DETAILED ACTION
This action is response to communication:  response to amendments/arguments filed on 05/18/2022
Claims 1-33 are currently pending in this application.  
No new IDS has been filed for this application.
	
Response to Arguments
The prior 112 rejections have been withdrawn in response to applicant’s amendments/arguments.
Applicant’s arguments concerning the 103 rejections have been fully considered but are moot in view of new grounds of rejection.  See amended rejection below. 

Claim Rejections - 35 USC § 112
The prior 112 rejections have been withdrawn in response to applicant’s amendments and arguments. 

Claim Rejections - 35 USC § 103
In the event the determination of the status of the application as subject to AIA  35 U.S.C. 102 and 103 (or as subject to pre-AIA  35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status.  
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.

Claims 1, 2, 11, 12, 17-19, 28, and 29 are rejected under 35 U.S.C. 103 as being unpatentable over Pattar et al. US Patent Application Publication 2018/0278612 (Pattar), in view of Wang et al. US Patent Application Publication 2019/0036924 (Wang), and further in view of Craswell et al. US Patent Application Publication 2020/0084204 (Craswell).

As per claim 1, Pattar teaches an authentication system, comprising: an electronic device comprising (Figure 1 with device and storage device; see also paragraph 36 and 46): a controller having a digest table (Figure 1 and paragraph 38 with storage device and access management client; see paragraph 92 wherein secure storage/digest table storing security data); a processor coupled to the controller, and configured to execute an application program (paragraph 38 with computing device which may be a computer system); a key module coupled to the controller, and controlled by the controller (paragraph 84-92 with creating and storing security data on a storage device), wherein in a binding phase, the application program generates a digest file based on key factor information and a selection strategy, and stores the digest file and the selection strategy in the digest table (paragraphs 66 to paragraph 101 with registration process; see paragraph 89 and 92 wherein security data is created and stored on a storage device; see paragraph 89 wherein security data that is created may include a passkey (hash/digest), which is used to encrypt a public/private key pair; passkey may be based on key factor information and selection strategy such as device id, serial number, volume information, user information, etc; see further paragraph 125 wherein passkey is generated based on technique/strategy known only to access management client); wherein in a checking phase, the application program determines whether the controller corresponds to a binding device based on the digest file and the key factor information (paragraphs 118-125 with checking phase; system determines whether storage device is registered as a security device for a user; see paragraph 121-123 wherein passkey is generated based on information unique to storage device and checks if the storage device is a registered/corresponding device); when the controller corresponds to the binding device, the controller performs an authetnicaiton operation service with a server device according to the digest file corresponding to the binding device (paragarph 131 wherein if storage device is registered, the security key data may be used for authentication and secure communication to server/access management system).  
Although Pattar teaches an authentication operation, Pattar does not explicitly teach a U2F service.  Utilizing a U2F service is notoriously well known in the art.  For example, see Wang (paragraph 107 with authentication via u2F).  Further, Wang teaches that authentication may be in response to a pressing of the key module (see Wang paragraph 8 wherein U2F may include initiation of authentication via a pressing of a button).
At the time the invention was filed, it would have been obvious to one of ordinary skill in the art to combine the teachings of Pattar with Wang.  One of ordinary skill in the art would have been motivated to perform such an addition to provide solutions enabling users to log into networks without remembering a username or password (paragraph 35).
Although the Pattar combination teaches that the key module is coupled to the electronic electronic device (paragraph 46, wherein storage device may be a local storage device that is physically connected to device 104), Pattar does not explicitly teach wherein the key module is “built in” the electronic device.  This would have been obvious, if not merely a design choice.  As seen in paragraph 46 in Pattar, the reference teaches the storage deivce is local and connected to the device.  Although not explicitly “built in”, the storage device/key module is physically coupled to the electronic device.  Building a storage unit inside the device is merely a design choice and would have been obvious to one of ordinary skill in the art.  However, for a further showing of obviousness of “built-in” key modules, see Craswell (paragarph 31, with the electronic device having a key module/multi-factor  application (MFA) which generates an access code and enters it into the browser).
At the time the invention was filed, it would have been obvious to one of ordinary skill in the art combine the teachings of the Pattar combination with Craswell.  One of ordinary skill in the art would have been motivated to perform such an addition to speed up the multi-factor authentication process and to reduce errors (paragraph 16 of Craswell).

As per claim 2, it would have been obvious over the Pattar combination wherein if the controller corresponds to the binding device, at a registration phase, the controller registers with the server device for the U2F service according to the digest file (see throughout Wang with U2F service and authentication; see Pattar pragarph 93 with registration of storage device with access management system;). 
As per claim 11, it would have been obvious over the Pattar combination wherein the electronic device is not connected to an external electronic device, wherein at the binding phase, the application program generates the digest file based on the key factor information and the selection strategy of the electronic device, wherein at the checking phase, the application program determines whether the controller corresponds to the binding device based on the digest file and the key factor information of the electronic device (Wang abstract and throughout without a sim card; see rejection of claim 1 for other limitations).  
As per claim 12, the Pattar combination wherein the key factor information of the electronic device comprises an id code of the controller, an id code of an application program, and a login account of the electronic device (Pattar paragraph 89-91 with device information, serial number, volume info; see paragraph 92-93 with user information).
As per clam 17, the Pattar combination eaches wherein the controller has a storage for storing the digest table (Figure 1 and paragraph 38 with storage device and access management client; see paragraph 92 wherein secure storage/digest table storing security data).
Claim 18 is rejected using the same basis of arguments used to reject claim 1 above.
Claim 19 is rejected using the same basis of arguments used to reject claim 2 above. 
Claim 28 is rejected using the same basis of argumetns used to reject claim 11 above.
Claim 29 is rejected using the same basis of arguments used to reject claim 12 above. 

Claims 6 and 23 are rejected under 35 U.S.C. 103 as being unpatentable over the Pattar combination as applied above, and further in view of Fan et al. “U2F based Secure Mutual Authentication Protocol for Mobile Payment” (ACM May 12-14, 2017) (hereinafter Fan)
As per claim 6, it would have been obvious over the Pattar combination wherein the electronic device is connected to a mobile communication device (see Pattar paragraph 33 wherein device may be a mobile device).  However, the Pattar combination does not explicitly teachwherein at the binding phase, the application program waits for a first biometric identification confirmation result of the mobile communication device, and when the first biometric identification conformation result is pass, the application program receives the key factor information from the mobile communication device and then transmits the key factor information to the controller to generate the digest file.  However, utilizing biometric authentication before a binding phase is well known in the art.  For example, see Fan (page 4 with user unlocking M-phone with fingerprint before creation of keys during binding/registration process).
At the time the invention was filed, it would have been obvious to one of ordinary skill I the art to combine the teachings of Fan with the Pattar combination.  One of ordinary skill in the art would have been motivated to perform such an addition to create more security by guaranteeing a valid user and a reliable server (page 3 section 3.1). 
Claim 23 is rejected using the same basis of arguments used to reject claim 6 above. 

Allowable Subject Matter
Claims 3-5, 7-10, 13-16, 20-22, 24-27, and 30-33 are objected to as being dependent upon a rejected base claim, but would be allowable if rewritten in independent form including all of the limitations of the base claim and any intervening claims.
The following is a statement of reasons for the indication of allowable subject matter:  Although the above references teach many limitations of the claims, the claimed limitations, as a whole, would not have been obvious over the prior art of record. 


Conclusion
Applicant's amendment necessitated the new ground(s) of rejection presented in this Office action.  Accordingly, THIS ACTION IS MADE FINAL.  See MPEP § 706.07(a).  Applicant is reminded of the extension of time policy as set forth in 37 CFR 1.136(a).  
A shortened statutory period for reply to this final action is set to expire THREE MONTHS from the mailing date of this action.  In the event a first reply is filed within TWO MONTHS of the mailing date of this final action and the advisory action is not mailed until after the end of the THREE-MONTH shortened statutory period, then the shortened statutory period will expire on the date the advisory action is mailed, and any extension fee pursuant to 37 CFR 1.136(a) will be calculated from the mailing date of the advisory action.  In no event, however, will the statutory period for reply expire later than SIX MONTHS from the date of this final action. 
Any inquiry concerning this communication or earlier communications from the examiner should be directed to JASON KAI YIN GEE whose telephone number is (571)272-6431.  The examiner can normally be reached on Monday-Friday 8:30-5:00 PST Pacific.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Farid Homayounmehr can be reached on (571) 272-3739.  The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system.  Status information for published applications may be obtained from either Private PAIR or Public PAIR.  Status information for unpublished applications is available through Private PAIR only.  For more information about the PAIR system, see http://pair-direct.uspto.gov. Should you have questions on access to the Private PAIR system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free).

/JASON K GEE/Primary Examiner, Art Unit 2495