Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .

DETAILED ACTION
Continued Examination Under 37 CFR 1.114
A request for continued examination under 37 CFR 1.114, including the fee set forth in 37 CFR 1.17(e), was filed in this application after final rejection.  Since this application is eligible for continued examination under 37 CFR 1.114, and the fee set forth in 37 CFR 1.17(e) has been timely paid, the finality of the previous Office action has been withdrawn pursuant to 37 CFR 1.114.  Applicant’s submission filed on 09/08/2022 has been entered.
This Office Action is in response to the communication and claim 09/08/2022. Claims 1, 2, 3, 4, and 7- 0 have been amended; claims 1, 9, and 16 are independent claims.  Claims 1-20 have been examined and are pending. This Action is made Non-FINAL. 
Response to Arguments
Applicants’ arguments in the instant amendment, filed on 09/08/2022, with respect to claim interpretation.
a. Applicants argue:  Applicant respectfully disagrees and traverses this incorrect interpretation. Moreover, the examiner appears to believe the structure needs to be recited in the claim and “authentication” is not sufficient structure. See Office Action at 3. This is incorrect, as under prong “C,” the specification can provide “a description sufficient to inform one of ordinary skill in the art that the term denotes structure.” Here, there is sufficient structure presented in the specification in which the invocation of 35 U.S.C 112 (f) pre-AIA  35 U.S.C. 112, six paragraph is improper. Specifically, FIG. 16 of the specification along with paragraph 0026, 0033, 0036, 0123- 0126 illustrate the structure of an authentication device. At least these portions of the specification provide a description sufficient to inform one of ordinary skill in the art that the term denotes structure (Remarks/Arguments, pages 9-10, filed 09/08/2022).
The Examiner disagrees with the Applicants. The Examiner respectfully disagrees with the Applicants.  As the claim limitation meets the 3-prong analysis, the claim limitation is interpreted under 35 USC 112(f) (See MPEP 2181.I for details).  Following is 3-prong analysis: 
- The claim limitation uses a term as a substitute for “means” that is a generic place holder (i.e., “continuous multi authentication device” is a generic place holder).
- The generic place holder is modified by functional language (i.e., “receive/send” is a functional language).
- The generic place holder is not modified by sufficient structure, material, or acts for performing the claimed function (i.e., the term “receive/send” is preceded by the term “continuous multi authentication device” However, said “continuous multi authentication” term is not a sufficient structure, material). 

As the claim limitation meets the 3-prong analysis, the claim limitation is interpreted under 35 USC 112(f); otherwise, claim 1 would have been rejected under 35 USC 112(b) as being indefinite and 112(a) as failing to provide written description for the claimed means-plus functions would have been also applied.    
Applicants’ arguments in the instant amendment, filed on 09/08/2022, with respect to limitations listed below, have been fully considered but they are not persuasive.
a. Applicants argue:  the prior arts do not teach independent claim 1 (Applicant Remarks/Arguments, pages 12-13, filed 09/08/2022)
        The Examiner disagrees with the Applicants. The Examiner respectfully submits that Parikh does disclose a portion of claim 1 as the following:
Parikh discloses an identification credential generated from at least a unique code and personal identifying information of a user,” (Parikh: par. 0024, The identity credentials comprise a unique identifier (e.g., a username, an email address, a mobile number, and the like), and a secured code (e.g., a password, a symmetric encryption key, biometric values, a passphrase, and the like).
Applicants’ arguments with respect to claims 1-20 have been fully considered but are moot in view of the new ground(s) of rejection.


Claim Interpretation
The following is a quotation of 35 U.S.C. 112(f):
(f) Element in Claim for a Combination. – An element in a claim for a combination may be expressed as a means or step for performing a specified function without the recital of structure, material, or acts in support thereof, and such claim shall be construed to cover the corresponding structure, material, or acts described in the specification and equivalents thereof. 


The following is a quotation of pre-AIA  35 U.S.C. 112, sixth paragraph:
An element in a claim for a combination may be expressed as a means or step for performing a specified function without the recital of structure, material, or acts in support thereof, and such claim shall be construed to cover the corresponding structure, material, or acts described in the specification and equivalents thereof.


This application includes one or more claim limitations that do not use the word “means,” but are nonetheless being interpreted under 35 U.S.C. 112(f) or pre-AIA  35 U.S.C. 112, sixth paragraph, because the claim limitation(s) uses a generic placeholder that is coupled with functional language without reciting sufficient structure to perform the recited function and the generic placeholder is not preceded by a structural modifier.  Such claim limitation(s) is/are: continuous multifactor authentication device configured to receive/send recited in claim 1.  Because this/these claim limitation(s) is/are being interpreted under 35 U.S.C. 112(f) or pre-AIA  35 U.S.C. 112, sixth paragraph, it/they is/are being interpreted to cover the corresponding structure described in the specification as performing the claimed function, and equivalents thereof.
If applicant does not intend to have this/these limitation(s) interpreted under 35 U.S.C. 112(f) or pre-AIA  35 U.S.C. 112, sixth paragraph, applicant may:  (1) amend the claim limitation(s) to avoid it/them being interpreted under 35 U.S.C. 112(f) or pre-AIA  35 U.S.C. 112, sixth paragraph (e.g., by reciting sufficient structure to perform the claimed function); or (2) present a sufficient showing that the claim limitation(s) recite(s) sufficient structure to perform the claimed function so as to avoid it/them being interpreted under 35 U.S.C. 112(f) or pre-AIA  35 U.S.C. 112, sixth paragraph.
The claims in this application are given their broadest reasonable interpretation using the plain meaning of the claim language in light of the specification as it would be understood by one of ordinary skill in the art.  The broadest reasonable interpretation of a claim element (also commonly referred to as a claim limitation) is limited by the description in the specification when 35 U.S.C. 112(f) or pre-AIA  35 U.S.C. 112, sixth paragraph, is invoked. 
As explained in MPEP § 2181, subsection I, claim limitations that meet the following three-prong test will be interpreted under 35 U.S.C. 112(f) or pre-AIA  35 U.S.C. 112, sixth paragraph:
(A)	the claim limitation uses the term “means” or “step” or a term used as a substitute for “means” that is a generic placeholder (also called a nonce term or a non-structural term having no specific structural meaning) for performing the claimed function; 
(B)	the term “means” or “step” or the generic placeholder is modified by functional language, typically, but not always linked by the transition word “for” (e.g., “means for”) or another linking word or phrase, such as “configured to” or “so that”; and 
(C)	the term “means” or “step” or the generic placeholder is not modified by sufficient structure, material, or acts for performing the claimed function. 
Use of the word “means” (or “step”) in a claim with functional language creates a rebuttable presumption that the claim limitation is to be treated in accordance with 35 U.S.C. 112(f) or pre-AIA  35 U.S.C. 112, sixth paragraph. The presumption that the claim limitation is interpreted under 35 U.S.C. 112(f) or pre-AIA  35 U.S.C. 112, sixth paragraph, is rebutted when the claim limitation recites sufficient structure, material, or acts to entirely perform the recited function. 
Absence of the word “means” (or “step”) in a claim creates a rebuttable presumption that the claim limitation is not to be treated in accordance with 35 U.S.C. 112(f) or pre-AIA  35 U.S.C. 112, sixth paragraph. The presumption that the claim limitation is not interpreted under 35 U.S.C. 112(f) or pre-AIA  35 U.S.C. 112, sixth paragraph, is rebutted when the claim limitation recites function without reciting sufficient structure, material or acts to entirely perform the recited function. 
Claim limitations in this application that use the word “means” (or “step”) are being interpreted under 35 U.S.C. 112(f) or pre-AIA  35 U.S.C. 112, sixth paragraph, except as otherwise indicated in an Office action. Conversely, claim limitations in this application that do not use the word “means” (or “step”) are not being interpreted under 35 U.S.C. 112(f) or pre-AIA  35 U.S.C. 112, sixth paragraph, except as otherwise indicated in an Office action.

Claim Rejections - 35 USC § 103
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.
Claims 1-5, 7-14, and 16-19 are rejected under 35 U.S.C. 103 as being unpatentable over Zhao et al. (“Zhao,” US 2020/0008057, published Jan. 2, 2020) in view (“Parikh,” US 2018/0211318, published Jul. 26, 2018), further in view of Sloan et al. (“Sloan,” US 2015/0341438, published Nov. 26, 2015).
Regarding claim 1, Zhao teaches a system comprising: 
an authentication provider configured to generate and send a random number to an access device used by a user (Zhao: fig. 4, par. 0110, Step 204, The Server sends pairing information (a first random number) to the first device); and 
a continuous multifactor authentication device (Zhao: fig. 9, second device [i.e. a continuous multifactor authentication device) configured to:
receive a unique code generated from the random number, at the access device (Zhao: fig. 9, step 204a: The first device generates a second random number, and determines first authentication information based on a first random number and the second random number, par. 0133; fig. 9, step 204b: The first device sends the second device the second random number and the first authentication information to the second device; par. 0136), and 
send to the authentication provider an identification credential generated at the continuous multifactor authentication device (Zhao: fig. 10, Step 200b: A second device send device information of the second device to the Server; par. 0146), 
wherein the authentication provider is further configured to receive the identification credential from the continuous multifactor authentication device (Zhao: fig. 10, Step 200b: A second device send device information of the second device to the Server; par. 0146) and in response to receiving the identification credential, bind the continuous multifactor authentication device to the access device (Zhao: fig. 10, par. 0129, Step 206: The first device performs pairing with the second device based on the pairing information, to implement a wireless connection between the first device and the second device.),
Zhao discloses send to the authentication provider an identification credential generated at the continuous multifactor authentication device but not explicitly disclose “from at least the unique, and personal identifying information of the user”
However, in an analogous art, Parikh discloses an identification credential generated from at least a unique code and personal identifying information of a user (Parikh: par. 0024, The identity credentials comprise a unique identifier (e.g., a username, an email address, a mobile number, and the like, and a secured code (e.g., a password, a symmetric encryption key, biometric values, a passphrase, and the like).
Therefore, it would have been obvious to one of ordinary skill in the art the effective filing date of the claimed invention to combine the teachings of Parikh with the method and system of Zhao include an identification credential generated from at least a unique code and personal identifying information of a user. One would have been motivated to enables users to perform trading of the assets through the trade facilitating platform. Allows the owners and investors to deposit amount to the registered account and the escrow account to purchase the digital currencies and exchange the digital currencies (Parikh: abstract, par. 0007). 
Zhao discloses wherein the authentication provider is further configured to receive the identification credential from the continuous multifactor authentication device  and in response to receiving the identification credential, bind the continuous multifactor authentication device to the access device but does not explicitly disclose wherein the binding is subject to a time period.
However, in an analogous art, Sloan discloses the binding is subject to a time period between two devices (Sloan: par. 0057, Reader devices 120 may be permitted to join communication with sensor control device 102 at any time during the life of sensor control device 102. In certain embodiments though, reader devices 120 may only be permitted to join communication with a sensor control device 102 during a predetermined time period after sensor control device 102 is initially activated (e.g., a time significantly shorter than the operating life).
Therefore, it would have been obvious to one of ordinary skill in the art the effective filing date of the claimed invention to combine the teachings of Sloan with method and system of Zhao and Parikh to include “wherein the binding is subject to a time period.”  One would have been motivated to permit joining within this predetermined time period increases the likelihood that the pairing is authorized and protects against “snooping.” Use of the predetermined time period can also ensure that the joining reader device 120 is paired early in the operating life of the sensor control device 102 so that the joining reader device 120 will have a more accurate estimate of the activation time of device 102 (Sloan: par. 0057).
Regarding to the limitation “wherein the continuous multifactor authentication device knows the personal identifying information of the user and the access device and authentication provider do not know the personal identifying information of the user.”
The combination of Zhao, Parikh, and Sloan discloses an identification credential generated from at least the unique code and personal identifying information of a user, from the authentication device and send only the identification credential to the authentication provider. Therefore, the combination of Zhao, Parikh, and Sloan discloses wherein the authentication device knows the personal identifying information of the user and the access device and authentication provider do not know the personal identifying information of the user (Zhao: fig. 10, Step 200b: par. 0146; Parikh, par. 0024, biometric values).
Regarding claim 2, the combination of Zhao, Parikh, and Sloan teaches the system of claim 1.  The combination of Zhao, Parikh, and Sloan teaches further discloses, wherein the unique code from the access device and the identification credential from the continuous multifactor authentication device both include a respective location coordinate indicating a location of each of the respective devices (Zhao: par. 0007, Bluetooth pairing between the first device and the second device, and performing, by the first device, pairing with the second device based on the pairing information, to implement a wireless connection between the first device and the second device).
Regarding claim 3, the combination of Zhao, Parikh, and Sloan teaches the system of claim 1. The combination of Zhao, Parikh, and Sloan further discloses, wherein the continuous multifactor authentication device received the unique code from the access device over a distance constrained communication channel selected from one of. ultrasound communication between the access device and the continuous multifactor authentication device, Bluetooth communication between the access device and the continuous multifactor authentication device (Zhao: par. 0007, Bluetooth pairing between the first device and the second device, and performing, by the first device, pairing with the second device based on the pairing information, to implement a wireless connection between the first device and the second device), nearfield communication (NFC) between the access device and the continuous multifactor authentication device, and pass-through communication via a router to which both the access device and the continuous multifactor authentication device are directly connected.
Regarding claim 4, the combination of Zhao, Parikh, and Sloan teaches the system of claim 1.  The combination of Zhao, Parikh, and Sloan further teaches wherein the authentication provider is further configured to receive the identification credential from the continuous multifactor authentication device (Zhao: fig. 10, Step 200b: A second device send device information of the second device to the Server; par. 0146), and to send a communication to the access device to unlock itself for access by a user of the continuous multifactor authentication device (Zhao: fig. 10, step 201: The first device obtains from the Server, the device information corresponding to the first account that is logged in to on the first device).
Regarding claim 5, the combination of Zhao, Parikh, and Sloan teaches the system of claim 4.  The combination of Zhao, Parikh, and Sloan further discloses wherein the identification credential includes fragments of biometric data and the unique code (Parikh: par. 0024, The identity credentials comprise a unique identifier (e.g., a username, an email address, a mobile number, and the like), and a secured code (e.g., a password, a symmetric encryption key, biometric values, a passphrase, and the like).
Regarding claim 7, the combination of Zhao, Parikh, and Sloan teaches the system of claim 1. The combination of Zhao, Parikh, and Sloan further discloses, wherein the authentication provider is further configured to receive a request to initiate a session with a service provider from the access device (Zhao: fig. 4, Step 203: The first device sends a pairing request to the server, where the pairing request includes identification information of the second device; par. 0101), and to request the identification credential from the continuous multifactor authentication device bound to the access device (Zhao: fig. 4, Step 203: The first device sends a pairing request to the server, where the pairing request includes identification information of the second device; par. 0101), where the identification credential is specific to the service provider, and to receive the identification credential for the service provider from the continuous multifactor authentication device that confirms an identity of the user of the continuous multifactor authentication device (Zhao: fig. 4, Step 203: The first device sends a pairing request to the server, where the pairing request includes identification information of the second device; par. 0101).
Regarding claim 8, the combination of Zhao, Parikh, and Sloan teaches the system of claim 7. The combination of Zhao, Parikh, and Sloan further discloses, wherein authentication of the identity of the user by the continuous multifactor authentication device to access the service provider using the access device is dependent on the access device and the continuous multifactor authentication device being physically proximate (Zhao: par. 0113, the second device has a Bluetooth function. When receiving the first random number, the second device may automatically enable the Bluetooth function, and set an attribute of the second device to a state in which the second device can be detected by another device. Then, the first device may send a wireless physical connection (for example, a Bluetooth physical connection) request to the second device, or the second device sends a wireless physical connection request to the first device after determining that the to-be-connected device is the first device.), which is accepted to be true while the binding of the continuous multifactor authentication device to the access device remains valid (Zhao: pars. 0129, 0113, the second device has a Bluetooth function. When receiving the first random number, the second device may automatically enable the Bluetooth function, and set an attribute of the second device to a state in which the second device can be detected by another device. Then, the first device may send a wireless physical connection (for example, a Bluetooth physical connection) request to the second device, or the second device sends a wireless physical connection request to the first device after determining that the to-be-connected device is the first device.).
Regarding claim 9, claim 9 is directed to a non-transitory computer readable medium comprising instructions stored thereon, the instructions effective to cause at least one processor associated with the method claimed in claim 1; claim 9 is similar in scope to claim 1, and is therefore rejected under similar rationale.
Regarding claim 10, claim 10 is similar in scope to claim 3, and is therefore rejected under similar rationale.
Regarding claim 11, the combination of Zhao, Parikh, and Sloan teaches the non-transitory computer readable medium of claim 9.  The combination of Zhao, Parikh, and Sloan further teaches, wherein the instructions are further effective to cause at least one processor to: 
receive a request to initiate a session with a service provider from the access device (Zhao: fig. 4, Step 203: The first device sends a pairing request to the server, where the pairing request includes identification information of the second device; par. 0101); 
receive the identification credential from the continuous multifactor authentication device that confirms the user identity of a user of the continuous multifactor authentication device (Zhao: fig. 4, Step 203: The first device sends a pairing request to the server, where the pairing request includes identification information of the second device; par. 0101), and
 receive confirmation from the continuous multifactor authentication device that the continuous multifactor authentication device is proximate to the access device (Zhao: fig. 4, Step 203: The first device sends a pairing request to the server, where the pairing request includes identification information of the second device; par. 0101).
Regarding claim 12, the combination of Zhao, Parikh, and Sloan teaches the non-transitory computer readable medium of claim 9.  The combination of Zhao, Parikh, and Sloan further teaches , wherein the continuous multifactor authentication device is used to log into the access device (Zhao: fig. 10, step 201), whereby proximity of the continuous multifactor authentication device to the access device is confirmed (Zhao: par. 0007, Bluetooth pairing between the first device and the second device, and performing, by the first device, pairing with the second device based on the pairing information, to implement a wireless connection between the first device and the second device).
Regarding claim 13, the combination of Zhao, Parikh, and Sloan teaches the non-transitory computer readable medium of claim 12. The combination of Zhao, Parikh, and Sloan further teaches, wherein the continuous multifactor authentication device sends the identification credential to log into the access device (Zhao: fig. 10, Step 200b: A second device send device information of the second device to the Server; par. 0146; fig. 10, step 201), wherein the identification credential includes fragments of biometric data and the unique code (Parikh: par. 0024, The identity credentials comprise a unique identifier (e.g., a username, an email address, a mobile number, and the like), and a secured code (e.g., a password, a symmetric encryption key, biometric values, a passphrase, and the like).
Regarding claim 14, claim 14 is similar in scope to claim 2, and is therefore rejected under similar rationale.
Regarding claim 16, claim 16 is directed to a method for binding an access device to an authentication device associated with the method claimed in claim 1; claim 16 is similar in scope to claim 1, and is therefore rejected under similar rationale.
Regarding claim 17, claim 17 is similar in scope to claim 3, and is therefore rejected under similar rationale.
Regarding claim 18, claim 18 is similar in scope to claim 11, and is therefore rejected under similar rationale.
Regarding claim 19, claim 19 is similar in scope to claim 12, and is therefore rejected under similar rationale.
Claim 6 is rejected under 35 U.S.C. 103 as being unpatentable over Zhao et al. (“Zhao,” US 2020/0008057, published Jan. 2, 2020) in view (“Parikh,” US 2018/0211318, published Jul. 26, 2018), further in view of Sloan et al. (“Sloan,” US 2015/0341438, published Nov. 26, 2015), and Ranadive et al. (“Ranadive,” US 2015/0363581, published Dec. 17, 2015)
Regarding claim 6, the combination of Zhao, Parikh, and Sloan teaches the system of claim 4.  Zhao, Parikh, and Sloan do not explicitly disclose, wherein the authentication provider determines a period of time has elapsed in which the access device has remained unlocked and in response to determining the period of time has elapsed, request the access device to provide the identification credential again.
However, in an analogous art, Ranadive teaches wherein the authentication provider determines a period of time has elapsed in which the access device has remained unlocked and in response to determining the period of time has elapsed, request the access device to provide the identification credential again (Ranadive: par. 0098, in response to the period of time elapsing, the payment provider server may cease to silently authenticate the user and request that the user enter his/her user credentials.). 
Therefore, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to combine the teaching of Ranadive with the method and system of Zhao, Parikh, and Sloan to include wherein the authentication provider determines a period of time has elapsed in which the access device has remained unlocked and in response to determining the period of time has elapsed, request the access device to provide the identification credential again. One would have been motivated to provide the transactions are made easier and safer for the parties involved by payment service providers (Ranadive: par. 0005).
Claims 15 and 20 are rejected under 35 U.S.C. 103 as being unpatentable over Zhao et al. (“Zhao,” US 2020/0008057, published Jan. 2, 2020) in view (“Parikh,” US 2018/0211318, published Jul. 26, 2018), further in view of Sloan et al. (“Sloan,” US 2015/0341438, published Nov. 26, 2015), and Itoh (‘Itoh,” US 2017/0357792, published Dec. 14, 2017)
Regarding claim 15, the combination of Zhao, Parikh, and Sloan teaches the non-transitory computer readable medium of claim 9.  The combination of Zhao, Parikh, and Sloan discloses binding the authentication device to the access device but do not explicitly disclose “require the access device to be rebound to the continuous multifactor authentication device after a period of time has elapsed”
However, in an analogous art, Itoh discloses wherein requiring to rebind two devices after a period of time has elapsed (Ioth: par. 0023, the method 100 may include a set time period (i.e., 24 hours, 2 weeks, etc.), upon which the device may automatically require re-linking).
Therefore, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to combine the teaching of Ioth with the method and system of Zhao, Parikh, and Sloan to include “wherein requiring the access device to be rebound to the continuous multifactor authentication device after a period of time has elapsed.” One would have been motivated to link a login device with a restricted access environment according to a linking process, and logging into the restricted access environment via the login device according to a login process, and thus ensures simple and reliable logging of the user into a restricted access environment (Itoh: abstract; par. 0007).
Regarding claim 20, claim 20 is similar in scope to claim 15, and is therefore rejected under similar rationale.


Conclusion
Any inquiry concerning this communication or earlier communications from the examiner should be directed to Canh Le whose telephone number is 571-270-1380. The examiner can normally be reached on Monday to Friday 6:00AM to 3:30PM other Friday off.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Luu Pham can be reached on 571-270-5002.  The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300. 
Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system.  Status information for published applications may be obtained from either Private PAIR or Public PAIR.  Status information for unpublished applications is available through Private PAIR only.  For more information about the PAIR system, see http://pair-direct.uspto.gov. Should you have questions on access to the Private PAIR system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative or access to the automated information system, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.

/Canh Le/
Examiner, Art Unit 2439
October 30th 2022


/LUU T PHAM/Supervisory Patent Examiner, Art Unit 2439