DETAILED ACTION

The present application is being examined under the pre-AIA  first to invent provisions. 

Response to Amendment
The Amendment filed on 04/29/2022 has been entered. 
The double patenting rejection of claims 1-20 is maintained. The current amendment claims are not distinct from the conflicting application.
The 35 U.S.C. 112(a) rejections for claims 10-11 are withdrawn in view of amendment.
In response to the Applicant amendments/remarks regarding claims that invokes 35 U.S.C. 112(f) and corresponding claim rejections under 35 U.S.C. 112(b), the amendments have resolved the issues.  The amendments clearly indicate that the claims as amended do not invoke 35 U.S.C. 112(f) or pre-AIA  35 U.S.C. 112, sixth paragraph.  Accordingly, the corresponding 35 U.S.C. 112(b) rejections are withdrawn.  
Claims 10-11 and 16-20 are amended.
Claims 1-20 are pending of which claims 1, 10 and 16 are independent claims.

Response to Arguments
Applicant's arguments filed on 04/29/202 have been fully considered but they are not persuasive. 
Applicant argues (see page 10-12) regarding claims 1, 10 and 16 and the limitation of “encoding, by the provider system, individuals of the plurality of OTP codes based at least in part on an identifier that indicates a predetermined event duration during which the respective OTP code is valid; providing the seed value to the OTP device” that “the Office Action's assertion that Brainard's "verifier seed [being] derived [from] the verifier master seed" is inapposite discussion. Id. As the master seed is already alleged as the basis for the OTP list in the cited combination, the master seed also being basis of the verifier seed is not a disclosure of "encoding, by the provider system, individuals of the plurality of OTP codes . . . ," as partly in claim 1”; Examiner acknowledged Applicant’s perspective but respectfully disagrees for the following reasons: 
First, the argued claimed limitation “the plurality of OTP codes” is “generated based at least in part on a seed value” which could be broadly interpreted that the plurality of OTP codes are not necessarily different as the only factor for generating plurality of codes claimed is the static value.  
Secondly, the algorithm for “encoding” each OTP codes is not specifically claimed. As disclosed in the prior office action, Brainard's verifier seed (mapped to encoded OTP code) which is derived from the master seed and the time identifier, see Brainard paragraph [0047]. Furthermore, Brainard paragraph [0065] clarified that the verifier seed derivation can break into two or more steps where a temporary intermediate seed is derived from the master seed by mathematically combining the master seed with a time identifier. Verifier seeds are then generated from the temporary intermediate seed which is based on the time identifier.
Therefore, Brainard in combination with Hird discloses the claimed limitations. Independent claims 1, 10 and 16 are rejected for the reason’s discussed above.
Dependent claims are also rejected with their respective independent claims.

Double Patenting
The nonstatutory double patenting rejection is based on a judicially created doctrine grounded in public policy (a policy reflected in the statute) so as to prevent the unjustified or improper timewise extension of the “right to exclude” granted by a patent and to prevent possible harassment by multiple assignees. A nonstatutory double patenting rejection is appropriate where the conflicting claims are not identical, but at least one examined application claim is not patentably distinct from the reference claim(s) because the examined application claim is either anticipated by, or would have been obvious over, the reference claim(s). See, e.g., In re Berg, 140 F.3d 1428, 46 USPQ2d 1226 (Fed. Cir. 1998); In re Goodman, 11 F.3d 1046, 29 USPQ2d 2010 (Fed. Cir. 1993); In re Longi, 759 F.2d 887, 225 USPQ 645 (Fed. Cir. 1985); In re Van Ornum, 686 F.2d 937, 214 USPQ 761 (CCPA 1982); In re Vogel, 422 F.2d 438, 164 USPQ 619 (CCPA 1970); In re Thorington, 418 F.2d 528, 163 USPQ 644 (CCPA 1969).
A timely filed terminal disclaimer in compliance with 37 CFR 1.321(c) or 1.321(d) may be used to overcome an actual or provisional rejection based on nonstatutory double patenting provided the reference application or patent either is shown to be commonly owned with the examined application, or claims an invention made as a result of activities undertaken within the scope of a joint research agreement. See MPEP § 717.02 for applications subject to examination under the first inventor to file provisions of the AIA  as explained in MPEP § 2159.  See MPEP §§ 706.02(l)(1) - 706.02(l)(3) for applications not subject to examination under the first inventor to file provisions of the AIA . A terminal disclaimer must be signed in compliance with 37 CFR 1.321(b). 
The USPTO Internet website contains terminal disclaimer forms which may be used. Please visit www.uspto.gov/patent/patents-forms. The filing date of the application in which the form is filed determines what form (e.g., PTO/SB/25, PTO/SB/26, PTO/AIA /25, or PTO/AIA /26) should be used. A web-based eTerminal Disclaimer may be filled out completely online using web-screens. An eTerminal Disclaimer that meets all requirements is auto-processed and approved immediately upon submission. For more information about eTerminal Disclaimers, refer to www.uspto.gov/patents/process/file/efs/guidance/eTD-info-I.jsp.

Claims 1-20 are rejected on the ground of nonstatutory obviousness-type double patenting over claims 1, 4, 7-8, 10, 12-13 and 15-17 of U.S. Patent No. 10,771,456 (See table below). 
Claims 1-3, 5-13, 15-18 and 20 are rejected on the ground of nonstatutory obviousness-type double patenting over claims 1, 3-7, 10-13 and 16-17 of U.S. Patent No. 9,954,856 (See table below). 
Claims 1-3 and 5-20 are rejected on the ground of nonstatutory obviousness-type double patenting over claims 1-2, 4-5, 8-9, 14-16 and 19 of U.S. Patent No. 9,218,476 (See table below). 
16921172 (Instant Application)
10,771,456


1. A computer implemented method for securing access in computing systems, the method comprising:
generating, by a provider system, a plurality of one-time password (OTP) codes based at least in part on a seed value, 
wherein the seed value is accessible by the provider system and an OTP device and inaccessible to a verification system;
encoding, by the provider system, individuals of the plurality of OTP codes based at least in part on an identifier that indicates a predetermined event duration during which the respective OTP code is valid;


providing the seed value to the OTP device; and


providing a data structure containing the plurality of encoded OTP codes to the verification system to authenticate one or more access requests to one or more cloud-based resources.
1. A computer implemented method for securing access in computing systems, the method comprising:
generating a plurality of one-time password (OTP) codes based at least in part on a seed value;

the seed value being inaccessible to the verification system, 

encoding the plurality of OTP codes by applying a hash function to the plurality of OTP codes, the hash function for an individual one of the OTP codes based at least in part on a time identifier that indicates a predetermined event duration during which the respective OTP code is valid; and
16. … the first seed value is embedded in a device

providing a data structure containing the plurality of encoded OTP codes to a verification system to authenticate one or more access requests to one or more cloud-based services, … and the a plurality of OTP codes being valid during the predetermined event duration
.
2. The computer implemented method of claim 1, wherein the OTP device is configured to:
generate a request OTP code based on the seed value; and
provide the request OTP code to the verification system.

15. …

receiving at least one access request containing a purported verification code generated by a device, the purported verification code generated based at least in part on a seed value.


3. The computer implemented method of claim 1, wherein the verification system is configured to:
decode the plurality of OTP codes;
verify that the request OTP code matches one of the plurality of decoded OTP codes; and
authenticate a request to access one or more resources in response to verifying the request OTP code.
15. …

authenticating, by the verification system, the access request based at least in part on matching the encoded purported verification code contained in the access request to one of the plurality of encoded verification codes stored in the data structure.

4. The computer implemented method of claim 3, wherein the verification system is further configured to:
identify a current time, wherein decoding the plurality of OTP is based on the current time.
15 ….


encoding the purported verification code with a current time that the access request was received

5. The computer implemented method of claim 1, wherein the event duration is a time interval that the respective code is valid.

1. … a predetermined event duration during which the respective OTP code is valid
6. The computer implemented method of claim 1, wherein the encoding is a hash function.
1. encoding the plurality of OTP codes by applying a hash function to the plurality of OTP codes
7. The computer implemented method of claim 1, further comprising:
generating, by the provider system, a second plurality of OTP codes based in part at least in part on the seed value;

encoding, by the provider system, individuals of the second plurality of OTP codes based at least in part on a second identifier that indicates a second predetermined event duration during which the respective OTP code of the second plurality of OTP codes is valid; and
providing a second data structure containing the second plurality of encoded OTP codes to the verification system.



4… generating one or more renewed OTP codes.
1… generating a plurality of one-time password (OTP) codes based at least in part on a seed value
10. … encoding the plurality of OTP codes by applying a hash function individuals of the plurality of OTP codes, the hash function based at least in part on a time identifier
12 … receiving, when the first predetermined interval is expired, second verification materials valid for a predetermined second interval, the second verification materials generated based at least in part on a second seed value

8. The computer implemented method of claim 7, wherein the verification system is further configured to:

send a notification to the OTP device to advance to the second event duration;


receive a request OTP code from the OTP device;
determine that one of the second plurality of decoded OTP codes matches the request OTP code; and


decode the second set of OTP codes;
authenticate the request to access one or more resources.
13. …



generating a response that contains instructions to advance the device to a predetermined subsequent interval.

12 … receiving, when the first predetermined interval is expired, second verification materials valid for a predetermined second interval, the second verification materials generated based at least in part on a second seed value

15 … authenticating, by the verification system, the access request based at least in part on matching the encoded purported verification code contained in the access request to one of the plurality of encoded verification codes stored in the data structure.
9. The computer implemented method of claim 1, further comprising:

associating one of the plurality of OTP codes with a time identifier that indicates a portion of a predetermined interval during which the respective OTP code is valid;

calculating a value of a cryptographic function based at least in part on the respective OTP code and the time identifier; and
storing the value as an entry in the data structure.
8. The computer implemented method of claim 1, wherein generating the plurality of OTP codes further includes:
associating one of the plurality of OTP codes with the time identifier that indicates a portion of a predetermined interval during which the respective OTP code is valid; 

calculating a value of a cryptographic function based at least in part on the respective OTP code and the time identifier; and 
storing the value as an entry in the data structure.

10. A computer implemented method for verifying a one-time password (OTP), comprising:

requesting a plurality of OTP codes and specifying an event duration; receiving a data structure containing a plurality of encoded OTP codes, wherein the OTP codes are generated utilizing a seed value that is inaccessible, and wherein the encoded OPT codes in the data structure is encoded based on the event duration;



receiving a request OTP code and resource request from an OTP device;







decoding the data structure to identify a plurality of decoded OTP codes utilizing the event duration;
verifying that the request OTP code matches one of the decoded OTP codes; and
authenticating the resource request based on verifying the request OTP.

15. A computer implemented method for verifying requests for access in computing systems, comprising:
receiving, by a verification system, a data structure storing one or more encoded verification codes, the one or more encoded verification codes being valid during a portion of a predetermined event duration and encoded by hashing individual verification codes with a time identifier that indicates the portion of the predetermined event duration during which the respective verification code is valid;

receiving at least one access request containing a purported verification code generated by a device, the purported verification code generated based at least in part on a seed value embedded in the device, wherein the seed value is inaccessible to the verification system;
encoding the purported verification code with a current time that the access request was received; and
authenticating, by the verification system, the access request based at least in part on matching the encoded purported verification code contained in the access request to one of the plurality of encoded verification codes stored in the data structure.
11. The computer implemented method of claim 10, further comprising:
sending a notification to the OTP device that the event duration has expired;


requesting a second plurality of OTP codes and specifying a second event duration; and
receiving a second data structure containing a second plurality of encoded OTP codes, 

wherein the second plurality of encoded OTP codes are generated utilizing the seed value, and wherein the second plurality of encoded OTP codes in the data structure is encoded based on the event duration.

13. …

generating a response that contains instructions to advance the device to a predetermined subsequent interval.

12 … receiving, when the first predetermined interval is expired, second verification materials valid for a predetermined second interval, the second verification materials generated based at least in part on a second seed value
10. … encoding the plurality of OTP codes by applying a hash function individuals of the plurality of OTP codes, the hash function based at least in part on a time identifier

12. The computer implemented method of claim 10, further comprising:
sending verification materials in response to authenticating the resource request.
12. … transmitting, to the verification system, an access request to access resources provided outside of the verification system, the access request including the plurality of OTP codes and a temporal value;

13. The computer implemented method of claim 12, wherein the verification materials are valid for an interval.
16. The computer implemented method of claim 15, further comprising: causing the plurality of encoded verification codes to be valid for a portion of a predetermined interval.

14. The computer implemented method of claim 10, wherein the data structure is a bloom filter.

17. The computer implemented method of claim 16, wherein the plurality of encoded verification codes are one-time passwords (OTP), and wherein the data structure is a bloom filter.

15. The computer implemented method of claim 10, wherein the seed value is embedded in the OTP device.
15. …  a seed value embedded in the device
16. A computing system for verifying one-time passwords, comprising:
memory having instructions that when executed by the provider computing system enables the provider computing system configured to:
generate a plurality of one-time password (OTP) codes based at least in part on a seed value, wherein the seed value is accessible by the provider computing system and an OTP device and is inaccessible to a verification system;
encode individuals of the plurality of OTP codes based at least in part on an identifier that indicates a predetermined event duration during which the respective OTP code is valid; and



provide a data structure containing the plurality of encoded OTP codes to the verification system to authenticate one or more access requests to one or more cloud-based resources.
1. A computer implemented method for securing access in computing systems, the method comprising:


generating a plurality of one-time password (OTP) codes based at least in part on a seed value;
the seed value being inaccessible to the verification system, 

encoding the plurality of OTP codes by applying a hash function to the plurality of OTP codes, the hash function for an individual one of the OTP codes based at least in part on a time identifier that indicates a predetermined event duration during which the respective OTP code is valid; and
providing a data structure containing the plurality of encoded OTP codes to a verification system to authenticate one or more access requests to one or more cloud-based services.

17. The provider computing system of claim 16, wherein the OTP device is configured to:
generate a request OTP code based on the seed value; and
provide the request OTP code to the verification system.
15. …
receiving at least one access request containing a purported verification code generated by a device, the purported verification code generated based at least in part on a seed value.


18. The provider computing system of claim 16, wherein the verification system is configured to:
receive the data structure from the provider computing system;


receive a request OTP code a request to access one or more resources from the OTP device;

decode the plurality of OTP codes;
verify that the request OTP code matches one of the plurality of decoded OTP codes; and
authenticate the request in response to verifying the request OTP code.
15. …

receiving, by a verification system, a data structure storing one or more encoded verification codes

receiving at least one access request containing a purported verification code

authenticating, by the verification system, the access request based at least in part on matching the encoded purported verification code contained in the access request to one of the plurality of encoded verification codes stored in the data structure.

19. The provider computing system of claim 16, wherein the data structure is a bloom filter.

7. The computer implemented method of claim 1, wherein the data structure is a bloom filter.
20. The provider computing system of claim 16, wherein the memory having the instructions that when executed by the provider computing system further enables the provider computing system to:
provide the seed value to the OTP device.

15 … a seed value embedded in the device



16921172 (Instant Application)
9,954,856


1. A computer implemented method for securing access in computing systems, the method comprising:
generating, by a provider system, a plurality of one-time password (OTP) codes based at least in part on a seed value, 
wherein the seed value is accessible by the provider system and an OTP device and inaccessible to a verification system;


encoding, by the provider system, individuals of the plurality of OTP codes based at least in part on an identifier that indicates a predetermined event duration during which the respective OTP code is valid;
providing the seed value to the OTP device; and

providing a data structure containing the plurality of encoded OTP codes to the verification system to authenticate one or more access requests to one or more cloud-based resources.
1. A computer implemented method for securing access in computing systems, the method comprising:
4. the set of pre-generated OTP codes are generated by a provider computing system based at least in part on a seed value known to the provider computing system
7. wherein the seed value used to generate the set of pre-generated OTP codes is inaccessible to the verification system

1. encoding each OTP code of the set of pre-generated OTP codes to generate an encoded set of pre-generated OTP codes for a first predetermined interval;

5. … a seed value associated with the device

providing the data structure containing the encoded set of pre-generated OTP codes to a verification system.


2. The computer implemented method of claim 1, wherein the OTP device is configured to:
generate a request OTP code based on the seed value; and

provide the request OTP code to the verification system.

5. …

wherein the purported OTP code is produced by a device based at least in part on a seed value associated with the device, 
1… receive at least one access request containing a purported OTP code

3. The computer implemented method of claim 1, wherein the verification system is configured to:
decode the plurality of OTP codes;
verify that the request OTP code matches one of the plurality of decoded OTP codes; and
authenticate a request to access one or more resources in response to verifying the request OTP code.
1. …

attempt to authenticate the access request based at least in part on matching the purported OTP code to an OTP code of the encoded set of pre-generated OTP codes.

5. The computer implemented method of claim 1, wherein the event duration is a time interval that the respective code is valid.

3. …  an identifier that indicates a time window during which the at least one OTP code is valid
6. The computer implemented method of claim 1, wherein the encoding is a hash function.

3. applying a hash function to at least one OTP code of the set of pre-generated OTP codes
7. The computer implemented method of claim 1, further comprising:
generating, by the provider system, a second plurality of OTP codes based in part at least in part on the seed value;

encoding, by the provider system, individuals of the second plurality of OTP codes based at least in part on a second identifier that indicates a second predetermined event duration during which the respective OTP code of the second plurality of OTP codes is valid; and
providing a second data structure containing the second plurality of encoded OTP codes to the verification system.



1… generating a renewal set of OTP codes for a second predetermined interval,
4… the set of pre-generated OTP codes are generated by a provider computing system based at least in part on a seed value
3. applying a hash function to at least one OTP code of the set of pre-generated OTP codes, the hash function based at least in part on an identifier that indicates a time window during which the at least one OTP code is valid

1. … providing the renewal set of OTP codes to the verification systeme

8. The computer implemented method of claim 7, wherein the verification system is further configured to:

send a notification to the OTP device to advance to the second event duration;


receive a request OTP code from the OTP device;

determine that one of the second plurality of decoded OTP codes matches the request OTP code; and
decode the second set of OTP codes;
authenticate the request to access one or more resources.

1. …



the renewal set of OTP codes unusable to authenticate an access request prior to expiration of the first predetermined interval or until the second predetermined interval is active.
receive at least one access request containing a purported OTP code
attempt to authenticate the access request based at least in part on matching the purported OTP code to an OTP code of the encoded set of pre-generated OTP codes
9. The computer implemented method of claim 1, further comprising:
associating one of the plurality of OTP codes with a time identifier that indicates a portion of a predetermined interval during which the respective OTP code is valid;
calculating a value of a cryptographic function based at least in part on the respective OTP code and the time identifier; and
storing the value as an entry in the data structure.
3…

applying a hash function to at least one OTP code of the set of pre-generated OTP codes, the hash function based at least in part on an identifier that indicates a time window during which the at least one OTP code is valid; 


1. storing the encoded set of pre-generated OTP codes into a data structure

10. A computer implemented method for verifying a one-time password (OTP), comprising:
requesting a plurality of OTP codes and specifying an event duration; 





requesting a plurality of OTP codes and specifying an event duration; receiving a data structure containing a plurality of encoded OTP codes, wherein the OTP codes are generated utilizing a seed value that is inaccessible, and wherein the encoded OPT codes in the data structure is encoded based on the event duration;




receiving a request OTP code and resource request from an OTP device;
decoding the data structure to identify a plurality of decoded OTP codes utilizing the event duration;
verifying that the request OTP code matches one of the decoded OTP codes; and
authenticating the resource request based on verifying the request OTP.

17. 

obtaining a set of pre-generated one-time password (OTP) codes to form a set of OTP codes;
encoding each OTP code of the set of pre-generated OTP codes to generate an encoded set of pre-generated OTP codes for a first predetermined interval
providing the data structure containing the encoded set of pre-generated OTP codes to a verification system;
13. the set of pre-generated OTP codes are generated by a provider computing system based at least in part on a seed value known to the provider computing system, 
16. wherein the seed value used to generate the set of pre-generated OTP codes is inaccessible to the verification system

1. receive at least one access request containing a purported OTP code; and
attempt to authenticate the access request based at least in part on matching the purported OTP code to an OTP code of the encoded set of pre-generated OTP codes
11. The computer implemented method of claim 10, further comprising:
sending a notification to the OTP device that the event duration has expired;



requesting a second plurality of OTP codes and specifying a second event duration; and
receiving a second data structure containing a second plurality of encoded OTP codes, 
wherein the second plurality of encoded OTP codes are generated utilizing the seed value, and wherein the second plurality of encoded OTP codes in the data structure is encoded based on the event duration.

6. …

wherein the device having the seed value associated therewith is able to be used to authenticate requests against the second verification system only after the first predetermined interval expires
1 … generating a renewal set of OTP codes for a second predetermined interval,
4. … wherein the set of pre-generated OTP codes are generated by a provider computing system based at least in part on a seed value

12. The computer implemented method of claim 10, further comprising:
sending verification materials in response to authenticating the resource request.

1. … providing the data structure containing the encoded set of pre-generated OTP codes to a verification system;

13. The computer implemented method of claim 12, wherein the verification materials are valid for an interval.

3. an identifier that indicates a time window during which the at least one OTP code is valid.

15. The computer implemented method of claim 10, wherein the seed value is embedded in the OTP device.
5. … a seed value associated with the device

16. A computing system for verifying one-time passwords, comprising:
a provider configured to:
memory having instructions that when executed by the provider computing system enables the provider computing system configured to:
generate a plurality of one-time password (OTP) codes based at least in part on a seed value, wherein the seed value is accessible by the provider computing system and an OTP device and is inaccessible to a verification system;
encode individuals of the plurality of OTP codes based at least in part on an identifier that indicates a predetermined event duration during which the respective OTP code is valid; and

encode individuals of the plurality of OTP codes based at least in part on an identifier that indicates a predetermined event duration during which the respective OTP code is valid; and


provide a data structure containing the plurality of encoded OTP codes to the verification system to authenticate one or more access requests to one or more cloud-based resources.




13. the set of pre-generated OTP codes are generated by a provider computing system based at least in part on a seed value known to the provider computing system, 
16. wherein the seed value used to generate the set of pre-generated OTP codes is inaccessible to the verification system






12. apply a hash function to at least one OTP code of the set of pre-generated OTP codes, the hash function based at least in part on an identifier that indicates a time window during which the at least one OTP code is valid; and

10. provide the data structure containing the encoded set of pre-generated OTP codes to a verification system.

17. The providercomputing system of claim 16, wherein the OTP device is configured to:
generate a request OTP code based on the seed value; and
provide the request OTP code to the verification system.
11. …
receive, at the verification system, at least one access request containing a purported OTP code, 
14. the purported OTP code is produced by a device based at least in part on a seed value associated with the device

18. The provider computing system of claim 16, wherein the verification system is configured to:
receive the data structure from the computing provider system;


receive a request OTP code a request to access one or more resources from the OTP device;

decode the plurality of OTP codes;
verify that the request OTP code matches one of the plurality of decoded OTP codes; and
authenticate the request in response to verifying the request OTP code.


10. provide the data structure containing the encoded set of pre-generated OTP codes to a verification system 

11. receive, at the verification system, at least one access request containing a purported OTP code

encode, at the verification system, the purported OTP code contained in the access request by hashing it with a timestamp contained in the request to generate an encoded purported OTP code; and
match, at the verification system, the encoded purported OTP code to an OTP code of the encoded set of pre-generated OTP codes. 

20. The provider computing system of claim 16, wherein the memory having the instructions that when executed by the provider computing system further enables the provider computing system to:
provide the seed value to the OTP device.
5. … a seed value associated with the device




16921172 (Instant Application)
9,218,476


1. A computer implemented method for securing access in computing systems, the method comprising:
generating, by a provider system, a plurality of one-time password (OTP) codes based at least in part on a seed value, 
wherein the seed value is accessible by the provider system and an OTP device and inaccessible to a verification system;






encoding, by the provider system, individuals of the plurality of OTP codes based at least in part on an identifier that indicates a predetermined event duration during which the respective OTP code is valid;


providing the seed value to the OTP device; and


providing a data structure containing the plurality of encoded OTP codes to the verification system to authenticate one or more access requests to one or more cloud-based resources.
1. A computer implemented method for securing access in computing systems, the method comprising:
generating, by a provider computer system and based at least in part on a seed value that is known to the provider computer system, …each OTP code being associated with a matching OTP code that is separately able to be produced by a token device based at least in part on a seed value embedded in the token device
the seed value being inaccessible to the verification system, 
2. wherein the seed value is inaccessible to the verification system

encoding, by the provider computer system, each OTP code of the set of OTP codes based at least in part on a time value associated with the each OTP code to yield an encoded set of OTP codes;; and


… a seed value embedded in the token device


providing, from the provider computer system, the data structure containing the set of encoded OTP codes to a verification system, … attempt to authenticate the access request based at least in part on matching the purported OTP code contained in the access request to the OTP code stored in the data structure.

2. The computer implemented method of claim 1, wherein the OTP device is configured to:
generate a request OTP code based on the seed value; and
provide the request OTP code to the verification system.

1. …

receive an access request containing a purported OTP code generated by the token device based at least in part on the seed value.


3. The computer implemented method of claim 1, wherein the verification system is configured to:
decode the plurality of OTP codes;
verify that the request OTP code matches one of the plurality of decoded OTP codes; and
authenticate a request to access one or more resources in response to verifying the request OTP code.
1. …

attempt to authenticate the access request based at least in part on matching the purported OTP code contained in the access request to the OTP code stored in the data structure;
5. The computer implemented method of claim 1, wherein the event duration is a time interval that the respective code is valid.

1. … a predetermined event duration during which the respective OTP code is valid
6. The computer implemented method of claim 1, wherein the encoding is a hash function.

4. The computer implemented method of claim 3, wherein encoding each OTP code further includes:
applying a hash function to the OTP code prior to storing the encoded OTP code into the bloom filter

7. The computer implemented method of claim 1, further comprising:
generating, by the provider system, a second plurality of OTP codes based in part at least in part on the seed value;

encoding, by the provider system, individuals of the second plurality of OTP codes based at least in part on a second identifier that indicates a second predetermined event duration during which the respective OTP code of the second plurality of OTP codes is valid; and
providing a second data structure containing the second plurality of encoded OTP codes to the verification system.



1… generating, by the provider computer system, a renewal set of OTP codes.
… generating, by a provider computer system and based at least in part on a seed value
 … encoding, by the provider computer system, each OTP code of the set of OTP codes based at least in part on a time value associated with the each OTP code to yield an encoded set of OTP codes;
 
… providing, from the provider computer system, the renewal set of OTP codes to the verification system.
8. The computer implemented method of claim 7, wherein the verification system is further configured to:

send a notification to the OTP device to advance to the second event duration;


receive a request OTP code from the OTP device;

determine that one of the second plurality of decoded OTP codes matches the request OTP code; and
decode the second set of OTP codes;
authenticate the request to access one or more resources.

15. …



generating a response that contains instructions to advance the device to a subsequent interval.

12 … wherein the device having the seed value embedded therein is able to be used to authenticate requests against a second verification system after the first predetermined interval expires

1… authenticate the access request based at least in part on matching the purported OTP code contained in the access request to the OTP code stored in the data structure.

9. The computer implemented method of claim 1, further comprising:
associating one of the plurality of OTP codes with a time identifier that indicates a portion of a predetermined interval during which the respective OTP code is valid;
c


alculating a value of a cryptographic function based at least in part on the respective OTP code and the time identifier; and
storing the value as an entry in the data structure.

8. The computer implemented method of claim 5, wherein generating the set of verification codes further includes:
associating each verification code with a time identifier that indicates the portion of the first predetermined interval during which the verification code is valid;

calculating a value of a cryptographic function based at least in part on the verification code and the time identifier; and
storing the value as an entry in a data structure.
10. A computer implemented method for verifying a one-time password (OTP), comprising:
requesting a plurality of OTP codes and specifying an event duration; 
receiving a data structure containing a plurality of encoded OTP codes, wherein the OTP codes are generated utilizing a seed value that is inaccessible, and wherein the data structure is encoded based on the event duration;



receiving a request OTP code and resource request from an OTP device;

decoding the data structure to identify a plurality of decoded OTP codes utilizing the event duration;
verifying that the request OTP code matches one of the decoded OTP codes; and
authenticating the resource request based on verifying the request OTP.

1. A computer implemented method for verifying requests for access in computing systems, comprising:
providing, from the provider computer system, the data structure containing the set of encoded OTP codes to a verification system
generating, by a provider computer system and based at least in part on a seed value that is known to the provider computer system, a set of one-time password (OTP) codes for a first time interval;

receive an access request containing a purported OTP code generated by the token device 

attempt to authenticate the access request based at least in part on matching the purported OTP code contained in the access request to the OTP code stored in the data structure
11. The computer implemented method of claim 10, further comprising:
sending a notification to the OTP device that the event duration has expired;


requesting a second plurality of OTP codes and specifying a second event duration; and
receiving a second data structure containing a second plurality of encoded OTP codes, 
wherein the second plurality of OTP codes are generated utilizing the seed value, and wherein the data structure is encoded based on the event duration.



15… generating a response that contains instructions to advance the device to a subsequent interval
 
5… encoding, by the provider computer system, each OTP code of the set of OTP codes based at least in part on a time value associated with the each OTP code to yield an encoded set of OTP codes;
 
… generating, by the provider computer system, a renewal set of verification codes for a second predetermined interval; encoding, by the provider computer system, the set of verification codes;

12. The computer implemented method of claim 10, further comprising:
sending verification materials in response to authenticating the resource request.

14. … providing a new set of verification codes in response to the request.



13. The computer implemented method of claim 12, wherein the verification materials are valid for an interval.

5. … each verification code being valid for a portion of the first predetermined interval.

14. The computer implemented method of claim 10, wherein the data structure is a bloom filter.

9. … the data structure is a bloom filter.

15. The computer implemented method of claim 10, wherein the seed value is embedded in the OTP device.

12. …  wherein the device having the seed value embedded therein
16. A computing system for verifying one-time 16. A computing system for verifying one-time passwords, comprising:
memory having instructions that when executed by the provider computing system enables the provider computing system configured to:
generate a plurality of one-time password (OTP) codes based at least in part on a seed value, wherein the seed value is accessible by the provider computing system and an OTP device and is inaccessible to a verification system;
encode individuals of the plurality of OTP codes based at least in part on an identifier that indicates a predetermined event duration during which the respective OTP code is valid; and

provide a data structure containing the plurality of encoded OTP codes to the verification system to authenticate one or more access requests to one or more cloud-based resources.

16. A computer system comprising:

ach verification code having been generated by a provider computer system based at least in part on a seed value that is known to the provider computer system
2. wherein the seed value is inaccessible to the verification system



1…encoding, by the provider computer system, each OTP code of the set of OTP codes based at least in part on a time value associated with the each OTP code to yield an encoded set of OTP codes; and
providing, from the provider computer system, the data structure containing the set of encoded OTP codes to a verification system.

17. The provider computing system of claim 16, wherein the OTP device is configured to:
generate a request OTP code based on the seed value; and
provide the request OTP code to the verification system.
16. …
a matching verification code produced by a device based at least in part on a seed value embedded in the device;
receive a request to access at least one resource, the request containing a verification code.


18. The provider computing system of claim 16, wherein the verification system is configured to:
receive the data structure from the provider computing system;
receive a request OTP code a request to access one or more resources from the OTP device;

decode the plurality of OTP codes;
verify that the request OTP code matches one of the plurality of decoded OTP codes; and
authenticate the request in response to verifying the request OTP code.
16. …
receive a set of verification codes associated with a first predetermined interval,

receive a request to access at least one resource, the request containing a verification code

authenticate the request to access the at least one resource based at least in part on matching the verification code contained in the request to at least one verification code in the set of verification codes.

19. The provider computing system of claim 16, wherein the data structure is a bloom filter.

19. … wherein the data structure is a bloom filter.
20. The provider computing system of claim 16, wherein the memory having the instructions that when executed by the provider computing system further enables the provider computing system to:
provide the seed value to the OTP device.
16 … a seed value embedded in the device




Claim Rejections - 35 USC § 103
The following is a quotation of pre-AIA  35 U.S.C. 103(a) which forms the basis for all obviousness rejections set forth in this Office action:
(a) A patent may not be obtained through the invention is not identically disclosed or described as set forth in section 102 of this title, if the differences between the subject matter sought to be patented and the prior art are such that the subject matter as a whole would have been obvious at the time the invention was made to a person having ordinary skill in the art to which said subject matter pertains.  Patentability shall not be negatived by the manner in which the invention was made.


Claims 1-7, 9-10, 12-13, 16-18 and 20 are rejected pre-AIA  35 U.S.C. 102(b) as being anticipated by Brainard et al. (Pub. No.: US 2006/0256961, hereinafter Brainard) in view of Hird (Pub. No.: 2012/0233675).
Regarding claim 1: Brainard discloses a computer implemented method for securing access in computing systems, the method comprising (Brainard - [0028]: Fig. 1):
wherein the seed value is accessible by the provider system an OTP device (Brainard - [0033]: The master seed SM 100 is a secret that is shared by the device 102 and the server 104) and inaccessible to a verification system (Brainard - [0017]: the device and the verifier can share a secret, the verifier seed, without that verifier having access to the master seed);
encoding, by the provider computer system, individuals of the plurality of OTP codes based at least in part on an identifier that indicates a predetermined event duration during which the respective OTP code is valid (Brainard - [0047]: The verifier seed is derived by application of the key derivation function to the verifier master seed SVM and the time identifier. Also see fig. 4 for plural verifier seeds. See  also [0045] and [0065]);
providing the seed value to the OTP device (Brainard - [0034]: Fig. 1, The master seed SM 100 is shared by the device 102 and the server 104, preferably in a private manner, for example over a secure communications link);
However, Brainard doesn’t expressly disclose but Hird discloses:
generating, by a provider system, a plurality of one-time password (OTP) codes based at least in part on a seed value (Hird - [0034]: an OTP generation module 330 of the password server 305 can use the user and/or device records to generate an OTP list for the client device 310 … the OTP generation module can comprise an event-based OTP application that utilizes a seed and counter), 
providing a data structure containing the plurality of encoded OTP codes to the verification system to authenticate one or more access requests to one or more cloud-based resources (Hird - [0037]: A packaging and delivery module 340 of the password server 305 can then retrieve the OTP list for the client device 310 from the OTP list records 335, package the OTP list for delivery, and download the packaged OTP list to the client device 310).
It would have been prima facie obvious to one of ordinary skill in the art at the time of the invention was made to modify the method of Brainard with Hird so that a list of OTP codes can be generated and provided to a verifier periodically based on predetermined time interval or event. The modification would allow the system to securely authenticate request OTP using the provided OTP list. 
Regarding claim 2: Brainard as modified discloses wherein the OTP device is configured to:
generate a request OTP code based on the seed value (Brainard - [0042]: The device 102 is therefore able to use the same key derivation function KDF to obtain the same verifier seed SV from the master seed SM); and
provide the request OTP code to the verification system (Brainard - [0043]: the device 102 transmitting the verifier seed SV directly to the verifier 108).
Regarding claim 3: Brainard as modified discloses wherein the verification system is configured to:
decode the plurality of OTP codes (Hird - [0035]: choose an OTP from its list);
verify that the request OTP code matches one of the plurality of decoded OTP codes; and
authenticate a request to access one or more resources in response to verifying the request OTP code (Brainard - [0051]: Once transmitted to the verifier, the secret shared by the verifier 108 and the device 102, the verifier seed SV, can be used by the verifier for authentication). 
	The reason for combination is similar as claim 1.
Regarding claim 4: Brainard as modified discloses wherein the verification system is further configured to:
identify a current time (Hird - [0035]: the client can determine the current time), wherein decoding the plurality of OTP is based on the current time (Hird - [0035]: Using either an explicit mapping from the time to the list, or an offset calculation based on the elapsed time since an agreed starting point, the client can select the appropriate OTP from the list).
The reason for combine is similar as claim 1.
Regarding claim 5: Brainard as modified discloses wherein the event duration is a time interval that the respective code is valid (Brainard - [0045]: the verifier seed SV is specific to a specific time or time period).
Regarding claim 6: Brainard as modified discloses wherein the encoding is a hash function (Brainard - [0020]: the deriving step includes deriving the verifier seed in response to a time identifier … the key derivation function is a hash function).
Regarding claim 7: Brainard as modified discloses further comprising:
generating, by the provider system, a second plurality of OTP codes based in part at least in part on the seed value (Hird - [0034]: an OTP generation module 330 of the password server 305 can use the user and/or device records to generate an OTP list for the client device 310 … the OTP generation module can comprise an event-based OTP application that utilizes a seed and counter. [0046]: the OTP list can be continually downloaded and/or updated);
encoding, by the provider system, individuals of the second plurality of OTP codes based at least in part on a second identifier that indicates a second predetermined event duration during which the respective OTP code of the second plurality of OTP codes is valid (Brainard - [0045]: the verifier seed SV is specific to a specific time or time period, such as a second, minute, hour, day, week, month, or year, or a fraction, plurality, or combination thereof. In one such embodiment, the time or time period is represented by a time identifier. [0047]: The verifier seed is derived by application of the key derivation function to the verifier master seed SVM and the time identifier. Also see fig. 4 for plural verifier seeds which interpreted as OTP codes); and
providing a second data structure containing the second plurality of encoded OTP codes to the verification system (Hird - [0037]: A packaging and delivery module 340 of the password server 305 can then retrieve the OTP list for the client device 310 from the OTP list records 335, package the OTP list for delivery, and download the packaged OTP list to the client device 310).
The reason to combine is similar as claim 1.
Regarding claim 9: Brainard as modified discloses further comprising:
associating one of the plurality of OTP codes with a time identifier that indicates the portion a predetermined interval during which the respective OTP code is valid (Brainard - [0019]: generating an authentication code in response to the verifier seed and a time dependent value);
calculating a value of a cryptographic function based at least in part on the respective OTP code and the time identifier (Brainard - [0041]: the key derivation function PBKDF2 is used to derive a verifier seed from a master seed by using the master seed as the password P, and the concatenation of a verifier identifier and a time identifier as the salt S); and
storing the value as an entry in the data structure (Hird - [0034]: This OTP list can be saved in a set of records 335 by the password server 305).
It would have been prima facie obvious to one of ordinary skill in the art at the time of the invention was made to modify the method of Brainard with Hird so that each of the list of OTP codes is based on predetermined time interval and stored in a list data structure. The modification would allow the system to keep a list of OTPs for delivery to verification system. 

Regarding claim 10: Brainard as modified discloses:
a seed value that is inaccessible (Brainard - [0017]: the device and the verifier can share a secret, the verifier seed, without that verifier having access to the master seed),
wherein the encoded OPT codes in the data structure are encoded based on the event duration (Brainard - [0047]: The verifier seed is derived by application of the key derivation function to the verifier master seed SVM and the time identifier. Also see fig. 4 for plural verifier seeds. See  also [0045] and [0065]);
receiving a request OTP code and resource request from an OTP device (Brainard - [0042]: The device 102 is therefore able to use the same key derivation function KDF to obtain the same verifier seed SV from the master seed SM. [0043]: the device 102 transmitting the verifier seed SV directly to the verifier 108);
verifying that the request OTP code matches one of the decoded OTP codes; and authenticating the resource request based on verifying the request OTP (Brainard - [0051]: Once transmitted to the verifier, the secret shared by the verifier 108 and the device 102, the verifier seed SV, can be used by the verifier for authentication).
However, Brainard doesn’t expressly disclose but Hird discloses:
requesting a plurality of OTP codes (Hird - [0037]: the user of the client device 310 can request the OTP list from the password server 305) and specifying an event duration (Hird - [0035]: a time-based OTP application contains a seed and uses a sequence of future time values (or a varying datum that corresponds in some way to future time values) to generate its OTP list);
receiving a data structure containing a plurality of encoded OTP codes (Hird - [0037]: A packaging and delivery module 340 of the password server 305 can then retrieve the OTP list for the client device 310 from the OTP list records 335, package the OTP list for delivery, and download the packaged OTP list to the client device 310), wherein the OTP codes are generated utilizing a seed value (Hird - [0034]: an OTP generation module 330 of the password server 305 can use the user and/or device records to generate an OTP list for the client device 310 … the OTP generation module can comprise an event-based OTP application that utilizes a seed and counter); 
decoding the encoded data structure to identify a plurality of decoded OTP codes utilizing the event duration (Hird - [0035]: When the client, in the future (possibly a year from now), needs to choose an OTP from its list, and submit it, the client can determine the current time (to within a drift window). Using either an explicit mapping from the time to the list, or an offset calculation based on the elapsed time since an agreed starting point, the client can select the appropriate OTP from the list);
It would have been prima facie obvious to one of ordinary skill in the art at the time of the invention was made to modify the method of Brainard with Hird so that a list of OTP codes generated is received and decoded for securely authenticating request OTP. 

Regarding claim 12: Brainard as modified discloses sending verification materials in response to authenticating the resource request (Brainard - [0043]: To authenticate with the verifier 108, the device 102 uses the verifier seed Sv that is shared by the device 102 and the verifier 108. In one embodiment, the authentication is accomplished by the device 102 transmitting the verifier seed Sv directly to the verifier 108).
Regarding claim 13: Brainard as modified discloses wherein the verification materials are valid for an interval (Hird - [0042]: Key material usually has a pre-determined lifetime, for security reasons).
The reason for combine is same as claim 10.

Regarding claim 16: Brainard discloses a computing system for verifying one-time passwords, comprising:
memory (Brainard - [0024]: a verifier includes a data store for storing a verifier seed associated with a device) having instructions that when executed by the provider computing system enables the provider computing system:
wherein the seed value is accessible by the provider computing system and an OTP device (Brainard - [0033]: The master seed SM 100 is a secret that is shared by the device 102 and the server 104) and inaccessible to a verification system (Brainard - [0017]: the device and the verifier can share a secret, the verifier seed, without that verifier having access to the master seed);
encode individuals of the plurality of OTP codes based at least in part on an identifier that indicates a predetermined event duration during which the respective OTP code is valid (Brainard - [0047]: The verifier seed is derived by application of the key derivation function to the verifier master seed SVM and the time identifier. Also see fig. 4 for plural verifier seeds. See  also [0045] and [0065]); 
However, Brainard doesn’t expressly disclose but Hird discloses:
generate a plurality of one-time password (OTP) codes based at least in part on a seed value, (Hird - [0034]: an OTP generation module 330 of the password server 305 can use the user and/or device records to generate an OTP list for the client device 310 … the OTP generation module can comprise an event-based OTP application that utilizes a seed and counter); 
provide a data structure containing the plurality of encoded OTP codes to the verification system to authenticate one or more access requests to one or more cloud-based resources (Hird - [0037]: A packaging and delivery module 340 of the password server 305 can then retrieve the OTP list for the client device 310 from the OTP list records 335, package the OTP list for delivery, and download the packaged OTP list to the client device 310).
It would have been prima facie obvious to one of ordinary skill in the art at the time of the invention was made to modify the method of Brainard with Hird so that each of the list of OTP codes is based on predetermined time interval and stored in a list data structure. The modification would allow the system to keep a list of OTPs for delivery to verification system. 
Regarding claim 17: Brainard as modified discloses wherein the OTP device is configured to:
generate a request OTP code based on the seed value (Brainard - [0042]: The device 102 is therefore able to use the same key derivation function KDF to obtain the same verifier seed SV from the master seed SM); and
provide the request OTP code to the verification system (Brainard - [0043]: the device 102 transmitting the verifier seed SV directly to the verifier 108).
Regarding claim 18: Brainard as modified discloses wherein the verification system is configured to:
receive the data structure from the provider computing system (Hird - [0037]: A packaging and delivery module 340 of the password server 305 can then retrieve the OTP list for the client device 310 from the OTP list records 335, package the OTP list for delivery, and download the packaged OTP list to the client device 310);
receive a request OTP code a request to access one or more resources from the OTP device (Brainard - [0043]: the device 102 transmitting the verifier seed SV directly to the verifier 108); 
decode the plurality of OTP codes (Hird - [0035]: When the client, in the future (possibly a year from now), needs to choose an OTP from its list, and submit it, the client can determine the current time (to within a drift window). Using either an explicit mapping from the time to the list, or an offset calculation based on the elapsed time since an agreed starting point, the client can select the appropriate OTP from the list);
verify that the request OTP code matches one of the plurality of decoded OTP codes; and authenticate the request in response to verifying the request OTP code (Brainard - [0051]: Once transmitted to the verifier, the secret shared by the verifier 108 and the device 102, the verifier seed SV, can be used by the verifier for authentication).
It would have been prima facie obvious to one of ordinary skill in the art at the time of the invention was made to modify the method of Brainard with Hird so that a list of OTP codes generated is received and decoded for securely authenticating request OTP. 
Regarding claim 20: Brainard as modified discloses wherein the memory having the instructions that when executed by the provider computing system further enables the provider computing system to: provide the seed value to the OTP device (Brainard - [0034]: Fig. 1, The master seed SM 100 is shared by the device 102 and the server 104, preferably in a private manner, for example over a secure communications link).

Claims 14 and 19 rejected under 35 U.S.C. 103(a) as being unpatentable over Brainard et al. (Pub. No.: US 2006/0256961, hereinafter Brainard) in view of Hird (Pub. No.: 2012/0233675) and Wang et al. (Patent US 2009/0182726, hereinafter Wang). 
Regarding claims 14 and 19: Brainard as modified doesn’t expressly teach but Wang discloses wherein the data structure is a bloom filter (Wang - [0008]: Figure 4 is a block diagram illustrating an embodiment of a partitioned Bloom filter for storing access history information).
Therefore, it would have been obvious to one of ordinary skill in the art at the time of the invention was made to combine Brainard and Hird’s invention with Wang because a bloom filter is a space-efficient probabilistic data structure that is used to test whether an element is a member of a set (Wang - [0018]).

Claim 15 rejected under 35 U.S.C. 103(a) as being unpatentable over Brainard et al. (Pub. No.: US 2006/0256961, hereinafter Brainard) in view of Hird (Pub. No.: 2012/0233675) and Tan (Pub. No.: US 2010/0017330). 
Regarding claim 15: Brainard as modified doesn’t expressly teach but Tan discloses wherein the seed value is embedded in the OTP device (Tan - [0031]: A management system used in conjunction with the hardware token is also in possession of the secrets stored in the device and it is able to compute the expected authentication code);
Therefore, it would have been obvious to one of ordinary skill in the art at the time of the invention was made to combine Brainard and Hird’s invention with Tan so that the secret can be embedded in the device for improved security.

Allowable Subject Matter
Claims 8 and 11 are objected to as being dependent upon a rejected base claim, but would be allowable if rewritten in independent form including all of the limitations of the base claim and any intervening claims. 

Conclusion
THIS ACTION IS MADE FINAL.  Applicant is reminded of the extension of time policy as set forth in 37 CFR 1.136(a).  
A shortened statutory period for reply to this final action is set to expire THREE MONTHS from the mailing date of this action.  In the event a first reply is filed within TWO MONTHS of the mailing date of this final action and the advisory action is not mailed until after the end of the THREE-MONTH shortened statutory period, then the shortened statutory period will expire on the date the advisory action is mailed, and any extension fee pursuant to 37 CFR 1.136(a) will be calculated from the mailing date of the advisory action.  In no event, however, will the statutory period for reply expire later than SIX MONTHS from the mailing date of this final action. 
The prior art made of record and not relied upon is considered pertinent to applicant's disclosure.
Jeung (Pub. No.: US 2009/0316903) - Time sync-type otp generation device and method for mobile phones
Ong et al. (Pub. No.: US 2006/0083228) - One time passcode system
Any inquiry concerning this communication or earlier communications from the examiner should be directed to MENG LI whose telephone number is (571)272-8729.  The examiner can normally be reached on M-F 8:30-5:30.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Kristine Kincaid can be reached on (571) 272-4063.  The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system.  Status information for published applications may be obtained from either Private PAIR or Public PAIR.  Status information for unpublished applications is available through Private PAIR only.  For more information about the PAIR system, see http://pair-direct.uspto.gov. Should you have questions on access to the Private PAIR system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative or access to the automated information system, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.




/MENG LI/Primary Examiner, Art Unit 2437