USAA 1043
`USAA v. Asghari-Kamrani et al.
`CBM2016-00063
`CBM2016-00064
`
`

`
`U.S. Patent Application No. 12/210,926
`
`Attorney Docket No. KAMR002USO
`
`In the Claims:
`
`Please amend the claims as follows:
`
`l—20. (Cancelled)
`
`21. (Previously Presented) A computer implemented method to authenticate an individual
`
`in communication with an entity over a communication network during communication between
`
`the entity and the individual, the computer implemented method comprising:
`
`receiving electronically a request for a dynamic code for the individual, which request is
`
`received during authentication of the individual by the entity;
`
`calculating the dynamic code for the individual in response to the request during
`
`authentication of the individual by the entity, wherein the dynamic code is valid for a predefined
`
`time and becomes invalid after being used;
`
`sending electronically the dynamic code to the individual during authentication of the
`
`individual by the entity;
`
`receiving electronically an authentication request to authenticate the individual based on a
`
`user information and the dynamic code included in the authentication request; and
`
`verifying an identity of the individual based on the user information and the dynamic
`
`code included in the authentication request.
`
`22. (Previously Presented) The computer implemented method of claim 21, wherein the
`
`request for the dynamic code is received by a computer associated with a first trusted-
`
`authenticator and the authentication request is received by the first trusted—authenticator.
`
`

`
`U.S. Patent Application No. 12/210,926
`
`Attorney Docket No. KAMR002USO
`
`23. (Previously Presented) The computer implemented method of claim 21, wherein the
`
`request for the dynamic code is received by a computer associated with a first trusted-
`
`authenticator and the authentication request is received by a computer associated with a second
`
`trusted—authenticator that is different than the first trusted—authenticator.
`
`24. (Previously Presented) The computer implemented method of claim 21, wherein the
`
`dynamic code includes a time—dependent SecureCode.
`
`25. (Previously Presented) The computer implemented method of claim 21, wherein at
`
`least the dynamic code is encrypted.
`
`26. (Previously Presented) A computer implemented method for an entity to authenticate
`
`an individual over a communication network during communication with the individual, the
`
`method comprising:
`
`requesting electronically both a user information and a dynamic code from the individual
`
`in order to validate the individual’ s identity during communication with the individual, which
`
`individual obtains the dynamic code from a computer associated with a trusted—authenticator
`
`during the communication between the individual and the entity, wherein the dynamic code is
`
`valid for a predefined time and becomes invalid after being used;
`
`receiving electronically both the user information and the dynamic code from the
`
`individual; and
`
`authenticating the individual based on verification by the trusted—authenticator of the user
`
`

`
`U.S. Patent Application No. 12/210,926
`
`Attorney Docket No. KAMR002USO
`
`information and the dynamic code received during communication between the individual and
`
`the entity.
`
`27. (Previously Presented) The computer implemented method of claim 26, wherein the
`
`user information and the dynamic code comprise credentials for verifying the individual’s
`
`identity.
`
`28. (Previously Presented) The computer implemented method of claim 26, wherein the
`
`dynamic code includes a time—dependent SecureCode.
`
`29. (Previously Presented) The computer implemented method of claim 26, wherein at
`
`least the dynamic code is encrypted.
`
`30. (Previously Presented) The computer implemented method of claim 26, wherein the
`
`entity corresponds to a business, organization, or another individual.
`
`3 1. (Previously Presented) The computer implemented method of claim 26, wherein a
`
`computer associated with a first trusted—authenticator calculates the dynamic code and provides
`
`the dynamic code to the individual during communication between the individual and the entity.
`
`32. (Cancelled)
`
`33. (Cancelled)
`
`

`
`U.S. Patent Application No. 12/210,926
`
`Attorney Docket No. KAMR002USO
`
`34. (Previously Presented) A computer implemented method for a website to authenticate
`
`an individual over a communication network during a communication session between the
`
`individual and the website, the computer implemented method comprising:
`
`requesting by a computer associated with the website both a user information and a
`
`dynamic code from the individual in order to validate the individual’ s identity, wherein the
`
`dynamic code is valid for a predefined time and becomes invalid after being used;
`
`receiving both the user information and the dynamic code from the individual, which
`
`individual receives the dynamic code during the communication session between the individual
`
`and the website; and
`
`creating an authentication request message including the user information and the
`
`dynamic code and providing the authentication request message to a first computer associated
`
`with a trusted—authenticator, the trusted authenticator authenticating the individual based on the
`
`user information and the dynamic code.
`
`35. (Previously Presented) The computer implemented method of claim 34, wherein the
`
`user information and the dynamic code comprise credentials for verifying the individual’s
`
`identity.
`
`36. (Previously Presented) The computer implemented method of claim 34, wherein the
`
`dynamic code includes a non—predictable and time—dependent SecureCode.
`
`37. (Previously Presented) The computer implemented method of claim 34, wherein at
`
`

`
`least the dynamic code is encrypted.
`
`U.S. Patent Application No. 12/210,926
`
`Attorney Docket No. KAMR002USO
`
`38. (Previously Presented) The computer implemented method of claim 34, wherein a
`
`second computer associated with the trusted—authenticator calculates the dynamic code and
`
`provides the dynamic code to the individual during the communication session between the
`
`individual and the website.
`
`39. (Cancelled)
`
`40. (Cancelled)
`
`41. (Previously Presented) A computer implemented method for authenticating an
`
`individual in communication with an entity over a communication network during
`
`communication between the entity and the individual, the method comprising:
`
`receiving by a computer associated with the entity a dynamic code during authentication
`
`of the individual by the entity, which said dynamic code was sent to the individual by a trusted-
`
`authenticator in response to a request for the dynamic code from the trusted—authenticator during
`
`authentication of the individual by the entity and was calculated by the trusted—authenticator
`
`during authentication of the individual by the entity, wherein the dynamic code is valid for a
`
`predefined time and becomes invalid after being used;
`
`sending electronically by the entity an authentication request to a trusted—authenticator to
`
`authenticate the individual based on a user information and a received dynamic code included in
`
`the authentication request, wherein said authentication request is sent during authentication of the
`
`

`
`U.S. Patent Application No. 12/210,926
`
`Attorney Docket No. KAMR002USO
`
`individual by the entity; and
`
`receiving electronically by the entity a message from the trusted—authenticator either
`
`confirming or denying an identity of the individual based on the user information and the
`
`received dynamic code included in the authentication request from the entity during the time of
`
`authentication of the individual by the entity.
`
`42. (Previously Presented) The computer implemented method according to claim 41,
`
`wherein the entity and the trusted—authenticator are the same.
`
`43. (Previously Presented) The computer implemented method according to claim 41,
`
`wherein the entity and the trusted—authenticator are different.
`
`44. (Previously Presented) The computer implemented method according to claim 41,
`
`wherein said dynamic code is calculated after receiving the request from the individual for the
`
`dynamic code.
`
`45. (Previously Presented) The computer implemented method according to claim 41,
`
`wherein said dynamic code comprises a different value each time the dynamic code is requested
`
`by the individual.
`
`46. (Previously Presented) A computer implemented method for authenticating an
`
`individual in communication with an entity during communication between the entity and the
`
`individual, the computer implemented method comprising:
`
`

`
`U.S. Patent Application No. 12/210,926
`
`Attorney Docket No. KAMR002USO
`
`sending electronically a request for a dynamic code to a trusted—authenticator during
`
`authentication of the individual by the entity;
`
`receiving electronically the dynamic code from the trusted—authenticator during
`
`authentication of the individual by the entity, which dynamic code was calculated by a computer
`
`associated with the trusted—authenticator during authentication of the individual by the entity,
`
`wherein the dynamic code is valid for a predefined time and becomes invalid after being used;
`
`sending electronically the dynamic code and user information during authentication of the
`
`individual by the entity to the trusted—authenticator for verification by the trusted—authenticator
`
`during authentication of the individual by the entity; and
`
`receiving electronically acceptance or denial of authentication from the entity based on
`
`verification by the trusted—authenticator of the user information and dynamic code received from
`
`the individual during authentication of the individual by the entity.
`
`47. (Previously Presented) The computer implemented method according to claim 46,
`
`wherein the entity and the trusted—authenticator are the same.
`
`48. (Previously Presented) The computer implemented method according to claim 46,
`
`wherein the entity and the trusted—authenticator are different.
`
`49. (Previously Presented) The computer implemented method according to claim 46,
`
`wherein said dynamic code is calculated after receiving the request from the individual for the
`
`dynamic code.
`
`

`
`U.S. Patent Application No. 12/210,926
`
`Attorney Docket No. KAMR002USO
`
`50. (Previously Presented) The computer implemented method according to claim 46,
`
`wherein said dynamic code comprises a different value each time the dynamic code is requested
`
`for an individual.
`
`51. (Previously Presented) A computer implemented method to authenticate an
`
`individual during communication between the individual and another entity, the method
`
`comprising:
`
`receiving electronically a request for a dynamic code, wherein the request is received
`
`during authentication of the individual by the entity;
`
`sending the dynamic code electronically to the individual during authentication of the
`
`individual by the entity, wherein the dynamic code is valid for a predefined time and becomes
`
`invalid after being used;
`
`receiving electronically an authentication request from the entity to authenticate the
`
`individual based on a user information and dynamic code received from the individual during
`
`authentication of the individual by the entity, wherein said authentication request is received
`
`during authentication of the individual by the entity; and
`
`verifying by a computer an identity of the individual based on the user information and
`
`the received dynamic code in response to the authentication request from the entity during the
`
`time of authentication of the individual by the entity.
`
`52. (Previously Presented) The computer implemented method according to claim 51,
`
`further comprising:
`
`sending electronically a confirmation or denial authentication message to the entity during
`
`

`
`authentication of the individual by the entity.
`
`U.S. Patent Application No. 12/210,926
`
`Attorney Docket No. KAMR002USO
`
`5 3. (Previously Presented) The computer implemented method according to claim 51,
`
`wherein the entity comprises a trusted—authenticator.
`
`54. (Previously Presented) The computer implemented method according to claim 51,
`
`wherein said dynamic code is calculated after receiving the request for the dynamic code.
`
`55. (Previously Presented) The computer implemented method according to claim 51,
`
`wherein said dynamic code comprises a different value each time the dynamic code is requested
`
`for the individual.
`
`5 6. (Previously Presented) A computer implemented method to perform a two—factor
`
`authentication of an individual based on a user information as a first credential and a dynamic
`
`code as a second credential during communication over a network between an entity and the
`
`individual, the method comprising;
`
`receiving electronically acceptance or denial of two—factor authentication from the entity
`
`based on two credentials received from the individual, wherein:
`
`said user information comprises the first credential and said dynamic code comprises the
`
`second credential;
`
`said dynamic code was calculated by a computer program associated with a trusted-
`
`authenticator and provided to the individual during said communication between the entity and
`
`the individual, wherein the dynamic code is valid for a predefined time and_becomes invalid after
`
`-10-
`
`

`
`U.S. Patent Application No. 12/210,926
`
`Attorney Docket No. KAMR002USO
`
`being used;
`
`said user information and said dynamic code were electronically received and verified by
`
`the trusted—authenticator during authentication of the individual by the entity; and
`
`said dynamic code comprises a different value each time the individual receives a
`
`dynamic code from a trusted—authenticator.
`
`57. (Previously Presented) A computer implemented method to perform a two—factor
`
`authentication of an individual based on a user information as a first credential and a dynamic
`
`code as a second credential during communication between the entity and the individual, the
`
`method comprising;
`
`accepting or denying electronically of a two—factor authentication of the individual based
`
`on two credentials received from the individual, wherein:
`
`said user information comprises the first credential and said dynamic code comprises the
`
`second credential;
`
`said dynamic code was calculated by a first computer associated with a trusted-
`
`authenticator and sent by a second computer associated with the trusted—authenticator to the
`
`individual during communication between the individual and the entity, wherein the dynamic
`
`code is valid for a predefined time and becomes invalid after being used;
`
`said user information and said dynamic code were received electronically during
`
`authentication of the individual by the entity and were verified by the trusted—authenticator during
`
`said communication between the individual and the entity; and
`
`said first computer associated with said trusted—authenticator calculates a different value
`
`for said dynamic code each time the individual requests a dynamic code from the trusted-
`
`-11-
`
`

`
`authenticator.
`
`U.S. Patent Application No. 12/210,926
`
`Attorney Docket No. KAMR002USO
`
`5 8. (Previously Presented) The computer implemented method according to claim 57,
`
`wherein the first computer and the second computer are the same.
`
`5 9. (Cancelled).
`
`60. (Cancelled).
`
`6 l. (Cancelled).
`
`62. (Previously Presented) A computer implemented method to perform a two—factor
`
`authentication of an individual based on a user information as a first credential and a dynamic
`
`code as a second credential during communication between the entity and the individual, the
`
`method comprising;
`
`accepting or denying electronically of the two—factor authentication of the individual
`
`based on two credentials received from the individual, wherein:
`
`said user information comprises the first credential and said dynamic code comprises the
`
`second credential;
`
`said dynamic code was calculated by a trusted—authenticator and sent to the individual for
`
`authentication between the individual and the entity, wherein the dynamic code is valid for a
`
`predefined time and becomes invalid after being used;
`
`said user information and said dynamic code were received electronically during
`
`-12-
`
`

`
`U.S. Patent Application No. 12/210,926
`
`Attorney Docket No. KAMR002USO
`
`authentication of the individual by the entity and user information was verified by a first
`
`computer and dynamic code was verified by a second computer associated with the trusted-
`
`authenticator during said communication between the individual and the entity; and
`
`said dynamic code comprises a different value each time the individual receives a
`
`dynamic code from a trusted—authenticator.
`
`63. (Previously Presented) The computer implemented method according to claim 62,
`
`wherein the first computer and the second computer are the same.
`
`64. (Previously Presented) The computer implemented method according to claim 62,
`
`wherein said dynamic code is valid for a predefined time and may be used by the individual
`
`before becoming invalid.
`
`65. (Previously Presented) The computer implemented method of claim 34, wherein a
`
`computer program associated with the trusted—authenticator calculates the dynamic code and
`
`provides the dynamic code to the individual during the communication session between the
`
`individual and the website.
`
`66. (Previously Presented) The computer implemented method of claim 21, wherein the
`
`user information is verified by a first computer and dynamic code is verified by a second
`
`computer.
`
`67. (Previously Presented) The computer implemented method according to claim 34,
`
`-13-
`
`

`
`wherein the website and the trusted—authenticator are the same.
`
`U.S. Patent Application No. 12/210,926
`
`Attorney Docket No. KAMR002USO
`
`68. (Previously Presented) The computer implemented method of claim 34, wherein the
`
`user information is verified by a first computer and dynamic code is verified by a second
`
`computer associated with the trusted—authenticator.
`
`69. (Previously Presented) The computer implemented method according to claim 41,
`
`wherein the entity and the trusted—authenticator are the same.
`
`70. (Previously Presented) The computer implemented method of claim 41 wherein the
`
`user information is verified by a first computer and dynamic code is verified by a second
`
`computer associated with the trusted—authenticator.
`
`7 1. (Previously Presented) The computer implemented method of claim 5 6, wherein the
`
`user information is verified by a first computer and dynamic code is verified by a second
`
`computer associated with the trusted—authenticator.
`
`72. (Previously Presented) The computer implemented method according to claim 56,
`
`wherein the entity and the trusted—authenticator are the same.
`
`73. (Previously Presented) The computer implemented method according to claim 57,
`
`wherein the entity and the trusted—authenticator are the same.
`
`-14-
`
`

`
`U.S. Patent Application No. 12/210,926
`
`Attorney Docket No. KAMR002USO
`
`74. (Previously Presented) The computer implemented method according to claim 46,
`
`wherein the dynamic code is alphanumeric.
`
`75. (Previously Presented) The computer implemented method according to claim 5 6,
`
`wherein the dynamic code is alphanumeric.
`
`76. (Previously Presented) The computer implemented method according to claim 21,
`
`wherein the dynamic code is alphanumeric.
`
`77. (Previously Presented) The computer implemented method according to claim 26,
`
`wherein the dynamic code is alphanumeric.
`
`78. (Previously Presented) The computer implemented method according to claim 34,
`
`wherein the dynamic code is alphanumeric.
`
`79. (Previously Presented) The computer implemented method according to claim 41,
`
`wherein the dynamic code is alphanumeric.
`
`80. (Previously Presented) The computer implemented method according to claim 57,
`
`wherein the dynamic code is alphanumeric.
`
`-15-
`
`

`
`U.S. Patent Application No. 12/210,926
`
`Attorney Docket No. KAMR002USO
`
`REMARKS
`
`Claims 21-31, 34-38, 41-58 and 62-80 were previously pending. Claims 1-20, 32-33, 39-
`
`40, 59-61 have been previously cancelled without disclaimer of or prejudice to the subject matter
`
`contained therein. Claims 21-31, 34-38, 41-58 and 62-80 remain pending.
`
`CLAIMS REMAIN PATENTABLE OVER KALISKI, JR. AND HILL
`EITHER TAKEN ALONE OR IN COMBINATION
`
`The Office Action rejected claims 21-31, 34-38, 41, 43-46, 48-52, 54-57, 62 and 64 under
`
`35 U.S.C. § l03(a) as being unpatentable over U.S. Patent Publication No. 2010/0100724 A1 by
`
`Kaliski, Jr. [hereinafter “Kaliski, Jr.”] in View of U.S. Patent No. 6,236,981 by Hill [hereinafter
`
`“Hill”]. Generally, the Office Action contends that Kaliski, Jr. discloses all of the elements of
`
`the claims, except for certain missing features that it contends can be found in Hill, and further
`
`contends that it would have been obvious to one of ordinary skill in the art to modify the system
`
`of Kaliski, Jr. using these certain missing features from Hill for various specified reasons. For
`
`example with regard to claim 21, the Office Action asserts that Kaliski, Jr. discloses all of the
`
`elements of the claim at issue, except for “that the dynamic SecureCode becomes invalid after
`
`being used.” The Applicants respectfully disagree with the Office Action’s characterization of
`
`these references vis-a-vis the claims at issue and respectfully request reconsideration and
`
`withdrawal of the rejection in light of the following remarks.
`
`Factual Inquiries Set Forth in Graham v. John Deere Show Non-Obviousness
`
`1. Determining Scope of Prior Art
`
`Kaliski, Jr. teaches a technique for developing a hardened password that is then used to
`
`derive a decryption key or as the decryption key, which decryption key is then used to
`
`-16-
`
`

`
`U.S. Patent Application No. 12/210,926
`
`Attorney Docket No. KAMR002USO
`
`successfully decrypt user information thereby Verifying the authenticity of the user. Thus, the
`
`hardened password is not used to authenticate the user, but rather successful decryption is the
`
`basis for authenticating the user. Afi‘. N. Kamrani filed 030512, WW13—15;Afi‘. K. Kamrani filed
`
`030512, WW14—16;Afi‘. Hewittfiled 030512, WW1 7-19; and Afi‘. Hosseinzadelzfiled 030512, WW13-
`
`15.
`
`Hill teaches the use of digital tokens as a payment mechanism. The digital tokens are not
`
`used to authenticate the user. The issuer merely authenticates the digital tokens as Valid payment
`
`but not as authentication of the user. Afi‘. N. Kamrani filed 03 051 2, WW16—19;Afi‘. K. Kamrani
`
`filed 030512, WW17—20; Afi‘. Hewitt filed 030512, WW21—23; and Afi‘. Hosseinzadelz filed 030512,
`
`WW16—19.
`
`2. Ascertaining the Dififerences Between the Prior Art and Claims at Issue
`
`The Claims at issue include the limitations that the dynamic code is generated during the
`
`transaction between the user and the EXtemal—Entity and that the so generated dynamic code is
`
`then used by a Central Entity to authenticate the user to an External Entity. Kaliski, Jr. does not
`
`authenticate a user based on any code generated during the transaction between the user and the
`
`merchant because successful decryption forms the basis of authentication in Kaliski, Jr. Afi‘. N.
`
`Kamranifiled 030512, WW13—15;Afi‘. K. Kamranifiled 030512, WW14—16;Afi‘. Hewittfiled
`
`030512, WW1 7-19; and Afi‘. Hosseinzadelifiled 030512, WW13—15.
`
`Hill also does not authenticate a user based on a code generated during the transaction. In
`
`fact, Hill fails to teach any authentication of the user but merely authentication of payment
`
`tokens, which are not used for authentication of the user. Afi‘. N. Kamrani filed 03 051 2, WW16—
`
`19; Afi”. K. Kamranifiled 030512, WW17—20; Afi”. Hewittfiled 030512, WW21—23; and Afi‘.
`
`-17-
`
`

`
`Hosseinzadelz filed 03 051 2, WW16—19. Hill is merely cited for the claim element that the dynamic
`
`U.S. Patent Application No. 12/210,926
`
`Attorney Docket No. KAMR002USO
`
`code becomes invalid after use.
`
`Nonce Is Not Recited Dynamic Code
`
`The Examiner equates the nonce of Kaliski, Jr. to the dynamic code of the present application
`
`(“wherein the nonce corresponds to the recited dynamic code.” Office Action, p. 4). But the
`
`Applicants respectfully submit that the nonce is not equivalent to the recited dynamic code. Afi‘.
`
`N. Kamranifiled 030512, WW5—8; Afi”. K. Kamranifiled 030512, WW6—9; Afi”. Hewittfiled 030512,
`
`WW9—12; and Afi‘. Hosseinzadelz filed 030512, WW5 -8. A nonce is merely a session identifier that
`
`is associated with each user’s session in a client server arrangement. Id.
`
`Authentication Not Based on SecureCode
`
`Next, the Office Action contends that Kaliski, Jr. teaches the claim element
`
`“authenticating
`
`the user during the transaction if the digital identity is valid.” For this claim
`
`element, the Examiner refers to paragraph [Ol 12] of Kaliski, Jr. However, in Kaliski, Jr.
`
`authentication is not based on the digital identity that includes the nonce, but rather
`
`authentication is based on successful decryption of an electronic signature. Afi”. N. Kamrani filed
`
`030512, WW13—15;Afi‘. K. Kamranifiled 030512, WW14—16;Afi‘. Hewittfiled 030512, WW1 7-19;
`
`and Afi‘. Hosseinzadelz filed 030512, WW13—15.
`
`In Kaliski, Jr. authentication is not based on the nonce, rather the nonce is merely an
`
`identifier used to indicate “whether or not the authentication attempt associated with the nonce
`
`was successful.” Kaliski, Jr., W[0112]. Afi”. N. Kamranifiled 030512, WW5—8; Afi”. K. Kamrani
`
`filed 030512, WW6—9; Afi”. Hewitt filed 030512, WW9—12; and Afi‘. Hosseinzadelz filed 030512, WW5-
`
`8.
`
`-18-
`
`

`
`U.S. Patent Application No. 12/210,926
`
`Attorney Docket No. KAMR002USO
`
`Authentication Server Equated with the Central Entity by the Office Action Does Not
`Authenticate the User as Recited in the Claims
`
`The Office Action equates the recited Central Entity with the Authentication Server 730
`
`of FIG. 7 from Kaliski, Jr. Oflice Action, p. 4. Claim 1 specifically states “authenticating by the
`
`Central Entity the user during the transaction...” However, the Authentication Server 730 of
`
`Kaliski, Jr. does not authenticate the user, but rather the web server 710 authenticates the user
`
`based on successful decryption of the user’s digital signature. Afi‘. N. Kamrani filed 03 051 2,
`
`WW10—12;Afi‘. K. Kamranifiled 030512, WW11—13;Afi‘. Hewittfiled 030512, WW14—16; and Afi‘.
`
`Hosseinzadelz filed 030512, WW1 0-12.
`
`Authentication Server Equated with the Central Entity by the Office Action Does Not
`
`Receive Authentication Request as Recited in the Claims
`
`Claim 1 also recites “receiving electronically by the Central Entity a request for
`
`authenticating the user based on a digital identity during the transaction, which digital identity
`
`includes the dynamic code.” However, the Authentication Server 730 of Kaliski, Jr. does not
`
`receive a request for authenticating the user because the web server 710 authenticates the user
`
`based on successful decryption of the user’s digital signature. Afi‘. N. Kamrani filed 03 051 2, W9;
`
`Afi‘. K. Kamrani filed 030512, W10; Afi‘. Hewitt filed 030512, W13; and Afi‘. Hosseinzadeh filed
`
`03 051 2, W9. Thus, neither reference includes the recited claim elements of: (l) authenticating
`
`the user based on a dynamic code; (2) receiving an authentication request message by a Central
`
`Entity, which message includes a dynamic code generated by the Central Entity; (3)
`
`authenticating the user by the Central Entity that generated the dynamic code. Without these
`
`features, the suggested combination fails to state a primafacie case of obviousness.
`
`-19-
`
`

`
`U.S. Patent Application No. 12/210,926
`
`Attorney Docket No. KAMR002USO
`
`Reconsideration and withdrawal of the rejection of these claims is therefore respectfully
`
`requested.
`
`CLAIMS REMAIN PATENTABLE OVER KALISKI, JR. AND HILL TAKEN ALONE
`OR IN COMBINATION WITH CERTAIN OFFICIAL NOTICE
`
`The Office Action rejected claims 23, 66, 68, 70 and 71 under 35 U.S.C. § l03(a) as
`
`being unpatentable over the combination of Kaliski, Jr. and Hill and further in View of certain
`
`Official Notice. The Office Action contends that the above mentioned combination of Kaliski,
`
`Jr. and Hill discloses all of the elements of the claim at issue, except for “wherein the request for
`
`the dynamic code is received by a computer associated with a first trusted authenticator and the
`
`authentication request is received by a computer associated with a second trusted authenticator
`
`that is different than the first trusted authenticator,” for which the Office Action provides certain
`
`Official Notice. The Office Action takes Official Notice for this teaching absent from Kaliski,
`
`Jr. and Hill. Specifically, the Office Action states:
`
`Official Notice is taken that it is old and well—known practice in the
`
`art that in some system or arrangement more than one computer is
`
`used to provide services to their clients (i.e., different computers
`
`for different purposes and services). Therefore, it would have been
`
`obvious to a person of ordinary skill in the art at the time of the
`
`invention was made [sic] to modify the system of Kaliski—Hill to
`
`deploy one computer for providing a dynamic code to a client and
`
`another computer for authenticating the dynamic code (i.e.,
`
`verifying the identity of the user) whenever the user request [sic] a
`
`service because this arrangement would make the system of
`
`Kaliski—Hill capable of handling cases such as when the entity and
`the user have their own different trusted authenticators.
`
`Office Action, p. 9.
`
`The Applicants respectfully submit that the Official Notice does not encompass the claimed
`
`subject matter. The cited claim element states that there are different trusted authenticators for
`
`-20-
`
`

`
`U.S. Patent Application No. 12/210,926
`
`Attorney Docket No. KAMR002USO
`
`the request for a dynamic code and the authentication request based on the dynamic code. The
`
`Official Notice taken does not state that it is old and well—known in the art to use different trusted
`
`authenticators, but merely that different computers are used for different purposes. There is a
`
`missing feature in the Official Notice — that different trusted authenticators are used for these
`
`specific different purposes. Therefore, the Applicants respectfully submit that splitting up the
`
`functions of receiving a request for a dynamic code and receiving an authentication request
`
`between different trusted authenticators is not a well—known practice, and if the Examiner is
`
`assuming so, then the Applicants respectfully request that the Examiner provide support for this
`
`contention from the prior art.
`
`According to the M.P.E.P. § 2144.03(C), “If Applicant Challenges a Factual Assertion as
`
`Not Properly Officially Noticed or Not Properly Based Upon Common Knowledge, the Examiner
`
`Must Support the Finding With Adequate Evidence.” In this instance, the Applicants have
`
`shown that the recited Official Notice is different than the claim element at issue. Therefore, the
`
`Applicants respectfully submit they have adequately traversed the finding of Official Notice.
`
`To adequately traverse [a finding of Official Notice], an applicant
`
`must specifically point out the supposed errors in the examiner’ s
`
`action, which would include stating why the noticed fact is not
`
`considered to be common knowledge or well—known in the art. See
`37 CFR I.III(b). See also Chevenard, 139 F.2d at 713, 60 USPQ
`
`at 241 (“[I]n the absence of any demand by appellant for the
`
`examiner to produce authority for his statement, we will not
`consider this contention.”).
`
`M.P.E.P § 2l44.03(C).
`
`The Applicants contend that merely knowing that “more than one computer [can be] used
`
`to provide services to their clients (i.e., different computers for different purposes and services)”
`
`does not lead one to the conclusion that one should use different trusted authenticators for the
`
`different recited purposes.
`
`-21-
`
`

`
`U.S. Patent Application No. 12/210,926
`
`Attorney Docket No. KAMR002USO
`
`If applicant adequately traverses the examiner’s assertion of
`
`official notice, the examiner must provide documentary evidence
`
`in the next Office action if the rejection is to be maintained. See 37
`CFR I.I04(c)(2). See also Zurko, 258 F.3d at 1386, 59 USPQ2d at
`
`1697 (“[T]he Board [or examiner] must point to some concrete
`
`evidence in the record in support of these findings” to satisfy the
`
`substantial evidence test). If the examiner is relying on personal
`
`knowledge to support the finding of what is known in the art, the
`
`examiner must provide an affidavit or declaration setting forth
`
`specific factual statements and explanation to support the finding.
`See 37 CFR I.I04(d)(2).
`
`M.P.E.P § 2144.03(C).
`
`The Applicants therefore specifically request that the Examiner provide documentary evidence
`
`in the next Office action that different trusted authenticators are used for receiving a request for a
`
`dynamic code and receiving an authentication request based on the dynamic code, if this rejection
`
`