DETAILED ACTION
Notice of Pre-AIA  or AIA  Status
The present application is being examined under the pre-AIA  first to invent provisions. 
This office correspondence is in response to “Amendment and Response under 37 C.F.R. 1.111” filed on August 10, 2021in response to a non-final office action dated May 12, 2021.
Claims 2 – 21 are pending.
Claims 2 – 21 are rejected
Response to Arguments
Applicant’s arguments filed on 8/10/2021 have been fully considered and are persuasive to the rejection of claims 2 – 3, 8 – 16, and 18 – 21 on the ground of non-provisional non-statutory anticipatory-type double patenting and said rejections are withdrawn.  The applicant’s arguments have been fully considered and are persuasive to the rejection of claims 2 – 21 under 35 U.S.C. 103, and said rejections are withdrawn.  However, a new search and consideration was performed resulting in a new grounds of rejections for claims 2 - 21 under 35 U.S.C. 103.  The examiner here now responds to each argument.
In regard to claims 2 – 3, 8 – 16, and 18 – 21, which were rejected on the ground of non-provisional non-statutory anticipatory-type double patenting as being un-patentable over claims 1 - 18 of U.S. Patent 10,581,834, the applicant has filed a Terminal Disclaimer referencing  U.S. Patent 10,581,834, which was accepted by the office on August 10, 2021.  Therein the double patenting rejections are withdrawn.
In regard to claims 2, 4 – 6, 8 – 9, 12, 14 -16, and 18 – 19 the applicant argues that the combination of Moas, Edge, and Zhang fails to disclose or suggest:

based on the travel times indicated in the first and second messages, estimating the geographic proximity of the first and second user devices.” (as recited in claim 2 and substantially replicated in claim 12)
The applicant states:
“ . . . In regards to Zhang, methods and systems for managing a task based on geographical locations appears to be described. As described in the Abstract of Zhang, “A computational device obtains first location information concerning one or more geographical locations where a first client device has been located, and assigns a task to the first client device based on the one or more geographical locations.” However, although the Examiner states, such as at page 13 (bottom) through page 15 of the Office action that Zhang discloses the claimed “based on the travel times indicated in the first and second messages, estimating the geographic proximity of the first and second user devices,” Assignee respectfully disputes the Examiner’s assertion. Rather, Zhang does not disclose the claimed use of “travel times indicated in the first and second messages” to bring about “estimating the geographic proximity of the first and second user devices.

Assignee first points out step 102 of FIG. 1B, wherein Zhang “obtains first location information concerning one or more geographical locations where a first client device has been located.” Assignee also points out step 112A, also of FIG. 1B, wherein Zhang “Regularly receives from the second client device an update of its current geographical location.” Assignee additionally notes paragraph [0024] of Zhang wherein “locations of client devices 20 are determined according to satellite signals of a Global Positioning System (GPS).” Assignee further notes step 206 of FIG. 3, which includes “calculate a distance or relative location between the first client device and the second client device based on the location information of the first client device and the location information of the second client device.”

Accordingly, Assignee respectfully submits that Zhang does not disclose or suggest any need whatsoever for estimating the geographic proximity of the first and second user devices “based on the travel times indicated in the first and second messages,” as claimed in claim 2. This is to say that if client devices 20 are capable of computing their respective GPS locations, then there is no need for any further estimates of the locations of first and second user devices such as, for example, “based on the travel times indicated in the first and second messages.” Assignee thus submits that Zhang does not disclose, suggest, or mention “based on the travel times indicated in the first and second messages, estimating the geographic proximity of the first and second user devices,” as set forth in Assignee’s claim 2 (emphasis added).



A) In response to the applicant’s argument:
The applicant’s argument is persuasive because the prior art Zheng is not teaching a travel time of a message, but rather a time duration used by the user of a client device to complete a task (see Zheng  ¶ [0023]), and as observed by the applicant.  While Zheng uses the time durations discovered to estimate a geographic proximity of the devices, the failure of Zheng to establish a message travel time cause the prior art to be deficient for teaching the limitation under dispute.  As the applicant’s argument is persuasive, the rejections to said claims under 35 USC 103 over the combination of Moas, Edge, and Zhang are withdrawn.  However a new search and consideration discovered newly cited prior art Huibers (U.S. 2011/0191823 A1: herein referred to as Huibers) which is directed to discovering the proximity of devices to each other when the devices are exchanging information with each other.  In combination with previously cited prior art Moas and Edge,  Huibers teaches said limitation by describing two devices sending status report messages containing time and position information to a server that uses said information geographic proximity of the devices (see Huibers Fig.1, Fig.2, Fig. 8, Fig, 10, Fig. 10B, ¶¶ [0027-0028],  ¶ [0038],  ¶¶ [0049-0051] ).  As the result of the new search and consideration, a new grounds of rejection was found and claims 2, 4 – 6, 8 – 9, 12, 14 -16, and 18 – 19 
B)”Wherein the first and second user devices are reciprocal slaves” (as recited in claim 3 and substantially replicated in claim 13)
The applicant states:
“ . . .   Assignee’s claim term “reciprocal slaves” is defined implicitly at paragraph [0038] of the originally filed application. . . as indicated in the non-limiting embodiment described at paragraph [0038] of the Assignee’s originally filed specification, a “reciprocal slave” operates such that characters entered via an ATM machine are conveyed to a smartphone and characters entered via a smartphone are conveyed to the ATM. Thus, at least in particular nonlimiting instances, a reciprocal slave implies a
reciprocal nature to communications between two devices. In contrast, Assignee notes the Examiner’s comments with respect to claim 3 at page 15 (item 29) and at page 21 (item 36), wherein the examiner appears to equate first and second devices operating as “reciprocal slaves” as devices that operate to “complete an assigned task together.” Assignee disputes the Examiner’s characterization of a “reciprocal slave” as encompassing devices that merely operate to “complete assigned tasks together.” Assignee submits that simply because first and second devices may complete an assigned task together, such devices are not necessarily “reciprocal.” For example, a first device may transmit a parameter to a second device, which may perform an operation utilizing the transmitted parameter. In such an example, first and second user devices may “complete an assigned task together” without requiring any reciprocity between the two devices . . . Assignee thus submits that the claim term “reciprocal slave” is clearly defined to include devices that transmit characters to each other. Assignee further submits that it would be unreasonable for the Examiner to broaden the Assignee’s definition of a “reciprocal slave” to include devices that merely operate to “complete an assigned task together’ as described at paragraph [0054] of Zhang.

If the Examiner is implying that it is “inherent” for devices that may “complete an assigned task together,” as described at paragraph [0054] of Zhang, reads on Assignee’s claim term “reciprocal slaves,” then the Assignee respectfully calls the Examiner’s attention to section 2112 of the MPEP titled “Requirements of a Rejection Based on Inherency; Burden of Proof.” As described at IV of this section of the MPEP, the “examiner must provide rationale or evidence to show inherency.” As is further specified at this section of the MPEP, "In relying upon the theory of inherency, the examiner must provide a basis in fact and/or technical reasoning to reasonably support the determination that the allegedly inherent characteristic necessarily flows from the teachings of the applied prior art." Ex parte Levy, 17 USPQ2d 1461, 1464 (Bd. Pat. App. & Inter. 1990) (emphasis in original)”

Accordingly, since the Examiner has not provided any basis in fact and/or technical reasoning to support a determination that a “reciprocal slave,” of Assignee’s claims 3 and 13, necessarily flows from devices that “operate to complete an assigned task 

Thus, in addition to other reasons identified hereinabove, Assignee respectfully requests that the Examiner withdraw the rejection to claims 3 and 13 under 35 U.S.C. § 103.” (Applicant’s remarks 10-12)

B) In response to the applicant’s remarks:
The examiner re-examined the limitation in dispute and in particular the element “reciprocal slave” as to the particular relationship between the first device and second device elements.  In the spirit to provide prior art that is as analogous to the intent of the claimed invention in light of the disclosure of the specification, while maintaining a broadest reasonable interpretation of the elements described in the claim, the examiner finds the applicant’s argument persuasive that Zheng’s teaching of devices completing an assigned task together is not sufficient to provide reciprocity between the devices.  Therein, the rejections to said claims under 35 USC 103 over the combination of Moas, Edge, and Zhang are withdrawn.  However a new search and consideration discovered newly cited prior art Rajanna et al. (U.S. 10,454,897 B1; herein referred to as Rajanna) which is directed to techniques for processing user transactions using a wireless device in communication with an authentication device as part of a log-in process (see Rajanna – absttact).  In combination with previously cited prior art Moas, Edge,  and Huibers,  Rajanna teaches said limitation by disclosing a reciprocal relationship between device 102 and mobile computing device 114 for purposes of sharing credentials so that an authorization / log-in process can be implemented (see Rajanna – Figs. 2A – 2B, Col 4: Lines 40 – 61).  As the result of the new search and consideration, a new grounds of rejection was found and claims 3 and 13 are rejected under 35 U.S.C. 103 over the combination of Moas, Edge, Huibers, and Rajanna.  The applicant is directed to the rejections below.
In regard to claims 7 and 17, the rejections under 35 U.S.C 103 over the combination of Moas, Edge, Zhang, and Ursitti, are withdrawn because of the new grounds of rejection found for parent claims 1 and 12.  As the applicant has not argued the limitations specific to said claims, new grounds of 
In regard to claims 10 and 20, the rejections under 35 U.S.C 103 over the combination of Moas, Edge, Zhang, and Huesch are withdrawn because of the new grounds of rejection found for parent claims 1 and 12.  As the applicant has not argued the limitations specific to said claims, new grounds of rejection has been applied to said claims under 35 U.S.C. 103 over the combination of Moas, Edge, Huibers, and Huesch.  The applicant is directed to the rejections below.
In regard to claims 11 and 21, the rejections under 35 U.S.C 103 over the combination of Moas, Edge, Zhang, and Baentsch are withdrawn because of the new grounds of rejection found for parent claims 1 and 12.  As the applicant has not argued the limitations specific to said claims, new grounds of rejection has been applied to said claims under 35 U.S.C. 103 over the combination of Moas, Edge, Huibers, and Baentsch.  The applicant is directed to the rejections below.
The examiner recommends that the applicant review the specification for disclosure that if integrated into the independent claims would distinguish the amended claims from the cited prior art.  The applicant is invited to contact the examiner for an interview to discuss how to move the prosecution forward.
Terminal Disclaimer
The terminal disclaimer filed on August 10, 2021 disclaiming the terminal portion of any patent granted on this application which would extend beyond the expiration date of U.S. Patent 10,581,834 has been reviewed and is accepted.  The terminal disclaimer has been recorded.
Priority
This application is a continuation of prior-filed application No.15/422137 (now U.S. Patent 10,581,854) filed on February 1, 2017 and is claiming the benefit thereof.  Prior-filed application No.15/422137 was a continuation –in-part claiming the benefit of prior-filed application No. 15/015592 
Prior filed application No.15/422137 was a continuation –in-part claiming the benefit of prior-filed application No. 13/736944 which was filed on 01/09/2013 and claimed benefit of 13669123 (now patent 8589459) which was filed on 11/05/2012, which claimed benefit of 12938245 (now patent 8341236) which was filed on 11/02/2010 and claimed benefit of provisional application 61257190 filed on 11/02/2009.
The instant application incorporates the contents of prior-filed application No.15/422137 which incorporated the contents of prior application Nos. 15/015592 and 13/736944 and added disclosure not presented in the prior applications. Because the instant application and prior-filed application No.15/422137 names the inventor or at least one joint inventor named in the prior applications they constitute a continuation-in-part of the prior applications.  Any claim in a continuation-in-part application which is directed solely to subject matter adequately disclosed under 35 U.S.C. 112 in the parent non-provisional application is entitled to the benefit of the filing date of the parent non-provisional application. However, if a claim in a continuation-in-part application recites a feature which was not disclosed or adequately supported by a proper disclosure under 35 U.S.C. 112  in the parent non-provisional application, but which was first introduced or adequately supported in the continuation-in-part application, such a claim is entitled only to the filing date of the continuation-in-part application.  See (MPEP § 211 et seq.).  For the instant application, independent claims 2 and 12 recite limitation(s) “transmitting to the second user device a one-time password derived at least in part from 1) a secret shared with the web server and 2) details of the transaction” which is disclosed in prior application 15/015592 but not in prior application 13/736944.  The independent claims recite limitations “receiving, from a first slave server, a first message originating from the first user device and passing through the first slave server, the message indicating a travel time of the first message from the first user device to the first slave server; and  receiving, from a second slave server, a second message originating from the second user device and passing through the second slave server, the second message indicating a travel time of the second message from the second user device to the second slave server; and based on the travel times indicated in the first and second messages, estimating the geographic proximity of the first and second user devices” which is disclosed in prior application 13/736944 but not in prior application 15/015592.  As priority is determined based on the claims, and neither of the parent applications of prior filed application 15/422137 fully disclose the recited limitations of the independent claims of the instant application, said claims and associated dependent claims are entitled to the filing date of prior filed application 15/422137, which is a priority date of 02/01/2017.
Information Disclosure Statement
The information disclosure statement(s) (IDS) submitted on 9/28/2021 were filed after the mailing date of the non-final office action on 05/12/2021.  The submission is in compliance with the provisions of 37 CFR 1.97.  Accordingly, the information disclosure statements are being considered by the examiner.
Claim Analysis - 35 USC § 101
35 U.S.C. 101 reads as follows:
Whoever invents or discovers any new and useful process, machine, manufacture, or composition of matter, or any new and useful improvement thereof, may obtain a patent therefor, subject to the conditions and requirements of this title.


Claims 2 – 21 are directed to statutory subject matter.  The claims are directed to non-abstract improvements in computer related technology.  A claim is non-statutory when it is directed to a judicial exception (e.g. either one of mathematical concepts, mental processes, or certain methods of organizing human activity) without significantly more.  The claimed invention is not directed to a judicial exception.  
Claim Rejections - 35 USC § 103
In the event the determination of the status of the application as subject to AIA  35 U.S.C. 102 and 103 (or as subject to pre-AIA  35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status.
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102 of this title, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains.  Patentability shall not be negated by the manner in which the invention was made.

Claims 2, 4 – 6, 8 – 9, 12, 14 -16, and 18 – 19 are rejected under 35 U.S.C. 103 as being unpatentable over Moas et al. (U.S. 2010/0180328 A1; herein referred to as Moas) in view of Edge et al. (U.S. 2012/0202517 A1; herein referred to as Edge) in further view of Huibers (U.S. 2011/0191823 A1; herein referred to as Huibers).
In regard to claim 2, Moas teaches a computerized system, comprising (“. . . An authentication system and method axe provided, the method comprising . . . – abstract): a processor (“ . . . The present invention is particularly suited to implementation as computer software implemented by a server, workstation or laptop computer . . .” ¶ [0036]); and
memory(“ . . . a storage medium for storing processor readable code such as a floppy disk, hard disk, CD ROM, magnetic tape device or solid state memory device . . .” ¶ [0036]), the memory holding instructions that, when executed by the processor (“ . . . Aspects of the present invention encompass computer software implementable on a programmable device . . .” ¶ [0036]), cause the system to perform operations including (“ . . . FIGS. 1 to 4 represent processes of an authentication method. . .” ¶ [0045]):
receiving, from a web server (e.g. via client site 2 – see Fig. 5 authentication server 4), a request for a transaction (see ¶ [0026 ] “ . . . The invention provides an authentication system for granting permission to a user having a user device to perform a transaction, the system comprising . . . ; see  ¶ [0083] “ . . . The client site 2 uses an authentication server 4 in order to authenticate users of the client site 2 before allowing access to the site or before allowing certain transactions to occur, such as purchasing goods or services ” ) initiated at a first user device (see  ¶ [0081], Fig. 5“ . . . Referring now to FIG. 5, a user device 1, in this case a WAP enabled mobile communication device such as a mobile telephone, is connected by a network connection to a client site 2. The client site is typically a web site that requires secure access because, for example its content is supported by subscriptions, or the site is used for payment transactions for the purposes of goods or services. The client site may also belong to a ;  
transmitting, to a second user device ((see ¶ [0017] “ . . . A secret is shared between a mobile and a home device. A remote device determines whether the mobile device can connect to the remote device by concurrently sending a challenge to the mobile and home devices and comparing the results . . .”), a one-time password  (see ¶ [0018] “ . . . A transaction authentication number, or TAN, is used by some online banking services as a form of single use passwords to authorize financial transactions  . . .”) derived at least in part from 1) a secret shared with the web server(e.g. PIN – example of a secret key) (see  ¶ [0046] (“ . . . a one-time password (OTP) is generated by an OTP function on the basis of a PIN, which is an example of a secret key, and a transaction number, which is an example of a transaction specific code. The transaction number identifies the transaction in which the OTP will be used to authenticate the user. The transaction number is typically provided to the user or user device when a request is made by the user to access a particular service or an Internet site . . .” ¶ [0046]), and 2) details of the transaction (e.g. via a transaction number) (see {¶ [0052], ¶ [0053], ¶ [0071]} (“. . . a transaction code or transaction number is generated for each transaction . . .” ¶ [0052];” . . . The PIN and transaction number are the inputs to an OTP function (see FIG. 1). . . . “ ¶ [0053];”. . . the server uses the reverse OTP function, the received OTP and the transaction number and compares PINs, or alternatively the authentication is achieved using the stored PIN and the received OTP in the reverse OTP function and compares the resultant transaction number with the transaction number associated with that transaction . . .” ¶ [0071]).
Moas fails to expclitly teach receiving, from a first slave server, a first message originating from the first user device and passing through the first slave server, the message indicating a travel time of the first message from the first user device to the first slave server; and receiving, from a second slave server, a second message originating from the second user device and passing through the second slave server, the second message indicating a travel time of the second message from the second user device to the second slave server; and based on the travel times indicated in the first and second messages, estimating the geographic proximity of the first and second user devices.  However Edge teaches receiving, from a first slave server (e.g. set of location servers aka computing device(s) in Fig. 1), a first message originating from the first user device (e.g. mobile device 104 in Fig. 1 aka SET) and passing through the first slave server(“ . . . a mobile device may transmit a first message to an authorizing location server such as the H-SLP for the SET indicating a first set of location servers, and in response receive a second message from the authorizing location server indicating a second set of location servers as being authorized for location service related access by the mobile device . . .” ¶ [0041]), the message indicating a travel time of the first message from the first user device to the first slave server(“ . . . such a location may be estimated from a hybrid system in which a position of a mobile device is determined from a combination of at least: i) a time measurement that represents a time of travel of a message between the mobile device and a communication system (e.g. a base station, Femtocell, Home Base Station, Wireless LAN Access Point); and, ii) a time measurement that represents a time of travel of an SPS signal . . . “¶ [0040]).
It would have been obvious to one with ordinary skill in the art before the effective filing date of the applicant’s application to incorporate a method, system and product that enables a mobile device to obtain location information by sending messages to a set of location servers and using a time of travel calculated from the message to estimate the location of the mobile device, as taught by Edge, into a method, system and product which provides an authentication of one or more devices by generating a one-time password consisting of a PIN, which is a secret key, and a transaction number / code which is generated from details of the transaction, as taught by Moas.  Such incorporation provides an improved 
The combination of Moas and Edge fails to explicitly teach and receiving, from a second slave server, a second message originating from the second user device and passing through the second slave server, the second message indicating a travel time of the second message from the second user device to the second slave server; and based on the travel times indicated in the first and second messages, estimating the geographic proximity of the first and second user devices.  However Huibers teaches and receiving, from a second slave server (see Fig. 1 server S 105), a second message (e.g. status report) originating from the second user device and passing through the second slave server (see Fig. 1 ¶ [0027] “ . . . FIG. 1 shows a schematic diagram of communications during a bump. In FIG. 1, server S 105 is in communication with devices D.sub.1 110 and D.sub.2 115. The devices send status reports to the server. The server uses information in the status reports to determine whether or not a valid bump has occurred. For example, the server uses position and time parts of status reports to determine if the devices were at the same place at the same time . . .”), the second message indicating a travel time (time 205) of the second message from the second user device to the second slave server (see Fig. 2, ¶ [0028] “. . . FIG. 2 shows elements of status report 225 which includes a time 205, position 210, request 215, and optional additional information 220. The time of a status report is the time the report is sent from the device to the server as measured by the device's clock. (Any delay between creating a report in a device and sending it from the device is treated as if it were part of the overall transmission delay between device and server.) The position of a status report is the position of the device at the time of the report as estimated by one or more methods. The request of a status report is an indication (e.g. "yes" or "no"; "1" or "0"; etc.) of whether or not the device intends to establish a connection . . .”); and based on the travel times (e.g. from the status reports) indicated in the first and second messages (see Fig. 8, ¶ [0038] “. . . In FIG. 8, server S 805 communicates with devices 810 and , estimating the geographic proximity of the first and second user devices (see Fig. 19, ¶¶ [0073-0075] “. . . FIG. 19 shows a graph with position ("x") and time ("t") axes. The graph illustrates the timing of communications between a server S and devices, D.sub.1, D.sub.2 and D.sub.3. Devices D.sub.1 and D.sub.2 are shown at the same x coordinate because they are collocated; device D.sub.3 is at a different, nearby x coordinate.  In FIG. 19, device D.sub.3 sends status report 1915 to the server before time t.sub.1. The server sends reply 1920 back to device D.sub.3. Devices D.sub.1 and D.sub.2 send status reports 1905 and 1910 with positive requests to server S at time t.sub.1. The server considers that the report from device D.sub.1 was sent sometime in the range t.sub.1'.+-..epsilon..sub.D1 and that the report from device D.sub.2 was sent sometime in the range t.sub.1'.+-..epsilon..sub.D2. Ranges t.sub.1'.+-..epsilon..sub.D1 and t.sub.1'.+-..epsilon..sub.D2 overlap so the server considers that the reports from D.sub.1 and D.sub.2 occurred at the "same time". Said another way, the reports are "coincident". Device D.sub.3 sends status report 1925 to the server at time t.sub.2. The server considers that the report from device D.sub.3 was sent sometime in the range t.sub.2'.+-..epsilon..sub.D3. The server sends reply 1930 back. Status report 1925 contains a negative request. The range t.sub.2'.+-..epsilon..sub.D3 does not overlap with either range t.sub.1'.+-..epsilon..sub.D1 or t.sub.1'.+-..epsilon..sub.D2; time t.sub.2 is therefore later than t.sub.1. Therefore, immediately upon receiving report 1925, the server can send bump valid messages 1935 and 1940 to devices D.sub.1 and D.sub.2.  . . . “).

In regard to claim 4, the combination of Moas, Edge and Huibers teaches wherein the first slave server (e.g. first set of location servers)  and the second slave server (e.g. second set of location servers) are different slave servers (see Edge ¶ [0041] “. . . a mobile device may transmit a first message to an authorizing location server such as the H-SLP for the SET indicating a first set of location servers, and in response receive a second message from the authorizing location server indicating a second set of location servers as being authorized for location service related access by the mobile device . . . “).
The motivation to combine Edge with Moas is described for the motivation of claim 2 and is incorporated herein.  Additionally, Edge provides more path options for determining estimations of locations of devices. 
In regard to claim 5, the combination of Moas, Edge and Huibers teaches wherein estimating the location of the user device comprises estimating an absolute geographic location of the user device (“. . . A "location" or "location estimate" as referred to herein may refer to information associated with the whereabouts of an object or thing (e.g. a SET) according to a point of reference. Here, for example, such a location may be represented as geographic coordinates such as latitude and 
The motivation to combine Edge with Moas is described for the motivation of claim 2 and is incorporated herein.  Additionally, the incorporation of Edge provides an improved authentication model that can use the absolute geographic location as a parameter for determining the authorization of the transaction.
In regard to claim 6, the combination of Moas, Edge and Huibers teaches wherein the computerized system further comprises a master server (e.g. authentication server) (“. . . download the OTP application from a secure location on the communication system controlled by the authentication server . . .”{Moas - ¶ [0047]};” . . . where the OTP application is pre-installed on a user device, the OTP application may need to be registered at the authentication server. Registration can conveniently be performed by using a registration security code provided with the user device when purchased. The security code may be supplied to the authentication server, together with user identification details in order to associate the OTP application (and therefore the OTP function or functions) with the new user. . .”{Moas - ¶ [0048]}, and the operations are performed by a processor at the master server ;” . . . The unique OTP functions may be created in a batch process by a `function generator` module provided by the authentication server . . .”{Moas - ¶ [0057]}.
In regard to claim 8, the combination of Moas, Edge and Huibers teaches wherein estimating the geographic proximity of the first user device (see Huibers Fig. 19, ¶¶ [0073-0075] as described for the rejection of claim 2 and is incorporated herein) includes estimating a relative location of the first user device to the first slave server (“. . . Reference CV This parameter provides a Reference Point Point Id Id and is used to indicate that the requested position estimate may be expressed relative to a reference position (relative position). This parameter may be included when the SET requests a relative location estimate and may otherwise be absent. The SLP may reject the request by sending a SUPL END , and wherein estimating the geographic proximity of the second user device (see Edge ¶ [0033] as described for the rejection of claim 2 and is incorporated herein) includes estimating a relative location of the second user device to the second slave server (see Edge ¶ [0155], Table 1 as described above).
The motivation to combine Edge with Moas is described for the rejection of claim 2 and is incorporated herein.  Additionally, such incorporation provides an improved authentication model that can use a relative location as a parameter for determining the authorization of the transaction.
In regard to claim 9, the combination of Moas, Edge and Huibers teaches wherein estimating the geographic proximity of the first and second user devices (see Huibers Fig. 19, ¶¶ [0073-0075] as described for the rejection of claim 2 and is incorporated herein) includes estimating the geographic proximity of the first and second user devices with respect to each other (see Huibers  - ¶ [0077] “ . . Now that the concepts of "same time" and "same place" have been discussed, let us return to the original concept of validating or invalidating bumps. FIG. 20 is a flow chart showing an overview of the process of bump validation. In FIG. 20, step 2005 is "receive first status report"; step 2010 is "receive second status report"; step 2015 is "determine if devices were in the same place"; step 2020 is "determine if status reports were sent at the same time"; step 2025 is "determine if reports contain positive requests"; step 2030 is "if devices were in the same place at the same time, and intended to establish a connection, then bump valid"; and, step 2035 is "if bump valid, then exchange information. . . . “).
The motivation to combine the references is described for the rejection of claim 2 and is incorporated herein.  Additionally, Huibers provides several proximity estimations between the devices. 
In regard to claim 12, Moas teaches a method, comprising (“. . . An authentication system and method axe provided, the method comprising . . . – abstract):
receiving, from a web server (e.g. via client site 2 – see Fig. 5 authentication server 4), a request for a transaction (see ¶ [0026],  ¶ [0083] as described for the rejection of claim 2 and is incorporated herein) initiated at a first user device(see  ¶ [0081], Fig. 5; as described for the rejection of claim 2 and is incorporated herein)
transmitting, to a second user device ((see ¶ [0017] as described for the rejection of claim 2 and is incorporated herein), a one-time password   (see ¶ [0018] as described for the rejection of claim 2 and is incorporated herein) derived at least in part from 1) a secret shared with the web server (e.g. PIN – example of a secret key) (see ¶ [0046] as described for the rejection of claim 2 and is incorporated herein), and 2) details of the transaction (e.g. via a transaction number) (see {¶ [0052], ¶ [0053], ¶ [0071] as described for the rejection of claim 2 and is incorporated herein).
Moas fails to expclitly teach receiving, from a first slave server, a first message originating from the first user device and passing through the first slave server, the message indicating a travel time of the first message from the first user device to the first slave server; and receiving, from a second slave server, a second message originating from the second user device and passing through the second slave server, the second message indicating a travel time of the second message from the second user device to the second slave server; and based on the travel times indicated in the first and second messages, estimating the geographic proximity of the first and second user devices.    However Edge teaches receiving, from a first slave server (e.g. set of location servers aka computing device(s) in Fig. 1), a first message originating from the first user device (e.g. mobile device 104 in Fig. 1 aka SET) and passing through the first slave server (see ¶ [0041]) as described for the rejection of claim 2 and is incorporated herein), the message indicating a travel time of the first message from the first user device to the first slave server (see ¶ [0040]) as described for the rejection of claim 2 and is incorporated herein)

The combination of Moas and Edge fails to explicitly teach and receiving, from a second slave server, a second message originating from the second user device and passing through the second slave server, the second message indicating a travel time of the second message from the second user device to the second slave server; and based on the travel times indicated in the first and second messages, estimating the geographic proximity of the first and second user devices.    However Huibers teaches and receiving, from a second slave server (see Fig. 1 server S 105), a second message (e.g. status report) originating from the second user device and passing through the second slave server (see Fig. 1 ¶ [0027] as described for the rejection of claim 2 and is incorporated herein), the second message indicating a travel time (time 205) of the second message from the second user device to the second slave server (see Fig. 2, ¶ [0028] as described for the rejection of claim 2 and is incorporated herein); and based on the travel times (e.g. from the status reports) indicated in the first and second messages (see Fig. 8, ¶ [0038] as described for the rejection of claim 2 and is incorporated herein), estimating the geographic proximity of the first and second user devices (see Fig. 19, ¶¶ [0073-0075] as described for the rejection of claim 2 and is incorporated herein).
The motivation to combine Huibers with the combination of Moas and Edge is described for the rejection of claim 2 and is incorporated herein.
In regard to claim 14, the combination of Moas, Edge and Huibers teaches wherein the first slave server (e.g. first set of location servers) and the second slave server (e.g. second set of location servers) are different slave servers (see Edge ¶ [0041] as described for the rejection of claim 4 and is incorporated herein).
The motivation to combine Edge with Moas is described for the rejection of claim4 and is incorporated herein.
In regard to claim 15, the combination of Moas, Edge and Huibers teaches wherein estimating the location of the user device comprises estimating an absolute geographic location of the user device (Edge - ¶ [0040]) as described for the rejection of claim 5 and is incorporated herein).
The motivation to combine Edge with Moas is described for the rejection of claim 5 and is incorporated herein.
In regard to claim 16, the combination of Moas, Edge and Huibers teaches wherein the computerized system further comprises a master server (e.g. authentication server) (see Moas - ¶ ¶ [0047-0048] as described for the rejection of claim 6 and is incorporated herein), and the operations are performed by a processor at the master server (see ¶ [0057] as described for the rejection of claim 6 and is incorporated herein).
In regard to claim 18, the combination of Moas, Edge and Huibers  teaches wherein estimating the geographic proximity of the first user device (see Huibers Fig. 19, ¶¶ [0073-0075] as described for the rejection of claim 2 and is incorporated herein) includes estimating a relative location of the first user device to the first slave server (see Edge ¶ [0155], Table 1 as described for the rejection of claim 8 and is incorporated herein)), and wherein estimating the geographic proximity of the second user device (see Huibers Fig. 19, ¶¶ [0073-0075] as described for the rejection of claim 2 and is incorporated herein) includes estimating a relative location of the second user device to the second slave server(see Edge ¶ [0155], Table 1 as described for the rejection of claim 8 and is incorporated herein).
The motivation to combine the references is described for the rejection of claim 8 and is incorporated herein.
In regard to claim 19, the combination of Moas, Edge and Zhang teaches wherein estimating the geographic proximity of the first and second user devices (see Huibers Fig. 19, ¶¶ [0073-0075] as described for the rejection of claim 2 and is incorporated herein) includes estimating the geographic proximity of the first and second user devices with respect to each other (see Huibers  - ¶ [0077] as described for the rejection of claim 9 and is incorporated herein).
The motivation to combine the references is described for the rejection of claim 9 and is incorporated herein.
Claims 3 and 13 are rejected under 35 U.S.C. 103 as being unpatentable over Moas et al. (U.S. 2010/0180328 A1; herein referred to as Moas) in view of Edge et al. (U.S. 2012/0202517 A1; herein referred to as Edge) in further view of Huibers (U.S. 2011/0191823 A1; herein referred to as Huibers) as applied to claims 2, 4 – 6, 8 – 9, 12, 14 -16, and 18 – 19 in further view of Rajanna et al. (U.S. 10,454,897 B1; herein referred to as Rajanna).
In regard to claim 3, the combination of Moas, Edge and Huibers fails to explicitly teach wherein the first and second user devices are reciprocal slaves.  However Rajanna teaches wherein the first and second user devices are reciprocal slaves (see Figs. 2A – 2B, Col 4: Lines 40 – 61” . . . FIGS. 2A and 2B illustrate an example of a process directed by the mobile computing device 114 for sharing credentials with the device 102. Referring to FIG. 2A, either the mobile computing device 114 or the device 102 establishes a connection/pairs with the reciprocal device (illustrated as 202). This connection may be part of a typical set-up process. For example, a user of the mobile computing device 114 may access an application on the mobile computing device 114 using a service set identifier (SSID), and the application may use credentials to connect to the device 102. The credentials may include information about the mobile computing device 114, information about the device 102, or a combination thereof. Once the mobile computing device 114 and the device 102 are connected, the mobile computing device 114 directs the device to connect to a network (illustrated as 204). For example, the mobile computing device may gain access to a network and, subsequently, the mobile computing device may indicate to the device 102 a wireless network identifier associated with a service set identifier (SSID) of the network that the mobile computing device is authorized to access. . . “).

In regard to claim 13, the combination of Moas, Edge, and Huibers fails to expclitly teach wherein the first and second user devices are reciprocal slaves.  However Rajanna teaches wherein the first and second user devices are reciprocal slaves (see Figs. 2A – 2B, Col 4: Lines 40 – 61 as described for the rejection of claim 3 and is incorporated herein).
The motivation to combine Rajanna with the combination of Moas, Edge, and Huibers is described for the rejection of claim 3 and is incorporated herein.
Claims 7 and 17 are rejected under 35 U.S.C. 103 as being unpatentable over Moas et al. (U.S. 2010/0180328 A1; herein referred to as Moas) in view of Edge et al. (U.S. 2012/0202517 A1; herein referred to as Edge) in further view of in further view of Huibers (U.S. 2011/0191823 A1; herein referred to as Huibers) as applied to claims 2, 4 – 6, 8 – 9, 12, 14 -16, and 18 – 19 in further view of Ursitti et al. (U.S. 2017/0311367 A1; herein referred to as Ursitti)
In regard to claim 7, the combination of Moas, Edge, and Huibers teaches wherein estimating the geographic proximity of the first and second user devices (see Huibers Fig. 19, ¶¶ [0073-0075] as described for the rejection of claim 2 and is incorporated herein).
is further based on a travel time of a third message transmitted between the user device to the master server.  However Ursitti teaches is further based on a travel time (e.g. time of arrival) of a third message (e.g. proximity detail data message) transmitted between the user device to the master server (see ¶ [0010] “. . . transmitting a location of a fixed meeting location, by a sender, from the first mobile device to the server, transmitting a connection request, by the sender, from the first user mobile device to the server, and transmitting the connection request from the server to the second user mobile device. When the connection request is accepted by a recipient, a device connection is established and the second user mobile device transmits to the server second user mobile device location data. The method also includes transmitting from the first user mobile device first user mobile device location data and the server determines at least a first initial distance. The method also includes transmitting proximity detail data from the server to the first and second user mobile devices. The proximity detail data includes at least one of estimated time of arrival, distance until user connection, distance between the first user mobile device and the fixed meeting location, distance between the second user mobile device and the fixed meeting location or the sum of the distance between the first user mobile device and the fixed meeting location and the distance between the second user mobile device and the fixed meeting location. The method also includes transmitting updated proximity detail data from the server to the first and second user mobile devices at predetermined intervals . . .”)
It would have been obvious to one with ordinary skill in the art before the effective filing date of the applicant’s application to incorporate a method, system and product for location sharing between devices in communication with a server reporting TOA measurements to the devices, as taught by Ursitti,  into a method, system and product which provides an authentication of one or more devices by generating a one-time password consisting of a PIN, which is a secret key, and a transaction number / code which is generated from details of the transaction, and also obtaining location information for the 
In regard to claim 17, the combination of Moas, Edge, and Huibers teaches wherein estimating the geographic proximity of the first and second user devices (see Huibers Fig. 19, ¶¶ [0073-0075] as described for the rejection of claim 2 and is incorporated herein).
The combination of Moas, Edge, and Huibers fails to explicitly teach is further based on a travel time of a third message transmitted between the user device to the master server.  However Ursitti teaches is further based on a travel time (e.g. time of arrival) of a third message (e.g. proximity detail data message) transmitted between the user device to the master server (see ¶ [0010] as described for the rejection of claim 7 and is incorporated herein).
The motivation to combine Ursitti with the combination of Moas, Edge and Huibers is described for the rejection of claim 7 and is incorporated herein.
Claims 10 and 20 are rejected under 35 U.S.C. 103 as being unpatentable over Moas et al. (U.S. 2010/0180328 A1; herein referred to as Moas) in view of Edge et al. (U.S. 2012/0202517 A1; herein referred to as Edge) in further view of in further view of Huibers (U.S. 2011/0191823 A1; herein referred to as Huibers) as applied to claims 2, 4 – 6, 8 – 9, 12, 14 -16, and 18 – 19 in further view of Huesch et al. (U.S. 2015/0254672 A1; herein referred to as Huesch).
In regard to claim 10, the combination of Moas, Edge and Huibers fails to explicitly teach wherein the content of the first message is derived from the one-time password.  However Huesch teaches wherein the content (e.g. online banking credentials) of the first message (e.g. transmit the online banking credentials)  is derived from the one-time password  (“. . . the user may enter their online banking credentials into the online banking login webpage and the user system U1 may transmit 
It would have been obvious to one with ordinary skill in the art before the effective filing date of the applicant’s application to incorporate a method, system and product for processing authorization requests, particularly to processing payment authorization requests for payment transactions to be conducted via a data communications network, as taught by Huesch, into a method, system and product which provides an authentication of one or more devices by generating a one-time password consisting of a PIN, which is a secret key, and a transaction number / code which is generated from details of the transaction, and also obtaining location information for the devices by sending messages to a set of location servers and using a time of travel calculated from the message to estimate the location, and therein sharing location information of client devices and managing communications by the two clients according to the location information as taught by the combination of Moas, Edge, and Huibers.  Such incorporation provides more information of the transaction to create the on-time password.
In regard to claim 20, the combination of Moas, Edge, and Huibers fails to explicitly teach wherein the content of the first message is derived from the one-time password.  However Huesch teaches wherein the content (e.g. online banking credentials) of the first message (e.g. transmit the online banking credentials) is derived from the one-time password (see Huesch -” ¶ [0144] as described for the rejection of claim 10 and is incorporated herein).
The motivation to combine Huesch with the combination of Moas, Edge, and Huibers is described for the rejection of claim 10 and is incorporated herein.
Claims 11 - 21 are rejected under 35 U.S.C. 103 as being unpatentable over Moas et al. (U.S. 2010/0180328 A1; herein referred to as Moas) in view of Edge et al. (U.S. 2012/0202517 A1; herein referred to as Edge) in further view of in further view of Huibers (U.S. 2011/0191823 A1; herein referred to as Huibers) as applied to claims 2, 4 – 6, 8 – 9, 12, 14 -16, and 18 – 19 in further view of Baentsch et al. (U.S. 2009/0265776 A1; herein referred to as Baentsch).
In regard to claim 11, the combination of Moas, Edge, and Huibers teaches wherein the one-time password is derived in part from one or more details of the transaction (The disclosure can be found in {Moas - ¶ [0052], ¶ [0053], ¶ [0071]} and is described for the rejection of claim 2 (upon which this claim depends) and is incorporated herein).
The combination of Moas, Edge, and Huibers fails to explicitly teach details including a type of the transaction and an amount of the transaction.   However, Baentsch teaches details including a type of the transaction and an amount of the transaction (“. . . Various other information can be included in authentication messages X for use in such trust level calculations. For instance, the IP address of the user computer that the server claims to be in contact with, and/or details of a transaction type, amount, recipient, etc., can be included in message X. The security logic 12 can be configured to assess such information by comparing with information pre-stored in memory 10 and/or applying an algorithm accounting for multiple indicators, including authentication frequency, time of day, etc., to generate a resultant trust level t for communication to the server in the authentication response. . . “¶ [0045]).
It would have been obvious to one with ordinary skill in the art before the effective filing date of the applicant’s application to incorporate a method, system and product for authenticating communication between a user computer and server via the use of authentication messages to establish a trust level adequate to complete a transaction, as taught by Baentsch, into a method, system and product which provides an authentication of one or more devices by generating a one-time password consisting of a PIN, which is a secret key, and a transaction number / code which is generated from 
In regard to claim 21, the combination of Moas, Edge, and Huibers teaches wherein the one-time password is derived in part from one or more details of the transaction (The disclosure can be found in {Moas - ¶ [0052], ¶ [0053], ¶ [0071]} and is described for the rejection of claim 2 (upon which this claim depends) and is incorporated herein).
The combination of Moas, Edge, and Huibers fails to explicitly teach details including a type of the transaction and an amount of the transaction.  However, Huibers teaches details including a type of the transaction and an amount of the transaction (see ¶ [0045] as described for the rejection of claim 11 and is incorporated herein).
The motivation to combine Baentsch with the combination of Moas, Edge, and Huibers is described for the rejection of claim 11 and is incorporated herein.
Conclusion
There are prior art of record which are not relied upon but are considered pertinent to applicant’s disclosure.  These references are attached and cited in the accompanying PTO-892 form.
Any inquiry concerning this communication or earlier communications from the examiner should be directed to JAMES N FIORILLO whose telephone number is (571)272-9909.  The examiner can normally be reached on 7:30 - 5 PM Mon - Fri..
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, John A. Follansbee can be reached on 571-272-3964.  The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system.  Status information for published applications may be obtained from either Private PAIR or Public PAIR.  Status information for unpublished applications is available through Private PAIR only.  For more information about the PAIR system, see http://pair-direct.uspto.gov. Should you have questions on access to the Private PAIR system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative or access to the automated information system, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.

 /JAMES N FIORILLO/               Examiner, Art Unit 2444