DETAILED ACTION
In the event the determination of the status of the application as subject to AIA  35 U.S.C. 102 and 103 (or as subject to pre-AIA  35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status.  
This Office Action is in response to the communication filed on 4/30/2021.
Claims 1-32 have been canceled.
Claims 33-53 are pending for consideration.

Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .

Information Disclosure Statement
The information disclosure statement (IDS) submitted on 5/5/2021 is in compliance with the provisions of 37 CFR 1.97.  Accordingly, the information disclosure statement is being considered by the examiner.

Claim Rejections - 35 USC § 112
The following is a quotation of 35 U.S.C. 112(b):
(b)  CONCLUSION.—The specification shall conclude with one or more claims particularly pointing out and distinctly claiming the subject matter which the inventor or a joint inventor regards as the invention.


The following is a quotation of 35 U.S.C. 112 (pre-AIA ), second paragraph:
The specification shall conclude with one or more claims particularly pointing out and distinctly claiming the subject matter which the applicant regards as his invention.


Claim 36 is rejected under 35 U.S.C. 112(b) or 35 U.S.C. 112 (pre-AIA ), second paragraph, as being indefinite for failing to particularly point out and distinctly claim the subject matter which the inventor or a joint inventor (or for applications subject to pre-AIA  35 U.S.C. 112, the applicant), regards as the invention.
Claim 36 recites the limitation "the mobile devices" in line 2.  There is insufficient antecedent basis for this limitation in the claim.

Claim Rejections - 35 USC § 102
The following is a quotation of the appropriate paragraphs of 35 U.S.C. 102 that form the basis for the rejections under this section made in this Office action:
A person shall be entitled to a patent unless –

(a)(1) the claimed invention was patented, described in a printed publication, or in public use, on sale, or otherwise available to the public before the effective filing date of the claimed invention.


Claims 33-50 are rejected under 35 U.S.C. 102(a)(1) as being anticipated by Zheng et al. (US 20150242609) (hereinafter Zheng).
Regarding claim 33, Zheng discloses a computer system for protecting access to one or more hardware devices using multi-level authentication with a hardware device password that is invisible to a user (Zheng: paragraph 0010, “The embodiments described herein provide a system and method for authenticating users on computing devices without requiring a user password”), the system comprising a mobile device and the hardware device, the mobile device including: a memory, the memory storing one or more invisible passwords (Zheng: see figure 1; and paragraph 0011, “The user authentication information may be, for example, a username or an account number. The remote authentication server communicates the user authentication information to the delegate module on the computing device”); an application in the memory (Zheng: paragraphs 0010 and 0012, “Applications that require authentication execute within an application container on a computing device. The application container may be a computing device operating system, or a browser application. In the context of a browser application operating environment, the other applications are web pages or web views displayed in the browser application. Upon receiving a request from one or more applications for user authentication information, a plug receiver module executing in the application container determines if a communication channel with a remote identification device has been established”); a wireless interface for communicating with the hardware device (Zheng: paragraphs 0010 and 0012, “Upon receiving a request from one or more applications for user authentication information, a plug receiver module executing in the application container determines if a communication channel with a remote identification device has been established”); and a processor coupled to the memory, the application and the wireless interface (Zheng: paragraphs 0010-0011 and 0029, “For example, the delegate module 112b may communicate a user interface object to be displayed by the computing device 110, the user interface object prompting the user to input a password or personal identification number or other suitable authentication information. This secondary authentication information may be stored by the delegate module 112b or may be read by the plug receiver module 112a from the remote identification device 120 and communicated to the delegate module 112b with the encrypted user secret code.”), the hardware device including: a memory (Zheng: see figure 1; and paragraph 0023, “The remote identification device 120 comprises a memory 122 that stores the user secret code in encrypted format only.”); a wireless interface for communicating with the mobile device (Zheng: paragraphs 0010, 0015-0016 and 0023, “Alternatively, the remote identification device 120 may be a wireless card device that connects to the computing device 110 using a wireless connection. Wireless remote identification devices 120 may further comprise an activator module 121. The activator 121 detects the user's intent to connect the remote identification device 120 to the computing device 110 and may detect touch, motion, or voice commands or interrogation of the device 120 by the computing device”); and a processor coupled to the memory and the wireless interface (Zheng: paragraphs 0015-0016 and 0025, “If the user wants to provide the requested authentication, the user will then connect the user's remote identification device 120 to the computing device 110 by either plugging the remote identification device 120 directly into the proper port on the computing device 120, or by engaging the activator 121 to establish a wireless connection with the computing device”); wherein the processor in the mobile device is configured to receive a unique hardware device identifier from the processor in the hardware device (Zheng: paragraph 0028, “the plug receiver module 112a reads or otherwise receives the encrypted user secret code stored on the remote identification device 120. The plug receiver module 112a communicates the encrypted user secret code to the delegate module 112b.”); wherein the application in the mobile device is configured to select, based upon the unique hardware device identifier, the invisible password for the hardware device (Zheng: paragraphs 0032-0033, “The remote authentication server 130 uses the decrypted user secret code to identify the user record with the corresponding assigned user secret code then may then read the user authentication information corresponding to the identified record. The user authentication information may be a user name, account number, password, or other user-specific identifying information. After identifying the corresponding authentication information, the remote authentication server 130 communicates the authentication information to the delegate module”); and the processor in the hardware device is configured to authenticate the application upon receipt of the invisible password, thereby protecting access using multi-level authentication (Zheng: paragraph 0034, “the delegate module 112a establishes an authenticated session by providing access to the authentication information to the one or more requesting applications”).
Regarding claim 37, claim 37 discloses a method claim that is substantially equivalent to the system of claim 33. Therefore, the arguments set forth above with respect to claim 33 are equally applicable to claim 37 and rejected for the same reasons.
Regarding claim 44, claim 44 discloses a method claim that is substantially equivalent to the system of claim 33. Therefore, the arguments set forth above with respect to claim 33 are equally applicable to claim 44 and rejected for the same reasons.
Regarding claim 34, Zheng further discloses comprising a remote computing storage, the remote computing storage for storing the one or more invisible passwords and the hardware device identifier and communicating with the application (Zheng: paragraphs 0011 and 0022, “the remote authentication server 130 stores the received user authentication information in a user record and assigns the record a corresponding user secret code”).
Regarding claim 35, Zheng further discloses wherein the remote computing storage is cloud storage (Zheng: paragraph 0041, “The storage media 2040 may also be part of one or more other computing machines that are in communication with the computing machine 2000 such as servers, database servers, cloud storage, network attached storage, and so forth.”).
Regarding claim 36, Zheng further discloses comprising at least one additional mobile device, the mobile devices each including a memory; an application in the memory, wherein the application is the same application as on the mobile device (Zheng: paragraph 0016, “Each network device 110 and 130 includes a device having a communication module capable of transmitting and receiving data over the network 105. For example, each network device 110, 120, and 130 can include a server, desktop computer, laptop computer, tablet computer, a television with one or more processors embedded therein and/or coupled thereto, smart phone, handheld computer, personal digital assistant ("PDA"), or any other wired or wireless, processor-driven device. In the example embodiment depicted in FIG. 1, the network devices 110, 120 are operated by end-users or consumers (not depicted) and the network device 130 is operated by authentication server operators (not depicted)”); a wireless interface for communicating with the hardware device and the remote computing storage (Zheng: paragraphs 0012 and 0029, “The delegate module then establishes an authenticated session for the one or more requesting applications. The plug receiver module monitors the connection with the remote identification device”); and a processor coupled to the wireless interface and the memory, the cloud storage configured to provide the invisible password to the additional mobile devices (Zheng: paragraphs 0014-0016, “in accordance with certain example embodiments. As depicted in FIG. 1, the system 100 includes network computing devices 110, 120, and 130 that are configured to communicate with one another via one or more networks”).
Regarding claims 38 and 45, Zheng further teaches comprising wirelessly sending the invisible password and the hardware identifier from the mobile device to a remote storage device (Zheng: paragraph 0022, the remote authentication server 130 stores the received user authentication information in a user record and assigns the record a corresponding user secret code.).
Regarding claims 39 and 46, Zheng further teaches comprising the remote storage device wirelessly sending the invisible password and the hardware identifier to one or more other mobile devices and the one or more mobile devices storing the invisible password and the hardware identifier (Zheng: paragraphs 0028 and 0032, “the remote authentication server 130 encrypts the authentication information prior to communicating the authentication information to the authentication module 112a. This encryption used to encrypt the user authentication information may be different than the encryption used to encrypt the user secret code and is used for secure transmission from the remote authentication server 130 to the computing device”).
Regarding claims 40 and 47, Zheng further teaches comprising the one or more other mobile devices receiving the hardware identifier transmitted from the hardware device, matching, at the one or more mobile devices, the hardware identifier with the same hardware identifier stored on the mobile device, selecting, at the one or more mobile devices, the invisible password based on the hardware device identifier, wirelessly transmitting the invisible password from the one or more mobile devices to the hardware device, and authenticating an application on each of the one or more the mobile devices at the hardware device upon receipt of the invisible password (Zheng: paragraph 0034, “the delegate module 112a establishes an authenticated session by providing access to the authentication information to the one or more requesting applications. In one example embodiment, the authentication information may be communicated directly to the one or more requesting applications 114. In another example embodiment, the authentication module 112a may provide a URL where the authentication information can be temporarily accessed by the one or more requesting applications. The requesting application does not have access to the user secret code at any point during the execution of method 200”).
Regarding claims 41 and 48, Zheng further teaches comprising a plurality of hardware devices each transmitting a unique hardware identifier to one or more mobile devices (Zheng: paragraphs 0016 and 0031, “Each network device 110 and 130 includes a device having a communication module capable of transmitting and receiving data over the network 105. For example, each network device 110, 120, and 130 can include a server, desktop computer, laptop computer, tablet computer, a television with one or more processors embedded therein and/or coupled thereto, smart phone, handheld computer, personal digital assistant ("PDA"), or any other wired or wireless, processor-driven device. In the example embodiment depicted in FIG. 1, the network devices 110, 120 are operated by end-users or consumers (not depicted) and the network device 130 is operated by authentication server operators (not depicted)”… “the delegate module 112b only communicates the encrypted secret code to the remote authentication server after receiving the encrypted secret code from the plug receiver module”).
Regarding claims 42 and 49, Zheng further teaches comprising providing one or more mobile devices with a token to permit access to the application (Zheng: paragraphs 0035-0036, “the authentication module 112a terminates the authenticated session with the one or more requesting applications 114 in response to detecting the remote identification device 120 has been disconnected or an expiration policy invoked. For example, the delegate module 112a may erase the authentication information previously made available to the authentication applications. In certain example embodiments, the delegate module 112a may execute a logout protocol that logs out the user or requires the requesting applications or browser application to shut down”).
Regarding claims 43 and 50, Zheng further teaches comprising revoking the token, thereby preventing access (Zheng: paragraphs 0035-0036, “the authentication module 112a terminates the authenticated session with the one or more requesting applications 114 in response to detecting the remote identification device 120 has been disconnected or an expiration policy invoked. For example, the delegate module 112a may erase the authentication information previously made available to the authentication applications. In certain example embodiments, the delegate module 112a may execute a logout protocol that logs out the user or requires the requesting applications or browser application to shut down”).

Claim Rejections - 35 USC § 103
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.

Claims 51-53 are rejected under 35 U.S.C. 103 as being unpatentable over Zheng in view of Park et al. (US 20190098113) (hereinafter Park).
Regarding claim 51, Zheng does not explicitly disclose the following limitation which is disclosed by Park, wherein the data are sensor data and are sent from the hardware device (Park: paragraphs 0091 and 0100-0101, “OT data may include data that is generated and/or updated in real-time as a result of operating the systems and devices that provide data to web services platform 102. For example, OT data may include timeseries data received from IoT devices 203 (e.g., sensor measurements, status indications, alerts, notifications, etc.),”).  Zheng and Park are analogous art because they are from the same field of endeavor, access protection.  Before the effective filing date of the claimed invention, it would have been obvious to one of ordinary skill in the art, having the teachings of Zheng and Park before him or her, to modify the system of Zheng to include the sensor data of Park.  The suggestion/motivation for doing so would have been to perform a variety data visualization, monitoring, and/or control activities (Park: paragraph 0116).
Regarding claim 52, Zheng does not explicitly disclose the following limitation which is disclosed by Park, wherein the data are sensor data and are sent from a plurality of hardware devices (Park: paragraphs 0091 and 0100-0101, “OT data may include data that is generated and/or updated in real-time as a result of operating the systems and devices that provide data to web services platform 102. For example, OT data may include timeseries data received from IoT devices 203 (e.g., sensor measurements, status indications, alerts, notifications, etc.),”).  Zheng and Park are analogous art because they are from the same field of endeavor, access protection.  Before the effective filing date of the claimed invention, it would have been obvious to one of ordinary skill in the art, having the teachings of Zheng and Park before him or her, to modify the system of Zheng to include the sensor data of Park.  The suggestion/motivation for doing so would have been to perform a variety data visualization, monitoring, and/or control activities (Park: paragraph 0116).
Regarding claim 53, Zheng does not explicitly disclose the following limitation which is disclosed by Park, wherein the data are software or firmware updates and are sent from one or more mobile devices (Park: paragraph 0130, “allows an operator to update gateway software remotely, modify or create configuration through a unified gateway and connected device management console. A management console can use gateway command handler 406 to manage many connected gateway devices. Logger 410 can be configured to perform system logging for performance optimization and diagnostics purposes. Registration 412 can be configured to register and provision software defined gateway 212 as a connected IoT device”).  Zheng and Park are analogous art because they are from the same field of endeavor, access protection.  Before the effective filing date of the claimed invention, it would have been obvious to one of ordinary skill in the art, having the teachings of Zheng and Park before him or her, to modify the system of Zheng to include the software and firmware updates of Park.  The suggestion/motivation for doing so would have been to perform a variety data visualization, monitoring, and/or control activities (Park: paragraph 0116).

Conclusion
The prior art made of record and not relied upon is considered pertinent to applicant's disclosure is listed here as follows:
Warren US 20190056132
Ekambaram US 20170034156 
Any inquiry concerning this communication or earlier communications from the examiner should be directed to TRANG T DOAN whose telephone number is (571)272-0740. The examiner can normally be reached Monday-Friday 7-4 ET.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Lynn D Feild can be reached on (571)272-2092. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. Visit https://www.uspto.gov/patents/apply/patent-center for more information about Patent Center and https://www.uspto.gov/patents/docx for information about filing in DOCX format. For additional questions, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.





/TRANG T DOAN/Primary Examiner, Art Unit 2431