DETAILED ACTION
This Office Action is in response to the application 17/078,898 filed on 10/23/2020.
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .
Claims 1-20 have been examined and are pending in this application. Claims 1, 9, and 16 are independent.
	Priority
No priority has been claimed for this application.
Information Disclosure Statement
The information disclosure statement (IDS), submitted on 10/23/2020, is in compliance with the provisions of 37 CFR 1.97.  Accordingly, the information disclosure statement is being considered by the examiner.
Claim Rejections - 35 USC § 102
The following is a quotation of the appropriate paragraphs of 35 U.S.C. 102 that form the basis for the rejections under this section made in this Office action:
A person shall be entitled to a patent unless –
(a)(1) the claimed invention was patented, described in a printed publication, or in public use, on sale or otherwise available to the public before the effective filing date of the claimed invention.


(a)(2) the claimed invention was described in a patent issued under section 151, or in an application for patent published or deemed published under section 122(b), in which the patent or application, as the case may be, names another inventor and was effectively filed before the effective filing date of the claimed invention.
Claims 16-20 are rejected under 35 U.S.C. 102(a)(1) as being anticipated by Zhu et al (“Zhu,” US  2013/0097697, published on 04/18/2013).
As to claim 1, Zhu teaches non-transitory computer-readable medium storing a set of instructions, the set of instructions comprising: one or more instructions that, when executed by one or more processors of a client device (Zhu: pars 006-0007, 0038, 0040, 0078; Fig 1, a system/method for user authentication using a CaRP (CAPTCHA as gRaphical Passwords) upon user access request from a user device, with user ID [i.e. multifactor authentication]), cause the client device to: 
transmit, to a server device, a request to access a network resource (Zhu: pars 0038, 0040, 0078-079; Fig 1, 8, the authentication system receives [i.e. transmitted] user login request with user-ID [i.e. credential] to access the system from a client device);  
receive, from the server device and based on transmitting the request, user interface information that identifies a plurality of elements to be presented via a user interface of the client device; present, via the user interface, the plurality of elements and an area in which a symbol is to be formed via user selection of elements of the plurality of elements (Zhu: pars 0038, 0040, 0043. 0078-079; Fig 1, 8, upon user’s login request the security administrator [i.e. based on transmitting] generates an image and provide to the client device for display on the display device, and the uses the user interface devices of the client device to select one or more regions or points of the image displayed on the display device); 
present, in the area of the user interface, a symbol formed via user interaction with multiple elements of the plurality of elements, wherein the symbol is formed by overlapping or intersecting at least two elements of the multiple elements selected via the user interaction (Zhu: pars 0038, 0040, 0043. 0078-0079, 0092; Fig 1, 8, 13, on the interface, the user selects a region of the images by, among other things, using the mouse and/or touchpad and/or keyboard to position a cursor over a point inside the region to select and to "click" upon the point. Makes consideration of overlapping area between two elements); and 
transmit, to the server device, information associated with the symbol (Zhu: pars 0038, 0040, 0043. 0078-079; Fig 1, 8, the user’s entered input on the interface, associated with the image, is sent to the security administrator); and 
receive, from the server device, a message indicating whether access to the network resource is granted or denied based on transmitting the information associated with the symbol (Zhu: pars 0038, 0040, 0043. 0078-079; Fig 1, 8, based at least on the information received from the user device the security administrator determines whether the user selected regions or points corresponding to the user's password. Access is granted only if the purported password is verified to be the same as the actual password, otherwise denied).
As to claim 17, Zhu teaches the non-transitory computer-readable medium of claim 16, 
Zhu further teaches wherein the information associated with the symbol includes an image of the symbol. (Zhu: pars 0038, 0040, 0043. 0078-079; Fig 1, 8, on the interface, the user selects a region of the images by, among other things, using the mouse and/or touchpad and/or keyboard to position a cursor over a point inside the region to select and to "click" upon the point).
As to claim 18, Zhu teaches the non-transitory computer-readable medium of claim 16, 
Zhu further teaches wherein the information associated with the symbol includes at least one of: information that identifies the multiple elements used to form the symbol, or position information that identifies respective positions of the multiple elements within the area of the user interface in which the symbol is formed (Zhu: pars 0038, 0040, 0043. 0078-079; Fig 1, 8, on the interface, the user selects a region of the images by, among other things, using the mouse and/or touchpad and/or keyboard to position a cursor over a point inside the region to select and to "click" upon the point).
As to claim 19, Zhu teaches the non-transitory computer-readable medium of claim 16, 
Zhu further teaches wherein the information associated with the symbol includes information that identifies a sequence in which the multiple elements were input via the user interface to form the symbol (Zhu: pars 0025, 0040, 0043. 086; Fig 1, 8, user selects sequence of images or symbols on the user interface as user’s response).
As to claim 20, Zhu teaches the non-transitory computer-readable medium of claim 16, 
Zhu further teaches wherein the symbol is formed using a drag and drop input mechanism that enables a user to drag and drop the multiple elements separately to an area of the user interface (Zhu: pars 0025, 0040, 0043. 086, 0103; Fig 1, 8, user selects sequence of images or symbols on the user interface using drag and adjusting the image alignment).
Claim Rejections - 35 USC § 103
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102 of this title, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains.  Patentability shall not be negated by the manner in which the invention was made.

Claims 1-15 are rejected under 35 U.S.C. 103 as being unpatentable over Zhu et al (“Zhu,” US  2013/0097697, published on 04/18/2013), in view of Mizrah (“Mizrah,” US 20080098464, published on 04/24/2008).
As to claim 1, Zhu teaches a system for authenticating a user for access to a network resource using multi-factor authentication, the system comprising: memory; and one or more processors, communicatively coupled to the memory (Zhu: pars 006-0007, 0038, 0040, 0078; Fig 1, a system/method for user authentication using a CaRP (CAPTCHA as gRaphical Passwords) upon user access request with user ID [i.e. multifactor authentication]) configured to: 
receive, from a client device, a login credential and a request to access the network resource (Zhu: pars 0038, 0040, 0078-079; Fig 1, 8, the authentication system receives user login request with user-ID [i.e. credential] to access the system from a client device); 
determine a user device identifier associated with the login credential (Zhu: pars 0038, 0040, 0078-079, 0123; Fig 1, 8, a security administrator identify the device that is used to submit the request); 
transmit, to the client device, user interface information to cause the client device to present a user interface, wherein the user interface information identifies a plurality of elements, including at least the set of elements, and enables elements, of the plurality of elements, to be selected via the user interface to form a symbol (Zhu: pars 0038, 0040, 0043. 0078-079; Fig 1, 8, upon user’s login request the security administrator generates an image and provide [i.e. transmit] to the client device for display on the display device, and the uses the user interface devices of the client device to select one or more regions or points of the image displayed on the display device); 
receive input symbol information from the client device, wherein the input symbol information is based on an input symbol formed via user selection of multiple elements, of the plurality of elements, via the user interface (Zhu: pars 0038, 0040, 0043. 0078-079; Fig 1, 8, on the interface, the user selects a region of the images by, among other things, using the mouse and/or touchpad and/or keyboard to position a cursor over a point inside the region to select and to "click" upon the point. The user’s entered input associated with the image is sent to the security administrator); 
compare the input symbol information to authentication symbol information associated with the authentication symbol (Zhu: pars 0038, 0040, 0043. 0078-079; Fig 1, 8, based at least on the information received from the user device the security administrator determines whether the user selected regions or points corresponding to the user's password); and 
grant or deny access to the network resource based on comparing the input symbol information to the authentication symbol information (Zhu: pars 0038, 0040, 0043. 0078-079; Fig 1, 8, (Zhu: pars 0038, 0040, 0043. 0078-079; Fig 1, 8, access is granted only if the purported password is verified to be the same as the actual password, otherwise denied).
Zhu teaches of user login authentication using user selecting image, as addressed above, and teaches of at least two user device including a mobile device that are connected over two different communication channel can be used for the process (Zhu; pars oo40, 0043; Fig 1), but Zhu does not explicitly teach transmit an image or a link to the image to a user device associated with the user device identifier, wherein the image includes an authentication symbol composed of a set of elements. 
However, in an analogous art, Mizrah teaches transmit an image or a link to the image to a user device associated with the user device identifier, wherein the image includes an authentication symbol composed of a set of elements (Mizrah: 0084, 0212-0213, 0216-0217; Fig 21, 22A, 22B, teaches of one-time authentication challenge (OTAC), and one-time authentication response (OTAR) for second factor authentication over two different channels. Where the challenge is sent to mobile device, a secondary device [i.e. user device], and the user enter response to the initial device by selecting pattern/image-icon, and send to the backend server verify the received input and determined granting or denying access bed on the verification result).
Therefore, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to combine the teachings of Mizrah with the method/system of Zhu for the benefit of providing a user with a means for using the two different devices connected over two different communication channels; one to receive the image challenge and another device to enter and transmit the user response to the image challenge to create a secure authentication system using the advantage of multi-channel challenge-response method (Mizrah: 0084, 0212-0213, 0216-0217). 
As to claim 2, the combination of Zhu and Mizrah teaches the system of claim 1, 
Zhu and Mizrah further teaches wherein the input symbol is formed using a drag and drop input mechanism that enables a user to drag and drop the multiple elements separately to an area of the user interface (Zhu: pars 0103, uses drag and adjusting the image alignment. Mizrah: pars 0148, client may draw (or choose, or select) a graphical path on the reference grid with a mouse, a keyboard, or other input device, or the graphical path may be provided by a server).
As to claim 3, the combination of Zhu and Mizrah teaches the system of claim 1, 
Zhu and Mizrah further teaches wherein the one or more processors, when receiving the input symbol information, are configured to: receive information that identifies the multiple elements that were selected via the user interface to form the input symbol; and receive position information that identifies respective positions of the multiple elements within an area of the user interface in which the input symbol is formed; and wherein the one or more processors, when comparing the input symbol information to the authentication symbol information, are configured to: determine, based on the information that identifies the multiple elements, whether the multiple elements match the set of elements from which the authentication symbol is composed; and determine, based on the position information, whether the respective positions of the multiple elements satisfy a threshold with respect to positions of the set of elements from which the authentication symbol is composed. (Zhu: pars 0040, 0043, 0103, select one or more regions or points of the image displayed on. Mizrah: pars 0148, 0212-0213, client may draw (or choose, or select) a graphical path on the reference grid with a mouse, a keyboard, or other input device, or the graphical path may be provided by a server. There are set of symbols or patters are used)
As to claim 4, the combination of Zhu and Mizrah teaches the system of claim 1, 
Zhu further teaches wherein the one or more processors, when receiving the input symbol information, are configured to receive an image of the input symbol; and wherein the one or more processors, when comparing the input symbol information to the authentication symbol information, are configured to: compare the image of the input symbol and the image that includes the authentication symbol (Zhu: pars 0038, 0040, 0043. 0078-079; Fig 1, 8, based at least on the information received from the user device the security administrator determines whether the user selected regions or points corresponding to the user's password); and 
calculate a similarity score based on comparing the image of the input symbol and the image that includes the authentication symbol; and wherein the one or more processors, when granting or denying access to the network resource, are configured to grant or deny access to the network resource based on whether the similarity score satisfies a threshold (Zhu: pars 0103, 0114, user visually verifies the correctness of the displayed rectangle and may drag an inaccurate side to roughly align with a correct position if needed. Image processing techniques may then be applied to refine the moved side to align with the nearby edges. This semi-automatic correcting procedure may be repeated until the user is satisfied with the accuracy of the bounding rectangle.  Uses a threshold for sizes of the input).
As to claim 5, the combination of Zhu and Mizrah teaches the system of claim 1, 
Zhu further teaches wherein the image is included in a series of images that are presented in a first sequence to form the authentication symbol; wherein the one or more processors, when receiving the input symbol information, are configured to: receive information that identifies the multiple elements that were selected via the user interface to form the input symbol (Zhu: pars 0025, 0040, 0043. 086; Fig 1, 8, user selects sequence of images or symbols on the user interface as user’s response); and receive information that identifies a second sequence in which the multiple elements were selected via the user interface to form the input symbol; and wherein the one or more processors, when comparing the input symbol information to the authentication symbol information, are configured to: determine, based on the information that identifies the multiple elements, whether the multiple elements match the set of elements from which the authentication symbol is composed; and determine whether the second sequence matches the first sequence. (Zhu: abstract, pars claim 13, f the selected portions of the random image do not correspond to the user's password, the security module may generate another random image having a plurality of password-element [i.e. second sequence]).
As to claim 6, the combination of Zhu and Mizrah teaches the system of claim 1, 
Zhu further teaches wherein the plurality of elements, identified in the user interface information transmitted to the client device, are determined based on the set of elements from which the authentication symbol is composed (Zhu: pars 0038, 0040, 0043. 0078-079; Fig 1, 8, based on the information received from the user device the security administrator determines whether the user selected regions or points corresponding to the user's password).
As to claim 7, the combination of Zhu and Mizrah teaches the system of claim 1, 
Zhu a further teaches wherein the plurality of elements, identified in the user interface information transmitted to the client device, include the set of elements from which the authentication symbol is composed and include one or more elements that are not components of the authentication symbol (Zhu: pars 0025, 0040, 0043. 086; Fig 1, 8, user selects sequence of images or symbols on the user interface as user’s response; i.e. some symbols are not selected).
As to claim 8, the combination of Zhu and Mizrah teaches the system of claim 7, 
Zhu further teaches further comprising identifying the one or more elements that are not components of the authentication symbol based on the set of elements from which the authentication symbol is composed and using a data structure that stores information that identifies associations between elements (Zhu: pars 0025, 0040, 0043. 086; Fig 1, 8, user selects sequence of images or symbols on the user interface as user’s response; i.e. some symbols are not selected).
As to claim 9, Zhu teaches a method for multi-factor authentication (Zhu: pars 006-0007, 0038, 0040, 0078; Fig 1, a system/method for user authentication using a CaRP (CAPTCHA as gRaphical Passwords) upon user access request with user ID [i.e. multifactor authentication]), comprising: 
receiving, by a server device and from a first device, a credential and a request to access a resource (Zhu: pars 0038, 0040, 0078-079; Fig 1, 8, the authentication system receives user login request with user-ID [i.e. credential] to access the system from a client device);
receiving, by the server device and from the first device, information associated with a second symbol formed via user interaction with a user interface of the first device (Zhu: pars 0038, 0040, 0043. 0078-079; Fig 1, 8, upon user’s login request the security administrator generates an image and provide [i.e. transmit] to the client device for display on the display device, and the uses the user interface devices of the client device to select one or more regions or points of the image displayed on the display device), 
wherein the second symbol is formed via at least one of: separately dragging multiple elements, presented via the user interface, to an area of the user interface in which the second symbol is to be formed, or drawing multiple elements in the area of the user interface in which the second symbol is to be formed (Zhu: pars 0038, 0040, 0043. 0078-079; Fig 1, 8, on the interface, the user selects a region of the images by, among other things, using the mouse and/or touchpad and/or keyboard to position a cursor over a point inside the region to select and to "click" upon the point. the user’s entered input associated with the image is sent to the security administrator); and 
granting or denying access to the resource based on the first symbol and the information associated with the second symbol (Zhu: pars 0038, 0040, 0043. 0078-079; Fig 1, 8, based at least on the information received from the user device the security administrator determines whether the user selected regions or points corresponding to the user's password. Access is granted only if the purported password is verified to be the same as the actual password, otherwise denied).
Zhu teaches of user login authentication using user selecting image, as addressed above, and teaches of at least two user device including a mobile device that are connected over two different communication channel can be used for the process (Zhu; pars oo40, 0043; Fig 1), but Zhu does not explicitly teach transmitting, by the server device and to a second device associated with the credential, an image, wherein the image includes a first symbol composed of a set of elements. 
However, in an analogous art, Mizrah teaches transmitting, by the server device and to a second device associated with the credential, an image, wherein the image includes a first symbol composed of a set of elements (Mizrah: 0084, 0212-0213, 0216-0217; Fig 21, 22A, 22B, teaches of one-time authentication challenge (OTAC), and one-time authentication response (OTAR) for second factor authentication over two different channels. Where the challenge is sent to mobile device, a secondary device [i.e. user device], and the user enter response to the initial device by selecting pattern/image-icon, and send to the backend server verify the received input and determined granting or denying access bed on the verification result).
Therefore, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to combine the teachings of Mizrah with the method/system of Zhu for the benefit of providing a user with a means for using the two different devices connected over two different communication channels; one to receive the image challenge and another device to enter and transmit the user response to the image challenge to create a secure authentication system using the advantage of multi-channel challenge-response method (Mizrah: 0084, 0212-0213, 0216-0217). 
As to claim 10, the claim is directed to a method and the method of claim 9, 
Mizrah further teaches further comprising transmitting, to the first device and based on transmitting the image to the second device, user interface information that causes a plurality of elements to be presented via the user interface of the first device and that enables elements, of the plurality of elements, to be selected via the user interface to form the second symbol (Mizrah: 0084, 0212-0213, 0216-0217; Fig 21, 22A, 22B, the challenge is sent to mobile device, a secondary device [i.e. second user device], and the user enter response to the initial device by selecting pattern/image-icon, and send to the backend server verify the received input and determined granting or denying access bed on the verification result).
As to claim 11, the claim is directed to a method and the method of claim 10, 
Zhu and Mizrah further teaches wherein the plurality of elements includes a subset of elements, included in the set of elements from which the first symbol is composed, and excludes at least one element included in the set of elements from which the first symbol is composed; and wherein the second symbol is formed via: separately dragging one or more first elements, presented via the user interface, to an area of the user interface in which the second symbol is to be formed, and drawing one or more second elements in the area of the user interface in which the second symbol is to be formed (Zhu: pars 0092, 0103,0113, uses drag and adjusting the image alignment. Mizrah: pars 0148, client may draw (or choose, or select) a graphical path on the reference grid with a mouse, a keyboard, or other input device, or the graphical path may be provided by a server. Makes consideration of overlapping area between two elements).
As to claim 12, the claim is directed to a method and the method of claim 9, 
Zhu and Mizrah further teaches wherein the first symbol is generated using a threshold quantity of elements included in a data structure that stores a library of elements (Zhu: pars 0103, uses drag and adjusting the image alignment. Mizrah: pars 0148, client may draw (or choose, or select) a graphical path on the reference grid with a mouse, a keyboard, or other input device, or the graphical path may be provided by a server).
As to claim 13, the claim is directed to a method and the method of claim 9, 
Zhu further teaches further comprising: randomly selecting a first element to be included in the first symbol; identifying a second element to be included in the first symbol based on the first element and using a data structure that stores information that identifies associations between elements that share a degree of similarity; and generating the first symbol using at least the first element and the second element (Zhu: pars 0103, 0114, user visually verifies the correctness of the displayed rectangle and may drag an inaccurate side to roughly align with a correct position if needed. Image processing techniques may then be applied to refine the moved side to align with the nearby edges. This semi-automatic correcting procedure may be repeated until the user is satisfied with the accuracy of the bounding rectangle.  Uses a threshold [i.e. degree of similarity] for sizes of the input).
As to claim 14, the claim is directed to a method and the method of claim 9, 
Zhu further teaches wherein the second symbol is formed using a drawing input mechanism that enables a user to draw the multiple elements in an area of the user interface; wherein receiving the information associated with the second symbol comprises receiving an image of the second symbol; wherein the method further comprises: comparing the image of the second symbol and the image that includes the first symbol; and calculating a similarity score based on comparing the image of the second symbol and the image that includes the first symbol; and wherein granting or denying access to the resource comprises: granting or denying access to the resource based on whether the similarity score satisfies a threshold (Zhu: pars 0103, 0114, user visually verifies the correctness of the displayed rectangle and may drag an inaccurate side to roughly align with a correct position if needed. Image processing techniques may then be applied to refine the moved side to align with the nearby edges. This semi-automatic correcting procedure may be repeated until the user is satisfied with the accuracy of the bounding rectangle.  Uses a threshold for sizes of the input).
As to claim 16, the claim is directed to a method and the method of claim 9, 
Zhu further teaches wherein the second symbol is formed using an input mechanism that enables a user to overlap or intersect at least two elements of the multiple elements selected via the user interface (Zhu: pars 0092, 00113; Fig 9, 13, makes consideration of overlapping area between two elements).
Conclusion
Any inquiry concerning this communication or earlier communications from the examiner should be directed to Jahangir Kabir whose telephone number is (571) 270-3355.  The examiner can normally be reached on 9:00- 5:00 Mon-Thu.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Luu Pham can be reached on (571) 270-5002.  The fax number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system.  Status information for published applications may be obtained from either Private PAIR or Public PAIR.  Status information for unpublished applications is available through Private PAIR only.  For more information about the PAIR system, see http://pair-direct.uspto.gov. Should you have questions on access to the Private PAIR system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative or access to the automated information system, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.

/JAHANGIR KABIR/             Primary Examiner, Art Unit 2439