Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .
The Application number 17/345,473 file on 9/23/2021 has been considered.  Claims 21-40 are pending.
Information Disclosure Statement
The information disclosure statement (IDS) submitted on 9/8/2021, 9/23/2021 and 6/27/2022 are being considered by the examiner.
Double Patenting
The nonstatutory double patenting rejection is based on a judicially created doctrine grounded in public policy (a policy reflected in the statute) so as to prevent the unjustified or improper timewise extension of the “right to exclude” granted by a patent and to prevent possible harassment by multiple assignees. A nonstatutory double patenting rejection is appropriate where the conflicting claims are not identical, but at least one examined application claim is not patentably distinct from the reference claim(s) because the examined application claim is either anticipated by, or would have been obvious over, the reference claim(s). See, e.g., In re Berg, 140 F.3d 1428, 46 USPQ2d 1226 (Fed. Cir. 1998); In re Goodman, 11 F.3d 1046, 29 USPQ2d 2010 (Fed. Cir. 1993); In re Longi, 759 F.2d 887, 225 USPQ 645 (Fed. Cir. 1985); In re Van Ornum, 686 F.2d 937, 214 USPQ 761 (CCPA 1982); In re Vogel, 422 F.2d 438, 164 USPQ 619 (CCPA 1970); In re Thorington, 418 F.2d 528, 163 USPQ 644 (CCPA 1969).
A timely filed terminal disclaimer in compliance with 37 CFR 1.321(c) or 1.321(d) may be used to overcome an actual or provisional rejection based on nonstatutory double patenting provided the reference application or patent either is shown to be commonly owned with the examined application, or claims an invention made as a result of activities undertaken within the scope of a joint research agreement. See MPEP § 717.02 for applications subject to examination under the first inventor to file provisions of the AIA  as explained in MPEP § 2159. See MPEP § 2146 et seq. for applications not subject to examination under the first inventor to file provisions of the AIA . A terminal disclaimer must be signed in compliance with 37 CFR 1.321(b). 
The USPTO Internet website contains terminal disclaimer forms which may be used. Please visit www.uspto.gov/patent/patents-forms. The filing date of the application in which the form is filed determines what form (e.g., PTO/SB/25, PTO/SB/26, PTO/AIA /25, or PTO/AIA /26) should be used. A web-based eTerminal Disclaimer may be filled out completely online using web-screens. An eTerminal Disclaimer that meets all requirements is auto-processed and approved immediately upon submission. For more information about eTerminal Disclaimers, refer to www.uspto.gov/patents/process/file/efs/guidance/eTD-info-I.jsp.
Claims 21-25, 27-30, 31-35 and 37-40 rejected on the ground of nonstatutory double patenting as being unpatentable over claims 1-3, 5, 7-15 and 17 of U.S. Patent No. 11,074,333. Although the claims at issue are not identical, they are not patentably distinct from each other because the limitations recited in claims 21-25, 27-30, 31-35 and 37-40 of the instant application are anticipated by the limitations recited in claims 1-3, 5, 7-15 and 17 of U.S. Patent No. 11,074,333.


Claim Rejections - 35 USC § 103
In the event the determination of the status of the application as subject to AIA  35 U.S.C. 102 and 103 (or as subject to pre-AIA  35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status.  
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.

Claims 21-27 and 31-37 are rejected under 35 U.S.C. 103 as being unpatentable over Landrock et al. (US 2018/0048474 hereinafter Landrock) in view of Maletsky et al. (US 2014/0281554 hereinafter Maletsky).
Regarding claim 21, Landrock discloses a method for authenticating a user or a transaction, the method comprising: 
capturing image data of a physical element using an imaging device of a user device, wherein the physical element is a form of credential possessed by the user and is issued by an authority entity (¶ [0087]-[0089], [0120]; i.e. capturing, using an imaging device, an image of transaction displayed on a separate computing device); 
extracting identification information about the user from the image data by processing the image data (¶ [0107], [0111]-[0113]; i.e. at least obtaining user identification information from the captured ID document to bind with the user imaging device); 
collecting, from the user device, multiple types of local data about a physical state of the user device or the imaging device (¶ [0093]-[0096], [0116]-[0119]; i.e. obtaining the information of the imaging device such as serial number of the imaging device, one-time password, a hash message authentication code or challenge request, or imaging device’s fingerprint information); 
generating nonce data (¶ 0093]; i.e. generating a cryptographic nonce) by combining the multiple types of local data; and 
authenticating, with aid of one or more processors, the user or the transaction based on (1) the identification information and (2) the nonce data, wherein the nonce data and identification data are compared with a previously collected nonce data and a previously collected identification data to determine a presence of a replay attack (¶ [0069]-[0071], [0093], [0099], [0103], [0107]; i.e. authenticating the captured transaction image by comparing the information of the imaging device, image information, nonce, authentication code, etc. to the user’s registration information).
Landrock discloses a cryptographic nonce; Landrock does not explicitly disclose said nonce is generated by combining the multiple types of local data.
However, Maletsky discloses generating a nonce by combining the multiple types of local data (¶ [0065]-[0066], [0182]-[0183]).
Therefore, it would have been obvious to one of ordinary skill in the art before effective filing date of the claimed invention to generate a nonce using the serial number of the imaging device taught by Landrock combined with Maletsky’s teaching of generating nonce in order to provide robust security that is tied to the characteristics of the device (Landrock, ¶ [0093]; Maletsky, ¶ [0065], [0182]).

Regarding claim 22, Landrock in view of Maletsky discloses the method of claim 21, wherein the physical element comprises a graphical code that encodes the identification information about the user (Landrock, ¶ [0113]).
Regarding claim 23, Landrock in view of Maletsky discloses the method of claim 21, wherein the physical element is a driver license, a passport or a document issued by the authority entity (Landrock, ¶ [0112]-[0113]).
Regarding claim 24, Landrock in view of Maletsky discloses the method of claim 21, wherein at least a portion of the local data is collected using one or more sensors onboard the user device (Maletsky, ¶ [0066], [0149]).
Regarding claim 25, Landrock in view of Maletsky discloses the method of claim 21, wherein the multiple types of local data about the physical state of the user device comprises data indicative of a physical state of a component of the user device (Maletsky, ¶ [0149], [0152], [0182]; i.e. state information, configuration parameters, etc.).
Regarding claim 26, Landrock in view of Maletsky discloses the method of claim 25, wherein the component is selected from the group consisting of an imaging device, a power supply unit, a processor, and a memory (Landrock, ¶ [0093]-[0096], [0116]-[0119]; Maletsky, ¶ [0061], [0149]).
Regarding claim 27, Landrock in view of Maletsky discloses the method of claim 21, wherein the multiple types of local data about the imaging device comprises data relating to one or more operational parameters of the imaging device at the time the image data is captured (Landrock, ¶ [0093], [0116]-[0119).
Regarding claim 31, Landrock discloses a system for performing authentication of a user or a transaction, the system comprising: 
a server in communication with a user device configured to permit a user to perform a transaction, wherein the server comprises: (i) a memory for storing a set of software instructions, and (ii) one or more processors configured to execute the set of software instructions to (FIG. 1, ¶ [0086]-[0089]; i.e. the image validation module or server): 
receive an image data of a physical element possessed by the user, wherein the image data is captured by an imaging device of the user device and wherein the physical element is issued by an authority entity (¶ [0086]-[0089], [0120]; i.e. the image validation module receiving from a user imaging device a captured image of transaction displayed on a separate computing device); 
extract identification information about the user from the image data by processing the image data (¶ [0107], [0111]-[0113]; i.e. at least obtaining user identification information from the captured ID document to bind with the user imaging device); 
receive multiple types of local data about a physical state of the user device or the imaging device (¶ [0093]-[0096], [0116]-[0119]; i.e. obtaining the information of the imaging device such as serial number of the imaging device, one-time password, a hash message authentication code or challenge request, or imaging device’s fingerprint information); 
generate nonce data (¶ 0093]; i.e. generating a cryptographic nonce) by combining the multiple types of local data; and 
authenticate the user or the transaction based on (1) the identification information and (2) the nonce data, wherein the nonce data and identification data are compared with a previously collected nonce data and a previously collected identification data to determine a presence of a replay attack (¶ [0069]-[0071], [0093], [0099], [0103], [0107]; i.e. authenticating the captured transaction image by comparing the information of the imaging device, image information, nonce, authentication code, etc. to the user’s registration information).
Landrock discloses a cryptographic nonce; Landrock does not explicitly disclose said nonce is generated by combining the multiple types of local data.
However, Maletsky discloses generating a nonce by combining the multiple types of local data (¶ [0065]-[0066], [0182]-[0183]).
Therefore, it would have been obvious to one of ordinary skill in the art before effective filing date of the claimed invention to generate a nonce using the serial number of the imaging device taught by Landrock combined with Maletsky’s teaching of generating nonce in order to provide robust security that is tied to the characteristics of the device (Landrock, ¶ [0093]; Maletsky, ¶ [0065], [0182]).
Regarding claim 32, Landrock in view of Maletsky discloses the system of claim 31, wherein the physical element comprises a graphical code that encodes the identification information about the user (Landrock, ¶ [0102], [0113]).
Regarding claim 33, Landrock in view of Maletsky discloses the system of claim 31, wherein the physical element is a driver license, a passport or a document issued by the authority entity (Landrock, ¶ [0113]).
Regarding claim 34, Landrock in view of Maletsky discloses the system of claim 31, wherein at least a portion of the local data is collected using one or more sensors onboard the user device (Maletsky, ¶ [0066], [0149]).
Regarding claim 35, Landrock in view of Maletsky discloses the system of claim 31 wherein the multiple types of local data about the physical state of the user device comprises data indicative of a physical state of a component of the user device (Maletsky, ¶ [0149], [0152], [0182]; i.e. state information, configuration parameters, etc.).
Regarding claim 36, Landrock in view of Maletsky discloses the system of claim 35, wherein the component is selected from the group consisting of an imaging device, a power supply unit, a processor, and a memory (Landrock, ¶ [0093]-[0096], [0116]-[0119]; Maletsky, ¶ [0061], [0149]).
Regarding claim 37, Landrock in view of Maletsky discloses the system of claim 31, wherein the multiple types of local data about the imaging device comprises data relating to one or more operational parameters of the imaging device at the time the image data is captured (Landrock, ¶ [0093], [0116]-[0119).
Claims 28-30 and 38-40 are rejected under 35 U.S.C. 103 as being unpatentable over Landrock et al. (US 2018/0048474 hereinafter Landrock) in view of Maletsky et al. (US 2014/0281554 hereinafter Maletsky) and further in view of Tankha (US 2016/0057248).
Regarding claim 28, Landrock in view of Maletsky discloses the method of claim 21.
Landrock in view of Maletsky does not explicitly disclose wherein the nonce data is encrypted such that the multiple types of local data are not accessible by the one or more processors.
However, Tankha discloses wherein the nonce data is encrypted such that the multiple types of local data are not accessible by the one or more processors (¶ [0090]; i.e. device fingerprint combined with nonce is encrypted).
Therefore, it would have been obvious to one of ordinary skill in the art before effective filing date of the claimed invention to incorporate Tankha’s teaching into Landrock in view of Maletsky in order to provide device-based authentication to reduce consumer friction during a transaction (Tankha, ¶ [0002]-[0007]).
Regarding claim 29, Landrock in view of Maletsky discloses the method of claim 21.
Landrock in view of Maletsky does not explicitly disclose wherein the multiple types of local data are weighted to generate the nonce data.
However, Tankha discloses wherein the multiple types of local data are weighted to generate the nonce data (¶ [0090]; i.e. establishing acceptable thresholds for the device identifiers or fingerprints based on the risk tolerance of the server computer or the payment processing network).
Therefore, it would have been obvious to one of ordinary skill in the art before effective filing date of the claimed invention to incorporate Tankha’s teaching into Landrock in view of Maletsky in order to provide device-based authentication to reduce consumer friction during a transaction (Tankha, ¶ [0002]-[0007]).

Regarding claim 30, Landrock in view of Maletsky and Tankha discloses the method of claim 29, wherein a weight assigned to a given type of local data is determined based on a variation of the given type of local data between different authentication events (Tankha, ¶ [0090]).
Regarding claim 38, see claim 28 above for the same reasons of rejections.
Regarding claim 39, see claim 29 above for the same reasons of rejections.
Regarding claim 40, see claim 30 above for the same reasons of rejections.
Conclusion
Any inquiry concerning this communication or earlier communications from the examiner should be directed to CHI D NGUY whose telephone number is (571)270-7311. The examiner can normally be reached Monday-Friday 9-5 PT.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Joseph P Hirl can be reached on (571)272-3685. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. Visit https://www.uspto.gov/patents/apply/patent-center for more information about Patent Center and https://www.uspto.gov/patents/docx for information about filing in DOCX format. For additional questions, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.





/C.D.N/Examiner, Art Unit 2435

/JOSEPH P HIRL/Supervisory Patent Examiner, Art Unit 2435