DETAILED ACTION
Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .
1.	Claims 1, 3-12, 14-17, and 19-20 are pending.
	Claims 2, 13, and 18 are cancelled by Applicant.
2.	Claims 1, 3-12, 14-17, and 19-20 has overcome the nonstatutory double patenting rejection, necessitated by the current amendment.

Continued Examination Under 37 CFR 1.114
3.	A request for continued examination under 37 CFR 1.114, including the fee set forth in 37 CFR 1.17(e), was filed in this application after final rejection.  Since this application is eligible for continued examination under 37 CFR 1.114, and the fee set forth in 37 CFR 1.17(e) has been timely paid, the finality of the previous Office action has been withdrawn pursuant to 37 CFR 1.114.  Applicant's submission filed on 10/21/21 has been entered.
                                                                                                                                                                                                        

Claim Rejections - 35 USC § 103
In the event the determination of the status of the application as subject to AIA  35 U.S.C. 102 and 103 (or as subject to pre-AIA  35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status.  

A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.

The factual inquiries for establishing a background for determining obviousness under 35 U.S.C. 103 are summarized as follows:
1. Determining the scope and contents of the prior art.
2. Ascertaining the differences between the prior art and the claims at issue.
3. Resolving the level of ordinary skill in the pertinent art.
4. Considering objective evidence present in the application indicating obviousness or nonobviousness.
4.	Claims 1, 3-12, 14-17, and 19-20 is/are rejected under 35 U.S.C. 103 as being unpatentable over Le Saint, et al. [US 2016/0065370] in view of Kim, et al. [US 20150113275].
Claim 1:	Wu teach a method, comprising: 
in response to a first authentication using a given shared secret received from a user operating a user device [Le Saint: 0005; user device can be configured to determine an ephemeral key pair comprising an ephemeral public key and an ephemeral private key, generate a first shared secret using the ephemeral private key and a static server computer public key, encrypt request data using the first shared secret to obtain encrypted request data. See also 0054], updating, using at least one processing device of a server, the given shared secret using information from the first authentication as part of a secret update protocol to generate an updated shared secret; [Le Saint: 0013; determining an updated shared secret using a previous shared secret, deriving a cryptogram key using the updated shared secret, encrypting transaction data to generate a transaction cryptogram. See also 0054, 0090]
receiving a second authentication using the given shared secret; and [Le Saint: 0006-0009; second shared secret as in updated shared secret of a second authentication as the first shared secret is different from the second shared secret. See also 0108]
evaluating the second authentication using the given shared secret wherein: [Le Saint: 0108-0114]
the first authentication is a request for user access to a computer resource; [Le Saint: 0005, 0054; e.g. encrypted request data from first authentication per se]
the second authentication is a request for user access to the same computer resource; and [Le Saint: 0204; second authentication as discussed above relates to the updated or second shared secret]
the server is an authentication server configured to detect an attack [Le Saint: 0120-0121, 0257] **when the second authentication uses the given shared secret and the server determines that the given shared secret was previously used for the first authentication. [**as rejected under as second reference, discussion below]
	Le Saint discloses forward sync problem can occur when the user device generates next secrets without generating a transaction and a backward sync can occur when the server is ahead of the user devices. To provide solutions for such cases, the server may maintain a moving window of current secret and unused previous secrets. Le Saint further discloses backward conditions can be used to trigger an alert as a possible attack because the same shared secret may be used more than once [Le 
	Kim, et al.’s invention provide tamper-resistant and scalable mutual authentication for machine-to-machine devices [Kim: 0004] that authenticates a client device by an authentication server that communicate via a machine-to-machine communication protocol, and wherein the authentication comprises use of a token issued by the authentication server to authenticate the client via the token [Kim: 00]. Kim further discusses vulnerability to replay attacks and add extensions to protect from this type of attack. First, the authentication server (AS) and its associated client, a token key is unforgeable and with proper formatting and care, we can prevent adversaries from presenting an authentication token generated for a client id1 as an authentication token for client id2. Further, re-encrypting an authentication token without knowledge of a token key is not possible either. Hence, the only venue of the replay attack is the verbatim replay of one of the previous authentication tokens with a possibly different session message. Recall that each authentication token is encrypted with a token key for its publishing client and so is implicitly tied with the client's identity. As a result, such a replay attack can always be detected in ASs. So, the only replay attack that remains to be considered is the verbatim replay of the entire client's message. In the protection method, an AS will reject messages that have an obviously old authentication token through checking the time stamp contained in the token. Next, we need to address the possibility of replay of not too obviously old messages, which might be up to a couple of tens of minutes old so can afford to keep the history of their hashes. Thus, for each new 
	Therefore, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to combine Kim with Le Saint to teach motivation “to detect an attack when the second authentication uses the give shared secret and the server determines that the given shared secret was previously used for the first authentication” for the reason to provide tamper-resistant and scalable mutual authentication for machine-to-machine devices by preventing vulnerability attacks.
Claim 2:  Cancelled
Claim 3:  Le Saint: 0056, 0178-0180, 0213-0219; discussing the method of claim 1, wherein, in response to the anomaly being detected, the server initiates a predefined recovery workflow.
Claim 4:  Le Saint: 0121; discussing the method of claim 1, wherein, the detection can be performed at the time of one or more of the second authentication and a subsequent batch processing.
Claim 5:  Le Saint: 0178-0180, 0189-019; discussing the method of claim 1, wherein the server detects a breach of shared secrets of multiple users by monitoring a number of 
Claim 6:  Le Saint: 0194, 0204; discussing the method of claim 1, wherein the update comprises one or more of an exclusive OR operation and a hash operation applied to the given shared secret and the information from the first authentication.
Claim 7:  Le Saint: 0211; discussing the method of claim 1, wherein the information from the first authentication comprises one or more of a timestamp of the first authentication, a random value used in the first authentication, and a substantially unique value used in the first authentication.
Claim 8:  Le Saint: 0055; discussing the method of claim 1, wherein the given shared secret comprises one or more of a password, a cryptographic key, a cryptographic symmetric key, a personal identification number, and a shared secret seed used to derive one-time passcodes.
Claim 9:  Le Saint: 0090; discussing the method of claim 1, wherein the server sends the client a notification of one or more of that the first authentication succeeded and that the given shared secret needs to be updated.
Claim 10:  Le Saint: 0114, 0141; discussing the method of claim 1, wherein the given shared secret and the updated shared secret are part of a chain of shared secret values.
Claim 11:  Le Saint: 0211; discussing the method of claim 1, wherein the server stores a timestamp of the first authentication when the given shared secret was used, and wherein the server receives, from the client, the timestamp of the first authentication as 
Claim 12:	Wu teach a system, comprising: 
a memory; and [Le Saint: 0073]
at least one processing device, coupled to the memory, operative to implement the following steps: [Le Saint: 0073-0074]
in response to a first authentication using a given shared secret received from a user operating a user device [Le Saint: 0005; user device can be configured to determine an ephemeral key pair comprising an ephemeral public key and an ephemeral private key, generate a first shared secret using the ephemeral private key and a static server computer public key, encrypt request data using the first shared secret to obtain encrypted request data. See also 0054], updating, by the server, the given shared secret using information from the first authentication as part of a secret update protocol to generate an updated shared secret; [Le Saint: 0013; determining an updated shared secret using a previous shared secret, deriving a cryptogram key using the updated shared secret, encrypting transaction data to generate a transaction cryptogram. See also 0054, 0090] 
receiving a second authentication using the given shared secret; and [Le Saint: 0006-0009; second shared secret as in updated shared secret of a second authentication as the first shared secret is different from the second shared secret. See also 0108]
evaluating the second authentication using the given shared secret wherein: [Le Saint: 0108-0114]
the first authentication is a request for user access to a computer resource; [Le Saint: 0005, 0054; e.g. encrypted request data from first authentication per se]
the second authentication is a request for user access to the same computer resource; and [Le Saint: 0204; second authentication as discussed above relates to the updated or second shared secret]
the server is an authentication server configured to detect an attack [Le Saint: 0120-0121, 0257] **when the second authentication uses the give shared secret and the server determines that the given shared secret was previously used for the first authentication. [**as rejected under as second reference, discussion below]
	Le Saint discloses forward sync problem can occur when the user device generates next secrets without actually generating a transaction and a backward sync can occur when the server is ahead of the user devices. To provide solutions for such cases, the server may maintain a moving window of current secret and unused previous secrets. Le Saint further discloses backward conditions can be used to trigger an alert as a possible attack because the same shared secret may be used more than once [Le Saint: 0257]. However, Le Saint did not clearly teach “to detect an attack when the second authentication uses the give shared secret and the server determines that the given shared secret was previously used for the first authentication”.
	Kim, et al.’s invention provide tamper-resistant and scalable mutual authentication for machine-to-machine devices [Kim: 0004] that authenticates a client device by an authentication server that communicate via a machine-to-machine communication protocol, and wherein the authentication comprises use of a token issued by the authentication server to authenticate the client via the token [Kim: 00]. Kim further discusses vulnerability to replay attacks and add extensions to protect from this type of attack. First, the authentication server (AS) and its associated client, a token 
	Therefore, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to combine Kim with Le Saint to teach 
Claim 13:  Cancelled 
Claim 14:  Le Saint: 0056, 0178-0180, 0213-0219; discussing the system of claim 13, wherein the server detects a breach of shared secrets of multiple users by monitoring a number of said detected anomalies across a user population and initiates a predefined recovery flow depending upon a number of impacted users. 
Claim 15:  Le Saint: 0114, 0141; discussing the system of claim 12, wherein the given shared secret and the updated shared secret are part of a chain of shared secret values.
Claim 16:  Le Saint: 0211; discussing the system of claim 12, wherein the server stores a timestamp of the first authentication when the given shared secret was used, and wherein the server receives, from the client, the timestamp of the first authentication as part of the second authentication and the server uses the received timestamp of the first authentication to retrieve the given shared secret.
Claim 17:	Wu teach a computer program product, comprising a tangible machine-readable storage medium having encoded therein executable code of one or more software programs, wherein the one or more software programs when executed by at least one processing device perform the following steps: 
in response to a first authentication using a given shared secret received from a user operating a user device [Le Saint: 0005; user device can be configured to determine an ephemeral key pair comprising an ephemeral public key and an ephemeral private key, generate a first shared secret using the ephemeral private key and a static server computer public key, encrypt request data using the first shared secret to obtain encrypted request data. See also 0054], updating, by the server, the given shared secret using information from the first authentication as part of a secret update protocol to generate an updated shared secret; [Le Saint: 0013; determining an updated shared secret using a previous shared secret, deriving a cryptogram key using the updated shared secret, encrypting transaction data to generate a transaction cryptogram. See also 0054, 0090] 
receiving a second authentication using the given shared secret; and [Le Saint: 0006-0009; second shared secret as in updated shared secret of a second authentication as the first shared secret is different from the second shared secret. See also 0108]
evaluating the second authentication using the given shared secret wherein: [Le Saint: 0108-0114]
the first authentication is a request for user access to a computer resource; [Le Saint: 0005, 0054; e.g. encrypted request data from first authentication per se]
the second authentication is a request for user access to the same computer resource; and [Le Saint: 0204; second authentication as discussed above relates to the updated or second shared secret]
the server is an authentication server configured to detect an attack [Le Saint: 0120-0121, 0257] (**when the second authentication uses the give shared secret and the server determines that the given shared secret was previously used for the first authentication. [**as rejected under as second reference, discussion below]

	Kim, et al.’s invention provide tamper-resistant and scalable mutual authentication for machine-to-machine devices [Kim: 0004] that authenticates a client device by an authentication server that communicate via a machine-to-machine communication protocol, and wherein the authentication comprises use of a token issued by the authentication server to authenticate the client via the token [Kim: 00]. Kim further discusses vulnerability to replay attacks and add extensions to protect from this type of attack. First, the authentication server (AS) and its associated client, a token key is unforgeable and with proper formatting and care, we can prevent adversaries from presenting an authentication token generated for a client id1 as an authentication token for client id2. Further, re-encrypting an authentication token without knowledge of a token key is not possible either. Hence, the only venue of the replay attack is the verbatim replay of one of the previous authentication tokens with a possibly different session message. Recall that each authentication token is encrypted with a token key for its publishing client and so is implicitly tied with the client's identity. As a result, such 
	Therefore, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to combine Kim with Le Saint to teach motivation “to detect an attack when the second authentication uses the give shared secret and the server determines that the given shared secret was previously used for the first authentication” for the reason to provide tamper-resistant and scalable mutual authentication for machine-to-machine devices by preventing vulnerability attacks.
Claim 18:  Cancelled

Claim 20:  Le Saint: 0211; discussing the computer program product of claim 17, wherein the server stores a timestamp of the first authentication when the given shared secret was used, and wherein the server receives, from the client, the timestamp of the first authentication as part of the second authentication and the server uses the received timestamp of the first authentication to retrieve the given shared secret.

Response to Arguments
5.	Applicant’s arguments with respect to claim(s) 1, 3-12, 14-17, and 19-20 have been considered but are moot because the new ground of rejection does not rely on any reference applied in the prior rejection of record for any teaching or matter specifically challenged in the argument.
	Examiner notes there are not arguments submitted with the filing of the RCE.

Conclusion
Applicant's amendment necessitated the new ground(s) of rejection presented in this Office action.  Accordingly, THIS ACTION IS MADE FINAL.  See MPEP § 706.07(a).  Applicant is reminded of the extension of time policy as set forth in 37 CFR 1.136(a).  
A shortened statutory period for reply to this final action is set to expire THREE MONTHS from the mailing date of this action.  In the event a first reply is filed within 
Any inquiry concerning this communication or earlier communications from the examiner should be directed to LEYNNA TRUVAN whose telephone number is (571)272-3851. The examiner can normally be reached Monday-Friday 8:00AM-5:00PM, EST.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Joseph Hirl can be reached on 571-272-3685. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. Visit https://www.uspto.gov/patents/apply/patent-center for more information about Patent Center and https://www.uspto.gov/patents/docx for information about filing in DOCX format. For additional questions, contact the Electronic Business Center (EBC) at 

LEYNNA TRUVAN
Examiner
Art Unit 2435



/L.TT/Examiner, Art Unit 2435                                                                                                                                                                                                        PE

/JOSEPH P HIRL/Supervisory Patent Examiner, Art Unit 2435