DETAILED ACTION
Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .
Continued Examination Under 37 CFR 1.114
A request for continued examination under 37 CFR 1.114, including the fee set forth in 37 CFR 1.17 (e), was filed in this application after final rejection. Since this application is eligible for continued examination under 37 CFR 1.114, and the fee set forth in 37 CFR 1.17 (e) has been timely paid, the finality of the previous Office action has been withdrawn pursuant to 37 CFR 1.114. Applicant's submission filed on 08/24/2022 has been entered.
This office Action is in response to the RCE filed on 08/24/2022. As per instant Amendment, claims 1, 10 and 17 have been amended; Claims 1, 10 and 17 are independent Claims; Claims 1-20 have been examined and are pending. This Office Action is made Non-Final.
Response to Arguments
Applicants’ arguments with respect to claims 1-20 have been considered but are moot in view of the new ground(s) of rejection.
The Examiner respectfully suggests that the claims be further amended and details in the specification be incorporated to distinguish the claimed invention over prior art of record.  Should the Applicant desire an interview to further clarify the claim interpretation/rejections, please contact the Examiner at (313) 446-6644 to schedule an interview.

Claim Rejections - 35 USC § 103
In the event the determination of the status of the application as subject to AIA  35 U.S.C. 102 and 103 (or as subject to pre-AIA  35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status.  
This application currently names joint inventors. In considering patentability of the claims the examiner presumes that the subject matter of the various claims was commonly owned as of the effective filing date of the claimed invention(s) absent any evidence to the contrary.  Applicant is advised of the obligation under 37 CFR 1.56 to point out the inventor and effective filing dates of each claim that was not commonly owned as of the effective filing date of the later invention in order for the examiner to consider the applicability of 35 U.S.C. 102(b)(2)(C) for any potential 35 U.S.C. 102(a)(2) prior art against the later invention.
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.

Claims 1-2, 5, 10-11, 14 and 17-18 are rejected under 35 U.S.C. 103 as being unpatentable over Burch et al. (“Burch,” US 20150215299, published on 07/30/2015) in view of Dapkus et al. (‘Dapkus,” US 8850219, published on 09/30/2014)
Regarding Claim 1;
Burch discloses a method for authenticating a user on a client device using a mobile device, comprising (par 0019; performing multifactor authentication among a mobile device): 
receiving, at an authentication server, a login request from the client device (par 0021; an Audio Authentication Server (AAS); par 0024; the end-user visits a protected resource using an interface, such as a browser-based interface of the computer; par 0031; the browser uses a Hypertext Markup Language form to get the name and password from the user, which is then sent to the AAS); 
on the authentication server, generating a token identifying corresponding session on the client device and conveying the token to the client device (par 0052; the AAS generates a challenge string [] the challenge string and a user ID are encoded into an audio format to form an audio file or audio message; par 0033; the AAS returns an HTML page to the browser; the HTML page includes an audio file that the browser is to play to generate sound on the speaker of the desktop device; par 0029; the end user is interacting with the desktop device (which, minimally, includes a speaker, a microphone, and a browser interface);
encoding the token into an audio message and broadcasting the audio message on a speaker of the client device (par 0052; the AAS generates a challenge string. Then, the challenge string and a user ID are encoded into an audio format to form an audio file or audio message; par 0033; the AAS returns an HTML page to the browser; the HTML page also includes an audio file that the browser is to play to generate sound on the speaker of the desktop device; par 0054; the application or script executes on the desktop device to play the audio message as an audio stream out of the speaker(s) interfaced to the desktop device); 
by the mobile device, receiving the audio message from the client device over an audio channel using a microphone (par 0035; fig. 1C; the mobile device "hears" the sound generated from the speaker of the desktop device by monitoring the microphone of the mobile device and decodes the challenge string and user ID embedded in the audio stream detected over the microphone of the mobile device); 
decoding the audio message to obtain the information (par 0035; fig. 1C; decodes the challenge string and user ID embedded in the audio stream detected over the microphone of the mobile device); 
 retrieving user login credentials for authenticating the user in the session (par 0056; the phone's (device's) microphone receiver relays the sound emanating from the desktop speaker and provides to the AAS during the call's connection between the phone/device and the AAS; par 0035; the challenge string and user ID embedded in the audio stream detected over the microphone of the mobile device; par 0032; the challenge string and user identification (user ID acquired from the validated name and password of the user); 
conveying an authentication request including the user login credentials and the token identifying the session obtained from the audio message to the authentication server (par 0056; the phone's (device's) microphone receiver relays the sound emanating from the desktop speaker and provides to the AAS during the call's connection between the phone/device and the AAS; par 0035; the challenge string and user ID embedded in the audio stream detected over the microphone of the mobile device; par 0032; the challenge string and user identification (user ID acquired from the validated name and password of the user), 
information obtained from the audio message broadcasted by the client device (par 0056; the phone's (device's) microphone receiver relays the sound emanating from the desktop speaker and provides to the AAS during the call's connection between the phone/device and the AAS; par 0035; the challenge string and user ID embedded in the audio stream detected over the microphone of the mobile device); 
at the authentication server, receiving from the mobile device the authentication request (par 0056; the phone's microphone receiver relays the sound emanating from the desktop speaker and provides to the AAS during the call's connection between the phone/device and the AAS; par 0057; the AAS validates that the audio sent back to the AAS),
verifying that the user login credentials are accurate (par 0057; the ASS decodes the audio received over the connection with the phone/device. The AAS validates that the audio sent back to the AAS, via the connection to the phone, is the same audio message sent by the AAS to the browser); and
 in response to verifying that the user login credentials are accurate, authenticating the user for the session on the client device (par 0057; the ASS decodes the audio received over the connection with the phone/device. The AAS validates that the audio sent back to the AAS, via the connection to the phone, is the same audio message sent by the AAS to the browser; par 0058; the application or script of the browser checks to see if a success message or authenticated session handle is received from the AAS (indicating the user now has an authentication session).
Burch discloses generating a challenge string; encoding the challenge string into an audio message; decoding the audio message; information obtained from the audio message broadcasted by the client device as recited above, but do not explicitly disclose generating a token identifying corresponding session; the token identifying the session and server-identifying information for locating the authentication server; obtain the token identifying the session and the server-identifying information; wherein the authentication server is located for conveying the authentication request by the mobile device based on the server-identifying information.
However, in an analogous art, Dapkus discloses secure communications system/method that includes:
generating a token identifying corresponding session (Dapkus: Col 5, lines 57-58: security token created at the server; Col 6, lines 65-66; security token created using one or more session identifiers);
the token identifying the session and server-identifying information for locating the authentication server (Dapkus: Col 14, lines 47-49; fig 2; the security token includes a session identifier, an action request URI, and a salt value; Col 9, lines 31-41; the action request URI include any indication of the information that the client machine can send to the server using the security token [] a URL that has side effects at the server, a header in a SOAP message that directs the server to process the SOAP message in a certain way, or any other information identifying a real or virtual destination at the server);
obtain the token identifying the session and the server-identifying information (Dapkus: Col 11, lines 4-8; receive a request for an encrypted security token or a web page that contains an encrypted security token, create the encrypted security token, and transmit the encrypted security token and any related information to the client machine; Col 14, lines 47-49; the security token includes a session identifier, an action request URI, and a salt value);
wherein the authentication server is located for conveying the authentication request by the mobile device based on the server-identifying information (Dapkus: Col 14, lines 47-49; fig 2; the security token includes a session identifier, an action request URI, and a salt value; Col 9, lines 31-41; the action request URI include any indication of the information that the client machine can send to the server using the security token [] a URL that has side effects at the server, a header in a SOAP message that directs the server to process the SOAP message in a certain way, or any other information identifying a real or virtual destination at the server).
Therefore, it would have been obvious to a person of ordinary skill in the art, before the effective filing date of the claimed invention to combine the teachings of Dapkus with the method/system of Burch to include generating a token identifying corresponding session; the token identifying the session and server-identifying information for locating the authentication server; obtain the token identifying the session and the server-identifying information; wherein the authentication server is located for conveying the authentication request by the mobile device based on the server-identifying information. One would have been motivated to include a communication interaction identifier that identifies a communication interaction between the client machine and the server and an action request identifier that identifies an action request message capable of being sent from the client machine to the server to request that an action be performed on the server (Dapkus: abstract).
Regarding Claim 2;
The combination of Burch and Dapkus disclose the method of claim 1,
 Burch discloses wherein the encoded token is repeated multiple times throughout the duration of the audio message (Burch: par 0052; the challenge string and a user ID are encoded into an audio format to form an audio file or audio message; par 0034; the application or script begins to play the audio file sent and then listens for a reply by monitoring the microphone of the desktop device. The processing can be repeated multiple times until a timeout is detected by the desktop device).  
Dapkus further discloses token (Dapkus: Col 11, lines 6-7; create the encrypted security token, and transmit the encrypted security token).
One would have been motivated to include a communication interaction identifier that identifies a communication interaction between the client machine and the server and an action request identifier that identifies an action request message capable of being sent from the client machine to the server to request that an action be performed on the server (Dapkus: abstract).
Regarding Claim 5;
The combination of Burch and Dapkus disclose the method of claim 1, 
Burch further discloses generating an output by the client device indicating to a user of the client device to bring the mobile device in proximity of the client device (Burch: par 0089; the mobile device authentication agent sends the response message in audio format for playing over a speaker interfaced to the mobile device (the speaker in proximity to a microphone interfaced to the device).  
Regarding Claim 10;
This Claim recites a device that perform the same steps as method of Claim 1, and has limitations that are similar to Claim 1, thus are rejected with the same rationale applied against claim 1.  

Regarding Claim 11;
This Claim recites a device that perform the same steps as method of Claim 2, and has limitations that are similar to Claim 2, thus are rejected with the same rationale applied against claim 2.  
Regarding Claim 14;
This Claim recites a device that perform the same steps as method of Claim 5, and has limitations that are similar to Claim 5, thus are rejected with the same rationale applied against claim 5.  
Regarding Claim 17;
This Claim recites a non-transitory computer readable storage medium that perform the same steps as method of Claim 1, and has limitations that are similar to Claim 1, thus are rejected with the same rationale applied against claim 1.  
Regarding Claim 18;
This Claim recites a non-transitory computer readable storage medium that perform the same steps as method of Claim 2, and has limitations that are similar to Claim 2, thus are rejected with the same rationale applied against claim 2.  
Claims 3, 12 and 19 are rejected under 35 U.S.C. 103 as being unpatentable over Burch et al. (US 20150215299) in view of Dapkus et al. (US 8850219) and further in view of Skerpac et al. (“Skerpac,” US 20130132091, published 05/23/2013)
Regarding Claim 3;
The combination of Burch and Dapkus disclose the method of claim 1,
The combination of Burch and Dapkus disclose all the limitations as recited above, but do not explicitly disclose wherein the encoding the token into the audio message comprises using an audio watermark algorithm to embed the token as an audio watermark in the audio message.  
However, in an analogous art, Skerpac discloses Dynamic Pass Phrase Security System/method that includes:
wherein the encoding the token into the audio message comprises using an audio watermark algorithm to embed the token as an audio watermark in the audio message (Skerpac: par 0155; once the one-time pass phrase audio is generated, the DPSS security audio token marker then imbeds a randomly generated audio watermark in the generated pass phrase audio).  
Therefore, it would have been obvious to a person of ordinary skill in the art, before the effective filing date of the claimed invention to combine the teachings of Skerpac with the method/system of Burch and Agrawal and Dapkus to include wherein the encoding the token into the audio message comprises using an audio watermark algorithm to embed the token as an audio watermark in the audio message. One would have been motivated to verification session preferably uses short, text-independent one-time pass phrases and secure audio tokens with master audio generated from an internal text-to-speech security processor (Skerpac: abstract).

Regarding Claim 12;
This Claim recites a device that perform the same steps as method of Claim 3, and has limitations that are similar to Claim 3, thus are rejected with the same rationale applied against claim 3.  
Regarding Claim 19;
This Claim recites a non-transitory computer readable storage medium that perform the same steps as method of Claim 3, and has limitations that are similar to Claim 3, thus are rejected with the same rationale applied against claim 3.  

Claims 4, 13 and 20 are rejected under 35 U.S.C. 103 as being unpatentable over Burch et al. (US 20150215299) in view of Dapkus et al. (US 8850219) and further in view of SOMANI et al. (“SOMANI,” US 20170301160, published on 10/19/2017)
Regarding Claim 4;
The combination of Burch and Dapkus disclose the method of claim 1,
Burch further discloses in response to the received audio message containing the token at the mobile device (Burch: par 0035; the mobile application of the mobile device "hears" the sound generated from the speaker of the desktop device by monitoring the microphone of the mobile device and decodes the challenge string and user ID embedded in the audio stream detected over the microphone of the mobile device); and conveying the user credentials and the token to the authentication server (par 0035; the mobile application of the mobile device "hears" the sound generated from the speaker of the desktop device by monitoring the microphone of the mobile device and decodes the challenge string and user ID embedded in the audio stream detected over the microphone of the mobile device; par 0056; the phone's microphone receiver relays the sound emanating from the desktop speaker and provides to the AAS during the call's connection between the phone/device and the AAS). 
The combination of Burch and Dapkus disclose all the limitations as recited above, but do not explicitly disclose retrieving the user credentials from storage on the mobile device.
However, in an analogous art, SOMANI discloses secure short-distance-base communication system/method that includes:
retrieving the user credentials from storage on the mobile device (SOMANI: par 0071; the mobile device only stores credentials, such as user account number, and the information is retrieved from the backend server in real time for completing validation or enforcement of transactions). 
Therefore, it would have been obvious to a person of ordinary skill in the art, before the effective filing date of the claimed invention to combine the teachings of SOMANI with the method/system of Burch and Dapkus to include retrieving the user credentials from storage on the mobile device. One would have been motivated to validate users in a validation and enforcement area and can check if users in the validation and enforcement area have been validated (SOMANI: abstract).

Regarding Claim 13;
This Claim recites a device that perform the same steps as method of Claim 4, and has limitations that are similar to Claim 4, thus are rejected with the same rationale applied against claim 4.  
Regarding Claim 20;
This Claim recites a non-transitory computer readable storage medium that perform the same steps as method of Claim 4, and has limitations that are similar to Claim 4, thus are rejected with the same rationale applied against claim 4.  


Claims 6 and 15 are rejected under 35 U.S.C. 103 as being unpatentable over Burch et al. (US 20150215299) in view of Dapkus et al. (US 8850219) and further in view of Sheu et al. (“Sheu,” US 20150296377, published on 10/15/2015)
Regarding Claim 6;
The combination of Burch and Dapkus disclose the method of claim 1,
The combination of Burch and Dapkus disclose all the limitations as recited above, but do not explicitly disclose the client device is a headless system.  
However, in an analogous art, Sheu discloses sharing security key system/method that includes:
wherein the client device is a headless system (Sheu: par 0028; client devices, such as wireless workstation, laptop, mobile device, and headless device, belong to a user of network).  
Therefore, it would have been obvious to a person of ordinary skill in the art, before the effective filing date of the claimed invention to combine the teachings of Sheu with the method/system of Burch and Dapkus to include wherein the client device is a headless system. One would have been motivated to used herein, a headless device may be inclusive of any type of device that lacks user interface elements. Such lack of user interface elements may make entering data more difficult or time-intensive (Sheu: par 0013). 
Regarding Claim 15;
This Claim recites a device that perform the same steps as method of Claim 6, and has limitations that are similar to Claim 6, thus are rejected with the same rationale applied against claim 6.  


Claim 7 is rejected under 35 U.S.C. 103 as being unpatentable over Burch et al. (US 20150215299) in view of Dapkus et al. (US 8850219) and further in view of Carro et al. (“Carro,” US 20050022108, published on 01/27/2005)
Regarding Claim 7; 
The combination of Burch and Dapkus disclose the method of claim 1,
The combination of Burch and Dapkus disclose all the limitations as recited above, but do not explicitly disclose wherein the client implements screen reader software for assisting visually impaired individuals.
However, in an analogous art, Carro discloses have access to information system/method that includes:
wherein the client implements screen reader software for assisting visually impaired individuals (Carro: par 0008; for someone who is completely unable to use a normal screen or read a printed text, there are two alternatives: Braille reading or speech. Currently available assistance for blind and visually impaired people comprises a wide range of technical solutions, including document scanners and enlargers, interactive speech software and cognitive tools, screen reader software and screen enlargement programs).  
Therefore, it would have been obvious to a person of ordinary skill in the art, before the effective filing date of the claimed invention to combine the teachings of Carro with the method/system of Burch and Dapkus to include wherein the client implements screen reader software for assisting visually impaired individuals. One would have been motivated to converts text (or other elements) on a computer screen to speech, allowing blind or visually impaired users to hear what is displayed on their computer screen (Carro: par 0009).

Claims 8 and 16 are rejected under 35 U.S.C. 103 as being unpatentable over Burch et al. (US 20150215299) in view of Dapkus et al. (US 8850219) and further in view of Manikantan et al. (“Manikantan,” US 20170243417, Published on  08/24/2017)
Regarding Claim 8; 
The combination of Burch and Dapkus disclose the method of claim 1,
The combination of Burch and Dapkus disclose all the limitations as recited above, but do not explicitly disclose wherein the generated token includes an expiration time, wherein the authentication server verifies that the authentication request is received from the mobile device within the expiration time.
However, in an analogous art, Manikantan discloses token to authenticate system/method that includes:
wherein the generated token includes an expiration time, wherein the authentication server verifies that the authentication request is received from the mobile device within the expiration time (Manikantan: par 0005; a secure authorization token that includes an expiration time, connecting the mobile device to a backend system using the secure authorization token from the mobile device, verifying, using the backend system, an authenticity of the secure authorization token from the mobile device based on at least the expiration time, generating, at the backend system, a secure access token and a random number in response to the authenticity of the secure authorization token being verified).  
Therefore, it would have been obvious to a person of ordinary skill in the art, before the effective filing date of the claimed invention to combine the teachings of Manikantan with the method/system of Burch and Dapkus to include wherein the generated token includes an expiration time, wherein the authentication server verifies that the authentication request is received from the mobile device within the expiration time. One would have been motivated to generally relates to secure authorization tokens and, more particularly, to anonymous and ephemeral tokens for authenticating elevator hall calls (Manikantan: par 0002).


Regarding Claim 16;
This Claim recites a device that perform the same steps as method of Claim 8, and has limitations that are similar to Claim 8, thus are rejected with the same rationale applied against claim 8.  

Claim 9 is rejected under 35 U.S.C. 103 as being unpatentable over Burch et al. (US 20150215299) in view of Dapkus et al. (US 8850219) and further in view of Eastlake et al. (“Eastlake,” US 20060094401, published on 05/04/2006)
Regarding Claim 9;
The combination of Burch and Dapkus disclose the method of claim 1,
The combination of Burch and Dapkus disclose all the limitations as recited above, but do not explicitly disclose wherein the authentication request to the authentication server further includes a mobile device ID corresponding to the mobile device, wherein the authentication server verifies that the mobile device is authorized based on the mobile device ID.
However, in an analogous art, Eastlake discloses authentication of mobile devices system/method that includes:
wherein the authentication request to the authentication server further includes a mobile device ID corresponding to the mobile device (Eastlake: par 0022; in the message, the mobile device announces its identity ID, where the mobile device's identity is information which the remote authentication process uses to determine the home device to which the mobile device is authenticated), wherein the authentication server verifies that the mobile device is authorized based on the mobile device ID (Eastlake: par 0017; during this authentication process, mobile device was verified or identified as being authorized to have access to the WLAN resources). 
Therefore, it would have been obvious to a person of ordinary skill in the art, before the effective filing date of the claimed invention to combine the teachings of Eastlake with the method/system of Burch and Dapkus to include wherein the authentication request to the authentication server further includes a mobile device ID corresponding to the mobile device, wherein the authentication server verifies that the mobile device is authorized based on the mobile device ID. One would have been motivated to determine whether the mobile device can connect to the remote device by concurrently sending a challenge to the mobile device and the home device. The remote device then compares the responses from the mobile device and the home device (Eastlake: abstract).

  
Conclusion

Any inquiry concerning this communication or earlier communications from the examiner should be directed to CHAO WANG whose telephone number is (313)446-6644.  The examiner can normally be reached on Monday-Friday 7:30-4:30PM EST.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice. If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Luu Pham can be reached on (571)270-5002.  The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system.  Status information for published applications may be obtained from either Private PAIR or Public PAIR.  Status information for unpublished applications is available through Private PAIR only.  For more information about the PAIR system, see https://ppair-my.uspto.gov/pair/PrivatePair. Should you have questions on access to the Private PAIR system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative or access to the automated information system, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.






/C.W./Examiner, Art Unit 2439   


/LUU T PHAM/Supervisory Patent Examiner, Art Unit 2439