DETAILED ACTION

Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .
Examiner called applicant representative for Frank Liebenow for support of details of ““unique identifier object” in specification, however have not received response yet.
Priority
This application is a continuation-in-part of U.S. patent application 16/658,046, filed October 19, 2019; which is a continuation-in-part of U.S. patent application 16/244,888, filed January 10, 2019; which is a continuation-in-part of U.S. patent application 16/019,578, filed June 27, 2018, now U.S. Pat. No. 10,216,914, issued February 26, 2019; which is a continuation-in-part of U.S. patent application Ser. No. 15/430,637, now U.S. Pat. No. 10,037,419, issued July 31, 2018, which, in turn, claims priority to provisional patent application number 63/360,616 filed on July 11, 2016. This application also claims priority to patent application number 15/234,652 filed on August 11, 2016, which, in turn, claims priority to provisional patent application number 62/206,333 filed on August 18, 2015. This application also claims priority to provisional patent application number 62/615,780 filed on January 10, 2018, and provisional patent application number 62/720,664 filed on August 21, 2018. The above-noted applications are incorporated herein by reference in their entirety.
Note: As applicant claimed “unique identifier object”, in the claim which was introduced only this application thus this application will not get the earlier priority.
Information Disclosure Statement
The information disclosure statement (IDS) submitted on 07/20/2021.  The submission is in compliance with the provisions of 37 CFR 1.97.  Accordingly, the information disclosure statement is being considered by the examiner.
Claim Rejections - 35 USC § 101
35 U.S.C. 101 reads as follows:
Whoever invents or discovers any new and useful process, machine, manufacture, or composition of matter, or any new and useful improvement thereof, may obtain a patent therefor, subject to the conditions and requirements of this title.



Claim 1-3 rejected under 35 USC 101 because the claimed invention is directed to abstract idea without significantly more. The claim(s) recite(s) “A unique session identifier token …, the unique session identifier token comprising: a unique identifier object having a time component and a unique data object” . Unique session identifier token can be calculated with mental process( with pen and paper) by writing device SL no (unique data object) and time together for a particular time from clock. This judicial exception is not integrated into a practical application because claim is just for identifying a unique object( Number or value), NOT authenticating a device by the token or verifying token for identifying the device. The claim(s) does/do not include additional elements that are sufficient to amount to significantly more than the judicial exception.

Claim Rejections - 35 USC § 112
The following is a quotation of the first paragraph of 35 U.S.C. 112(a):
(a) IN GENERAL.—The specification shall contain a written description of the invention, and of the manner and process of making and using it, in such full, clear, concise, and exact terms as to enable any person skilled in the art to which it pertains, or with which it is most nearly connected, to make and use the same, and shall set forth the best mode contemplated by the inventor or joint inventor of carrying out the invention.

The following is a quotation of the first paragraph of pre-AIA  35 U.S.C. 112:
The specification shall contain a written description of the invention, and of the manner and process of making and using it, in such full, clear, concise, and exact terms as to enable any person skilled in the art to which it pertains, or with which it is most nearly connected, to make and use the same, and shall set forth the best mode contemplated by the inventor of carrying out his invention.

Claims 1-17 are rejected under 35 U.S.C. 112(a) or 35 U.S.C. 112 (pre-AIA ), first paragraph, as failing to comply with the written description requirement. The claim(s) contains subject matter which was not described in the specification in such a way as to reasonably convey to one skilled in the relevant art that the inventor or a joint inventor, or for applications subject to pre-AIA  35 U.S.C. 112, the inventor(s), at the time the application was filed, had possession of the claimed invention. Claims 1, 6, 12 recite “ unique identifier object” which is created based on “unique data object”, however specification failed to describe “unique data object”. 

Dependent claims do not cure the deficiencies also rejected accordingly.

Similarly, with respect to claim 4,  there is no support for “wherein the complex number is created by observing a first particle of an entangled pair at an instant in time”. 
Similarly, with respect to claim , 11 there is no support for “the relying party generating the complex number by observing a first particle of an entangled particle pair at an instant in time”
Similarly, with respect to claim 17, there is no support for “the relying party generating the complex number by observing a first particle of an entangled pair at an instant in time”.

Claim Rejections - 35 USC § 103
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.

Claim 1-3, 5-10,12-16 are rejected under 35 U.S.C. 103 as being unpatentable over  KUMAR et al (US 20200250664 A1) in view of Conrad et al(US 20160036594 A1).

With regards to claim 1, KUMAR discloses, A unique session identifier to be employed as part of an authentication session to uniquely identify the authentication session from other authentication sessions, the unique session identifier comprising: 
a unique identifier object having a time component and a unique data object ([0264] txid generated based on unique temporary password and timestamp); and whereas the time component represents a time of creation of the unique session identifier  ([0264] In some embodiments, a request from an application (e.g., request for a temporary password from a secure application) can follow a flow. For example, the server (e.g., MFA server) can generate a unique txnid and a shared secret that are associated with an access attempt. In some embodiments, the txnid can include an embedded timestamp for the request. The shared secret can be used to generate the unique temporary password, in some examples some other parameters are also generated. In some embodiments, this shared secret is unique to a request/access attempt. For example, the shared secret can be a pseudo random number and/or characters.). 
KUMAR does not exclusively but Conrad teaches, A unique session identifier token to be employed as part of an authentication session to uniquely identify the authentication session from other authentication sessions ([0049] The lock generates a challenge and transmits the challenge to the user device (308). In one embodiment, the lock generates a long random number as the challenge. In another embodiment, the lock generates data that varies by communication session (e.g., a unique number (a session identifier) may be generated as the challenge for each communication session)) 	It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention was made to modify KUMAR’s method/system/product with teaching of Conrad in order to secure authentication (Conradd [0001]).

With regards to claim 2, 3, 9-10, 15 KUMAR further discloses, wherein the unique data object comprises an item selected from a group consisting of a string value and a numeric value; wherein the numeric value comprises a complex number; wherein the unique data object is a numeric value ([0264]; The shared secret can be used to generate the unique temporary password, in some examples some other parameters are also generated. In some embodiments, this shared secret is unique to a request/access attempt. For example, the shared secret can be a pseudo random number and/or characters Note: pseudo random number interpreted as complex number).

With regards to claim 5, KUMAR further discloses,  wherein the string value is produced by a one-time passcode generation algorithm that employs a time-based or hash-based secret key ([0264-0265] In some embodiments, a temporary password (e.g., OTP) can be generated by using the shared secret, transaction identifier, and, in some examples, the embedded timestamp (e.g., within the transaction identifier) as an input. In some embodiments, the shared secret itself is not generated based on the timestamp for its generation (e.g., it can simply be a random number). For example, some embodiments include the timestamp of the first OTP request in the transaction identifier, and the shared secret, transaction identifier, and embedded timestamp can be used to generate the OTP.).

With regards to claim 6, 12 KUMAR discloses,  A method for verifying an integrity of a bidirectional authentication session, the bidirectional authentication session being initiated by a relying party over a conventional in-band network using a unique session identifier token, the unique session identifier token comprising a unique identifier object having a time component and a unique data object ([0264-265]), the method comprising: 
the relying party creating a challenge message having the unique session identifier ([0240] 2) Secure application 1304 can determine that user 1302 is to perform MFA to gain access. Secure application 1304 can then invoke transactional MFA API 1306 (e.g., using its confidential client application access token issued by IDCS) and provide the email address/phone number of the user to which an OTP is to be sent. Secure application 1304 can also receive a txnid (transaction ID) in response from transactional MFA API 1306.), the relying party setting the unique identifier object to a unique value and the relying party setting the time component based upon a current time-of-day ([0264] In some embodiments, a request from an application (e.g., request for a temporary password from a secure application) can follow a flow. For example, the server (e.g., MFA server) can generate a unique txnid and a shared secret that are associated with an access attempt. In some embodiments, the txnid can include an embedded timestamp for the request. The shared secret can be used to generate the unique temporary password, in some examples some other parameters are also generated.); 
the relying party transmitting the challenge message over the conventional in-band network to a subscribing party ([0241] 3) After invocation of transactional MFA API 1306 an OTP can be transmitted to the email address/phone number specified.); 
upon receiving the challenge message by the subscribing party, the subscribing party creating a challenge message response, the challenge message response including the unique session identifier token and the subscribing party transmitting the challenge message response over the conventional in-band network to the relying party ([0244] 6) User 1302 can enter the received OTP in secure application 1304. [0245] 7) Secure application 1304 can again invoke transactional MFA API 1306 and transmit the OTP for validation along with the transaction identifier.); and 
the relying party comparing the unique session identifier of the challenge message to the unique session identifier token of the challenge message response, thereby determining the integrity of the bidirectional authentication session (FIG 14 1410 and associated text; ).

KUMAR does not exclusively but Conrad teaches, A unique session identifier token  ([0049] The lock generates a challenge and transmits the challenge to the user device (308). In one embodiment, the lock generates a long random number as the challenge. In another embodiment, the lock generates data that varies by communication session (e.g., a unique number (a session identifier) may be generated as the challenge for each communication session)) 	It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention was made to modify KUMAR’s method/system/product with teaching of Conrad in order to secure authentication (Conradd [0001]).

With regards to claim 7, 13 Kumar further discloses,  wherein the unique data object is a string and in the step of the relying party setting the unique identifier object, the relying party generating a one-time passcode, the relying party setting the unique data object to the one-time passcode ({0263-269]  bottom Table  in page 22).

With regards to claim 8, 14 KUMAR further discloses, , wherein the step of the relying party generating the one-time passcode using a time-based or hash-based secret key ([0264-0265] In some embodiments, a temporary password (e.g., OTP) can be generated by using the shared secret, transaction identifier, and, in some examples, the embedded timestamp (e.g., within the transaction identifier) as an input. In some embodiments, the shared secret itself is not generated based on the timestamp for its generation (e.g., it can simply be a random number). For example, some embodiments include the timestamp of the first OTP request in the transaction identifier, and the shared secret, transaction identifier, and embedded timestamp can be used to generate the OTP.).

Conclusion

Any inquiry concerning this communication or earlier communications from the examiner should be directed to MOHAMMED WALIULLAH whose telephone number is (571)270-7987.  The examiner can normally be reached on 8.30 to 430 PM.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Yin-Chen Shaw can be reached on 1-571-272-8878.  The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system.  Status information for published applications may be obtained from either Private PAIR or Public PAIR.  Status information for unpublished applications is available through Private PAIR only.  For more information about the PAIR system, see https://ppair-my.uspto.gov/pair/PrivatePair. Should you have questions on access to the Private PAIR system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative or access to the automated information system, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.






/MOHAMMED WALIULLAH/Primary Examiner, Art Unit 2498