, par 25).

Regarding claim 6, the combination of Osborn and Schwartz do not teach yet Jensen suggests:
The method of claim 1, wherein receiving the request from the user device for authentication comprises sending a first graphical user interface (GUI) form (Jensen: i.e. GUI components) to the user device (Jensen: par 75; i.e. the user interface is implemented as set of components within a user interface plug in module in which each component interacts with the user and is under the control of the authentication handler), the first GUI form (Jensen: i.e. GUI components) including a username input element (Jensen: par 76: “[authentication handlers] they interact with their user interface components to tell them to bring up the specific screens, accept input, display messages, etc. Handlers also have responsibility for interactions with tokens, smart cards, the file system, etc., that are needed to perform the authentication. In the case of this implementation of the present invention, the handler has exclusive access to the mechanism settings, and password information files, which it uses to enroll a user's password and to verify authentication attempts.”; Examiner notes that such exchange of information to provide the correct information in the screen of a user interface implies having knowledge that each screen and input is user specific (i.e. must include an identifier to identify the user) in order to then perform authentication, see also par 63). 
	Accordingly, it would have been obvious to one having ordinary skill in the art before the effective filling date of the invention to have implemented a personalized graphical user interface, as taught by Jensen, to Osborn and Schwartz’s invention.  The motivation to do so would have been in order to bring up the proper and specific screens, accept the user input, and display messages that are needed to perform the user authentication (Jensen: par 76).  

Regarding claim 7, same rationale for combination of Osborn, Schwartz, and Jensen, which was combined in claim 6, applies here as it encompasses same subject matter.  Therefore, Osborn, Schwartz, and Jensen teach:
The method of claim 6, wherein sending the color set to the user device comprises sending a second GUI form (Jensen: i.e. GUI components) to the user device after receiving the request from the user device for authentication, the second GUI form displaying the grid of the plurality of colored tiles (Jensen: pare 76; i.e. GUI components are handled to bring up specific screens and display messages).

Regarding claim 15, all claim limitations are set forth and rejected as it has been discussed in claim 6.  

Regarding claim 16, all claim limitations are set forth and rejected as it has been discussed in claim 7.  

Regarding claim 20, all claim limitations are set forth and rejected as it has been discussed in claim 3.
  
Allowable Subject Matter
Claims 8, 10-13, 17 objected to as being dependent upon a rejected base claim, but would be allowable if rewritten in independent form including all of the limitations of the base claim and any intervening claims.
Reason for allowance:
	The combination of prior art of record would not make obvious if the claim limitations of claim 8, 10-13, and 17 are combined in independent form, as discussed above, in point 20.  Other prior art considered:
Bandi et al. (US 2019/0075120 A1) teaches receiving a request to authenticate a user; sending instructions to present an authentication user interface including a geographic map; receiving geolocations on the geographic map selected by the user; comparing the geolocations to a sequence of geolocations in an authentication credential to determine whether to authenticate the user.
Zia (US 10,169,565 B2) teaches a method of dynamically adapting a secure graphical password sequence provides a secure means to access a restricted account through a dynamic password defined by element selection requirements. A selection grid is dynamically generated with graphical elements, and a password sequence is inputted by selecting certain grid cells containing graphical elements. Various preferences provide full customizability for the dynamic password, and security measures increase the difficulty of an undesirable user ascertaining the element selection requirements. The dynamic password can adapt over time through user input by designating one of the sequential locations of the password sequence as a sequence updating parameter.

Conclusion
The prior art made of record and not relied upon is considered pertinent to applicant's disclosure. See PTO-892 Notice of References Cited.
Any inquiry concerning this communication or earlier communications from the examiner should be directed to LIZBETH TORRES-DIAZ whose telephone number is (571)272-178772-1787.  The examiner can normally be reached on 9:00a-4:30p.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Farid Homayounmehr, can be reached on (571)272-3739.  The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system.  Status information for published applications may be obtained from either Private PAIR or Public PAIR.  Status information for unpublished applications is available through Private PAIR only.  For more information about the PAIR system, see http://pair-direct.uspto.gov. Should you have questions on access to the Private PAIR system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative or access to the automated information system, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.


/LIZBETH TORRES-DIAZ/Examiner, Art Unit 2495                                                                                                                                                                                                        
/10 September 2021/
/ltd/