DETAILED ACTION
Status of Claims
Applicant has amended claims 8-11.  No claims have been added.  Claims 12 and 13 have been canceled.  Claims 1-7 had been canceled prior to previous office action.  Thus, claims 8-11 remain pending in this application. The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .
Response to Arguments
Applicant’s arguments and amendments filed on 20 October 2021 with respect to:
objection to claims 8-11,
rejections of claims 8-11 under U.S.C. § 112(b),
rejections of claims 8-11 under 35 U.S.C. § 103 as being unpatentable over Neuman et al (US Pub No. 20130262858 A1) in view of Brudnicki et al (US Pub. No. 20130159186 A1)
have been fully considered.  Amendments to claims have been entered.
Examiner acknowledges amendments to claims to overcome claim objections and 35 U.S.C. § 112(b) rejections.  However, amendments are not effective.  See revised claim objections and § 112(b) rejections below.  
Applicant's arguments filed with respect to claims 8-11 regarding the 35 U.S.C. § 103 rejections have been fully considered but they are not totally persuasive.
First, Applicant’s arguments regarding the 35 U.S.C. § 103 rejections are excessive - i.e. 96 pages – and describe the citations in the prior art references of Neuman and Brudnicki.  However, it is difficult to determine specific arguments indicting what the references do not teach.  Second, it is also difficult to address Applicant’s specific arguments in that the pages in the response are not numbered
Third, although Examiner does not necessarily agree with Applicant’s contention regarding the cited prior art, Examiner cites new § 112(b) rejections which prevent the Examiner from properly construing claim scope at this time. Also, Examiner has cited additional prior art applied in revised § 103 rejections herein.
If, in the opinion of the Applicant, a telephone conference would expedite the prosecution of the subject application, the Applicant is encouraged to contact the undersigned Examiner at the phone number listed below. 
Priority
This application, filed 02 January 2018 is a continuation of 14/693,707, filed 22 April 2015, now abandoned.  Application 14/693,707 claims priority from provisional application 62/134,980, filed 18 March 2015.  Accordingly, his application is given priority to 18 March 2015.
Claim Interpretation
Regarding claim 8, clauses such as “to validate a user's request for access received from said first user's computing device” are merely statements of intended use which do not affect the method step of “storing a first stored set of user credentials”.  Similar phrasing will be interpreted accordingly.
A recitation of intended use or purpose of the claimed invention must result in a structural difference between the claimed invention and the prior art in order to patentably distinguish the claimed invention from the prior art.  If the prior art structure is capable of performing the intended use or fulfilling said purpose, then it meets the claim.
The subject matter of a properly construed claim is defined by the terms that limit its scope. It is this subject matter that must be examined. As a general matter, the grammar and intended meaning of terms used in a claim will dictate whether the language limits the claim scope.  Language that suggests or makes optional but does not require steps to be performed 
(A) statements of intended use or field of use,
(B) "adapted to" or "adapted for" clauses,
(C) "wherein" clauses, or
(D) "whereby" clauses.
This list of examples is not intended to be exhaustive. See also MPEP § 2111.04. 
Claim Objections
Claim 8 recites the term “first secondary network website”.  However, the term implies the use of a “second secondary network website”; however, the claims do not claim such.  
For purposes of examination, in as much as the Applicant’s specification refers to a “secondary network website”, the term “first secondary network website” will be interpreted to be “secondary network website”.  Correction is required.
Claims 8-11 are objected to because much of the language is riddled with typographical errors and inconsistent terminology.
For example, in claim 8, under “said first network website configured to”:
In the limitation:
(i) A first stored set of user credentials to be matched against a first set of received user credentials consisting of a first user ID and a first user password as specified by a first system policies used to validate a user's request for access received from said first user's computing device, 
It is not clear what “said first network website” is configured to do.   Perhaps the Applicant means to claim:
(i) Storing a first stored set of user credentials …
to validate a user's request for access received from said first user's computing device”, it is not clear if the request for access refers to a request for a user to access the first network website (emphasis added).
In limitation (iii), the phrase “… said first electronic instruction to said to said first user's computing device” should be written “…said first electronic instruction to said first user's computing device”.
It is not clear if “a user's request for access” in limitation (i) is the same as or different from “said first access request for access” in limitations (iv), (v) and (iv); the antecedent issue is not clear. Also “said first access request for access” would be better written as “said user's request for access”, “said first access request” or “said first request for access”.
Limitations (ii) and (ii) should begin with “create” as opposed to “creating” in order to agree with “said first network website configured to”.
In the limitation:
(iv) if a first notification comprising a second unique one-time identification token is received from said first secondary network website notifying said first network website that said second unique one-time identification token is invalid, said first network website notifies said first user's computing device that said first access request for access is not granted, 
It is not clear what step the limitation is performing in that “is received” is in the passive voice.  Perhaps the Applicant means to convey:
(iv) receive a first notification comprising a second unique one-time identification token from said first secondary network website;
compare said second unique one-time identification token with “something”;
if the comparison determines “something” as invalid, send a notification to said first user's computing device that access is not granted.
Limitations (v) and (vi) should be constructed in a similar fashion.as (iv).
In claim 8, under “said first secondary network website configured to”:
In the limitation:
(iii) if said second unique one-time identification token cannot be matched to any of said first unique one-time identification tokens in said first token database, a first notification comprising said second unique one-time identification token is sent to said first network website notifying said first network website that said second one-time identification token is invalid and said first user's computing device is not validated for access to said first network website,
it is not clear what step the limitation is performing in that “a first notification … is sent to said first network website” is in the passive voice.  Perhaps the Applicant means to convey:
(iii) if said second unique one-time identification token does not match any of said first unique one-time identification tokens in said first token database, send a first notification to said first network website,wherein the first notification comprises said second unique one-time identification token, and a message that said second one-time identification token is invalid and said first user's computing device is not validated for access to said first network website, 
Limitations (iv), (v) and (vi) should be constructed in a similar fashion.as (iii).  See related § 112 rejections.
Claim Rejections - 35 USC § 112
The following is a quotation of 35 U.S.C. 112(b):
(b)  CONCLUSION.—The specification shall conclude with one or more claims particularly pointing out and distinctly claiming the subject matter which the inventor or a joint inventor regards as the invention.

The following is a quotation of 35 U.S.C. 112 (pre-AIA ), second paragraph:
The specification shall conclude with one or more claims particularly pointing out and distinctly claiming the subject matter which the applicant regards as his invention.

Claims 8-11 are rejected under 35 U.S.C. 112(b) or 35 U.S.C. 112 (pre-AIA ), second paragraph, as being indefinite for failing to particularly point out and distinctly claim the subject 
Regarding claim 8, under “said first network website configured to”:
In the limitation:
(i) A first stored set of user credentials to be matched against a first set of received user credentials consisting of a first user ID and a first user password as specified by a first system policies used to validate a user's request for access received from said first user's computing device, 
It is not clear what “said first network website” is configured to do.   Perhaps the Applicant means to claim:
(i) Storing a first stored set of user credentials …
In limitation (i),the phrase “to validate a user's request for access received from said first user's computing device”, it is not clear if the request for access refers to a request for a user to access the first network website (emphasis added).
It is not clear if “a user's request for access” in limitation (i) is the same as or different from “said first access request for access” in limitations (iv), (v) and (iv); the antecedent issue is not clear. Also, “said first access request for access” would be better written as “said user's request for access”, “said first access request” or “said first request for access”.
In the limitation:
(iv) if a first notification comprising a second unique one-time identification token is received from said first secondary network website notifying said first network website that said second unique one-time identification token is invalid, said first network website notifies said first user's computing device that said first access request for access is not granted, 
It is not clear what step the limitation is performing in that “is received” is in the passive voice.  Perhaps the Applicant means to convey:
receive a first notification comprising a second unique one-time identification token from said first secondary network website;
compare said second unique one-time identification token with “something”;
if the comparison determines “something” as invalid, send a notification to said first user's computing device that access is not granted.
Limitations (v) and (vi) should be constructed in a similar fashion.as (iv).  Correction is required.
Regarding claim 8, under “said first secondary network website configured to”:
In the limitation:
(iii) if said second unique one-time identification token cannot be matched to any of said first unique one-time identification tokens in said first token database, a first notification comprising said second unique one-time identification token is sent to said first network website notifying said first network website that said second one-time identification token is invalid and said first user's computing device is not validated for access to said first network website,
it is not clear what step the limitation is performing in that “a first notification … is sent to said first network website” is in the passive voice.  Perhaps the Applicant means to convey:
(iii) if said second unique one-time identification token does not match any of said first unique one-time identification tokens in said first token database, send a first notification to said first network website,wherein the first notification comprises said second unique one-time identification token, and a message that said second one-time identification token is invalid and said first user's computing device is not validated for access to said first network website, 
Limitations (iv), (v) and (vi) should be constructed in a similar fashion.as (iii).  Correction is required.
Claim 11 is vague and indefinite in that the terminology is such that the Examiner can not determine specific method steps.  Examiner suggests the using terminology similar to:

send a first time expiration value with said first unique onetime identification token to said first secondary network website, …”
 if that is indeed what the Applicant wishes to claim.  Correction is required.
Moreover, the Examiner finds that because particular claims are rejected as being indefinite under 35 U.S.C. § 112(b), it is impossible to properly construe claim scope at this time (See Honeywell International Inc. v. ITC, 68 USPQ2d 1023, 1030 (Fed. Cir. 2003) “Because the claims are indefinite, the claims, by definition, cannot be construed.”). However, in accordance with MPEP § 2173.06 and the USPTO’s policy of trying to advance prosecution by providing art rejections even though the claims are indefinite, the claims are construed and the art is applied as much as practically possible.
Claims 9-11 are rejected by way of dependency on a rejected independent claim.
The art rejections below are in view of the 112(b) rejections stated above.
	
Claim Rejections - 35 USC § 103
In the event the determination of the status of the application as subject to AIA  35 U.S.C. 102 and 103 (or as subject to pre-AIA  35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status.  
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.

Claims 8-11 are rejected under 35 U.S.C. 103 as being unpatentable over Brisson (US Pub No. 20130227286 A1) in view of Brudnicki et al.
Regarding claim 8, Brisson teaches an identity management system in which a key structure storage authentication server manages pre-distributed and pre-authenticated private keys and compares dynamic offsets without key or offset exchange after initial key provisioning [0012]. He teaches simple and interoperable network scaling, dynamic authentication with non-factorable, exponential, one-time-pad based Identity Management keys, inherent intrusion detection, revocation, signature, non-repudiation, authorization, digital rights management, provenance and any other key related network security function with a single key [0015].  This can include encryption methods but anticipates using standardized ISO-IEC modules for encryption. Security is accomplished using a method where there is NO asymmetric key exchange (or negotiation) and therefore this prevents man-in-the-middle attacks [Id.].  He teaches token generation [0017]. 
Brisson teaches a method of sending a secure encrypted communication between a first source computer and a second destination computer, comprising the following steps [0025]:
i) providing the source and destination computers each with an identical copy of a unique pre-distributed symmetric key and a first valid offset; 
ii) the source computer sending a request to the destination computer to identity itself, without sending either an offset or a key with the authentication request; 
iii) the destination computer responding by sending the source computer a random or highly pseudo-random, previously unused token of variable length from the pre-distributed key beginning at the destination computer's last valid offset; 
iv) the source computer receiving the token and generating the corresponding token from its last valid offset for the corresponding key in respect of the destination computer; 
v) the source computer comparing the two tokens bit-by-bit and if they are identical, authenticating the destination computer, and if they are not identical, cancelling the session; 

vii) the source and destination computers updating their offsets independently by advancing the offset by the length of the last token and a number calculated by a predetermined function; 
viii) a first one of said source or destination computer sending a communication to the other one of said destination or source computers respectively, encrypted by the pre-distributed key and the other one of the source or destination computers decrypting said communication using said pre-distributed key; 
ix) repeating steps ii) through viii) for subsequent communications between the source computer and the destination computer.
Brisson teaches electronic, one-time key distribution to prevent Man-in-the-Middle attacks [0017].  Brisson does not explicitly disclose the use of unique onetime identification tokens.
However, Brudnicki teaches a system and method for processing a one-time payment transaction upon request from a portable communication device, which may be based on physical world geo-location information [0002].  He teaches a consumer using portable device to confirm a merchant; the confirmation of the likely merchant may be received by an issuing engine [0055]. If the likely merchant was identified incorrectly, then the issuing engine may issue new emulation information to the portable communication device. Once the likely merchant is known, a predictive transaction module of the issuing engine transmits the ID for that likely merchant, the unique user ID associated with that portable communication device, a one time use token generated for the transaction, and the expiration time to a validation mapping gateway [Id.].
Therefore, it would have been obvious to one having ordinary skill in the art before the effective filing date of the claimed invention to modify Brisson’s disclosure to include a one time use token generated for a transaction as taught by Brudnicki because it provides a system and method for using geo-location data to determine a likely point of sale terminal device present in a retail establishment co-located with the portable communication device - Brudnicki [0007]. 
Regarding claim 9, Brisson teaches sending said first unique onetime identification token, simultaneously, to both said user's computing device and said secondary network server - [0195]. 
Regarding claim 10, Brisson does not explicitly disclose sending said first unique onetime identification token, at different times, to both said user's computing device and said secondary network server.  However, it would have been obvious to try such, choosing from a finite number of identified, predictable solutions – i.e. simultaneously or at different times - with a reasonable expectation of success.
Regarding claim 11, Brisson does not explicitly disclose said first unique onetime identification token having a timer with a time expiration value. However. Brudnicki teaches this as discussed in the rejection of claim 8.  Accordingly, this claim is rejected for the same reasons
Conclusion
The prior art of record and not relied upon is considered pertinent to Applicant’s disclosure:
Stebila et al:  “MULTI-FACTOR PASSWORD-AUTHENTICATED KEY EXCHANGE”, (US Pub. No. 20090288143 A1.)
Applicant's amendment necessitated the new ground(s) of rejection presented in this Office action.  Accordingly, THIS ACTION IS MADE FINAL.  See MPEP § 706.07(a).  Applicant is reminded of the extension of time policy as set forth in 37 CFR 1.136(a).  
A shortened statutory period for reply to this final action is set to expire THREE MONTHS from the mailing date of this action.  In the event a first reply is filed within TWO 
Any inquiry concerning this communication or earlier communications from the examiner should be directed to EDWARD J BAIRD whose telephone number is (571)270-3330. The examiner can normally be reached 7 am to 3:30 pm M-F.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at 
http://www.uspto.gov/interviewpractice.
If Applicant wishes to correspond to the Examiner via email, Applicant needs to file an AUTHORIZATION FOR INTERNET COMMUNICATIONS IN A PATENT APPLICATION form.  The form may be downloaded at
https://www.uspto.gov/sites/default/files/documents/sb0439.pdf
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Calvin Hewitt II can be reached on 571-272-6709. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. Visit https://www.uspto.gov/patents/apply/patent-center for more information about Patent Center and https://www.uspto.gov/patents/docx for information about filing in DOCX format. For additional questions, contact the Electronic Business Center (EBC) at 





/EDWARD J BAIRD/Primary Examiner, Art Unit 3692