Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .

DETAILED ACTION
This Examiner’s Amendment and Examiner’s Reasons for Allowance action is in response to the filing of 12/15/2021. Claims 6-8, 15-17 have been cancelled and claims 1, 10-14, and 18 have been amended.  Therefore claims 1-5, 9-14, and 18-20 are presently pending in the application and have been considered as follows.

Response to Amendments
In light of applicant’s amendments, all previously raised rejections are hereby withdrawn.

EXAMINER’S AMENDMENT
An examiner’s amendment to the record appears below. Should the changes and/or additions be unacceptable to applicant, an amendment may be filed as provided by 37 CFR 1.312. To ensure consideration of such an amendment, it MUST be submitted no later than the payment of the issue fee.
Authorization for this examiner’s amendment was given in a telephone interview with Attorney Matthew Browning (Reg. No. 64470) on January 12, 2022.
The application has been amended as follows:


	receiving, at a server, a request from a user device for authentication, the request specifying a username, wherein receiving the request from the user device for authentication comprises:
	 	sending a first graphical user interface (GUI) form to the user device, the first GUI form including a username input element; 
	determining, at the server, grid information associated with the username by accessing a repository of grid information for a plurality of usernames, the grid information specifying a color set; 
	sending, from the server, the color set to the user device, causing the user device to display a grid of a plurality of colored tiles, each colored tile having a color specified by the color set, wherein sending the color set to the user device comprises:
		 sending a second GUI form to the user device after receiving the request from the user device for authentication, the second GUI form displaying the grid of the plurality of colored tiles, and wherein sending the second GUI :
			 sending a script for execution on the user device to capture a sequence of tile selections as a sequence of user clicks on the grid of the plurality of colored tiles; 
	receiving, at the server, [[a]] the sequence of tile selections from the user device, each tile selection within the sequence of tile selections specifying a user selection of one of the colored tiles; and 
verification of the sequence of tile selections and the grid information associated with the username.
2. (Original) The method of claim 1, wherein the grid information includes a grid character set specifying, for each colored tile, a sequence of alphanumeric characters.  
3. (Original) The method of claim 2, wherein granting or rejecting the request for authentication based on the sequence of tile selections and the grid information associated with the username comprises converting the sequence of tile selections into a generated password by: -2-Serial No. 16/518,477 translating each tile selection within the sequence of tile selections into a portion of the generated password using the grid character set; and concatenating the portions of the generated password in order of the sequence of tile selections.  
4. (Original) The method of claim 3, wherein the grid information includes a stored password, and wherein granting or rejecting the request for authentication based on the sequence of tile selections and the grid information associated with the username comprises comparing the stored password with the generated password.  
5. (Original) The method of claim 2, wherein each sequence of alphanumeric characters of the grid character set is at least three characters long, and wherein the sequence of tile selections includes at least six tile selections.  
6. (Cancelled)  
7. (Cancelled)  
8. (Cancelled)  
9. (Original) The method of claim 1, comprising, before receiving the request from the user device for authentication, registering the username and the grid information.  
10. (Currently Amended) The method of claim [[8]] 1, wherein registering the username comprises: sending a graphical user interface (GUI) form to the user device, the GUI form presenting a color selection grid comprising a plurality of candidate tiles; and receiving, for each candidate tile, a user-selected color for the candidate tile and storing the user-selected colors as the color set associated with the username.  
11. (Currently Amended) The method of claim [[8]] 1, wherein registering the username comprises: sending a graphical user interface (GUI) form to the user device, the GUI form presenting a sequence selection grid comprising a plurality of candidate tiles; and sending a sequence selection script to the user device, causing the user device to display a sequential number over each selected candidate tile of a plurality of selected candidate tiles in response to the user selecting candidate tiles.  
12. (Currently Amended) The method of claim [[8]] 1, wherein registering the username comprises receiving a candidate sequence of tile selections and rejecting the -3-Serial No. 16/518,477 candidate sequence of tile selections as a result of the candidate sequence of tile selections matching a sequence of tile selections deemed insecure.  
13. (Currently Amended) The method of claim [[8]] 1, wherein registering the username comprises generating a seed value unique to the username within the repository of grid information and using the seed value to generate a grid character set specifying, for each colored tile, a sequence of alphanumeric characters.  

14. A method for authenticating 
sending, from a user device, a username to a server, wherein sending the username to the server comprises: 
receiving a first graphical user interface (GUI) form from the server, the first GUI form presenting a username prompt; and 
receiving user input specifying the username; 
receiving, at the user device, a color set from the server and presenting a grid of a plurality of colored tiles, each colored tile having a color specified by the color set, wherein the grid is associated with the username and wherein receiving the color set from the server and presenting the grid of the plurality of colored tiles comprises:
receiving, from the server, a second GUI form after the user device sends a request for authentication, wherein the second GUI form displays at the user device the grid of the plurality of colored tiles, and 
sending, from the server, a script for the user device to capture the sequence of tile selections as a sequence of user clicks on the grid of the plurality of colored tiles, and the user device executing the script;
receiving, at the user device, user input specifying a sequence of tile selections, each tile selection within the sequence of tile selections specifying a user selection of one of the colored tile; and 
sending, from the user device, the sequence of tile selections to the server; 
receiving from the server, at the user device, an indication; and
based on the indication, [[of]] granting or rejecting [[a]] the request for authentication based on verification of the sequence of tile selections and the grid associated with the username.
15. (Cancelled)  
16. (Cancelled) 
17. (Cancelled)

18. (Currently Amended) A server for authenticating 
one or more processors and memory storing executable instructions for the processors; and 
an authenticator implemented on the processors and memory, the authenticator configured for performing operations comprising: 
receiving a request from a user device for authentication, the request specifying a username, wherein receiving the request from the user device for authentication comprises: 
sending a first graphical user interface (GUI) form to the user device, the first GUI form including a username input element; 
determining grid information associated with the username by accessing a repository of grid information for a plurality of usernames, the grid information specifying a color set; 
sending the color set to the user device, causing the user device to display a grid of a plurality of colored tiles, each colored tile having a color specified by the color set, wherein sending the color set to the user device comprises:
 sending a second GUI form to the user device after receiving the request from the user device for authentication, the second GUI form displaying the grid of the plurality of colored tiles, and wherein sending the second GUI :
 sending a script for execution on the user device to capture  a sequence of tile selections as a sequence of user clicks on the grid of the plurality of colored tiles; 
receiving [[a]] the sequence of tile selections from the user device, each tile selection within the sequence of tile selections specifying a user selection of one of the colored tiles; and 
granting or rejecting the request for authentication based on verification of the sequence of tile selections and the grid information associated with the username.
19. (Original) The server of claim 18, wherein the grid information includes a grid character set specifying, for each colored tile, a sequence of alphanumeric characters.  
20. (Original) The server of claim 18, wherein granting or rejecting the request for authentication based on the sequence of tile selections and the grid information -5-Serial No. 16/518,477 associated with the username comprises converting the sequence of tile selections into a generated password by: translating each tile selection within the sequence of tile selections into a portion of the generated password using the grid character set; and concatenating the portions of the generated password in order of the sequence of tile selections.

Allowable Subject Matter
Claims 1-5, 9-14, and 18-20 are allowed over the prior art of record.  The following is an examiner's statement of reasons for allowance:

Prior art of record teaches the following:
Osborn et al. (US 2012/0023574 A1) teaches a method and system for protection of and secure access to a computer system or computer network. The method includes the steps of receiving a first login account identifier, such as a user name from a user in communication with the computer system or network. A determination is made if the user is recognized and enrolled from the first login account from the first login account identifier. If the user is recognized, a grid of randomly generated visual images is displayed including one visual image from an image category which has been preselected by the user upon enrollment. An image category identifier is randomly assigned to each visual image in the grid. An image category identifier, second login account identifier, such as a password, is entered and received. If the login account identifier and the image category is validated, access is permitted to the computer system or network,
Schwartz et al. (US 2008/0005035 A1) teaches a method and system for ensuring the secure authentication of transactions over a communication network using a validation code 40, wherein the user submits information over a communication terminal and submitting validation code 40 for authentication allows the transaction to be completed, the system comprised of: a substantially transparent alphanumeric cipher card 10 associated with the user information, wherein cipher card 10 contains rows and columns of random alphanumeric characters; and an authentication module for providing validation code 40 to the user whereby a color grid 20 is generated to be displayed on a user terminal, wherein the cells of color grid 20 are randomly filled with one of a plurality of colors and the design of color grid 20 is adapted to cipher card 10 such that upon positioning alphanumeric cipher card 10 over color grid 20, the user can deduce a validation code 40.
Jansen (US 2004/0230843 A1) teaches a general-purpose method is provided for authenticating, i.e., verifying the claimed identity of, users of a computer system through the selection of a sequence of images from a displayed assembly of images. The method is based on the capability of computer systems to display and manipulate individual thumbnail images via a graphical user display interface. The method takes image sequences selected by a user and formulates a password that is dependent on both the sequence and style of their selection. To ease the users' burden of complying with organizational policy to change passwords after some period of time, the method allows the same image sequence to be used repeatedly in a password change dialogue, yet generate a completely different password value each time. A new method of "salting" passwords to make them less vulnerable is also provided.
	Bandi et al. (US 2019/0075120 A1) teaches receiving a request to authenticate a user; sending instructions to present an authentication user interface including a geographic map; receiving geolocations on the geographic map selected by the user; comparing the geolocations to a sequence of geolocations in an authentication credential to determine whether to authenticate the user.
Zia (US 10,169,565 B2) teaches a method of dynamically adapting a secure graphical password sequence provides a secure means to access a restricted account through a dynamic password defined by element selection requirements. A selection grid is dynamically generated with graphical elements, and a password sequence is inputted by selecting certain grid cells containing graphical elements. Various preferences provide full customizability for the dynamic password, and security measures increase the difficulty of an undesirable user ascertaining the element selection requirements. The dynamic password can adapt over time through user input by designating one of the sequential locations of the password sequence as a sequence updating parameter.
However, none of the prior art of record teach by themselves or in any combination nor would have anticipated nor render obvious by combination the claimed invention of the present invention at or before the time it was filed.  The prior art of record is silent on "	receiving, at a server, a request from a user device for authentication, the request specifying a username, wherein receiving the request from the user device for authentication comprises: sending a first graphical user interface (GUI) form to the user device, the first GUI form including a username input element; determining, at the server, grid information associated with the username by accessing a repository of grid information for a plurality of usernames, the grid information specifying a color set; sending, from the server, the color set to the user device, causing the user device to display a grid of a plurality of colored tiles, each colored tile having a color specified by the color set, wherein sending the color set to the user device comprises: sending a second GUI form to the user device after receiving the request from the user device for authentication, the second GUI form displaying the grid of the plurality of colored tiles, and wherein sending the second GUI to the user device comprises: sending a script for execution on the user device to capture a sequence of tile selections as a sequence of user clicks on the grid of the plurality of colored tiles; receiving, at the server, [[a]] the sequence of tile selections from the user device, each tile selection within the sequence of tile selections specifying a user selection of one of the colored tiles; and granting or rejecting the request for authentication based on the sequence of tile selections and the grid information associated with the username.", in combination with all other claim limitations, as it has been recited in independent claims 1, 14, and 18.  
All other dependent claims are allowable as they depend on an allowable independent claim.
	Any comments considered necessary by applicant must be submitted no later than the payment of the issue fee and, to avoid processing delays, should preferably accompany the issue fee.  Such submissions should be clearly labeled “Comments on Statement of Reasons for Allowance”.

Conclusion
The prior art made of record and not relied upon is considered pertinent to applicant’s disclosure.  See form PTO-892 Notice of References Cited.
Any inquiry concerning this communication or earlier communications from the examiner should be directed to LIZBETH TORRES-DIAZ whose telephone number is (571)272-1787.  The examiner can normally be reached on 9:00a-4:30p.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Farid Homayounmehr, can be reached on (571)272-3739.  The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.  
Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system.  Status information for published applications may be obtained from either Private PAIR or Public PAIR.  Status information for unpublished applications is available through Private PAIR only.  For more information about the PAIR system, see http://pair-direct.uspto.gov. Should you have questions on access to the Private PAIR system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative or access to the automated information system, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.

/LIZBETH TORRES-DIAZ/Examiner, Art Unit 2495                                                                                                                                                                                                        
/15 January 2022/
/ltd/