Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .

Claim Rejections - 35 USC § 112
	The following is a quotation of 35 U.S.C. 112(b):
(b)  CONCLUSION.—The specification shall conclude with one or more claims particularly pointing out and distinctly claiming the subject matter which the inventor or a joint inventor regards as the invention.

Claims 3-6 and 10 are rejected under 35 U.S.C. 112(b) as being indefinite for failing to particularly point out and distinctly claim the subject matter which the inventor or a joint inventor (or for applications subject to pre-AIA  35 U.S.C. 112, the applicant), regards as the invention.
	Specifically, dependent claims 3, 6, and 10 all recite “the authenticator” without any antecedent support.  The applicant is suggested to amend the first instance of “the authenticator” to instead recite “an authenticator.”
Claims 4-5 are rejected as being dependent upon claim 3.

Claim Rejections - 35 USC § 103
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.

Claims 1 and 11  are rejected under 35 U.S.C. 103 as being unpatentable over US 2019/0228406 to Patel et al. (hereinafter Patel) in view of US 2016/0014110 to Kurspahic (hereinafter Kurspahic).
	Regarding claim 1, Patel teaches the following,
A method for performing an offline login to a local device, the method comprising: 
	Patel teaches that authentication is performed within the peer-to-peer system using seeds to construct a key, allowing computing systems within the peer-to-peer system to then take action based on the authentication. Patel teaches a computing system 100 typically includes at least one hardware processing unit 102 and memory 104, which are used to perform authentication / authorization. (Patel, [0029], [0047] and fig. 1) Thus, the examiner interprets the features of using seeds to create encryption keys, as further discussed below, as being performed locally (i.e., performed by the processor 102 of fig. 1) Specifically, see discussion below of [0051] and [0058] of Patel that details the use of seeds to create keys. 
	…
Patel teaches the following, except for the underlined portion,
deleting the symmetric key; 
Patel teaches whenever an operation (i.e., authentication) uses a private key of a child or grandchild decentralized identifier, the parent decentralized identifier can regenerate the private key for the operation and delete the private key after the operation, which increases the security of the operation and the decentralized identifier management system. (Patel, last sentence of [0008] and [0026]) As discussed below, Kurspahic teaches the use of a symmetric key, instead of Patel’s private key.
Patel also teaches the following, except for the underlined portion,
when performing the offline login: 
reconstructing the symmetric key; 
Patel teaches a (first) “reconstruction of a symmetric key” (Patel, [0051]), much like Kurspahic [0034], as discussed above.
However, Patel also teaches a private master key can be regenerated (i.e., a second time) using the same one-way hash function from the parent seed, after the key has been deleted. Therefore, there is no need to store the derived parent private key permanently, and a backup of the parent seed at creation time is sufficient. Using a seed to generate a master private key and storing the seed instead of the private key provides a higher level of security to the entity. (Patel, [0058]) As discussed below, Kurspahic teaches the use of a symmetric key, instead of Patel’s private key.
	However, Patel does not teach the following,	
generating a pair of an auxiliary (AUX) public key and an AUX private key; 
However, Kurspahic teaches the above features, and also teaches the following features,
Kurspahic teaches encryption key (i.e., public key) and a decryption key (i.e., private key) can be generated (Kurspahic, third sentence of Abstract, also Step 310 fig. 3 described in [0057]) 
receiving a password at the local device; 
Kurspahic teaches receiving the password from a user device. (Kurspahic, second sentence of Abstract, Step 305 of fig. 3) The password is later encrypted, as discussed below.
reconstructing a symmetric key; 
Kurspahic teaches an application-level symmetric key can be a symmetric key defined or generated (“reconstructing”) by either a server or a user device 115. (Kurspahic, [0034])
encrypting the password with the AUX public key to obtain a locally encrypted password; 
Kurspahic teaches encrypt the password using the encryption key (“public key”). (Kurspahic, [0058] and Step 315 of fig. 3)
encrypting the AUX private key with the symmetric key to obtain an encrypted AUX private key; and 
Kurspahic teaches encrypting the decryption key (“private key) using an application-level symmetric key (“symmetric key”). (Kurspahic, [0059] and Step 320 of fig. 3)
As stated above, Patel teaches the following features, except for the underlined portion,
deleting the symmetric key; 
However, Kurspahic teaches the above underlined portion.
As discussed above, Kurspahic teaches a symmetric key. (Kurspahic, [0058-59])
...
As stated above, Patel teaches the following features, except for the underlined portion,
reconstructing the symmetric key; 
However, Kurspahic teaches the above underlined portion.
As discussed above, Kurspahic teaches a symmetric key. (Kurspahic, [0058-59])
Kurspahic also teaches the following,
decrypting the encrypted AUX private key with the symmetric key to obtain the AUX private key; 
Kurspahic teaches obtaining the decryption (private) key by decrypting the encrypted decryption key (Step 425 of fig. 4). (Kurspahic, [0069])
decrypting the locally encrypted password with the AUX private key to obtain the password; and 
Kurspahic teaches obtaining the password by decrypting the encrypted password using the decryption key (Step 430 of fig. 4). (Kurspahic, [0070])
using the password to perform the offline login.
Kurspahic teaches that the user’s identity may be verified by comparing hashes of the passwords. (Kurspahic, [0024]) Kurspahic also teaches accessing the sensitive information using the password (Step 435 of fig. 4). (Kurspahic, [0071])
Before the effective filing date of the invention, it would have been obvious to one of ordinary skill in the art to combine the teachings of Patel, which teaches an authentication being performed by a computer system 100 of fig. 1 (i.e., locally performed) that generates a private key to perform (authentication) operations, deletes the private key after the operation is performed, and then regenerates the key when another operation requires the key, with Kurspahic, which teaches encrypting a password with a public key and encrypting the corresponding private key (i.e., used to decrypt the password) with a symmetric key for authentication, where the symmetric key is also generated in the device. One of ordinary skill in the art would have been motivated to perform such an addition to modify Kurspahic’s private key with the symmetric key of Kurspahic that is used to encrypt a (private) decryption key to decrypt a password used in authentication.

Regarding claim 11, Patel teaches the following,
A system for performing an offline login, the system comprising: 
a memory; and 
a processor configured to: 
Patel teaches that authentication is performed within the peer-to-peer system using seeds to construct a key, allowing computing systems within the peer-to-peer system to then take action based on the authentication. Patel teaches a computing system 100 typically includes at least one hardware processing unit 102 and memory 104, which are used to perform authentication / authorization. (Patel, [0029], [0047] and fig. 1) Thus, the examiner interprets the features of using seeds to create encryption keys, as further discussed below, as being performed locally (i.e., performed by the processor 102 of fig. 1) Specifically, see discussion below of [0051] and [0058] of Patel that details the use of seeds to create keys.
…
Patel teaches the following, except for the underlined portion,
delete the symmetric key: 
Patel teaches whenever an operation (i.e., authentication) uses a private key of a child or grandchild decentralized identifier, the parent decentralized identifier can regenerate the private key for the operation and delete the private key after the operation, which increases the security of the operation and the decentralized identifier management system. (Patel, last sentence of [0008] and [0026]) As discussed below, Kurspahic teaches the use of a symmetric key, instead of Patel’s private key.
Patel also teaches the following, except for the underlined portion,
when performing the offline login: 
obtain the symmetric key; 
Patel teaches a (first) “reconstruction of a symmetric key” (Patel, [0051]), much like Kurspahic [0034], as discussed above.
However, Patel also teaches a private master key can be regenerated (i.e., a second time) using the same one-way hash function from the parent seed, after the key has been deleted. Therefore, there is no need to store the derived parent private key permanently, and a backup of the parent seed at creation time is sufficient. Using a seed to generate a master private key and storing the seed instead of the private key provides a higher level of security to the entity. (Patel, [0058]) As discussed below, Kurspahic teaches the use of a symmetric key, instead of Patel’s private key.
However, Patel does not teach the following,	
generate a pair of an auxiliary (AUX) public key and an ALUX private key; 
However, Kurspahic teaches the above features, and also teaches the following features,
Kurspahic teaches encryption key (i.e., public key) and a decryption key (i.e., private key) can be generated (Kurspahic, third sentence of Abstract, also Step 310 fig. 3 described in [0057]) 
receive a password; 
Kurspahic teaches receiving the password from a user device. (Kurspahic, second sentence of Abstract, Step 305 of fig. 3) The password is later encrypted, as discussed below.
obtain a symmetric key; 
Kurspahic teaches an application-level symmetric key can be a symmetric key defined or generated (“reconstructing”) by either a server or a user device 115. (Kurspahic, [0034])
encrypt the password with the AUX public key to obtain a locally encrypted password; 
Kurspahic teaches encrypt the password using the encryption key (“public key”). (Kurspahic, [0058] and Step 315 of fig. 3)
encrypt the AUX private key with the symmetric key to obtain an encrypted AUX private key; and 
Kurspahic teaches encrypting the decryption key (“private key) using an application-level symmetric key (“symmetric key”). (Kurspahic, [0059] and Step 320 of fig. 3)
As stated above, Patel teaches the following features, except for the underlined portion,
delete the symmetric key: 
However, Kurspahic teaches the above underlined portion.
As discussed above, Kurspahic teaches a symmetric key. (Kurspahic, [0058-59])
…
As stated above, Patel teaches the following features, except for the underlined portion,
obtain the symmetric key; 
However, Kurspahic teaches the above underlined portion.
As discussed above, Kurspahic teaches a symmetric key. (Kurspahic, [0058-59])
Kurspahic also teaches the following,
decrypt the encrypted AUX private key with the symmetric key to obtain the AUX private key; 
Kurspahic teaches obtaining the decryption (private) key by decrypting the encrypted decryption key (Step 425 of fig. 4). (Kurspahic, [0069])
decrypt the locally encrypted password with the AUX private key to obtain the password; and 
Kurspahic teaches obtaining the password by decrypting the encrypted password using the decryption key (Step 430 of fig. 4). (Kurspahic, [0070])
use the password to perform the offline login.
Kurspahic teaches that the user’s identity may be verified by comparing hashes of the passwords. (Kurspahic, [0024]) Kurspahic also teaches accessing the sensitive information using the password (Step 435 of fig. 4). (Kurspahic, [0071])
Before the effective filing date of the invention, it would have been obvious to one of ordinary skill in the art to combine the teachings of Patel, which teaches an authentication being performed by a computer system 100 of fig. 1 (i.e., locally performed) that generates a private key to perform (authentication) operations, deletes the private key after the operation is performed, and then regenerates the key when another operation requires the key, with Kurspahic, which teaches encrypting a password with a public key and encrypting the corresponding private key (i.e., used to decrypt the password) with a symmetric key for authentication, where the symmetric key is also generated in the device. One of ordinary skill in the art would have been motivated to perform such an addition to modify Kurspahic’s private key with the symmetric key of Kurspahic that is used to encrypt a (private) decryption key to decrypt a password used in authentication.

Claims 2 and 12 are rejected under 35 U.S.C. 103 as being unpatentable over Patel, in view of Kurspahic, and further in view of US 2021/0176059 to Hertrich et al. (hereinafter Hertrich).
Regarding claim 2, Hertrich teaches the following,The method of claim 1, wherein receiving the password comprises: 
receiving an encrypted password from an authentication service by the local device; and 
Hertrich teaches “software running on the mobile device receives the one-time password from the authentication server.” (Hertrich, second half [0014])
decrypting the encrypted password with a local private key to obtain the password.
Hertrich teaches the mobile device “software running on the mobile device pre-registers the mobile device with the authentication server, generates a key pair comprising a public key and a private key, and sends the public key to the authentication server through a communications network. Software running on the authentication server receives and stores the public key in a memory of the authentication server.” This is used to establish the secure connection between the authentication server and the mobile device. (Hertrich, first half of [0014])
Before the effective filing date of the invention, it would have been obvious to one of ordinary skill in the art to combine the teachings of Patel, which teaches an authentication being performed by a computer system 100 of fig. 1 (i.e., locally performed) that generates a private key to perform (authentication) operations, deletes the private key after the operation is performed, and then regenerates the key when another operation requires the key, with Hertrich, which teaches an authentication server providing a password to a mobile device which performs authentication locally. One of ordinary skill in the art would have been motivated to perform such an addition to provide the ability to retrieve a password from the authentication server and perform authentication locally.

Regarding claim 12, Hertrich teaches the following,
The system of claim 11, wherein the processor is configured to receive the password by: 
receive an encrypted password from an authentication service; and 
decrypt the encrypted password with a local private key to obtain the password.
Claim 12 is rejected using the same basis of arguments used to reject claim 2 above.
Claim 3 is rejected under 35 U.S.C. 103 as being unpatentable over Patel, in view of Kurspahic, and further in view of US 2015/0082397 to Zhong (hereinafter Zhong).
Regarding claim 3, Zhong teaches the following,
The method of claim 1, comprising, when performing the offline login: 
verifying an identity of the user by the authenticator prior to reconstructing the symmetric key.
Zhong teaches process of requesting the wireless network device to perform access authentication on the user equipment (“verifying an identity of the user”) is a step before a user is prompted to enter an authentication password (“prior to reconstructing the symmetric key” which is performed in order to decrypt the password). (Zhong, [0034]) 
Specifically, Zhong in fig. 1, a first authentication condition (S20) is required before additional authentication (i.e., password in S30) is performed. (Zhong, [0053]) 
Before the effective filing date of the invention, it would have been obvious to one of ordinary skill in the art to combine the teachings of Patel, which teaches an authentication being performed by a computer system 100 of fig. 1 (i.e., locally performed) that generates a private key to perform (authentication) operations, deletes the private key after the operation is performed, and then regenerates the key when another operation requires the key, with Zhong, which also teaches performing authentication using a password, with the added step of requiring a user to perform access identification (i.e., an authentication server providing a password to a mobile device which performs authentication locally. One of ordinary skill in the art would have been motivated to perform such an addition to provide the ability to retrieve a password from the authentication server and perform authentication locally.

Claims 4 and 15 are rejected under 35 U.S.C. 103 as being unpatentable over Patel, in view of Kurspahic, and in view of Zhong, and further in view of US 2012/0297190 to Shen et al. (hereinafter Shen).
Regarding claim 4, Shen teaches the following,
The method of claim 3, wherein verifying the identity of the user by the authenticator comprises performing biometric authentication.
Shen teaches requiring users to pass the biometric-authentication before, at least, the automatic entry of user credentials (e.g., name, password, etc.). (Shen, [0025])
Before the effective filing date of the invention, it would have been obvious to one of ordinary skill in the art to combine the teachings of Zhong, which also teaches performing authentication using a password, with the added step of requiring a user to perform access identification (i.e., an authentication server providing a password to a mobile device which performs authentication locally, with Shen, which teaches performing biometric authentication before a password is entered. One of ordinary skill in the art would have been motivated to perform such an addition to provide the ability to perform multifactor authentication to increase security.

Regarding claim 15, Shen teaches the following,
The system of claim 13, wherein the authenticator is configured to verify the identity of the user by performing biometric authentication.
Claim 15 is rejected using the same basis of arguments used to reject claim 4 above.
Claim 5 and 16 are rejected under 35 U.S.C. 103 as being unpatentable over Patel, in view of Kurspahic, and in view of Zhong, and further in view of US 2011/0016320 to Bergsten et al. (hereinafter Bergsten).
Regarding claim 5, Bergsten teaches the following,
The method of claim 3, wherein verifying the identity of the user by the authenticator comprises obtaining a PIN code from the user and comparing the obtained PIN code with a stored PIN code.
Bergsten teaches first performing PIN authentication (Bergsten, second sentence Abstract) and then a second authentication factor of entering a password. (Bergsten, [0009])
Before the effective filing date of the invention, it would have been obvious to one of ordinary skill in the art to combine the teachings of Zhong, which also teaches performing authentication using a password, with the added step of requiring a user to perform access identification (i.e., an authentication server providing a password to a mobile device which performs authentication locally, with Bergsten, which teaches first performing PIN authentication before a password authentication is performed. One of ordinary skill in the art would have been motivated to perform such an addition to provide the ability to perform multifactor authentication to increase security.

Regarding claim 16, Bergsten teaches the following,
The system of claim 13, wherein the authenticator is configured to verify the identity of the user by obtaining a PIN code from the user and comparing the obtained PIN code with a stored PIN code.
Claim 16 is rejected using the same basis of arguments used to reject claim 5 above.

Claims 6 and 17 are rejected under 35 U.S.C. 103 as being unpatentable over Patel, in view of Kurspahic, and in view of Zhong, and further in view of US 2010/0138666 to Adams et al. (hereinafter Adams).
Regarding claim 6, Adams teaches the following,
The method of claim 1, comprising, when performing the offline login: 
sending a challenge to the authenticator; 
Adams teaches (1) the authentication application executed by the microprocessor 228 on the mobile communication device 106, and then (2) authentication application then generates (step 606) a random challenge and transmits (step 608) the random challenge to the smart card reader 104 (“authenticator”). (Adams, middle and last sentence [0054] discussing Step 606 of fig. 6)
verifying an identity of the user by the authenticator; 
Adams teaches before the user can use the smart card 102 (“authenticator”), the user is required to provide the PIN for verification by the smart card 102. (Adams, last sentence [0057] and Step 716 fig. 7A; see also [0047] and last sentence [0034])
signing the challenge by the authenticator; 
sending the signed challenge to the local device; and 
Adams teaches the smart card 102 (“authenticator”) signs the random challenge, thereby generating a signed challenge, and provides the signed challenge to the smart card reader 104. (Adams, first sentence [0064], see also fig. 7B)
verifying the signed challenge by the local device.
Adams teaches he signed challenge from the smart card 102 (“authenticator”), the smart card reader 104 transmits (step 730) a message to the mobile communication device 106, where the message includes the signed challenge. Upon transmitting (step 730) the signed-challenge message to the mobile communication device 106, the authentication is considered to be successful and complete. (Adams, [0065] and fig. 7B)
Before the effective filing date of the invention, it would have been obvious to one of ordinary skill in the art to combine the teachings of Patel, which teaches an authentication being performed by a computer system 100 of fig. 1 (i.e., locally performed) that generates a private key to perform (authentication) operations, deletes the private key after the operation is performed, and then regenerates the key when another operation requires the key, with Adams, which teaches an secure element (“authenticator”) that verifies a PIN before performing authentication based on a challenge code provided to the Secure element by a mobile device. One of ordinary skill in the art would have been motivated to perform such an addition to provide the ability for the secure element (“authenticator”) to verify a user (i.e., using a PIN) and for the mobile phone to establish a secure connection, using a challenge, that confirms Authenticity (i.e., confirms that the original sender is the same).

Regarding claim 17, Adams teaches the following,
The system of claim 11, comprising an authenticator, wherein the processor is configured to, when performing the offline login: 
send a challenge to the authenticator; 
wherein the authenticator is configured to: 
verify an identity of the user; 
sign the challenge; 
send the signed challenge to the processor; and 
wherein the processor is configured to: 
verify the signed challenge.
Claim 17 is rejected using the same basis of arguments used to reject claim 6 above.
Claims 7-9 and 14 are rejected under 35 U.S.C. 103 as being unpatentable over Patel, in view of Kurspahic, and in view of Zhong, and further in view of US 2020/0259638 to Carmignani et al. (hereinafter Carmignani).
Regarding claim 7, Carmignani teaches the following,
The method of claim 1, wherein the symmetric key is reconstructed from a first value stored on the local device and a second value stored on an authenticator.
Carmignani teaches user device 60 may be configured to register a user and the device itself with the APSP and store encrypted seed material and encrypted biometric data in a distributed form on various nodes using any suitable threshold secret sharing (e.g., using Shamir's secret sharing). (Carmignani, first sentence [0046]) The examiner interprets the nodes as corresponding to an “authenticator.” Additionally, when one of the nodes reveals it’s seed share, as described in detail below, that seed share is stored on the user device 60 (“local device”) while the remaining seed share(s) are still located on the node(s) (“authenticator”). Carmignani teaches that a symmetric encryption key may be split between different nodes. (Carmignani, third from last sentence [0057])
Carmignani further teaches if the evaluation carried out by a particular network node is successful (e.g., if the evaluation indicates that the two biometric datapoints are from the same person with high probability), the particular network node may return its respective encrypted EBT share and/or its respective encrypted seed share to the APS user device. (Carmignani, middle of [0047]) Carmignani then teaches the success key can be revealed to the node (e.g., for enabling the node to partially decrypt the doubly encrypted seed share on the node and/or for enabling the node to partially decrypt the doubly encrypted EBT share on the node), all without the node ever having access to the EBT itself. (Carmignani, last sentence [0047]) Then, the user device 60 (“local device”) receives the partially decrypted seeds in order to rebuild the key. (Carmignani, [0048])
Before the effective filing date of the invention, it would have been obvious to one of ordinary skill in the art to combine the teachings of Patel, which teaches an authentication being performed by a computer system 100 of fig. 1 (i.e., locally performed) that generates a private key to perform (authentication) operations, deletes the private key after the operation is performed, and then regenerates the key when another operation requires the key, with Kurspahic, which teaches that the Steps 325 and Step 330 of fig. 3 reconstructing two different portions of the decryption key (i.e., private key). (Kurspahic, [0061-61]), where a first combination of a portion of the key and the encrypted password may be stored in the user session and a second combination of a remaining portion of the key and the encrypted password may be stored in a database, as shown in fig. 2B (Kurspahic, last three sentences of Abstract), with Carmignani, which teaches dividing a seed, which is used to generate a key, over multiple devices to increase security.  One of ordinary skill in the art would have been motivated to perform such an addition to provide the capability to store a seed between multiple devices for the purpose of security.
Regarding claim 8, Carmignani teaches the following,
The method of claim 7, wherein reconstructing the symmetric key comprises: 
sending the first value from the local device to the authenticator; 
reconstructing the symmetric key by the authenticator; and 
sending the symmetric key to the local device.
Regarding Carmignani: as an alternative to reconstructing a seed using the user device (“local device”), as discussed above in the rejection of claim 7, Carmignani also teaches reconstructing the seed using a “third party subsystem,” such as one of the nodes (“authenticator”). (Carmignani, [0048])
Regarding claim 9, Carmignani teaches the following,
The method of claim 7, wherein the symmetric key is reconstructed by hashing a concatenation of the first value with the second value.
Carmignani teaches the use of a hash, in particular hash-based message authentication code (“HMAC”).  HMAC uses concatenation. (Carmignani, third sentence [0057])
Regarding claim 14, Carmignani teaches the following,
The system of claim 13, wherein the authenticator is configured to reconstruct the symmetric key by hashing a concatenation of the first value with the second value.
Claim 14 is rejected using the same basis of arguments used to reject claim 9 above.

Claims 10 and 18 are rejected under 35 U.S.C. 103 as being unpatentable over Patel, in view of Kurspahic, and in view of Zhong, in view of Carmignani, and further in view of US 2020/0195630 to Mallinson et al. (hereinafter Mallinson).
Regarding claim 10, Mallinson teaches the following,
The method of claim 1, comprising performing online login by: 
sending a login request and a username from the local device to an authentication service; 
Mallinson in fig. 2 depicts a desktop device (“local device”), mobile device 14 with smart card 102 (“authenticator”) and authentication device 22 (“authentication service”). (Mallinson, [0032])
Mallinson teaches the use of a username and password for authentication. (Mallinson, [0002])
obtaining a challenge from the authentication service; 
Mallinson teaches in fig. 4 that Step 606, receiving a challenge from the remote authentication service. (“authentication service”). Mallinson, [0048])
Mallinson teaches the following, except for the underlined portion,
sending the challenge and the first value to the authenticator;
Mallinson teaches that Step 614 of fig. 4, signs the authentication service challenge (“challenge”) with user credentials that are stored in the mobile smart card 102. (“authenticator”). [(Mallinson, [0053]) The mobile device 14 with smart card 102 corresponds to the “authenticator.” Thus, the “authenticator” is provided with the authentication service challenge (“challenge”).
Mallinson teaches the following,
verifying an identity of the user by the authenticator; 
Mallinson teaches authenticating a user with a first secure application based on information received from a smart credential stored on a mobile device (“authenticator”). (Mallinson, second sentence of Abstract) The mobile device 14 with smart card 102 corresponds to “authenticator.”
signing the challenge by the authenticator to obtain a signed challenge; 
Mallinson teaches that Step 614 of fig. 4, signs the authentication service challenge (“challenge”) with user credentials that are stored in the mobile smart card 102. (“authenticator”). [(Mallinson, [0053]) The mobile device 14 with smart card 102 corresponds to the “authenticator.” 
See also, Step 616 discussed below, which returns the signed authentication service challenge to the first computing device (“local device”).
Mallinson teaches the following, except for the underlined portions,
sending from the authenticator to the local device, the signed challenge and the symmetric key; 
Mallinson in Step 616 of fig. 4 teaches returning the signed authentication service challenge to the first computing device (“local device”) and validating the challenge signed using the user credentials by sending the user-signed version of the authentication service challenge to the remote authentication service 402. (Mallinson, [0054])
Mallinson teaches the following,
sending by the local device the signed challenge to the authentication service; 
Mallinson in Step 616 of fig. 4 teaches returning the signed authentication service challenge to the first computing device (“local device”) and validating the challenge signed using the user credentials by sending the user-signed version of the authentication service challenge to the remote authentication service 402 (“authentication service”). (Mallinson, [0054])
verifying the signed challenge by the authentication service; and 
Mallinson teaches 618, receiving a redirection from the remote authentication service that redirects a browser of the first computing device to the remote secure application. The redirection from the remote authentication service indicates to the browser that the user is authenticated to access the remote secure application. (Mallinson, [0055])
However, Mallinson does not teach the features of claim 10 discussed below:
Carmignani teaches the underlined features below,
sending the challenge and the first value to the authenticator;
The above underlined features are taught in the rejection of claim 7, included above.
Specifically, the third party (e.g., nodes) may perform the generation of the key based on the seeds, instead of having the generation of the seed be performed at the client.
Carmignani teaches the following features,
reconstructing the symmetric key by the authenticator using the first value and the second value; 
The above features are taught in the rejection of claim 7, included above.
Carmignani teaches the underlined features below,
sending from the authenticator to the local device, the signed challenge and the symmetric key; 
Regarding Carmignani: as an alternative to reconstructing a seed using the user device (“local device”), also teaches reconstructing the seed using a “third party subsystem,” such as one of the nodes (“authenticator”). (Carmignani, [0048])
Kurspahic teaches the following,
sending the encrypted password from the authentication service to the local device.
Kurspahic teaches sending two different halves of the encrypted password from a system (server) and a database. (Kurspahic, [0006]) The examiner interprets the system (server) and the database as corresponding to the “authentication service.”
Before the effective filing date of the invention, it would have been obvious to one of ordinary skill in the art to combine the teachings of Patel, which teaches an authentication being performed by a computer system 100 of fig. 1 (i.e., locally performed) that generates a private key to perform (authentication) operations, deletes the private key after the operation is performed, and then regenerates the key when another operation requires the key, with Kurspahic, which teaches that the Steps 325 and Step 330 of fig. 3 reconstructing two different portions of the decryption key (i.e., private key). (Kurspahic, [0061-61]), where a first combination of a portion of the key and the encrypted password may be stored in the user session and a second combination of a remaining portion of the key and the encrypted password may be stored in a database, as shown in fig. 2B (Kurspahic, last three sentences of Abstract), with Carmignani, which teaches dividing a seed, which is used to generate a key, over multiple devices to increase security.  One of ordinary skill in the art would have been motivated to perform such an addition to provide the capability to store a seed between multiple devices for the purpose of security.
Before the effective filing date of the invention, it would have been obvious to one of ordinary skill in the art to combine the teachings of Patel, which teaches an authentication being performed by a computer system 100 of fig. 1 (i.e., locally performed) that generates a private key to perform (authentication) operations, deletes the private key after the operation is performed, and then regenerates the key when another operation requires the key, with Kurspahic, which teaches that the Steps 325 and Step 330 of fig. 3 reconstructing two different portions of the decryption key (i.e., private key). (Kurspahic, [0061-61]), where a first combination of a portion of the key and the encrypted password may be stored in the user session and a second combination of a remaining portion of the key and the encrypted password may be stored in a database, as shown in fig. 2B (Kurspahic, last three sentences of Abstract), with Mallinson, which teaches a secure element / application, local device / computer, and authentication server communicating with each other using challenges to maintain authenticity in the communications. One of ordinary skill in the art would have been motivated to perform such an addition to provide the secure element / application, local device / computer, and authentication server the capability of maintaining authenticity when communicating with each other by  using challenges.

Regarding claim 18, Mallinson, Carmignani, and Kurspahic teaches the following,
The system of claim 11, comprising: 
an authenticator; 
wherein the processor is configured to perform an online login by: 
sending a login request and a username to an authentication service; 
obtain a challenge from the authentication service; 
send the challenge and the first value to the authenticator; 
wherein the authenticator is configured to: 
verify an identity of the user; 
sign the challenge to obtain a signed challenge; 
reconstruct the symmetric key using the first value and the second value; 
send the signed challenge and the symmetric key to the processor: 
wherein the processor is configured to: 
send the signed challenge to the authentication service; and 
obtain the encrypted password from the authentication service.
Claim 18 is rejected using the same basis of arguments used to reject claim 10 above.
Claim 13 is are rejected under 35 U.S.C. 103 as being unpatentable over Patel, in view of Kurspahic, in view of Carmignani, and further in view of Mallinson.
Regarding claim 13, Carmignani teaches the following,
The system of claim 11, comprising an authenticator, wherein the authenticator is configured to: 
obtain a first value from the processor; 
Regarding Carmignani: as an alternative to reconstructing a seed using the user device (“local device”), as discussed above in the rejection of claim 7 (see below), Carmignani also teaches reconstructing the seed using a “third party subsystem,” such as one of the nodes (“authenticator”). (Carmignani, [0048]) 
reconstruct the symmetric key from the first value and a second value owned by the authenticator; and 
This feature is similar to the features of claim 7, which was rejected as follows:
Carmignani teaches user device 60 may be configured to register a user and the device itself with the APSP and store encrypted seed material and encrypted biometric data in a distributed form on various nodes using any suitable threshold secret sharing (e.g., using Shamir's secret sharing). (Carmignani, first sentence [0046]) The examiner interprets the nodes as corresponding to an “authenticator.” Additionally, when one of the nodes reveals it’s seed share, as described in detail below, that seed share is stored on the user device 60 (“local device”) while the remaining seed share(s) are still located on the node(s) (“authenticator”). Carmignani teaches that a symmetric encryption key may be split between different nodes. (Carmignani, third from last sentence [0057])
Carmignani further teaches if the evaluation carried out by a particular network node is successful (e.g., if the evaluation indicates that the two biometric datapoints are from the same person with high probability), the particular network node may return its respective encrypted EBT share and/or its respective encrypted seed share to the APS user device. (Carmignani, middle of [0047]) Carmignani then teaches the success key can be revealed to the node (e.g., for enabling the node to partially decrypt the doubly encrypted seed share on the node and/or for enabling the node to partially decrypt the doubly encrypted EBT share on the node), all without the node ever having access to the EBT itself. (Carmignani, last sentence [0047]) Then, the user device 60 (“local device”) receives the partially decrypted seeds in order to rebuild the key. (Carmignani, [0048])
send the symmetric key to the processor.
Regarding Carmignani: as an alternative to reconstructing a seed using the user device (“local device”), as discussed above in the rejection of claim 7, Carmignani also teaches reconstructing the seed using a “third party subsystem,” such as one of the nodes (“authenticator”). (Carmignani, [0048]) Thus, the key is sent to the processor for use in decryption.
Patel, Kurspahic, and Carmignani does not appear to teach the following feature, 
verify an identity of the user; 
However, Mallinson does teach the above feature,
Mallinson teaches authenticating a user with a first secure application based on information received from a smart credential stored on a mobile device (“authenticator”). (Mallinson, second sentence of Abstract) The mobile device 14 with smart card 102 corresponds to “authenticator.”
Before the effective filing date of the invention, it would have been obvious to one of ordinary skill in the art to combine the teachings of Patel, which teaches an authentication being performed by a computer system 100 of fig. 1 (i.e., locally performed) that generates a private key to perform (authentication) operations, deletes the private key after the operation is performed, and then regenerates the key when another operation requires the key, with Kurspahic, which teaches that the Steps 325 and Step 330 of fig. 3 reconstructing two different portions of the decryption key (i.e., private key). (Kurspahic, [0061-61]), where a first combination of a portion of the key and the encrypted password may be stored in the user session and a second combination of a remaining portion of the key and the encrypted password may be stored in a database, as shown in fig. 2B (Kurspahic, last three sentences of Abstract), with Carmignani, which teaches dividing a seed, which is used to generate a key, over multiple devices to increase security.  One of ordinary skill in the art would have been motivated to perform such an addition to provide the capability to store a seed between multiple devices for the purpose of security.
Before the effective filing date of the invention, it would have been obvious to one of ordinary skill in the art to combine the teachings of Patel, which teaches an authentication being performed by a computer system 100 of fig. 1 (i.e., locally performed) that generates a private key to perform (authentication) operations, deletes the private key after the operation is performed, and then regenerates the key when another operation requires the key, with Kurspahic, which teaches that the Steps 325 and Step 330 of fig. 3 reconstructing two different portions of the decryption key (i.e., private key). (Kurspahic, [0061-61]), where a first combination of a portion of the key and the encrypted password may be stored in the user session and a second combination of a remaining portion of the key and the encrypted password may be stored in a database, as shown in fig. 2B (Kurspahic, last three sentences of Abstract), with Mallinson, which teaches a secure element / application, local device / computer, and authentication server communicating with each other using challenges to maintain authenticity in the communications. One of ordinary skill in the art would have been motivated to perform such an addition to provide the secure element / application, local device / computer, and authentication server the capability of maintaining authenticity when communicating with each other by  using challenges.


Conclusion
Any inquiry concerning this communication or earlier communications from the examiner should be directed to BRIAN WILLIAM AVERY whose telephone number is (571) 272-3942.  The examiner can normally be reached on 9AM-5PM.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Farid Homayounmehr can be reached on (571) 272-3739.  
Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system.  Status information for published applications may be obtained from either Private PAIR or Public PAIR.  Status information for unpublished applications is available through Private PAIR only.  For more information about the PAIR system, see https://ppair-my.uspto.gov/pair/PrivatePair. Should you have questions on access to the Private PAIR system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative or access to the automated information system, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.

/B.W.A./

/FARID HOMAYOUNMEHR/Supervisory Patent Examiner, Art Unit 2495