DETAILED ACTION
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .
This office action is in response to communication filed on 08/09/2021.
Status of claims in the instant application:
Claims 1-20 are pending.
Response to Arguments
Applicant’s remarks/arguments filed on 08/09/2021 have been fully considered. Therefore, Applicant is directed to Examiner’s response below.
Applicant’s arguments, see page [10] of applicant’s remarks filed on 08/09/2021, with respect to claims 1-20 that were rejected under nonstatutory double patenting have been fully considered. Applicant has filed a terminal disclaimer on 08/09/2021 and it was approved on 08/11/2021. Therefore, the claim rejections have been withdrawn.
Allowable Subject Matter
Claims 1-20 are allowed.
The following are examiner's statement of reasons for allowance:
(a) The claims of the instant application are allowed based on the prior art search for the allowed parent application 15/593483 filed on 05/12/2017 (now PAT US 10,645,079).
(b) The following prior arts were yielded during the examination of applicant’s claim set filed on 08/09/2021 in response to office action mailed on 08/03/2021. They do not explicitly teach the applicant’s claimed invention, in view of the amended claims, but are in general realm of applicant’s field of endeavor:
Allinson et al., [US PGPUB: 2016/0285633], this is considered the closest prior art of the instant application, that generally teaches a first device may be registered as authorized to authenticate a user login into a service from a second device (e.g., a smart phone may be used to log the user into a webmail service on a computer without the user having to enter a password through the computer). Responsive to the user attempting to access the service through the second device, a login interface may be displayed on the first device. The user may confirm or deny that the user wants to log into the service on the second device, thus allowing the user to seamlessly log into the service on the second device (e.g., without entering a password) while mitigating unauthorized logins into the service from unknown devices. Further, the user may use the first device to delegate the authority to authenticate the user login into the service to one or more other devices.
Allinson does generally teach a system and method (FIG. 6A-6B, Para [0057-0060]) comprising a service login management component, for using a first registered device to authenticate a login of a second device into a service. A user of the second device may be presented with a login field when attempting to access the service and is presented with an interface comprising a prompt to enter a username through the login field. The second device sends an access request for the service to the service login management component. The access request may comprise the device authorization information. The service login management performs a search within an authorization database for the username. The username may be associated, by an entry within the authorization database, with a push token, the first device, and/or an encryption key. A request is generated by the service login management that is encrypted using the 
Kirillin et al., [US PGPUB: 2013/0297513], generally teaches multifactor security authentication algorithm methods in authorizing and using client devices to perform banking transactions. A customer can register and associate a client device with their account. The customer can further create unique login information associated with their account. A customer's login information, client device, and a push confirmation must be verified for accuracy prior to allowing the customer to perform banking operations. Using multi factor authentication process, banking transactions can be performed more reliably and securely.
Kirillin does generally teach system and method to for authenticating a customer using an unauthorized device. Customer can submit user credentials to a bank server using an unauthorized device, where user credentials can include a username, a password, a personal identification number ("PIN"), answers to security questions, etc. Bank server can compare the user credentials submitted to user credentials stored in a data store accessible by bank server. In response to authenticating the user credentials of customer, bank server can send a push request to push notification server. As a part of the push request, bank server can send identification information to push notification server regarding customer. Push notification server can access device tokens 132 related to a plurality of authorized mobile devices and identify a device token associated with authorized mobile device. As a part of device authentication, Customer can confirm to the authorized mobile device that it wishes to confirm their identity. Authorized mobile device can send the device certificate stored in memory of the authorized mobile device along with a device token received from push notification server to bank server. Bank server can then authenticate the authorized mobile device using the device certificate and device token by comparing the device certificate and device token to linked device information accessible in a data store by bank server. Bank server can then use a multifactor authentication process analyzing three distinct factors: user authentication, device authentication, and push confirmation. If bank server authenticates the user, the device, and the push confirmation, customer can be authorized to use internet browser to perform banking operations.
Andrews et al., [US PGPUB: 20170346815], generally teaches a method for user authentication where a first user request may be received to access a particular resource. A first authentication credential from a first client device may be received based on a first authentication challenge being issued to a user of the first client device. A second client device of the user may be notified to prompt the user to provide a second authentication credential to complete at least a second authentication challenge. The access to the particular resource may require at least successfully completing the first authentication challenge on the first client device and the second authentication challenge on the second client device.
Andrews does generally teach a user authentication method and system where user may first request access to the protected resource using the client device. The user may then be prompted to complete primary authentication from the client device. For example, the user may be prompted to provide a username and a password to the access manager. The method may require a second device to perform secondary authentication with, the client device 402 may also transmit any wirelessly paired device IDs. For example, during registration a user may have registered multiple secondary devices. The client device may be inside of the threshold and transmit back to the client device its device ID or other identifier such that the client device may obtain and transmit the device ID of second client device to the access manager. Accordingly, when the access manager receives the device ID attribute of second client device and forwards it to the registration server to search within the device fingerprint and attribute, the device ID may be matched to the device ID registered at registration time. Therefore, the access manager may know which client device (second client device) to send a notification to for secondary authentication.
Mizrah, [US PGPUB: 20080098464], generally teaches method and system for user authentication using more than one communication channel between server-side resources and two logical or physical client-side data processing machines. After a first security tier, a first communication channel is opened to a first data processing machine on the client side. The session proceeds by delivering an authentication challenge, identifying a random subset of an authentication credential, to a second data processing machine on the client side using a second communication channel. Next, the user enters an authentication response in the first data processing machine, based on a random subset of the authentication credential. The authentication response is returned to the server side on the first communication channel for matching. The authentication credential can be a one-session-only credential delivered to the user for one session, or a static credential used many times.
However, none of the prior arts of record, alone or in combination, discloses all the limitations of the independents claims 1, 15 and 20. Therefore, the independent claims are allowable over the prior arts. The dependent claims being definite, further limiting, and fully enabled by the specification are also allowed by virtue of their dependence on the independent claims.
Any comments considered necessary by applicant must be submitted no later than the payment of the issue fee and, to avoid processing delays, should preferably accompany the issue fee.  Such submissions should be clearly labeled “Comments on Statement of Reasons for Allowance.”
Conclusion
Any inquiry concerning this communication or earlier communications from the examiner should be directed to MAHABUB S AHMED whose telephone number is (571)272-0364.  The examiner can normally be reached on 9AM-5PM EST M-F.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Kambiz Zand can be reached on (571)272-3811. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system.  Status information for published applications may be obtained from either Private PAIR or Public PAIR.  Status information for unpublished applications is available through Private PAIR only.  For more information about the PAIR system, see http://pair-direct.uspto.gov. Should you have questions on access to the Private PAIR system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative or access to the automated information system, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.

/MAHABUB S AHMED/Examiner, Art Unit 2434

/NOURA ZOUBAIR/Primary Examiner, Art Unit 2434