Detailed Action
This office action has been issued in response to a response filed 8/3/2021 and Examiner’s Interview conducted 10/28/2021.  Claims 1, 8, 10, 11, 16 and 17 were amended. Claim 6 was canceled. Claims 1, 3-5, 7-8 and 10-19 are pending and are examined.

Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .

EXAMINER’S AMENDMENT
An examiner’s amendment to the record appears below.  Should the changes and/or additions be unacceptable to applicant, an amendment may be filed as provided by 37 CFR 1.312. To ensure consideration of such an amendment, it MUST be submitted no later than the payment of the issue fee.
Authorization for this examiner’s amendment was given in a telephone interview with Michael Shaldenbrand, Reg. No. 47923, on 10/28/2021.
Claims 1, 8, 10, 11, 16 and 17 have been amended.  
Claim 6 has been canceled.
This application has been amended as follows:
In the claims:

1. 	(Currently Amended)	A computer-implemented method for single sign-on of a user operating a client device connected to an authentication server using a network connection, the method comprising the steps of:
- receiving, at the client device, a user specific data element, wherein the user specific data element comprises biometric data relating to the user;
- forming, at the client device, a key pair based on the user specific data element, a previously selected data element stored at the client device and an ID of the user, wherein the key pair comprises a public and a private key, [[and]] wherein the previously selected data element comprises a random bitstring individually selected by the user, and wherein the key pair has a preselected lifetime;
- receiving, at the server, a request for authentication;
- transmitting, from the server to the client device, a challenge data element;
- signing, at the client device, the challenge data element using the private key;
- transmitting, from the client device to the server, a signed version of the challenge data element[[,]]; and
- authenticating, at the server, the user by validating the signed version of the challenge data element using a previously stored public key relating to the user,
wherein the forming of the key pair is re-initiated once the preselected lifetime has been preceded.

6.	(Canceled)	

8. 	(Currently Amended)	An authentication system comprising at least a client device and an authentication server connected there-between using a network connection, each of the client device and the authentication server including one or more hardware processors, the authentication system configured for single sign-on of a user operating the client device, the authentication system configured for:
- receiving, at the client device, a user specific data element, wherein the user specific data element comprises biometric data relating to the user;
- forming, at the client device, a key pair based on the user specific data element, a previously selected data element stored at the client device and an ID of the user, wherein the key pair comprises a public and a private key, [[and]] wherein the previously selected data element comprises a random bitstring individually selected by the user, and wherein the key pair has a preselected lifetime;
- receiving, at the server, a request for authentication;
- transmitting, from the server to the client device, a challenge data element;
- signing, at the client device, the challenge data element using the private key;
- transmitting, from the client device to the server, a signed version of the challenge data element[[,]]; and
- authenticating, at the server, the user by validating the signed version of the challenge data element using a previously stored public key relating to the user,
wherein the forming of the key pair is re-initiated once the preselected lifetime has been preceded.

10.	(Currently Amended)	A computer program product comprising a non-transitory computer readable medium having stored thereon computer program means for a user operated client device and an authentication server in network connection there-between, wherein the computer program product comprises:
- code for receiving, at the client device, a user specific data element, wherein the user specific data element comprises biometric data relating to the user;
- code for forming, at the client device, a key pair based on the user specific data element, a previously selected data element stored at the client device and an ID of the user, wherein the key pair comprises a public and a private key, [[and]] wherein the previously selected data element comprises a random bitstring individually selected by the user, and wherein the key pair has a preselected lifetime;
- code for receiving a request for authentication;
- code for transmitting a challenge data element;
- code for signing the challenge data element using the private key;
- code for transmitting a signed version of the challenge data element[[,]]; and
- code for authenticating the user by validating the signed version of the challenge data element using a previously stored public key relating to the user,
wherein the forming of the key pair is re-initiated once the preselected lifetime has been preceded.
11.	(Currently Amended)	A computer-implemented method for single sign-on of a user operating a client device connected to an authentication server using a network connection, the method comprising the steps of:
- forming, at the client device, a key pair based on a user password, a previously selected data element and an ID of the user, wherein the key pair comprises a public and a private key, [[and]] wherein the previously selected data element comprises a random bitstring individually selected by the user, and wherein the key pair has a preselected lifetime;
- receiving, at the server, a request for authentication;
- transmitting, from the server to the client device, a challenge data element;
- signing, at the client device, the challenge data element using the private key;
- transmitting, from the client device to the server, a signed version of the challenge data element[[,]]; and
- authenticating, at the server, the user by validating the signed version of the challenge data element using a previously stored public key relating to the user,wherein the previously selected data element is stored remotely from the client device,
wherein the forming of the key pair is re-initiated once the preselected lifetime has been preceded.
16.	(Currently Amended)	An authentication system comprising at least a client device and an authentication server connected there-between using a network connection, each of the client device and the authentication server including one or more hardware processors, the authentication system configured for single sign-on of a user operating the client device, the authentication system configured for:
- forming, at the client device, a key pair based on a user password, a previously selected data element and an ID of the user, wherein the key pair comprises a public and a private key, [[and]] wherein the previously selected data element comprises a random bitstring individually selected by the user, and wherein the key pair has a preselected lifetime;
- receiving, at the server, a request for authentication;
- transmitting, from the server to the client device, a challenge data element;
- signing, at the client device, the challenge data element using the private key;
- transmitting, from the client device to the server, a signed version of the challenge data element[[,]]; and
- authenticating, at the server, the user by validating the signed version of the challenge data element using a previously stored public key relating to the user, wherein the previously selected data element is stored remotely from the client device,
wherein the forming of the key pair is re-initiated once the preselected lifetime has been preceded.

17.	(Currently Amended)	A computer program product comprising a non-transitory computer readable medium having stored thereon computer program means for a user operated client device and an authentication server in network connection there-between, wherein the computer program product comprises:
- code for forming, at the client device, a key pair based on a user password, a previously selected data element and an ID of the user, wherein the key pair comprises a public and a private key, [[and]] wherein the previously selected data element comprises a random bitstring individually selected by the user, and wherein the key pair has a preselected lifetime;
- code for receiving a request for authentication;
- code for transmitting a challenge data element;
- code for signing the challenge data element using the private key;
- code for transmitting a signed version of the challenge data element[[,]]; and
- code for authenticating the user by validating the signed version of the challenge data element using a previously stored public key relating to the user,wherein the previously selected data element is stored remotely from the client device,
wherein the forming of the key pair is re-initiated once the preselected lifetime has been preceded.

Response to Arguments
Applicant’s arguments, see pages 9-13 in Remarks, filed 8/3/2021, with respect to independent claims 1, 8, 10, 11, 16 and 17, and dependent claims as being rejected under 35 U.S.C. 103(a) as being unpatentable over Sandhu (US 2010/0202609 A1) in view of Caceres (US 2016/0381003 A1) have been fully considered and are found persuasive.  These rejections have been withdrawn.

Allowable Subject Matter
Claims 21-40 are allowed in light of the Applicant’s arguments and in light of the prior art made of record.

Reasons for Allowance
The following is an examiner’s statement for reasons for allowance:
Newly amended independent claims 1, 8, 10, 11, 16 and 17 are allowed for reasons argued by applicant in pages 9-13 of the Remarks, filed 8/3/2021, and for reasons explained below.
As to independent claims 1, 8, 10, 11, 16 and 17, the prior art including Sandhu (US 2010/0202609 A1), Caceres (US 2016/0381003 A1) and Le Saint (US 2004/0218762 A1), alone or in combination, fails to anticipate or render obvious the claimed invention.  
Sandhu (prior art on the record) teaches a processor implemented method for single sign-on of a user operating a user device connected to a sponsor station/merchant server via a network. Sandhu also teaches a method of inputting, into the user device, a user password. Generation of a key pair occurs at the user device based on multiple factors for subsequent generation of a first portion of an asymmetric crypto-key by the user device, the key pair containing a public and private key. Sandhu also teaches that a server logged in with the sponsor station receives a user ID from the user in order to be authenticated and a request to initiate the process of key association with the user. Sandhu also teaches the transmission of a challenge to the user device 
Caceres (prior art on the record) teaches a method of utilizing user biometric data as user identification information and generating a key pair using the identification information of the user and a user selected sequence of fingerprints which is provided at time of enrollment.
Le Saint (prior art on the record) teaches the formation of session key which are useful for the duration of the session for which they were created. Le Saint also teaches the generation of a session key pair from a random number comprising bits.
Additionally, Li (US 2018/0144310 A1), teaches generating a pair of session keys according to a first and second random factor according to an algorithm. The session key pair is used for subsequent data transmission for encryption in response to an authentication request sent to the terminal.
Additionally, Kanon (US 2016/0189461 A1), teaches a method for interfacing between an intelligent vendor kiosk and a mobile user/customer device based on context which is determined, for example, based on user/customer selected personal profile attributes. This interfacing includes the use of key pairs associated with users/customers which have a limited lifetime.
Additionally, Spalka (US 2012/0063594 A1), teaches a method of creating a set of asymmetrical cryptographic key pairs. These key pairs allow access during a session on an information system in order to view information, wherein opening the session is no longer allowed after a predetermined number of uses or after a predetermined time interval has expired.

 None of the prior art of record, either taken by itself or in any combination, would have anticipated or made obvious the invention of the present application at or before the time it was filed.

Conclusion
Therefore, claims 1, 3-5, 7-8 and 10-19 are hereby allowed in view of applicant’s persuasive arguments and in light of amendment to the claims.
Any comments considered necessary by applicant must be submitted no later than the payment of the issue fee and, to avoid processing delays, should be preferably accompany the issue fee.  Such submissions should be clearly labeled "Comments on Statement of Reasons for Allowance".
Any inquiry concerning this communication or earlier communications from the examiner should be directed to BLAKE ISAAC NARRAMORE whose telephone number is (303)297-4357.  The examiner can normally be reached on Monday - Friday 0700-1700 MT.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an 
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Taghi T Arani can be reached on (571) 272-3787.  The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system.  Status information for published applications may be obtained from either Private PAIR or Public PAIR.  Status information for unpublished applications is available through Private PAIR only.  For more information about the PAIR system, see https://ppair-my.uspto.gov/pair/PrivatePair. Should you have questions on access to the Private PAIR system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative or access to the automated information system, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.


/B.I.N./Examiner, Art Unit 2438  

/TAGHI T ARANI/Supervisory Patent Examiner, Art Unit 2438