Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .
DETAILED ACTION
1.	This is in response to the applicant's communication filed on 06/07/2022, wherein: 
Claims 1, 4-10, 12-14, 17-19 and 22-24 are pending.   Claims 2-3, 11, 15-16 and 20-21 have been previously cancelled by the Applicant.  
Claim Rejections - 35 USC § 103
2.	The following is a quotation of 35 U.S.C. 103(a) which forms the basis for all obviousness rejections set forth in this Office action:
(a) A patent may not be obtained though the invention is not identically disclosed or described as set forth in section 102 of this title, if the differences between the subject matter sought to be patented and the prior art are such that the subject matter as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which said subject matter pertains.  Patentability shall not be negatived by the manner in which the invention was made.


The factual inquiries set forth in Graham v. John Deere Co., 383 U.S. 1, 148 USPQ 459 (1966), that are applied for establishing a background for determining obviousness under 35 U.S.C. 103(a) are summarized as follows:
1.	Determining the scope and contents of the prior art.
2.	Ascertaining the differences between the prior art and the claims at issue.
3.	Resolving the level of ordinary skill in the pertinent art.
4.	Considering objective evidence present in the application indicating obviousness or nonobviousness.


3.	Claims 1, 4-7, 10, 12-14, 17-19 and 22-24 are rejected under 35 U.S.C. 103(a) as being unpatentable over Berman et al (US 2015/0121482 A1), in view of Caldeira De Andrada et al; (US 2015/0121496 A1):
4.	Independent claims 1, 14 and 19:  Berman teaches a method and system comprising:
receiving, at a computing device (e.g., server/proxy server in paras 0044-0045, figs. 1-2) over a network, an access request from a first user device (e.g., laptop or desktop computer/receiver device in para 0044-0045, 0011), the access request identifying a secure web-based resource {e.g., email service(s), banking service(s) brokerage service(s), utility service(s), social network(s), online store(s)…etc., in paras 0002, 0023 in context with paras 0044-0045} on the network that the first user device wants to access (step/limitation 1) {At least paras 0044-0045, 0011 in context with para 0002. Also see fig. 2 step 210 in para 0021};
identifying, via the computing device, in response to receiving the access request from the first user device (e.g., laptop or desktop computer/receiver device in para 0044-0045, 0011), device information of a second user device (e.g., mobile device/transmitter device in paras 0044-0045, 0011) associated with the user, said second device information comprising an identifier (e.g., unique identifier e.g., mobile directory number/MDN…etc., in paras 0013, 0018, 0045) for communicating with said second user device (e.g., mobile device/transmitter device in para 0044-0045, 0011), the second user device being a previously registered (paras 0044-0045 in context with paras 0017, 0021, 0027) device of the user (step/limitation 2) {At least paras 0044-0045 in context with paras 0013, 0017-0018, 0021 and 0027};
communicating, via the computing device, a message to said second user device (e.g., mobile device/transmitter device in para 0044-0045, 0011) based on said identifier (e.g., unique identifier e.g., mobile directory number/MDN…etc., in paras 0013, 0018, 0045), said message prompting the second user device (e.g., mobile device in paras 0044-0045, 0011) to authenticate the user (step/limitation 3) {At least paras 0044-0045 in context with paras 0013, 0018};
receiving, via the computing device over the network, the authentication information (e.g., information identifying the transmitter device/mobile device along e.g., username or a MDN along with authentication credentials in para 0023) of the user from said second user device (e.g., mobile device/transmitter device in paras 0044-0045, 0011), said received authentication information is used to determine whether the user is granted access to the second user device (para 0013 in context with para 0023-0024) (part of step/limitation 4) {At least fig. 2 paras 0023-0027, 0030, steps 230, 240 and 250 and para 0044.  See example in para 0020}; and
communicating to the first user device (e.g., laptop or desktop computer/receiver device in paras 0044-0045, 0011, 0014, 0030), via the computing device, a response to the access request based on the received authentication information, said response enabling the first user device (e.g., laptop or desktop computer/receiver device in paras 0044-0045, 0011, 0014, 0030) access to the secure web-based resource on the network when said authentication information is determined that the user is authenticated on the second user device (para 0013)  (part of step/limitation 5) {At least fig. 2 paras 0023-0027 especially paras 0023-0024, 0030 steps 230, 240 and 250 especially step 250 in para 0030}.
However, Berman does not explicitly teach the underlined features: “receiving, via the computing device over the network, an outcome determination of the authentication of the user from said second user device, said outcome determination indicating whether the user is granted access to the second user device (part of step/element 4); and “communicating to the first user device, via the computing device, a response to the access request based on the received outcome determination, said response enabling the first user device access to the secure-web-based resource on the network when said outcome determination indicates that the user is authenticated on the second user device” (part of step/element 5).
	 Caldeira De Andrada teaches:
receiving an outcome determination (e.g., proxy server receives indication the biometric scan was successful in para 0023) of the authentication of the user from said second user device (e.g., a mobile device), said outcome determination indicating whether the user is granted access to the second user device (e.g., mobile device provide/send an indication whether the biometric scan was successful in para 0023) {At least see fig. 2 especially paras 0023-0024, see the biometric scan may be taken at the mobile device and verified based on data stored locally at the mobile device.  The mobile device may send, to the proxy server, an indication whether the biometric scan was successful without sending the user’s biometric information.  Thus, the user may be able to use biometric data to authenticate him/herself without providing the biometric data to a server that is not controlled by the user},
communicating to the first user device (e.g., web access device in fig. 2), via the computing device, a response to the access request (para 0020 of fig. 2) based on the received outcome determination (e.g., biometric scan was successful in para 0023 of fig. 2), said response enabling the first user device (e.g., web access device in fig. 2, para 0030 in context with paras 0023-0024) access to the secure-web-based resource on the network when said outcome determination indicates that the user is authenticated on the second user device  (e.g., a mobile device in para 0023 of fig. 2) {At least fig. 3 para 0030 in context with paras 0023-0025}.
Therefore, it would have been obvious to one of ordinary skill in the art at the time of the invention to modify “receiving, via the computing device over the network, the authentication information of the user from said second user device, received authentication information is used to determine whether the user is granted access on the second user device; and communicating to the first user device, via the computing device, a response to the access request based on the received authentication information, said response enabling the first user device access to the secure web-based resource on the network when said authentication information is determined that the user is authenticated on the second user device” of Berman to include “receiving, via the computing device over the network, an outcome determination of the authentication of the user from said second user device, said outcome determination indicating whether the user is granted access to the second user device  and communicating to the first user device, via the computing device, a response to the access request based on the received outcome determination, said response enabling the first user device access to the secure-web-based resource on the network when said outcome determination indicates that the user is authenticated on the second user device”, taught by Caldeira De Andrada.  One would be motivated to do this in order to enable the user, via second device (e.g., mobile device), use biometric data to authenticate him/herself without providing the biometric data to a server that is not controlled by the user {Caldeira De Andrada:  para 0023}.   
5.	Claims 4 and 17:  The combination of Berman and Caldeira De Andrada teaches the claimed invention as in claims 1 and 14.  The combination further teaches determining that an application is installed on the second user device (e.g., mobile device/transmitter device) to receive the message and display said message prompt {Berman: At least para 0011 in context with para 0044 and fig. 2 paras 0023-0027}, and also {Caldeira De Andrada: At least para 0021, 0024}.
6.	Claim 5:  The combination of Berman and Caldeira De Andrada teaches the claimed invention as in claims 4 and 17.  The combination further teaches wherein said application is a dedicated application configured to receive said message, display said prompt and determine said outcome determination {Berman:  At least para 0011, 0013 in context with para 0044 and fig. 2 paras 0023-0027}, and {Caldeira De Andrada: At least fig. 2 para 0023 in context with paras 0021, 0024}.
7.	Claim 6:  The combination of Berman and Caldeira De Andrada teaches the claimed invention as in claim 4.  Berman further teaches wherein said application is associated with the web-based resource (para 0011 in context with para 0002, 0023) and is configured to receive said message, display said prompt and determine said outcome determination {At least para 0011 in context with para 0044 and fig. 2 paras 0023-0027, 0030}.  Caldeira De Andrada also teaches this limitation in at least fig. 2 paras 0020-0030 especially paras 0021, 0022-0025, 0029-0030}. 
8.	Claim 10:  The combination of Berman and Caldeira De Andrada teaches the claimed invention as in claim 1.  Berman further teaches wherein said second user device (e.g., mobile device/transmitter device in para 0044-0045, 0011) is a personal mobile device of the user {At last paras 0011, 0023, 0044}.  Caldeira De Andrada also teaches this limitation in at least fig. 2 especially para 0021, 0023 in context with para 0017}. 
9.	Claim 12:  The combination of Berman and Caldeira De Andrada teaches the claimed invention as in claim 1.  The combination further teaches wherein said access request comprises an identifier associated with the user {Berman:  At least fig. 2 para 0021-0022}.
10.	Claim 13:  The combination of Berman and Caldeira De Andrada teaches the claimed invention as in claim 1.  Berman further teaches wherein said access request comprises an indication from the user related to controlling security information set up by the user related to accessing the secure web-based resource {At least fig. 2 para 0021-0022, 0027 see in the registration process, the user register/indicate which his/her personal computer as a receiver device (laptop/desktop device in para 0011) to be able to access secure resource(s) using the personal computing device…., to receive login credentials from which mobile phone(s) of the user(s)….etc.,}, wherein said response enables the user to control said security information {At least fig. 2 paras 0023-0027, 0030 in context with paras 0021-0022}.
11.	Claims 22-24:  The combination of Berman and Caldeira De Andrada teaches the claimed invention as in claims 1, 14 and 19.  Berman further teaches wherein said response comprises an error message when said outcome determination indicates that said authentication is insufficient to permit access to the second user device {At least paras 0034, 0040-0042 of fig. 3 in context with fig. 2 paras 0023-0027,0030}.  
12.	Claims 7 and 18:  The combination of Berman and Caldeira De Andrada teaches the claimed invention as in claims 1 and 14.  The combination further teaches wherein said authentication is based on at least one of a PIN {Berman:  e.g., user name or MDN in paras 0023, 0013}, and also {Caldeira De Andrada: paras 0021, 0024}, and biometric information {Caldeira De Andrada: At least para 0023}.
	Therefore, it would have been obvious to one of ordinary skill in the art at the time of the invention to modify “wherein said authentication is based on at least one of a PIN” of the combination of Berman and Caldeira De Andrada to include “wherein authentication is based on a biometric information”, taught by Caldeira De Andrada.  One would be motivated to do this in order to increase security in authenticating the user, which in turn would reduce fraudulent. 
13.	Claims 8 and 9 are rejected under 35 U.S.C. 103(a) as being unpatentable over Berman et al (US 2015/0121482 A1), in view of Caldeira De Andrada et al; (US 2015/0121496 A1), and further in view of Fryc; (US 2016/0241658 A1):
14.	Claim 8: The combination of Berman and Caldeira De Andrada teaches the claimed invention as in claim 1.  The combination does not explicitly teach the underlined feature: wherein said message communicated to the second user device is a push message.
	Fryc teaches a general concept of a message communicated to a user mobile device is a push message {At least para 0052}.
	Therefore, it would have been obvious to one of ordinary skill in the art at the time of the invention to modify “communicating a message to said second user device” of the combination of Berman and Caldeira De Andrada to include “a message communicated to a user mobile device is a push message”, taught by Fryc.  One would be motivated to do this since push notification/push message help retain user, grab a user's attention with a quick-to-the-point alert and call to action.
15.	Claim 9: The combination of Berman and Caldeira De Andrada teaches the claimed invention as in claim 1.  The combination does not explicitly teach the underlined feature: “wherein said message communicated to the second user device is an encrypted message”.
	Fryc teaches a general concept of a message communicated to a user mobile device is an encrypted message {At least para 0052}.
Therefore, it would have been obvious to one of ordinary skill in the art at the time of the invention to modify “communicating a message to said second user device” of the combination of Berman and Caldeira De Andrada to include “a message communicated to a user mobile device is an encrypted message”, taught by Fryc.  One would be motivated to do this in order to increase security in transmitting data/information.   
Prior Art that is pertinent to Applicant’s disclosure
16.	The prior art made of record and not relied upon is considered pertinent to applicant's disclosure. Astrand et al; (US 2008/0209213 A1), wherein teaches the system enables users to access secure web-based resources on a network from a first device (e.g. access a web based online back account via laptop or desktop computer) by an authenticated second device (e.g. a mobile phone). A user can gain access to a secure web-based resource on a network from their computer without the use of a password or entry of credentials on that computer in at least Abstract, paras 0002, 0010, 0018-0019, 0027, claims 1,9,17-18 and 26.   Furthermore, see additional art cited in PTO-892.   
Response to Arguments
17.	Applicant’s arguments regarding 102 filed on 06/07/2022 have been fully considered and are persuasive.  Therefore, a second non-final OA has been provided.  
Please see new ground of rejection by adding new reference: Caldeira De Andrada et al; (US 2015/0121496 A1) to the rejections above.  
Conclusion
Any inquiry concerning this communication or earlier communications from the examiner should be directed to Thuy Nguyen whose telephone number is 571-272-4585.  The examiner can normally be reached on Mon-Fri, 8:30 am to 5:00 pm.
If attempts to reach the examiner by telephone are unsuccessful, the Examiner’s supervisor, Hajime Rojas can be reached on 571-270-5491.  The FAX number for the organization where this application or proceeding is assigned is 571-273-8300.  
Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system.  Status information for published applications may be obtained from either Private PAIR or Public PAIR.  Status information for unpublished applications is available through Private PAIR only.  For more information about the PAIR system, see http://pair-direct.uspto.gov. Should you have questions on access to the Private PAIR system, contact the Electronic Business Center (EBC) at 1866-217-9197 (toll-free).
/THUY N NGUYEN/Examiner, Art Unit 3681