DETAILED ACTION

Notice of Pre-AIA  or AIA  Status
The present application is being examined under the pre-AIA  first to invent provisions. 
Claims 1-23 were cancelled by preliminary amendment, 24-43 were added as new claims.
Priority
This application is a continuation of and claims the benefit of priority to U.S. Nonprovisional Application No. 16/776,924, filed on January 30, 2020, which is a continuation of and claims the benefit of priority to U.S. Nonprovisional Application No. 13/799,997, filed on March 13, 2013, which claims the benefit of priority to of U.S. Provisional Application Serial No. 61/610,992, filed on March 14, 2012. 
Information Disclosure Statement
The information disclosure statement (IDS) submitted on 03/09/21. The submission is in compliance with the provisions of 37 CFR 1.97.  Accordingly, the information disclosure statement is being considered by the examiner.
Double Patenting
The nonstatutory double patenting rejection is based on a judicially created doctrine grounded in public policy (a policy reflected in the statute) so as to prevent the unjustified or improper timewise extension of the “right to exclude” granted by a patent and to prevent possible harassment by multiple assignees. A nonstatutory double patenting rejection is appropriate where the conflicting claims are not identical, but at least one examined application claim is not patentably distinct from the reference claim(s) because the examined application claim is either anticipated by, or would have been obvious over, the reference claim(s). See, e.g., In re Berg, 140 F.3d 1428, 46 USPQ2d 1226 (Fed. Cir. 1998); In re Goodman, 11 F.3d 1046, 29 USPQ2d 2010 (Fed. Cir. 1993); In re Longi, 759 F.2d 887, 225 USPQ 645 (Fed. Cir. 1985); In re Van Ornum, 686 F.2d 937, 214 USPQ 761 (CCPA 1982); In re Vogel, 422 F.2d 438, 164 USPQ 619 (CCPA 1970); In re Thorington, 418 F.2d 528, 163 USPQ 644 (CCPA 1969).

A timely filed terminal disclaimer in compliance with 37 CFR 1.321(c) or 1.321(d) may be used to overcome an actual or provisional rejection based on nonstatutory double patenting provided the reference application or patent either is shown to be commonly owned with the examined application, or claims an invention made as a result of activities undertaken within the scope of a joint research agreement. See MPEP § 717.02 for applications subject to examination under the first inventor to file provisions of the AIA  as explained in MPEP § 2159. See MPEP § 2146 et seq. for applications not subject to examination under the first inventor to file provisions of the AIA . A terminal disclaimer must be signed in compliance with 37 CFR 1.321(b). 

The USPTO Internet website contains terminal disclaimer forms which may be used. Please visit www.uspto.gov/patent/patents-forms. The filing date of the application in which the form is filed determines what form (e.g., PTO/SB/25, PTO/SB/26, PTO/AIA /25, or PTO/AIA /26) should be used. A web-based eTerminal Disclaimer may be filled out completely online using web-screens. An eTerminal Disclaimer that meets all requirements is auto-processed and approved immediately upon submission. For more information about eTerminal Disclaimers, refer to www.uspto.gov/patents/process/file/efs/guidance/eTD-info-I.jsp.
Instant application 17/195,710
US patent US 10977344 B2
24. A method for online authentication, comprising: 
determining user authenticating information for authenticating the identity of a user; 




determining membership authenticating information specific to members of a particular affiliation; 



determining device authenticating information regarding a device associated with the user;



authenticating a first relying party associated with at least one of a particular program and a particular service, the user as a member of the particular affiliation based on the user authenticating information, the membership authenticating information, and/or the device authenticating information, 



wherein the first relying party is one of a network of two or more relying parties; and 






upon the user being authenticated as a member of the particular affiliation, providing a digital credential to the device of the user for access to the at least one of the particular program and the particular service of the first relying party, and for access, without any further authentication, to at least one of a particular program and a particular service of any one of the network of two or more relying parties.





1. A method for online authentication, comprising: receiving, from a user over a network at a server, user authenticating information for authenticating the identity of the user; 
storing, in an aggregate database, the received user authenticating information in association with the user; 
receiving, from the user over the network at the server, membership authenticating information specific to members of a particular affiliation; 
storing, in the aggregate database, the received membership authenticating information in association with the user;
receiving, from a device associated with the user, device authenticating information; 
storing, in the aggregate database, the device authenticating information of the device associated with the user; 
authenticating, via at least one widget that is at least one of integrated into, and accessible by, at least one of a mobile application and a website of a first relying party associated with at least one of a particular program and a particular service, the user as a member of the particular affiliation based on a comparison of the user authenticating information, the membership authenticating information, and the device authenticating information, 
wherein the first relying party is one of a network of two or more relying parties; 
storing, by the one or more servers, information regarding the user's membership in the particular affiliation in association with the user authenticating information when the user is authenticated as a member of the particular affiliation; and 
upon the user being authenticated as a member of the particular affiliation, providing a digital credential to the device of the user for access to the at least one of the particular program and the particular service of the first relying party, and for access, without any further authentication, to at least one of a particular program and a particular service of any one of the network of two or more relying parties, wherein the digital credential includes a unique identifier for the user and login information for the least one of the particular program and the particular service of the first relying party and for any of the network of two or more relying parties




Claims 24-43 rejected on the ground of nonstatutory double patenting as being unpatentable over claims 1-20 of U.S. Patent No. US 10977344 B2. Although the claims at issue are not identical, they are not patentably distinct from each other because of similar limitations with obvious variations.

Instant application 17/195,710
US patent US 10592645 B2
24. A method for online authentication, comprising: 
















determining user authenticating information for authenticating the identity of a user; 
determining membership authenticating information specific to members of a particular affiliation; 
determining device authenticating information regarding a device associated with the user;

 





























authenticating a first relying party associated with at least one of a particular program and a particular service, the user as a member of the particular affiliation based on the user authenticating information, the membership authenticating information, and/or the device authenticating information, 






wherein the first relying party is one of a network of two or more relying parties; and 













upon the user being authenticated as a member of the particular affiliation, providing a digital credential to the device of the user for access to the at least one of the particular program and the particular service of the first relying party, and for access, without any further authentication, to at least one of a particular program and a particular service of any one of the network of two or more relying parties.

1. A method for online authentication, comprising: 

receiving, from a user over a network at one or more servers, user authenticating information that authenticates the identity of the user; 
storing, in an aggregate database, the received user authenticating information in association with the user;
 receiving, from the user over the network at the one or more servers, membership authenticating information specific to members of a particular affiliation, the membership authenticating information indicating membership in the particular affiliation by the user; 
storing, in the aggregate database, the received membership authenticating information in association with the user; 
determining, by the one or more servers, whether additional authentication criteria is to be employed to authenticate the user as a member of the particular affiliation based on at least one requirement of a merchant;
 receiving, from the user over the network at the one or more servers, additional authentication criteria specific to the user, the additional authentication criteria used to match the user to the particular affiliation by a third-party database when it is determined that additional authentication criteria is to be employed; storing, in the aggregate database, the received additional authentication criteria in association with the user; 
receiving, from a device associated with the user, a device authentication address, wherein the device authentication address includes a media access control (MAC) address and is verified against an approved list of addresses associated with the user; 
storing, in the aggregate database, the verified device authentication address of the device associated with the user; 
transmitting, from the one or more servers over the network to the third-party database configured to store the membership authenticating information specific to members of the particular affiliation, the additional authentication criteria specific to the user; receiving, from the third-party database over the network at the one or more servers, additional membership authenticating information specific to members of the particular affiliation, the additional membership authenticating information indicating membership in the particular affiliation by the user; storing, in the aggregate database, the additional membership authenticating information received from the third-party database in association with the user; 
authenticating, via at least one widget that is at least one of integrated into, and accessible by, at least one of a mobile application and a website of a first relying party associated with at least one of a particular program and a particular service, the user as a member of the particular affiliation based on a comparison of the user authenticating information, the membership authenticating information, the verified device authentication address of the device associated with the user, the additional membership authenticating information stored in at least one of the aggregate database and the third-party database, and 
the first relying party is one of a network of two or more relying parties; 
storing, by the one or more servers, information regarding the user's membership in the particular affiliation in association with the user authenticating information when the user is authenticated as a member of the particular affiliation; and 
upon the user being authenticated as a member of the particular affiliation, providing a digital credential to the device of the user for access to the at least one of the particular program and the particular service of the first relying party, and for access, without any further authentication, to at least one of a particular program and a particular service of any one of the network of two or more relying parties, wherein the digital credential includes a unique identifier for the user and login information for the least one of the particular program and the particular service of the first relying party and for any of the network of two or more relying parties, and 
wherein the digital credential further includes more than one level based on at least one of a value and a risk associated with a specific task.




Similarly Claims 24-43 rejected on the ground of nonstatutory double patenting as being unpatentable over claims 1-21 of U.S. Patent No. US 10592645 B2. Although the claims at issue are not identical, they are not patentably distinct from each other because of similar limitations with obvious variations.

Claim Rejections - 35 USC § 103
The following is a quotation of pre-AIA  35 U.S.C. 103(a) which forms the basis for all obviousness rejections set forth in this Office action:
(a) A patent may not be obtained though the invention is not identically disclosed or described as set forth in section 102, if the differences between the subject matter sought to be patented and the prior art are such that the subject matter as a whole would have been obvious at the time the invention was made to a person having ordinary skill in the art to which said subject matter pertains. Patentability shall not be negatived by the manner in which the invention was made.

Claim(s) 24-25, and 33, 35, 43 are rejected under pre-AIA  35 U.S.C. 103(a) as being unpatentable over Thambidurai et al. (U.S. Pat. No. 2003/0212790 A1;IDS supplied) in view of Nanda et al(US 20090307744 A1).

With regards to claim 24, Thambidurai discloses, A method for online authentication, comprising: 
determining user authenticating information for authenticating the identity of a user ([0047]; In some embodiments, a single piece of information may be used to identify both a user identity and an educational institution. Based on the received data, the student status database 20 or other database can be accessed to determine whether the user information is valid (e.g., are user name and PIN a valid combination, are user name and PIN valid, etc.) and whether the identified user is known to the verify processor 16 (e.g., is the user in the student status database or other database?) 104. If the user is known to the verify processor 16 and the user's data indicates that the user is a student, and the student data is within the threshold (e.g., not expired) 106); 
determining membership authenticating information specific to members of a particular affiliation ([0047] verify processor 16 can receive user information 102 from a user-controlled device 14; at a minimum, the information can include information associated with a name or other identity information (e.g., SS#, student ID) and information that can be associated with or otherwise identify an educational institutional); 
determining device authenticating information regarding a device associated with the user; 
authenticating a first relying party associated with at least one of a particular program and a particular service, the user as a member of the particular affiliation based on the user authenticating information, the membership authenticating information, and/or the device authenticating information (Thambidurai, [0062] and FIGs. 9-11: user selection of a tab 42 (i.e., read as a web page widget) can cause the FIG. 10 webpage 50 to appear, requesting information from the user to determine whether the user is a registered user or a new member. Registered users can provide a user name and an authentication code that is labeled “password” 52. Unregistered users can specify whether they are a student or a faculty member, the location of their school 54, and submit such information for further questions; see also Thambidurai, [0039] the users can access the verify processor 16 using a processor-controlled device that is capable of accessing the internet. A user can thus download a web page associated with the verify processor 16. The web page may be a different web page than a web page that may be associated with an offer supplier, or such web pages may be the same. In one embodiment, a web page can provide text boxes, drop-down menus, and/or check boxes to allow the user to identify themselves as a first time user, or alternatively, to provide a previously provided login identification and login authorization; see above [0048] for the process described by the verify processor to further validate a user’s status]; storing, by the one or more servers, information regarding the user’s), 
wherein the first relying party is one of a network of two or more relying parties (FIG 1 22; Other data sources[0033]; The verify processor can thus communicate with suppliers of offers, users, and/or other data sources that can assist in status verification. The verify system can utilize wired and/or wireless communications to communicate data from and/or to the suppliers of offers, the users, and/or the other data sources.); and 

Thambidurai does not exclusively but Nanda discloses, 
upon the user being authenticated as a member of the particular affiliation, providing a digital credential to the device of the user for access to the at least one of the particular program and the particular service of the first relying party, for access, without any further authentication, to at least one of a particular program and a particular service of any one of the network of two or more relying parties. ([0007] Some conventional mechanisms attempt to mitigate some of these concerns by implementing "federated" identity verification systems. In federated systems, a separate identity provider maintains data that can be used to generate one or more security tokens) for many of a user's different accounts at various relying parties. In general, a "security token" is the means by which an identity provider asserts a user's identity to a relying party. So that the security tokens are portable across many different relying parties, this type of identity provider will need to establish a trust relationship with each of the different relying parties for which the user would like access. Pls see [0013], [0026-0031] Note: relying party give access based on validity of token does not need authentication of user.) It would have been obvious to a person of ordinary skill in the art at the time of the invention was made to modify Thambidurai’s method with teaching of  Nanda in order to provide flexibly and continually synchronize changes to security configurations, and thus maintain, change, or end the trust relationship automatically, as desired (Nanda Abstract)

With regards to claim 25, Thambidurai further discloses, wherein the particular program is at least one of active military service status, retired military service status, and veteran status ([Thambidurai, abstract: method for verifying a user as a member of an affinity group; 1)5: market for selling discounted products and services; [0030]: affinity group can include Vietnam veteran, enlisted military statuses).

Claim 43 is product claim corresponding method claim 24, also rejected accordingly. 
Claims 33, 35 are system claims corresponding method claims 24, 25 also rejected accordingly. 
Claim(s) 26, 32, and 34, 36, 42 are rejected under pre-AIA  35 U.S.C. 103(a) as being unpatentable over Thambidurai et al. (U.S. Pat. No. 2003/0212790 A1;IDS supplied) in view of Nanda et al(US 20090307744 A1) and further in view of Chayanam et al. (U.S. Patent No. 8136148 B1; IDS supplied) .

With regards to claim 26, 36 Thambidurai in view of Nanda do not but Chayanam discloses, authenticating the first relying party associated with the at least one of a particular program and the particular service via at least one widget that is at least one of integrated into, and accessible by, at least one of a mobile application and a website of the first rely party, wherein the at least one widget comprises at least one of a desktop widget, a mobile widget, a web widget, a television set widget, and a hybrid widget (Chayanam, col. 3,line 49-54: generic computing device 101 (e.g., a client desktop or laptop computer, a mobile device, a computer server such as a web server, a data store providing services, etc.) that may be used according to an illustrative embodiment of the invention; Chayanam, col. 6, II. 13-21: authentication widget 214 associated with the requested web page 212 is invoked...). It would have been obvious to a person of ordinary skill in the art at the time of the invention was made to modify Thambidurai in view of Nanda’s method with teaching of Chayanam in order to provide reusable authentication component may be integrated into a web page to communicate with an authentication server and authenticate a user to the web page (Chayanam Abstract).

With regards to claim 32, 42 Thambidurai in view of Nanda and Chayanam discloses, allowing monetary transactions to be performed through the widget and between the user and any one of the network of two or more relying parties providing the at least one of the particular program and the particular service using the digital credential (Chayanam, col. 12, line 41-67: wherein the provider includes a plurality of different providers, each providing a respective one of a plurality of programs and a plurality of services, and wherein the digital credentials are configured to be used on at least one of the mobile application and the website of each of the plurality of providers (financial institutions and credit providers, web sites of online merchants, and systems providing secure remote login capabilities (e.g., secure email systems, corporate, educational, and governmental systems)); an authentication widget 610 may be requested by and integrated into a third-party web page 600). Motivation would be same as stated in claim 26.

With regards to claim 34, Thambidurai in view of Nanda and Chayanam further discloses, wherein authenticating the user as a member of the particular affiliation further includes comparing the user authenticating information against a list of pre-approved authenticating indicia ([Chayanam, col. 9, line 14-60: the authentication server 220 challenges the user based on user account information or may call for specific challenge question answers collected from the user when the user's account was first opened). Motivation would be same as stated in claim 26.

Claim(s) 27-31 and 37-41 are rejected under pre-AIA  35 U.S.C. 103(a) as being
unpatentable over Thambidurai in view of Nanda and in view of Lesandro et al. (U.S. Pat. App. Pub. No. 2012/0054095 A1;IDS supplied).

With regards to claim 27, Thambidurai in view of Nanda do not but Lesandro teaches, wherein said authenticating step further comprises using a white list and a black list, the white list specifying users to be provided further consideration by said authenticating step, and the black list specifying users to be denied further consideration by said authenticating step ([Lesandro, 1J1355: the entity can configure whether appropriate checking (including white list, black list, watch list) will be performed for each of the joint and primary and secondary applicants, authorized users, and guarantors; Lesandro, 1J1700: account opening system allows business to track information related to authenticated and non-). It would have been obvious to a person of ordinary skill in the art at the time of the invention was made to modify Thambidurai in view of Nanda’s method with teaching of Lesandro in order  an enhanced customer experience and reducing need for IT support and other development resources (Lesandro [0003])

With regards to claim 28, Thambidurai in view of Nanda and Lesandro teaches, wherein the black list comprises identities of previously denied users and users known to have perpetrated a previous fraud (Lesandro, [0489] The area of decisioning may include Credit Checking, Fraud Checking and/or other local regulations). Motivation would be same as stated in claim 27.

With regards to claim 29, Thambidurai in view of Nanda and Lesandro teaches, wherein the black list comprises identities of users who have been convicted of a particular list of crimes ([Lesandro, [0495] The system has the ability to provide to a user a decision based on the inputs of the user and the business rules, including, for example: Watch List checking (terrorists and money launderers, etc.); Black List checking (credit problems, arrears, write offs, bankrupts, etc.). Motivation would be same as stated in claim 27.

With regards to claim 30, Thambidurai in view of Nanda and Lesandro teaches,  wherein a user is denied the digital credential when the user is named on the black list, irrespective of whether the user is the member of the particular affiliation, based on a merchant provided preference ([Lesandro, [0495] The system has the ability to provide to a user a decision based on the inputs of the user and the business rules, including, for example: Lists (black lists), checking terrorists and money launderers (list of crimes); credit problems, arrears, write offs, bankrupts). Motivation would be same as stated in claim 27.

With regards to claim 31, Thambidurai in view of Nanda and Lesandro teaches, wherein the white list comprises known members of the affiliation that are in good standing based on certain criteria ([Lesandro, [0495]: The system has the ability to provide to a user a decision based on the inputs of the user and the business rules, including, White List checking positive repayment history on credit agreements). Motivation would be same as stated in claim 27.

Claims 37-41 are system claims corresponding method claims 27-31, also rejected accordingly. 

Conclusion
The prior art made of record and not relied upon is considered pertinent to applicant's disclosure. US 20060031494 A1( Pls see Abstract and FIG 4).

Any inquiry concerning this communication or earlier communications from the examiner should be directed to MOHAMMED WALIULLAH whose telephone number is (571)270-7987.  The examiner can normally be reached on 8.30 to 430 PM.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Yin-Chen Shaw can be reached on 1-571-272-8878.  The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system.  Status information for published applications may be obtained from either Private PAIR or Public PAIR.  Status information for unpublished applications is available through Private PAIR only.  For more information about the PAIR system, see https://ppair-my.uspto.gov/pair/PrivatePair. Should you have questions on access to the Private PAIR system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative or access to the automated information system, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.




/MOHAMMED WALIULLAH/Primary Examiner, Art Unit 2498