DETAILED ACTION
Acknowledgements
This office action is in response to the claims filed 03/08/2022.
Claims 1, 4, 6, 9, 10, 13, 15 and 18 are amended.
Claims 5, 7, 14 and 16 are cancelled.
Claims 19 and 20 are new.
Claims 1-4, 6, 8-13, 15, and 17-20 are pending.
Claims 1-4, 6, 8-13, 15, and 17-20 have been examined.

Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA . 

Specification
The disclosure is objected to because of the following informalities: The drawings of Figure 3 and the disclosure ¶ 27 do not appear to correlate the same information.  Appropriate correction is required.

Response to Arguments
Applicant's arguments filed 03/08/2022 have been fully considered but they are not persuasive. 
101
Due to Applicant’s amendments, the prior 101 rejection is withdrawn.
112
Due to Applicant’s amendments, the prior 112 rejection is withdrawn.
103
Bastide teaches by comparing the plurality of image pixels to the plurality of digital representation pixels, wherein the comparison comprises the steps of: calculating a distance between each pixel of the plurality of image pixels to each pixel of the plurality of digital representation pixels, calculating a sum of the distances between each pixel of the plurality of image pixels and each pixel of the plurality of digital representation pixels, and, comparing the sum to a threshold, and if the sum is less than the threshold, determining that the digital representation matches the image (Figure 6; ¶ 38, 39, 44, 50-53, 60-63) 2Application No.: 16/567,750PATENT 
Claim Interpretation – Disclosure(¶ 34), “ In some embodiments, a comparison may be made pixel by pixel. The distance from the actual pixel to the drawn pixel may be calculated and summed. If the drawing 244 was a perfect copy of the image 240, the sum may be 0. Similarly, the number of drawn in pixels may be compared to the pixels that should be blank and the difference may also be summed.”
Bastide -  For example, the physician may physically write the patient name 506, prescription issue date 508, drug information 510, quantity 518 per refill, number of refills 520, on the prescription 502 and may sign the prescription 502 with a signature 522. The hardcopy of prescription 502 may then be scanned by scanning device 410 to generate prescription data 412 which may be stored in memory 406…. digital image of the prescription generated by the prescription verification device 420 may be compared to a digital image of the prescription generated by prescription entry device 402… In some aspects, for example, the prescription verification device 420 may compare the digital images using pixel comparison techniques and may set a maximum difference threshold for the pixel comparison. For example, a non-limiting maximum difference threshold between the digital images of the prescription may be set at 3%, e.g., the pixels of the digital images of the prescription may differ by no more than 3%. In some aspects, a maximum difference threshold may also or alternatively be defined separately for each key region of the prescription, e.g., 3% for a first key region, 1% for a second key region, 2% for a third key region, 30% for a fourth key region, etc. (¶ 39, 50) 2Application No.: 16/567,750PATENT

Therefore, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to combine Reading(column 1, line 44-46), which teaches “CAPTCHAs have also evolved in an attempt to improve the security that they provide”, Leonetti(Page 19, line 14-17) “the identity provider 107 checks the PIN 404 and, if this corresponds to the encrypted PIN previously entered in the QR code 403 and sent to the browser in step 412, the authentication is successful” and Bastide(Abstract), which teaches “comparing the first prescription data to the second prescription data, for example, using pixel comparison” in order to prevent against medical user fraud by image comparison (Bastide; ¶ 1-8).

Claim Rejections - 35 USC § 112
The following is a quotation of the first paragraph of 35 U.S.C. 112(a):
(a) IN GENERAL.—The specification shall contain a written description of the invention, and of the manner and process of making and using it, in such full, clear, concise, and exact terms as to enable any person skilled in the art to which it pertains, or with which it is most nearly connected, to make and use the same, and shall set forth the best mode contemplated by the inventor or joint inventor of carrying out the invention.

The following is a quotation of the first paragraph of pre-AIA  35 U.S.C. 112:
The specification shall contain a written description of the invention, and of the manner and process of making and using it, in such full, clear, concise, and exact terms as to enable any person skilled in the art to which it pertains, or with which it is most nearly connected, to make and use the same, and shall set forth the best mode contemplated by the inventor of carrying out his invention.

Claims 1-4, 6, 8-13, 15, and 17-20  are rejected under 35 U.S.C. 112(a) or 35 U.S.C. 112 (pre-AIA ), first paragraph, as failing to comply with the written description requirement. The claim(s) contains subject matter which was not described in the specification in such a way as to reasonably convey to one skilled in the relevant art that the inventor or a joint inventor, or for applications subject to pre-AIA  35 U.S.C. 112, the inventor(s), at the time the application was filed, had possession of the claimed invention. 
Claims 1 and 10 recite “receiving, at the authentication server, from the first computing device, a selection from the user to use a system to complete a transaction… communicating, over the communications channel, the image to the first computing device… receiving, at the authentication server, from the second computing device a digital representation entered by the user representing the image and a PIN, wherein the digital representation comprises a plurality of digital representation pixels”. According to the disclosure (Figure 3; ¶ 27), “At block 315, an image 240 may be communicated to the first computing device 250. As mentioned previously, the image 240 may be re-drawn by a user on a registered device 104 as proof that the user is present and authorizes the transaction. ” First the disclosure does not provide support for the entity enacting the claimed step over a communication channel. Secondly, the disclosure and drawings contains two different sets of information. In the disclosure the image may be communicated to the first communication device and in the drawings the image is communicated to the second device. Additionally, the limitations recited the first computing device sending the image. The disclosure does not provide support for “receiving, at the authentication server, from the first computing device, a selection from the user to use a system to complete a transaction… communicating, over the communications channel, the image to the first computing device… receiving, at the authentication server, from the second computing device a digital representation entered by the user representing the image and a PIN”. Dependent claims 2-4, 6, 8, 9, 11-13, 15, and 17-20 are also rejected.

    PNG
    media_image1.png
    377
    411
    media_image1.png
    Greyscale

The following is a quotation of 35 U.S.C. 112(b):
(b)  CONCLUSION.—The specification shall conclude with one or more claims particularly pointing out and distinctly claiming the subject matter which the inventor or a joint inventor regards as the invention.


The following is a quotation of 35 U.S.C. 112 (pre-AIA ), second paragraph:
The specification shall conclude with one or more claims particularly pointing out and distinctly claiming the subject matter which the applicant regards as his invention.


Claims 1-4, 6, 8-13, 15, and 17-20 are  rejected under 35 U.S.C. 112(b) or 35 U.S.C. 112 (pre-AIA ), second paragraph, as being indefinite for failing to particularly point out and distinctly claim the subject matter which the inventor or a joint inventor, or for pre-AIA  the applicant regards as the invention.
Claims 1 and 10 recite “receiving, at the authentication server, from the first computing device, a selection from the user to use a system to complete a transaction… communicating, over the communications channel, the image to the first computing device”. The claims are unclear and indefinite as to what entity is performing the claimed step and why the first computing device is receiving the image, given that the first computing device sent the same image to the authentication server. The claims are unclear and indefinite. Dependent claims 2-4, 6, 8, 9, 11-13, 15, and 17-20 are also rejected. 
Claim Rejections - 35 USC § 103
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.

Claims 1-4, 6, 8-13, 15, and 17-20 are rejected under 35 U.S.C. 103 as being unpatentable over Reading et al. (US 10438225) (“Reading”), in view of Leonetti et al. (WO 2018/198036) (“Leonetti”) and further in view of Bastide et al. (US 20180121620) (“Bastide”).
Regarding claims 1 and 10, Reading discloses receiving, at an authentication server, a plurality of drawings of an object from a user via a first computing device over a communications channel, wherein the plurality of drawings of the object are used as an image for authentication, and wherein the image comprises a plurality of image pixels (column 10, line 1-10, column 16, line 44-67, column 17, line 1-67, column 18, line 10-17, column 26, line 16-67); 
Reading – The security check displayed on the webpage 300 may contain a presentation of the items such as a graphical representation of the items, which could be text and/or a drawing, photograph, description, identification number, trademark, video clip, audio clip or any other representation capable of representing the items.…For example, the security check 508 may require the customer to draw a figure on the second device 514 using a touchscreen connected to the second device 514. (column 10, line 1-10, column 16, line 44-67)

storing, at the authentication server, a shared electronic key (column 17, line 58-67, column 18, line 10-17); 
Reading – In another example, the override may include a key generated by an application executed by the second device 514 and the customer may enter the key into the first device which causes the first device to transmit the key to one or more services of the online retailer.  (column 18, line 10-17)

communicating, from the authentication server over the communications channel, to an application on a second computing device a copy of the shared electronic key (column 18, line 10-22); 
Reading – The key may also be provided to the customer by one or more services of the online retailer in response to a request transmitted from the second device.  (column 18, line 10-22)

receiving, at the authentication server, from the first computing device, a selection from the user to use a system to complete a transaction (column 16, line 5-43, column 18, line 39-64); 
Claim Interpretation – Disclosure(¶ 24, 25), “At block 305 , a copy of the shared electronic key 230 may be communicated to an app on a second or portable computing device 104 which also may be a registered device 104. …[ 0025 ] At block 310 , a communication may be received from a first computing device 250 making a selection to use a system to complete a transaction”. Note occurrence. 
Reading – the webpage 502 may be displayed by a first computing device operated by a customer. The webpage 502 may contain detailed information corresponding to an item 506 for purchase and may also include a graphical user element configured as a “buy” button 504….  For example, when the customer selects the buy button 504 it may cause the application displaying the webpage 502 to transmit an HTTP request to one or more servers of the online retailers, the one or more servers of the online retailer may, based at least in part on the HTTP request, redirect the HTTP request to the CAPTCHA service… A customer may operate the first device 602 in order to access a website operated by an online retailer. The customer may access the website through a web browser or other application executed by the first device 602, such as the web browser described above in connection with FIG. 5. The first device 602 may transmit one or more requests to the online retailer.  (column 16, line 8-43, column 18, line 39-64)

communicating, over the communications channel, the image to the first computing device (column 25, line 61-67, column 26, line 1-15); 
Reading – The CAPTCHA service may also transmit in response to the particular request one or more graphical user elements that enable selection of a particular type of security check to transmit to the first device. For example, the requestor may not have access to any of the devices previously registered with the online retailer, the CAPTCHA service may allow the requestor to receive a security check on the first device determined to be more difficult than the security check that would have been transmitted to the second device. (column 25, line 61-67, column 26, line 1-15)

receiving, at the authentication server, from the second computing device a digital representation entered by the user representing the image and a PIN, wherein the digital representation comprises a plurality of digital representation pixels (column 7, line 7-30, column 16, line 55-67, column 17, line 1-67, column 18, line 1-22, column 26, line 53-67, column 27, line 1,2);
Reading –  For example, the security check 508 may require the customer to draw a figure on the second device 514 using a touchscreen connected to the second device 514…. the override may include a unique fingerprint associated with the second device 514 based at least in part on the set of sensors connected to the second device 514. In another example, the override may include a key generated by an application executed by the second device 514 and the customer may enter the key into the first device which causes the first device to transmit the key to one or more services of the online retailer… Other variations of process 1000 in accordance with the present disclosure may include transmitting additional information to the second device and requiring the customer to input the additional information received by the second device into the first device before the request may be processed. For example, a security code may be transmitted to the second device in response to a correctly solved security check and the online retailer may require the code to be entered into a webpage displayed on the first device before the request may be processed.   (column 16, line 55-67, column 18, line 1-22, column 26, line 53-67, column 27, line 1,2)

determining, via the authentication server, if the digital representation entered by the user on the second computing device matches the image communicated to the first computing device (column 13, line 41-57, column 20, line 1-15, column 21, line 62-67, column 26, line 27-51); 
Reading – the CAPTCHA service may cause the security check to be transmitted to the second device in response to the request. Returning to FIG. 10, in an embodiment, the process 1000 may receive a response to the security check from the second device and determine if the response is correct 1012. The CAPTCHA service or one or more other services of the online retailer may receive the response and determine if the response is correct. (column 26, line 27-51)

determining, via the authentication server, if the PIN is an expected number (column 18, line 1-22, column 26, line 53-67);
Reading – The key may then be authenticated by one or more services of the online retailer and the request may be processed if the key can be authenticated.  (column 18, line 1-22, column 26, line 53-67)

in response to determining the digital representation entered by the user matches the image and the PIN from the second computing device is the expected number, authorizing the user via the authentication server to perform an action (column 19, line 64-67, column 20, line 1-24, column 26, line 53-67, column 27, line 1,2).  
Reading – Other variations of process 1000 in accordance with the present disclosure may include transmitting additional information to the second device and requiring the customer to input the additional information received by the second device into the first device before the request may be processed. For example, a security code may be transmitted to the second device in response to a correctly solved security check and the online retailer may require the code to be entered into a webpage displayed on the first device before the request may be processed… For example, if the security check was completed successfully, the CAPTCHA service 612 may transmit an acknowledgment to the bot detection service 608 indicating that the security check was completed successfully. The bot detection service may then cause the request to be processed and may also use the acknowledgment to update the bot detection service 608.   (column 19, line 64-67, column 20, line 1-24, column 26, line 53-67, column 27, line 1,2)

Reading does not disclose PIN calculated using the copy of the shared electronic key.
Leonetti teaches PIN calculated using the copy of the shared electronic key (Abstract; Page 7, line 1-29, Page 13, line 1-18, Page 18, line  2-34, Page 19, line 5-24).
Leonetti- The symmetric key can be saved in the protected storage of the mobile device 101 and in the identity provider 107. At the next step 413 the user 100 acquires the encrypted QR code 403 with the portable device 101 and, through the software application (app) on board of the portable personal device, checks the hash (HMAC) , decrypts the content with the symmetric key and extract the PIN.(Page 19, line 5-24)

Therefore, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to combine Reading(column 1, line 44-46), which teaches “CAPTCHAs have also evolved in an attempt to improve the security that they provide”  and Leonetti(Page 19, line 14-17) “the identity provider 107 checks the PIN 404 and, if this corresponds to the encrypted PIN previously entered in the QR code 403 and sent to the browser in step 412, the authentication is successful” in order to provide authentication of users through multiple methods to reduce risk of identity theft (Leonetti; Page 1, 2).

Neither Reading nor Leonetti teaches by comparing the plurality of image pixels to the plurality of digital representation pixels, wherein the comparison comprises the steps of: calculating a distance between each pixel of the plurality of image pixels to each pixel of the plurality of digital representation pixels, calculating a sum of the distances between each pixel of the plurality of image pixels and each pixel of the plurality of digital representation pixels, and, comparing the sum to a threshold, and if the sum is less than the threshold, determining that the digital representation matches the image; 2Application No.: 16/567,750PATENT 

Bastide teaches by comparing the plurality of image pixels to the plurality of digital representation pixels, wherein the comparison comprises the steps of: calculating a distance between each pixel of the plurality of image pixels to each pixel of the plurality of digital representation pixels, calculating a sum of the distances between each pixel of the plurality of image pixels and each pixel of the plurality of digital representation pixels, and, comparing the sum to a threshold, and if the sum is less than the threshold, determining that the digital representation matches the image (Figure 6; ¶ 38, 39, 44, 50-53, 60-63) 2Application No.: 16/567,750PATENT 
Claim Interpretation – Disclosure(¶ 34), “ In some embodiments, a comparison may be made pixel by pixel. The distance from the actual pixel to the drawn pixel may be calculated and summed. If the drawing 244 was a perfect copy of the image 240, the sum may be 0. Similarly, the number of drawn in pixels may be compared to the pixels that should be blank and the difference may also be summed.”
Bastide -  For example, the physician may physically write the patient name 506, prescription issue date 508, drug information 510, quantity 518 per refill, number of refills 520, on the prescription 502 and may sign the prescription 502 with a signature 522. The hardcopy of prescription 502 may then be scanned by scanning device 410 to generate prescription data 412 which may be stored in memory 406…. digital image of the prescription generated by the prescription verification device 420 may be compared to a digital image of the prescription generated by prescription entry device 402… In some aspects, for example, the prescription verification device 420 may compare the digital images using pixel comparison techniques and may set a maximum difference threshold for the pixel comparison. For example, a non-limiting maximum difference threshold between the digital images of the prescription may be set at 3%, e.g., the pixels of the digital images of the prescription may differ by no more than 3%. In some aspects, a maximum difference threshold may also or alternatively be defined separately for each key region of the prescription, e.g., 3% for a first key region, 1% for a second key region, 2% for a third key region, 30% for a fourth key region, etc. (¶ 39, 50) 2Application No.: 16/567,750PATENT

Therefore, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to combine Reading(column 1, line 44-46), which teaches “CAPTCHAs have also evolved in an attempt to improve the security that they provide”, Leonetti(Page 19, line 14-17) “the identity provider 107 checks the PIN 404 and, if this corresponds to the encrypted PIN previously entered in the QR code 403 and sent to the browser in step 412, the authentication is successful” and Bastide(Abstract), which teaches “comparing the first prescription data to the second prescription data, for example, using pixel comparison” in order to prevent against medical user fraud by image comparison (Bastide; ¶ 1-8).
Regarding claims 2 and 11, Reading discloses wherein the system is a payment system (column 16, line 5-43, column 18, line 39-64).  
Regarding claims 3 and 12, Reading discloses wherein digital representation entered by the user representing the image is converted into a code (column 13, line 41-57, column 20, line 1-15, column 21, line 62-67, column 26, line 27-51).  
Regarding claims 4 and 13, Reading discloses wherein the image can be inputted on a mobile computing device (column 16, line 55-67, column 17, line 1-67, column 18, line 1-22, column 26, line 53-67, column 27, line 1,2).  
Regarding claims 6 and 15, Reading discloses wherein the communication channel is  a secure channel (column 19, line 1-30, column 20, line 47-62, column 21, line 13-67).  
Regarding claims 8 and 17, Reading discloses wherein the image is valid only for a current session (column 21, line 13-41).  
Regarding claims 9 and 18, Leonetti teaches verifying the application is on a registered device of the user by generating and automatically submitting a one-time PIN computed as the keyed function of a counter using hash based message authenticated code (HMAC) based on one time password algorithm(HOTP) (Abstract; Page 7, line 1-29, Page 13, line 1-18, Page 18, line  2-34, Page 19, line 5-24, column 21, line 15-36).
Regarding claim 19, Reading discloses wherein the action is a payment transaction ((column 4, line 13-43, column 18, line 23-38).  
Regarding claim 20, Reading discloses wherein the action is a reservation (column 4, line 13-43, column 9, line 41-67, column 10, line 1-19,  column 18, line 23-38).  
Conclusion
The prior art made of record and not relied upon is considered pertinent to applicant's disclosure. 
Hilger (US 8,881,251) teaches user drawings as an authentication method.
Chen (20110304618) teaches calculating disparity between images. 

THIS ACTION IS MADE FINAL.  Applicant is reminded of the extension of time policy as set forth in 37 CFR 1.136(a).  
A shortened statutory period for reply to this final action is set to expire THREE MONTHS from the mailing date of this action.  In the event a first reply is filed within TWO MONTHS of the mailing date of this final action and the advisory action is not mailed until after the end of the THREE-MONTH shortened statutory period, then the shortened statutory period will expire on the date the advisory action is mailed, and any extension fee pursuant to 37 CFR 1.136(a) will be calculated from the mailing date of the advisory action.  In no event, however, will the statutory period for reply expire later than SIX MONTHS from the mailing date of this final action. 
 Any inquiry concerning this communication or earlier communications from the examiner should be directed to ILSE I IMMANUEL whose telephone number is (469)295-9094.  The examiner can normally be reached on Monday-Friday 9:00 am to 5:00pm.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, NEHA PATEL can be reached on 571-270-1492.  The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system.  Status information for published applications may be obtained from either Private PAIR or Public PAIR.  Status information for unpublished applications is available through Private PAIR only.  For more information about the PAIR system, see http://pair-direct.uspto.gov. Should you have questions on access to the Private PAIR system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative or access to the automated information system, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.
/ILSE I IMMANUEL/Primary Examiner, Art Unit 3685