Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .
The Amendment filed 5/04/2022 has been entered.  Claims 1-16 remain pending in the application.  

Previous Claim Rejections - 35 USC § 112(b)
The applicant’s response / amendment filed 5/04/2022 states that all of the claims have been appropriately corrected to overcome the rejections under 35 USC § 112(b). The examiner states that some of the rejections have been overcome, so some of previous rejections under 35 USC § 112(b) have been withdrawn, while other rejections under 35 USC § 112(b) have been maintained and the examiner has further clarified these rejections.  
See the rejection of claims under 35 USC § 112(b), included below.

Response to Applicant’s Amendments / Arguments Regarding 35 U.S.C. § 103
	The applicant’s remarks, on pages 7-10 of the response / amendment, which is included below single spaced with the applicant’s emphasis is bold, and with the examiner’s comments double spaced, and the examiner’s emphasis of the applicant’s arguments in underline, is included below. The applicant argues the features which allegedly distinguish over the previously cited references cited in the 35 U.S.C. § 103 rejections.
Claims 1-16 are pending. Claims 3, 6 10 and 11 are currently amended. The amendments are clerical and do not add new matter. 
Claims 3, 4-7 and 10-13 stand rejected as allegedly being indefinite under 35 U.S.C. §112 (b). 
Applicant has amended the claim language of claims 3, 6 10 and 11 in accord with the Examiner's suggestions, for which Applicant thanks the Examiner, thereby rendering the rejection moot. 
Applicant requests reconsideration and withdrawal of the 35 U.S.C. §112 rejection of claims 3, 4-7 and 10-13. 
Claims 1- 9-10 and 16 stand rejected under 35 USC § 103 over U.S. Pat. Pub. 2019/0386984 (Thakkar et al.) in view of 2013/0203345 to Fisher ("Fisher"). Claims 2, 8 and 15 stand rejected over Thakkar in view of Fisher and further in view of U.S. Pat. Pub. 2014/0195248 to Ghetler ("Ghetler"). Claims 3-7 and 11-14 stand rejected over Thakkar in view of Fisher and further in view of U.S. Pat. Pub. 2015/0046340 to Dimmick ("Dimmick") Claim 1 is independent and recites: 
... encrypting the inaudible soundwave including the cryptographically secured authorization information at the user device; 
emitting, via a speaker of the user device, the encrypted inaudible soundwave including the cryptographically secured authorization information to the voice enabled device for downstream processing by the requesting server requiring the authorization information; 
decrypting the encrypted inaudible soundwave. (emphasis added) 

Independent claim 10 recites similar features. At page 7-8, the Office Action admits Thakkar fails to teach the above-emphasized features, alleging that paragraphs [0069]-[0071] of Fisher discloses these features. For the reasons given below, Applicant respectfully disagrees. 
	Fisher discloses a "secure element affixed to mobile communication device." The secure element is a small element such integrated into the user device: "for large sized phones such as an Android or Sidekick, the distance between the mobile communication device and the secure element affixed to the mobile communication device may be 3 inches or less for example." Fisher [0067]. The secure element communicates with the user device it is affixed to by an encrypted inaudible soundwave to authenticate itself to the mobile device it is integrated with. Thus, it is not the user device that emits or encrypts the encrypted inaudible soundwave, though it can be integrated into a user device. 
However, it is precisely because Fisher's secure element authenticates itself to the user device at very small distances that Fisher teaches away from integrating with a system user device that "emit[s], via a speaker of the user device, the encrypted inaudible soundwave including the cryptographically secured authorization information to the voice enabled device for downstream processing" as recited in claim 1. 
As Fisher explains at paragraph [0068]: 

As an alternatives security precaution the mobile communication device and or the secure element can estimate the distance of the signal. If the distance is greater than the expected amount, the mobile communication device and/or the secure element can reject the signal since the distance may indicate the signal is from an unauthorized or rouge device. For example, if the distance is greater than 2 inches, the mobile communication device and or the secure element may reject the signal. 
... If the distance is greater than expected (e.g. 1 inch, 2 inches, or 3 inches), than signal may indicate that it was originated by a rogue or unauthorized device and the mobile communication device may not process the signal. (emphasis added) 

As will be appreciated, voice enabled devices are specially designed to be operated at distances and communicate with devices within the sound of one's voice. Thus, Fisher teaches away from employing an encrypted signal from a user device to a voice enabled device for decryption or downstream decryption, as Fisher would regard any user device or the voice enabled device further than few inches apart as a "rouge device" - thereby rendering the system inoperable. A proposed modification that renders the prior art invention being modified unsatisfactory for its intended purpose does not support a prima facie case of obviousness. MPEP 2143.01 V1. 

In response to applicant's argument that the references fail to show certain features of applicant’s invention, it is noted that the features upon which applicant relies (i.e., short distances between an emitter and receiver of inaudible soundwave as described in Fisher) are not recited in the rejected claim(s).  Although the claims are interpreted in light of the specification, limitations from the specification are not read into the claims.  See In re Van Geuns, 988 F.2d 1181, 26 USPQ2d 1057 (Fed. Cir. 1993).
	As related to the discussion of Fischer, the primary reference Thakkar does not include any such teaching regarding a minimum or maximum distance that the sound emitter of the inaudible soundwave must be from the sound receiver. Thus, although Fisher describes distance limitation, Thakkar does not teach distance limitations.   
Accordingly, Thakkar and Fisher fail to disclose or suggest "encrypting the inaudible soundwave including the cryptographically secured authorization information at the user device; [and] emitting, via a speaker of the user device, the encrypted inaudible soundwave including the cryptographically secured authorization information to the voice enabled device for downstream processing decrypting the encrypted inaudible soundwave" as recited in claim 1. 
For the same reasons, Thakkar and Fisher fail to disclose or suggest independent claim 10. 
For the reasons given above, Applicant respectfully request reconsideration and withdrawal of the rejection of independent claims 1 and 10 under 35 USC § 103. 
The remaining claims are dependent from independent claims 1 and 10 discussed above and are patentable for at least the same reasons. As nothing in the prior art cited in the Office Action cures the above-identified deficiencies, Applicant respectfully requests reconsideration and withdrawal of the rejections. As each dependent claim is also deemed to define an additional aspect of the invention, however, the individual reconsideration of the patentability of each on its own merits is respectfully requested. 

1 "If a proposed modification would render the prior art invention being modified unsatisfactory for its intended purpose, then there is no suggestion or motivation to make the proposed modification. In re Gordon, 733 F.2d 900, 221 USPQ 1125 (Fed. Cir. 1984). (Claimed device was a blood filter assembly for use during medical procedures wherein both the inlet and outlet for the blood were located at the bottom end of the filter assembly, and wherein a gas vent was present at the top of the filter assembly. The prior art reference taught a liquid strainer for removing dirt and water from gasoline and other light oils wherein the inlet and outlet were at the top of the device, and wherein a pet-cock (stopcock) was located at the bottom of the device for periodically removing the collected dirt and water. The reference further taught that the separation is assisted by gravity. The Board concluded the claims were prima facie obvious, reasoning that it would have been obvious to turn the reference device upside down. The court reversed, finding that if the prior art device were turned upside down it would be inoperable for its intended purpose because the gasoline to be filtered would be trapped at the top, the water and heavier oils sought to be separated would flow out of the outlet instead of the purified gasoline, and the screen would become clogged.)" 

Similarly, because Applicant maintains that all claims are allowable for at least the reasons presented hereinabove, in the interests of brevity, this response does not comment on every comment made by the Examiner in the Office Action. This should not be taken as acquiescence of the substance of those comments, and Applicant reserves the right to address such comments.


Claim Rejections - 35 USC § 112
	The following is a quotation of 35 U.S.C. 112(b):
(b)  CONCLUSION.—The specification shall conclude with one or more claims particularly pointing out and distinctly claiming the subject matter which the inventor or a joint inventor regards as the invention.

Claims 3, 4-5, and 12-13  are rejected under 35 U.S.C. 112(b) as being indefinite for failing to particularly point out and distinctly claim the subject matter which the inventor or a joint inventor (or for applications subject to pre-AIA  35 U.S.C. 112, the applicant), regards as the invention.
Claim 3 recites, “transmitting the decrypted cryptographically secured authorization information at the user device from the voice enabled device to a virtual assistant server;” which does not make sense, because it is unclear if transmitting is performed “at the user device” or “from the voice enabled device.” 
The examiner interprets this feature as “transmitting the decrypted cryptographically secured authorization information     
Claims 4-5 are rejected for having insufficient antecedent basis. For example, claims 4-5 recite “the virtual assistance server,” however no antecedent support is given for this feature. 
Claims 12-13 are rejected for having insufficient antecedent basis. Claims 12-13 recite “the virtual assistance server,” however no antecedent support is given for this feature. For examples, in claim 10 “a voice assistant server” does not provide antecedent support “the virtual assistance server” of claims 11-13. 

Claim Rejections - 35 USC § 103
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.

Claims 1, 9-10, and 16 are rejected under 35 U.S.C. 103 as being unpatentable over US 2019/0386984 to Thakkar et al. (hereinafter referred to as Thakkar), in view of US 2013/0203345 to Fisher (hereinafter referred to as Fisher). 
	Regarding claim 1, Thakkar teaches,
A method for voice enabled authorization comprising: 
outputting, from a voice enabled device, a request for authorization information delivered from a requesting server; 
	Thakkar in [0014] generally describes many of the features of the invention, where a “first device” (“voice enabled device”) and a “second device” (“user device”) exchange an encrypted password (“authorization information”) via audio communication using an inaudible sound. Thakkar [0015] teaches an entity (“requesting server”) that performs a transaction and fig. 1 includes a transaction processor server 150 (“requesting server”). 
Thakkar in [0083-84] and fig. 3D teach the above features of the claim by teaching a login page 1300 that requests a one-time password, where a financial entity (“requesting server”) sends the request for a one-time password (“authorization information”) in the form of the login page 1300 with message 1304 to a computing device (“voice enabled device”). Alternatively, the transaction processor server 150 may act as an intermediary between the “financial entity” of Thakkar and the “computing device” of Thakkar, as taught in the second half of [0030] in 1.
Please see, Thakkar [0084] which states, “[0084] A page 1300 includes a requested two-factor authentication message 1302 by a bank when using a payment instrument that requires two-factor authentication for transaction processing. A financial entity may request a one-time password to be entered that is communicated to a known device established for the two-factor authentication. For example, a one-time password message 1304 may alert a user that a one-time password is sent to the mobile device. This may alert the user to place the mobile device within audio range of the computing device displaying page 1300. Page 1300 may include a password field 1306 for entry of the one-time password. However, in order to provide hands free entry of the password (e.g., without having to input the password through user input, such as keystrokes or interface touch input), page 1300 may provide an audio communication alert 1308 for an audio communication process that provides the one-time password from the mobile device to the computing device through audio communications. Once password field 1306 is populated, the user may request processing through section of continue option 1310.” (emphasis added)
placing the voice enabled device into a listening state; 
obtaining the authorization information from a user device; 
(Thakkar in the second half of [0084] (included above) also teaches the computing device (“voice enabled device”) being provided the one-time password (“authorization information”) from the mobile device (“user device”). The Examiner notes that it would be inherent that the computing device of Thakkar would be put into a listening state in order to obtain the one-time password from the mobile device, where the one-time password is provided from the mobile device through audio communication. 
Thakkar in the last 3 sentences of [0014] also teaches the features of a first device (“voice enabled device”) that receives a sound wave communication from a second device (“user device”)
The last 3 sentence of [0014] of Thakkar state, “… For example, a first device may require the two-factor authentication password during electronic transaction processing using a user's account, and a second nearby device previously associated with the user's account may receive the password and emit a sound wave communication having the password encoded and encrypted into the sound wave. The password may be decoded and decrypted from the received audio wave communication by the first device requiring the password, and may then be automatically entered for the two-factor authentication process. In this manner, two-factor authentication may be provided in a secure manner without requiring laborious and error prone entry of the password during the authentication process.” (emphasis added)
cryptographically securing the authorization information at the user device;
converting the cryptographically secured authorization information to an inaudible soundwave including the cryptographically secured authorization information at the user device; 
 (The Examiner notes, for clarification, that the above steps of “cryptographically securing …” and “converting …” (included above) and “encrypting …” (included below) are performed before the step of “obtaining the authorization information from a user device” (included above) in Thakkar, and the Examiner is interpreting the features of the claim as being performed in this order.
Specifically, [0014] of Thakkar teaches the password being encrypted and encoded into a sound wave, as evidenced above.
More specifically, [0023] of Thakkar teaches the second device (“user device”) outputting a sound wave that includes the password that is encrypted before being encoded into the audio patter.  The 3rd and 4th sentences of Thakkar states, “The second device may then encode the one-time password into an audio pattern or wave. Prior to encoding the one-time password into the audio pattern, the second device may also encrypt the password using the negotiated and/or shared security key or mechanism, such as the account identifier.” (emphasis added)
…
emitting, via a speaker of the user device, the encrypted inaudible soundwave including the cryptographically secured authorization information to the voice enabled device for downstream processing by the requesting server requiring the authorization information; 
(As, as further discussed below, Thakkar does not teach encrypting or decrypting and inaudible soundwave.
Thakkar does teach, in the last 3 sentences of [0014], which are included above, the second device (“user device”) that “emit[s] a sound wave communication having the password encoded” to a first device (“voice enabled device”). 
decrypting the cryptographically secured authorization information; and 
Thakkar in [0014] teaches the decryption of the sound wave.
For example, The second to last sentence of Thakkar at [0014] states, “The password may be decoded and decrypted from the received audio wave communication by the first device requiring the password, and may then be automatically entered for the two-factor authentication process.” (emphasis added)
confirming authorization credentials for the cryptographically secured authorization information.  
The Examiner interprets this feature corresponding to confirming that the “authorization information” is correct, for example, by entering into an authentication process.  
Thakkar in the last 3 sentences of [0014] teaches “[t]he password may be decoded and decrypted from the received audio wave communication by the first device requiring the password, and may then be automatically entered for the two-factor authentication process.” (emphasis added
Thakkar at the end of [0024] also teaches processing the password to determine whether the password matches, and performing verification on the one-time password. 
Thakkar does not explicitly teach encrypting and decrypting of an inaudible soundwave,
encrypting the inaudible soundwave including the cryptographically secured authorization information at the user device; 
…
decrypting the encrypted inaudible soundwave; 
However, Fisher teaches these features in [0077], which is included below.
Fisher in [0077] states, “In the method 440, the user instructs an application running on the processor 123 (FIG. 2) of the mobile communication device 110 to load (442) value (e.g., money or credits) onto the secure element 130. An application (or corresponding API) running on the processor 132 (FIGS. 3A-3C) updates (444) the stored value of the secure element 130 by the amount specified in the message. The application creates a digital message, specifying the value to be loaded onto the secure element 130, converts it to an inaudible analog sound waves at 10 MHz using ADC 119 (452), encrypts it, and transmits (454) the sound wave using the speaker 117 to the secure element via the microphone 137. The secure element 130 receives (456) the sound waves via the microphone 137 (FIGS. 3A-3C), decrypts the sound wave, converts it to digital using ADC 135, and displays the data to the user in the mobile wallet. In some embodiments, the secure element 130 transmits a confirmation message (not shown) to the mobile communication device 110. If the mobile communication device 110 does not receive the confirmation message from the secure element 130, it retransmits the sound waves as described in operation 442.”
At the time the invention was filed, it would have been obvious to one of ordinary skill in the art to combine the teachings of Thakkar, which teaches an inaudible soundwave including the encrypted authorization information that is encrypted before creating the soundwave, with Fisher, which teaches encrypting an inaudible soundwave. One of ordinary skill in the art would have been motivated to perform such an addition to provide Fisher, which teaches the use of encrypting an inaudible sound that includes a message in [0077] (included above), in order to increase the level of security of the communications between devices performing authentication in transactions, as opposed to merely encrypting a password alone. 
It is noted that Fisher at [0069-71] teaches the use of inaudible soundwaves to perform multi-factor communication in order to perform transactions. Specifically, Thakkar states, “[0069] In addition to this the inaudible sound waves may also include a unique tone or series of unique tones similar to a digital watermark in a photo to prevent rogue signals from being sent. [0070] Thus, the mobile communication device and/or secure element may perform multifactor authentication which includes the PIN, signal distance or audio watermark, etc. [0071] FIGS. 4A through 4D illustrate examples of transactions involving the mobile communication device 110, the secure element 130, and other elements of the system 100.” (emphasis added)

Regarding claim 9, Thakkar and Fisher teach,
The method of claim 1, wherein cryptographically securing the authorization information at the user device is selected from the group of: 
symmetric single key encryption, asymmetric dual key encryption, hashing, or tokenization.  
Thakkar in [0014] teaches the use of a shared key (i.e., symmetric single key).

Regarding claim 10, Thakkar teaches,
	A system comprising: 
a requesting server comprising 
a processor for processing authorization credentials; and 
Thakkar in [0014] generally describes many of the features of the invention, where a “first device” (“voice enabled device”) and a “second device” (“user device”) exchange an encrypted password (“authorization information”) via audio communication using an inaudible sound. Thakkar [0015] teaches an entity (“requesting server”) that performs a transaction and fig. 1 of Thakkar includes a transaction processor server 150 (“requesting server”).
a voice enabled device comprising a processor and operatively connected to a voice assistant server; 
the voice enabled device being configured to at least: 
output a request for authorization information; 
Thakkar in [0083-84] and fig. 3D teach the above features of the claim by teaching a login page 1300 that requests a one-time password, where a financial entity (“requesting server”) sends the request for a one-time password (“authorization information”) in the form of the login page 1300 with message 1304 to a computing device (“voice enabled device”). Alternatively, the transaction processor server 150 may act as an intermediary between the “financial entity” of Thakkar and the “computing device” of Thakkar, as taught in the second half of [0030] in 1.
Please see, Thakkar [0084] which states, “[0084] A page 1300 includes a requested two-factor authentication message 1302 by a bank when using a payment instrument that requires two-factor authentication for transaction processing. A financial entity may request a one-time password to be entered that is communicated to a known device established for the two-factor authentication. For example, a one-time password message 1304 may alert a user that a one-time password is sent to the mobile device. This may alert the user to place the mobile device within audio range of the computing device displaying page 1300. Page 1300 may include a password field 1306 for entry of the one-time password. However, in order to provide hands free entry of the password (e.g., without having to input the password through user input, such as keystrokes or interface touch input), page 1300 may provide an audio communication alert 1308 for an audio communication process that provides the one-time password from the mobile device to the computing device through audio communications. Once password field 1306 is populated, the user may request processing through section of continue option 1310.” (emphasis added)
enter a listening state; 
detect and obtain, via a microphone, an encrypted inaudible soundwave including cryptographically secured authorization information emitted from a speaker of a user device; and 
Thakkar in the second half of [0084] (included above) also teaches the computing device (“voice enabled device”) being provided the one-time password (“authorization information”) from the mobile device (“user device”). The Examiner notes that it would be inherent that the computing device of Thakkar would be put into a listening state in order to obtain the one-time password from the mobile device, where the one-time password is provided from the mobile device through audio communication. 
Thakkar in the last 3 sentences of [0014] also teaches the features of a first device (“voice enabled device”) that receives a sound wave communication from a second device (“user device”)
The last 3 sentence of [0014] of Thakkar state, “… For example, a first device may require the two-factor authentication password during electronic transaction processing using a user's account, and a second nearby device previously associated with the user's account may receive the password and emit a sound wave communication having the password encoded and encrypted into the sound wave. The password may be decoded and decrypted from the received audio wave communication by the first device requiring the password, and may then be automatically entered for the two-factor authentication process. In this manner, two-factor authentication may be provided in a secure manner without requiring laborious and error prone entry of the password during the authentication process.” (emphasis added)
…
the requesting server being configured to at least: 
decrypt the cryptographically secured authorization information; and 
Thakkar in [0024] teaches that the processing entity (“requesting server”)may decrypt the one-time password.
confirm authorization credentials of the authorization information.  
Thakkar at the end of [0024] also teaches a processing entity that processes the password to determine whether the password matches, and performs verification on the one-time password. 
Except, Thakkar does not explicitly teach “the voice enabling device” encrypting and decrypting of an inaudible soundwave,
decrypt the encrypted inaudible soundwave including the cryptographically secured authorization information or convert the encrypted inaudible soundwave 30Attorney Docket No.001 3654USU/4450 including the cryptographically secured authorization information to an encrypted data payload including the cryptographically secured authorization information; 
However, Fisher teaches these features in [0077], which is included below.
Fisher in [0077] states, “In the method 440, the user instructs an application running on the processor 123 (FIG. 2) of the mobile communication device 110 to load (442) value (e.g., money or credits) onto the secure element 130. An application (or corresponding API) running on the processor 132 (FIGS. 3A-3C) updates (444) the stored value of the secure element 130 by the amount specified in the message. The application creates a digital message, specifying the value to be loaded onto the secure element 130, converts it to an inaudible analog sound waves at 10 MHz using ADC 119 (452), encrypts it, and transmits (454) the sound wave using the speaker 117 to the secure element via the microphone 137. The secure element 130 receives (456) the sound waves via the microphone 137 (FIGS. 3A-3C), decrypts the sound wave, converts it to digital using ADC 135, and displays the data to the user in the mobile wallet. In some embodiments, the secure element 130 transmits a confirmation message (not shown) to the mobile communication device 110. If the mobile communication device 110 does not receive the confirmation message from the secure element 130, it retransmits the sound waves as described in operation 442.”
At the time the invention was filed, it would have been obvious to one of ordinary skill in the art to combine the teachings of Thakkar, which teaches an inaudible soundwave including the encrypted authorization information that is encrypted before creating the soundwave, with Fisher, which teaches encrypting an inaudible soundwave. One of ordinary skill in the art would have been motivated to perform such an addition to provide Fisher, which teaches the use of encrypting an inaudible sound that includes a message in [0077] (included above), in order to increase the level of security of the communications between devices performing authentication in transactions, as opposed to merely encrypting a password alone. 
It is noted that Fisher at [0069-71] teaches the use of inaudible soundwaves to perform multi-factor communication in order to perform transactions. Specifically, Thakkar states, “[0069] In addition to this the inaudible sound waves may also include a unique tone or series of unique tones similar to a digital watermark in a photo to prevent rogue signals from being sent. [0070] Thus, the mobile communication device and/or secure element may perform multifactor authentication which includes the PIN, signal distance or audio watermark, etc. [0071] FIGS. 4A through 4D illustrate examples of transactions involving the mobile communication device 110, the secure element 130, and other elements of the system 100.” (emphasis added)

Regarding claim 16, Thakkar and Fisher teach,
The system of claim 10, wherein the user device is configured to cryptographically secure the authorization information using a cryptographic algorithm selected from the group of
 symmetric single key encryption, asymmetric dual key encryption, hashing, or tokenization.
Claim 16 is rejected using the same basis of arguments used to reject claim 9 above.

Claims 2, 8, and 15 are rejected under 35 U.S.C. 103 as being unpatentable over Thakkar, in view of Fisher, and further in view of US 2014/0195428 to Ghetler (hereinafter referred to as Ghetler). 
Regarding claim 2, 
Thakkar and Fisher do not teach,
The method of claim 1 further comprising: accepting an input at the user device for authenticating an identity of a user.  
	However, Ghetler teaches this feature. Ghetler in fig. 6 shows how “authorization request information” is sent to a client device 140 (“user device”) via the same steps described in 212-228, which use encrypted audio messaging. (See Ghetler, last sentence of [0036] and [0037]).  The interface of fig. 6 is displayed on the client device 140 (“user device”) and is provided by an audio signal from client computer 160 (“voice enabled device”). (See Ghetler at [0030-35] for the full description of steps 212-228, which include the details of the passing of the audio file with data. The last sentence of [0036] and [0037] detail the interactive screen that accepts a user input on the client device (“user device”), where the user input is used to confirm or deny authorization.
At the time the invention was filed, it would have been obvious to one of ordinary skill in the art to combine the teachings of Thakkar, which teaches an inaudible soundwave including the encrypted authorization information that is encrypted before creating the soundwave, with Fisher, which teaches encrypting an inaudible soundwave, with Ghetler, which teaches authorization request information for use in displaying an interface.  One of ordinary skill in the art would have been motivated to perform such an addition to provide for increased interaction between the user device / mobile device and the voice enabled device, in order to allow the user to input additional information into the user device / mobile device before authorizing a transfer of information that leads to authorization of a payment.  

Regarding claim 8, 
Thakkar and Fisher do not teach,
The method of claim 1 further comprising: 
transmitting a page showing authorization details to the user device via an inaudible soundwave from the voice enabled device.  
However, Ghetler teaches this feature. Ghetler in fig. 6 shows how “authorization request information” is sent to a client device 140 (“user device”) via the same steps described in 212-228, which use encrypted audio messaging.  This corresponds to a page. 
At the time the invention was filed, it would have been obvious to one of ordinary skill in the art to combine the teachings of Thakkar, which teaches an inaudible soundwave including the encrypted authorization information that is encrypted before creating the soundwave, with Fisher, which teaches encrypting an inaudible soundwave, with Ghetler, which teaches authorization request information for use in displaying an interface.  One of ordinary skill in the art would have been motivated to perform such an addition to provide for increased interaction between the user device / mobile device and the voice enabled device, in order to allow the user to input additional information into the user device / mobile device before authorizing a transfer of information that leads to authorization of a payment.  
 
Regarding claim 15, Thakkar, Fisher, and Ghetler teach,
The system of claim 10, wherein the voice enabled device is configured to transmit a page showing authorization details to the user device via an inaudible soundwave from the voice enabled device.  
Claim 15 is rejected using the same basis of arguments used to reject claim 8 above.

Claims 3-7 and 11-14 are rejected under 35 U.S.C. 103 as being unpatentable over Thakkar, in view of Fisher, and further in view of US 2015/0046340 to Dimmick (hereinafter referred to as Dimmick). 
Regarding claim 3, Thakkar, Fisher, and Dimmick teach,
The method of claim 1 further comprising: 
decrypting the encrypted inaudible soundwave including the cryptographically secured authorization information at the user device; 
Fisher at the end of [0077] states, “… The secure element 130 receives (456) the sound waves via the microphone 137 (FIGS. 3A-3C), decrypts the sound wave, converts it to digital using ADC 135, and displays the data to the user in the mobile wallet. In some embodiments, the secure element 130 transmits a confirmation message (not shown) to the mobile communication device 110. If the mobile communication device 110 does not receive the confirmation message from the secure element 130, it retransmits the sound waves as described in operation 442.” (emphasis added)
transmitting the decrypted cryptographically secured authorization information at the user device from the voice enabled device to a virtual assistant server; and  28Attorney Docket No.001 3654USU/4450 
As discussed above, in the rejection under 35 U.S.C. 112(b) the above language is confusing / unclear. The examiner interprets this feature as “transmitting the decrypted    
Thakkar at [0024] teaches either the first device (“voice enabled device”) or a processing entity (“server”) as performing the decryption of the password.
Specifically, the middle of [0024] states, “The processing entity may then decode the recorded audio communication and may decrypt the password from the decoded audio file to receive the one-time password, which may then be entered to a field for the one-time password with the two-factor authentication process. In other embodiments, the first device may perform the decoding and decrypting of the recorded audio file, and may then directly enter the password to the field of the two-factor authentication process requiring the password.” (emphasis added)
Thakkar and Fisher do not teach transmitting “the … cryptographically secured authorization information” to a “virtual assistant server” and then decrypting at another server (“requesting server”). 
decrypting the cryptographically secured authorization information at the requesting server.
However, Dimmick teaches this feature.
Dimmick in [0099] teaches passing an encrypted PIN from the authentication computer 112 (“virtual assistant server”) to a payment processing network 108 (“requesting server”). This prevents the PIN from being exposed to intermediary servers in a payment processing / authentication network.
The Examiner interprets the second and third encryption keys as both being transport keys that correspond to the “encrypted data payload” of the claim. 
	Additionally, Dimmick in [0064] specifically teaches the use of both transport encryption keys (second encryption key) and issuer encryption keys (first encryption key). Thus, the issuer can decrypt the PIN.
For example, Dimmick at [0099] in the last sentence, teaches passing the encrypted PIN to the issuer computer, which holds the issuer keys, such as the first encryption key. The issuer computer then confirms the PIN because it holds the issuer encryption keys and has the ability to fully decrypt the encrypted PIN. Dimmick’s issuing computer confirms the PIN (i.e., “authorization credentials”), as seen in [0099].
At the time the invention was filed, it would have been obvious to one of ordinary skill in the art to combine the teachings of Thakkar, which teaches an inaudible soundwave including the encrypted authorization information that is encrypted before creating the soundwave, with Fisher, which teaches encrypting an inaudible soundwave, with Dimmick, which teaches passing an encrypted PIN from multiple servers and maintaining at least some encryption until the PIN is decrypted at its final destination server.  One of ordinary skill in the art would have been motivated to perform such an addition in order to provide additional security when passing data between different servers, particularly when some of the intermediate servers should not be trusted with confidential information, such as PINs and passwords.  

Regarding claim 4, Thakkar, Fisher, and Dimmick teach,
 	The method of claim 1 further comprising: 
converting the encrypted inaudible soundwave including the cryptographically secured authorization information to an encrypted data payload including the cryptographically secured authorization information at the voice enabled device; 
As discussed above, Fisher teaches “decrypting the encrypted inaudible soundwave including the cryptographically secured authorization information.” Thakkar teaches converting a inaudible soundwave that includes data into electronic data. 
transmitting the encrypted data payload including the cryptographically secured authorization information from the voice enabled device to the virtual assistant server; 
Thakkar at [0024] teaches that the processing entity (“server”) may perform the decryption of the one-time password.  
Thakkar and Fisher do not teach decrypting a data payload at one server, and then fully decrypting the authorization information at another server.  
decrypting the encrypted data payload including the cryptographically secured authorization information at the virtual assistant server; and 
decrypting the cryptographically secured authorization information at the requesting server.  
	However, Dimmick teaches these features in [0097-99] and also [0064]. Dimmick in [0064] specifically teaches the use of both transport encryption keys (second encryption key) and issuer encryption keys (first encryption key). Thus, the issuer can decrypt the PIN.
Dimmick at [0099] in the last sentence, teaches passing the encrypted PIN to the issuer computer, which holds the issuer keys, such as the first encryption key. The issuer computer then confirms the PIN because it holds the issuer encryption keys and has the ability to fully decrypt the encrypted PIN, because Dimmick in [0064] specifically teaches the use of both transport encryption keys (second encryption key) and issuer encryption keys (first encryption key).
At the time the invention was filed, it would have been obvious to one of ordinary skill in the art to combine the teachings of Thakkar, which teaches an inaudible soundwave including the encrypted authorization information that is encrypted before creating the soundwave, with Fisher, which teaches encrypting an inaudible soundwave, with Dimmick, which teaches passing an encrypted PIN from multiple servers and maintaining at least some encryption until the PIN is decrypted at its final destination server.  One of ordinary skill in the art would have been motivated to perform such an addition in order to provide additional security when passing data between different servers, as taught in Dimmick, particularly when some of the intermediate servers should not be trusted with confidential information, such as PINs and passwords Additionally, different servers may use different encryption when communicating with a client, than when communicating with another server.  

Regarding claim 5, Thakkar, Fisher, and Dimmick teach,
The method of claim 1 further comprising: 
converting the encrypted inaudible soundwave including the cryptographically secured authorization information … 
As discussed above, Fisher in [0077] teaches decrypting the “encrypted inaudible soundwave”, which is performed on a mobile device. The Examiner interprets the decrypting of the inaudible soundwave as the first part (of two part) needed to convert the soundwave into an encrypted data payload.
Thakkar and Fisher fail to teach, 
… to an encrypted data payload including the cryptographically secured authorization information at the voice enabled device;
transmitting the encrypted data payload including the cryptographically secured authorization information from the voice enabled device to the virtual assistant server;
transmitting the encrypted data payload including the cryptographically secured authorization information from the virtual assistant server to the requesting server; 
decrypting the encrypted data payload including the cryptographically secured authorization information at the requesting server; and 
However, Dimmick in [0097-99] teach passing twice encrypted PIN data (where the PIN is single encrypted and then again encrypted as part of a data payload, see [0097]), where the PIN (“authorization information”) is twice encrypted at a consumer device 102 (“voice enabled device”) and then sent to an authentication computer 112 (“virtual assistant server”), as discussed in [0097] of Dimmick. Then to a payment processing network (“requesting server”).  
The Examiner interprets the second and third encryption keys as both being transport keys that are used to create the “encrypted data payload” of the claim. 
decrypting the cryptographically secured authorization information at the requesting server.  
Dimmick at [0099] in the last sentence, teaches passing the encrypted PIN to the issuer computer, which holds the issuer keys, such as the first encryption key. The issuer computer then confirms the PIN because it holds the issuer encryption keys and has the ability to fully decrypt the encrypted PIN, because Dimmick in [0064] specifically teaches the use of both transport encryption keys (second encryption key) and issuer encryption keys (first encryption key). Dimmick’s issuing computer confirms the PIN (i.e., “authorization credentials”), as seen in [0099].
At the time the invention was filed, it would have been obvious to one of ordinary skill in the art to combine the teachings of Thakkar, which teaches an inaudible soundwave including the encrypted authorization information that is encrypted before creating the soundwave, with Fisher, which teaches encrypting an inaudible soundwave, with Dimmick, which teaches passing an encrypted PIN from multiple servers and maintaining at least some encryption until the PIN is decrypted at its final destination server.  One of ordinary skill in the art would have been motivated to perform such an addition in order to provide additional security when passing data between different servers, as taught in Dimmick, particularly when some of the intermediate servers should not be trusted with confidential information, such as PINs and passwords Additionally, different servers may use different encryption when communicating with a client, than when communicating with another server.  

Regarding claim 6, Thakkar, Fisher, and Dimmick teach,
The method of claim 1 further comprising: 
transmitting a confirmation payload of an authorization from the requesting server to a virtual assistant server; 
transmitting the confirmation payload from the virtual assistant server to the voice enabled device; and  29Attorney Docket No.001 3654USU/4450 
	Dimmick in [0025] teaches an “authentication indicator” that corresponds to a confirmation payload. Dimmick in [0112-113] teaches transmitting the authentication from different servers, and then to the consumer device 102 (“user device”). 
 	transmitting the confirmation payload to the user from the voice enabled device.  
	Thakkar in fig. 3A and [0072] teaches transmitting signal 1020 from the first user device to the second user device, which acknowledges that the payment went through.	
At the time the invention was filed, it would have been obvious to one of ordinary skill in the art to combine the teachings of Thakkar, which teaches an inaudible soundwave including the encrypted authorization information that is encrypted before creating the soundwave, with Fisher, which teaches encrypting an inaudible soundwave, with Dimmick, which teaches passing an encrypted PIN from multiple servers and maintaining at least some encryption until the PIN is decrypted at its final destination server.  One of ordinary skill in the art would have been motivated to perform such an addition in order to provide a confirmation of authorization, as taught in Dimmick.  

Regarding claim 7, Thakkar, Fisher, and Dimmick teach,
The method of claim 6 further comprising: 
encrypting the confirmation payload including an inaudible soundwave at either the virtual assistant server or the voice enabled device; 
Thakkar in [0071-72] teaches encrypting the data transmitted in fig. 3A between the first user device and the second user device. Thakkar in [0025] also teaches encrypting an acknowledgement in the first device that is sent as a soundwave. 	
emitting the encrypted inaudible soundwave via a speaker to the user device from the voice enabled device; and 
decrypting the encrypted inaudible soundwave confirmation at the user device. 
 Thakkar in fig. 3A and [0072] teaches transmitting signal 1020 from the first user device to the second user device, which acknowledges that the payment went through.	

Regarding claim 11, Thakkar, Fisher, and Dimmick teach,
	The system of claim 10 further comprising: 
the voice enabled device being configured to: 
convert the encrypted inaudible soundwave including the cryptographically secured authorization information to an encrypted data payload including the cryptographically secured authorization information; and 
transmit the encrypted data payload including the cryptographically secured authorization information from the voice enabled device to a virtual assistant server; and 
the virtual assistant server being configured to decrypt the encrypted data payload including the cryptographically secured authorization information at the virtual assistant server.  
Claim 11 is rejected using the same basis of arguments used to reject claim 4 above.

Regarding claim 12, Thakkar, Fisher, and Dimmick teach,
The system of claim 10 further comprising: 
the voice enabled device being configured to:
convert the encrypted inaudible soundwave including the cryptographically secured authorization information to an encrypted data payload including the cryptographically secured authorization information; and 
transmit the encrypted data payload including the cryptographically secured authorization information from the voice enabled device to the virtual assistant server; 
the virtual assistant server being configured to: 
transmit the encrypted data payload including the cryptographically secured authorization information from the virtual assistant server to the requesting server; and  
the requesting server being configured to decrypt the cryptographically secured authorization information.  
Claim 12 is rejected using the same basis of arguments used to reject claim 5 above.

Regarding claim 13, Thakkar, Fisher, and Dimmick teach,
The system of claim 10 further comprising: 
the requesting server being configured transmit a confirmation payload of the authorization from the requesting server to the virtual assistant server; 
the virtual assistant server being configured to transmit the confirmation payload to the voice enabled device; and 
the voice enabled device is configured to transmit the confirmation payload to the user.  
Claim 13 is rejected using the same basis of arguments used to reject claim 6 above.

Regarding claim 14, Thakkar, Fisher, and Dimmick teach,
	The system of claim 13, 
wherein the voice enabled device is configured to: 
encrypt the confirmation payload including an inaudible soundwave; and 
emit the encrypted inaudible soundwave via a speaker to the user device.  
Claim 14 is rejected using the same basis of arguments used to reject claim 7 above.

Conclusion
Applicant's amendment necessitated the new ground(s) of rejection presented in this Office action.  Accordingly, THIS ACTION IS MADE FINAL.  See MPEP § 706.07(a).  Applicant is reminded of the extension of time policy as set forth in 37 CFR 1.136(a).  
A shortened statutory period for reply to this final action is set to expire THREE MONTHS from the mailing date of this action.  In the event a first reply is filed within TWO MONTHS of the mailing date of this final action and the advisory action is not mailed until after the end of the THREE-MONTH shortened statutory period, then the shortened statutory period will expire on the date the advisory action is mailed, and any extension fee pursuant to 37 CFR 1.136(a) will be calculated from the mailing date of the advisory action.  In no event, however, will the statutory period for reply expire later than SIX MONTHS from the date of this final action.
Any inquiry concerning this communication or earlier communications from the examiner should be directed to BRIAN WILLIAM AVERY whose telephone number is (571)272-3942.  The examiner can normally be reached on 9AM-5PM.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Farid Homayounmehr can be reached on (571)272-3739.  
Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system.  Status information for published applications may be obtained from either Private PAIR or Public PAIR.  Status information for unpublished applications is available through Private PAIR only.  For more information about the PAIR system, see https://ppair-my.uspto.gov/pair/PrivatePair. Should you have questions on access to the Private PAIR system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative or access to the automated information system, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.

/B.W.A./


/HENRY TSANG/Primary Examiner, Art Unit 2495