DETAILED ACTION

Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .

Continued Examination Under 37 CFR 1.114
A request for continued examination under 37 CFR 1.114, including the fee set forth in 37 CFR 1.17(e), was filed in this application after final rejection.  Since this application is eligible for continued examination under 37 CFR 1.114, and the fee set forth in 37 CFR 1.17(e) has been timely paid, the finality of the previous Office action has been withdrawn pursuant to 37 CFR 1.114.  Applicant's submission filed on 6/15/22 has been entered.

Claims 1-3, 10-22 are pending.  Claims 4-9 have been cancelled.  Claims 1-3 have been amended. Claims 10-22 have been added 

Response to Amendment

Applicant’s amendments to claims 1-3 have been considered and are accepted.  The Examiner finds that applicant's amendments do have support in applicant's as-filed disclosure.

Response to Arguments

Applicant’s arguments filed 6/15/22 been fully considered but they are not persuasive.
In light of applicant’s claim amendments, the rejections under 35 USC § 112  are withdrawn.
Applicant’s arguments regarding the rejections of the claims under the prior art have been fully considered.  However, those arguments are rendered moot in light of the new grounds of rejection outlined below, which were necessitated by the applicant's amendment.

Claim Rejections - 35 USC § 102
The following is a quotation of the appropriate paragraphs of 35 U.S.C. 102 that form the basis for the rejections under this section made in this Office action:
A person shall be entitled to a patent unless –

(a)(1) the claimed invention was patented, described in a printed publication, or in public use, on sale, or otherwise available to the public before the effective filing date of the claimed invention.


Claims 1-3, 10-22 are rejected under 35 U.S.C. 102(a)(1) as being anticipated by Zeljkovic et al. (US Pub. 20130097682 A1).

Zelikovic discloses the following limitations:

1. (Currently amended) A computer-implemented method of authentication comprising:
receiving from a user device a request for access to a web service (Fig. 1, authentication server/provider server; para. 41- The provider server 108 is configured to provide a service, such as an online service that provides access to sensitive information including, but not limited to, bank account information, medical information, and other online account information such as for online shopping, online gaming, and/or social networking. As such, the provider server 108, in some embodiments, hosts a website, which includes one or more web pages that provides access to various features of the service. The web pages may include a web application or other user interface to facilitate user login, such as by a user name or user identification ("ID") and password to access the services.), wherein the request for access comprises login information (para. 80- At operation 709, the mobile device 102 sends the device ID to the authentication server 106 over the data session. If the device ID does not match the device ID stored in the user profile associated with a user ID entered to initiate the authentication request, the user authentication procedure 700 can end. Alternatively, a message can be sent to the mobile device 102 stating that authentication has failed. If, however, the device ID matches the device ID stored in the user profile associated with a user ID entered to initiate the authentication request, the MFA application 120 may display a prompt for the user's PIN. Other authentication credentials such as a password may be used in lieu of or in addition to the PIN.); 
sending, from the web service to the user device, a response comprising a pseudo-randomly generated authentication token (para. 81- At operation 710, the MFA application 120 receives the PIN. At operation 712, the MFA application 120 generates an authenticate-PIN message including the PIN and sends the authenticate-PIN message to the authentication server 106. At operation 714, the authentication server 106 generates a sample phrase message including a sample phrase for use in authenticating the user via voice recognition utilizing the voice print created during the voice enrollment procedure 600. In some embodiments, the sample phrase includes a random phrase. In some embodiments, the sample phrase includes a phrase which the user has been asked to speak during the voice enrollment procedure 600. In some embodiments, the sample phrase includes a phrase with one or more missing words which are to be filled in when spoken by the user. In these embodiments, the sample phrase may be a rewording of a challenge question as a statement in which the one or more missing words are required to be the same as the answer to the challenge question as saved in the user profile for the user. In some embodiments, the sample phrase message includes multiple phrases. In some embodiments, the sample phrase message includes instructions for the MFA application 120 to prompt the user to speak the multiple phrases in a particular order.); 
generating an audio output based upon the pseudo-randomly generated authentication token (Fig. 9, para. 91- an option button 914 to hear the phrase 912 read aloud, and a tap to speak button 916, the selection of which initiates recording via a microphone of the mobile device 102.); 
detecting, at a voice assistant device, the audio output (para. 82- At operation 718, the MFA application 120 generates a sample phrase input message including the speech input provided by the user and sends the sample phrase input message to the authentication server 106; para. 91- Recording may alternatively be initiated upon hearing the user speak, in which case the tap to speak 916 may or may not be shown in the voiceprint matching user interface 908. After speaks the phrase the user may or may not receive an indication that recording is complete, and may or may not receive additional prompts indicating the progress of the authentication procedure.; para. 34- he MFA service client application 120 is configured to provide a user interface through which a user can provide information for use in authenticating the user to access a service. In some embodiments, such as the embodiment illustrated and described with reference to FIG. 9,); 
transmitting the detected audio output from the voice assistant device to the web service (para. 82- At operation 718, the MFA application 120 generates a sample phrase input message including the speech input provided by the user and sends the sample phrase input message to the authentication server 106. At operation 720, the authentication server 106 generates a speech recognition request and sends the speech recognition request to the speech server 114. The speech recognition request includes the speech input received in the sample phrase input message. In some embodiments, the authentication server 106 is configured to communicate with the speech server 114 via a speech proxy server 112 (not shown in FIG. 7). The speech proxy server 112 is described above with reference to FIG. 1.); 
transcribing the detected audio output at the web service (para. 44- The speech server 114 includes a speech recognition engine (not shown) that is configured to utilize acoustic and language models to process speech input to, for example, determine if the speech input is the same as a voice print created for a user during a voice enrollment procedure described herein below with reference to FIG. 6. In some embodiments, the speech recognition engine is stored in the mobile device 102.); and 
authenticating the user device, using two-factor authentication, wherein a first factor credential comprises the login information (Fig. 7, 712) and a second factor  comprises the transcription of the detected audio output, (para. 83- At operation 722, the speech server 114 generates a speech recognition response including a result of the comparison indicating whether or not the speech input matches the voice print and sends the speech recognition response to the authentication server 106.).

2. (Currently amended) The method of claim 1, wherein the authentication token comprises an audio file and generating the audio output comprises: playing the audio file on a speaker of the user device to the voice assistant enabled device. (Fig. 9)

3. (Currently amended) The method of claim 1, wherein the authentication token comprises a phrase and the method further comprises: displaying text representing the phrase on the user device, and reading aloud the phrase, by a user, to the voice assistant device. (Fig. 9)

4-9. (Canceled)

10. (New) The method of claim 1, wherein the voice assistant device also transmits metadata about the voice assistant device to the web service. (para. 26; Fig. 7)

11. (New) A computer-implemented method of authentication comprising: 
receiving from a user device a request for access to a web service (Fig. 1, authentication server/provider server; para. 41- The provider server 108 is configured to provide a service, such as an online service that provides access to sensitive information including, but not limited to, bank account information, medical information, and other online account information such as for online shopping, online gaming, and/or social networking. As such, the provider server 108, in some embodiments, hosts a website, which includes one or more web pages that provides access to various features of the service. The web pages may include a web application or other user interface to facilitate user login, such as by a user name or user identification ("ID") and password to access the services.), wherein the request for access comprises login information (para. 80- At operation 709, the mobile device 102 sends the device ID to the authentication server 106 over the data session. If the device ID does not match the device ID stored in the user profile associated with a user ID entered to initiate the authentication request, the user authentication procedure 700 can end. Alternatively, a message can be sent to the mobile device 102 stating that authentication has failed. If, however, the device ID matches the device ID stored in the user profile associated with a user ID entered to initiate the authentication request, the MFA application 120 may display a prompt for the user's PIN. Other authentication credentials such as a password may be used in lieu of or in addition to the PIN.); 
sending, from the web service to the user device, a response comprising a pseudo-randomly generated authentication token (para. 81- At operation 710, the MFA application 120 receives the PIN. At operation 712, the MFA application 120 generates an authenticate-PIN message including the PIN and sends the authenticate-PIN message to the authentication server 106. At operation 714, the authentication server 106 generates a sample phrase message including a sample phrase for use in authenticating the user via voice recognition utilizing the voice print created during the voice enrollment procedure 600. In some embodiments, the sample phrase includes a random phrase. In some embodiments, the sample phrase includes a phrase which the user has been asked to speak during the voice enrollment procedure 600. In some embodiments, the sample phrase includes a phrase with one or more missing words which are to be filled in when spoken by the user. In these embodiments, the sample phrase may be a rewording of a challenge question as a statement in which the one or more missing words are required to be the same as the answer to the challenge question as saved in the user profile for the user. In some embodiments, the sample phrase message includes multiple phrases. In some embodiments, the sample phrase message includes instructions for the MFA application 120 to prompt the user to speak the multiple phrases in a particular order.); 
generating an audio output based upon the pseudo-randomly generated authentication token (Fig. 9, para. 91- an option button 914 to hear the phrase 912 read aloud, and a tap to speak button 916, the selection of which initiates recording via a microphone of the mobile device 102.); 
detecting, at a voice assistant device, the audio output (para. 82- At operation 718, the MFA application 120 generates a sample phrase input message including the speech input provided by the user and sends the sample phrase input message to the authentication server 106; para. 91- Recording may alternatively be initiated upon hearing the user speak, in which case the tap to speak 916 may or may not be shown in the voiceprint matching user interface 908. After speaks the phrase the user may or may not receive an indication that recording is complete, and may or may not receive additional prompts indicating the progress of the authentication procedure.); 
transcribing the detected audio output at the voice assistant device (para. 73- the MFA service client application 120 converts the spoken answer to text utilizing a speech-to-text application built-in to the MFA service client application 120 or otherwise made available on the mobile device 102 via the operating system or some other application. In these embodiments, the MFA service client application 120 generates a query including the spoken answer as converted to text and sends the query to the authentication server 106, which checks the text against the answer provided in the user profile created during the pre-registration procedure 300. In other embodiments, the MFA service client application 120 sends the spoken answer to the authentication server 106, which utilizes the speech server 114 to determine if the spoken answer matches the answer provided in the user profile created during the pre-registration procedure 300); 
transmitting a transcription of the detected audio output from the voice assistant device to the web service (para. 73- the MFA service client application 120 converts the spoken answer to text utilizing a speech-to-text application built-in to the MFA service client application 120 or otherwise made available on the mobile device 102 via the operating system or some other application. In these embodiments, the MFA service client application 120 generates a query including the spoken answer as converted to text and sends the query to the authentication server 106, which checks the text against the answer provided in the user profile created during the pre-registration procedure 300. In other embodiments, the MFA service client application 120 sends the spoken answer to the authentication server 106, which utilizes the speech server 114 to determine if the spoken answer matches the answer provided in the user profile created during the pre-registration procedure 300); and 
authenticating the user device, using two-factor authentication, wherein a first factor comprises the login information (Fig. 7, 712) and a second factor comprises the transcription of the detected audio output. (para. 83- At operation 722, the speech server 114 generates a speech recognition response including a result of the comparison indicating whether or not the speech input matches the voice print and sends the speech recognition response to the authentication server 106.)

12. (New) The method of claim 11, wherein the authentication token comprises an audio file and generating the audio output comprises playing the audio file on a speaker of the user device to the voice assistant device. (Fig. 9)

13. (New) The method of claim 11, wherein the authentication token comprises a phrase and the method further comprises: displaying text representing the phrase on the user device; and reading aloud the phrase, by a user, to the voice assistant device. (Fig. 9)

14. (New) The method of claim 11, wherein the voice assistant device also transmits metadata about the voice assistant device to the web service. (para. 26; Fig. 7)

Regarding claims  15-19, they are rejected as applied to claims 1-3, 10-14 because a corresponding system would have been necessitated to carry forth the method steps of claim 1-3, 10-14.  The applied prior art also discloses the corresponding architecture.  

Conclusion
Any inquiry concerning this communication or earlier communications from the examiner should be directed to WILLIAM A CORUM JR whose telephone number is (303)297-4234. The examiner can normally be reached Mon. - Fri. 8 AM - 5 PM EST.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Jeffrey Pwu can be reached on (571)272-6798. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. Visit https://www.uspto.gov/patents/apply/patent-center for more information about Patent Center and https://www.uspto.gov/patents/docx for information about filing in DOCX format. For additional questions, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.





/WILLIAM A CORUM JR/            Examiner, Art Unit 2433       

/JEFFREY C PWU/           Supervisory Patent Examiner, Art Unit 2433