Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .

DETAILED ACTION
Continued Examination Under 37 CFR 1.114

1.       A request for continued examination under 37 CFR 1.114, including the fee set forth in 37 CFR 1.17(e), was filed in this application after final rejection.  Since this application is eligible for continued examination under 37 CFR 1.114, and the fee set forth in 37 CFR 1.17(e) has been timely paid, the finality of the previous Office action has been withdrawn pursuant to 37 CFR 1.114.  
Applicant's submission filed on 8-30-2022 has been entered.

2.        Claims 1 - 17 are pending.  Claims 1, 4, 8 have been amended.   Claim 1 is independent.   This application was filed on 12-7-2018.  

Response to Arguments

3.    Applicant's arguments have been fully considered, however upon further consideration of the prior art and the claimed limitation, they were not persuasive.

A.  Applicant argues on page 7 of Remarks:    ...   this passage clearly teaches that the step of comparing the one-time-passwords (OTPs) 134a and 134b is not performed by trusted server 102.

    The Examiner respectfully disagrees.  Paczkowski discloses the server performs the comparison of an input code and a baseline code. (see Paczkowski col 10, lines 44-54: one-time password (received code) is compared with one time password (received code); responsive to associated access code (i.e. via a comparison operation) having been verified and the one-time passwords from the user equipment and trusted server respectively matching access associated with access code is granted (i.e. authentication validated); col 8, line 59 - col 9, line 10: transmit to trusted server the access code and one-time-password read and/or received from the user equipment; trusted server compares pair of one-time-password and access code received with stored pair(s) of one-time-password(s) and access code(s) in order to determine whether or not one-time-password is valid; trusted server compares located one-time-password in the record with one-time-password received; when records match one-time-password received, one-time-password which originates from user equipment is determined by trusted server to be valid) 

    Paczkowski discloses the generation of an OTP password from an access code.  And, Paczkowski discloses the generation of an OTP password from time-synchronization parameters.  (see Paczkowski col 10, lines 24-26: generated one-time password transmitted to trusted server through an encrypted channel; col 6, lines 37-40: one-time password generated by code generator based on time-synchronization between trusted server and user equipment)  
    In addition, Hong in an obviousness rejection discloses an OTP password generated from a combination of parameter “T” which is a variable of time (i.e. a synchronization type parameter) and a secret key (i.e. analogous to a personal access code).  (see Hong paragraph [0038], lines 4-6: OTP password obtained by a combination of T which is a variable of time (synchronization parameter) and a secret key (personal access code); (combination of two parameters utilized to generate OTP password); paragraph [0032], lines 1-9: TOTP password obtained by a combination of T parameter (i.e. variable of time parameter, analogous to a sync parameter) and a secret key; (combination of two parameters which are utilized to generate an OTP password))    

B.  Applicant argues on page 8 of Remarks:    ...   Paczkowski fails to disclose a server comparing a temporary code with a code calculated by the server.

    The Examiner respectfully disagrees.  Paczkowski discloses the server performs the comparison of a code associated with a user and a baseline code. (see Paczkowski col 10, lines 44-54: one-time password (received code) is compared with one time password (received code); responsive to associated access code (i.e. via a comparison operation) having been verified and the one-time passwords from the user equipment and trusted server respectively matching access associated with access code is granted (i.e. authentication validated); col 8, line 59 - col 9, line 10: transmit to trusted server the access code and one-time-password read and/or received from the user equipment; trusted server compares pair of one-time-password and access code received with stored pair(s) of one-time-password(s) and access code(s) in order to determine whether or not one-time-password is valid; trusted server compares located one-time-password in the record with one-time-password received; when records match one-time-password received, one-time-password which originates from user equipment is determined by trusted server to be valid)
    And, Paczkowski discloses a code input by a user for utilization within an authentication process. (see Paczkowski col 8, lines 6-12: one-time password used upon receipt of a particular inputted code; a code that is input by the owner and/or user of the user equipment; code may be a personal identification number (PIN) of user equipment (code input by user)

C.  Applicant argues on page 8 of Remarks:    ...   the computer unit detecting that the temporary code has been inputted in the computer unit by the user   ...   . 

    The Examiner respectfully disagrees.  Paczkowski discloses a code input by a user for utilization within an authentication process. (see Paczkowski col 8, lines 6-12: one-time password used upon receipt (detection) of a particular inputted code; a code that is input by the owner and/or user of the user equipment; code may be a personal identification number (PIN) of user equipment (code input by user)) 

D.  Applicant argues on page 8 of Remarks:    ...   Paczkowski teaches a skilled person away from providing by the terminal the temporary code to the user.

    The Examiner respectfully disagrees. Paczkowski does not discourage providing a user with a code that is to be utilized for an authentication process, (display of access code on user equipment).  Applicant is reminded that “the prior art’s mere disclosure of more than one alternative does not constitute a teaching away from any of these alternatives because such disclosure does not criticize, discredit, or otherwise discourage the solution claimed….” In re Fulton, 391 F.3d 1195, 1201, 73 USPQ2d 1141, 1146 (Fed. Cir. 2004)

E.  Applicant argues on page 8 of Remarks:    ...   dependent claims    ...   are also allowable based at least on their dependency from allowable proposed independent claim 1.

            Responses to arguments against the independent claims also answer arguments against the associated dependent claims.           

Claim Objections
	
4.        Claims 8, 10, 11, 15, 16 are objected to because of the following informalities:  
       Claims 8, 10, 11, 15, 16 are designated as “Currently Amended”.   Claims 8, 10, 11, 15, 16 do not appear to have amendments.  The Examiner is interpreting Claims 8, 10, 11, 15, 16 utilizing the stated claim language within the current application amendments.   

Claim Rejections - 35 USC § 103  

5.        The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.

6.        Claims 1 - 17 are rejected under 35 U.S.C. 103 as being unpatentable over Paczkowski et al. (US Patent No. 9,779,232) in view of Hong et al. (US PGPUB No. 20170078278).     	

Regarding Claim 1, Paczkowski discloses a method of securing a transaction carried out by a user having a computer unit connected to a computer server via a first network, the user having a telecommunications terminal arranged to access a second network, the method comprising a prior step of storing in the terminal a synchronization parameter that is shared with the server and that varies in synchronized manner both in the terminal and in the server (see Paczkowski col 3, line 50-53: trusted server stores one-time-passwords with associated access codes (i.e. synchronization parameters, parameters matched between terminal and server), on the trusted server itself or in a data store), and in that, when the terminal cannot be connected to the second network, the method enters into an alternative authentication stage (see Paczkowski col 6, line 66 - col 7, line 20: plurality of one-time password generated at the same time and used at different times; one of two one-time passwords used at a first time (i.e. first authentication stage) and second of two passwords used at a second time (i.e. second authentication stage, alternative authentication); (time parameter increases at each authentication stage; usage of first and second one-time passwords); (first authentication process completed, second authentication process with different parameters)) comprising the steps of:
Furthermore, Paczkowski discloses the following: 
-    the computer unit detecting that the temporary code has been inputted in the computer unit by the user, and forwarding to the server the inputted temporary code; (see Paczkowski col 8, lines 6-12: one-time password used upon receipt of a particular inputted code; a code that is input by the owner and/or user of the user equipment; code may be a personal identification number (PIN) of user equipment (code input by user); col 10, lines 24-26: generated one-time password transmitted to trusted server through an encrypted channel; col 6, lines 37-40: one-time password generated by code generator based on time-synchronization between trusted server and user equipment)    
-    the server comparing the inputted code with a code calculated by the server on the basis of the synchronization parameter, a verifier corresponding to the user's personal code, authentication being validated if the calculated code corresponds to the inputted code. (see Paczkowski col 10, lines 44-54: one-time password (received code) is compared with one time password (received code); responsive to associated access code (i.e. via a comparison operation) having been verified and the one-time passwords from the user equipment and trusted server respectively matching access associated with access code is granted (i.e. authentication validated); col 8, line 59 - col 9, line 10: transmit to trusted server the access code and one-time-password read and/or received from the user equipment; trusted server compares pair of one-time-password and access code received with stored pair(s) of one-time-password(s) and access code(s) in order to determine whether or not one-time-password is valid; trusted server compares located one-time-password in record with one-time-password received; when records match one-time-password received, one-time-password which originates from user equipment is determined by trusted server to be valid) 

Furthermore, Paczkowski discloses wherein providing the temporary code to the user.  (see Paczkowski col 8, lines 6-12: one-time password used upon receipt of a particular inputted code; a code that is input by the owner and/or user of the user equipment; code may be a personal identification number (PIN) of user equipment (code input by user))
   
Although Paczkowski discloses a code calculated by a synchronization parameter or a user access code, Paczkowski does not specifically disclose a code calculated by a terminal on the basis of the aggregate of a synchronization parameter and of a personal code of a user, and a code calculated by a server on the basis of a synchronization parameter and of a verifier corresponding to a user's personal code.  
However, Hong discloses the following: 
the terminal calculating a temporary code on the basis of the synchronization parameter and of a personal code of the user; (see Hong paragraph [0038], lines 1-9: OTP password obtained (i.e. generated, calculated) by a combination of T which is a variable of time (synchronization parameter, time parameter) and a secret key (analogous to a personal access code); (combination of two parameters utilized to generate an OTP password)) and 
-    a code calculated by the server on the basis of the synchronization parameter and of a verifier corresponding to the user's personal code. (see Hong paragraph [0038], lines 1-9: OTP password obtained (i.e. generated, calculated) by a combination of T which is a variable of time (synchronization parameter, time parameter) and a secret key (analogous to a personal access code); (combination of two parameters utilized to generate an OTP password))
        It would have been obvious to one of ordinary skill in the art, before the effective filing date of the claimed invention, to modify Paczkowski for a code calculated by a terminal on the basis of a synchronization parameter and of a personal code of a user, and for a code calculated by a server on the basis of a synchronization parameter and of a verifier corresponding to a user's personal code as taught by Hong.  One of ordinary skill in the art would have been motivated to employ the teachings of Hong for the benefits achieved from the flexibility of a system that enables additional algorithms to be utilized in the generation of authentication access codes. (see Hong paragraph [0037], lines 1-12)      

Regarding Claim 2, Paczkowski-Hong discloses the method according to claim 1, wherein the synchronization parameter depends on date and time data. (see Paczkowski col 6, lines 37-40: one-time password generated by code generator based on time-synchronization between trusted server and user equipment (i.e. synchronization parameters associated with time))    

Regarding Claim 3, Paczkowski-Hong discloses the method according to claim 2, wherein during authentication, the server applies a margin of error for taking account of the time taken to convey the temporary code. (see Paczkowski col 7, lines 17-22: with more than one-time password generated at once; synchronize to use and/or invalidate the one-time password; each one-time password configured to have a time-to-live (TTL) value, (time period taken to convey code))    

Regarding Claim 4, Paczkowski-Hong discloses the method according to claim 3, wherein the server calculates as many temporary codes as there are possible temporary codes given the margin of error, and it compares the inputted temporary code with each of the temporary codes it has calculated. (see Paczkowski col 6, line 66 - col 7, line 20: plurality of one-time password generated at the same time and used at different times; one of two one-time passwords used at a first time and second of two passwords used at a second time; col 1, lines 48-56: generating one-time passwords for user equipment, generating by a code generator of user equipment a different one-time password associated with each of a plurality of access codes; col 1, lines 61-66: transmitting a request to a trusted server for a one-time password associated with an access code; comparing the one-time password displayed on user equipment with one-time password received from trusted server; code verified via comparison; (comparison operation for generated code); col 8, lines 6-12: one-time password used upon receipt of a particular inputted code; a code that is input by the owner and/or user of the user equipment; code may be a personal identification number (PIN) of user equipment (code input by user); col 10, lines 24-26: generated one-time password transmitted to trusted server through an encrypted channel; col 6, lines 37-40: one-time password generated by code generator based on time-synchronization between trusted server and user equipment)

Regarding Claim 5, Paczkowski-Hong discloses the method according to claim 1, wherein the synchronization parameter varies with the number of alternative authentication stages that are performed. (see Paczkowski col 6, line 66 - col 7, line 20: plurality of one-time password generated at the same time and used at different times; one of two one-time passwords used at a first time and second of two passwords used at a second time; (time parameter increases at each authentication stage, usage of first and second one-time passwords))    

Regarding Claim 6, Paczkowski-Hong discloses the method according to claim 5, wherein the synchronization parameter is increased by a predetermined value on each alternative authentication stage. (see Paczkowski col 6, line 66 - col 7, line 20: plurality of one-time password generated at the same time and used at different times; one of two one-time passwords used at a first time (i.e. first authentication stage) and second of two passwords used at a second time (i.e. second authentication stage); (time parameter increases at each authentication stage, usage of first and second one-time passwords))    

Regarding Claim 7, Paczkowski-Hong discloses the method according to claim 1, wherein a random number is displayed on the computer and is communicated to the terminal, which uses a random number for calculating the temporary code, the server also using the random number for calculating the temporary code. (see Paczkowski col 6, lines 26-31: one-time password generated by code generator based upon a number such as a random seed for random number generating algorithm or a pseudorandom number generating algorithm, col 8, lines 4-5, one-time password may be displayed)    

Regarding Claim 8, Paczkowski-Hong discloses the method according to claim 1, including a nominal authentication stage comprising the steps of:
-    the user inputting an identifier into the server, referred to as the "transaction server"; (see Paczkowski col 1, lines 61-64: transmitting a request to a server for a one-time password associated with an access code; (request: identification information associated with request transaction) col 8, lines 5-22, input by the owner/or user)     
-    the transaction server sending a request to authenticate this identifier to a second server, referred to as the "authentication" server; (see Paczkowski col 1, lines 61-64: transmitting a request to a server for a one-time password associated with an access code; col 8, lines 5-22)      
-    the authentication server then initiating a procedure for authenticating the user, including a request to the user to input the user's personal code into the terminal so that the code can be validated by the authentication server; (see Paczkowski col 10, lines 44-54: one-time password (received code) is compared with one time password (received code); responsive to associated access code (i.e. via comparison operation) having been verified and the one-time passwords from the user equipment and trusted server respectively matching access associated with access code is granted (i.e. authentication validated); col 1, lines 48-56: generating one-time passwords for user equipment, generating by a code generator of user equipment a different one-time password associated with each of a plurality of access codes; col 1, lines 61-66: transmitting a request to a trusted server for a one-time password associated with an access code; comparing the one-time password displayed on user equipment with one-time password received from trusted server; code verified via comparison) and
-    once the user is authenticated, the authentication server forwards the positive result to the transaction server, which can then unlock access for the user to the transaction server. (see Paczkowski col 10, lines 44-54: one-time password (received code) is compared with one time password (received code); responsive to associated access code (i.e. via comparison operation) having been verified and the one-time passwords from the user equipment and trusted server respectively matching access associated with access code is granted (i.e. authentication validated))      

Regarding Claim 9, Paczkowski-Hong discloses the method according to claim 8, wherein the personal code is verified by using a verifier on the authentication server. (see Paczkowski col 10, lines 44-54: one-time password (received code) is compared with one time password (received code); responsive to associated access code (i.e. via comparison operation) having been verified and the one-time passwords from the user equipment and trusted server respectively matching access associated with access code is granted (i.e. authentication validated))      

Regarding Claim 10, Paczkowski-Hong discloses the method according to claim 1, including a nominal authentication stage comprising the steps of:
-    causing the server to send a nominal temporary code to the terminal via the second network; (see Paczkowski col 1, lines 61-64: transmitting a request to a server for a one-time password associated with an access code; (one-time password transmitted from server to user terminal))    
-    requesting the user to input the nominal temporary code as received by the terminal into the computer unit; (see Paczkowski col 8, lines 8-9: code input by user of user equipment) and
-    forwarding the code to the server so that the server compares it with the nominal temporary code as sent and so that it validates authentication if the nominal temporary codes match. (see Paczkowski col 10, lines 44-54: one-time password (received code) is compared with one time password (received code); responsive to associated access code (i.e. via comparison operation) having been verified and the one-time passwords from the user equipment and trusted server respectively matching access associated with access code is granted (i.e. authentication validated))      

Regarding Claim 11, Paczkowski-Hong discloses the method according to claim 1, including a nominal authentication stage comprising the steps of:
-    the terminal sending the authentication server a request via the cell phone network in order to obtain a nominal temporary code; (see Paczkowski col 1, lines 61-64: transmitting a request to a server for a one-time password associated with an access code, col 4, lines 61-67)    
-    the authentication server then initiating a procedure for authenticating the user in connected mode by interacting with the terminal via the cell phone network, connected mode authentication including a request to the user to input the user's personal code into the terminal so that the nominal temporary code is unlocked by the authentication server; (see Paczkowski col 1, line 64 - col 2, line 2: comparing one-time password displayed on user terminal with one-time password received from server)    
-    once the user has been authenticated, the authentication server forwards the nominal temporary code to the terminal; (see Paczkowski col 1, lines 61-64: transmitting a request to a server for a one-time password associated with an access code; (one-time password transmitted from server to user terminal)) and
-    forwarding the code to the server so that the server compares it with the nominal temporary code as sent and so that it validates authentication if the nominal temporary codes match. (see Paczkowski col 10, lines 44-54: one-time password (received code) is compared with one time password (received code); responsive to associated access code (i.e. via comparison operation) having been verified and the one-time passwords from the user equipment and trusted server respectively matching access associated with access code is granted (i.e. authentication validated); col 1, lines 48-56: generating one-time passwords for user equipment, generating by a code generator of user equipment a different one-time password associated with each of a plurality of access codes; col 1, lines 61-66: transmitting a request to a trusted server for a one-time password associated with an access code; comparing the one-time password displayed on user equipment with one-time password received from trusted server; code verified via comparison)    

Regarding Claim 12, Paczkowski-Hong discloses the method according to claim 10, wherein sending of the temporary code is preceded by the step of enabling the user to initiate an alternative authentication stage, if so desired. (see Paczkowski col 6, line 66 - col 7, line 20: plurality of one-time password generated at the same time and used at different times; one of two one-time passwords used at a first time (i.e. first authentication stage) and second of two passwords used at a second time (i.e. second authentication stage); (time parameter increases at each authentication stage; usage of first and second one-time passwords))    

Regarding Claim 13, Paczkowski-Hong discloses the method according to claim 8, including the step of updating the synchronization parameter when access to the second network is available. (see Paczkowski col 6, line 66 - col 7, line 20: plurality of one-time password generated at the same time and used at different times; one of two one-time passwords used at a first time (i.e. first authentication stage) and second of two passwords used at a second time (i.e. second authentication stage available at second time); (time parameter increases at each authentication stage; usage of first and second one-time passwords))    

Regarding Claim 14, Paczkowski-Hong discloses the method according to claim 1, wherein during the alternative authentication stage, calculation of the temporary code by the terminal includes the step of calculating the verifier from the personal code and then applying a predetermined mathematical formula to the verifier or to the synchronization parameter. (see Paczkowski col 10, lines 24-26: generated one-time password transmitted to trusted server through an encrypted channel; col 6, lines 37-40: one-time password generated by code generator based on time-synchronization between trusted server and user equipment; col 6, lines 26-31: one-time password generated by code generator based upon a number such as a random seed for random number generating algorithm or a pseudorandom number generating algorithm)   

Paczkowski does not specifically disclose calculation of code includes the step of applying a predetermined mathematical formula to the verifier and to the synchronization parameter. 
However, Hong discloses wherein calculation of the temporary code by the server includes the step of applying the predetermined mathematical formula to the verifier and to the synchronization parameter. (see Hong paragraph [0038], lines 1-9: OTP password obtained (i.e. generated, calculated) by a combination of T which is a variable of time (synchronization parameter, time parameter) and a secret key (analogous to a personal access code); (combination of two parameters utilized to generate an OTP password))
        It would have been obvious to one of ordinary skill in the art, before the effective filing date of the claimed invention, to modify Paczkowski for calculation of code includes the step of applying a predetermined mathematical formula to the verifier and to the synchronization parameter as taught by Hong.  One of ordinary skill in the art would have been motivated to employ the teachings of Hong for the benefits achieved from the flexibility of a system that enables additional algorithms to be utilized in the generation of authentication access codes. (see Hong paragraph [0037], lines 1-12)      

Regarding Claim 15, Paczkowski-Hong discloses the method according to claim 14. 
Paczkowski does not specifically disclose authentication utilizing one of the following authentication algorithms: - HOTP; - TOTP; - OCRA.
However, Hong discloses wherein the alternative authentication stage makes use of one of the following authentication algorithms: 
- hash message authentication code (HMAC)-based one-time password (HOTP); 
- time-based one-time password (TOTP); 
- OATH challenge-response algorithm (OCRA). (see Hong paragraph [0037] lines 1-12: generating OTP (one-time password) utilizing a time-based OTP algorithm (i.e. TOTP algorithm); (selected: TOTP algorithm))
        It would have been obvious to one of ordinary skill in the art, before the effective filing date of the claimed invention, to modify Paczkowski for authentication utilizing one of the following authentication algorithms: - HOTP; - TOTP; - OCRA as taught by Hong.   One of ordinary skill in the art would have been motivated to employ the teachings of Hong for the benefits achieved from the flexibility of a system that enables additional algorithms to be utilized in the generation of authentication access codes. (see Hong paragraph [0037], lines 1-12)      

Regarding Claim 16, Paczkowski-Hong discloses the method according to claim 14, 
Paczkowski does not specifically disclose verifier calculated in the same manner as in the following protocols: - SRP; - VPAKE; - hashing from a random number.
However, Hong discloses wherein the verifier is calculated in the same manner as in the following protocols: 
- secure remote password (SRP); 
- verifier-based password authenticated key exchange (VPAKE); 
- hashing from a random number. (see Hong paragraph [0037] lines 1-12: generating OTP (one-time password) utilizing a time-based OTP algorithm (i.e. TOTP algorithm); (selected: TOTP algorithm); confirming data integrity using a cryptographic hash function; (selected: hashing from a random number))    
        It would have been obvious to one of ordinary skill in the art, before the effective filing date of the claimed invention, to modify Paczkowski for verifier calculated in the same manner as in the following protocols: - SRP; - VPAKE; - hashing from a random number as taught by Hong.   One of ordinary skill in the art would have been motivated to employ the teachings of Hong for the benefits achieved from the flexibility of a system that enables additional algorithms to be utilized in the generation of authentication access codes. (see Hong paragraph [0037], lines 1-12)

Regarding Claim 17, Paczkowski-Hong discloses the method according to claim 1, implemented by means of an authentication server connected to a transaction server connected to the computer unit, the method including the step of initiating respective connections between the transaction server and the computer unit, and between the transaction server and the authentication server, the authentication server being connected at the user end only to the terminal via the second network. (see Paczkowski col 1, lines 61-64: transmitting a request to a server for a one-time password associated with an access code; (one-time password transmitted from server to user terminal); col 4, line 61 - col 5, line 3: user equipment configured to establish communication links providing communication connectivity to a network; server and data store have access to network)   

Conclusion

Any inquiry concerning this communication or earlier communications from the examiner should be directed to CARLTON JOHNSON whose telephone number is (571)270-1032.  The examiner can normally be reached on Work: 12-9PM (most days).
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Shewaye Gelagay can be reached on 571-272-4219.  The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system.  Status information for published applications may be obtained from either Private PAIR or Public PAIR.  Status information for unpublished applications is available through Private PAIR only.  For more information about the PAIR system, see https://ppair-my.uspto.gov/pair/PrivatePair. Should you have questions on access to the Private PAIR system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative or access to the automated information system, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.






/CJ/
October 11, 2022

/FATOUMATA TRAORE/Primary Examiner, Art Unit 2436