Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions. 
In the event the determination of the status of the application as subject to AIA  35 U.S.C. 102 and 103 (or as subject to pre-AIA  35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status. 

DETAILED ACTION
Claims 1-20 are pending in this office action. 

Priority
No foreign priority is claimed.

Specification
The lengthy specification has not been checked to the extent necessary to determine the presence of all possible minor errors.  Applicant's cooperation is requested in correcting any errors of which applicant may become aware in the specification.
Information Disclosure Statement
The information disclosure statements (IDS's) submitted on 03/10/2020 are in compliance with the provisions of 37 CFR 1.97. Accordingly, the information disclosure statements are being considered by the examiner.


Double Patenting
The nonstatutory double patenting rejection is based on a judicially created doctrine grounded in public policy (a policy reflected in the statute) so as to prevent the unjustified or improper timewise extension of the "right to exclude" granted by a patent and to prevent possible harassment by multiple assignees. A nonstatutory obviousness-type double patenting rejection is appropriate where the conflicting claims are not identical, but at least one examined application claim is not patentably distinct from the reference claim(s) because the examined application claim is either anticipated by, or would have been obvious over, the reference claim(s). See, e.g., In re Berg, 140 F.3d 1428, 46 USPQ2d 1226 (Fed. Cir. 1998); In re Goodman, 11 F.3d 1046, 29 USPQ2d 2010 (Fed. Cir. 1993); In re Longi, 759 F.2d 887, 225 USPQ 645 (Fed. Cir. 1985); In re Van Omum, 686 F.2d 937, 214 USPQ 761 (CCPA 1982); In re Vogel, 422 F.2d 438, 164 USPQ 619 (CCPA 1970); and In re Thorington, 418 F.2d 528, 163 USPQ 644 (CCPA 1969).
A timely filed terminal disclaimer in compliance with 37 CFR 1.321 (c) or 1.321 (d) may be used to overcome an actual or provisional rejection based on a nonstatutory double patenting ground provided the conflicting application or patent either is shown to be commonly owned with this application, or claims an invention made as a result of activities undertaken within the scope of a joint research agreement.
Effective January 1, 1994, a registered attorney or agent of record may sign a terminal disclaimer. A terminal disclaimer signed by the assignee must fully comply with 37 CFR 3.73(b).
Claims 1-20 are rejected on the ground of nonstatutory obviousness-type double patenting as being unpatentable over claims 1-20 of US Application # 16/671,800, now US Patent # 11,063,937 (referred to as ‘937 hereinafter). Although the conflicting claims are not identical, they are not patentably distinct from each other because the instant application claims are anticipated and covered by similar subject matter as that of the above claims of ‘937. Particularly – (1) the instant independent claims 1, 11 and 19 are anticipated by relatively narrower claims 1, 11 and 19 of ‘937. (2) the instant dependent claims 2, 12 and 20 are each covered by the limitations of each of the claim pairs 1 and 2; 11 and 12; and 19 and 20 of ‘937. (3) the instant claims 3-10 are anticipated by claims 3-10 respectively of ‘937. (4) Further, the remaining instant dependent claims 13-18 have similar limitations as those of instant claims 3-8 resp., and are also anticipated by claims 3 and 13, and claims 14-17 and 8 resp. of ‘937. Thus, as various limitations in the above claims of ‘937 cover the limitations of the instant claims, the instant claims are not patentably distinct from claims 1-20 of ‘937.
Further, conflicting claims are method, system/apparatus or computer-readable medium claims. The method claims in either application are for carrying out claimed limitations by at least one processor in a computing environment of apparatus or system claims, wherein, the limitations of the instant claims are anticipated by limitations of ‘937. The computer readable medium claims carry out method steps by at least one processor in a computing environment of the system, wherein, the limitations of the instant claims are anticipated by limitations of ‘937 claims. It would be obvious to be able to carry out steps of a method, using a processor of an apparatus or by computer executable computer program product code stored in a statutory computer readable medium executed by a processor.
This is a non-provisional obviousness type double patenting rejection because the conflicting claims have been patented.


Claim Rejections - 35 USC § 103
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.

Claims 1, 3-11, 13-19 are rejected under 35 U.S.C. 103 as being unpatentable over Sabin et al. (US 2015/0156198 A1, hereinafter Sabin), in view of Hong et al. (US 2016/0314462 A1, Hong hereinafter).
For claim 1, Sabin teaches a system for user authentication using images, comprising: hardware processing circuitry; a hardware memory storing instructions (Fig. 1; para 0016, 0021, 0081-0082) that, when executed, configure the hardware processing circuitry to perform operations comprising: receiving, at a server, a request from a second device to access a secured resource associated with a first device (para 0037-0039, 0044-0048, 0056, 0058 - scanned image of the QR code is further processed, signed, and sent from a user’s computing device (second device) which can be different from the device that received the original verification image on the web, wherein the proxy authentication service and/or the identity service receive the scanned image as a credential);
in response to receiving the request, receiving, at the server, from the second device, information associated with an image of an authentication object displayed on a screen of the first device, the image of the authentication object that is displayed on the screen of the first device visually encoding a user identity of the user of the first device; determining, at the server, that the information corresponds to the user of the first device; and in response to determining that the information corresponds to the user of the first device, enabling the second device to access the secured resource (para 0058-0066 – authentication using scanned authentication code, and the access to the requested website provided via authenticated session for the requesting user, QR code as visually encoding user identity with embedded number data, which is later decoded and checked, i.e. the number and the QR code are expected to be as predetermined for the requested web resource; also para 0038, 0041-0043, 0061-0066 - a unique number that was assigned to the user (user identity) embedded in one part of the code is encoded and then acquired via decoding)
Although Sabin discloses various types of arrangements for sending and receiving QR code images along with other data included therein, including identity service and proxy authentication manager that carry out authentication process, Sabin does not explicitly disclose receiving a data generated from the authentication object, at the server. However, proxy server and an identity/authentication manager that work together for authentication can be re-arranged and combined into one server. It would have been obvious to one of ordinary skill in the art before the effective filing date of the invention to integrate or separate different components of Sabin’s system, since it has been held that - (a) rearranging parts of an invention involves only routine skill in the art. In re Japikse, 86 USPQ 70 (b) forming in one piece an article which has formerly been formed in two pieces and put together involves only routine skill in the art. Howard v. Detroit Stove Works, 150 U.S. 164 (1993) and (c) constructing a formerly integral structure in various elements involves only routine skill in the art. Nerwin v. Erlicnrnan, 168 USPQ 177, 179). Please note that in the instant application, applicant has not disclosed any criticality for the claimed limitations in specification.
Further, although it would be obvious that authentication prompts (such as images) are presented in response to a direct or inherent request for authentication (para 0030, 0035-0036, 0045, 0059 of Sabin are indicative of the same), Sabin does not appear to explicitly teach, however Hong teaches receiving, at a server, a resource access request from a second device or a mobile device, and receiving image data from the second device for user identity verification, and providing a response to the request (para 0010 - transmittal of authentication QR code based on request). It would have been obvious to one of ordinary skill in the art before the effective filing date of the invention to respond to a request as part of a well-known request-response approach utilized for authentication process, thereby providing information when requested as part of a secure methodology of information transfer.

For claim 3, Sabin in view of Hong teaches the claimed subject matter as discussed above, and Sabin further teaches the operations further comprising: causing capturing the image of the authentication object by the second device to generate the information (para 0015, 0035-0037, 0058-0066 – authentication using scanned authentication code, and the access to the requested website provided via authenticated session for the requesting user, wherein the  QR code visually encodes user identity, and  the QR code image is captured and presented on screens of each of the respective devices, and may be further captured by another device); and 
determining, by the server, that a given user's identity has not been verified upon determining that the information does not correspond to the user identity of the user of the first device (Fig. 2; para 0040, 0062, 0065-0066 - proper authentication process, or in other words, authentication unsuccessful in case or failed verification, wherein the authentication is not confirmed).

For claim 4, Sabin in view of Hong teaches the claimed subject matter as discussed above, and Sabin further teaches wherein determining, at the server, that the information corresponds to the user identity of the user of the first device comprises: decoding data encoded in a scanned image; and determining that the decoded data corresponds to data which was encoded into a user identity verification image (para 0061-0066 - QR code and the embedded number data are decoded and checked, i.e. the number and the QR code are expected to be as predetermined for the requested web resource).

For claim 5, Sabin in view of Hong teaches the claimed subject matter as discussed above, and Sabin further teaches the operations further comprising identifying, at the server, the user by determining whether a scanned image includes data from one of a plurality of user identity verification images provided to a plurality of users (para 0034, 0047-0048, 0056 - QR codes are stored at the identity or authentication proxy server, wherein a plurality of devices/users are associated with those).

For claim 6, Sabin in view of Hong teaches the claimed subject matter as discussed above, and Sabin further teaches decoding data from a first portion of a scanned image to determine the user's identity (para 0038, 0041-0043, 0061-0066 - a unique number that was assigned to the user (user identity) embedded in one part of the code is acquired via decoding); and comparing data decoded from a second portion of the scanned image with data associated with a user identity verification image provided to the first device, wherein the first portion is different from the second portion (para 0061-0067 - identity service and proxy authentication determine validity of the decrypted code which includes first portion comprising the unique number, and a remaining second portion, checked for validity).

For claim 7, Sabin in view of Hong teaches the claimed subject matter as discussed above, and Sabin further teaches mapping an optical barcode to the user's identity; and generating, by the server, a user identity verification image to include a geometric shape with a custom pattern and the optical barcode within the geometric shape (Fig. 1; para 0002, 0019, 0030, 0032, 0035-0036, 0045, 0058-0062 - the original sent QR code or barcode image is a square or rectangle shaped with a customized pattern for particular user, wherein the code is associated with user identity authentication via further encryption and decryption), the image of the authentication object that is displayed on the screen of the first device including the user identity verification image (para 0015, 0035-0037, 0058-0066 – the  QR code visually encodes user identity, and  the QR code image is captured and presented on screens of each of the respective devices, and may be further captured by another device).

For claim 8, Sabin in view of Hong teaches the claimed subject matter as discussed above, and Sabin further teaches the system of claim 7, wherein determining that the information corresponds to the user of the first device comprises: decoding encoded information in the optical barcode within the geometric shape based on an orientation of the geometric shape identified by the custom pattern; and verifying whether the decoded information corresponds to stored identity information of the user (para 0061-0066 - QR code and the embedded number data are decoded and checked, i.e. the number and the QR code are expected to be as predetermined for the requested web resource).

For claim 9, Sabin in view of Hong teaches the claimed subject matter as discussed above, and Sabin further teaches the operations further comprising: transmitting, from the server to the first device, an indication of a validity period for the authentication object; and upon expiration of the validity period, removing, from a memory of the server, data associated with the authentication object (para 0041, 0062).

For claim 10, Sabin in view of Hong teaches the claimed subject matter as discussed above, and Sabin further teaches wherein the information is generated by the user scanning a display unit of the first device into a camera of the second device, wherein the display unit of the first device displays the authentication object (para 0015, 0030, 0036-0037).

As to claims 11 and 13-18, the claim limitations are similar to those of claims 1 and 3-8 respectively, except that the instant claims 11 and 13-18 are drawn to a method comprising steps performed in claims 1 and 3-8. Therefore claims 11 and 13-18 are rejected according to claims 1 and 3-8 respectively as above.

As to claim 19, the claim limitations are similar to those of claim 1, except that the instant claim 19 is drawn to a non-transitory machine-readable medium comprising instructions (also disclosed by Sabin - para 0021, 0025, 0050, 0068, 0078, 0088) which, when executed by one or more processors of a machine, cause the machine to perform operations that correspond to the steps claimed in claim 1. Therefore claim 19 is rejected according to claim 1 as above.

Allowable Subject Matter
Claims 2, 12 and 20 are objected to as being dependent upon a rejected base claim, but would be allowable if rewritten in independent form including all of the limitations of the base claim and any intervening claims in addition to overcoming the above-mentioned rejections associated with their parent claims.

    

Conclusion
Any inquiry concerning this communication or earlier communications from the examiner should be directed to JAYESH M JHAVERI whose telephone number is (571)270-7584.  The examiner can normally be reached on Mon-Fri 9 AM to 5 PM.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, Applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.  
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Jeffrey Pwu can be reached on (571)272-6798.  The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system.  Status information for published applications may be obtained from either Private PAIR or Public PAIR.  Status information for unpublished applications is available through Private PAIR only.  For more information about the PAIR system, see http://pair-direct.uspto.gov. Should you have questions on access to the Private PAIR system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative or access to the automated information system, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.

/JAYESH M JHAVERI/Primary Examiner, Art Unit 2433