DETAILED ACTION

Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .

Status of Claims
Claims 21, 24-25, 28, 31-32, 35, 38-39 and 41-42 are amended.
Claims 1-20, 23, 26, 30, 33 and 37 are canceled.
Claims 43-45 are new.
Claims 21-22, 24-25, 27-29, 31-32, 34-36 and 38-45 are pending.

Response to Remarks
Claim Objections
Applicant’s amendments to the claims have overcome the previous objections. Accordingly, the previous objections are withdrawn.

35 U.S.C. § 112(b)
Regarding claim 21, 28 and 35 not reciting that a first passcode is obtained and decrypted prior to generating the second passcode, Applicant’s amendments to the claims have overcome the previous rejections. Accordingly, the previous rejections are withdrawn.
Regarding claims 25, 32 and 39 not reciting that a transaction request be signed with the private key, Applicant’s amendments to the claims have overcome the previous rejections. Accordingly, the previous rejections are withdrawn.

35 U.S.C. § 103
Regarding claims 21, 28 and 35, Applicant contends that the combination of references Brown in view of Bhatnagar fail to show or suggest the amended claim limitation “generating, by the security provider, a second passcode in response to decrypting the encrypted first passcode”. However, this amended claim limitation is disclosed in new reference Daigle (paras 166-170).

Claim Objections
Claim 44 is objected to because of the following informalities. Claim 44 recites “The system of claim 28, wherein the browser-based cryptowallet can be used to sign a transaction request with the private key and the second passcode can be used by the browser-based cryptowallet to reencrypt, in response to the browser-based cryptowallet signing the transaction, the private key”. It appears “claim 28” was unintentionally included within the limitation as a typographical error resulting in “the browser-based cryptowallet” and “the private key” lacking antecedent basis. Examiner suggests amending it to be “claim 32” instead. Appropriate correction is required. For purposes of examination, Examiner will interpret the claims as follows: “The system of claim 32 …”.


Claim Rejections - 35 USC § 103
In the event the determination of the status of the application as subject to AIA  35 U.S.C. 102 and 103 (or as subject to pre-AIA  35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status.  
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.

The factual inquiries for establishing a background for determining obviousness under 35 U.S.C. 103 are summarized as follows:
1. Determining the scope and contents of the prior art.
2. Ascertaining the differences between the prior art and the claims at issue.
3. Resolving the level of ordinary skill in the pertinent art.
4. Considering objective evidence present in the application indicating obviousness or nonobviousness.

Claims 21-22, 28-29, 35-36 and 41-42 are rejected under 35 U.S.C. 103 as being unpatentable over US 2007/0269041 A1 to Bhatnagar et al. (hereinafter “Bhatnagar”) in view of US 2013/0263235 A1 to Daigle (hereinafter “Daigle”) and further in view of US 2007/0266258 A1 to Brown et al. (hereinafter “Brown”).

Claims 21, 28 and 35:
Bhatnagar discloses:
a computing device comprising a processor and a memory; and machine-readable instructions stored in the memory that, when executed by the processor, cause the computing device to at least (Fig.6; paras 52-62)
receiving, by a security provider, user identifier and a password from a user device (Fig.10 item 1002; para 71)
hashing, by the security provider, the user identifier and the password to produce a password hash (Fig.10 item 1004; para 72)
comparing, by the security provider, the password hash to a stored password hash to determine that the password hash matches the stored password hash (Fig.10 items 1012-1014; paras 73, 76-77)
hashing, by the security provider, account creation information associated with the stored password hash to create hashed account creation information, wherein the account creation information and the password are different values (Fig.10 item 1004; para 71-72)
Bhatnagar does not disclose:
decrypting an encrypted first passcode stored in association with the account creation information to generate a first passcode
generating, by the security provider, a second passcode in response to decrypting the encrypted first passcode
encrypting, by the security provider, the second passcode using the hashed account creation information as an encryption key to create an encrypted passcode
returning, by the security provider, the first passcode and the second passcode to the user device
Daigle, an analogous art of network security, discloses:
decrypting an encrypted first passcode stored in association with the account creation information to generate a first passcode (paras 166-170)
generating, by the security provider, a second passcode in response to decrypting the encrypted first passcode (paras 166-170)
returning, by the security provider, the first passcode and the second passcode to the user device (paras 166-170)
It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to modify the method, system, and non-transitory computer-readable medium of Bhatnagar to include decrypting an encrypted first passcode stored in association with the account creation information to generate a first passcode, generating a second passcode in response to decrypting the encrypted first passcode, and returning the first passcode and the second passcode to the user device, as disclosed in Daigle. One or ordinary skill in the art would have been motivated to do so in order to improve security (Daigle, paras 2-9).
Bhatnagar in view of Daigle does not disclose:
encrypting, by the security provider, the second passcode using the hashed account creation information as an encryption key to create an encrypted passcode
Brown, an analogous art of network security, discloses:
encrypting, by the security provider, the second passcode using the hashed account creation information as an encryption key to create an encrypted passcode (paras 30, 35)
It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to modify the method, system, and non-transitory computer-readable medium of Bhatnagar in view of Daigle to include encrypting the second passcode using the hashed account creation information as an encryption key to create an encrypted passcode, as disclosed in Brown. One or ordinary skill in the art would have been motivated to do so in order to improve security (Brown, paras 2-6).

Claims 22, 29 and 36: 
Bhatnagar in view of Daigle in view of Brown discloses all limitations of claims 21, 28 and 35. Brown also discloses:
storing, by the security provider, the encrypted passcode in association with the account creation information (para 35)

Claims 41-42: 
Bhatnagar in view of Daigle in view of Brown discloses all limitations of claims 21 and 28. Bhatnagar also teaches:
receiving, by the security provider, the account creation information comprising at least one of a username, a user address, a phone number, or an email address (Fig.10 item 1002; para 71)


Claims 24-25, 31-32, 38-39 and 43-45 are rejected under 35 U.S.C. 103 as being unpatentable over Bhatnagar in view of Daigle in view of Brown and further in view of US 2022/0027491 A1 to Wright et al. (hereinafter “Wright”).

Claims 24, 31 and 38:
Bhatnagar in view of Daigle in view of Brown disclose all limitations of claims 21, 28 and 35. Bhatnagar also discloses:
wherein the user identifier and password are received from a browser executing on the client device (Fig.10 item 1002; para 71)
Brown also teaches:
the first passcode and the second passcode are returned to the browser (paras 25, 34)
Bhatnagar in view of Daigle in view of Brown does not teach:
via an encrypted channel
Wright, an analogous art of network security, discloses:
via an encrypted channel (Fig.15; paras 292-315)
It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to modify the method, system, and non-transitory computer-readable medium of Bhatnagar in view of Daigle in view of Brown to include an encrypted channel, as disclosed in Wright. One or ordinary skill in the art would have been motivated to do so in order to improve security (Wright, paras 59-61, 292-315).



Claims 25, 32 and 39:
Bhatnagar in view of Daigle in view of Brown disclose all limitations of claims 21, 28 and 35. Brown also teaches:
wherein the first passcode can decrypt a private key 
Bhatnagar in view of Daigle in view of Brown does not disclose:
for a browser-based cryptowallet
Wright, an analogous art of network security, discloses:
for a browser-based cryptowallet (Fig.15; paras 292-315)
It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to modify the method, system, and non-transitory computer-readable medium of Bhatnagar in view of Daigle in view of Brown to include the private key being for a browser-based cryptowallet, as disclosed in Wright. One or ordinary skill in the art would have been motivated to do so in order to improve security (Wright, paras 59-61, 292-315).

Claims 43-45:
Bhatnagar in view of Daigle in view of Brown in view of Wright disclose all limitations of claims 25, 32 and 39. Brown also teaches:
the second passcode can be used … to reencrypt … the private key (Fig.2 item 255; paras 20, 25, 30)
Wright also discloses:
wherein the browser-based cryptowallet can be used to sign a transaction request with the private key … by the browser-based cryptowallet … in response to the browser-based cryptowallet signing the transaction (Fig.15; paras 292-315)

Claims 27, 34 and 40 are rejected under 35 U.S.C. 103 as being unpatentable over Bhatnagar in view of Daigle in view of Brown and further in view of US 2020/0127992 A1 to Pham (hereinafter “Pham”).

Claims 27, 34 and 40:
Bhatnagar in view of Daigle in view of Brown disclose all limitations of claims 21, 28 and 35. Bhatnagar in view of Daigle in view of Brown does not disclose:
wherein generating the second passcode further comprises generating a random string of numbers and characters of arbitrary length according to at least one pre-established rule
Pham, an analogous art of network security, discloses:
wherein generating the second passcode further comprises generating a random string of numbers and characters of arbitrary length according to at least one pre-established rule (Fig.10 item 1018; para 60)
It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to modify the method, system, and non-transitory computer-readable medium of Bhatnagar in view of Daigle in view of Brown to include generating a random string of numbers and characters of arbitrary length according to at least one pre-established rule, as disclosed in Pham. One or ordinary skill in the art would have been motivated to do so in order to improve security (Pham, paras 2-7, 60).

Conclusion
THIS ACTION IS MADE FINAL.  Applicant is reminded of the extension of time policy as set forth in 37 CFR 1.136(a).  
A shortened statutory period for reply to this final action is set to expire THREE MONTHS from the mailing date of this action.  In the event a first reply is filed within TWO MONTHS of the mailing date of this final action and the advisory action is not mailed until after the end of the THREE-MONTH shortened statutory period, then the shortened statutory period will expire on the date the advisory action is mailed, and any extension fee pursuant to 37 CFR 1.136(a) will be calculated from the mailing date of the advisory action.  In no event, however, will the statutory period for reply expire later than SIX MONTHS from the mailing date of this final action. 
Any inquiry concerning this communication or earlier communications from the examiner should be directed to Ari Shahabi whose telephone number is (571)272-2565. The examiner can normally be reached M-F: 8:00-5:00.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, John W Hayes can be reached on 571-272-6708. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. Visit https://www.uspto.gov/patents/apply/patent-center for more information about Patent Center and https://www.uspto.gov/patents/docx for information about filing in DOCX format. For additional questions, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.





/Ari Shahabi/Examiner, Art Unit 3685        

/JOHN W HAYES/Supervisory Patent Examiner, Art Unit 3685