DETAILED ACTION
 	Claim 1-20 are pending. This is in response to a Continuation, filed on August 27, 2020, of the Trackone application 16/686431, filed on November 18, 2019, which is granted under Patent No. 10,790,967.

Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .

Double Patenting
The nonstatutory double patenting rejection is based on a judicially created doctrine grounded in public policy (a policy reflected in the statute) so as to prevent the unjustified or improper timewise extension of the “right to exclude” granted by a patent and to prevent possible harassment by multiple assignees. A nonstatutory double patenting rejection is appropriate where the conflicting claims are not identical, but at least one examined application claim is not patentably distinct from the reference claim(s) because the examined application claim is either anticipated by, or would have been obvious over, the reference claim(s). See, e.g., In re Berg, 140 F.3d 1428, 46 USPQ2d 1226 (Fed. Cir. 1998); In re Goodman, 11 F.3d 1046, 29 USPQ2d 2010 (Fed. Cir. 1993); In re Longi, 759 F.2d 887, 225 USPQ 645 (Fed. Cir. 1985); In re Van Ornum, 686 F.2d 937, 214 USPQ 761 (CCPA 1982); In re Vogel, 422 F.2d 438, 164 USPQ 619 (CCPA 1970); In re Thorington, 418 F.2d 528, 163 USPQ 644 (CCPA 1969).
A timely filed terminal disclaimer in compliance with 37 CFR 1.321(c) or 1.321(d) may be used to overcome an actual or provisional rejection based on nonstatutory double patenting provided the reference application or patent either is shown to be commonly owned with the examined application, or claims an invention made as a result of activities undertaken within the scope of a joint research agreement. See MPEP § 717.02 for applications subject to examination under the first inventor to file provisions of the AIA  as explained in MPEP § 2159. See MPEP § 2146 et seq. for applications not subject to examination under the first inventor to file provisions of the AIA . A terminal disclaimer must be signed in compliance with 37 CFR 1.321(b). 
The USPTO Internet website contains terminal disclaimer forms which may be used. Please visit www.uspto.gov/patent/patents-forms. The filing date of the application in which the form is filed determines what form (e.g., PTO/SB/25, PTO/SB/26, PTO/AIA /25, or PTO/AIA /26) should be used. A web-based eTerminal Disclaimer may be filled out completely online using web-screens. An eTerminal Disclaimer that meets all requirements is auto-processed and approved immediately upon submission. For more information about eTerminal Disclaimers, refer to www.uspto.gov/patents/process/file/efs/guidance/eTD-info-I.jsp.
Claim 1 is rejected on the ground of nonstatutory double patenting as being unpatentable over claim 1 of U.S. Patent No. 10,790,967. Although the claims at issue are not identical, they are not patentably distinct from each other because both claims recited similar features:
 	Claim 1						Claim 1 of Patent 10,790,967
      receiving, by a first device from a second device, a username, a first authentication string, and a second authentication string, wherein:
the first authentication string comprises a first hashed representation of the
username, a password, and a first salt; and the second authentication string comprises a second hashed representation of the username, the password, and a second salt;
    
     comparing the first authentication string to a previously registered authentication string to determine whether the first authentication string matches the previously registered
authentication string;


     verifying, based on a determination that the first authentication string matches the previously registered authentication string, the username and the first authentication string; and

     replacing, based on verification of the username and the first authentication string, the first authentication string with the second authentication string.
…receiving, by the first device from the second device, a username, a first authentication string, and a second authentication string, wherein: the first authentication string comprises a first hashed representation of the username, a password, and the first salt; and the second authentication string comprises a second hashed representation of the username, the password, and the second salt; 

   comparing, by the first device, the first authentication string to a previously registered authentication string associated with the username to determine whether the first authentication string matches the previously registered authentication string…

   verifying the username and the first authentication string; and based on verification of the username and the first authentication string, 

   replacing, by the first device, the first authentication string with the second authentication string


 	Claims 2-7 are rejected as being dependent to claim 1.
 Claim 8 is ejected on the ground of nonstatutory double patenting as being unpatentable over claim 12 of U.S. Patent No. 10,790,967. Although the claims at issue are not identical, they are not patentably distinct from each other because both claims recited similar features:
 	Claim 8					Claim 12 of Patent 10,790,967
   generating, by a second device, a first authentication string by applying a one-way hash function to a first salt, a use1name, and a password;

   generating a second authentication string by applying the one-way hash function to a second salt, the username, and the password;

   transmitting, to a first device via a secure communication channel, the username, the first authentication string, and the second authentication string; and


    receiving, from the first device and based on a determination that the first authentication string matches a previously registered authentication string, an indication that authentication
information has been updated.
    generating, by the second device, a first authentication string by applying a one-way hash function to the first salt, a username, and a password; 

   generating, by the second device, a second authentication string by applying the one-way hash function to the second salt, the username, and the password; 

    transmitting, by the second device to the first device over a secure communication channel, the username, the first authentication string, and the second authentication string… 

   receiving, by the second device from the first device and based on a determination that the first authentication string matches the previously registered authentication string, an indication that authentication information has been successfully updated.


 	Claims 9-13 are rejected as being dependent to claim 8.
Claim 14 is ejected on the ground of nonstatutory double patenting as being unpatentable over claim 20 of U.S. Patent No. 10,790,967. Although the claims at issue are not identical, they are not patentably distinct from each other because both claims recited similar features:
 	Claim 14					Claim 20 of Patent 10,790,967
   a server comprising: one or more first processors; and a first memory storing first instructions that, when executed by the one or more first processors, cause the server to:





   receive, from a user device, a username, a first authentication string, and a second authentication string; 
   compare the first authentication string to a previously registered authentication string associated with the username;
    verify, based on a determination that the first authentication string matches the previously registered authentication string, the username and the first authentication string; and 
   replace the first authentication string with the second authentication string; and 

    a user device comprising: one or more second processors; and a second memory storing second instructions that, when executed by the one or more second processors, cause the user device to: 

   generate the first authentication string by applying a one-way hash function to a first salt, the username, and a password; 
   
    generate the second authentication string by applying the one-way hash function to a second salt, the username, and the password; 
   transmit the username, the first authentication string, and the second authentication string; and 
   receive an indication that authentication information has been updated.
    a server comprising: one or more first processors; and a first memory storing instructions that, when executed by the one or more first processors, cause the server to: 
    generate a first salt and a second salt using a pseudorandom number generator; 
   transmit, to a user device, the first salt and the second salt; 
      receive, from the user device, a username, a first authentication string, and a second authentication string;    
     compare the first authentication string to a previously registered authentication string associated with the username; 
   verify, based on a determination that the first authentication string matches the previously registered authentication string, the username and the first authentication string; and 
    replace the first authentication string with the second authentication string; and 

    the user device comprising: one or more second processors; and a second memory storing instructions that, when executed by the one or more second processors, cause the user device to: 
    receive the first salt and the second salt; 
    generate the first authentication string by applying a one-way hash function to the first salt, the username, and a password; 
    generate the second authentication string by applying the one-way hash function to the second salt, the username, and the password; 
    transmit the username, the first authentication string, and the second authentication string; and 
   receive an indication that authentication information has been successfully updated.


 	Claims 15-20 are rejected as being dependent to claim 20.
This is a provisional nonstatutory double patenting rejection because the patentably indistinct claims have not in fact been patented.
This is an anticipatory rejection.

Examiner Note
 	There is no art rejection since claims 1, 8 and 14 recite same allowed features as in Patent 10,790,967.

Relevant Art
 	Pub 20200036527 discloses using a seed value and password to generate new key for authentication (par. [0035]).
	Pub 20150172272 discloses using two salt values for authentication (Figs. 31-33 and related paragraphs) but not as claimed using two salt values for replacing previous authentication value.

Inquiry communication
Any inquiry concerning this communication or earlier communications from the examiner should be directed to TRI M TRAN whose telephone number is (571)270-1994. The examiner can normally be reached Mon-Fri: 9am-5pm.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Jeffrey Nickerson can be reached on (469)295-9235. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. Visit https://www.uspto.gov/patents/apply/patent-center for more information about Patent Center and https://www.uspto.gov/patents/docx for information about filing in DOCX format. For additional questions, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.





/TRI M TRAN/Primary Examiner, Art Unit 2432