DETAILED ACTION
 	Claims 1-21 are pending.  Claims 1, 11 and 20 are amended. Claim 21 is new. This is in response to Applicant’s Request for continued examination filed on August 29, 2022.

Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .

Continued Examination Under 37 CFR 1.114
A request for continued examination under 37 CFR 1.114, including the fee set forth in 37 CFR 1.17(e), was filed in this application after final rejection.  Since this application is eligible for continued examination under 37 CFR 1.114, and the fee set forth in 37 CFR 1.17(e) has been timely paid, the finality of the previous Office action has been withdrawn pursuant to 37 CFR 1.114.  Applicant's submission filed on August 29, 2022 has been entered.
 
Response to Arguments
	Regarding to the 103 rejection to claims 1, 11 and 20, Applicant’s arguments with respect to the claims have been considered but are moot because a new ground of rejection which is necessitated by the amendment to the claims.
	

Claim Rejections - 35 USC § 103
In the event the determination of the status of the application as subject to AIA  35 U.S.C. 102 and 103 (or as subject to pre-AIA  35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status.  
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.

Claims 1, 4-7, 11, 14-17 and 20-21 are rejected under 35 U.S.C. 103 as being unpatentable over PG Pub 20190036914 (Hereinafter Tzur-Davis) in view of PG Pub 20200244459 (hereinafter Hu)
 	Regarding claim 1, Tzur-David disclose a device, comprising: 
 	one or more hardware processors configured to: 
 	send, to a server, a request for requested information, wherein the request includes identifying information associated with a user (Abstract, Fig. 5 and par. [0137]-[0143] discloses a password management system where a user sends a token which obtained during a prior one-time enrollment process to request for a one-time password (OTP)); 
  	receive, from the server, at least two pieces of information over different transmission channels (par. [0139]-[0140] discloses OPT1 and OTP2 sent from two different channels to the client device); 
 	send, to the server, recovered security data that is generated based at least in part on the at least two pieces of information, wherein the server is configured to determine whether the recovered security data matches stored security data (par. [0141]-[0142] discloses the client device constructs the OTP based on the received OPT1 and OTP2. Note that Tzur-Davis discloses the SEU211 constructs the OPT for the client device but also stated “…SEU 231 and SEU 211 (or both server 211 and computing device 210) have the OTP…”. This implies the SEUs can be integral parts of both the client and the server which would not change the invention. This OTP is used for login); 
	Note that par. [0137] discloses “…each time a user of computing device 210 logs into server 211, a token or code is sent from device 210 to server 211 as shown by arrow 510 thus starting the flow…”. And par. [0143] discloses “…in addition to, sharing an OTP as described, an encryption key may be shared…for encrypting data exchanged between [the server and the client]…” in which the encryption key can be constructed the same way as the OTP. Therefore, it would be obvious before the effective filing date of the claimed invention to modify Tzur-Davis as an obvious variation, using known technique to improve the invention in the same way, that the embodiment of Fig. 6 for a transaction request could include the login process above where the token sent to the server to take place for every communication and the request can include an encrypted message/notification sent to a device or a washing machine (e.g. the client) as disclosed in par. [0073] or Fig. 13A, par. [0287]. Hence, Tzur-Davis discloses receive, from the server, protected requested information (encrypted message/notification) associated with the request; and use the recovered security data (encryption key)) to recover unprotected requested information based at least in part on the protected requested information; and 
 	Tzur-Davis does not expressly discloses embed a watermark in the unprotected requested information (e.g. the message/notification presented above) using a watermark embedding module at the device, wherein the watermark comprises the identifying information associated with the user. Hu discloses watermarking unprotected data on a client device that utilized to access documents, images, and videos that might not be stored on the client device, but potentially sensitive content can be shown on the display of the client device (Hu, par. [0024]-[0025] and [0028]-[0030] discloses the watermarking fingerprint based on user identity applied to a payload (e.g. the message/notification presented above in view of Tzur-Davis) sent to the client device. Note that the watermarking process also can be performed within the client application (par. [0039])). Therefore, it would be obvious before the effective filing date of the claimed invention to modify Tzur-Davis with Hu to further teach the aforementioned watermarking features in order to improve the security of transmitting sensitive data using watermarking for combat of information leaks while preserving an appropriate end-user experience (Hu, par. [0009]-[0010]).
 	Regarding claims 4-5, Tzur-David discloses wherein the one or more hardware processors are further configured to present a first piece of information of the at least two pieces of information at a first user interface of a first client application corresponding to a first transmission channel, wherein the one or more hardware processors are further configured to present a second piece of information of the at least two pieces of information at a second user interface of a second client application corresponding to a second transmission channel (par. [0100] and [0140]-[0141] disclose different channels such as SSL, push notification, SMS, in-band or out-of-band channel).

Regarding claim 6, Tzur-David discloses “Any function, mathematical function or mathematical computation … may be applied to a secret in order to determine or generate an encryption key, seed or other value that may be used for securing a communication channel. For example, to generate an encryption key that may be used to encrypt data or otherwise secure and authenticate a communication channel … between computing device 210 and network device 220, a coefficient of a polynomial determined, discovered or identified as described may be multiplied by two, divided by three and the like, and the result may be the encryption key …a function may be applied, independently by each of the first and second devices, to the first and second values. For example, the first and second values may be used, independently, by the first and second devices to calculate, define or determine a third value. For example, a mathematical function may combine, convert or otherwise manipulate the first and second values to generate an encryption key…” (par. [0085] and [0112]). Thus, Tzur-Davis teaches wherein a first piece of information of the at least two pieces of information comprises encrypted data and a second piece of information of the at least two pieces of information comprises information associated with decryption, and wherein the one or more hardware processors are further configured to generate the recovered security data by using the second piece of information to decrypt the first piece of information. For example, if the first value sent in one channel is the result of the coefficient of a polynomial may be multiplied by two, divided by three and the like and the second value sent in another channel is one of the multiplied by two, divided by three in order to reconstruct the coefficient of the polynomial. 	Regarding claim 7, based on same reasoning presented in claim 6 rejection, Tzur-David further discloses wherein the one or more hardware processors are further configured to generate the recovered security data by arranging a first piece of information of the at least two pieces of information and a second piece of information of the at least two pieces of information in accordance with respective sequence numbers. Since it is possible within the teaching of Tzur-David. For example, one can split the coefficient of a polynomial to use the first value as the first part of coefficient of the polynomial and the second value as the second part of the coefficient of the polynomial in a sequence.

	Regarding claims 11 and 20, the claims are rejected in view of claim 1 rejection.

 	Regarding claims 14-17, the claims are rejected in view of claims 4-7 rejections respectively.

	Regarding claim 21, Tzur-David discloses wherein the different transmission channels comprise a first transmission channel and a second transmission channel, wherein the first transmission channel is associated with a first application that is accessible using a first set of authentication credentials and the second transmission channel is associated with a second application that is accessible using a second set of authentication credentials (see claim 4-5 rejection for different channels (e.g. applications) that received OPT1 and OTP2  as presented in claim 1 rejection), and 
 wherein the one or more hardware processors are further configured to: obtain the request for requested information via a third application; and Application Serial No. 16/820,360 Attorney Docket No. ALIBP4236wherein to send, to the server, the recovered security data that is generated based at least in part on the at least two pieces of information, wherein the server is configured to determine whether the recovered security data matches stored security data comprises to: combine the at least two pieces of information into the recovered security data; and submit the recovered security data to the server via the third application (Fig. 7 and par. [0160]-[0164]) disclose another embodiment that entity 740 receives the two OTP parts from intermediate entities 720 and 730 as in-band and/or out-of-band channels that can be logical channels (e.g. applications) on entity 740 (e.g. client device) presented in claim 4-5 rejection. Hence, the entity 740 as the third application).


Claims 2-3 and 12-13 rejected under 35 U.S.C. 103 as being unpatentable over Tzur-Davis in view of Hu and further in view of PG Pub 20190066114 (hereinafter Ross) 	Regarding claims 2-3, Tzur-David discloses the token may be any value, code, key or data object or digital information unique value a user (par. [0137]). Hence, a token can represent biometric information of a person is well known in the art. For example, Ross discloses this feature (par. [0022] and [0030]).  Therefore, it would be obvious before the effective filing date of the claimed invention to modify Tzur-Davis and Hu with Ross to further teach obtain a biometric attribute associated with the user; and determine whether the biometric attribute associated with the user can be verified using stored identifying information associated with the user wherein the biometric attribute comprises one or more of the following: a facial feature, a fingerprint feature, and a pupil feature. One would have done so using known token creation process to arrive at the claim invention with reasonable expectation for success.
Regarding claims 12-13, the claims are rejected in view of claim 2-3 rejection.
 	
Claims 8-9 and 18 are rejected under 35 U.S.C. 103 as being unpatentable over Tzur-Davis in view of Hu and further in view of PG Pub 20170359717 (hereinafter Adler) 	Regarding claim 8, although Tzur-David teaches reconstructing encryption key to decrypt a message (e.g. document) as in the washing machine embodiment presented above but it is known in the art using a key to obtain another key for decryption is nothing but a double encryption or derive a key based on another key. For example, Alder discloses a shared linked key is generated after two devices communicated with each other to provide data to generate the shared link key. The linked key is then used to derive another key for decryption (Fig. 7, par. [0097]-[0102]). Therefore, it would be obvious before the effective filing date of the claimed invention to modify Tzur-Davis and Hu with Adler to further teach wherein the protected requested information comprises an encrypted document, wherein to use the recovered security data to recover the unprotected requested information based at least in part on the protected requested information comprises to: use the recovered security data to determine a determined key; and use the determined key to decrypt the encrypted document. One would have done so using known key derivation process to arrive at the claim invention with reasonable expectation of success. 	Regarding claim 9, Adler teaches wherein to use the recovered security data to determine the determined key comprises to input the recovered security data into a function that generates outputs of a preset length (par. [0035] discloses a key length can be 128bits or 256bits). 
Regarding claim 18, the claim is rejected in view of claim 8 rejection.

Claims 10 and 19 are rejected under 35 U.S.C. 103 as being unpatentable over Tzur-Davis in view of Hu and Adler and further in view of PG Pub 20170357817 (Tamura) 	Regarding claim 10, as presented in claim 8 rejection for key derivation is well-known. Furthermore, decrypting an encryption key that used for encrypting document is also well-known. Tamura teaches this feature (claim 1, par. [0021] disclose metadata (e.g. document) is encrypted by an encryption key and the encryption key is encrypted. To decrypts the encrypted metadata encryption key using a decryption key derived from entropy supplied by a user). Therefore, it would be obvious before the effective filing date of the claimed invention to modify Tzur-Davis, Hu  and Adler with Tamura to further teach wherein the protected requested information comprises an encrypted document, wherein to use the recovered security data to recover the unprotected requested information based at least in part on the protected requested information comprises to: use the recovered security data to determine a determined key; receive an encrypted document-specific key; use the determined key to decrypt the encrypted document-specific key; and use the decrypted document-specific key to decrypt the encrypted document. One would have done so using known key derivation and decrypting wrapped key processes to arrive at the claim invention with reasonable expectation of success.
Regarding claim 19, the claim is rejected in view of claim 10 rejection.


Inquiry communication 	Any inquiry concerning this communication or earlier communications from the examiner should be directed to TRI M TRAN whose telephone number is (571)270-1994. The examiner can normally be reached Mon-Fri: 9am-5pm.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Jeffrey Nickerson can be reached on (469)295-9235. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. Visit https://www.uspto.gov/patents/apply/patent-center for more information about Patent Center and https://www.uspto.gov/patents/docx for information about filing in DOCX format. For additional questions, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.

/TRI M TRAN/Primary Examiner, Art Unit 2432