DETAILED ACTION

EXAMINER'S AMENDMENT
An examiner’s amendment to the record appears below. Should the changes and/or additions be unacceptable to applicant, an amendment may be filed as provided by 37 CFR 1.312. To ensure consideration of such an amendment, it MUST be submitted no later than the payment of the issue fee.

Authorization for this examiner’s amendment was given in an interview with William H. Dippert on 1/4/2022.

Claim 7 has been amended as follows: 

Claim 7:	A method for authenticating a user of a service provided over a communications network, wherein the user uses both a personal computer (PC) and a smart-phone, both connected to the communications network, the method comprising the steps of:
the user enrolling in the service by determining credentials comprising a list of properties of the user, said list of properties comprising at least a user name, at least one secret image, an option to use a graphic interactive object terminator button (GIOTB), and a number (N) of graphic interactive objects (GIO)s to be included in an authentication session;
the user starting a new session by the steps of:
the credentials of the user;
2) the service providing, in response to the request, a type 1 GIO, in which a first grid of colored cells is sent to the screen of the PC of the user, wherein at least some of the cells of the first grid contain images, and wherein at least one of said images is said at least one secret image chosen by the user in said enrolling step, and, in parallel, sending by the service [[,]] to the smart-phone of the user [[,]] an interactive graphic interface (IGI);
3) the user responding to both the type 1 GIO on the PC and the IGI on the smart-phone of the user by indicating on said IGI on the smart-phone of the user coordinates of a cell on said first grid in which said at least one secret image appeared;
4) if said N is equal to one, going to step 5) [[and]] or, if said N is greater than one, repeating, until a total number of GIOs sent to the user is equal to said N, the steps of:
i) the service sending to the PC of the user a type 2 GIO comprising a grid of colored cells with no images; and
ii) the user responding to said type 2 GIO on the smart-phone of the user by indicating the coordinates of a cell in said grid of colored cells having the same color as the color of the cell in in which said type 1 GIO the secret image appeared;
5) the user terminates said new session by one of:
i) clicking on a GIOTB sent by the service to the smart-phone of the user, if said option to use a GIOTB was selected in said user enrolling step;

iii) responding to said type 2 GIO to each of said type 2 GIO that was sent by said service, if the option to use a GIOTB was not selected in said user enrolling step; and
iv) performing session assessment by the service, in which:
1) the user is confirmed if:
i) the total number of user responses to GIO is equal to N; 
ii) the user correctly responds to the type 1 GIO by the user by indicating on said IGI on the user’s smart-phone the coordinates of the cell on said first grid in which said at least one secret image appeared; and
iii) correctly responding to each said type 2 GIO sent by the service, by indicating by the user on the smart-phone of the user the coordinates of a cell in said grid of colored cells having the same color as the color of the cell said type 1 GIO where the secret image appeared; or
2) the user is refused if it failed to be confirmed.




In the event the determination of the status of the application as subject to AIA  35 U.S.C. 102 and 103 (or as subject to pre-AIA  35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status.  
This Office Action is in response to the amendment filed on 09/13/2021.
Claims 1-6 have been canceled.
Claims 7-11 have been amended.
Claims 7-11 are pending for consideration.

Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .

Response to Arguments
The objection of claims 8-11 has been withdrawn as the claims have been amended as suggested.
The rejection of claims 7-11 under 35 U.S.C. §112(b) has been withdrawn as the claims have been amended to alleviate the indefiniteness issues. 

Allowable Subject Matter
Claims 7-11 are allowed.
The following is an examiner’s statement of reasons for allowance:
random partial shared secret recognition is combined with using more than one communication channel between server-side resources and two logical or physical client-side data processing machines.  After a first security tier, a first communication channel is opened to a first data processing machine on the client side.  The session proceeds by delivering an authentication challenge, identifying a random subset of an authentication credential, to a second data processing machine on the client side using a second communication channel.  Next, the user enters an authentication response in the first data processing machine, based on a random subset of the authentication credential. The authentication response is returned to the server side on the first communication channel for matching” (see Abstract).  In addition, Spencer (US 20160065570) discloses “a method for authenticating a user for performing a transaction comprises receiving unique knowledge of the user such as photoauthentication, and receiving a hardware profile associated with the user. The unique knowledge and the hardware profile are compared against previously stored data representing unique knowledge of the user and a hardware profile associated with the user. If both the received data representing the unique knowledge of the user and the received hardware profile are authenticated, the transaction is allowed to go forward”,
However, the closest prior art of record fail to teach or suggest, in the context of the ordered combination of claim 7, 
the user enrolling in the service by determining credentials comprising a list of properties of the user, said list of properties comprising at least a user name, at least one secret image, an option to use a graphic interactive object terminator button (GIOTB), and a number (N) of graphic interactive objects (GIO)s to be included in an authentication session;

1) the user submitting to the service a request for the new session accompanied by submission of the credentials of the user;
2) the service providing, in response to the request, a type 1 GIO, in which a first grid of colored cells is sent to the screen of the PC of the user, wherein at least some of the cells of the first grid contain images, and wherein at least one of said images is said at least one secret image chosen by the user in said enrolling step, and, in parallel, sending by the service to the smart-phone of the user an interactive graphic interface (IGI);
3) the user responding to both the type 1 GIO on the PC and the IGI on the smart-phone of the user by indicating on said IGI on the smart-phone of the user coordinates of a cell on said first grid in which said at least one secret image appeared;
4) if said N is equal to one, going to step 5) or, if said N is greater than one, repeating, until a total number of GIOs sent to the user is equal to said N, the steps of:
i) the service sending to the PC of the user a type 2 GIO comprising a grid of colored cells with no images; and
ii) the user responding to said type 2 GIO on the smart-phone of the user by indicating the coordinates of a cell in said grid of colored cells having the same color as the color of the cell in which said type 1 GIO the secret image appeared;
5) the user terminates said new session by one of:
i) clicking on a GIOTB sent by the service to the smart-phone of the user, if said option to use a GIOTB was selected in said user enrolling step;
ii)  responding to a type 1 GIO if said N is equal to 1, if the option to use a GIOTB was not selected in said user enrolling step; 
iii) responding to said type 2 GIO to each of said type 2 GIO that was sent by said service, if the option to use a GIOTB was not selected in said user enrolling step; and
iv) performing session assessment by the service, in which:
1) the user is confirmed if:
i) the total number of user responses to GIO is equal to N; 

iii) correctly responding to each said type 2 GIO sent by the service, by indicating by the user on the smart-phone of the user the coordinates of a cell in said grid of colored cells having the same color as the color of the cell said type 1 GIO where the secret image appeared; or
2) the user is refused if it failed to be confirmed.
Claims 8-11 are dependent on claim 7 and are allowable for the same reasons stated above.
Any comments considered necessary by applicant must be submitted no later than the payment of the issue fee and, to avoid processing delays, should preferably accompany the issue fee.  Such submissions should be clearly labeled “Comments on Statement of Reasons for Allowance.”

Conclusion
The prior art made of record and not relied upon is considered pertinent to applicant's disclosure is listed,
Gu (US 10026180) discloses “multiple image verification challenges can be used to identify the location of an object within an initial image”.
Brown (US 9646296) discloses “a mobile-to-mobile transaction method allows two mobile smartphones to engage in a private transaction between themselves. The two share the same transaction server using prearranged individual enrollments. These build a dynamic digital image of a colorgram with a selected shape that defines a colorgram matrix boundary. Authentication codes, 
Mister (US 8966579) discloses “a method, apparatus and/or system generates a challenge for user authentication, having a challenge data element from a stored pool of challenge data elements. The challenge is based on rule data and stored usage data associated with at least some of the challenge data elements in the stored pool of challenge data elements”.
Any inquiry concerning this communication or earlier communications from the examiner should be directed to TRANG T DOAN whose telephone number is (571)272-0740.  The examiner can normally be reached on Monday-Friday 7-4 ET.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Lynn D Feild can be reached on (571)272-2092.  The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system.  Status information for published applications may be obtained from either Private PAIR or Public PAIR.  Status information for unpublished applications is available through Private PAIR only.  For more information about the PAIR system, see https://ppair-my.uspto.gov/pair/PrivatePair. Should you have questions on access to the Private PAIR system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative or access 






/TRANG T DOAN/Primary Examiner, Art Unit 2431