DETAILED ACTION

Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .

Continued Examination Under 37 CFR 1.114
A request for continued examination under 37 CFR 1.114, including the fee set forth in 37 CFR 1.17(e), was filed in this application after final rejection. Since this application is eligible for continued examination under 37 CFR 1.114, and the fee set forth in 37 CFR 1.17(e) has been timely paid, the finality of the previous Office action has been withdrawn pursuant to 37 CFR 1.114. Applicant's submission filed on 05/25/2022 has been entered.

Status of Claims
Claims 21, 23-24, 28, 30-31, 35 and 37-38 are amended.
Claims 1-20, 26 and 33 are canceled.
Claims 41-42 are new.
Claims 21-25, 27-32 and 34-42 are pending.

Response to Remarks
35 U.S.C. § 112(a)
Regarding claims 26 and 33, the standing rejections are withdrawn because claims 26 and 33 have been cancelled.
Regarding claims 23-24, 30-31 and 37-38, Applicant contends the amendments to the claims have overcome the rejections. Examiner agrees and has withdrawn the rejections.

35 U.S.C. § 112(b)
Regarding claims 26 and 33, the standing rejections are withdrawn because claims 26 and 33 have been cancelled.
Regarding claims 21, 28 and 35 not reciting the compared password hash and stored password hash matching, Examiner has withdrawn this rejection.
Regarding claim 21, 28 and 35 not reciting that a first passcode is obtained and decrypted prior to generating the second passcode, Applicant contends that obtaining and decrypting a first passcode is not directly functionally related with generating a second passcode. Applicant contends the generation of the second passcode does not first require obtaining and decrypting a first passcode, and thus generation of a second passcode does not require any portion of the first passcode. Also, Applicant cites to MPEP 2172.01 while contending the summary of the Specification (paras 3-6) omits this feature, thus the feature is non-essential. Examiner respectfully disagrees. Applicant’s Specification describes the generation of the second passcode as is in response to the plaintext (i.e. obtained and decrypted) first passcode (see para 37, "Controller 114 may pass a decryption request including the encrypted passcode (i.e. a first encrypted passcode) and the hashed account information to the crypto module 116 (step 330) and crypto module 116 may return the plaintext passcode (i.e., a first passcode) (step 332). In response to the plaintext passcode, controller 114 may generate a new passcode (i.e. a second passcode)"). Thus, the generated second passcode is functionally related to a plaintext passcode, which is the obtained and decrypted first passcode. In other words, the generated second passcode first requires an obtained and decrypted first passcode. Thus, the generated second passcode does first require a portion of the first passcode, which is the plaintext first passcode (i.e., obtained and decrypted first passcode). Also, nowhere in para 37 or any other section of Applicant’s Specification is this feature described as preferred, illustrative, or not necessary. Also, Examiner disagrees with Applicant’s argument that since the summary of the Specification omits this feature it must be non-essential, because the feature is described elsewhere in the Specification as necessary and MPEP 2172.01 is not limited to only the summary of the Specification. Thus, as claims 21, 28 and 35 do not recite that a first passcode is obtained and decrypted prior to generating the second passcode, these claims omit matter disclosed to be essential to the invention as described in the specification. The rejections are maintained.
Regarding claims 25, 32 and 39 not reciting that a transaction request be signed with the private key, Applicant contends this feature is described as preferred or illustrative in the Specification. Also, Applicant points to paras 30 and 43 in the Specification to support their argument that the features in the Specification should not be construed as essential. Applicant also contends using a second passcode to encrypt a private key is not functionally related to a transaction request be signed with the private key, thus using a second passcode to encrypt a private key does not require any portion of a transaction request being signed with the private key. Also, Applicant cites to MPEP 2172.01 while contending the summary of the Specification (paras 3-6) omits this feature, thus the feature is non-essential. Examiner respectfully disagrees. Applicant’s Specification describes that the encryption of the private key is in response to the signed transaction request (see para 38, "Browser based crypto-wallet 108 of browser 106 may sign the transaction request with the private key and browser 106 may propagate the transaction request to a transaction network (step 344). In response to signing the transaction, browser based crypto-wallet 108 may encrypt the private key"). Thus, since encryption of the private key is in response to signing the transaction, encryption of the private key is functionally related to the signed transaction request, thus encryption of the private key does require a portion of a transaction request being signed with the private key. Nowhere in para 38 or any other section of Applicant’s Specification is this feature described as preferred, illustrative, or not necessary, as Applicant contends. Also, Examiner disagrees with Applicant’s argument that since the summary of the Specification omits this feature it must be non-essential, because the feature is described elsewhere in the Specification as necessary and MPEP 2172.01 is not limited to only the summary of the Specification. Also, paras 30 and 43 of the Specification do not provide a remedy to Applicant because the underlined features of para 38 are not described also as unrelated to the signing of the transaction. Thus, as claims 25, 32 and 39 do not recite that a transaction request be signed with the private key, these claims omit matter disclosed to be essential to the invention as described in the specification. The rejections are maintained.

35 U.S.C. § 103
Applicant contends the cited references do not describe the amended claim limitation “hashing … account creation information … wherein the account creation information and the password are different values”. Examiner respectfully disagrees because the amended claim limitation is taught by reference Bhatnagar (Fig.10 item 1004; para 71-72).

Claim Objections
Claim 41 is objected to because of the following informalities. Claim 41 recites “The method of claim 20, further comprising …”. However, claim 20 has been cancelled. Appropriate correction is required. For purposes of examination, claim 41 will be interpreted as depending upon claim 21.
Claim 42 is objected to because of the following informalities. Claim 42 recites “receive account creation information …”. However, it appears the word “the” was left out by mistake prior to “account creation information.” Appropriate correction is required.


Claim Rejections - 35 USC § 112
The following is a quotation of 35 U.S.C. 112(b): 

(b)  CONCLUSION.—The specification shall conclude with one or more claims particularly pointing out and distinctly claiming the subject matter which the inventor or a joint inventor regards as the invention.

The following is a quotation of 35 U.S.C. 112 (pre-AIA ), second paragraph: 

The specification shall conclude with one or more claims particularly pointing out and distinctly claiming the subject matter which the applicant regards his invention.

Claims 21-25, 27-32 and 34-42 are rejected under 35 U.S.C. 112(b) or 35 U.S.C. 112 (pre-AIA ), second paragraph, as being indefinite for failing to particularly point out and distinctly claim the subject matter which the inventor or a joint inventor, or for pre-AIA  the applicant regards as the invention.

Unclaimed Essential Matter
Claim 21, 28 and 35 recite "generating … a passcode”. Applicant’s pre-grant publication (PGPub) discloses that it is essential that first a first passcode is obtained and decrypted prior to generating the second passcode (see para 37, "Controller 114 may pass a decryption request including the encrypted passcode (i.e. a first encrypted passcode) and the hashed account information to the crypto module 116 (step 330) and crypto module 116 may return the plaintext passcode (i.e., a first passcode) (step 332). In response to the plaintext passcode, controller 114 may generate a new passcode (i.e. a second passcode)"). Thus, the generated second passcode is functionally related to a plaintext passcode, which is the obtained and decrypted first passcode. In other words, the generated second passcode first requires an obtained and decrypted first passcode. Thus, the generated second passcode does first require a portion of the first passcode, which is the plaintext first passcode (i.e., obtained and decrypted first passcode). Nowhere in para 37 or any other section of Applicant’s Specification is this feature described as preferred, illustrative, or not necessary. Thus, as claims 21, 28 and 35 do not recite that a first passcode is obtained and decrypted prior to generating the second passcode, these claims omit matter disclosed to be essential to the invention as described in the specification. 
Claim 25, 32 and 39 recite using a second passcode to encrypt a private key. Applicant’s pre-grant publication (PGPub) discloses that it is essential that first a transaction request be signed with the private key (see para 38, "Browser based crypto-wallet 108 of browser 106 may sign the transaction request with the private key and browser 106 may propagate the transaction request to a transaction network (step 344). In response to signing the transaction, browser based crypto-wallet 108 may encrypt the private key"). Thus, since encryption of the private key is in response to signing the transaction, encryption of the private key is functionally related to the signed transaction request, thus encryption of the private key does require a portion of a transaction request being signed with the private key. Nowhere in para 38 or any other section of Applicant’s Specification is this feature described as preferred, illustrative, or not necessary. Thus, as claims 25, 32 and 39 do not recite that a transaction request be signed with the private key, these claims omit matter disclosed to be essential to the invention as described in the specification. The rejections are maintained.
Therefore, these claims omit matter disclosed to be essential to the invention as described in the specification. As such, the claims are rejected under 35 U.S.C. 112(b) or pre-AIA  35 U.S.C. 112, second paragraph, as failing to claim the subject matter that the inventor or a joint inventor (or, for applications subject to pre-AIA  35 U.S.C. 112, the applicant) regards as the invention (see, e.g., In re Collier, 397 F.2d 1003, 158 USPQ 266 (CCPA 1968)).
Claims 22-25, 27, 29-32, 34 and 36-40 are also rejected as they depend from either claims 21, 28 and 35.

Claim Rejections - 35 USC § 103
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action: 

A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.

Claims 21-23, 28-30, 35-37 and 41-42 are rejected under 35 U.S.C. 103 as being unpatentable over US 2007/0266258 A1 to Brown et al. (hereinafter “Brown”) in view of US 2007/0269041 A1 to Bhatnagar et al. (hereinafter “Bhatnagar”).

Claims 21, 28 and 35:
Brown teaches:
a computing device comprising a processor and a memory; and machine-readable instructions stored in the memory that, when executed by the processor, cause the computing device to at least (Fig.4; paras 37-51)
generating, by the security provider, a passcode (Fig.3 item 305; paras 28, 34)
encrypting, by the security provider, the passcode using the hashed account creation information as an encryption key to create an encrypted passcode (paras 30, 35)
Brown does not teach:
receiving, by a security provider, a user identifier and a password from a user device 
hashing, by the security provider, the user identifier and the password to produce a password hash
comparing, by the security provider, the password hash to a stored password hash to determine that the password hash matches the stored password hash
hashing, by the security provider, account creation information associated with the stored password hash to create hashed account creation information, wherein the account creation information and the password are different values
Bhatnagar teaches:
receiving, by a security provider, user identifier and a password from a user device (Fig.10 item 1002; para 71)
hashing, by the security provider, the user identifier and the password to produce a password hash (Fig.10 item 1004; para 72)
comparing, by the security provider, the password hash to a stored password hash to determine that the password hash matches the stored password hash (Fig.10 items 1012-1014; paras 73, 76-77)
hashing, by the security provider, account creation information associated with the stored password hash to create hashed account creation information, wherein the account creation information and the password are different values (Fig.10 item 1004; para 71-72)
Therefore, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to modify the method, system, and non-transitory computer-readable medium of Brown to include receiving user identifier and a password from a user device, hashing the user identifier and the password to produce a password hash, comparing the password hash to a stored password hash to determine that the password hash matches the stored password hash, and hashing account creation information wherein the account creation information and the password are different values , as taught by Bhatnagar, in order to improve authentication security (Bhatnagar, paras 70-77).



Claims 22, 29 and 36: 
Brown in view of Bhatnagar teach all limitations of claims 21, 28 and 35. Brown also teaches:
storing, by the security provider, the encrypted passcode in association with the account creation information (para 35)

Claims 23, 30 and 37: 
Brown in view of Bhatnagar teach all limitations of claims 21, 28 and 35. Brown also teaches:
wherein the passcode is a second passcode (Fig.3 item 305; paras 28, 34)
the encrypted passcode is an encrypted second passcode (paras 30, 35)
decrypting an encrypted first passcode stored in association with the account creation information to generate a first passcode (para 35)
returning, by the security provider, the first passcode and the encrypted second passcode to the user device (paras 25, 34)

Claims 41-42: 
Brown in view of Bhatnagar teach all limitations of claims 21 and 28. Bhatnagar also teaches:
receiving, by the security provider, account creation information comprising at least one of a username, a user address, a phone number, or an email address (Fig.10 item 1002; para 71)

Claims 24-25, 31-32 and 38-39 are rejected under 35 U.S.C. 103 as being unpatentable over Brown in view of Bhatnagar and further in view of US 2022/0027491 A1 to Wright et al. (hereinafter “Wright”).

Claims 24, 31 and 38:
Brown in view of Bhatnagar teach all limitations of claims 23, 30 and 37. Brown also teaches:
the first passcode and the encrypted second passcode are returned to the browser (paras 25, 34)
Bhatnagar also teaches:
wherein the user identifier and password are received from a browser executing on the client device (Fig.10 item 1002; para 71)
Brown in view of Bhatnagar does not teach:
via an encrypted channel
Wright teaches:
via an encrypted channel (Fig.15; paras 292-315)
Therefore, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to modify the method, system, and non-transitory computer-readable medium of Brown in view of Bhatnagar to include an encrypted channel, as taught by Wright, because use of known technique to improve similar devices (methods, or products) in the same way is obvious (see KSR).

Claims 25, 32 and 39:
Brown in view of Bhatnagar teach all limitations of claims 23, 30 and 37. Brown also teaches:
wherein the first passcode can decrypt a private key 
the second passcode can be used … to reencrypt the private key
Brown in view of Bhatnagar does not teach:
for a browser-based cryptowallet; by the browser-based cryptowallet
Wright teaches:
for a browser-based cryptowallet; by the browser-based cryptowallet (Fig.15; paras 292-315)
Therefore, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to modify the method, system, and non-transitory computer-readable medium of Brown in view of Bhatnagar to include a browser-based cryptowallet, as taught by Wright, because use of known technique to improve similar devices (methods, or products) in the same way is obvious (see KSR).

Claims 27, 34 and 40 are rejected under 35 U.S.C. 103 as being unpatentable over Brown in view of Bhatnagar and further in view of US 2020/0127992 A1 to Pham (hereinafter “Pham”).

Claims 27, 34 and 40:
Brown in view of Bhatnagar teach all limitations of claims 21, 28 and 35. Brown in view of Bhatnagar does not teach:
wherein generating the second passcode further comprises generating a random string of numbers and characters of arbitrary length according to at least one pre-established rule
Pham teaches:
wherein generating the second passcode further comprises generating a random string of numbers and characters of arbitrary length according to at least one pre-established rule (Fig.10 item 1018; para 60)
Therefore, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to modify the method, system, and non-transitory computer-readable medium of Brown in view of Bhatnagar to include generating a random string of numbers and characters of arbitrary length according to at least one pre-established rule, as taught by Pham, because use of known technique to improve similar devices (methods, or products) in the same way is obvious (see KSR).

Conclusion
Any inquiry concerning this communication or earlier communications from the examiner should be directed to Ari Shahabi whose telephone number is (571)272-2565. The examiner can normally be reached M-F: 8:00-5:00.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, John W Hayes can be reached on 571-272-6708. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. Visit https://www.uspto.gov/patents/apply/patent-center for more information about Patent Center and https://www.uspto.gov/patents/docx for information about filing in DOCX format. For additional questions, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). 

If you would like assistance from a USPTO Customer Service Representative, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.





/Ari Shahabi/Examiner, Art Unit 3685            

/JOHN W HAYES/Supervisory Patent Examiner, Art Unit 3685