DETAILED ACTION
Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .
Claim Objections
Claim1 and 8 objected to because of the following informalities:  
Regarding claim 1 and 8, the applicant recites that the “instructions are executable by the processing device,” which renders the device inactive in the claims. It is recommended to the applicant to recite that “the instructions, when executed by the processing device….”
Regarding claim 2, there is no claim 2 listed. Applicant should cancel this claim so it is clear there isn’t any claim recited. 
Appropriate correction is required.
Claim Rejections - 35 USC § 103
In the event the determination of the status of the application as subject to AIA  35 U.S.C. 102 and 103 (or as subject to pre-AIA  35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status.  
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the 

Claim 1, and 3-20 is/are rejected under 35 U.S.C. 103 as being unpatentable over Pemmaraju (US 2006/0041755) in view of Bhatnagar et al (US 2012/0240204).
Regarding claim 1, Pemmaraju discloses a device comprising a processing device; and a non-transitory computer-readable medium storing an application comprising a set of instructions executable by the processing device and set of instructions including an embedded application programming interface ("API") that is executable by the processing device to:  [0047, 0058, 0055]: 
establish a first communication channel for communicatively coupling the device to a host computing system  and establish a second communication channel for communicatively coupling the device to an identification-and-authentication system, the second channel being out-of-band with respect to the first channel and receive sensitive data input to a portion of the interface and; 
 [0013, 0021, 0045, 0046];
Please note that in this example the system may utilize an out-of-band operation wherein one channel carries authentication information and the other carries other information. 
 generate an interface usable by a user associated with the device for transmitting, to the host computing system and via the first communication channel, information required for accessing one or more functions of an interactive computing environment provided by the host computing system [0073, 0076];
Please note that in this example an out of band channel can be generated and used to transmit user credential information for access to resources.  
However, Pemmaraju does not expressly disclose but Bhatnagar et al discloses that the 
prevent the sensitive data from being transmitted to the host computing system via the first communication channel [0022, 0045, 0053];
Please note that in this example user credentials are received in the out of band channel to prevent being sent to the host.  
 transmit a first signal to the identification-and-authentication system via the second communication channel, the first signal having the sensitive data and being usable by the identification-and-authentication system to transmit a second signal to the host computing system verifying that the user is authenticated for accessing the one or more functions of the interactive computing environment [0054, 0055, 0009];
Please note that in this example if the authentication results are positive the results can be transmitted to the user device. 
It would have been obvious to one of ordinary skill in the art at to create the invention as claimed for the following reasons.  It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to modify the teachings of Pemmaraju by transmitting a signal, for the purpose of notifying a positive authentication result, based upon the beneficial teachings provided by Bhatnagar et al
Regarding claim 3, Pemmaraju and Bhatnagar et al disclose all the limitations of claim 1. Pemmaraju does not expressly disclose but Bhatnagar et al discloses the API is embedded in the user interface by the host computing system based on a third signal transmitted to the host computing system from the identification-and-authentication system (i.e., the secure channel is established) [0054, 0055].
The motivation to combine is the same as disclosed in point (11).
Regarding claim 4, Pemmaraju and Bhatnagar et al disclose all the limitations of claim 1. Pemmaraju does not expressly disclose but Bhatnagar et al discloses the second signal incudes validation data generated by the identification-and-authentication system, the validation data usable by the host computing system to provide access to the one or more functions and avoid receiving the sensitive data [0054, 0055].
The motivation to combine is the same as disclosed in point (11).
Regarding claim 5, Pemmaraju and Bhatnagar et al disclose all the limitations of claim 1. Pemmaraju discloses that the second channel is established based on one or more protocols specified by the API [0076, fig 11].
Regarding claim 6, Pemmaraju and Bhatnagar et al disclose all the limitations of claim 1. Pemmaraju does not expressly disclose but Bhatnagar et al discloses the one or more functions are usable for completing an electronic transaction between the host computing system and the device [0057, Fig 12].
The motivation to combine is the same as disclosed in point (11).
Regarding claim 7, Pemmaraju and Bhatnagar et al disclose all the limitations of claim 1. Pemmaraju does not expressly disclose but Bhatnagar et al discloses the first signal includes transaction data for identifying the electronic transaction [0057, fig 12].
The motivation to combine is the same as disclosed in point (11).
Regarding claim  8 and 16, Pemmaraju discloses an identification-and-authentication method and system comprising: a processing device; a network communications port communicatively coupleable to a user device via a first communication channel and communicatively coupleable to a host computing system via a second communication channel that is out-of-band with respect to the first communication channel, the first communication channel being established via an application programming interface ("API") embedded in a user interface, the user interface configured for being provided from the host computing system to the user device for accessing one or more functions of an interactive computing environment provided by the host computing system; and a non-transitory computer-readable medium included in or communicatively coupled to the processing device, the non-transitory computer-readable medium storing a data structure for storing user data records and instructions that are executable by the processing device to cause the identification-and-authentication system to: [0047, 0058, 0055]: 
establish a first communication channel for communicatively coupling the device to a host computing system  and establish a second communication channel for communicatively coupling the device to an identification-and-authentication system, the second channel being out-of-band with respect to the first channel and receive sensitive data input to a portion of the interface  [0013, 0021, 0045, 0046];
Please note that in this example the system may utilize an out-of-band operation wherein one channel carries authentication information and the other carries other information. 
authenticate, by the processing device, the user based on the sensitive data [0021, 0076];
Please note that in this example the user credentials are authenticated  
However, Pemmaraju does not expressly disclose but Bhatnagar et al discloses that the 
receive, by the network communications port via the first communication channel, a first signal from the user device via the API, the first signal including sensitive data that is associated with a user of the user device and that is used to request access to the one or more functions of the interactive computing environment, the sensitive data received by the API as part of information being provided to complete the electronic transaction [0022, 0045, 0053];
Please note that in this example user credentials are received.  
transmit, by the network communications port via the second communication channel, a second signal to the host computing system, the second signal including validation data representing that the user is authenticated for accessing the one or more functions of an interactive computing environment [0053, 0054, 0055, 0009];
Please note that in this example if the authentication results are positive the results can be transmitted to the user device. 
It would have been obvious to one of ordinary skill in the art at to create the invention as claimed for the following reasons.  It would have been obvious to one of ordinary skill in the Pemmaraju by transmitting a signal, for the purpose of notifying a positive authentication result, based upon the beneficial teachings provided by Bhatnagar et al ,see for example [0009].  These modifications would result in ease of use and increased security, both of which are obvious benefits to the skilled artisan.  Additionally, the cited references are in the field of computer security, as is the current application, and thus, are in analogous arts.  
Regarding claim 9 and 17, Pemmaraju and Bhatnagar et al disclose all the limitations of claim 8 and 16. Pemmaraju does not expressly disclose but Bhatnagar et al discloses transmit, by the network communications port, a third signal to the host computing system, the third signal usable by the host computing system to embed the API in the interface provided by the host computing system to the user device (i.e., the secure channel is established) [0054, 0055].
The motivation to combine is the same as disclosed in point (23).
Regarding claim 10, Pemmaraju and Bhatnagar et al disclose all the limitations of claim 8 and 16. Pemmaraju does not expressly disclose but Bhatnagar et al discloses storing the sensitive data in the non-transitory computer readable medium, wherein the instructions for causing the identification-and-authentication system to transmit the second signal comprises additional instructions for causing the identification-and-authentication system to generate the validation data based on the sensitive data, the validation data being usable by the host computing system to provide access to the one or more functions and avoid receiving the sensitive data (i.e., message to the client that authentication is positive) [0054, 0055].
The motivation to combine is the same as disclosed in point (23).
Regarding claim 11, Pemmaraju and Bhatnagar et al disclose all the limitations of claim 8 and 16. Pemmaraju does not expressly disclose but Bhatnagar et al discloses the network communications port is communicatively coupleable to a telecommunication provider via a third communication channel that is out-of-band with respect to the first communication channel and the second communication channel, wherein the host computing system is remote from the identification-and-authentication system and from the telecommunication provider, the non-transitory computer-readable medium further comprising instructions executable by the processing device for causing the identification-and-authentication system to: obtain credential data associated with the user device by communicating with the telecommunication provider; retrieve identification data from a credit file associated with the credential data, the credit file stored on the non-transitory computer-readable medium and the identification data being usable for accessing the one or more functions; and transmit, via the second communication channel and prior to the electronic transaction being completed, an identification signal including the identification data to the host computing system) [0050, fig 4-5].
The motivation to combine is the same as disclosed in point (23).
Regarding claim 12, Pemmaraju and Bhatnagar et al disclose all the limitations of claim 8 and 16. Pemmaraju does not expressly disclose but Bhatnagar et al discloses that the the sensitive data received by the API is received by the API from a portion of the user interface (i.e., credential information retrieved from user) [0009].
The motivation to combine is the same as disclosed in point (23).
Regarding claim 13, Pemmaraju and Bhatnagar et al disclose all the limitations of claim 8 and 16. Pemmaraju discloses that the second channel is established based on one or more protocols specified by the API [0076, fig 11].
Regarding claim 14 and 19, Pemmaraju and Bhatnagar et al disclose all the limitations of claim 8 and 16. Pemmaraju does not expressly disclose but Bhatnagar et al discloses the one or more functions are usable for completing an electronic transaction between the host computing system and the user device [0057, Fig 12].
The motivation to combine is the same as disclosed in point (23).
Regarding claim 15 and 20, Pemmaraju and Bhatnagar et al disclose all the limitations of claim 8 and 16. Pemmaraju does not expressly disclose but Bhatnagar et al discloses the first signal includes transaction data for identifying the electronic transaction [0057, fig 12].
The motivation to combine is the same as disclosed in point (23).
Regarding claim 18, Pemmaraju and Bhatnagar et al disclose all the limitations of claim 1. Pemmaraju does not expressly disclose but Bhatnagar et al discloses generating the validation data based on the sensitive data, the validation data being usable by the host computing system to provide access to the one or more functions and avoid receiving the sensitive data [0054, 0055].
The motivation to combine is the same as disclosed in point (23).
Conclusion
The prior art made of record and not relied upon is considered pertinent to applicant's disclosure. 
Fundamentals in user authentication: discloses that the assurance of integrity and authenticity is one of the main goals in IT security. In communication via digital systems, users quite often require some level of confidence in the identity of their communication partners. Such confidence can be provided by integration of user authentication functionality in IT infrastructures.
Chauhan et al (US 2020/0145385): discloses management and pre-establishment of network application and secure communication sessions. Session logs may be analyzed to identify an application or secure communication sessions likely to be accessed, and prior to receiving a request to establish the session, an intermediary (e.g. another device such as an intermediary appliance or other device, or an intermediary agent on a client such as a client application) may pre-establish the session, performing any necessary handshaking or credential or key exchange processes. When the session is subsequently requested (e.g. in response to a user request), the system may immediately begin using the pre-established session. This pre-establishment may be coordinated within the enterprise providing load balancing and scheduling of session establishment to prevent large processing loads at any one point in time.
Any inquiry concerning this communication or earlier communications from the examiner should be directed to KENDALL DOLLY whose telephone number is (571)270-1948. The examiner can normally be reached Monday-Thursday 7am-4pm(EST) and Friday 7am-11am(EST).
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is 
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Shewaye Gelagay can be reached on (571)272-4219. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. Visit https://www.uspto.gov/patents/apply/patent-center for more information about Patent Center and https://www.uspto.gov/patents/docx for information about filing in DOCX format. For additional questions, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.
/KENDALL DOLLY/             Primary Examiner, Art Unit 2436