Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .
Continued Examination Under 37 CFR 1.114
A request for continued examination under 37 CFR 1.114, including the fee set forth in 37 CFR 1.17(e), was filed in this application after final rejection.  Since this application is eligible for continued examination under 37 CFR 1.114, and the fee set forth in 37 CFR 1.17(e) has been timely paid, the finality of the previous Office action has been withdrawn pursuant to 37 CFR 1.114.  Applicant's submission filed on 09/28/2021 has been entered.
DETAILED ACTION
This office action is in response to a Request for Continued Examination (RCE) application received on 09/28/2021. In the RCE, applicant has amended independent claims 1 and 11. Dependent claims 2-10 and 12-20 remain original. 
For this office action, claims 1-20 have been received for consideration and have been examined. 
Response to Arguments
Claim Rejections under 35 U.S.C. § 103
	Applicant’s amendments and remarks have been reviewed by the examiner, however, examiner does not find them persuasive. After review, applicant’s remarks have been summarized as follows:
The Hirano reference fail to teach or suggest the claimed feature of “After validating the request to authenticate the user that requires the one or more non-numeric metrics, generates a first numeric code, different than the one or more non-numeric metrics, based on a subsequent user input into the user device different than the first user input” (See Page # 7-8).
Examiner’s Response
	Regarding applicant’s remark that Hirano fails to teach “After validating the request to authenticate the user that requires the one or more non-numeric metrics, generates a first numeric code, different than the one or more non-numeric metrics, based on a subsequent user input into the user device different than the first user input”, examiner would like to point out that Hirano clearly teaches when user enters his ‘non-numeric’ member-id and password (See Hirano: [0039] for type of login authentication means which consist of non-numeric metrics) and based on successful authentication, user selects a “one-time password creation” button to generate a one-time password which is equivalent to claimed “subsequent user input” after successful user authentication (See Hirano: [0172] The patient member can create a one-time password (disposable authentication means) according to the flow of FIG. 9. First, the patient member enters his member ID and password to log into the medical data management system (S9-1), and has the global menu for patient members displayed (S9-2) [which is the indication that member has been authenticated successfully], and selects a one-time password creation button (S9-3); [0173] There are two methods of creating a one-time password to select from (S9-4). If the one-time password to be created is a common one-time password common to all data protected (S9-5), a list of common one-time passwords currently valid is displayed (S9-6). If additional ones need to be created, the number of additional ones is entered (S9-7, S9-8). Then, the system creates common one-time passwords and sets a period of validity (S9-9) and registers the common one-time passwords in the member basic information file of the patient member (S9-10). Thereafter, the created common one-time passwords are displayed on screen (S9-11)).
	Based on above explanation and citation, it is clear that Hirano teaches the claimed limitation and therefore examiner believe that combination of cited references would render similar results as being claimed in the instant application and hence the rejection has been maintained.

Claim Rejections - 35 USC § 103
In the event the determination of the status of the application as subject to AIA  35 U.S.C. 102 and 103 (or as subject to pre-AIA  35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status.  
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.

Claims 1-7, 9-17 and 19-20 are rejected under 35 U.S.C. 103 as being unpatentable over Hirano et al., (US20050159984A1) in view of Krantz et al., (US20100278322A1).
Regarding claim 1, Hirano discloses:

a microprocessor; and
a computer readable medium, coupled with the microprocessor and comprising microprocessor readable and executable instructions that program the microprocessor to execute:
an authentication system that receives a request to authenticate the user, wherein the request to authenticate the user requires one or more non-numeric metrics (see FIG. 9; step S9-1; i.e. member ID and password) to authenticate the user from a user input into a user device (See [0039] for type of login authentication means which consist of non-numeric metrics such as a magnetic card or an IC card, one created from intrinsic biological information of an individual such as a fingerprint or a retina pattern, and the like; [0172] First, the patient member enters his member ID and password to log into the medical data management system (S9-1));
validates the request to authenticate the user that requires the one or more non-numeric metrics ([0172] First, the patient member enters his member ID and password to log into the medical data management system (S9-1), and has the global menu for patient members displayed);
after validating the request to authenticate the user that requires the one or more non-numeric metrics ([0172] First, the patient member enters his member ID and password to log into the medical data management system (S9-1), and has the global menu for patient members displayed. Examiner’s Note: the ‘display of global menu for members’ is an indication that authentication of patient member is successful and validated), 
See [0039] ), based on a subsequent user input into the user device, different than the first user input ([0172] selects a one-time password creation button (S9-3); [0173] There are two methods of creating a one-time password to select from (S9-4) … If additional ones need to be created, the number of additional ones is entered (S9-7, S9-8). Then, the system creates common one-time passwords and sets a period of validity (S9-9)), and 
sends the first numeric code for display to the user (0173] Thereafter, the created common one-time passwords are displayed on screen (S9-11)).
Hirano fails to disclose:
wherein the first numeric code is used to grant access to a telephone that requires authentication via a numeric keypad. 
However, Krantz discloses:
	wherein the first numeric code is used to grant access to a telephone that requires authentication via a numeric keypad ([0007] When a user enters the numeric user identifier and PIN, a network server dynamically looks up the associated user, determines the phone used by the user, and returns the user identity to the phone. The phone then authenticates the user based on the extension and PIN or uses the user identity to enroll for credentials on behalf of the user; [0039] As further illustrated in FIG. 4, the authentication component 204 authenticates the telephone 104 based on the PIN 404. The authentication component 204 looks up the PIN 404 against the username/password identity credentials associated with the PIN 404. The authentication component 204 uses the PIN 404 to verify that the user using the telephone 104 at the particular extension 402 is in fact the correct user assigned to the extension 402).

	The motivation to have the authenticating system for granting access to a telephone through Personal Identification Number (PIN) is to allow user to grant access to the telephone through telephone keypad (See Krantz: [0039]). 
Regarding claim 2, the combination of Hirano and Krantz discloses:
	The system of claim 1, wherein the authentication system sends the first numeric code to a telephony authentication system of the telephone, wherein the telephony authentication system authenticates the user at the telephone by comparing the first numeric code to a second numeric code input at the telephone (Krantz: [0075] At 1200, a telephone of a user is authenticated to a communications network using a user identifier and PIN. At 1202, a certificate is issued to the telephone based on the user identifier and the PIN. At 1204, the telephone is registered to the network using the certificate). 
Regarding claim 3, the combination of Hirano and Krantz discloses:
	The system of claim 2, wherein the sent first numeric code is sent based on a request from the telephony authentication system (Krantz: [0006] The communications system includes an input component of a telephone, which can be the telephone keypad, for inputting the user extension and PIN. The communications system receives the user identifier and a PIN from the telephone. The telephone is provisioned to a telephony infrastructure based on the extension and PIN
Regarding claim 4, the combination of Hirano and Krantz discloses:
	The system of claim 2, wherein the sent first numeric code is sent based on generating the first numeric code (Hirano: [0172] selects a one-time password creation button (S9-3); [0173] There are two methods of creating a one-time password to select from (S9-4) … If additional ones need to be created, the number of additional ones is entered (S9-7, S9-8). Then, the system creates common one-time passwords and sets a period of validity (S9-9)).
Regarding claim 5, the combination of Hirano and Krantz discloses:
	The system of claim 2, wherein the sent first numeric code is associated with a validity time period (Hirano: [0173] the system creates common one-time passwords and sets a period of validity).
Regarding claim 6, the combination of Hirano and Krantz discloses:
The system of claim 2, wherein telephony authentication system grants access to the telephone if the first numeric code matches the second numeric code (Krantz: [0075] At 1200, a telephone of a user is authenticated to a communications network using a user identifier and PIN. At 1202, a certificate is issued to the telephone based on the user identifier and the PIN. At 1204, the telephone is registered to the network using the certificate).
Regarding claim 7, the combination of Hirano and Krantz discloses:
The system of claim 6, wherein the telephony authentication system grants access to another telephone system based on the access granted to the telephone as part of a single sign-on process (Krantz: [0068] The mobile user presses a logon button and, enters an extension/phone number and PIN. The phone discovers the network, which verifies the extension/phone number and PIN. The network provisions a SIP URI to the phone and provisions a signed certificate that identifies the user (e.g., SN=user@nowhere-domain.com) to the phone. The signed certificate is used for authenticating to network registrar and web services. The user can now use the phone to send and receive calls to and from any users within the enterprise or the local PSTN network using the SIP identity).
Regarding claim 9, the combination of Hirano and Krantz discloses:
	The system of claim 1, wherein the one or more non-numeric metrics comprise at least one of: a user name, a password, a voiceprint, a facial recognition, a fingerprint, a palm print, a digital certificate, a security card, a user signature, and an iris scan (Hirano: [0172] The patient 
member can create a one-time password (disposable authentication means) according to the flow of FIG. 9. First, the patient member enters his member ID and password to log into the medical data management system (S9-1), and has the global menu for patient members displayed (S9-2)).
Regarding claim 10, the combination of Hirano and Krantz discloses:
The system of claim 1, further comprising a telephony authentication system of the telephone, wherein the authentication system sends the first numeric code to the telephony authentication system, wherein the telephony authentication system receives, from the telephone, a second numeric code, authenticates the user by comparing the first numeric code to the second numeric code, and grants access to the telephone based on the first numeric code matching the second numeric code (Krantz: [0007] When a user enters the numeric user identifier and PIN, a network server dynamically looks up the associated user, determines the phone used by the user, and returns the user identity to the phone. The phone then authenticates the user based on the extension and PIN or uses the user identity to enroll for credentials on behalf of the user; [0039] As further illustrated in FIG. 4, the authentication component 204 authenticates the telephone 104 based on the PIN 404. The authentication component 204 looks up the PIN 404 against the username/password identity credentials associated with the PIN 404. The authentication component 204 uses the PIN 404 to verify that the user using the telephone 104 at the particular extension 402 is in fact the correct user assigned to the extension 402).
Regarding claim 11, Hirano discloses:
	A method for authenticating a user, comprising:
receiving, by a microprocessor, a request to authenticate the user, wherein the request to authenticate the user requires one or more non-numeric metrics (see FIG. 9; step S9-1; i.e. member ID and password) to authenticate the user from a first user input into a user device ([0172] First, the patient member enters his member ID and password to log into the medical data management system (S9-1)); 
validating, by the microprocessor, the request to authenticate the user that requires the one or more non-numeric metrics ([0172] First, the patient member enters his member ID and password to log into the medical data management system (S9-1), and has the global menu for patient members displayed); 
after validating the request to authenticate the user that requires the one or more non-numeric metrics ([0172] First, the patient member enters his member ID and password to log into the medical data management system (S9-1), and has the global menu for patient members displayed. Examiner’s Note: It is evident that ‘display of global menu for patient members’ is an indication that authentication of patient member is successful and validated), 
[0172] selects a one-time password creation button (S9-3); [0173] There are two methods of creating a one-time password to select from (S9-4) … If additional ones need to be created, the number of additional ones is entered (S9-7, S9-8). Then, the system creates common one-time passwords and sets a period of validity (S9-9)); and 
sending, by the microprocessor, the first numeric code for display to the user ([0173] Thereafter, the created common one-time passwords are displayed on screen (S9-11)).
Hirano fails to disclose:
wherein the first numeric code is used to grant access to a telephone that requires authentication via a numeric keypad.
However, Krantz discloses:
	wherein the first numeric code is used to grant access to a telephone that requires authentication via a numeric keypad ([0007] When a user enters the numeric user identifier and PIN, a network server dynamically looks up the associated user, determines the phone used by the user, and returns the user identity to the phone. The phone then authenticates the user based on the extension and PIN or uses the user identity to enroll for credentials on behalf of the user; [0039] As further illustrated in FIG. 4, the authentication component 204 authenticates the telephone 104 based on the PIN 404. The authentication component 204 looks up the PIN 404 against the username/password identity credentials associated with the PIN 404. The authentication component 204 uses the PIN 404 to verify that the user using the telephone 104 at the particular extension 402 is in fact the correct user assigned to the extension 402).

	The motivation to have the authenticating system for granting access to a telephone through Personal Identification Number (PIN) is to allow user to grant access to the telephone through telephone keypad (See Krantz: [0039]). 
Regarding claim 12, the combination of Hirano and Krantz discloses:
	The method of claim 11, further comprising, sending, by the microprocessor, the first numeric code to a telephony authentication system of the telephone, wherein the telephony authentication system authenticates the user at the telephone by comparing the first numeric code to a second numeric code input at the telephone (Krantz: [0075] At 1200, a telephone of a user is authenticated to a communications network using a user identifier and PIN. At 1202, a certificate is issued to the telephone based on the user identifier and the PIN. At 1204, the telephone is registered to the network using the certificate).
Regarding claim 13, the combination of Hirano and Krantz discloses:
The method of claim 12, wherein the sent first numeric code is sent based on a request from the telephony authentication system (Krantz: [0006] The communications system includes an input component of a telephone, which can be the telephone keypad, for inputting the user extension and PIN. The communications system receives the user identifier and a PIN from the telephone. The telephone is provisioned to a telephony infrastructure based on the extension and PIN
Regarding claim 14, the combination of Hirano and Krantz discloses:
The method of claim 12, wherein the sent first numeric code is sent based on generating the first numeric code (Hirano: [0172] selects a one-time password creation button (S9-3); [0173] There are two methods of creating a one-time password to select from (S9-4) … If additional ones need to be created, the number of additional ones is entered (S9-7, S9-8). Then, the system creates common one-time passwords and sets a period of validity (S9-9)).
Regarding claim 15, the combination of Hirano and Krantz discloses:
	The method of claim 12, wherein the sent first numeric code is associated with a validity time period (Hirano: [0173] the system creates common one-time passwords and sets a period of validity).
Regarding claim 16, the combination of Hirano and Krantz discloses:
The method of claim 12, wherein telephony authentication system grants access to the telephone if the first numeric code matches the second numeric code (Krantz: [0075] At 1200, a telephone of a user is authenticated to a communications network using a user identifier and PIN. At 1202, a certificate is issued to the telephone based on the user identifier and the PIN. At 1204, the telephone is registered to the network using the certificate).
Regarding claim 17, the combination of Hirano and Krantz discloses:
The method of claim 16, wherein the telephony authentication system grants access to another telephone system based on the access granted to the telephone as part of a single sign-on process (Krantz: [0068] The mobile user presses a logon button and, enters an extension/phone number and PIN. The phone discovers the network, which verifies the extension/phone number and PIN. The network provisions a SIP URI to the phone and provisions a signed certificate that identifies the user (e.g., SN=user@nowhere-domain.com) to the phone. The signed certificate is used for authenticating to network registrar and web services. The user can now use the phone to send and receive calls to and from any users within the enterprise or the local PSTN network using the SIP identity).
Regarding claim 19, the combination of Hirano and Krantz discloses:
The method of claim 11, wherein the one or more non-numeric metrics comprise at least one of: a user name, a password, a voiceprint, a facial recognition, a fingerprint, a palm print, a digital certificate, a security card, a user signature, and an iris scan (Hirano: [0172] The patient 
member can create a one-time password (disposable authentication means) according to the flow of FIG. 9. First, the patient member enters his member ID and password to log into the medical data management system (S9-1), and has the global menu for patient members displayed (S9-2)).
Regarding claim 20, the combination of Hirano and Krantz discloses:
The method of claim 11, further comprising: sending, by the microprocessor, the first numeric code to a telephony authentication system of the telephone, wherein the authentication system sends the first numeric code to the telephony authentication system, wherein the telephony authentication system receives, from the telephone, a second numeric code, authenticates the user by comparing the first numeric code to the second numeric code, and grants access to the telephone based on the first numeric code matching the second numeric code (Krantz: [0007] When a user enters the numeric user identifier and PIN, a network server dynamically looks up the associated user, determines the phone used by the user, and returns the user identity to the phone. The phone then authenticates the user based on the extension and PIN or uses the user identity to enroll for credentials on behalf of the user; [0039] As further illustrated in FIG. 4, the authentication component 204 authenticates the telephone 104 based on the PIN 404. The authentication component 204 looks up the PIN 404 against the username/password identity credentials associated with the PIN 404. The authentication component 204 uses the PIN 404 to verify that the user using the telephone 104 at the particular extension 402 is in fact the correct user assigned to the extension 402).

Claims 8 and 18 are rejected under 35 U.S.C. 103 as being unpatentable over Hirano et al., (US20050159984A1) in view of Krantz et al., (US20100278322A1) and further in view of Petillo., (US20110022844A1).
Regarding claim 8, the combination of Hirano and Krantz fails to disclose:
The system of claim 2, wherein comparing the first numeric code to the second numeric code input at the telephone comprises comparing a hash of the first numeric code to a hash of the second numeric code.
However, Petillo discloses:
	wherein comparing the first numeric code to the second numeric code input at the telephone comprises comparing a hash of the first numeric code to a hash of the second numeric code ([0065] the authentication module 1117 of the packet telephony device 1110 may receive a first code from signaling module 1113. For example, a packet telephony service provider may transmit the first code in a signaling packet, such as a SIP signaling packet. Signaling module 1113 may receive and process the signaling packet and transfer the first code to authentication module 1117. Authentication module 1117 may then translate the first code using at least encryption key 1120. Authentication module 1117 may apply various known hashing or other security algorithms to translate (i.e. encode or decode) the first code using the encryption key).
	 It would have been obvious to one of the ordinary person skilled in the art before the effective filing date of the claimed invention to modify the Hirano and Krantz references and verify the one-time pass codes by their hash values, as disclosed by Krantz.
	The motivation to verify the one-time pass codes by their hash values is to ensure data integrity of one-time pass codes with corresponding hash values.
Regarding claim 18, the combination of Hirano and Krantz fails to disclose:
The method of claim 12, wherein comparing the first numeric code to the second numeric code input at the telephone comprises comparing a hash of the first numeric code to a hash of the second numeric code.
However, Petillo discloses:
	wherein comparing the first numeric code to the second numeric code input at the telephone comprises comparing a hash of the first numeric code to a hash of the second numeric code ([0065] the authentication module 1117 of the packet telephony device 1110 may receive a first code from signaling module 1113. For example, a packet telephony service provider may transmit the first code in a signaling packet, such as a SIP signaling packet. Signaling module 1113 may receive and process the signaling packet and transfer the first code to authentication module 1117. Authentication module 1117 may then translate the first code using at least encryption key 1120. Authentication module 1117 may apply various known hashing or other security algorithms to translate (i.e. encode or decode) the first code using the encryption key).

Conclusion
Any inquiry concerning this communication or earlier communications from the examiner should be directed to SYED M AHSAN whose telephone number is (571)272-5018. The examiner can normally be reached 8:30 AM - 6:00 PM.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Jeffery L. Nickerson can be reached on 469-295-9235. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. Visit https://www.uspto.gov/patents/apply/patent-center for more information about Patent Center and https://www.uspto.gov/patents/docx for information about filing in DOCX format. For additional questions, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.


/S.M.A./Patent Examiner, Art Unit 2432                                                                                                                                                                                                        
/SYED A ZAIDI/Primary Examiner, Art Unit 2432