DETAILED ACTION
Continued Examination Under 37 CFR 1.114
A request for continued examination under 37 CFR 1.114, including the fee set forth in 37 CFR 1.17(e), was filed in this application after final rejection.  Since this application is eligible for continued examination under 37 CFR 1.114, and the fee set forth in 37 CFR 1.17(e) has been timely paid, the finality of the previous Office action has been withdrawn pursuant to 37 CFR 1.114.  Applicant's submission filed on 8/25/2022 has been entered.
Claims 1-7 and 9-21 are pending with claim 1, 17-20 having been amended.

Claim Rejections - 35 USC § 112
The following is a quotation of the first paragraph of 35 U.S.C. 112(a):
(a) IN GENERAL.—The specification shall contain a written description of the invention, and of the manner and process of making and using it, in such full, clear, concise, and exact terms as to enable any person skilled in the art to which it pertains, or with which it is most nearly connected, to make and use the same, and shall set forth the best mode contemplated by the inventor or joint inventor of carrying out the invention.

The following is a quotation of the first paragraph of pre-AIA  35 U.S.C. 112:
The specification shall contain a written description of the invention, and of the manner and process of making and using it, in such full, clear, concise, and exact terms as to enable any person skilled in the art to which it pertains, or with which it is most nearly connected, to make and use the same, and shall set forth the best mode contemplated by the inventor of carrying out his invention.

Claims 1 and 17-19 are rejected under 35 U.S.C. 112(a) or 35 U.S.C. 112 (pre-AIA ), first paragraph, as failing to comply with the written description requirement. The claim(s) contains subject matter which was not described in the specification in such a way as to reasonably convey to one skilled in the relevant art that the inventor or a joint inventor, or for applications subject to pre-AIA  35 U.S.C. 112, the inventor(s), at the time the application was filed, had possession of the claimed invention.
Amended independent claims 1 and 17 added the limitation “said generating is conducted without use of any private key” and independent claims 18 and 19 added the limitation “wherein the challenge is generated without use of any private key”. 
While paragraph 0043-0044 and 0107-0108 of the specification teaches examples of how the challenge is generated by encoding the first public key of the temporary key pair. The specification and drawing do not state anywhere that the challenge is generated without use of any private key.

The following is a quotation of 35 U.S.C. 112(b):
(b)  CONCLUSION.—The specification shall conclude with one or more claims particularly pointing out and distinctly claiming the subject matter which the inventor or a joint inventor regards as the invention.


The following is a quotation of 35 U.S.C. 112 (pre-AIA ), second paragraph:
The specification shall conclude with one or more claims particularly pointing out and distinctly claiming the subject matter which the applicant regards as his invention.


Claims 1 and 17 are rejected under 35 U.S.C. 112(b) or 35 U.S.C. 112 (pre-AIA ), second paragraph, as being indefinite for failing to particularly point out and distinctly claim the subject matter which the inventor or a joint inventor (or for applications subject to pre-AIA  35 U.S.C. 112, the applicant), regards as the invention.
Claim 1 recites the limitation "said generating" in line 5.  There is insufficient antecedent basis for this limitation in the claim. It is unclear if the “said generating is referring to the generating a challenge or if the “said generating” is referring the generating of the temporary key pair.
Claim 17 recites the limitation "said generating" in line 7-8.  There is insufficient antecedent basis for this limitation in the claim. It is unclear if the “said generating is referring to the generating a challenge or if the “said generating” is referring the generating of the temporary key pair.

Claim Rejections - 35 USC § 103
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.

Claims 1-6, 9, 10, 17-19 and 21 are rejected under 35 U.S.C. 103 as being unpatentable over Bychkov (US 2007/0067828) in view of HU et al (US 2017/0085557) in view of Claes et al (US 20160191494).
With respect to claim 1 Bychkov teaches a computer implemented method of authenticating a user according to a secure One Time Password (OTP), comprising: 
using at least one processor of an authentication system for: 
generating a challenge (see Bychkov figure 2 paragraph 0017 i.e. a step 221 server application 182 responds to client application 168 with a request for user authentication by an OTP. This request is transferred to OTP authentication device 110, where OTP generator 130 requests from trigger unit 120, in a step 221, a trigger for generating the OTP. If the trigger is Challenge 120A the server 170 generates in trigger synchronizer 174 a random challenge string and provides it to OTP generator 130 through computer 160);
outputting the challenge to a code generation device associated with a user (see Bychkov figure 2 step 221 and paragraph 0017 i.e. If the trigger is Challenge 120A the server 170 generates in trigger synchronizer 174 a random challenge string and provides it to OTP generator 130 through computer 160); 
receiving an OTP code derived by the code generation device (see Bychkov figure 2 step 241 and paragraph 0017 i.e. In a step 231, OTP generator 130 processes trigger 120 and user key 132 to generate an OTP. In a step 241, the OTP generated in step 231 is sent from OTP device 110 to client workstation 160 which forwards data derived from the OTP to server 170); 
deriving a reference OTP code (see Bychkov figure 2 step 251 and paragraph 0017 i.e. In a step 251, OTP verifier 178 calculates an expected OTP based on a the trigger retrieved from trigger synchronizer 174 and the user key retrieved from user database 176); and 
authenticating the user according to a match between the OTP code and the reference OTP code (see Bychkov figure 2 step 251-261 and paragraph 0017 i.e. In a step 251, OTP verifier 178 calculates an expected OTP based on a the trigger retrieved from trigger synchronizer 174 and the user key retrieved from user database 176, and compares it with the OTP received from OTP authentication device 110 through computer 160. If the verification was positive, then a step 261 routes the process to step 271, where a client-server session commences to provide the desired target service through cooperation between client application 168 and server application 182); 
wherein the OTP code is received via at least one input interface operated by the user to insert the OTP code generated by the code generation device (see Bychkov paragraph 0012-0013 i.e. OTP interface 140 interfaces with authentication device interface 164 in order to exchange OTP-related data between OTP authentication device 110 and computer 160. In particular, whenever OTP generator 130 generates a session OTP, an OTP transmitter (not shown) "transmits" (i.e. displays and/or effects a data exchange to provide the session OTP data to the computer 160 via OTP interface 140) the session OTP from the OTP device 110. Common implementations for OTP interface 140 are: a display 140A being used by a user in order to read the password and enter same manually into a keyboard that serves as authentication device interface 164); 
wherein said code generation device is isolated from a network used by said authentication system for transmitting said challenge to a client device operated by said user (see Bychkov figure 2 step 221 and paragraph 0017 i.e. If the trigger is Challenge 120A the server 170 generates in trigger synchronizer 174 a random challenge string and provides it to OTP generator 130 through computer 160 and paragraph 0014 i.e. It will be noted that the case where OTP interface 140 applies display 140A, does not require any direct electronic communication link between OTP authentication device 110 and computer 160). 
Bychkov does not teach the challenge is an encoded a first public key of a temporary key pair generated for use during a specific authentication process, said generating is conducted without use of any private key; storing a first private key of the temporary key pair; the OTP code is derived from an outcome of a key agreement algorithm applied to the first public key extracted from the challenge and a second private key of an authentication key pair uniquely associated with the code generation device; the reference OTP code is derived from an outcome of the key agreement algorithm applied to the first private key and a second public key of the authentication key pair; and wherein said challenge is presented by the client device to the code generation device using one or more one-way channels.

Hu teaches the challenge is a first public key of a temporary key pair generated for use during a specific authentication process (see HU paragraph 0055 i.e. the entity B generates a random number NB, and calculates a digital signature SigB=SIG(CSB, IDa.parallel.NB.parallel.QB) using its own private key CSB, where SIG represents a digital signature algorithm, IDA and IDB represent identification information of the entity A and the entity B respectively, QB represents a temporary public key of the entity B); 
storing a first private key of the temporary key pair (see HU paragraph 0061 i.e. entity B calculates secret information z=f(dB,Qa) using temporary private key dB generated in advance by the entity B); 
the OTP code is derived from an outcome of a key agreement algorithm applied to the first public key extracted from the challenge and a second private key of an authentication key pair uniquely associated with the code generation device (see HU paragraph 0058 i.e. In the operation 6, the entity A calculates secret information z=f(dA, QB) using a temporary private key dA generated in advance by the entity A, and the temporary public key QBA of the entity B based on the ECDH key exchange protocol, where f represents a key calculation function … entity A may convert the calculated secret information z into a string of characters Z, and calculate a key MK=KDF(NA, NB, Z, IDA, IDB), where KDF represents a key derivation algorithm, the entity A may calculate a message authentication code MacTagA=MAC1(MK, IDA, IDB, QA, QB), where MAC1 represents a message authentication code calculation function, and the entity A may transmit a third identity authentication message including NA.parallel.NB.parallelA.parallel.SigA.parallel.Mac- TagA to the entity B); and 
the reference OTP code is derived from an outcome of the key agreement algorithm applied to the first private key and a second public key of the authentication key pair (see HU paragraph 0061 i.e. the entity B calculates secret information z=f(dB, QA) using a temporary private key dB generated in advance by the entity B, and the temporary public key QA of the entity A based on the ECDH key exchange protocol, and if the secret information is calculated in error, then the entity B may terminate the authentication; otherwise, the entity B may convert the calculated secret information z into a string of characters Z, calculate a key MK=KDF(NA, NB, Z, IDA, IDB), calculate a message authentication code MacTagA=MAC1(MK, IDA, IDB, QA, QB));
It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to modify Bychkov in view of Hu to have to have used a temporary public key of a key pair generated by the authentication system as a challenge in which an OTP generator can generates a session OTP using a key agreement algorithm such as an Ellipse Curve Diffie-Hellman (ECDH) algorithm with the received temporary public key and it private as way to provided an anti-counterfeiting capability to apply a mechanism of authenticating the identities of two communication parties to thereby authenticate the identities of the card and the reader so as to guarantee the legality and authenticity of the identities of the two communication parties (see Hu paragraph 0003). Therefore one would have been motivated to have used a temporary public key of a key pair generated by the authentication system with an Ellipse Curve Diffie-Hellman (ECDH) algorithm to provided an anti-counterfeiting capability to apply a mechanism of authenticating the identities of two communication parties.

Bychkov in view of HU does not teach encoding the challenge is conducted without use of any private key; wherein said challenge is presented by the client device to the code generation device using one or more one-way channels
Claes teaches encoding the challenge is conducted without use of any private key; wherein said challenge is presented by the client device to the code generation device using one or more one-way channels (see Claes paragraph 0069 i.e. The hardware token may further comprise a data processing component that may be adapted to perform the cryptographically combining of the dynamic variable with the secret hardware token key. The hardware token may further also comprise a user input interface for receiving inputs from the user, such as for example a challenge or transaction data or a PIN (Personal Identification Number), and a user output interface for presenting outputs to the user, such as for example a dynamic credential generated by the hardware token. In some embodiments the hardware token may also receive input data using another input mechanism (e.g. using a camera to capture an image encoded with data such as for example a 2D-barcode or a QR-code).
It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to modify Bychkov in view of Claes to have transmitted date from one device to another using user input interface for receiving inputs from the user, such as for example a challenge or receive input data using another input mechanism (e.g. using a camera to capture an image encoded with data such as for example a 2D-barcode or a QR-code) (See Claes paragraph 0069). Therefore one would have been motivated to have transmitted to the using user input interface for receiving inputs from the user or receive input data using a camera to capture an image encoded with data such as for example a 2D-barcode or a QR-code.

With respect to claim 2 Bychkov teaches the computer implemented method of claim 1, wherein the user is granted access to at least one service in case of a successful authentication process (see Bychkov figure 2 step 251-261 and paragraph 0017 i.e. In a step 251, OTP verifier 178 calculates an expected OTP based on a the trigger retrieved from trigger synchronizer 174 and the user key retrieved from user database 176, and compares it with the OTP received from OTP authentication device 110 through computer 160. If the verification was positive, then a step 261 routes the process to step 271, where a client-server session commences to provide the desired target service through cooperation between client application 168 and server application 182).

With respect to claim 3 Bychkov teaches the computer implemented method of claim 1, but does not disclose wherein the temporary key pair is invalidated after the specific authentication process is complete. 
Hu teaches wherein the temporary key pair is invalidated after the specific authentication process is complete (see HU paragraph 0055, 0058 and 0061 i.e. all public/private keys are temporary keys).

With respect to claim 4 Bychkov teaches the computer implemented method of claim 1, but does not disclose wherein the outcome of the key agreement algorithm applied to the first private key and the second public key equals the outcome of the key agreement algorithm applied to the second private key and the first public key.
Hu teaches wherein the outcome of the key agreement algorithm applied to the first private key and the second public key equals the outcome of the key agreement algorithm applied to the second private key and the first public key (see HU paragraph 0058 i.e. In the operation 6, the entity A calculates secret information z=f(dA, QB) using a temporary private key dA generated in advance by the entity A, and the temporary public key QB of the entity B based on the ECDH key exchange protocol, where f represents a key calculation function and paragraph 0061 i.e. the entity B calculates secret information z=f(dB, QA) using a temporary private key dB generated in advance by the entity B, and the temporary public key QA of the entity A based on the ECDH key exchange protocol).
It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to modify Bychkov in view of Hu to have to have used a temporary public key of a key pair generated by the authentication system as a challenge in which an OTP generator can generates a session OTP using a key agreement algorithm such as an Ellipse Curve Diffie-Hellman (ECDH) algorithm with the received temporary public key and it private as way to provided an anti-counterfeiting capability to apply a mechanism of authenticating the identities of two communication parties to thereby authenticate the identities of the card and the reader so as to guarantee the legality and authenticity of the identities of the two communication parties (see Hu paragraph 0003). Therefore one would have been motivated to have used a temporary public key of a key pair generated by the authentication system with an Ellipse Curve Diffie-Hellman (ECDH) algorithm to provided an anti-counterfeiting capability to apply a mechanism of authenticating the identities of two communication parties.
	

With respect to claim 5 Bychkov teaches the computer implemented method of claim 1, but does not disclose wherein the key agreement algorithm is Ellipse Curve Diffie-Hellman (ECDH) algorithm.
	Hu teaches wherein the key agreement algorithm is Ellipse Curve Diffie-Hellman (ECDH) algorithm (see HU paragraph 0061 i.e. the entity B calculates secret information z=f(dB, QA) using a temporary private key dB generated in advance by the entity B, and the temporary public key QA of the entity A based on the ECDH key exchange protocol, and if the secret information is calculated in error, then the entity B may terminate the authentication; otherwise, the entity B may convert the calculated secret information z into a string of characters Z, calculate a key MK=KDF(NA, NB, Z, IDA, IDB), calculate a message authentication code MacTagA=MAC1(MK, IDA, IDB, QA, QB))
It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to modify Bychkov in view of Hu to have to have used a temporary public key of a key pair generated by the authentication system as a challenge in which an OTP generator can generates a session OTP using a key agreement algorithm such as an Ellipse Curve Diffie-Hellman (ECDH) algorithm with the received temporary public key and it private as way to provided an anti-counterfeiting capability to apply a mechanism of authenticating the identities of two communication parties to thereby authenticate the identities of the card and the reader so as to guarantee the legality and authenticity of the identities of the two communication parties (see Hu paragraph 0003). Therefore one would have been motivated to have used a temporary public key of a key pair generated by the authentication system with an Ellipse Curve Diffie-Hellman (ECDH) algorithm to provided an anti-counterfeiting capability to apply a mechanism of authenticating the identities of two communication parties.

With respect to claim 6 Bychkov teaches the method of claim 1, wherein the challenge is output to the code generation device by projecting a visually encoded version of the challenge via a display which is scanned by the code generation device.
Claes teaches wherein the challenge is output to the code generation device by projecting a visually encoded version of the challenge via a display which is scanned by the code generation device (see Claes paragraph 0069 i.e. The hardware token may further comprise a data processing component that may be adapted to perform the cryptographically combining of the dynamic variable with the secret hardware token key. The hardware token may further also comprise a user input interface for receiving inputs from the user, such as for example a challenge or transaction data or a PIN (Personal Identification Number), and a user output interface for presenting outputs to the user, such as for example a dynamic credential generated by the hardware token. In some embodiments the hardware token may also receive input data using another input mechanism (e.g. using a camera to capture an image encoded with data such as for example a 2D-barcode or a QR-code).
It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to modify Bychkov in view of Claes to have transmitted date from one device to another using user input interface for receiving inputs from the user, such as for example a challenge or receive input data using another input mechanism (e.g. using a camera to capture an image encoded with data such as for example a 2D-barcode or a QR-code) (See Claes paragraph 0069). Therefore one would have been motivated to have transmitted to the using user input interface for receiving inputs from the user or receive input data using a camera to capture an image encoded with data such as for example a 2D-barcode or a QR-code.

	With respect to claim 9 Bychkov teaches the method of claim 1, but does not disclose wherein the second public key is locally stored.
Hu teaches wherein the second public key is locally stored (see HU paragraph 0060 i.e. the entity B checks to see whether the temporary public key QA of the entity A has been stored).
It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to modify Bychkov in view of Hu to have to have used a temporary public key of a key pair generated by the authentication system as a challenge in which an OTP generator can generates a session OTP using a key agreement algorithm such as an Ellipse Curve Diffie-Hellman (ECDH) algorithm with the received temporary public key and it private as way to provided an anti-counterfeiting capability to apply a mechanism of authenticating the identities of two communication parties to thereby authenticate the identities of the card and the reader so as to guarantee the legality and authenticity of the identities of the two communication parties (see Hu paragraph 0003). Therefore one would have been motivated to have used a temporary public key of a key pair generated by the authentication system with an Ellipse Curve Diffie-Hellman (ECDH) algorithm to provided an anti-counterfeiting capability to apply a mechanism of authenticating the identities of two communication parties.

	With respect to claim 10 Bychkov teaches the method of claim 1, further comprising the OTP code is generated by the code generation device in response to a successful local authentication sequence conducted between the user and the code generation device, the local authentication sequence is based on at least one of: biometric authentication, verification of a code stored in an attachable storage media attached to the code generation device and verification of a code uniquely associated with the user received from the user operating at least one input interface of the code generation device (see Bychkov paragraph 0010 i.e. Optionally and typically, user identifier (or user identification module) 134 may be provided in OTP authentication device 110 to prevent misuse by someone who finds or steals OTP authentication device 110. In many implementations, OTP generator 130 will not generate (or will not transmit) a Session OTP data unless user identifier 134 provides positive user identification).

With respect to claim 17 Bychkov teaches an authentication system for authenticating a user according to a secure One Time Password (OTP), comprising: a program store storing a code; and at least one processor coupled to the program store for executing the stored code, the code comprising: 
code instructions to generating a challenge (see Bychkov figure 2 paragraph 0017 i.e. a step 221 server application 182 responds to client application 168 with a request for user authentication by an OTP. This request is transferred to OTP authentication device 110, where OTP generator 130 requests from trigger unit 120, in a step 221, a trigger for generating the OTP. If the trigger is Challenge 120A the server 170 generates in trigger synchronizer 174 a random challenge string and provides it to OTP generator 130 through computer 160);
code instructions to output the challenge to a code generation device associated with a user (see Bychkov figure 2 step 221 and paragraph 0017 i.e. If the trigger is Challenge 120A the server 170 generates in trigger synchronizer 174 a random challenge string and provides it to OTP generator 130 through computer 160); 
code instructions to receive an OTP code derived by the code generation device (see Bychkov figure 2 step 241 and paragraph 0017 i.e. In a step 231, OTP generator 130 processes trigger 120 and user key 132 to generate an OTP. In a step 241, the OTP generated in step 231 is sent from OTP device 110 to client workstation 160 which forwards data derived from the OTP to server 170); 
code instructions to derive a reference OTP code (see Bychkov figure 2 step 251 and paragraph 0017 i.e. In a step 251, OTP verifier 178 calculates an expected OTP based on a the trigger retrieved from trigger synchronizer 174 and the user key retrieved from user database 176); and 
code instructions to authenticate the user according to a match between the OTP code and the reference OTP code (see Bychkov figure 2 step 251-261 and paragraph 0017 i.e. In a step 251, OTP verifier 178 calculates an expected OTP based on a the trigger retrieved from trigger synchronizer 174 and the user key retrieved from user database 176, and compares it with the OTP received from OTP authentication device 110 through computer 160. If the verification was positive, then a step 261 routes the process to step 271, where a client-server session commences to provide the desired target service through cooperation between client application 168 and server application 182); 
wherein the OTP code is received via at least one input interface operated by the user to insert the OTP code generated by the code generation device (see Bychkov paragraph 0012-0013 i.e. OTP interface 140 interfaces with authentication device interface 164 in order to exchange OTP-related data between OTP authentication device 110 and computer 160. In particular, whenever OTP generator 130 generates a session OTP, an OTP transmitter (not shown) "transmits" (i.e. displays and/or effects a data exchange to provide the session OTP data to the computer 160 via OTP interface 140) the session OTP from the OTP device 110. Common implementations for OTP interface 140 are: a display 140A being used by a user in order to read the password and enter same manually into a keyboard that serves as authentication device interface 164); 
wherein said code generation device is isolated from a network used by said authentication system for transmitting said challenge to a client device operated by said user (see Bychkov figure 2 step 221 and paragraph 0017 i.e. If the trigger is Challenge 120A the server 170 generates in trigger synchronizer 174 a random challenge string and provides it to OTP generator 130 through computer 160 and paragraph 0014 i.e. It will be noted that the case where OTP interface 140 applies display 140A, does not require any direct electronic communication link between OTP authentication device 110 and computer 160). 
Bychkov does not teach the challenge is an encoded a first public key of a temporary key pair generated for use during a specific authentication process, said generating is conducted without use of any private key; storing a first private key of the temporary key pair; the OTP code is derived from an outcome of a key agreement algorithm applied to the first public key extracted from the challenge and a second private key of an authentication key pair uniquely associated with the code generation device; the reference OTP code is derived from an outcome of the key agreement algorithm applied to the first private key and a second public key of the authentication key pair; and wherein said challenge is presented by the client device to the code generation device using one or more one-way channels.

Hu teaches the challenge is a first public key of a temporary key pair generated for use during a specific authentication process (see HU paragraph 0055 i.e. the entity B generates a random number NB, and calculates a digital signature SigB=SIG(CSB, IDa.parallel.NB.parallel.QB) using its own private key CSB, where SIG represents a digital signature algorithm, IDA and IDB represent identification information of the entity A and the entity B respectively, QB represents a temporary public key of the entity B); 
storing a first private key of the temporary key pair (see HU paragraph 0061 i.e. entity B calculates secret information z=f(dB,Qa) using temporary private key dB generated in advance by the entity B); 
the OTP code is derived from an outcome of a key agreement algorithm applied to the first public key extracted from the challenge and a second private key of an authentication key pair uniquely associated with the code generation device (see HU paragraph 0058 i.e. In the operation 6, the entity A calculates secret information z=f(dA, QB) using a temporary private key dA generated in advance by the entity A, and the temporary public key QBA of the entity B based on the ECDH key exchange protocol, where f represents a key calculation function … entity A may convert the calculated secret information z into a string of characters Z, and calculate a key MK=KDF(NA, NB, Z, IDA, IDB), where KDF represents a key derivation algorithm, the entity A may calculate a message authentication code MacTagA=MAC1(MK, IDA, IDB, QA, QB), where MAC1 represents a message authentication code calculation function, and the entity A may transmit a third identity authentication message including NA.parallel.NB.parallelA.parallel.SigA.parallel.Mac- TagA to the entity B); and 
the reference OTP code is derived from an outcome of the key agreement algorithm applied to the first private key and a second public key of the authentication key pair (see HU paragraph 0061 i.e. the entity B calculates secret information z=f(dB, QA) using a temporary private key dB generated in advance by the entity B, and the temporary public key QA of the entity A based on the ECDH key exchange protocol, and if the secret information is calculated in error, then the entity B may terminate the authentication; otherwise, the entity B may convert the calculated secret information z into a string of characters Z, calculate a key MK=KDF(NA, NB, Z, IDA, IDB), calculate a message authentication code MacTagA=MAC1(MK, IDA, IDB, QA, QB));
It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to modify Bychkov in view of Hu to have to have used a temporary public key of a key pair generated by the authentication system as a challenge in which an OTP generator can generates a session OTP using a key agreement algorithm such as an Ellipse Curve Diffie-Hellman (ECDH) algorithm with the received temporary public key and it private as way to provided an anti-counterfeiting capability to apply a mechanism of authenticating the identities of two communication parties to thereby authenticate the identities of the card and the reader so as to guarantee the legality and authenticity of the identities of the two communication parties (see Hu paragraph 0003). Therefore one would have been motivated to have used a temporary public key of a key pair generated by the authentication system with an Ellipse Curve Diffie-Hellman (ECDH) algorithm to provided an anti-counterfeiting capability to apply a mechanism of authenticating the identities of two communication parties.

Bychkov in view of HU does not teach encoding the challenge is conducted without use of any private key;  wherein said challenge is presented by the client device to the code generation device using one or more one-way channels
Claes teaches encoding the challenge is conducted without use of any private key; wherein said challenge is presented by the client device to the code generation device using one or more one-way channels (see Claes paragraph 0069 i.e. The hardware token may further comprise a data processing component that may be adapted to perform the cryptographically combining of the dynamic variable with the secret hardware token key. The hardware token may further also comprise a user input interface for receiving inputs from the user, such as for example a challenge or transaction data or a PIN (Personal Identification Number), and a user output interface for presenting outputs to the user, such as for example a dynamic credential generated by the hardware token. In some embodiments the hardware token may also receive input data using another input mechanism (e.g. using a camera to capture an image encoded with data such as for example a 2D-barcode or a QR-code).
It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to modify Bychkov in view of Claes to have transmitted date from one device to another using user input interface for receiving inputs from the user, such as for example a challenge or receive input data using another input mechanism (e.g. using a camera to capture an image encoded with data such as for example a 2D-barcode or a QR-code) (See Claes paragraph 0069). Therefore one would have been motivated to have transmitted to the using user input interface for receiving inputs from the user or receive input data using a camera to capture an image encoded with data such as for example a 2D-barcode or a QR-code.


With respect to claim 18 Bychkov teaches a computer implemented method of generating a secure One Time Password (OTP) used for authenticating an associated user, comprising: 
using at least one processor of a code generation device associated with a user for: 
receiving a challenge (see Bychkov figure 2 step 221 and paragraph 0017 i.e. If the trigger is Challenge 120A the server 170 generates in trigger synchronizer 174 a random challenge string and provides it to OTP generator 130 through computer 160); 
deriving an OTP code (see Bychkov figure 2 step 241 and paragraph 0017 i.e. In a step 231, OTP generator 130 processes trigger 120 and user key 132 to generate an OTP. In a step 241, the OTP generated in step 231 is sent from OTP device 110 to client workstation 160 which forwards data derived from the OTP to server 170) from an outcome of a key agreement algorithm applied to the first public key extracted from the challenge and a second private key of an authentication key pair uniquely associated with the code generation device; and 
outputting the OTP code to the authentication system which authenticates the user according to a match between the OTP code and a reference OTP code (see Bychkov figure 2 step 251-261 and paragraph 0017 i.e. In a step 251, OTP verifier 178 calculates an expected OTP based on a the trigger retrieved from trigger synchronizer 174 and the user key retrieved from user database 176, and compares it with the OTP received from OTP authentication device 110 through computer 160. If the verification was positive, then a step 261 routes the process to step 271, where a client-server session commences to provide the desired target service through cooperation between client application 168 and server application 182); 
wherein the OTP code is received via at least one input interface operated by the user to insert the OTP code generated by the code generation devices (see Bychkov paragraph 0012-0013 i.e. OTP interface 140 interfaces with authentication device interface 164 in order to exchange OTP-related data between OTP authentication device 110 and computer 160. In particular, whenever OTP generator 130 generates a session OTP, an OTP transmitter (not shown) "transmits" (i.e. displays and/or effects a data exchange to provide the session OTP data to the computer 160 via OTP interface 140) the session OTP from the OTP device 110. Common implementations for OTP interface 140 are: a display 140A being used by a user in order to read the password and enter same manually into a keyboard that serves as authentication device interface 164);
wherein said code generation device is isolated from a network used by said authentication system for transmitting said challenge to a client device operated by said user (see Bychkov figure 2 step 221 and paragraph 0017 i.e. If the trigger is Challenge 120A the server 170 generates in trigger synchronizer 174 a random challenge string and provides it to OTP generator 130 through computer 160 and paragraph 0014 i.e. It will be noted that the case where OTP interface 140 applies display 140A, does not require any direct electronic communication link between OTP authentication device 110 and computer 160); and 
Bychkov does not teaches the challenge is an encoded a first public key of a temporary key pair generated by an authentication system for use during a specific authentication process; the OTP code is derived from an outcome of a key agreement algorithm applied to the first public key extracted from the challenge and a second private key of an authentication key pair uniquely associated with the code generation device; the reference OTP code is derived from an outcome of the key agreement algorithm applied to a first private key of the temporary key pair and a second public key of the authentication key pair; and wherein said challenge is presented by the client device to the code generation device using one or more one-way channels.

Hu teaches the challenge is a first public key of a temporary key pair generated for use during a specific authentication process (see HU paragraph 0055 i.e. the entity B generates a random number NB, and calculates a digital signature SigB=SIG(CSB, IDa.parallel.NB.parallel.QB) using its own private key CSB, where SIG represents a digital signature algorithm, IDA and IDB represent identification information of the entity A and the entity B respectively, QB represents a temporary public key of the entity B); 
the OTP code is derived from an outcome of a key agreement algorithm applied to the first public key extracted from the challenge and a second private key of an authentication key pair uniquely associated with the code generation device; (see HU paragraph 0058 i.e. In the operation 6, the entity A calculates secret information z=f(dA, QB) using a temporary private key dA generated in advance by the entity A, and the temporary public key QBA of the entity B based on the ECDH key exchange protocol, where f represents a key calculation function … entity A may convert the calculated secret information z into a string of characters Z, and calculate a key MK=KDF(NA, NB, Z, IDA, IDB), where KDF represents a key derivation algorithm, the entity A may calculate a message authentication code MacTagA=MAC1(MK, IDA, IDB, QA, QB), where MAC1 represents a message authentication code calculation function, and the entity A may transmit a third identity authentication message including NA.parallel.NB.parallelA.parallel.SigA.parallel.Mac- TagA to the entity B); and 
the reference OTP code is derived from an outcome of the key agreement algorithm applied to the first private key and a second public key of the authentication key pair (see HU paragraph 0061 i.e. the entity B calculates secret information z=f(dB, QA) using a temporary private key dB generated in advance by the entity B, and the temporary public key QA of the entity A based on the ECDH key exchange protocol, and if the secret information is calculated in error, then the entity B may terminate the authentication; otherwise, the entity B may convert the calculated secret information z into a string of characters Z, calculate a key MK=KDF(NA, NB, Z, IDA, IDB), calculate a message authentication code MacTagA=MAC1(MK, IDA, IDB, QA, QB));
It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to modify Bychkov in view of Hu to have to have used a temporary public key of a key pair generated by the authentication system as a challenge in which an OTP generator can generates a session OTP using a key agreement algorithm such as an Ellipse Curve Diffie-Hellman (ECDH) algorithm with the received temporary public key and it private as way to provided an anti-counterfeiting capability to apply a mechanism of authenticating the identities of two communication parties to thereby authenticate the identities of the card and the reader so as to guarantee the legality and authenticity of the identities of the two communication parties (see Hu paragraph 0003). Therefore one would have been motivated to have used a temporary public key of a key pair generated by the authentication system with an Ellipse Curve Diffie-Hellman (ECDH) algorithm to provided an anti-counterfeiting capability to apply a mechanism of authenticating the identities of two communication parties.

Bychkov in view of HU does not teach encoding the challenge is conducted without use of any private key;  wherein said challenge is presented by the client device to the code generation device using one or more one-way channels
Claes teaches encoding the challenge is conducted without use of any private key; wherein said challenge is presented by the client device to the code generation device using one or more one-way channels (see Claes paragraph 0069 i.e. The hardware token may further comprise a data processing component that may be adapted to perform the cryptographically combining of the dynamic variable with the secret hardware token key. The hardware token may further also comprise a user input interface for receiving inputs from the user, such as for example a challenge or transaction data or a PIN (Personal Identification Number), and a user output interface for presenting outputs to the user, such as for example a dynamic credential generated by the hardware token. In some embodiments the hardware token may also receive input data using another input mechanism (e.g. using a camera to capture an image encoded with data such as for example a 2D-barcode or a QR-code).
It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to modify Bychkov in view of Claes to have transmitted date from one device to another using user input interface for receiving inputs from the user, such as for example a challenge or receive input data using another input mechanism (e.g. using a camera to capture an image encoded with data such as for example a 2D-barcode or a QR-code) (See Claes paragraph 0069). Therefore one would have been motivated to have transmitted to the using user input interface for receiving inputs from the user or receive input data using a camera to capture an image encoded with data such as for example a 2D-barcode or a QR-code.

With respect to claim 19 Bychkov teaches a code generation device for generating a secure One Time Password (OTP) used for authenticating an associated user, comprising: a program store storing a code; and at least one processor coupled to the program store for executing the stored code, the code comprising: 
code instructions to receive a challenge (see Bychkov figure 2 step 221 and paragraph 0017 i.e. If the trigger is Challenge 120A the server 170 generates in trigger synchronizer 174 a random challenge string and provides it to OTP generator 130 through computer 160) encoding a first public key of a temporary key pair generated by an authentication system for use during a specific authentication process, wherein the challenge is generated without use of any private key; 
code instructions to derive an OTP code (see Bychkov figure 2 step 241 and paragraph 0017 i.e. In a step 231, OTP generator 130 processes trigger 120 and user key 132 to generate an OTP. In a step 241, the OTP generated in step 231 is sent from OTP device 110 to client workstation 160 which forwards data derived from the OTP to server 170); from an outcome of a key agreement algorithm applied to the first public key extracted from the challenge and a second private key of an authentication key pair uniquely associated with the code generation device; and 
code instructions to output the OTP code to the authentication system which authenticates the user according to a match between the OTP code and a reference OTP code (see Bychkov figure 2 step 251-261 and paragraph 0017 i.e. In a step 251, OTP verifier 178 calculates an expected OTP based on a the trigger retrieved from trigger synchronizer 174 and the user key retrieved from user database 176, and compares it with the OTP received from OTP authentication device 110 through computer 160. If the verification was positive, then a step 261 routes the process to step 271, where a client-server session commences to provide the desired target service through cooperation between client application 168 and server application 182); derived from an outcome of the key agreement algorithm applied to a first private key of the temporary key pair and a second public key of the authentication key pair; 
wherein the OTP code is received via at least one input interface operated by the user to insert the OTP code generated by the code generation devices (see Bychkov paragraph 0012-0013 i.e. OTP interface 140 interfaces with authentication device interface 164 in order to exchange OTP-related data between OTP authentication device 110 and computer 160. In particular, whenever OTP generator 130 generates a session OTP, an OTP transmitter (not shown) "transmits" (i.e. displays and/or effects a data exchange to provide the session OTP data to the computer 160 via OTP interface 140) the session OTP from the OTP device 110. Common implementations for OTP interface 140 are: a display 140A being used by a user in order to read the password and enter same manually into a keyboard that serves as authentication device interface 164); 
wherein said code generation device is isolated from a network used by said authentication system for transmitting said challenge to a client device operated by said user (see Bychkov figure 2 step 221 and paragraph 0017 i.e. If the trigger is Challenge 120A the server 170 generates in trigger synchronizer 174 a random challenge string and provides it to OTP generator 130 through computer 160 and paragraph 0014 i.e. It will be noted that the case where OTP interface 140 applies display 140A, does not require any direct electronic communication link between OTP authentication device 110 and computer 160). 
Bychkov does not teaches the challenge is an encoded a first public key of a temporary key pair generated by an authentication system for use during a specific authentication process; the OTP code is derived from an outcome of a key agreement algorithm applied to the first public key extracted from the challenge and a second private key of an authentication key pair uniquely associated with the code generation device; the reference OTP code is derived from an outcome of the key agreement algorithm applied to a first private key of the temporary key pair and a second public key of the authentication key pair; and wherein said challenge is presented by the client device to the code generation device using one or more one-way channels.

Hu teaches the challenge is a first public key of a temporary key pair generated for use during a specific authentication process (see HU paragraph 0055 i.e. the entity B generates a random number NB, and calculates a digital signature SigB=SIG(CSB, IDa.parallel.NB.parallel.QB) using its own private key CSB, where SIG represents a digital signature algorithm, IDA and IDB represent identification information of the entity A and the entity B respectively, QB represents a temporary public key of the entity B); 
the OTP code is derived from an outcome of a key agreement algorithm applied to the first public key extracted from the challenge and a second private key of an authentication key pair uniquely associated with the code generation device; (see HU paragraph 0058 i.e. In the operation 6, the entity A calculates secret information z=f(dA, QB) using a temporary private key dA generated in advance by the entity A, and the temporary public key QBA of the entity B based on the ECDH key exchange protocol, where f represents a key calculation function … entity A may convert the calculated secret information z into a string of characters Z, and calculate a key MK=KDF(NA, NB, Z, IDA, IDB), where KDF represents a key derivation algorithm, the entity A may calculate a message authentication code MacTagA=MAC1(MK, IDA, IDB, QA, QB), where MAC1 represents a message authentication code calculation function, and the entity A may transmit a third identity authentication message including NA.parallel.NB.parallelA.parallel.SigA.parallel.Mac- TagA to the entity B); and 
the reference OTP code is derived from an outcome of the key agreement algorithm applied to the first private key and a second public key of the authentication key pair (see HU paragraph 0061 i.e. the entity B calculates secret information z=f(dB, QA) using a temporary private key dB generated in advance by the entity B, and the temporary public key QA of the entity A based on the ECDH key exchange protocol, and if the secret information is calculated in error, then the entity B may terminate the authentication; otherwise, the entity B may convert the calculated secret information z into a string of characters Z, calculate a key MK=KDF(NA, NB, Z, IDA, IDB), calculate a message authentication code MacTagA=MAC1(MK, IDA, IDB, QA, QB));
It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to modify Bychkov in view of Hu to have to have used a temporary public key of a key pair generated by the authentication system as a challenge in which an OTP generator can generates a session OTP using a key agreement algorithm such as an Ellipse Curve Diffie-Hellman (ECDH) algorithm with the received temporary public key and it private as way to provided an anti-counterfeiting capability to apply a mechanism of authenticating the identities of two communication parties to thereby authenticate the identities of the card and the reader so as to guarantee the legality and authenticity of the identities of the two communication parties (see Hu paragraph 0003). Therefore one would have been motivated to have used a temporary public key of a key pair generated by the authentication system with an Ellipse Curve Diffie-Hellman (ECDH) algorithm to provided an anti-counterfeiting capability to apply a mechanism of authenticating the identities of two communication parties.

Bychkov in view of HU does not teach encoding the challenge is conducted without use of any private key;  wherein said challenge is presented by the client device to the code generation device using one or more one-way channels
Claes teaches encoding the challenge is conducted without use of any private key; wherein said challenge is presented by the client device to the code generation device using one or more one-way channels (see Claes paragraph 0069 i.e. The hardware token may further comprise a data processing component that may be adapted to perform the cryptographically combining of the dynamic variable with the secret hardware token key. The hardware token may further also comprise a user input interface for receiving inputs from the user, such as for example a challenge or transaction data or a PIN (Personal Identification Number), and a user output interface for presenting outputs to the user, such as for example a dynamic credential generated by the hardware token. In some embodiments the hardware token may also receive input data using another input mechanism (e.g. using a camera to capture an image encoded with data such as for example a 2D-barcode or a QR-code).
It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to modify Bychkov in view of Claes to have transmitted date from one device to another using user input interface for receiving inputs from the user, such as for example a challenge or receive input data using another input mechanism (e.g. using a camera to capture an image encoded with data such as for example a 2D-barcode or a QR-code) (See Claes paragraph 0069). Therefore one would have been motivated to have transmitted to the using user input interface for receiving inputs from the user or receive input data using a camera to capture an image encoded with data such as for example a 2D-barcode or a QR-code.
With respect to claim 21 Bychkov teaches the authentication system of claim 17, wherein said authentication system is integrated in a user device hosting said at least one input interface operated by the user to insert the OTP code (see Bychkov paragraph 0007 i.e. Client application 168 can be a dedicated program or a general purpose Web browser. Server application 182 requires approval from OTP verifier 178 in order to provide the target functionality. OTP verifier 178 is a software module devised to receive and check a (one-time) password from server application 182).

Claim 7 is rejected under 35 U.S.C. 103 as being unpatentable over Bychkov (US 2007/0067828) in view of HU et al (US 2017/0085557) in view of Claes et al (US 20160191494) in view of Bendersky et al (US 2020/0053096).
With respect to claim 7 Bychkov teaches the method of claim 1, but does not disclose wherein the challenge is output to the code generation device by generating an audible version of the challenge via at least one audio output interface, the audible version is captured by the code generation device.
	Bendersky teaches wherein the challenge is output to the code generation device by generating an audible version of the challenge via at least one audio output interface, the audible version is captured by the code generation device (see Bendersky paragraph 0169 i.e. The transmission technique may take several forms. For example, the cryptographic key may be transmitted from the auxiliary device 1603 using the various near-field or short-range techniques discussed above in connection with FIGS. 2 and 3, such as bar code scanning (e.g., QR codes, or two-dimensional codes), infrared signals, Bluetooth communications, audible (e.g., vocal) communication, image recognition, etc)
It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to modify Bychkov in view of Bendersky to have transmitted date from one device to another using the various near-field or short-range techniques discussed above in connection with FIGS. 2 and 3, such as bar code scanning (e.g., QR codes, or two-dimensional codes), infrared signals, Bluetooth communications, audible (e.g., vocal) communication, image recognition, etc (see Bendersky paragraph 0169). Therefore one would have been motivated to have transmitted date audible (e.g., vocal) communication as one of many ways to send data.

Claims 11-14 are rejected under 35 U.S.C. 103 as being unpatentable over Bychkov (US 2007/0067828) in view of HU et al (US 2017/0085557) in view of Claes et al (US 20160191494) in view of Kausik et al (US 6,263,446).
With respect to claim 11 Bychkov teaches the method of claim 1, but does not disclose further comprising generating the challenge and the reference OTP code in advance for protecting at least one locally stored protected data item associated with the code generation device, the challenge and the reference OTP code are used during a future authentication process conducted to authenticate the user for accessing the at least one locally stored data item.  
Kausik teaches further comprising generating the challenge and the reference OTP code in advance for protecting at least one locally stored protected data item associated with the code generation device, the challenge and the reference OTP code are used during a future authentication process conducted to authenticate the user for accessing the at least one locally stored data item (see Kausik column 4 lines 48 – column 5 line 34 i.e. the wallet might itself be protected by a shared secret. For example, FIG. 2 shows an exemplary embodiment of a wallet in which a private key is protected by a PIN. The PIN (more generally, a shared secret) might be the shared secret transmitted by the user to the Credential Server 160, as discussed previously, and the private key (more generally, the authentication credential) in the wallet might be decrypted by Credential Server 160 and provided in the clear to the user at Browser 140. Alternatively, the entire wallet (including the authentication credential in encrypted form) might be provided to the user, for the user to decrypt locally at Browser 140. With either approach, the process of decrypting the PIN-protected authentication credential as follows. The user enters a PIN 200 (more generally, an access code) to unlock the wallet, and the PIN is passed through a one-to-one hash function 210. The hash function may also include a salt value or other security-enhancing feature, as will be appreciated by persons skilled in the art. The hashed value 215 of the entered PIN is compared with a stored hash value 220, which is the hashed value of the correct PIN. If the two hash values agree, the PIN is passed to decryption module 240. The private key which has been encrypted (with the correct PIN as the encryption key) and stored in field 230, is decrypted by decryption module 240, which is typically DES or some other cryptographic function such as, for example, triple-DES, IDEA or BLOWFISH. Hence, the decrypted private key 250 is released for use).
It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to modify Bychkov in view of Kausik to have used the otp received form the authenticating device to decrypt a private key used to then authenticate the user of the key wallet (see Kausik column 4 lines 64 – column 5 line 24). Therefore one would have been motivated to have used the otp received form the authenticating device to decrypt a private key then is then used to authenticate the user.

With respect to claim 12 Bychkov teaches the method of claim 11, but does not disclose wherein the at least one locally stored protected data item is a third private key associated with the code generation device and used for further authenticating the user. 
Kausik teaches wherein the at least one locally stored protected data item is a third private key associated with the code generation device and used for further authenticating the user (see Kausik column 4 lines 48 – column 5 line 34 i.e. the wallet might itself be protected by a shared secret. For example, FIG. 2 shows an exemplary embodiment of a wallet in which a private key is protected by a PIN. The PIN (more generally, a shared secret) might be the shared secret transmitted by the user to the Credential Server 160, as discussed previously, and the private key (more generally, the authentication credential) in the wallet might be decrypted by Credential Server 160 and provided in the clear to the user at Browser 140. Alternatively, the entire wallet (including the authentication credential in encrypted form) might be provided to the user, for the user to decrypt locally at Browser 140. With either approach, the process of decrypting the PIN-protected authentication credential as follows. The user enters a PIN 200 (more generally, an access code) to unlock the wallet, and the PIN is passed through a one-to-one hash function 210. The hash function may also include a salt value or other security-enhancing feature, as will be appreciated by persons skilled in the art. The hashed value 215 of the entered PIN is compared with a stored hash value 220, which is the hashed value of the correct PIN. If the two hash values agree, the PIN is passed to decryption module 240. The private key which has been encrypted (with the correct PIN as the encryption key) and stored in field 230, is decrypted by decryption module 240, which is typically DES or some other cryptographic function such as, for example, triple-DES, IDEA or BLOWFISH. Hence, the decrypted private key 250 is released for use).
It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to modify Bychkov in view of Kausik to have used the otp received form the authenticating device to decrypt a private key used to then authenticate the user of the key wallet (see Kausik column 4 lines 64 – column 5 line 24). Therefore one would have been motivated to have used the otp received form the authenticating device to decrypt a private key then is then used to authenticate the user.

With respect to claim 13 Bychkov teaches the method of claim 11, but does not disclose wherein the at least one locally stored protected data item is protected by storing the at least one locally stored protected data item in at least one local protected hardware resource which is accessible using the OTP code.
Kausik teaches wherein the at least one locally stored protected data item is protected by storing the at least one locally stored protected data item in at least one local protected hardware resource which is accessible using the OTP code (see Kausik column 4 lines 48 – column 5 line 34 i.e. the wallet might itself be protected by a shared secret. For example, FIG. 2 shows an exemplary embodiment of a wallet in which a private key is protected by a PIN. The PIN (more generally, a shared secret) might be the shared secret transmitted by the user to the Credential Server 160, as discussed previously, and the private key (more generally, the authentication credential) in the wallet might be decrypted by Credential Server 160 and provided in the clear to the user at Browser 140. Alternatively, the entire wallet (including the authentication credential in encrypted form) might be provided to the user, for the user to decrypt locally at Browser 140. With either approach, the process of decrypting the PIN-protected authentication credential as follows. The user enters a PIN 200 (more generally, an access code) to unlock the wallet, and the PIN is passed through a one-to-one hash function 210. The hash function may also include a salt value or other security-enhancing feature, as will be appreciated by persons skilled in the art. The hashed value 215 of the entered PIN is compared with a stored hash value 220, which is the hashed value of the correct PIN. If the two hash values agree, the PIN is passed to decryption module 240. The private key which has been encrypted (with the correct PIN as the encryption key) and stored in field 230, is decrypted by decryption module 240, which is typically DES or some other cryptographic function such as, for example, triple-DES, IDEA or BLOWFISH. Hence, the decrypted private key 250 is released for use).
It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to modify Bychkov in view of Kausik to have used the otp received form the authenticating device to decrypt a private key used to then authenticate the user of the key wallet (see Kausik column 4 lines 64 – column 5 line 24). Therefore one would have been motivated to have used the otp received form the authenticating device to decrypt a private key then is then used to authenticate the user.

With respect to claim 14 Bychkov teaches the method of claim 11, but does not disclose wherein the at least one locally stored protected data item is protected by storing an encrypted version of the at least one locally stored protected data item encrypted using the OTP code.
Kausik teaches wherein the at least one locally stored protected data item is protected by storing an encrypted version of the at least one locally stored protected data item encrypted using the OTP code (see Kausik column 4 lines 48 – column 5 line 34 i.e. the wallet might itself be protected by a shared secret. For example, FIG. 2 shows an exemplary embodiment of a wallet in which a private key is protected by a PIN. The PIN (more generally, a shared secret) might be the shared secret transmitted by the user to the Credential Server 160, as discussed previously, and the private key (more generally, the authentication credential) in the wallet might be decrypted by Credential Server 160 and provided in the clear to the user at Browser 140. Alternatively, the entire wallet (including the authentication credential in encrypted form) might be provided to the user, for the user to decrypt locally at Browser 140. With either approach, the process of decrypting the PIN-protected authentication credential as follows. The user enters a PIN 200 (more generally, an access code) to unlock the wallet, and the PIN is passed through a one-to-one hash function 210. The hash function may also include a salt value or other security-enhancing feature, as will be appreciated by persons skilled in the art. The hashed value 215 of the entered PIN is compared with a stored hash value 220, which is the hashed value of the correct PIN. If the two hash values agree, the PIN is passed to decryption module 240. The private key which has been encrypted (with the correct PIN as the encryption key) and stored in field 230, is decrypted by decryption module 240, which is typically DES or some other cryptographic function such as, for example, triple-DES, IDEA or BLOWFISH. Hence, the decrypted private key 250 is released for use).
It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to modify Bychkov in view of Kausik to have used the otp received form the authenticating device to decrypt a private key used to then authenticate the user of the key wallet (see Kausik column 4 lines 64 – column 5 line 24). Therefore one would have been motivated to have used the otp received form the authenticating device to decrypt a private key then is then used to authenticate the user.

Claims 15-16 are rejected under 35 U.S.C. 103 as being unpatentable over Bychkov (US 2007/0067828) in view of HU et al (US 2017/0085557) in view of Claes et al (US 20160191494) in view of Baca et al (US 2014/0250490).
With respect to claim 15 Bychkov in view Kausik teaches the method of claim 11, but does not disclose wherein the challenge is locally stored for the future authentication process and outputted to the code generation device during the future authentication process initiated in response to a user access request requiring authentication.
Baca teaches wherein the challenge is locally stored for the future authentication process and outputted to the code generation device during the future authentication process initiated in response to a user access request requiring authentication (see Baca figure 2 steps 222-224 and paragraph 0036-0037 i.e. The operations of flowchart 300 may be performed by a client device, e.g., client device 102 and correspond to operation 222 of FIG. 2. In particular, flowchart 300 depicts exemplary operations configured to generate a session OTP to be provided to an authenticator to be used to authenticate client device at a next session. Program flow may begin with an indication that a session is ending 302. Operation 304 includes retrieving (capturing) selected device attributes. The specific device attributes captured may be based on session OTP rules. A new session OTP may be generated based, at least in part, on selected device attributes and session OTP rules at operation 306. Operation 308 includes storing the new session OTP in a local session OTP on the client device and providing the new session OTP to the authenticator. The session may then end at operation 310).
It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to modify Bychkov in view of Baca to generate a new session OTP at least in part, on selected device attributes and session OTP rules and storing the new session OTP in a local session OTP on the client device that can later be provided to the authenticator for authentication for the next session (See Baca paragraph 0036-0037). Therefore one would have been motivated to have generated a new OTP to provided to the authenticator for authentication for the next session.

With respect to claim 16 Bychkov in view Kausik teaches the method of claim 11, but does not disclose wherein the challenge and the reference OTP code are discarded after the future authentication process is complete and a new challenge and a new reference OTP code are generated for protecting the at least one locally stored protected data item, the new challenge and new reference OTP code are used during a subsequent future authentication process conducted to authenticate the user for accessing the at least one locally stored data item.
Baca teaches wherein the challenge and the reference OTP code are discarded after the future authentication process is complete and a new challenge and a new reference OTP code are generated for protecting the at least one locally stored protected data item, the new challenge and new reference OTP code are used during a subsequent future authentication process conducted to authenticate the user for accessing the at least one locally stored data item (see Baca figure 2 steps 222-224 and paragrapgh 0036-0037 i.e. The operations of flowchart 300 may be performed by a client device, e.g., client device 102 and correspond to operation 222 of FIG. 2. In particular, flowchart 300 depicts exemplary operations configured to generate a session OTP to be provided to an authenticator to be used to authenticate client device at a next session. Program flow may begin with an indication that a session is ending 302. Operation 304 includes retrieving (capturing) selected device attributes. The specific device attributes captured may be based on session OTP rules. A new session OTP may be generated based, at least in part, on selected device attributes and session OTP rules at operation 306. Operation 308 includes storing the new session OTP in a local session OTP on the client device and providing the new session OTP to the authenticator. The session may then end at operation 310).
It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to modify Bychkov in view of Baca to generate a new session OTP at least in part, on selected device attributes and session OTP rules and storing the new session OTP in a local session OTP on the client device that can later be provided to the authenticator for authentication for the next session (See Baca paragraph 0036-0037). Therefore one would have been motivated to have generated a new OTP to provided to the authenticator for authentication for the next session.

Claim 20 is rejected under 35 U.S.C. 103 as being unpatentable over Bychkov (US 2007/0067828) in view of HU et al (US 2017/0085557) in view of Claes et al (US 20160191494) in view of Mercurio et al (US 2009/0088076)
With respect to claim 20 Bychkov teaches the authentication system of claim 17, but does not disclose wherein the temporary key pair and the authentication key pair are generated using a same key generation protocol.
Mercurio teaches wherein the temporary key pair and the authentication key pair are generated using a same key generation protocol (see Marcurio paragraph 0016 i.e. each device 12, 14 generate a public key/private key pair. The public key/private key pair can be generated by any suitable algorithm such as Elliptic Curve Diffie--Hellman (ECDH)).
It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to modify Bychkov in view of Mercurio to have generating the authentication key pair using any suitable algorithm such as Elliptic Curve Diffie--Hellman (ECDH) since Elliptic Curve Diffie--Hellman (ECDH) is a well know public key/private key pair generating algorithm. Therefore one would have been motivated to have generating the authentication key pair using any suitable algorithm such as Elliptic Curve Diffie--Hellman (ECDH).

Conclusion
Any inquiry concerning this communication or earlier communications from the examiner should be directed to DEVIN E ALMEIDA whose telephone number is (571)270-1018.  The examiner can normally be reached on Monday-Thursday from 7:30 A.M. to 5:00 P.M.  The examiner can also be reached on alternate Fridays from 7:30 A.M. to 4:00 P.M. 
If attempts to reach the examiner by telephone are unsuccessful, the examiner's supervisor, Saleh Najjar, can be reached on 571-272-4006. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system.  Status information for published applications may be obtained from either Private PAIR or Public PAIR.  Status information for unpublished applications is available through Private PAIR only.  For more information about the PAIR system, see http://pair-direct.uspto.gov. Should you have questions on access to the Private PAIR system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free).

/DEVIN E ALMEIDA/Examiner, Art Unit 2492                                                                                                                                                                                                        

/SALEH NAJJAR/Supervisory Patent Examiner, Art Unit 2492