DETAILED ACTION
Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .
1.	Claims 18-20 are pending.
2.	Claims 18-20 has overcome the 35 U.S.C. 112(a) or 35 U.S.C. 112 (pre-AIA ), first paragraph rejection, necessitated by current amendment.

Double Patenting
The nonstatutory double patenting rejection is based on a judicially created doctrine grounded in public policy (a policy reflected in the statute) so as to prevent the unjustified or improper timewise extension of the “right to exclude” granted by a patent and to prevent possible harassment by multiple assignees. A nonstatutory double patenting rejection is appropriate where the conflicting claims are not identical, but at least one examined application claim is not patentably distinct from the reference claim(s) because the examined application claim is either anticipated by, or would have been obvious over, the reference claim(s). See, e.g., In re Berg, 140 F.3d 1428, 46 USPQ2d 1226 (Fed. Cir. 1998); In re Goodman, 11 F.3d 1046, 29 USPQ2d 2010 (Fed. Cir. 1993); In re Longi, 759 F.2d 887, 225 USPQ 645 (Fed. Cir. 1985); In re Van Ornum, 686 F.2d 937, 214 USPQ 761 (CCPA 1982); In re Vogel, 422 F.2d 438, 164 USPQ 619 (CCPA 1970); In re Thorington, 418 F.2d 528, 163 USPQ 644 (CCPA 1969).
A timely filed terminal disclaimer in compliance with 37 CFR 1.321(c) or 1.321(d) may be used to overcome an actual or provisional rejection based on nonstatutory double patenting provided the reference application or patent either is shown to be commonly owned with the et seq. for applications not subject to examination under the first inventor to file provisions of the AIA . A terminal disclaimer must be signed in compliance with 37 CFR 1.321(b). 
The USPTO Internet website contains terminal disclaimer forms which may be used. Please visit www.uspto.gov/patent/patents-forms. The filing date of the application in which the form is filed determines what form (e.g., PTO/SB/25, PTO/SB/26, PTO/AIA /25, or PTO/AIA /26) should be used. A web-based eTerminal Disclaimer may be filled out completely online using web-screens. An eTerminal Disclaimer that meets all requirements is auto-processed and approved immediately upon submission. For more information about eTerminal Disclaimers, refer to www.uspto.gov/patents/process/file/efs/guidance/eTD-info-I.jsp.
3.	Claim 18 are rejected on the ground of nonstatutory double patenting as being unpatentable over claim 1 of U.S. Patent No. 16/044,737. Although the claims at issue are not identical, they are not patentably distinct from each other because:
	Claim 18 of the instant application ‘370 claims a similar invention as claimed by claim 1 of ‘737. Claim 18 currently amended recites similar limitations to that of claim 1 of ‘737. Thus, it would have been obvious for a person of ordinary skill in the art at the time of the claimed invention ‘370 is a broader variation to the claimed invention of ‘737.

Claim Rejections - 35 USC § 103
In the event the determination of the status of the application as subject to AIA  35 U.S.C. 102 and 103 (or as subject to pre-AIA  35 U.S.C. 102 and 103) is incorrect, any correction of the 
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.

The factual inquiries for establishing a background for determining obviousness under 35 U.S.C. 103 are summarized as follows:
1. Determining the scope and contents of the prior art.
2. Ascertaining the differences between the prior art and the claims at issue.
3. Resolving the level of ordinary skill in the pertinent art.
4. Considering objective evidence present in the application indicating obviousness or nonobviousness.

4.	Claims 18-20 is/are rejected under 35 U.S.C. 103 as being unpatentable over Chiviendacz, et al. [US 2006/0156385] in view of Cochinwala [US 20130226698]. 
Claim 18:	Chiviendacz teaches a system, comprising: 
a hardware processor; [Chiviendacz: 0198]
an authentication service configured to: 
(i) execute on the hardware processor; [Chiviendacz: 0198] 
(ii) generate non-repeatable user-specific and temporal-based [Chiviendacz: 0178; aspect of the invention helps reduce such a risk by not allowing the random selection of a challenge data element 3108 from a group 3114 based on rule data to be repeated in challenges in close temporal proximity to each other. Thus, suggest temporal-based utility] challenge-response questionnaires as requested by an authentication system for users based on recent electronically tracked activities for the users [Chiviendacz: 0162], wherein the users are already authenticated for a first factor authentication from an authentication mechanism of an online system, wherein the authentication mechanism is interfaced to the authentication system to request a second factor authentication on the user [Chiviendacz: 0168-0169; examples of challenge data elements in a given transaction which includes the “first factor authentication”. See also 0179; start of this method may occur for any level of user authentication, such as a first-level user authentication, a second-level user authentication, etc. The method includes determining that a user authentication operation is desired where this determination process, which may involve a first level or a multi-factor authentication process], and wherein the recent electronically tracked activities are gathered from a plurality of different communication channels associated with the user’s recent electronically tracked activities [Chiviendacz: 0201; a second factor authentication policy is a policy that controls whether a challenge that is sent that is based on the second factor authentication is acceptable via different channels. For example, the policy may define that a reply to a certain challenge can be sent either through a web communication, an interactive voice recognition system, a wireless communication, or any other suitable communication channel. More examples on 0225, 0227], **and wherein at least one of the different communication channels includes a social media communication channel, [**as rejected under a secondary reference, discussed below]
iii) provide indications to the authentication system as to whether proposed responses by the users were correct or incorrect, and providing the indications by the authentication system to the online system as second factor authentication results for the users, wherein when an indication for a given user is incorrect [Chiviendacz: 0175, 0186-0188; determine if there is a match and if the received reply does not match the expected reply, the device may send notification to the client that there is a problem. When authentication is successful and may also notify the client of the success], **asking the given user whether the given user would like to try another set of challenge-response questionnaire [**as rejected under a secondary reference, discussed below] and when selected by the given user iterate back to (ii) for a different non-repeatable user-specific and temporal challenge-response questionnaire and check a different proposed response by the given user [Chiviendacz: 0175; By tracking use at all, a device may generate a challenge based on a certain number of used challenge data elements and a certain number of challenged data elements not-yet-used] and continue the iterations for a preset number of iterations unless the given user correctly answers a given non-repeatable user-specific and temporal challenge response questionnaire during a given iteration, and wherein the preset number of iterations is defined in an authentication policy set by the online system. [Chiviendacz: 0192; above operations with respect to generating challenges based on usage data to provide user authentication to the server may also be applied to provide sender authentication to the user and all operations will not be repeated for purposes of brevity. The server keeps track of the number of times each row and column and corresponding information located at the row and column were used in the sender authentication message. This can reduce the likelihood that an unscrupulous party can piece together requisite portions of an authentication article. See also 0194-0196; the selection of the challenge data elements and/or the sender authentication information and corresponding location information may be made by tracking a time at which a previous challenge/reply process and/or sender authentication process. The new challenge data element is made based on the time of when the previous sender authentication process or challenge/reply process last contained the particular data element. As such, the usage data for a given data element may indicate that a particular data element was already used (e.g. sent) both in a challenge/reply process and in a sender authentication process and the rules may define how to modify a subsequent challenge/reply process or sender authentication process accordingly. Thus, suggests “a different non-repeatable user-specific and temporal challenge-response questionnaire” upon determining the challenge was used a number of times (“continue the iterations for a preset number of iterations”)]
Chiviendacz discloses various methods for performing authentication of a target organization in connection with Internet applications are known that include secure socket layer server authentication which provides certification from a trusted third party based on the identity of the organization hosting a given web application [Chiviendacz: 0005]. It will be recognized that portions of or all functions of the translucent identification member issuer may be provided through a distribution of providers and networks or through a web based service [Chiviendacz: 0089]. Thus, authentication involves the organization hosting a web application or through providers and networks or web based service suggests “a social media communication channel”. Chiviendacz discloses wherein the users are already authenticated for a first factor authentication from an authentication mechanism of an online system, wherein the authentication mechanism is interfaced to the authentication system to request a second factor 
Cochinwala discloses the invention relates to user authentication using personal information and available commercial use information and embedding or adding advertisements based upon a registered user's commercial use information into a question posed to a user during a multi-factor authentication session [Cochinwala: 0001-0004]. Cochinwala discusses based on predetermined verification threshold, the maximum number of questions has been reached. Upon the occurrence a user answers a certain number of questions incorrectly and if the maximum number of questions is not reached and a new question is selected to maximum the score or probability. The process is repeated until the verification threshold is reached or the maximum number of questions is reached [Cochinwala: 0053]. As such, Cochinwala obviously suggests the option for “the given user would like to try another set of challenge-response questionnaire”. Thus, motivation to include “asking the given user whether the given user would like to try another set of challenge-response questionnaire”, would allow user authentication using personal information and available commercial user information [Cochinwala: 0001].

Claim 19:  Chiviendacz: 0124; discussing the system of claim 18, wherein the authentication service is configured to: iv) perform a second factor authentication for the authentication system, wherein the authentication system performs a first factor authentication against the users.
Claim 20:  As rejected under Chiviendacz in view of Bruno with motivation discussed in claim 1 [Bruno: suggests the “Software as a Service (SaaS)” - 0072; Cloud includes a model for enabling convenient, on-demand network access to a shared pool of configurable computing resources (e.g., networks, servers, storage, applications, and services)]; discussing the system of claim 18, the authentication is configured to one of: interface as a Software as a Service (SaaS) with the authentication system, and integrate within a processing environment of an online system associated with the authentication system.

Response to Arguments
5.	Applicant’s arguments with respect to claim(s) 18-20 have been considered but are moot because the new ground of rejection does not rely on any reference applied in the prior rejection of record for any teaching or matter specifically challenged in the argument.
	The argument are directed towards user answers challenge-response incorrectly and presented a different challenge-response and given N number of 
Conclusion
Applicant's amendment necessitated the new ground(s) of rejection presented in this Office action.  Accordingly, THIS ACTION IS MADE FINAL.  See MPEP § 706.07(a).  Applicant is reminded of the extension of time policy as set forth in 37 CFR 1.136(a).  

Any inquiry concerning this communication or earlier communications from the examiner should be directed to LEYNNA TRUVAN whose telephone number is (571)272-3851. The examiner can normally be reached Monday-Friday 8:00AM-5:00PM, EST.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Joseph Hirl can be reached on 571-272-3685. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. Visit https://www.uspto.gov/patents/apply/patent-center for more information about Patent Center and https://www.uspto.gov/patents/docx for information about 

LEYNNA TRUVAN
Examiner
Art Unit 2435



/L.TT/Examiner, Art Unit 2435

/JOSEPH P HIRL/Supervisory Patent Examiner, Art Unit 2435