DETAILED ACTION
This Office Action is in response to the application17/070,457 filed on 10/14/2020.
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .
Claims 1-20 have been examined and are pending in this application. Claims 1, 8, and 14 are independent.
	Priority
No priority claimed.
Information Disclosure Statement
The information disclosure statement (IDS), submitted on 01/14/2021, is in compliance with the provisions of 37 CFR 1.97.  Accordingly, the information disclosure statement is being considered by the examiner.
Claim Objections
Claims 1 is objected to because of the following informalities:  
As to claim 1, the claim is directed to a system, including a memory, a communication device and a processing device as the system components. The function limitations of the claims are directed to a backend authentication system, which could be executed by the claimed processor. imitation recites. However, the function that is performed by the “local authentication agent” (see lines 13-14), is performed by the user communication device, based on the disclosure of the application (see Fig 1). Since the user communication device is a separate device from the backend authentication system device, the claimed system element cannot perform/execute the function of the “local authentication agent.”
 For better clarity of the claim scope, it is suggested that the claim be further amended to recite, the user computing device and the backend authentication system as two subsystems, each including a memory, a communication device and a processing device as the components of the subsystem (emphasis added).
Appropriate correction(s) is required.
Claim Rejections - 35 USC § 103
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102 of this title, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains.  Patentability shall not be negated by the manner in which the invention was made.

Claims 1-20 are rejected under 35 U.S.C. 103 as being unpatentable over Li (“Li,” US 2009/0013390, published on 01/08/2009), in view of Johansson (“Johansson,” US 7 2016/0337344, published on 11/17/2016), and further in view Machani (“Machani” 10,289,835, patented on 05/14/2019).
As to claim 1, Li teaches a system for increasing authentication complexity for access to online systems (Li: pars 0003, 0010-0011, teaches a system/method configuration for secure banking/credit card transaction using improved features based on the idea of SecurID token, that was developed by RSA Security Inc.), the system comprising: a
 memory device with computer-readable program code stored thereon; a communication device; and a processing device operatively coupled to the memory device and the communication device, wherein the processing device is configured to execute the computer-readable program (Li: pars 0010-0011, 0015, 0050, a host computer with processor, memory and communication mechanism performs the backend authentication functions) code to: 
detect one or more authentication requests from a user, the one or more authentication requests comprising a set of valid authentication credentials associated with a user [ ] (Li: pars 0010-0011, 0015, 0050, when customer [i.e. user] wants to access his/her bank account from the bank's website, entering username and pin number (fixed password)); 
generate, by a local authentication agent using the one or more randomized strings and a pre-shared algorithm, one or more sets of invalid authentication credentials (Li: pars 0010-0011, 0015, 0050, at the customer side [i.e. local authentication agent] a copy of the second predetermined program [i.e. a pre-shared algorithm] generates a second password, which to be identical to the password generated by the host system); 
input the one or more sets of invalid authentication credentials to the user [ ] (Li: pars 0010-0011, 0015, 0050, the customer submits the second password generated by the second predetermined program of the password generator to the host [i.e. input to the backend authentication system]); 
receive, through a backend authentication agent, the one or more sets of invalid authentication credentials from the user [ ] (Li: pars 0010-0011, 0015, 0050, the host system received the second password sent by the customer’s device); 
generate, by the backend authentication agent using the one or more randomized strings and the pre-shared algorithm, one or more backend copies of the one or more sets of invalid authentication credentials (Li: pars 0010-0011, 0015, 0050, the host system generates a second password the host/bank [i.e. backend authentication system] uses a second predetermined program, stored in the host, associated with the account of the customer and generate another second password); and 
perform authentication of the user based on comparing the one or more sets of invalid authentication credentials with the one or more backend copies of the one or more sets of invalid authentication credentials (Li: pars 0010-0011, 0015, 0050, the host system compares the received second password with the host generated second password for authenticating the customer for allowing access to secure access/transaction).
Li discloses generating and authenticating access password using a shared predetermined program of customer device and backend authentication device for providing secure access, as addressed above, but a does not explicitly teach user application; and based on the one or more authentication requests, generate one or more randomized strings associated with the one or more authentication requests.
However, in an analogous art, Johansson teaches user application (Johansson: pars 0044-0046, 0052; Fig 2A, teaches of a client device having an application, and a shared seed is associated with the client application for generating security credential for secure banking access/transaction); and
based on the one or more authentication requests, generate one or more randomized strings associated with the one or more authentication requests (Johansson: pars 0036, 0036, 0043, 0045, 0052; Fig 2A, teaches that the shared seed [i.e. that randomized string], which is necessary for generating the security credential, is generated and transmitted/sharing it with the authentication endpoint using various available transmission method [as an obvious option the seed can be generated at the client or server side. See Machani 10,289,835, col 5, lines 29-69]).
Therefore, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to combine the teachings of Johansson with the method/system of Li for the benefit of providing a user with a means for using a shared seed associated with a specific application stored in the client device, and for generating security credential [i.e. authentication credential] to allow the client application access secured network resources for banking transaction) (Johansson: pars 0044-0046, 0052, 0057). 
As to claim 2, the combination of Li, Johansson, and Machani teaches the system according to claim 1, 
Li further teaches wherein performing authentication of the user comprises: detecting that the one or more sets of invalid authentication credentials match the one or more backend copies of the one or more sets of invalid authentication credentials; and triggering an authentication pass, wherein the authentication pass causes the local authentication agent to pass the set of valid authentication credentials to the user application (Li: pars 0010-0011, 0015, 0050, the host system compares the received second password with the host generated second password for authenticating the customer and allows access to secure access/transaction).
As to claim 3 the combination of Li, Johansson, and Machani teaches the system according to claim 1, 
Li further teaches wherein performing authentication of the user comprises: detecting that the one or more sets of invalid authentication credentials do not match the one or more backend copies of the one or more sets of invalid authentication credentials; and preventing an authentication pass from being triggered (Li: pars 0015, 0050, only if [i.e. prevent otherwise] the second password sent by customer is identical with the one generated by host computer using the second predetermined program in the customer's account, the bank will allow the customer to access).
As to claim 4, the combination of Li, Johansson, and Machani teaches the system according to claim 1, 
Li further teaches wherein the one or more sets of invalid authentication credentials comprises a first set of invalid authentication credentials and a second set of invalid authentication credentials, wherein the one or more backend copies of the one or more sets of invalid authentication credentials comprises a backend copy of the first set of invalid authentication credentials and a backend copy of the second set of invalid authentication credentials, wherein performing authentication of the user comprises:
detecting that the first set of invalid authentication credentials matches the backend copy of the first set of invalid authentication credentials;
detecting that the second set of invalid authentication credentials matches the backend copy of the second set of invalid authentication credentials; and
triggering an authentication pass, wherein the authentication pass causes the local authentication agent to pass the set of valid authentication credentials to the user application (Li: pars0010, 0015, uses second password and first password for authentication process [as taught, first password is to authenticate the host to the customer, the first password can be used as the additional parameter to authenticate customer to the host]).
As to claim 5, the combination of Li, Johansson, and Machani teaches the system according to claim 1, 
Johansson further teaches wherein the local authentication agent is integrated into the user application (Johansson: pars 0044-0046, 0052; Fig 2A).
As to claim 6, the combination of Li, Johansson, and Machani teaches the system according to claim 1, 
Johansson further teaches wherein the one or more randomized strings are embedded in header information of the one or more authentication requests. (Johansson: pars 0036, 0036, 0043, 0045, 0052; Fig 2A, the shared seed [i.e. that randomized string], is transmitted/sharing it with the authentication endpoint using various available transmission method).
As to claim 7, the combination of Li, Johansson, and Machani teaches the system according to claim 1, 
Li further teaches wherein the set of valid authentication credentials comprises a username and password. (Li: pars0010, 0015, when customer [i.e. user] wants to access entering username and pin number (fixed password)))
As to claim 8, Li teaches a computer program product for increasing authentication complexity for access to online systems, the computer program product comprising at least one non-transitory computer readable medium having computer-readable program code portions embodied therein (Li: pars 0003, 0010-0011, teaches a system/method configuration for secure banking/credit card transaction using improved features based on the idea of SecurID token, that was developed by RSA Security Inc.), the computer-readable program code portions comprising executable code portions for: 
detecting one or more authentication requests from a user, the one or more authentication requests comprising a set of valid authentication credentials associated with a user [ ] (Li: pars 0010-0011, 0015, 0050, when customer [i.e. user] wants to access his/her bank account from the bank's website, entering username and pin number (fixed password)); 
generating, by a local authentication agent using the one or more randomized strings and a pre-shared algorithm, one or more sets of invalid authentication credentials (Li: pars 0010-0011, 0015, 0050, at the customer side [i.e. local authentication agent] a copy of the second predetermined program [i.e. a pre-shared algorithm] generates a second password, which to be identical to the password generated by the host system); 
inputting the one or more sets of invalid authentication credentials to the user [ ] (Li: pars 0010-0011, 0015, 0050, the customer submits the second password generated by the second predetermined program of the password generator to the host [i.e. input to the backend authentication system]); 
receiving, through a backend authentication agent, the one or more sets of invalid authentication credentials from the user [ ] (Li: pars 0010-0011, 0015, 0050, the host system received the second password sent by the customer’s device); 
generating, by the backend authentication agent using the one or more randomized strings and the pre-shared algorithm, one or more backend copies of the one or more sets of invalid authentication credentials (Li: pars 0010-0011, 0015, 0050, the host system generates a second password the host/bank [i.e. backend authentication system] uses a second predetermined program, stored in the host, associated with the account of the customer and generate another second password); and 
performing authentication of the user based on comparing the one or more sets of invalid authentication credentials with the one or more backend copies of the one or more sets of invalid authentication credentials (Li: pars 0010-0011, 0015, 0050, the host system compares the received second password with the host generated second password for authenticating the customer for allowing access to secure access/transaction).
Li discloses generating and authenticating access password using a shared predetermined program of customer device and backend authentication device for providing secure access, as addressed above, but a does not explicitly teach user application; and based on the one or more authentication requests, generating one or more randomized strings associated with the one or more authentication requests.
However, in an analogous art, Johansson teaches user application (Johansson: pars 0044-0046, 0052; Fig 2A, teaches of a client device having an application, and a shared seed is associated with the client application for generating security credential for secure banking access/transaction); and
based on the one or more authentication requests, generating one or more randomized strings associated with the one or more authentication requests (Johansson: pars 0036, 0036, 0043, 0045, 0052; Fig 2A, teaches that the shared seed [i.e. that randomized string], which is necessary for generating the security credential, is generated and transmitted/sharing it with the authentication endpoint using various available transmission method [as an obvious option the seed can be generated at the client or server side.  See Machani 10,289,835, col 5, lines 29-69]).
Therefore, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to combine the teachings of Johansson with the method/system of Li for the benefit of providing a user with a means for using a shared seed associated with a specific application stored in the client device, and for generating security credential [i.e. authentication credential] to allow the client application access secured network resources for banking transaction) (Johansson: pars 0044-0046, 0052, 0057). 
As to claims 9-13, the claim limitations are similar to the limitations of the system claims 2-6, and are rejected for the same reason set forth above for claims 2-6. 
As to claim 14, Li teaches a computer-implemented method for increasing authentication complexity for access to online systems (Li: pars 0003, 0010-0011, teaches a system/method configuration for secure banking/credit card transaction using improved features based on the idea of SecurID token, that was developed by RSA Security Inc.), wherein the computer-implemented method comprises:
detecting one or more authentication requests from a user, the one or more authentication requests comprising a set of valid authentication credentials associated with a user [ ] (Li: pars 0010-0011, 0015, 0050, when customer [i.e. user] wants to access his/her bank account from the bank's website, entering username and pin number (fixed password)); 
generating, by a local authentication agent using the one or more randomized strings and a pre-shared algorithm, one or more sets of invalid authentication credentials [ ] (Li: pars 0010-0011, 0015, 0050, at the customer side [i.e. local authentication agent] a copy of the second predetermined program [i.e. a pre-shared algorithm] generates a second password, which to be identical to the password generated by the host system); 
inputting the one or more sets of invalid authentication credentials to the user (Li: pars 0010-0011, 0015, 0050, the customer submits the second password generated by the second predetermined program of the password generator to the host [i.e. input to the backend authentication system])
receiving, through a backend authentication agent, the one or more sets of invalid authentication credentials from the user [ ] (Li: pars 0010-0011, 0015, 0050, the host system received the second password sent by the customer’s device); 
generating, by the backend authentication agent using the one or more randomized strings and the pre-shared algorithm, one or more backend copies of the one or more sets of invalid authentication credentials (Li: pars 0010-0011, 0015, 0050, the host system generates a second password the host/bank [i.e. backend authentication system] uses a second predetermined program, stored in the host, associated with the account of the customer and generate another second password); and 
performing authentication of the user based on comparing the one or more sets of invalid authentication credentials with the one or more backend copies of the one or more sets of invalid authentication credentials (Li: pars 0010-0011, 0015, 0050, the host system compares the received second password with the host generated second password for authenticating the customer for allowing access to secure access/transaction).
Li discloses generating and authenticating access password using a shared predetermined program of customer device and backend authentication device for providing secure access, as addressed above, but a does not explicitly teach user application; and based on the one or more authentication requests, generating one or more randomized strings associated with the one or more authentication requests.
However, in an analogous art, Johansson teaches user application (Johansson: pars 0044-0046, 0052; Fig 2A, teaches of a client device having an application, and a shared seed is associated with the client application for generating security credential for secure banking access/transaction); and
based on the one or more authentication requests, generating one or more randomized strings associated with the one or more authentication requests (Johansson: pars 0036, 0036, 0043, 0045, 0052; Fig 2A, teaches that the shared seed [i.e. that randomized string], which is necessary for generating the security credential, is generated and transmitted/sharing it with the authentication endpoint using various available transmission method [as an obvious option the seed can be generated at the client or server side.  See Machani 10,289,835, col 5, lines 29-69]).
Therefore, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to combine the teachings of Johansson with the method/system of Li for the benefit of providing a user with a means for using a shared seed associated with a specific application stored in the client device, and for generating security credential [i.e. authentication credential] to allow the client application access secured network resources for banking transaction) (Johansson: pars 0044-0046, 0052, 0057). 
As to claims 14-20, the claim limitations are similar to the limitations of the system claims 2-7, and are rejected for the same reason set forth above for claims 2-7.
Conclusion
Any inquiry concerning this communication or earlier communications from the examiner should be directed to Jahangir Kabir whose telephone number is (571) 270-3355.  The examiner can normally be reached on 9:00- 5:00 Mon-Thu.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Luu Pham can be reached on (571) 270-5002.  The fax number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system.  Status information for published applications may be obtained from either Private PAIR or Public PAIR.  Status information for unpublished applications is available through Private PAIR only.  For more information about the PAIR system, see http://pair-direct.uspto.gov. Should you have questions on access to the Private PAIR system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative or access to the automated information system, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.

/JAHANGIR KABIR/             Primary Examiner, Art Unit 2439