DETAILED ACTION
This Office Action is in response to the application 16/995,319 filed on 08/17/2020.
Claims 1-10 have been examined and are pending.
Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .  This Action is made Non-FINAL.
Priority
The present application claims priority to European Patent Application No. 19195693.7, filed on Sept. 5, 2019. 
Claim Objection: 
Claim 1 recites “a input device and an audio device for the mobile device” in line 5 (emphasis added).  The article “an” should be used instead of “a.” Correction is required. 
Claim Rejections - 35 USC § 101
35 U.S.C. 101 reads as follows:
Whoever invents or discovers any new and useful process, machine, manufacture, or composition of matter, or any new and useful improvement thereof, may obtain a patent therefor, subject to the conditions and requirements of this title.



Claim 10 is rejected under 35 U.S.C. 101 as being directed to non-statutory subject matter. 
Regarding claim 10, claim 10 is rejected under 35 U.S.C. 101 because the claims a directed to a non-statutory subject matter. Claim 10 recites “a computer readable storage medium.” The specification does not explicitly limit the claimed computer readable storage media to a non-transitory computer-readable medium. Broadly interpreted, a “computer readable storage medium” can include propagate and transmission signals, which are non-statutory subject matter under 35 U.S.C. 101. See Ex parte Mewherter, 107 USPQ2d 1857, 1862 (PTAB 2013) (precedential). Accordingly, claim 10 is rejected under 35 U.S.C. 101 because the claim is directed to non-statutory subject matter.  The Examiner respectfully suggests that the claims be further amended to recite either “a non-transitory computer readable storage medium,” “a non-transient computer readable storage medium,” “a computer readable storage device,” or “a computer readable storage medium, which does not include a signal” to make the claim statutory under 35 USC 101.
Claim Interpretation
The following is a quotation of 35 U.S.C. 112(f): 
(f) ELEMENT IN CLAIM FOR A COMBINATION.—An element in a claim for a combination may be expressed as a means or step for performing a specified function without the recital of structure, material, or acts in support thereof, and such claim shall be construed to cover the corresponding structure, material, or acts described in the specification and equivalents thereof. 

The following is a quotation of pre-AIA  35 U.S.C. 112, sixth paragraph: 
An element in a claim for a combination may be expressed as a means or step for performing a specified function without the recital of structure, material, or acts in support thereof, and such claim shall be construed to cover the corresponding structure, material, or acts described in the specification and equivalents thereof. 

The claims in this application are given their broadest reasonable interpretation using the plain meaning of the claim language in light of the specification as it would be understood by one of ordinary skill in the art. The broadest reasonable interpretation of a claim element (also commonly referred to as a claim limitation) is limited by the description in the specification when 35 U.S.C. 112(f) or pre-AIA  35 U.S.C. 112, sixth paragraph, is invoked. 
As explained in MPEP 2181, subsection I, claim limitations that meet the following three-prong test will be interpreted under 35 U.S.C. 112(f) or pre-AIA  35 U.S.C. 112, sixth paragraph: 
(A) the claim limitation uses the term “means” or “step” or a term used as a substitute for “means” that is a generic placeholder (also called a nonce term or a non-structural term having no specific structural meaning) for performing the claimed function; 
(B) the term “means” or “step” or the generic placeholder is modified by functional language, typically, but not always linked by the transition word “for” (e.g., “means for”) or another linking word or phrase, such as "configured to" or "so that"; and 
(C) the term “means” or “step” or the generic placeholder is not modified by sufficient structure, material, or acts for performing the claimed function. 
Use of the word “means” (or “step”) in a claim with functional language creates a rebuttable presumption that the claim limitation is to be treated in accordance with 35 U.S.C. 112(f) or pre-AIA  35 U.S.C. 112, sixth paragraph. The presumption that the claim limitation is interpreted under 35 U.S.C. 112(f) or pre-AIA  35 U.S.C. 112, sixth paragraph, is rebutted when the claim limitation recites sufficient structure, material, or acts to entirely perform the recited function. Such claim limitation(s) is/are: “means for enabling an input interface,” “means for receiving parameters,” “means for providing the query,” “means for receiving … inputs,” “means for creating … token,” “means for sending … token” of claim 9.   
Because these claim limitation(s) are being interpreted under 35 U.S.C. 112(f) or pre-AIA  35 U.S.C. 112, sixth paragraph, they are being interpreted to cover the corresponding structure described in the specification as performing the claimed function, and equivalents thereof. 
Absence of the word “means” (or “step”) in a claim creates a rebuttable presumption that the claim limitation is not to be treated in accordance with 35 U.S.C. 112(f) or pre-AIA  35 U.S.C. 112, sixth paragraph. The presumption that the claim limitation is not interpreted under 35 U.S.C. 112(f) or pre-AIA  35 U.S.C. 112, sixth paragraph, is rebutted when the claim limitation recites function without reciting sufficient structure, material or acts to entirely perform the recited function. 
This application includes one or more claim limitations that do not use the word “means,” but are nonetheless being interpreted under 35 U.S.C. 112(f) or pre-AIA  35 U.S.C. 112, sixth paragraph, because the claim limitation(s) uses a generic placeholder that is coupled with functional language without reciting sufficient structure to perform the recited function and the generic placeholder is not preceded by a structural modifier. 
Because these claim limitation(s) are being interpreted under 35 U.S.C. 112(f) or pre-AIA  35 U.S.C. 112, sixth paragraph, they are being interpreted to cover the corresponding structure described in the specification as performing the claimed function, and equivalents thereof. 
If applicant does not intend to have the claim limitation(s) treated under 35 U.S.C. 112(f) or pre-AIA  35 U.S.C. 112 , sixth paragraph, applicant may amend the claim(s) so that it/they will clearly not invoke 35 U.S.C. 112(f) or pre-AIA  35 U.S.C. 112, sixth paragraph, or present a sufficient showing that the claim recites/recite sufficient structure, material, or acts for performing the claimed function to preclude application of 35 U.S.C. 112(f) or pre-AIA  35 U.S.C. 112, sixth paragraph. 
Claim Rejections - 35 USC § 103
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically discloses as set forth in section 102 of this title, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains.  Patentability shall not be negated by the manner in which the invention was made.


Claims 1-10 are rejected under 35 U.S.C. 103 as being unpatentable over Gopalakrishnan et al. (“Gopalakrishnan,” US 9641526, patented May 2, 2017) in view of Norton (“Norton,” US 20170272245, published Sept. 21, 2017) and Silvester (“Silvester,” US 7369532, patented May 6, 2008). 
Regarding claim 1, Gopalakrishnan discloses a method for securing user inputs in a mobile device using a service that is provided by an application server and requires user inputs from the mobile device, the method comprising the following steps in a companion device (Gopalakrishnan FIG. 1, col. 6: 3-9; col. 7: 4-8. For example, referring to FIG. 3, the wearable computing device 100 may communicate with the authentication server 104 through a wired or wireless connection with one or more of the smartphone 102, a laptop computer 302, a tablet computer 304, a desktop computer 306, a kiosk 308, a server 310, or other device to provide regular re-authentication. As described above, the authentication confirmation data may be a PIN, password, fingerprint, voiceprint, or other biometric feature. To further increase security, the authentication confirmation data may be data created or generated based on the user input authentication data or biometric data. [Note wearable device as “companion device.”]): 
enabling an input interface and an audio interface [in order to be declared as a input device and an audio device] for the mobile device (Gopalakrishnan FIG. 2 (wearable device audio interface connected to smartphone 102), col. 4: 52-58; col. 5: 17-20. A variety of components may be connected through the input/output device interfaces 210, such as a display 212 having a touch surface or touch screen; an audio output device for producing sound, such as speaker(s) 214; one or more audio capture device(s) such as a microphone or an array of microphones 216 for receiving audio input; one or more image and/or video capture devices, such as camera(s) 218; and other components. Another device, such as a smart phone 102, may also connect directly to the wearable computing device 100 via one of these wired or wireless connections [note that in col. 7: 4-5, the wearable device can obtain user fingerprint and/or voiceprint input and send it to the mobile device].), 
receiving parameters through the audio interface in an [audio] stream sent from the mobile device, the parameters being set by the application server and containing a query for user inputs for the service [and a formula for a validation token], the query including a text for prompting for user inputs (Gopalakrishnan FIGs. 2 (interfaces), 5; col. 6: 3-9, 28-30; col. 7: 34-37. For example, referring to FIG. 3, the wearable computing device 100 may communicate with the authentication server 104 through a wired or wireless connection with one or more of the smartphone 102, a laptop computer 302... As illustrated in FIG. 5, the wearable computing device receives an instruction, for example, from the authentication server, to re-authenticate, illustrated as block 502. For example, the user may receive a prompt, via the wearable computing device or another user device. Such as the user's Smartphone, to re-authenticate today by 6 p.m.), 
providing the query for user inputs Gopalakrishnan FIGs. 5- 6; col. 7: 34-37. As illustrated in FIG. 5, the wearable computing device receives an instruction, for example, from the authentication server, to re-authenticate, illustrated as block 502. For example, the user may receive a prompt, via the wearable computing device or another user device. Such as the user's Smartphone, to re-authenticate today by 6 p.m.) , 
receiving user inputs (Gopalakrishnan FIG. 5, col. 6: 41-44. The user may re-authenticate in any number of different ways, for example, the user may input authentication data in the form of a PIN, a voice command, a fingerprint.), 
sending the validation token in the form of required user inputs to the mobile device through the input interface, the token being sent to the application server by the mobile device (Gopalakrishnan FIG. 6; col. 6: 3-10; col. 7: 4-8, 9-10; col. 8: 12-16. For example, referring to FIG. 3, the wearable computing device 100 may communicate with the authentication server 104 through a wired or wireless connection with one or more of the smartphone 102, a laptop computer 302... As described above, the authentication confirmation data may be a PIN, password, fingerprint, voiceprint, or other biometric feature. For example, the authentication confirmation data may be encrypted [i.e., an encrypted authentication token]. To further increase security, the authentication confirmation data may be data created or generated based on the user input authentication data or biometric data. When the communication connection is available, the wearable computing device causes authentication confirmation data to be transmitted to the authentication server directly or via another device, illustrated as block 616.).
Gopalakrishnan does not explicitly disclose: in order to be declared as an input device and an audio device for the mobile device; a formula for the validation token; creating a validation token by applying the formula on the query, the user inputs and the random number. 
However, in an analogous art, Norton discloses a method comprising the steps of: 
in order to be declared as a input device and an audio device for the mobile device; a formula for the validation token (Norton FIG. 2, [0026]. While the mobile user 104 holds the button, the wearable device 144 sends 172 a pairing request to the mobile device 148, and the mobile device 148 returns 176 the device identifier D to the wearable device 144. Then, the wearable device 144 verifies 180 that the device identifier D received from the mobile device 148 matches the device identifier D of the wearable device 144. Next, the wearable device 144 exchanges 184 an encryption key with the mobile device 148 to secure future communication between the two devices 144, 148, and the mobile device 148 returns 188 a confirmation of the encryption key exchange with the wearable device 144 . The encryption key can be used to establish a secure communication protocol between the devices 144 , 148 , including , but not limited to , Bluetooth 4 , and near field communications ( NFC ) with transport layer security ( TLS ) 1.2 or greater.); 
creating a validation token by applying the formula on the query, the user inputs and the random number (Norton [0029], [0030]. In the depicted embodiment , the mobile user 104 enters 204 an email address E and a new password P into the mobile device 148 , which generates 208 a new random account identifier A for the mobile user 104 . Next , the mobile device 148 derives 212 a secret key S = XOR ( HASH ( A ) , HASH ( P ) ) using a cryptographic hash function and a bit - wise exclusive - or function. In addition , it will be appreciated that the exclusive - or of the hash of the account identifier A and the hash of the password P may be …  an exclusive - or of the concatenation of the email address E , the password P and a random salt value R.). 
Therefore, it would have been obvious to one of ordinary skill in the art on or before the effective filing date of the claimed invention to combine the teachings of Norton with the teachings of Gopalakrishnan to include the steps of:  creating a validation token by applying the formula on the query, the user inputs and the random number, to provide a secure pairing of mobile device and wearable device.  (See Norton [0026].)
Gopalakrishnan and Norton do not explicitly disclose: an audio stream. 
However, in an analogous art, Silvester discloses an audio stream (Silvester FIG. 2A, col. 7: 41-43, 52-57.  BluetoothTM driver interface 216: BluetoothTM bus driver 218; BluetoothTM host controller device 220. [C]ombined audio link generation procedures 226 for multiplexing or combining one or more audio sources within an audio link between a master and a slave device … which can be provided to a user for simultaneous playback of received audio/data streams.). 
Therefore, it would have been obvious to one of ordinary skill in the art on or before the effective filing date of the claimed invention to combine the teachings of Silvester with the teachings of Gopalakrishnan and Norton to include the steps of:  audio stream, to provide user with a means for wirelessly delivering audio or data stream via Bluetooth protocols.  (See Silvester col. 7: 52-57.)
Regarding claim 2, Gopalakrishnan, Norton and Silvester disclose the method of claim 1. Gopalakrishnan further discloses wherein the parameters are encoded in an [audio] stream by a client application of the mobile upon reception of data for the service from the application server (Gopalakrishnan FIGs. 2 (interfaces), 5; col. 6: 3-9, 28-30; col. 7: 34-37. For example, referring to FIG. 3, the wearable computing device 100 may communicate with the authentication server 104 through a wired or wireless connection with one or more of the smartphone 102, a laptop computer 302... As illustrated in FIG. 5, the wearable computing device receives an instruction, for example, from the authentication server, to re-authenticate, illustrated as block 502. For example, the user may receive a prompt, via the wearable computing device or another user device. Such as the user's Smartphone, to re-authenticate today by 6 p.m.). 
Silvester further discloses: an audio stream (Silvester FIG. 2A, col. 7: 41-43, 52-57.  BluetoothTM driver interface 216: BluetoothTM bus driver 218; BluetoothTM host controller device 220. [C]ombined audio link generation procedures 226 for multiplexing or combining one or more audio sources within an audio link between a master and a slave device … which can be provided to a user for simultaneous playback of received audio/data streams.).
The motivation is the same as that of claim 1 above. 
Regarding claim 3, Gopalakrishnan, Norton and Silvester disclose the method of claim 1. Silvester further discloses: wherein the companion device decodes the audio stream and extracts the parameters (Silvester FIG. 2A, col. 8: 15-19.  [P]acket decoding procedures 228 for decoding packets received via a combined audio link requested by the host computer 200 in order to extract data/voice streams from the received packets.).
The motivation is the same as that of claim 1 above. 
Regarding claim 4, Gopalakrishnan, Norton and Silvester disclose the method of claim 1. Norton further discloses wherein the validation token is created by applying a mix of at least a hash of the text, a hash of the user inputs and a random number (Norton [0029], [0030]. In the depicted embodiment, the mobile user 104 enters 204 an email address E and a new password P into the mobile device 148 , which generates 208 a new random account identifier A for the mobile user 104 . Next , the mobile device 148 derives 212 a secret key S = XOR ( HASH ( A ) , HASH ( P ) ) using a cryptographic hash function and a bit - wise exclusive - or function. In addition , it will be appreciated that the exclusive - or of the hash of the account identifier A and the hash of the password P may be …  an exclusive - or of the concatenation of the email address E , the password P and a random salt value R.). 
The motivation is the same as that of claim 1 above. 
Regarding claim 5, Gopalakrishnan, Norton and Silvester disclose the method of claim 1. Gopalakrishnan further discloses wherein the query for user inputs is provided in the way of pin code, password or biometry (Gopalakrishnan FIG. 5, col. 6: 41-44. The user may re-authenticate in any number of different ways, for example, the user may input authentication data in the form of a PIN, a voice command, a fingerprint.). 
 Regarding claim 6, Gopalakrishnan, Norton and Silvester disclose the method of claim 1. Gopalakrishnan further discloses wherein the user inputs are required for a transaction validation or login process (Gopalakrishnan col. 8: 28-38. The authentication server analyzes the authentication confirmation [e.g., PIN, password, fingerprint, see col. 7: 4-8] data and determines whether the user authentication is correct or incorrect and transmits a message verifying the authentication or stating that the authentication failed. The wearable computing device receives the authentication verification or failure, illustrated as block 624. Upon receiving an authentication verification, the wearable computing device may function as intended for the user. For example, the payment transaction may be authorized and the wearable computing device may proceed with the payment transaction, illustrated as block 626.). 
Regarding claim 7, Gopalakrishnan, Norton and Silvester disclose the method of claim 1. Gopalakrishnan further discloses wherein the text prompting for user inputs is provided in audio form or visual form (Gopalakrishnan col. 4: 52-56; col. 7: 34-37. A variety of components may be connected through the input/output device interfaces 210, Such as a display 212 having a touch Surface or touch screen; an audio output device for producing Sound, such as speaker(s) 214; one or more audio capture device(s). Such as a microphone or an array of microphones 216 for receiving audio input. For example, the user may receive a prompt, via the wearable computing device or another user device. Such as the user's Smartphone, to re-authenticate today by 6 p.m.). 


Regarding claim 8, Gopalakrishnan, Norton and Silvester disclose the method of claim 1. Gopalakrishnan further discloses wherein the companion device communicates with the mobile device through a Bluetooth connection (Gopalakrishnan col. 6: 15-22. Refer ring to FIG. 4, the wearable computing device 100 may also communicate with any of the Smartphone 102, laptop computer 302, tablet computer 304, desktop computer 306, kiosk 308, server 310, or other device via the network 106. As described above, the network 106 may be a wireless local area network (WLAN) (such as WiFi) radio, Bluetooth.). 
Regarding claim 9, claim 9 is directed to an apparatus corresponding to the method of claim 1. Claim 9 is similar in scope to claim 1 and is therefore rejected under similar rationale. 
Regarding claim 10, claim 10 is directed to a computer readable medium corresponding to the method of claim 1. Claim 10 is similar in scope to claim 1 and is therefore rejected under similar rationale. 








Conclusion
Any inquiry concerning this communication or earlier communications from the examiner should be directed to EDWARD LONG whose telephone number is (571)272-8961.  The examiner can normally be reached on Monday to Friday, 9 AM - 6  PM EST (Alternate Fridays).
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Luu Pham can be reached on (571) 270-5002.  The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300. Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system.  Status information for published applications may be obtained from either Private PAIR or Public PAIR.  Status information for unpublished applications is available through Private PAIR only.
For more information about the PAIR system, see http://pair-direct.uspto.gov. Should you have questions on access to the Private PAIR system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative or access to the automated information system, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000. 



/EDWARD LONG/
Examiner, Art Unit 2439


/LUU T PHAM/            Supervisory Patent Examiner, Art Unit 2439