Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .
The Application number 17/183,303 filed on 2/23/2021 has been considered.  Claims 1-20 are pending.
Information Disclosure Statement
The information disclosure statements (IDS) submitted on 4/5/2021, 6/18/2021, 9/23/2021 and 6/27/2022 are being considered by the examiner.
Double Patenting
The nonstatutory double patenting rejection is based on a judicially created doctrine grounded in public policy (a policy reflected in the statute) so as to prevent the unjustified or improper timewise extension of the “right to exclude” granted by a patent and to prevent possible harassment by multiple assignees. A nonstatutory double patenting rejection is appropriate where the conflicting claims are not identical, but at least one examined application claim is not patentably distinct from the reference claim(s) because the examined application claim is either anticipated by, or would have been obvious over, the reference claim(s). See, e.g., In re Berg, 140 F.3d 1428, 46 USPQ2d 1226 (Fed. Cir. 1998); In re Goodman, 11 F.3d 1046, 29 USPQ2d 2010 (Fed. Cir. 1993); In re Longi, 759 F.2d 887, 225 USPQ 645 (Fed. Cir. 1985); In re Van Ornum, 686 F.2d 937, 214 USPQ 761 (CCPA 1982); In re Vogel, 422 F.2d 438, 164 USPQ 619 (CCPA 1970); In re Thorington, 418 F.2d 528, 163 USPQ 644 (CCPA 1969).
A timely filed terminal disclaimer in compliance with 37 CFR 1.321(c) or 1.321(d) may be used to overcome an actual or provisional rejection based on nonstatutory double patenting provided the reference application or patent either is shown to be commonly owned with the examined application, or claims an invention made as a result of activities undertaken within the scope of a joint research agreement. See MPEP § 717.02 for applications subject to examination under the first inventor to file provisions of the AIA  as explained in MPEP § 2159. See MPEP § 2146 et seq. for applications not subject to examination under the first inventor to file provisions of the AIA . A terminal disclaimer must be signed in compliance with 37 CFR 1.321(b). 
The USPTO Internet website contains terminal disclaimer forms which may be used. Please visit www.uspto.gov/patent/patents-forms. The filing date of the application in which the form is filed determines what form (e.g., PTO/SB/25, PTO/SB/26, PTO/AIA /25, or PTO/AIA /26) should be used. A web-based eTerminal Disclaimer may be filled out completely online using web-screens. An eTerminal Disclaimer that meets all requirements is auto-processed and approved immediately upon submission. For more information about eTerminal Disclaimers, refer to www.uspto.gov/patents/process/file/efs/guidance/eTD-info-I.jsp.
Claims 1, 4, 6-7, 9, 11, 16, 18 and 19 are rejected on the ground of nonstatutory double patenting as being unpatentable over claims 1, 3, 5-6, 10, 12 and 14-17 of U.S. Patent No. 11,074,333. Although the claims at issue are not identical, they are not patentably distinct from each other because the limitations recited in the claims 1, 4, 6-7, 9, 11, 16, 18 and 19 of the instant application are disclosed by the limitations recited in the claims 1, 3, 5-6, 10, 12 and 14-17 of U.S. Patent No. 11,074,333.
Claims 1, 4, 6-7, 9, 11, 16, 18 and 19 are provisionally rejected on the ground of nonstatutory double patenting as being unpatentable over claims 21, 23-27, 31 and 33-37 of copending Application No. 17/345,473. Although the claims at issue are not identical, they are not patentably distinct from each other because the limitations recited in the claims 1, 4, 6-7, 9, 11, 16, 18 and 19 of the instant application are disclosed by the limitations recited in the claims 21, 23-27, 31 and 33-37 of copending Application No. 17/345,473.
This is a provisional nonstatutory double patenting rejection because the patentably indistinct claims have not in fact been patented.
Claim Rejections - 35 USC § 103
In the event the determination of the status of the application as subject to AIA  35 U.S.C. 102 and 103 (or as subject to pre-AIA  35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status.  
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.

Claims 1, 4, 9-11, 16 and 20 are rejected under 35 U.S.C. 103 as being unpatentable over Hito et al. (US 2011/0219427 hereinafter Hito) in view of Landrock et al. (US 2018/0048474 hereinafter Landrock).
Regarding claim 1, Hito discloses a method for authenticating a user or a transaction, the method comprising: 
capturing image data of a user using a user device (FIG. 1, ¶ [0044]; i.e. capturing QR code using the mobile device), wherein the image data includes at least a portion of a face of the user; 
obtaining identification information about the user from the image data (FIG. 1, ¶ [0016] -[0017]; i.e. obtaining unique request ID that the user requests to establish a communication session); 
collecting nonce data comprising a characteristic of the image data that is unique to the user device at a moment in time during which the nonce data is collected (FIG. 1, ¶ [0018]-[0019], [0049]-[0065]; i.e. obtaining the information of the mobile device and the QR code to generate a post request including the signature that indicates the location of the mobile device, the timestamp, the unique id assigned to the authentication request, etc.); and 
authenticating, with aid of one or more processors, the user or the transaction based on (1) the identification information and (2) the nonce data (FIG. 1, ¶ [0067]-[0075]; i.e. authenticating the mobile device and/or the request to access the resource from the computing device based on the post request including the unique request ID, signature, timestamp, etc.).
Hito discloses that extra fields in the request body can include an image of the face of the user for auditing purposes (¶ [0065]), Hito does not explicitly disclose wherein the image data includes at least a portion of a face of the user.
However, Landrock discloses wherein the image data includes at least a portion of a face of the user (¶ [0112], [0120]).
Therefore, it would have been obvious to one of ordinary skill in the art before effective filing date of the claimed invention to incorporate Landrock’s teaching into Hito in order to ensure that a transaction is not tampered with between the user initiating the transaction and the user authorizing/completing the transaction (Landrock, ¶ [0068]).
Regarding claim 4, Hito in view of Landrock discloses the method of claim 1, wherein the characteristic of the image data comprises at least one of the following: (i) one or more parameters produced during image processing, (ii) one or more properties of the raw image data, and (iii) one or more properties of the processed image data (Hito, ¶ [0036]-[0042]).
Regarding claim 9, Hito in view of Landrock discloses the method of claim 1, wherein the nonce data and identification information are compared with a previously collected nonce data and a previously collected identification information to determine a presence of a replay attack (Hito, ¶ [0070]-[0072]).
Regarding claim 10, Hito in view of Landrock discloses the method of claim 1, wherein the image data of the user is a live image (Landrock, ¶ [0112]-[0113]).
Regarding claim 11, Hito discloses a system for performing authentication of a user or a transaction, the system comprising: 
a server in communication with a user device configured to permit a user to perform a transaction, wherein the server comprises: (i) a memory for storing a set of software instructions, and (ii) one or more processors configured to execute the set of software instructions to (FIG. 1, claim 17): 
receive an image data of the user from the user device (FIG. 1, ¶ [0044]; i.e. capturing QR code using the mobile device), wherein the image data includes at least a portion of a face of the user; 
receive nonce data comprising a characteristic of the image data that is unique to the user device at a moment in time during which the nonce data is collected (FIG. 1, ¶ [0018]-[0019], [0049]-[0065]; i.e. obtaining the information of the mobile device and the QR code to generate a post request including the signature that indicates the location of the mobile device, the timestamp, the unique id assigned to the authentication request, etc.); 
obtain identification information about the user from the image data (FIG. 1, ¶ [0016] -[0017]; i.e. obtaining unique request ID that the user requests to establish a communication session); and 
authenticate the user or the transaction based on (1) the identification information and (2) the nonce data (FIG. 1, ¶ [0067]-[0075]; i.e. authenticating the mobile device and/or the request to access the resource from the computing device based on the post request including the unique request ID, signature, timestamp, etc.).
Hito discloses that extra fields in the request body can include an image of the face of the user for auditing purposes (¶ [0065]), Hito does not explicitly disclose wherein the image data includes at least a portion of a face of the user.
However, Landrock discloses wherein the image data includes at least a portion of a face of the user (¶ [0112], [0120]).
Therefore, it would have been obvious to one of ordinary skill in the art before effective filing date of the claimed invention to incorporate Landrock’s teaching into Hito in order to ensure that a transaction is not tampered with between the user initiating the transaction and the user authorizing/completing the transaction (Landrock, ¶ [0068]).
Regarding claim 16, Hito in view of Landrock discloses the system of claim 11, wherein the characteristic of the image data comprises at least one of the following: (i) one or more parameters produced during image processing, (ii) one or more properties of the raw image data, and (iii) one or more properties of the processed image data (Hito, ¶ [0036]-[0042]).
Regarding claim 20, Hito in view of Landrock discloses the system of claim 11, wherein the image data of the user is a live image (Landrock, ¶ [0112]-[0113]).
Claims 2-3, 5-6, 8, 12-15 and 17-18 are rejected under 35 U.S.C. 103 as being unpatentable over Hito et al. (US 2011/0219427 hereinafter Hito) in view of Landrock et al. (US 2018/0048474 hereinafter Landrock) and further in view of Elshishiny et al. (US 2018/0204219 hereinafter Elshishiny).
Regarding claim 2, Hito in view of Landrock discloses the method of claim 1.
Hito in view of Landrock does not explicitly disclose wherein the nonce data further comprises a checksum value derived from the image data.
However, Elshishiny discloses wherein the nonce data further comprises a checksum value derived from the image data (¶ [0044]).
Therefore, it would have been obvious to one of ordinary skill in the art before effective filing date of the claimed invention to incorporate Elshishiny’s teaching into Hito in view of Landrock in order to ensure the authenticity of the image and/or to detect image tampering (Elshishiny, ¶ [0049]-[0050]).
Regarding claim 3, Hito in view of Landrock and Elshishiny discloses the method of claim 2, wherein the checksum value is derived based on the characteristic of the image data (Elshishiny, ¶ [0044]).
Regarding claim 5, Hito in view of Landrock discloses the method of claim 1.
Hito in view of Landrock does not explicitly disclose wherein the nonce data further comprises a checksum value derived from a physical state of the user device.
However, Elshishiny discloses wherein the nonce data further comprises a checksum value derived from a physical state of the user device (¶ [0044]; timestamp).
Therefore, it would have been obvious to one of ordinary skill in the art before effective filing date of the claimed invention to incorporate Elshishiny’s teaching into Hito in view of Landrock in order to ensure the authenticity of the image and/or to detect image tampering (Elshishiny, ¶ [0049]-[0050]).
Regarding claim 6, Hito in view of Landrock and Elshishiny discloses the method of claim 5, wherein the physical state of the user device comprises data indicative of a physical state of a component of the user device, and wherein the component is selected from the group comprising an imaging device, a power supply unit, a processor, and a memory (Hito, ¶ [0054]-[0057], [0073]; i.e. timestamp, signature or public key, etc.; Elshishiny, ¶ [0044]).
Regarding claim 8, Hito in view of Landrock discloses the method of claim 1.
Hito in view of Landrock does not explicitly disclose wherein the nonce data is encrypted such that when the nonce data comprises two or more factors, and these factors are not accessible by the one or more processors.
However, Elshishiny discloses wherein the nonce data is encrypted such that when the nonce data comprises two or more factors, and these factors are not accessible by the one or more processors (¶ [0049]-[0052]).
Therefore, it would have been obvious to one of ordinary skill in the art before effective filing date of the claimed invention to incorporate Elshishiny’s teaching into Hito in view of Landrock in order to ensure the authenticity of the image and/or to detect image tampering (Elshishiny, ¶ [0049]-[0050]).
Regarding claim 12, Hito in view of Landrock discloses the system of claim 11.
Hito in view of Landrock does not explicitly disclose wherein the nonce data further comprises a checksum value derived from the image data.
However, Elshishiny discloses wherein the nonce data further comprises a checksum value derived from the image data (¶ [0044]).
Therefore, it would have been obvious to one of ordinary skill in the art before effective filing date of the claimed invention to incorporate Elshishiny’s teaching into Hito in view of Landrock in order to ensure the authenticity of the image and/or to detect image tampering (Elshishiny, ¶ [0049]-[0050]).
Regarding claim 13, Hito in view of Landrock and Elshishiny discloses the system of claim 12, wherein the checksum value is derived based on the characteristic of the image data (Elshishiny, ¶ [0044]).
Regarding claim 14, Hito in view of Landrock and Elshishiny discloses the system of claim 12, wherein the checksum value is derived on-board the user device (Elshishiny, ¶ [0044]-[0045]).
Regarding claim 15, Hito in view of Landrock and Elshishiny discloses the system of claim 12, wherein the checksum value is derived on-board the server (Elshishiny, ¶ [0018], [0044]-[0049]; i.e. at the server, the checksum of the audit data is computed and validated).
Regarding claim 17, Hito in view of Landrock discloses the system of claim 11.
Hito in view of Landrock does not explicitly disclose wherein the nonce data further comprises a checksum value derived from a physical state of the user device.
However, Elshishiny discloses wherein the nonce data further comprises a checksum value derived from a physical state of the user device (¶ [0044]; timestamp).
Therefore, it would have been obvious to one of ordinary skill in the art before effective filing date of the claimed invention to incorporate Elshishiny’s teaching into Hito in view of Landrock in order to ensure the authenticity of the image and/or to detect image tampering (Elshishiny, ¶ [0049]-[0050]).
Regarding claim 18, Hito in view of Landrock discloses the system of claim 17, wherein the physical state of the user device comprises data indicative of a physical state of a component of the user device, and wherein the component is selected from the group comprising an imaging device, a power supply unit, a processor, and a memory (Hito, ¶ [0054]-[0057], [0073]; i.e. timestamp, signature or public key, etc.; Elshishiny, ¶ [0044]).
Claims 7 and 19 are rejected under 35 U.S.C. 103 as being unpatentable over Hito in view of Landrock, Elshishiny and further in view of Smith et al. (US 2016/0125180 hereinafter Smith).
Regarding claim 7, Hito in view of Landrock and Elshishiny discloses the method of claim 5.
Hito in view of Landrock and Elshishiny does not explicitly disclose wherein the physical state of the user device is obtained using sensor data collected by one or more sensors.
However, Smith discloses wherein the physical state of the user device is obtained using sensor data collected by one or more sensors (¶ [0067]-[0068]).
Therefore, it would have been obvious to one of ordinary skill in the art before effective filing date of the claimed invention to incorporate Smith’s teaching into Hito in view of Landrock and Elshishiny in order to effectively and flexibly authenticating identity of a user and/or a user device using a challenge/response authentication based on a given situation (Smith, ¶ [0065]).
Regarding claim 19, Hito in view of Landrock discloses the system of claim 17.
Hito in view of Landrock and Elshishiny does not explicitly disclose wherein the physical state of the user device is obtained using sensor data collected by one or more sensors.
However, Smith discloses wherein the physical state of the user device is obtained using sensor data collected by one or more sensors (¶ [0067]-[0068]).
Therefore, it would have been obvious to one of ordinary skill in the art before effective filing date of the claimed invention to incorporate Smith’s teaching into Hito in view of Landrock and Elshishiny in order to effectively and flexibly authenticating identity of a user and/or a user device using a challenge/response authentication based on a given situation (Smith, ¶ [0065]).

Conclusion
Any inquiry concerning this communication or earlier communications from the examiner should be directed to CHI D NGUY whose telephone number is (571)270-7311. The examiner can normally be reached Monday-Friday 9-5 PT.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Joseph P Hirl can be reached on (571)272-3685. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. Visit https://www.uspto.gov/patents/apply/patent-center for more information about Patent Center and https://www.uspto.gov/patents/docx for information about filing in DOCX format. For additional questions, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.







/C.D.N/Examiner, Art Unit 2435

/JOSEPH P HIRL/Supervisory Patent Examiner, Art Unit 2435