Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .

DETAILED ACTION

Continued Examination Under 37 CFR 1.114
A request for continued examination under 37 CFR 1.114, including the fee set forth in 37 CFR 1.17(e), was filed in this application after final rejection.  Since this application is eligible for continued examination under 37 CFR 1.114, and the fee set forth in 37 CFR 1.17(e) has been timely paid, the finality of the previous Office action has been withdrawn pursuant to 37 CFR 1.114.  Applicant's submission filed on 10/06/2022 has been entered.

Information Disclosure Statement
The information disclosure statement filed 10/06/2022 and 10/07/2022 complies with the provisions of 37 CFR 1.97, 1.98 and MPEP § 609 and the information referred to therein has been considered as to the merits.  

Response to Arguments
In response to communication filed on 10/06/2022, applicant cancels claims 1-21 and adds new claims 22-36.  The following claims, 22-36 are presented for examination.   
3.1	Applicant’s arguments, pages 5-6, filed 10/06/2022, with respect to claims 22 and 33 have been fully considered, but they are not persuasive.  Applicant argues (1) the alleged device profile of Lyon is in no way related to the user’s use of the device. Lyon discloses a hardware identification signature key that is unique to the client device, and may include the media access control (MAD) address, CPU speed, installed memory, andor other unique static information of the client device 503. (Lyon, { [0123].)  The Lyon hardware identification signature key is therefore in no way shown or suggested as being related to the use of the device and is instead inherent information of the hardware device. 
In response to applicant’s arguments, (1) Lyon discloses ““FIG. 4 is a diagram of a user key creation process. Data may be entered 401 into a GUI interface. ... data entry points may comprise data such as ... hardware identification signature 415 ... After data is entered 401 into the user profile, initial user key is created 400” (0110, Figure 4). “Client device 503 operates as an administrative device for key 700A, whereupon user 100 can review and make certain changes to profile 703. For example, user 100 may add, delete, or change parameters’ (0125). Examiner holds that Lyon discloses “Input to User profile 401” which includes “hardware identification signature 415” that is created from non- static information (changes to the parameters) and thus discloses “a hardware profile, the hardware profile including user generated data stored on the hardware device.”



Response to Amendments
Applicant’s cancellation of claims 1, 14, and 20 are sufficient to overcome the 35 USC 112, second paragraph rejection set forth in previous office action. Therefore the rejections are withdrawn. 


Upon further consideration, the rejection of claims 22-36 is set forth below.  



Minor Informalities
Claims 22 and 33 recite “the hadware device information” which should be spelled correctly as “hardware”.  

Double Patenting
The nonstatutory double patenting rejection is based on a judicially created doctrine grounded in public policy (a policy reflected in the statute) so as to prevent the unjustified or improper timewise extension of the “right to exclude” granted by a patent and to prevent possible harassment by multiple assignees.   A nonstatutory obviousness-type double patenting rejection is appropriate where the conflicting claims are not identical, but at least one examined application claim is not patentably distinct from the reference claim(s) because the examined application claim is either anticipated by, or would have been obvious over, the reference claim(s). See, e.g., In re Berg, 140 F.3d 1428, 46 USPQ2d 1226 (Fed. Cir. 1998); In re Goodman, 11 F.3d 1046, 29 USPQ2d 2010 (Fed. Cir. 1993); In re Longi, 759 F.2d 887, 225 USPQ 645 (Fed. Cir. 1985); In re Van Ornum, 686 F.2d 937, 214 USPQ 761 (CCPA 1982); In re Vogel, 422 F.2d 438, 164 USPQ 619 (CCPA 1970); and In re Thorington, 418 F.2d 528, 163 USPQ 644 (CCPA 1969).
A timely filed terminal disclaimer in compliance with 37 CFR 1.321(c) or 1.321(d) may be used to overcome an actual or provisional rejection based on a nonstatutory double patenting ground provided the conflicting application or patent either is shown to be commonly owned with this application, or claims an invention made as a result of activities undertaken within the scope of a joint research agreement. 
Effective January 1, 1994, a registered attorney or agent of record may sign a terminal disclaimer. A terminal disclaimer signed by the assignee must fully comply with 37 CFR 3.73(b).




Claims 22, 25, 36, 29, 31-33 are rejected under 35 U.S.C. 101 as claiming the same invention as that of claims 1, 4, 8, 9, 11, 20, 21, of Patent 10164974 (Application 14/778131).  


Claims 22, 25, 36, 29, 31-33:
Claims 22, 25, 36, 29, 31-33  have similar limitations as in claims 1, 4, 8, 9, 11, 20, 21, of Patent 10164974 (Application 14/778131).  Although the conflicting claims are not identical; they are not patentably distinct from each other because both applications claim A method of authenticating a user for performing a transaction.  Claims 22, 25, 36, 29, 31-33  are rejected under the reasons as set forth above.  

This is an obviousness-type double patenting rejection because the conflicting claims have been patented.


Claims 22, 25, 36, 29, 31-33 in the instant application correspond to claims 1, 4, 8, 9, 11, 20, 21, of Patent 10164974 (Application 14/778131).  Since claims 22, 25, 36, 29, 31-33 are A method of authenticating a user for performing a transaction comprising the steps of: (a)    receiving on a first authentication server data representing unique knowledge of the user; (b)    receiving on the authentication server a hardware profile, the hardware profile being associated with the user; (c)    comparing on a second evaluation server the received data representing unique knowledge of the user with previously stored data representing unique knowledge of the user; (d)    comparing on the second evaluation server the received hardware profile with a previously stored hardware profile associated with the user by calculating a percent difference of the previously stored hardware profile with the received current hardware profile; and (e)    allowing the transaction to go forward if both the received data representing unique knowledge of the user is authenticated by step (c) and the difference between the received hardware profile and the previously stored hardware profile form the result of step (d) is less than a set tolerance; and (f) when the percentage difference is not within the set tolerance, the transaction does not proceed
AND claims 1, 4, 8, 9, 11, 20, 21, of Patent 10164974 (Application 14/778131) are 
A method of authenticating a user for performing a transaction comprising the steps of:
(a)    receiving on a first authentication server data representing unique knowledge of the user, wherein data representing unique knowledge of the user is related to a sequential selection of pictures presented to the user; (b)    receiving on the authentication server a hardware profile, the hardware profile being associated with the user; (c)    comparing on a second evaluation server the received data representing unique knowledge of the user with previously stored data representing unique knowledge of the user; (d)    comparing on the second evaluation server the received hardware profile with a previously stored hardware profile associated with the user by calculating a percent difference of the previously stored hardware profile with the received current hardware profile using the Levenshtein Distance equation: and (e)    allowing the transaction to go forward if both the received data representing unique knowledge of the user and the received hardware profile is authenticated by step[[s]] (c) and the difference between the received hardware profile and the previously stored hardware profile from the result of step (d) is less than a set tolerance: and (f)    if the percentage difference is not within the set tolerance, the transaction does not proceed., it would have been obvious to modify claims 1, 4, 8, 9, 11, 20, 21, of Patent 10164974 (Application 14/778131) to get Claims 22, 25, 36, 29, 31-33 in the instant application.


Allowable Subject Matter

Claims 28 and 36 are objected to as being dependent upon a rejected base claim, but would be allowable if rewritten in independent form including all of the limitations of the base claim and any intervening claims.



Claim Rejections - 35 USC § 103
In the event the determination of the status of the application as subject to AIA  35 U.S.C. 102 and 103 (or as subject to pre-AIA  35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status.  

The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102 of this title, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains.  Patentability shall not be negated by the manner in which the invention was made.


The factual inquiries set forth in Graham v. John Deere Co., 383 U.S. 1, 148 USPQ 459 (1966), that are applied for establishing a background for determining obviousness under 35 U.S.C. 103 are summarized as follows:
1. Determining the scope and contents of the prior art.
2. Ascertaining the differences between the prior art and the claims at issue.
3. Resolving the level of ordinary skill in the pertinent art.
4. Considering objective evidence present in the application indicating obviousness or nonobviousness.

Claims 22-27, 29-35 are rejected under 35 U.S.C. 103 as being unpatentable over Lyon (US 2012/0221470, publish date 08/30/2012) in view of Zhang et al. (US 2012/0151574 A1, publish date 06/14/2015).

Claim 22:
With respect to claim 22, Lyon discloses a method of authenticating a user for performing a transaction (a user authentication and secure transaction system, para 0052, Fig, 1) comprising the steps of:
(a) receiving user information data comprising biometric data at a hardware device (Client device 503 accesses control computer 60 via https or a real world transaction, para 0126) (Message digest function 801 to receive username and password, para 0127) (User profile 1020 can comprise data such as the following: user name, user password, date of birth, email address, social security number, banking account(s) information, credit/debit card(s) information gathered from a manual card swipe at a financial institution, government issued I.D. (e.g. drivers license), hardware ID numbers, IP address, user photo, authenticated credit limit, biometric data, authorized mailing address or addresses, and caller identification verification. For example, user 100 can configure the user's profile 1020 such that transactions corresponding to user 100 will only be approved if predetermined minimum and/or maximum authentication procedures are followed, para 0192);
(b) comparing the user information with previously stored user information data representing biometric data (control computer 60 may compare uploaded user identity data 111 to user data stored in database, para 0089) (Authentication procedures may comprise comparing the verification data to user's 100 user profile storable in user database 160 and/or fraud database, para 0104) (biometric or email identification may be used for authentication purposes, para 0121) (such authentication may be accomplished by user 100 entering verification data such as a password or biometric information, para 0226);
(c) receiving on a server a hardware device information (User Profiled Figure 4, 401, Hardware signature, Figure 4, 415) (The hardware identification signature key is sent to control computer, para 0123), the hadware device information at least partly based on information on the hardware device resulting from action by the user and not inherent information of the hardware device (Control computer 60 may assign a user identifier to user 100 that is unique to user 100, the user identifier may be comprised of a hardware identification signature, 0095) (The hardware identification signature key generated by installed software, 0123) (Hardware signature, Figure 4, 415);
(d) comparing on the server the hardware device information with a previously stored hardware device information associated with actions of the user on the hardware device previously stored on the server (Merchant access key 1110 combined with authorized user key 502 and the hardware identification signature on a merchant client device grants merchant 170 merchant profile 1015 access, para 0193, Figs. 5, 10, 11) (a currently created hardware identification signature to be sent to control computer 60 for comparison to the stored hardware identification signature residing within profile, para 0123);
(e) allowing the transaction to go forward if both the user information is authenticated by step (b) and the difference between the hardware device information and the previously stored hardware device information of step (d) (If control computer 60 is able to authenticate the verification information, control computer 60 sends message 133 to merchant computer 70 to authorize the transaction, para 0105; enrollment access key 1306 may be combined with authorized user key 502 and a hardware identification signature on an enrollment client device to grant enrollment agent 1312 enrollment profile 1328 access, para 0193).

Lyon does not disclose by calculating a percent difference of the previously stored hardware device information with the hardware device information; 
allowing the transaction to go forward  step (d) is less than a set tolerance; and 
(f) if the percentage difference is not within the set tolerance, the transaction does not proceed as claimed.

However, Zhang teaches by calculating a percent difference of the previously stored hardware device information with the hardware device information; 
allowing the transaction to go forward  step (d) is less than a set tolerance; and 
(f) if the percentage difference is not within the set tolerance, the transaction does not proceed (the AVS checks whether or not the system identifier in the activation request matches the OEM-reported system identifier to within a second tolerance, within a second tolerance may comprise determining whether a distance between the two system identifiers is less than the second tolerance.  The second tolerance may be a number indicating the maximal allowed distance between the first and second system identifiers (0070-0071) may be done to within a tolerance in order to account for possible modification in the hardware configuration of the system from the time the OEM-generated system identifier was reported to the software vendor (e.g., act 807 in FIG. 3) to the time that the software activation request was sent from the user computer to the software vendor (0072).

Lyon and Zhang are analogous art because they are from the same field of endeavor of hardware profiles.

It would have been obvious to one skilled in the art before the effective filing date of the claimed invention to use Zhang in Lyon for by calculating a percent difference of the previously stored hardware device information with the hardware device information; allowing the transaction to go forward  step (d) is less than a set tolerance; and (f) if the percentage difference is not within the set tolerance, the transaction does not proceed as claimed for purposes of enhancing the system of Lyon by allowing for slight changes in hardware configuration and therefore maximizing the protection of transactional data. (see Zhang the comparison of the OEM-reported system identifier to the user-provided system identifier, in act 604, may be done to within a tolerance in order to account for possible modification in the hardware configuration of the system from the time the OEM-generated system identifier was reported to the software vendor (e.g., act 807 in FIG. 3} to the time that the software activation request was sent from the user computer to the software vendor, para 0072).

Claim 23:
With respect to claim 23, Lyon discloses wherein the hardware device information changes over time as a user uses the hardware device (This unique hardware identification signature, the hardware ID reset on the profile 0124).


Claim 24:
With respect to claim 24, the combination of Lyon and Zhang et al. discloses the limitations of claim 22, as addressed. 

Zhang et al. teaches wherein the transaction is allowed to proceed in step (e) if the difference between the hardware device information and the previously stored hardware device information is different by at least 0.02% (First/second tolerance pre-specified or dynamically determined (0068, 0070).

Claim 25:
With respect to claim 26, Lyon discloses further comprising (1) receiving additional user information and (11) comparing the received additional user information with previously stored additional user information for verification of the user on the server; and wherein step (e) comprises allowing the transaction to go forward only if the user is verified in step (ii) (control computer 60 attempts to authenticate verification data received in message 149 before continuing to process the transaction.  Authentication procedures may comprise comparing the verification data to user's 100 user profile storable in user database 160 and/or fraud database, para 0104) (If control computer 60 is able to authenticate the verification information, control computer 60 sends message 133 to merchant computer 70 to authorize the transaction, para 0105).


Claim 26:
With respect to claim 26, Lyon discloses wherein the additional user information comprises the user's (a) name, (b) social security number, (c) national identification number, (d) passport number, (e) IP address, (f) vehicle registration number, (g) vehicle license plate number, (h) driver's license number, (1) appearance, (j) fingerprint, (k) handwriting, (1) credit card information, (m) bank account information, (n) digital identity, (0) date of birth, (p) birthplace, (q) past and current residence, (r) age, (s) gender, (t) marital status, (u) race, (v) names of schools attended, (w) workplace, (x) salary, (y) job position, (z) biometric data, and combinations of one or more thereof (User profile 1020 can comprise data such as the following: user name, user password, date of birth, email address, social security number, banking account(s) information, credit/debit card(s) information gathered from a manual card swipe at a financial institution, government issued I.D. (e.g. drivers license), hardware ID numbers, IP address, user photo, authenticated credit limit, biometric data, authorized mailing address or addresses, and caller identification verification. For example, user 100 can configure the user's profile 1020 such that transactions corresponding to user 100 will only be approved if predetermined minimum and/or maximum authentication procedures are followed, para 0192).

Claims 27, 35:
With respect to claims 27, 35, the combination of Lyon and Zhang et al. discloses the limitations of claims 22, 33, as addressed. 

Zhang et al. teaches wherein the set tolerance is between 0.02% and 76% (First/second tolerance pre-specified or dynamically determined (0068, 0070).

Claims 29, 34:
With respect to claims 29, 34, Lyon discloses wherein the hardware device information corresponds to a second electronic device and the transaction is requested from the server from a first electronic device, separate/different from the second electronic device (Merchant computer 70 combines merchant's 170 merchant name and the merchant identifier with user's 100 user name, user identifier, and password to create authorization data 141, and uploads authorization data 141 to control computer 60 by means of computer network, para 0098, Figs, 1, 5).

Claim 30:
With respect to claim 30, Lyon discloses wherein the hardware device information is received at the server from the second electronic device and not through the first electronic device (Figures 1 and 2).

Claim 31:
With respect to claim 31, Lyon discloses comprises performing the transaction (a user authentication and secure transaction system, para 0052, Fig, 1) (If the result of decision 905 is positive, the process proceeds to operation 906 allowing profile changes to take place before proceeding to operation 907, otherwise, the process proceeds to operation 907 where the transaction proceeds, para 0152) (operation 907 allows a transaction to proceed after authentication and verification, para 0154, Fig. 9).

Claim 32:
With respect to claim 32, Lyon discloses wherein the hardware device information is hashed (the user identifier and/or merchant identifier may be comprised of a hardware identification signature, other types of identifying means could be employed, such as those having serialized encryption means, 0095).

Claim 33:
With respect to claim 33, Lyon discloses a method for a user to perform a transaction (a user authentication and secure transaction system, para 0052, Fig, 1) comprising the steps of:
(a) receiving on a first electronic device data, wherein the first electronic device data is related to biometric data of the user (Client device 503 accesses control computer 60 via https or a real world transaction, para 0126) (Message digest function 801 to receive username and password, para 0127) (User profile 1020 can comprise data such as the following: user name, user password, date of birth, email address, social security number, banking account(s) information, credit/debit card(s) information gathered from a manual card swipe at a financial institution, government issued I.D. (e.g. drivers license), hardware ID numbers, IP address, user photo, authenticated credit limit, biometric data, authorized mailing address or addresses, and caller identification verification. For example, user 100 can configure the user's profile 1020 such that transactions corresponding to user 100 will only be approved if predetermined minimum and/or maximum authentication procedures are followed, para 0192);
(b) sending to a server a hardware device information of a second electronic device for authentication of the second electronic device (User Profiled Figure 4, 401, Hardware signature, Figure 4, 415) (The hardware identification signature key is sent to control computer, para 0123), the hadware device information at least partly based on information on the second electronic device resulting from action by the user and not inherent information of the second electronic device (Control computer 60 may assign a user identifier to user 100 that is unique to user 100, the user identifier may be comprised of a hardware identification signature, 0095) (The hardware identification signature key generated by installed software, 0123) (Hardware signature, Figure 4, 415); 
(c) receiving a response indicating whether the first device was authenticated and the data related to the biometric data of the user was authenticated (Once client devices 503 are authenticated and configured, they are authorized to communicate with control computer, para 0169);
(e) proceeding with the transaction  (If control computer 60 is able to authenticate the verification information, control computer 60 sends message 133 to merchant computer 70 to authorize the transaction, para 0105) (enrollment access key 1306 may be combined with authorized user key 502 and a hardware identification signature on an enrollment client device to grant enrollment agent 1312 enrollment profile 1328 access, para 0193).

Lyon does not disclose only if a difference between the hardware device information of a second electronic device sent to the server at step (b) and a previously stored hardware device information is less than a set tolerance and the difference between the hardware device information and the previously stored hardware device information is performed by calculating a percent difference of the previously stored hardware device information with the hardware device information; and (f) if the percentage difference is not within the set tolerance, the transaction does not proceed as claimed.

However, Zhang teaches only if a difference between the hardware device information of a second electronic device sent to the server at step (b) and a previously stored hardware device information is less than a set tolerance and the difference between the hardware device information and the previously stored hardware device information is performed by calculating a percent difference of the previously stored hardware device information with the hardware device information; and (f) if the percentage difference is not within the set tolerance, the transaction does not proceed (the AVS checks whether or not the system identifier in the activation request matches the OEM-reported system identifier to within a second tolerance, within a second tolerance may comprise determining whether a distance between the two system identifiers is less than the second tolerance.  The second tolerance may be a number indicating the maximal allowed distance between the first and second system identifiers (0070-0071) may be done to within a tolerance in order to account for possible modification in the hardware configuration of the system from the time the OEM-generated system identifier was reported to the software vendor (e.g., act 807 in FIG. 3) to the time that the software activation request was sent from the user computer to the software vendor (0072)

Lyon and Zhang are analogous art because they are from the same field of endeavor of hardware profiles.

It would have been obvious to one skilled in the art before the effective filing date of the claimed invention to use Zhang in Lyon only if a difference between the hardware device information of a second electronic device sent to the server at step (b) and a previously stored hardware device information is less than a set tolerance and the difference between the hardware device information and the previously stored hardware device information is performed by calculating a percent difference of the previously stored hardware device information with the hardware device information; and (f) if the percentage difference is not within the set tolerance, the transaction does not proceed as claimed for purposes of enhancing the system of Lyon by allowing for slight changes in hardware configuration and therefore maximizing the protection of transactional data. (see Zhang the comparison of the OEM-reported system identifier to the user-provided system identifier, in act 604, may be done to within a tolerance in order to account for possible modification in the hardware configuration of the system from the time the OEM-generated system identifier was reported to the software vendor (e.g., act 807 in FIG. 3} to the time that the software activation request was sent from the user computer to the software vendor, para 0072).
Conclusion
The prior art made of record and not relied upon is considered pertinent to applicant's disclosure, (see PTO Form 892).

Any inquiry concerning this communication or earlier communications from the examiner should be directed to Helai Salehi whose telephone number is 571-270-7468.  The examiner can normally be reached on Monday - Friday from 9 am to 5 pm., every other Friday off
If attempts to reach the examiner by telephone are unsuccessful, the examiner's supervisor, Jeff Pwu, can be reached on 571-272-6798.  The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.

Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, Applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.  

Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system.  Status information for published applications may be obtained from either Private PAIR or Public PAIR.  Status information for unpublished applications is available through Private PAIR only.  For more information about the PAIR system, see http://pair-direct.uspto.gov. Should you have questions on access to the Private PAIR system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free).

/HELAI SALEHI/
Examiner, Art Unit 2433

/JEFFREY C PWU/Supervisory Patent Examiner, Art Unit 2433