DETAILED ACTION
Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .
This initial written action is responding to the communication dated on 08/13/2021.
Claims 1-20 are submitted for examination.
Claims 1-20 are pending.
In the event the determination of the status of the application as subject to AIA  35 U.S.C. 102 and 103 (or as subject to pre-AIA  35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status.  

Priority
This application filed on August 13, 2021 claims priority of continuing application 15/955,270 filed on April 17, 2018, which claims priority of provisional application 62/486,210 filed on April 17, 2017.
Claim Objections
Claims 8 and 17 objected to because of the following informalities:  Claim 8 recites a limitation, “ ..wherein the third party access code and the unique access code are determined to match if the third party access code and the unique access code are identical…”. Claim 17 recites a limitation “…..wherein the third party access code and the unique access code are determined to match if the third party access code and the unique access code are identical”.   Examiner suggest replacing “if” with “When” or “In response to”. Appropriate correction is required.

Claim Analysis - 35 USC § 112
The following is a quotation of 35 U.S.C. 112(f):
(f) Element in Claim for a Combination. – An element in a claim for a combination may be expressed as a means or step for performing a specified function without the recital of structure, material, or acts in support thereof, and such claim shall be construed to cover the corresponding structure, material, or acts described in the specification and equivalents thereof. 

The following is a quotation of pre-AIA  35 U.S.C. 112, sixth paragraph:
An element in a claim for a combination may be expressed as a means or step for performing a specified function without the recital of structure, material, or acts in support thereof, and such claim shall be construed to cover the corresponding structure, material, or acts described in the specification and equivalents thereof.

The claims in this application are given their broadest reasonable interpretation using the plain meaning of the claim language in light of the specification as it would be understood by one of ordinary skill in the art.  The broadest reasonable interpretation of a claim element (also commonly referred to as a claim limitation) is limited by the description in the specification when 35 U.S.C. 112(f) or pre-AIA  35 U.S.C. 112, sixth paragraph, is invoked. 
As explained in MPEP § 2181, subsection I, claim limitations that meet the following three-prong test will be interpreted under 35 U.S.C. 112(f) or pre-AIA  35 U.S.C. 112, sixth paragraph:
(A)	the claim limitation uses the term “means” or “step” or a term used as a substitute for “means” that is a generic placeholder (also called a nonce term or a non-structural term having no specific structural meaning) for performing the claimed function; 
(B)	the term “means” or “step” or the generic placeholder is modified by functional language, typically, but not always linked by the transition word “for” (e.g., “means for”) or another linking word or phrase, such as “configured to” or “so that”; and 
(C)	the term “means” or “step” or the generic placeholder is not modified by sufficient structure, material, or acts for performing the claimed function. 
Use of the word “means” (or “step”) in a claim with functional language creates a rebuttable presumption that the claim limitation is to be treated in accordance with 35 U.S.C. 112(f) or pre-AIA  35 U.S.C. 112, sixth paragraph. The presumption that the claim limitation is interpreted under 35 U.S.C. 112(f) or pre-AIA  35 U.S.C. 112, sixth paragraph, is rebutted when the claim limitation recites sufficient structure, material, or acts to entirely perform the recited function. 
Absence of the word “means” (or “step”) in a claim creates a rebuttable presumption that the claim limitation is not to be treated in accordance with 35 U.S.C. 112(f) or pre-AIA  35 U.S.C. 112, sixth paragraph. The presumption that the claim limitation is not interpreted under 35 U.S.C. 112(f) or pre-AIA  35 U.S.C. 112, sixth paragraph, is rebutted when the claim limitation recites function without reciting sufficient structure, material or acts to entirely perform the recited function. 
Claim limitations in this application that use the word “means” (or “step”) are being interpreted under 35 U.S.C. 112(f) or pre-AIA  35 U.S.C. 112, sixth paragraph, except as otherwise indicated in an Office action. Conversely, claim limitations in this application that do not use the word “means” (or “step”) are not being interpreted under 35 U.S.C. 112(f) or pre-AIA  35 U.S.C. 112, sixth paragraph, except as otherwise indicated in an Office action. This application includes one or more claim limitations that do not use the word “means,” but are nonetheless being interpreted under 35 U.S.C. 112(f) or pre-AIA  35 U.S.C. 112, sixth paragraph, because the claim limitation(s) uses a generic placeholder that is coupled with functional language without reciting sufficient structure to perform the recited function and the generic placeholder is not preceded by a structural modifier.  Such claim limitation(s) is/are: “….the account system that is further configured to: receive the third party access code from the electronic computing device” in claim 10. “….wherein the account system is further configured to generate the unique access code..” in claim 15.  “…..wherein the account system is further configured to: prior to determining that the third party access code matches the unique access code..”, in claim 18.
Because this/these claim limitation(s) is/are being interpreted under 35 U.S.C. 112(f) or pre-AIA  35 U.S.C. 112, sixth paragraph, it/they is/are being interpreted to cover the corresponding structure described in the specification as performing the claimed function, and equivalents thereof.
If applicant does not intend to have this/these limitation(s) interpreted under 35 U.S.C. 112(f) or pre-AIA  35 U.S.C. 112, sixth paragraph, applicant may:  (1) amend the claim limitation(s) to avoid it/them being interpreted under 35 U.S.C. 112(f) or pre-AIA  35 U.S.C. 112, sixth paragraph (e.g., by reciting sufficient structure to perform the claimed function); or (2) present a sufficient showing that the claim limitation(s) recite(s) sufficient structure to perform the claimed function so as to avoid it/them being interpreted under 35 U.S.C. 112(f) or pre-AIA  35 U.S.C. 112, sixth paragraph.
This application includes one or more claim limitations that do not use the word “means,” but are nonetheless being interpreted under 35 U.S.C. 112(f) or pre-AIA  35 U.S.C. 112, sixth paragraph, because the claim limitation(s) uses a generic placeholder that is coupled with functional language without reciting sufficient structure to perform the recited function and the generic placeholder is not preceded by a structural modifier.  Such claim limitation(s) is/are: “….the account system that is further configured to: receive the third party access code from the electronic computing device” in claim 10. “….wherein the account system is further configured to generate the unique access code..” in claim 15.  “…..wherein the account system is further configured to: prior to determining that the third party access code matches the unique access code..”, in claim 18.
Because this/these claim limitation(s) is/are being interpreted under 35 U.S.C. 112(f) or pre-AIA  35 U.S.C. 112, sixth paragraph, it/they is/are being interpreted to cover the corresponding structure described in the specification as performing the claimed function, and equivalents thereof.
If applicant does not intend to have this/these limitation(s) interpreted under 35 U.S.C. 112(f) or pre-AIA  35 U.S.C. 112, sixth paragraph, applicant may:  (1) amend the claim limitation(s) to avoid it/them being interpreted under 35 U.S.C. 112(f) or pre-AIA  35 U.S.C. 112, sixth paragraph (e.g., by reciting sufficient structure to perform the claimed function); or (2) present a sufficient showing that the claim limitation(s) recite(s) sufficient structure to perform the claimed function so as to avoid it/them being interpreted under 35 U.S.C. 112(f) or pre-AIA  35 U.S.C. 112, sixth paragraph.

Double Patenting
The nonstatutory double patenting rejection is based on a judicially created doctrine grounded in public policy (a policy reflected in the statute) so as to prevent the unjustified or improper timewise extension of the “right to exclude” granted by a patent and to prevent possible harassment by multiple assignees. A nonstatutory double patenting rejection is appropriate where the conflicting claims are not identical, but at least one examined application claim is not patentably distinct from the reference claim(s) because the examined application claim is either anticipated by, or would have been obvious over, the reference claim(s). See, e.g., In re Berg, 140 F.3d 1428, 46 USPQ2d 1226 (Fed. Cir. 1998); In re Goodman, 11 F.3d 1046, 29 USPQ2d 2010 (Fed. Cir. 1993); In re Longi, 759 F.2d 887, 225 USPQ 645 (Fed. Cir. 1985); In re Van Ornum, 686 F.2d 937, 214 USPQ 761 (CCPA 1982); In re Vogel, 422 F.2d 438, 164 USPQ 619 (CCPA 1970); In re Thorington, 418 F.2d 528, 163 USPQ 644 (CCPA 1969).
A timely filed terminal disclaimer in compliance with 37 CFR 1.321(c) or 1.321(d) may be used to overcome an actual or provisional rejection based on nonstatutory double patenting provided the reference application or patent either is shown to be commonly owned with the examined application, or claims an invention made as a result of activities undertaken within the scope of a joint research agreement. See MPEP § 717.02 for applications subject to examination under the first inventor to file provisions of the AIA  as explained in MPEP § 2159. See MPEP § 2146 et seq. for applications not subject to examination under the first inventor to file provisions of the AIA . A terminal disclaimer must be signed in compliance with 37 CFR 1.321(b). 
The USPTO Internet website contains terminal disclaimer forms which may be used. Please visit www.uspto.gov/patent/patents-forms. The filing date of the application in which the form is filed determines what form (e.g., PTO/SB/25, PTO/SB/26, PTO/AIA /25, or PTO/AIA /26) should be used. A web-based eTerminal Disclaimer may be filled out completely online using web-screens. An eTerminal Disclaimer that meets all requirements is auto-processed and approved immediately upon submission. For more information about eTerminal Disclaimers, refer to www.uspto.gov/patents/process/file/efs/guidance/eTD-info-I.jsp.

Claims 1-20 are rejected on the ground of nonstatutory double patenting as being unpatentable over claims 1-3, 6-10 and 13-14  of U.S. Patent No. 11,085,631. Although the claims at issue are not identical, they are not patentably distinct from each other. Please see below comparison table.

 
Instant Application 17/401,508
 
US PAT. # US 11,095,631 (App. # 15/955,270) 
 
 
SYSTEMS AND METHODS FOR IDENTITY VERIFICATION VIA THIRD PARTY ACCOUNTS
 
SYSTEMS AND METHODS FOR IDENTITY VERIFICATION VIA THIRD PARTY ACCOUNTS
 
 
 
 
 
 
1
A method, comprising: receiving a request for access to a system from an electronic computing device operated by an individual, the request comprising (i) metadata corresponding to the electronic computing device operated by the individual and (ii) an identifying credential corresponding to the individual; verifying the identifying credential is valid and corresponds to an account authorized to access the system by determining whether the metadata is within one or more predetermined parameters corresponding to the account; transmitting a unique access code to a particular third party system, wherein the particular third party system is preauthorized with the system to confirm an identity of the individual; receiving a third party access code, wherein receiving the third party access code comprises the individual accessing the particular third party system by navigating to the particular third party system via the electronic computing device, retrieving the third party access code from the particular third party system, and manually providing the third party access code to the system via the electronic computing device; and providing access to the system to the electronic computing device in response to determining that the third party access code matches the unique access code.
1
 A method for verifying an identity of an individual attempting to access a system, comprising the steps of: receiving a request for access to the system from an electronic computing device operated by the individual, the request comprising metadata regarding the request and a credential comprising one or more of the following: a username, a password, biometric data, and/or liveness-verified data corresponding to the individual, wherein the metadata comprises at least one of: a physical location of the electronic computing device, a timestamp for the request, and a network address for the electronic computing device; verifying the credential is valid and correspond to an account authorized to access the system by determining whether the metadata is within one or more predetermined parameters corresponding to the account; generating a unique access code corresponding to the request; transmitting the unique access code to a particular third party system, 
 
 
 
1
 wherein the particular third party system is preauthorized with the system to confirm the identity of the individual; receiving a third party access code, wherein receiving the third party access code comprises the individual accessing the particular third party system by navigating to the particular third party system via the electronic computing device, retrieving the third party access code from the particular third party system, and manually providing the third party access code to the system via the electronic computing device; determining whether the third party access code matches the unique access code, wherein determining that the third party access code matches the unique access code confirms the identity of the individual; and upon determining that the third party access code matches the unique access code, providing access to the system to the electronic computing device.
 
2
The method of claim 1, wherein the particular third party system is selected from a list comprising: a social media account and an email account.
2
The method of claim 1, wherein the particular third party system is selected from a list comprising: a social media account and an email account.
 
3
The method of claim 1, wherein the system is selected from a list comprising: an email account, a network account, an operating system account, and an enterprise account.
3
The method of claim 1, wherein the system is selected from a list comprising: an email account, a network account, an operating system account, and an enterprise account.
 
4
The method of claim 1, wherein the identifying credential corresponding to the individual comprises a username, a password, biometric data, or liveness verified data corresponding to the individual.
1
the request comprising metadata regarding the request and a credential comprising one or more of the following: a username, a password, biometric data, and/or liveness-verified data corresponding to the individual
 
5
The method of claim 1, wherein the metadata corresponding to the electronic computing device comprises a physical location of the electronic computing device at the time of the request for access, a timestamp corresponding to the request for access, and a network address associated with the electronic computing device.
1
wherein the metadata comprises at least one of: a physical location of the electronic computing device, a timestamp for the request, and a network address for the electronic computing device;
 
6
The method of claim 1, wherein the method further comprises the step of generating the unique access code upon determining that the metadata is within the one or more predetermined parameters.
1
whether the metadata is within one or more predetermined parameters corresponding to the account; generating a unique access code corresponding to the request
 
7
The method of claim 1, wherein the unique access code comprises an alphanumeric string of characters.
6
The method of claim 1, wherein the unique access code comprises an alphanumeric string of characters, a barcode, or a QR code.
 
8
The method of claim 1, wherein the third party access code and the unique access code are determined to match if the third party access code and the unique access code are identical.
1
determining whether the third party access code matches the unique access code
 
9
The method of claim 8, further comprising: determining that the third party access code does not match the unique access code; upon determining that the third party access code does not match the unique access code, requesting that the individual provide a second third party access code; and receiving the second third party access code from the electronic computing device.
7
The method of claim 6, further comprising the steps of: prior to determining that the third party access code matches the unique access code, determining that the third party access code does not match the unique access code; upon determining that the third party access code does not match the unique access code, requesting that the individual provide a second third party access code; and receiving the second third party access code from the electronic computing device.
 
10
A system, comprising: an electronic computing device operated by an individual, the electronic computing device comprising a first processor and memory and being configured to (i) generate a request for access to an account system and (ii) transmit the request to the account system, the request comprising (i) metadata corresponding to the electronic computing device operated by the individual and (ii) an identifying credential corresponding to the individual; the account system comprising a second processor and memory and being configured to: receive the request for access from the electronic computing device; verify the identifying credential is valid and corresponds to an account authorized to access the account system by determining whether the metadata is within one or more predetermined parameters corresponding to the account; and transmit the unique access code to a particular third party system and wherein the particular third party system is preauthorized with the account system to confirm an identity of the individual;
8
 A system that verifies an identity of an individual attempting to access an account system, comprising: an electronic computing device operated by the individual, the electronic computing device comprising a first hardware processor and memory and being configured to generate a request for access to the account system and transmit the request to the account system, the request comprising metadata regarding the request and a credential comprising one or more of the following: a username, a password, biometric data, and/or liveness-verified data corresponding to the individual, wherein the metadata comprises at least one of: a physical location of the electronic computing device, a timestamp for the request, and a network address for the electronic computing device; the account system comprising a second hardware processor and memory and being configured to: receive the request for access from the electronic computing device; verify the credential is valid and correspond to an account authorized to access the account system by determining whether the metadata is within one or more predetermined parameters corresponding to the account; generate a unique access code corresponding to the request; 
 
10
the particular third party system that receives the unique access code from the account system; the electronic computing device that is configured to execute user instructions to access the particular third party system, wherein accessing the particular third party system comprises the individual navigating to the particular third party system via the electronic computing device and retrieving the third party access code from the particular third party system, and wherein the individual manually provides the third party access code to the account system via the electronic computing device; and the account system that is further configured to: receive the third party access code from the electronic computing device; and provide access to the account system to the electronic computing device in response to determining that the third party access code matches the unique access code.
8
and transmit the unique access code to a particular third party system, and wherein the plurality of the particular third party system is preauthorized with the account system to confirm the identity of the individual; the particular third party system that receives the unique access code from the account system, wherein the particular third party system transforms the unique access code into a third party access code; the electronic computing device that is configured to execute user instructions to access the particular third party system, wherein accessing the particular third party system comprises the user navigating to the particular third party system via the electronic computing device and retrieving the third party access code from the particular third party system, and wherein the user manually provides the third party access code to the account system via the electronic computing device; and the account system that is further configured to: receive the third party access code from the electronic computing device; determine whether the third party access code matches the unique access code, wherein determining that the third party access code matches the unique access code confirms the identity of the individual; and upon determining that the third party access code matches the unique access code, provide access to the account system to the electronic computing device.
 
11
The system of claim 10, wherein the particular third party system is selected from a list comprising: a social media account and an email account.
9
The system of claim 8, wherein the particular third party system is selected from a list comprising: a social media account and an email account.
 
12
The system of claim 10, wherein the account system is selected from a list comprising: an email account, a network account, an operating system account, and an enterprise account.
10
The system of claim 8, wherein the account system is selected from a list comprising: an email account, a network account, an operating system account, and an enterprise account.
 
13
The system of claim 10, wherein the identifying credential corresponding to the individual comprises a username, a password, biometric data, or liveness verified data corresponding to the individual.
8
a credential comprising one or more of the following: a username, a password, biometric data, and/or liveness-verified data corresponding to the individual
 
14
The system of claim 10, wherein the metadata corresponding to the electronic computing device comprises a physical location of the electronic computing device at the time of the request for access, a timestamp corresponding to the request for access, and a network address associated with the electronic computing device.
8
wherein the metadata comprises at least one of: a physical location of the electronic computing device, a timestamp for the request, and a network address for the electronic computing device; 
 
15
The system of claim 10, wherein the account system is further configured to generate the unique access code upon determining that the metadata is within the one or more predetermined parameters.
8
verify the credential is valid and correspond to an account authorized to access the account system by determining whether the metadata is within one or more predetermined parameters corresponding to the account; generate a unique access code corresponding to the request; 
 
16
The system of claim 10, wherein the unique access code comprises an alphanumeric string of characters.
13
The system of claim 8, wherein the unique access code comprises an alphanumeric string of characters, a barcode, or a QR code.
 
17
The system of claim 10, wherein the third party access code and the unique access code are determined to match if the third party access code and the unique access code are identical.
8
determine whether the third party access code matches the unique access code, wherein determining that the third party access code matches the unique access code confirms the identity of the individual
 
18
The system of claim 17, wherein the account system is further configured to: prior to determining that the third party access code matches the unique access code, determine that the third party access code does not match the unique access code; upon determining that the third party access code does not match the unique access code, request a second third party access code from the electronic computing device; and receive the second third party access code from the electronic computing device.
14
The system of claim 13, wherein the account system is further configured to: prior to determining that the third party access code matches the unique access code, determine that the third party access code does not match the unique access code; upon determining that the third party access code does not match the unique access code, request a second third party access code from the electronic computing device; and receive the second third party access code from the electronic computing device.
 
19
A non-transitory computer-readable medium comprising instructions that, when executed by a processor, cause the processor to: receive a request for access to a system from the electronic computing device operated by an individual, the request comprising (i) metadata corresponding to the electronic computing device operated by the individual and (ii) an identifying credential corresponding to the individual; verify the identifying credential is valid and corresponds to an account authorized to access the system by determining whether the metadata is within one or more predetermined parameters corresponding to the account; transmit a unique access code to a particular third party system, wherein the particular third party system is preauthorized with the system to confirm an identity of the individual; receive a third party access code, wherein receiving the third party access code comprises the individual accessing the particular third party system by navigating to the particular third party system via the electronic computing device, retrieving the third party access code from the particular third party system, and manually providing the third party access code to the system via the electronic computing device; and provide access to the system to the electronic computing device in response to determining that the third party access code matches the unique access code.
1
 A method for verifying an identity of an individual attempting to access a system, comprising the steps of: receiving a request for access to the system from an electronic computing device operated by the individual, the request comprising metadata regarding the request and a credential comprising one or more of the following: a username, a password, biometric data, and/or liveness-verified data corresponding to the individual, wherein the metadata comprises at least one of: a physical location of the electronic computing device, a timestamp for the request, and a network address for the electronic computing device; verifying the credential is valid and correspond to an account authorized to access the system by determining whether the metadata is within one or more predetermined parameters corresponding to the account; generating a unique access code corresponding to the request; transmitting the unique access code to a particular third party system, 
 
 
 
1
 wherein the particular third party system is preauthorized with the system to confirm the identity of the individual; receiving a third party access code, wherein receiving the third party access code comprises the individual accessing the particular third party system by navigating to the particular third party system via the electronic computing device, retrieving the third party access code from the particular third party system, and manually providing the third party access code to the system via the electronic computing device; determining whether the third party access code matches the unique access code, wherein determining that the third party access code matches the unique access code confirms the identity of the individual; and upon determining that the third party access code matches the unique access code, providing access to the system to the electronic computing device.
 
20
The non-transitory computer readable medium of claim 19, wherein the instructions are further executable by the processor to cause the processor to: generate the unique access code upon determining that the metadata is within the one or more predetermined parameters.
1
verifying the credential is valid and correspond to an account authorized to access the system by determining whether the metadata is within one or more predetermined parameters corresponding to the account; generating a unique access code corresponding to the request
 



Claim Rejections - 35 USC § 112
The following is a quotation of 35 U.S.C. 112(b):
(b)  CONCLUSION.—The specification shall conclude with one or more claims particularly pointing out and distinctly claiming the subject matter which the inventor or a joint inventor regards as the invention.


The following is a quotation of 35 U.S.C. 112 (pre-AIA ), second paragraph:
The specification shall conclude with one or more claims particularly pointing out and distinctly claiming the subject matter which the applicant regards as his invention.


Claim limitation ““….the account system that is further configured to: receive the third party access code from the electronic computing device” in claim 10. “….wherein the account system is further configured to generate the unique access code..” in claim 15.  “…..wherein the account system is further configured to: prior to determining that the third party access code matches the unique access code..”, in claim 18 invokes 35 U.S.C. 112(f) or pre-AIA  35 U.S.C. 112, sixth paragraph. However, the written description fails to disclose the corresponding structure, material, or acts for performing the entire claimed function and to clearly link the structure, material, or acts to the function. The account system is interpreted as Account System 103 in drawing figure 1. It is not clear the accounting system is a hardware system or a software system. The specification is silent regarding the description of the accounting system 103. Therefore, the claim is indefinite and is rejected under 35 U.S.C. 112(b) or pre-AIA  35 U.S.C. 112, second paragraph.
Applicant may:
(a)        Amend the claim so that the claim limitation will no longer be interpreted as a limitation under 35 U.S.C. 112(f) or pre-AIA  35 U.S.C. 112, sixth paragraph; 
(b)        Amend the written description of the specification such that it expressly recites what structure, material, or acts perform the entire claimed function, without introducing any new matter (35 U.S.C. 132(a)); or 
(c)        Amend the written description of the specification such that it clearly links the structure, material, or acts disclosed therein to the function recited in the claim, without introducing any new matter (35 U.S.C. 132(a)).
If applicant is of the opinion that the written description of the specification already implicitly or inherently discloses the corresponding structure, material, or acts and clearly links them to the function so that one of ordinary skill in the art would recognize what structure, material, or acts perform the claimed function, applicant should clarify the record by either: 
(a)        Amending the written description of the specification such that it expressly recites the corresponding structure, material, or acts for performing the claimed function and clearly links or associates the structure, material, or acts to the claimed function, without introducing any new matter (35 U.S.C. 132(a)); or 
(b)        Stating on the record what the corresponding structure, material, or acts, which are implicitly or inherently set forth in the written description of the specification, perform the claimed function. For more information, see 37 CFR 1.75(d) and MPEP §§ 608.01(o) and 2181.

Claim Rejections - 35 USC § 103
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.


Claims 1, 3-8, 10, 12-17 and 19-20 are rejected under 35 U.S.C. 103 as being unpatentable over Bao et al. (US PGPUB. # US 2017/0171200, hereinafter “Bao”), and further in view of Paul Headley (US PGPUB. # US 2013/0047223, hereinafter “Headley”), and further in view of Pirrwitz et al. (US PGPUB. # US 2018/0048472, hereinafter “Pirrwitz”, priority based on foreign application “EP15157247.6”, filed on 03/02/2015), and further in view of Ravi Ganesan (US PGPUB. # US 2016/0050199, hereinafter “Ganesan”).

Referring to Claims 1, 10 and 19:
Regarding Claim 10, Bao teaches,
 A system, comprising: 
an electronic computing device operated by an individual, the electronic computing device comprising a first processor and memory and being configured to (i) generate a request for access to an account system and (ii) transmit the request to the account system, the request comprising [(i) metadata corresponding to the electronic computing device operated by the individual] and (ii) an identifying credential corresponding to the individual; (Fig. 5 (210), ¶34-¶35, “User device 210 may include a portable computing and communication device, such as a personal digital assistant (PDA), a smart phone, a cellular phone, a laptop computer with connectivity to a cellular wireless network, a tablet computer, etc”, Fig. 5, Step 5.1, ¶54, “user device 210 may attempt to log in to a service offered by client application server 230 by, for example, providing a username and password to client application server 230 (at 5.1)”, Fig. 6(610), ¶61 i.e. user device generates an access request by providing username and password).
the account system comprising a second processor and memory and being configured to: 
receive the request for access from the electronic computing device (Fig. 6(610), ¶61, i.e. a request is received by the application server); verify the identifying credential is valid and corresponds to an account authorized to access the account system [by determining whether the metadata is within one or more predetermined parameters corresponding to the account]; (Fig. 6(620), ¶61, “Client application server 230 may verify that the user authentication information is valid and respond by communicating a request to user device 210 to be authenticated by network authentication server 220 (line 620)”) and 
the account system that is further configured to: 
receive the third party access code from the electronic computing device (Fig. 5(5.9), ¶57, “user device 210 may forward the callback URL and OTVC to client application server 230 (at 5.9)”, Fig. 7 (720), ¶63, “The message may also include the OTVC. In some implementations, the message may include a HTTP 302 Redirect message. User device 210 may forward the message to client application server 230 (line 720)”); and 
provide access to the account system to the electronic computing device (Fig. 1B(11b), ¶33, “the application server may notify the user that he or she has been logged in and may access the requested service (at 11b)”) [in response to determining that the third party access code matches the unique access code].
Bao does not teach explicitly,
[an electronic computing device operated by an individual, the electronic computing device comprising a first processor and memory and being configured to (i) generate a request for access to an account system and (ii) transmit the request to the account system, the request comprising] (i) metadata corresponding to the electronic computing device operated by the individual [and (ii) an identifying credential corresponding to the individual]; 
the account system comprising a second processor and memory and being configured to: 
[receive the request for access from the electronic computing device; verify the identifying credential is valid and corresponds to an account authorized to access the account system] by determining whether the metadata is within one or more predetermined parameters corresponding to the account; and 
transmit the unique access code to a particular third party system and wherein the particular third party system is preauthorized with the account system to confirm an identity of the individual; 
the particular third party system that receives the unique access code from the account system; 
the electronic computing device that is configured to execute user instructions to access the particular third party system, wherein accessing the particular third party system comprises the individual navigating to the particular third party system via the electronic computing device and retrieving the third party access code from the particular third party system, and wherein the individual manually provides the third party access code to the account system via the electronic computing device; and 
[provide access to the account system to the electronic computing device] in response to determining that the third party access code matches the unique access code.
However, Headley teaches,
[an electronic computing device operated by an individual, the electronic computing device comprising a first processor and memory and being configured to (i) generate a request for access to an account system and (ii) transmit the request to the account system, the request comprising] (i) metadata corresponding to the electronic computing device operated by the individual (Fig. 2(210, 220), ¶25, ¶27, ¶28, “the information determined in step 340 can simply be the Internet Protocol (IP) address of the user computing system 110 which is known from step 310”, ¶29, “a geographical location can be determined for the user computing system 110 based on the IP address”, i.e. Examiner submits that IP address, geographical locations are considered as metadata) [and (ii) an identifying credential corresponding to the individual]; 
the account system comprising a second processor and memory and being configured to: 
[receive the request for access from the electronic computing device; verify the identifying credential is valid and corresponds to an account authorized to access the account system] by determining whether the metadata is within one or more predetermined parameters corresponding to the account (¶29, “the authentication computing system 140 can compare the IP address of the user computing system 110 with the IP addresses of prior logins for the same claimant target to determine whether the IP address of the user computing system 110 is the same or different as compared to prior logins. As another example, a geographical location can be determined for the user computing system 110 based on the IP address. The IP address 173.16.176.103 is associated with the location Clearlake, Calif., for instance”, ¶33, i.e. it is determined that the meta data is within one or more predetermined parameters); and 
As per KSR vs Teleflex, combining prior art elements according to known methods (device, product) to yield predictable results may be used to create a prima facie case of obviousness.
It would have been obvious to one of ordinary skill in the art before the effective filing date to have combined the teachings of Hadley with the invention of Bao.
Bao teaches, a user device providing credential to a system to access services. Hadley teaches, a user device providing credential along with metadata to a system to access services. Therefore, it would have been obvious to have a user device providing credential along with metadata to a system to access services of Hadley with a user device providing credential to a system to access services of Bao to provide a safe login and avoiding malicious user taking user’s credentials information. KSR Int’l v. Teleflex Inc., 127 S. Ct. 1727, 1740-41, 82 USPQ2d 1385, 1396 (2007). 
Combination of Bao and Hadley does not teach explicitly,
transmit the unique access code to a particular third party system and wherein the particular third party system is preauthorized with the account system to confirm an identity of the individual; 
the particular third party system that receives the unique access code from the account system; 
the electronic computing device that is configured to execute user instructions to access the particular third party system, wherein accessing the particular third party system comprises the individual navigating to the particular third party system via the electronic computing device and retrieving the third party access code from the particular third party system, and wherein the individual manually provides the third party access code to the account system via the electronic computing device; and 
[provide access to the account system to the electronic computing device] in response to determining that the third party access code matches the unique access code.
However, Pirrwitz teaches,
transmit the unique access code to a particular third party system (Abstract, “The recipient system generates a one-time password (OTP) and sends it to the authentication server”, Fig. 13 (step 2), ¶72, “a request for authentication including the token ID together with a random one time password (OTP) is sent to the authentication server by the recipient system (cf. step 2. in FIG. 13) “, i.e. authentication server is considered as third party and an OTP is sent to the authentication server) and wherein the particular third party system is preauthorized with the account system to confirm an identity of the individual (¶58, “the user 20 must establish an account on the authentication server 50”, “The authentication server 50 uniquely identifies the user's personal electronic device 50”, i.e. user has to establish an account on authentication server (third party) indicates that the authentication server (third party) is preauthorized);
the particular third party system that receives the unique access code from the account system; (Abstract, “The recipient system generates a one-time password (OTP) and sends it to the authentication server”, Fig. 13 (step 2), ¶72, “a request for authentication including the token ID together with a random one time password (OTP) is sent to the authentication server by the recipient system (cf. step 2. in FIG. 13) “, i.e. authentication server is considered as third party and an OTP is sent to the authentication server which indicates that the authentication server receives an OTP (access code))
[provide access to the account system to the electronic computing device] in response to determining that the third party access code matches the unique access code. (Abstract, “the recipient system authenticating the user thereby by comparing the OTP generated and received”, ¶29, “to authenticate the user by comparing the generated OTP with the received OTP “, ¶72, “The recipient system checks the OTP, receives the user data and logs the user in”).
As per KSR vs Teleflex, combining prior art elements according to known methods (device, product) to yield predictable results may be used to create a prima facie case of obviousness.
It would have been obvious to one of ordinary skill in the art before the effective filing date to have combined the teachings of Pirrwitz with the invention of Bao in view of Hadley.
Bao in view of Hadley teaches, a user device providing credential to a system to access services and a user device providing credential along with metadata to a system to access services. Pirrwitz teaches, matching two OTPs to validate a user. Therefore, it would have been obvious to have matching two OTPs to validate a user of Pirrwitz into the teachings of Bao in view of Hadley to reduces the burden of securing user information at recipient sites, thereby lowering their overhead costs for such recipient systems. KSR Int’l v. Teleflex Inc., 127 S. Ct. 1727, 1740-41, 82 USPQ2d 1385, 1396 (2007). 
Combination of Bao, Hadley and Pirrwitz does not teach explicitly,
the electronic computing device that is configured to execute user instructions to access the particular third party system, wherein accessing the particular third party system comprises the individual navigating to the particular third party system via the electronic computing device and retrieving the third party access code from the particular third party system, and wherein the individual manually provides the third party access code to the account system via the electronic computing device; and 
However, Ganesan teaches,
the electronic computing device that is configured to execute user instructions to access the particular third party system, wherein accessing the particular third party system comprises the individual navigating to the particular third party system via the electronic computing device and retrieving the third party access code from the particular third party system, and wherein the individual manually provides the third party access code to the account system via the electronic computing device; (Fig. 1, ¶73, “the security server 140 or 240 will have an active communication channel 142 or 242 open to the user”, ¶74, “The security server 140 or 240 computes a onetime login personal identification number (PIN), i.e. a one-time-password (OTP), to authenticate the user to the website, as a function of the secret it shares with that particular website 130 or 230. The security server 140 or 240 then transmits this one time login password to the user's pop-up window 120 or 220 via communication channel 144 or 244. The user cuts and pastes or otherwise copies this one time login password into the web browser 110 or 210 and the login password is transmitted back to the website 130 or 230 via communication channel 132 or 232”, i.e. user communicates with the security server (third party), and retrieves a one-time-password (access code) in a pop-up window and provides the one-time-password (access code) to the website (system) by either cut and paste or copying (manually entering)).
As per KSR vs Teleflex, combining prior art elements according to known methods (device, product) to yield predictable results may be used to create a prima facie case of obviousness.
It would have been obvious to one of ordinary skill in the art before the effective filing date to have combined the teachings of Ganesan with the invention of Bao in view of Hadley and Pirrwitz.
Bao in view of Hadley and Pirrwitz teaches, a user device providing credential to a system to access services and a user device providing credential along with metadata to a system to access services and matching two OTPs to validate a user. Ganesan teaches, retrieving an OTP from a third party system and manually providing to a website to access the resources and services. Therefore, it would have been obvious to have retrieving an OTP from a third party system and manually providing to a website to access the resources and services of Ganesan into the teachings of Bao in view of Hadley and Pirrwitz to provide efficient and secure login authentication and transaction authorization using plug-in hardware compatible with smart mobile communication devices and Internet connectable personal computing devices. KSR Int’l v. Teleflex Inc., 127 S. Ct. 1727, 1740-41, 82 USPQ2d 1385, 1396 (2007). 

Regarding Claim 1, it is a method Claim of above system Claim 10 and therefore Claim 1 is rejected with the same rationale as applied against Claim 10 above.

Regarding Claim 19, it is a non-transitory computer-readable medium Claim of above system Claim 10 and therefore Claim 19 is rejected with the same rationale as applied against Claim 10 above.

Referring to Claims 3 and 12:
Regarding Claim 3, rejection of Claim 1 is included and for the same motivation Bao teaches,
The method of claim 1, wherein the system is selected from a list comprising: an email account, a network account, an operating system account, and an enterprise account. (¶47, “such services may include a social networking service, an email service, an instant messaging service, a banking service, a financial transactions service, an online auction service, an online retail service, an information forum, a search engine, a database, a legal service (e.g., a service that enables user to submit legal documents to court or other government entity), etc”).

Regarding Claim 12, rejection of Claim 10 is included and Claim 12 is rejected with the same rationale as applied against Claim 3 above.

Referring to Claims 4 and 13:
Regarding Claim 4, rejection of Claim 1 is included and for the same motivation Bao teaches,
The method of claim 1, wherein the identifying credential corresponding to the individual comprises a username, a password, biometric data, or liveness verified data corresponding to the individual. (Fig. 5, Step 5.1, ¶54, “user device 210 may attempt to log in to a service offered by client application server 230 by, for example, providing a username and password to client application server 230 (at 5.1)”, Fig. 6(610), ¶61).
Regarding Claim 13, rejection of Claim 10 is included and Claim 13 is rejected with the same rationale as applied against Claim 4 above.

Referring to Claims 5 and 14:
Regarding Claim 5, rejection of Claim 1 is included and for the same motivation Bao does not teach explicitly,
The method of claim 1, wherein the metadata corresponding to the electronic computing device comprises a physical location of the electronic computing device at the time of the request for access, a timestamp corresponding to the request for access, and a network address associated with the electronic computing device.
However, Hadley teaches,
The method of claim 1, wherein the metadata corresponding to the electronic computing device comprises a physical location of the electronic computing device at the time of the request for access, a timestamp corresponding to the request for access, and a network address associated with the electronic computing device. (¶29, “the authentication computing system 140 can compare the IP address of the user computing system 110 with the IP addresses of prior logins for the same claimant target to determine whether the IP address of the user computing system 110 is the same or different as compared to prior logins. As another example, a geographical location can be determined for the user computing system 110 based on the IP address. The IP address 173.16.176.103 is associated with the location Clearlake, Calif., for instance”, ¶33, i.e. the meta data comprises physical location and a network address associated with the device).

Regarding Claim 14, rejection of Claim 10 is included and Claim 14 is rejected with the same rationale as applied against Claim 5 above.

Referring to Claims 6, 15 and 20:
Regarding Claim 6, rejection of Claim 1 is included and for the same motivation Bao does not teach explicitly,
The method of claim 1, wherein the method further comprises the step of generating the unique access code upon determining that the metadata is within the one or more predetermined parameters.
However, Hadley teaches,
The method of claim 1, wherein the method further comprises the step of generating the unique access code upon determining that the metadata is within the one or more predetermined parameters. (Fig. 3(340, 350), ¶29, “the authentication computing system 140 can compare the IP address of the user computing system 110 with the IP addresses of prior logins for the same claimant target to determine whether the IP address of the user computing system 110 is the same or different as compared to prior logins. As another example, a geographical location can be determined for the user computing system 110 based on the IP address”, ¶33, “the authentication computing system 140 generates an OTP”, i.e. OTP (code) is generated after determining that the metadata is within the parameters).

Regarding Claim 15, rejection of Claim 10 is included and Claim 15 is rejected with the same rationale as applied against Claim 6 above.

Regarding Claim 20, rejection of Claim 19 is included and Claim 20 is rejected with the same rationale as applied against Claim 6 above.

Referring to Claims 7 and 16:
Regarding Claim 7, rejection of Claim 1 is included and for the same motivation combination of Bao, Hadley, Pirrwitz does not teach explicitly,
The method of claim 1, wherein the unique access code comprises an alphanumeric string of characters.
However, Ganesan teaches,
The method of claim 1, wherein the unique access code comprises an alphanumeric string of characters. (¶172, “a PIN, e.g. an eight character alpha-numeric PIN”, ¶174, “The user copies the PIN into the application 1214, i.e. PIN (code) is an alphanumeric code).

Regarding Claim 16, rejection of Claim 10 is included and Claim 16 is rejected with the same rationale as applied against Claim 7 above.

Referring to Claims 8 and 17:
Regarding Claim 8, rejection of Claim 1 is included and for the same motivation combination of Bao and Hadley does not teach explicitly,
The method of claim 1, wherein the third party access code and the unique access code are determined to match if the third party access code and the unique access code are identical.
However, Pirrwitz teaches,
The method of claim 1, wherein the third party access code and the unique access code are determined to match if the third party access code and the unique access code are identical. (Abstract, “the recipient system authenticating the user thereby by comparing the OTP generated and received”, ¶29, “to authenticate the user by comparing the generated OTP with the received OTP “, ¶72, “The recipient system checks the OTP, receives the user data and logs the user in”)

Regarding Claim 17, rejection of Claim 10 is included and Claim 17 is rejected with the same rationale as applied against Claim 8 above.

Claims 2 and 11 are rejected under 35 U.S.C. 103 as being unpatentable over Bao et al. (US PGPUB. # US 2017/0171200, hereinafter “Bao”), and further in view of Paul Headley (US PGPUB. # US 2013/0047223, hereinafter “Headley”), and further in view of Pirrwitz et al. (US PGPUB. # US 2018/0048472, hereinafter “Pirrwitz”, priority based on foreign application “EP15157247.6”, filed on 03/02/2015), and further in view of Ravi Ganesan (US PGPUB. # US 2016/0050199, hereinafter “Ganesan”), and further in view of Ronda et al. (US PGPUB. # US 2014/0020073, hereinafter “Ronda”).

Referring to Claims 2 and 11:
Regarding Claim 2, rejection of Claim 1 is included and combination of Bao, Headley, Pirrwitz  and Ganesan does not teach explicitly,
The method of claim 1, wherein the particular third party system is selected from a list comprising: a social media account and an email account.
However, Ronda taches,
The method of claim 1, wherein the particular third party system is selected from a list comprising: a social media account and an email account. (¶46, “a federated login service, such as Facebook Connect.TM.”, ¶76, “Examples of the identity provider 18 comprise federated login services such as those provided by Facebook.TM. and Google.TM., ¶148, i.e. third party system is a social media account).
As per KSR vs Teleflex, combining prior art elements according to known methods (device, product) to yield predictable results may be used to create a prima facie case of obviousness.
It would have been obvious to one of ordinary skill in the art before the effective filing date to have combined the teachings of Ronda with the invention of Bao in view of Hadley, Pirrwitz and Ganesan.
Bao in view of Hadley, Pirrwitz and Ganesan teaches, a user device providing credential to a system to access services and a user device providing credential along with metadata to a system to access services and matching two OTPs to validate a user and retrieving an OTP from a third party system and manually providing to a website to access the resources and services. Ronda teaches a system having a social media account. Therefore, it would have been obvious to have a system having a social media account of Ronda into the teachings of Bao in view of Hadley, Pirrwitz and Ganesan for user convenience which helps user to avoid keeping multiple passwords for multiple providers. KSR Int’l v. Teleflex Inc., 127 S. Ct. 1727, 1740-41, 82 USPQ2d 1385, 1396 (2007). 

Regarding Claim 11, rejection of Claim 10 is included and Claim 11 is rejected with the same rationale as applied against Claim 2 above.

Claims 9 and 18 are rejected under 35 U.S.C. 103 as being unpatentable over Bao et al. (US PGPUB. # US 2017/0171200, hereinafter “Bao”), and further in view of Paul Headley (US PGPUB. # US 2013/0047223, hereinafter “Headley”), and further in view of Pirrwitz et al. (US PGPUB. # US 2018/0048472, hereinafter “Pirrwitz”, priority based on foreign application “EP15157247.6”, filed on 03/02/2015), and further in view of Ravi Ganesan (US PGPUB. # US 2016/0050199, hereinafter “Ganesan”), and further in view of Mannopantar et al. (US PGPUB. # US 2018/0077571, hereinafter “Mannopantar”).

Referring to Claims 9 and 18:
Regarding Claim 9, rejection of Claim 8 is included and combination of Bao, Headley, Pirrwitz  and Ganesan does not teach explicitly,
The method of claim 8, further comprising: 
determining that the third party access code does not match the unique access code; 
upon determining that the third party access code does not match the unique access code, requesting that the individual provide a second third party access code; and 
receiving the second third party access code from the electronic computing device.
However, Mannopantar teaches,
The method of claim 8, further comprising: 
determining that the third party access code does not match the unique access code (Fig. 2(226), ¶32, “At step 226, a check is performed to determine if the authentication is a success, if not”, i.e. PIN (third party access code) does not match); 
upon determining that the third party access code does not match the unique access code, requesting that the individual provide a second third party access code (Fig. 2(226, 230), “At step 226, a check is performed to determine if the authentication is a success, if not, the user may be prompted to retry inputting the PIN at step 230”, i.e. user is prompted to retry indicates that requesting a second PIN (a second third party access code); and 
receiving the second third party access code from the electronic computing device (Fig. 2(230, 228), “the user may be prompted to retry inputting the PIN at step 230. At step 228, a success message may be returned to the user if the authentication is successful”, i.e. user is providing a second PIN indicates that the second PIN (the second third party access code) is received).
As per KSR vs Teleflex, combining prior art elements according to known methods (device, product) to yield predictable results may be used to create a prima facie case of obviousness.
It would have been obvious to one of ordinary skill in the art before the effective filing date to have combined the teachings of Mannopantar with the invention of Bao in view of Hadley, Pirrwitz and Ganesan.
Bao in view of Hadley, Pirrwitz and Ganesan teaches, a user device providing credential to a system to access services and a user device providing credential along with metadata to a system to access services and matching two OTPs to validate a user and retrieving an OTP from a third party system and manually providing to a website to access the resources and services. Mannopantar teaches, generating an alphanumeric PIN for an authentication and allowing user to reenter the PIN when the PIN doesn’t match. Therefore, it would have been obvious to have generating an alphanumeric PIN for an authentication and allowing user to reenter the PIN when the PIN doesn’t match of Mannopantar into the teachings of Bao in view of Hadley, Pirrwitz and Ganesan for user authentication utilizing a stronger non guessable generated PIN. KSR Int’l v. Teleflex Inc., 127 S. Ct. 1727, 1740-41, 82 USPQ2d 1385, 1396 (2007). 

Regarding Claim 18, rejection of Claim 17 is included and Claim 18 is rejected with the same rationale as applied against Claim 9 above.

Conclusion
The prior art made of record and not relied upon is considered pertinent to applicant's disclosure.  Refer to PTO-892, Notice of References Cited for a listing of analogous art.
Downey et al. (US PAT. # US 8,807,068) discloses, a method for verifying access to a network account are provided. A first user communication portal is associated with a user network account. A request to access the user network account is received from a second user communication portal. Security criteria related to the second user communication portal is determined. Access to the user network account is enabled upon receipt of a communication associated with the first user communication portal when the security criteria is of a predetermined value.
Pelegero et al. (US PGPUB. # US 2020/0351272) discloses, a method that operate to receiving an authentication request at a server associated with an authenticating entity from a requesting party responsive to a request being provided to the requesting party by a client terminal associated with an unauthenticated individual purporting to be an individual account owner previously authenticated with the authenticating entity. A token from the client terminal associated with the unauthenticated individual is received, and the token includes information associated with the unauthenticated individual and a user permission authorizing the authenticating entity to share a selected portion of the information with a plurality of selected requesting parties. The server associated with the authenticating entity authenticates the unauthenticated individual as the individual account owner based on, inter alia, matching the token to a pre-registered identity uniquely associated with the individual account owner.
Gandhi et al. (US PGPUB. # US 2018/0315105) discloses, receiving, at a first computing device associated with a social-networking system and from a second computing device, a first request to verify an identity of a user of the social-networking system; sending, by the first computing device and to a mobile device associated with the user, a second request for information about the user; receiving, at the first computing device and from the mobile device, the information about the user; determining, by the first computing device, a confidence score indicating a probability that the identity of the user is true based on the information about the user received from the mobile device and information available to the social-networking system; and sending, by the first computing device and to the second computing device, the confidence score.
Hall et al. (US PGPUB. # US 2021/0328988) discloses, online authentication of online attributes. One method includes receiving an authentication request from a rely party, the authentication request including identity information to be authenticated and credential information to be authenticated; determining whether a user account is associated with the received identity information by accessing an internal database; accessing user data of the user account determined to be associated with received identity information; determining authentication data to obtained from a user associated with the user account based on the user data of the user account and the credential information to be authenticated; transmitting a request for authentication data; receiving authentication data associated with the user; transmitting authentication data associated with the user; and receiving an authentication result from the verification data source server for the user associated with authentication data.
Any inquiry concerning this communication or earlier communications from the examiner should be directed to DARSHAN I DHRUV whose telephone number is (571)272-4316. The examiner can normally be reached M-F 9:00 AM-5:00 PM.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Yin-Chen Shaw can be reached on 571-272-8878. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. Visit https://www.uspto.gov/patents/apply/patent-center for more information about Patent Center and https://www.uspto.gov/patents/docx for information about filing in DOCX format. For additional questions, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.





/DARSHAN I DHRUV/          Primary Examiner, Art Unit 2498