USAA 1045
`USAA v. Asghari-Kamrani et al.
`CBM2016-00063
`CBM2016-00064
`
`

`
`In the Claims:
`
`Please amend the claims as follows:
`
`U.S. Patent Application No. 12/210,926
`
`Attorney Docket No. KAMR002USO
`
`1. (Currently Amended) A method for authenticating a user during an electronic
`
`transaction between the user and an EXtemal—Entity, the method comprising:
`
`receiving electronically a request for a dynamic SecureCode for the user by a Central-
`
`Entity during the transaction between the user and the EXternal—Entity;
`
`generating during the transaction a dynamic SecureCode for the user in response to the
`
`request, wherein the dynamic SecureCode is valid for a predefined time and becomes invalid
`
`after being used;
`
`providing said generated SecureCode to the user during the transaction;
`
`receiving electronicallyb% by the Central—Entity a request for
`
`authenticating the user based on a digital identity during the transaction, which digital identity
`
`includes the SecureCode; and
`
`authenticating by the Central—Entity the user during the transaction if the digital identity is
`
`valid.
`
`Please cancel claims 2-3 without disclaimer of or prejudice to the subject matter
`
`contained therein.
`
`2. (Cancelled) A method as recited in claim 1, wherein said user has a pre—eXisting
`
`relationship with the EXternal—Entity.
`
`

`
`U.S. Patent Application No. 12/210,926
`
`Attorney Docket No. KAMR002USO
`
`3. (Cancelled) A method as recited in claim 1, wherein said user has no pre—eXisting
`
`relationship with the EXternal—Entity.
`
`4. (Currently Amended) A method as recited in claim 1, further comprising:
`
`combining said generated SecureCode with a user—specific information using a
`
`predetermined algorithm to form a combined Secure—Code and user specific information;
`
`maintaining the combined Secure—Code and user specific information at the Central-
`
`Entity;
`
`
`
`comparing the combined Secure—Code and user specific information with a received
`
`combined Secure—Code and user specific informationm%%
`
`to validate the user.
`
`5-1 1. (Cancelled)
`
`12. (Previously Presented) A method as recited in claim 1, wherein said EXternal—Entity
`
`receives the user’s digital identity.
`
`13. (Previously Presented) A method as recited in claim 1, wherein said EXternal—Entity
`
`submits a digital identity to the Central—Entity.
`
`

`
`U.S. Patent Application No. 12/210,926
`
`Attorney Docket No. KAMR002USO
`
`14. (Previously Presented) The method of claim 1, wherein said digital identity includes a
`
`user—specific information.
`
`15. (Previously Presented) The method of claim 14, wherein the user specific information
`
`comprises one or more of the following: an alphanumeric name, an ID, a login name, and an
`
`identification phrase.
`
`16. (Original) The method of claim 1, wherein the transaction corresponds to a financial
`
`transaction.
`
`17. (Original) The method of claim 1, wherein the transaction corresponds to a non-
`
`financial transaction.
`
`18. (Previously Presented) The method of claim 1, wherein the transaction corresponds to
`
`access to restricted web—site or restricted computer/server.
`
`19. (Previously Presented) The method of claim 1, wherein said transaction occurs over a
`
`communication network, wherein said communication network comprises one or more of the
`
`following: an Internet, a wireless network, a mobile network, a satellite network, and a private
`
`network.
`
`20. (Previously Presented) The method of claim 1, wherein said transaction occurs over a
`
`communication network to which is coupled said user, said Central—Entity, and said EXtemal—
`
`

`
`Entity.
`
`U.S. Patent Application No. 12/210,926
`
`Attorney Docket No. KAMR002USO
`
`21. (Previously Presented) An apparatus for authenticating a user during an electronic
`
`transaction with an EXternal—Entity, the apparatus comprising:
`
`a first Central—Entity computer adapted to:
`
`generate a dynamic SecureCode for the user in response to a request during the
`
`transaction, wherein the dynamic SecureCode is Valid for a predefined time and becomes
`
`invalid after being used; and
`
`provide said SecureCode to the user;
`
`a second Central—Entity computer adapted to validate a digital identity, which includes
`
`said SecureCode, and authenticate the user if the digital identity is valid.
`
`22. (Previously Presented) The apparatus as recited in claim 21, wherein said user has a
`
`pre—eXisting relationship with the EXternal—Entity.
`
`23. (Previously Presented) The apparatus as recited in claim 21, wherein said user has no
`
`pre—eXisting relationship with the EXternal—Entity.
`
`24. (Previously Presented) The apparatus as recited in claim 21, wherein said EXtemal—
`
`Entity and said Central—Entity use a SecureCode that is algorithmically combined with said user-
`
`specific information.
`
`25-31. (Cancelled)
`
`

`
`U.S. Patent Application No. 12/210,926
`
`Attorney Docket No. KAMR002USO
`
`32. (Previously Presented) The apparatus as recited in claim 21, wherein the user submits
`
`a digital identity to the EXternal—Entity.
`
`33. (Previously Presented) The apparatus as recited in claim 21, wherein the External-
`
`Entity submits a digital identity to the Central—Entity.
`
`34. (Previously Presented) The apparatus of claim 21, wherein the digital identity
`
`includes a user—specific information.
`
`35. (Previously Presented) The apparatus of claim 34, wherein the user specific
`
`information comprises one or more of the following; an alphanumeric name, an ID, a login name,
`
`and an identification phrase.
`
`36. (Previously Presented) The apparatus of claim 21, wherein the transaction
`
`corresponds to a financial transaction.
`
`37. (Previously Presented) The apparatus of claim 21, wherein the transaction
`
`corresponds to a non—financial transaction.
`
`38. (Previously Presented) The apparatus of claim 21, wherein the transaction
`
`corresponds to access to restricted web—site or restricted computer/server.
`
`

`
`U.S. Patent Application No. 12/210,926
`
`Attorney Docket No. KAMR002USO
`
`39. (Previously Presented) The apparatus of claim 21, wherein said transaction occurs
`
`over a communication network and wherein said communication network comprises one or more
`
`of the following; an Internet, a wireless network, a mobile network, a satellite network, and a
`
`private network.
`
`40. (Previously Presented) The apparatus of claim 21, wherein said transaction occurs
`
`over a communication network to which is coupled said user, said Central—Entity, and said
`
`EXtemal—Entity.
`
`41. (Currently Amended) A method as recited in claim 4, wherein said%H
`
`uesi-nAg—s-aid algorithmically combined SecureCode and user specific information is used to
`
`authenticate a user’s identity.
`
`42. (Cancelled)
`
`43. (Previously Presented) A method as recited in claim 4, wherein said Central—Entity is
`
`using said algorithmically combined SecureCode to authenticate a user’s identity.
`
`44. (Original) A method as recited in claim 1, wherein said EXternal—Entity and said
`
`Central—Entity are the same entity.
`
`45. (Previously Presented) The method as recited in claim 1, wherein said Central—Entity
`
`invalidates the SecureCode after authenticating the user.
`
`

`
`U.S. Patent Application No. 12/210,926
`
`Attorney Docket No. KAMR002USO
`
`46. (Previously Presented) The method as recited in claim 1, wherein the Central—Entity
`
`invalidates the SecureCode after a predefined period of time passes from when the SecureCode
`
`was generated.
`
`47. (Previously Presented ) The method as recited in claim 1, wherein said Central—Entity
`
`generates the SecureCode with dependence on the user information.
`
`48. (Previously Presented) The method as recited in claim 47, wherein said user
`
`information comprises one or more of the following: an alphanumeric name, an ID, a login name,
`
`and an identification phrase.
`
`49. (Cancelled)
`
`50. (Previously Presented) A method for authenticating a user during an electronic
`
`transaction between the user and an EXtemal—Entity, the method comprising:
`
`receiving electronically a request for a dynamic SecureCode for the user by a Central-
`
`Entity during the transaction between the user and the EXternal—Entity;
`
`generating during the transaction a dynamic SecureCode for the user in response to the
`
`request, wherein the dynamic SecureCode is valid for a predefined time and becomes invalid
`
`after being used;
`
`providing said generated SecureCode to the user during the transaction;
`
`receiving electronically by a Central—Entity a request for authenticating the user based on
`
`

`
`U.S. Patent Application No. 12/210,926
`
`Attorney Docket No. KAMR002USO
`
`a digital identity during the transaction, which digital identity includes the SecureCode; and
`
`authenticating by the Central—Entity the user during the transaction if the digital identity is
`
`valid, wherein said SecureCode is alphanumeric.
`
`51. (Original) The method as recited in claim 1, wherein said user communicates with
`
`said Central—Entity over a communication network.
`
`52. (Previously Presented) An apparatus for authenticating a user during an electronic
`
`transaction with an EXternal—Entity, the apparatus comprising:
`
`a first Central—Entity computer adapted to:
`
`generate a dynamic SecureCode for the user in response to a request during the
`
`transaction, wherein the dynamic SecureCode is valid for a predefined time and becomes
`
`invalid after being used; and
`
`provide said SecureCode to the user;
`
`a second Central—Entity computer adapted to validate a digital identity, which includes
`
`said SecureCode, and authenticate the user if the digital identity is valid, wherein said
`
`SecureCode is alphanumeric.
`
`53. (Original) The method as recited in claim 1, wherein said user communicates with
`
`said EXtemal—Entity over a communication network.
`
`54. (Previously Presented) The apparatus as recited in claim 21, wherein said user
`
`communicates with said Central—Entity over a communication network.
`
`

`
`U.S. Patent Application No. 12/210,926
`
`Attorney Docket No. KAMR002USO
`
`55. (Previously Presented) The apparatus as recited in claim 21, wherein said user
`
`communicates with said EXternal—Entity over a communication network.
`
`56-57. (Cancelled)
`
`58. (Previously Presented) The method as recited in claim 1, wherein said SecureCode is
`
`generated based on a request submitted by said user over a communication network.
`
`59. (Cancelled)
`
`60. (Previously Presented) The method as recited in claim 58, wherein said request is
`
`initiated by said user through a standard interface provided to said user.
`
`6 l -62. (Cancelled)
`
`63. (Previously Presented) The apparatus according to claim 21, wherein said first
`
`Central—Entity computer and said second Central—Entity computer are the same.
`
`64. (Previously Presented) The apparatus according to claim 21, wherein said first
`
`Central—Entity computer and said second Central—Entity computer are different.
`
`65. (Previously Presented) A method as recited in claim 1, wherein said digital identity
`
`-10-
`
`

`
`comprises the SecureCode and a user—specific information.
`
`U.S. Patent Application No. 12/210,926
`
`Attorney Docket No. KAMR002USO
`
`66. (Previously Presented) A method as recited in claim 1, wherein said digital identity
`
`comprises the SecureCode.
`
`67. (Previously Presented) A method as recited in claim 1, wherein said digital identity is
`
`invalid if the SecureCode is invalid.
`
`68. (Previously Presented) A method as recited in claim 1, wherein said digital identity is
`
`valid if at least the SecureCode is valid.
`
`69. (Previously Presented) A method as recited in claim 1, wherein said EXternal—Entity
`
`authenticates the user upon receiving an affirmation authentication message from the Central-
`
`Entity.
`
`70. (Previously Presented) A method as recited in claim 1, wherein said EXternal—Entity
`
`authenticates the user if said Central—Entity authenticates the user based on the SecureCode.
`
`71. (Previously Presented) The apparatus of claim 21, wherein said digital identity is
`
`invalid if the SecureCode is invalid.
`
`72. (Previously Presented) The apparatus of claim 21, wherein said digital identity is
`
`valid if at least the SecureCode is valid.
`
`-11-
`
`

`
`U.S. Patent Application No. 12/210,926
`
`Attorney Docket No. KAMR002USO
`
`73. (Previously Presented) The apparatus of claim 21, wherein said EXternal—Entity
`
`authenticates the user upon receiving an affirmation authentication message from the Central-
`
`Entity.
`
`74. (Previously Presented) The apparatus of claim 21, wherein said digital identity
`
`comprises the SecureCode.
`
`75. (Previously Presented) The apparatus of claim 21, wherein said Central—Entity
`
`invalidates the SecureCode after authenticating the user.
`
`76. (Previously Presented) The apparatus of claim 21, wherein the Central—Entity
`
`invalidates the SecureCode after a predefined period of time passes after the SecureCode was
`
`generated.
`
`77. (Previously Presented) The apparatus of claim 21, wherein said Central—Entity
`
`generates the SecureCode based on said user information.
`
`78. (Previously Presented) The apparatus of claim 77, wherein said user information
`
`comprises one or more of the following: an alphanumeric name, an ID, a login name, a password,
`
`and an identification phrase.
`
`79. (Previously Presented) The method of claim 65, wherein the user specific information
`
`-12-
`
`

`
`U.S. Patent Application No. 12/210,926
`
`Attorney Docket No. KAMR002USO
`
`comprises one or more of the following: an alphanumeric name, an ID, a login name, and an
`
`identification phrase.
`
`80. (Previously Presented) The apparatus of claim 21, wherein said EXternal—Entity
`
`authenticates the user if said Central—Entity authenticates the user based on the SecureCode.
`
`8 1. (Previously Presented) The apparatus of claim 21, wherein said EXternal—Entity and
`
`Central—Entity are the same entity.
`
`82. (Previously Presented) A method as recited in claim 50, wherein said EXternal—Entity
`
`and Central—Entity are the same entity.
`
`83. (Previously Presented) The method of claim 50, wherein said digital identity includes
`
`a user—specific information.
`
`84. (Previously Presented) The method of claim 83, wherein the user—specific information
`
`includes user—identifying information.
`
`85. (Previously Presented) The method of claim 83, wherein the user—specific information
`
`comprises one or more of the following: an alphanumeric name, an ID, a login name, and an
`
`identification phrase.
`
`86. (Previously Presented) The apparatus of claim 52, wherein said EXternal—Entity and
`
`-13-
`
`

`
`Central—Entity are the same entity.
`
`U.S. Patent Application No. 12/210,926
`
`Attorney Docket No. KAMR002USO
`
`87. (Previously Presented) The apparatus of claim 52, wherein said digital identity
`
`includes an user—specific information.
`
`88. (Previously Presented) The apparatus of claim 87, wherein the user—specific
`
`information includes user—identifying information.
`
`89. (Previously Presented) The method of claim 87, wherein the user—specific information
`
`comprises one or more of the following: an alphanumeric name, an ID, a login name, and an
`
`identification phrase.
`
`90. (Previously Presented) The method of claim 14, wherein the user—specific information
`
`includes user—identifying information.
`
`91. (Previously Presented) The apparatus of claim 34, wherein the user—specific
`
`information includes user—identifying information.
`
`-14-
`
`

`
`U.S. Patent Application No. 12/210,926
`
`Attorney Docket No. KAMR002USO
`
`REMARKS
`
`Claims 1-4, 12-24, 32-41, 43-48, 50-55, 58, 60 and 63-91Were previously pending.
`
`Claims 5-11, 25-31, 42, 49, 56-57, 59 and 61-62 have been previously cancelled without
`
`disclaimer of or prejudice to the subject matter contained therein. Claims 2-3 have been cancelled
`
`without disclaimer of or prejudice to the subject matter contained therein. Claims 1, 4 and 41
`
`have been amended as indicated below. Claims 1, 4, 12-24, 32-41, 43-48, 50-55, 58, 60 and 63-
`
`91 remain pending.
`
`OBJECTION TO THE SPECIFICATION
`
`The Examiner objected to the specification for failing to provide proper antecedent basis
`
`for the claimed subject matter citing 37 C.F.R. § 1.74(d) and MPEP § 608.01(o). Specifically,
`
`the Examiner contends claims 2 and 3 lack support for whether the user has a pre-existing
`
`relationship with the External Entity or not. While the Applicants respectfully disagree with the
`
`Examiner’s contentions, to expedite issuance of a notice of allowance, claims 2-3 have been
`
`cancelled without disclaimer of or prejudice to the subject matter contained therein.
`
`With regard to claim 4, the Examiner contends this claim remains unclear. The
`
`Applicants have amended claim 4 to be consistent with the specification, at page 14, first full
`
`paragraph.
`
`With regard to claim 41, the Examiner contends this claim is not supported in the
`
`specification. The Applicants have amended claim 41 to be consistent with the specification at
`
`page 14, first full paragraph.
`
`In light of the foregoing amendments, the Applicants respectfully request reconsideration
`
`and withdrawal of the objection to the specification and claims 2-4, and 41.
`
`-15-
`
`

`
`U.S. Patent Application No. 12/210,926
`
`Attorney Docket No. KAMR002USO
`
`CLAIM OBJECTIONS
`
`The Examiner objected to claim 1 based on a certain informality, which has been
`
`corrected. In light of the correction, the Applicants respectfully request reconsideration and
`
`withdrawal of the objection to claiml.
`
`CLAIMS REMAIN PATENTABLE OVER KALISKI, JR. AND HILL
`EITHER TAKEN ALONE OR IN COMBINATION
`
`The Office Action rejected claims 1-4, 12-20, 22-24, 32-41, 43-48, 50-55, 58, 60, 63 and
`
`65-91 under 35 U.S.C. § l03(a) as being unpatentable over U.S. Patent Publication No.
`
`2010/0100724 Al by Kaliski, Jr. [hereinafter “Kaliski, Jr.”] in View of U.S. Patent No. 6,236,981
`
`by Hill [hereinafter “Hill”]. Generally, the Office Action contends that Kaliski, Jr. discloses all
`
`of the elements of the claims, except for certain missing features that it contends can be found in
`
`Hill, and further contends that it would have been obvious to one of ordinary skill in the art to
`
`modify the system of Kaliski, Jr. using these certain missing features from Hill for various
`
`specified reasons. For example with regard to claim 1, the Office Action asserts that Kaliski, Jr.
`
`discloses all of the elements of the claim at issue, except for “that the dynamic SecureCode
`
`becomes invalid after being used.” The Applicants respectfully disagree with the Office Action’ s
`
`characterization of these references vis-a-vis the claims at issue and respectfully request
`
`reconsideration and withdrawal of the rejection in light of the following remarks.
`
`Factual Inquiries Set Forth in Graham v. John Deere Show Non-Obviousness
`
`1. Determining Scope of Prior Art
`
`Kaliski, Jr. teaches a technique for developing a hardened password that is then used to
`
`derive a decryption key or as the decryption key, which decryption key is then used to
`
`-16-
`
`

`
`U.S. Patent Application No. 12/210,926
`
`Attorney Docket No. KAMR002USO
`
`successfully decrypt user information thereby Verifying the authenticity of the user. Thus, the
`
`hardened password is not used to authenticate the user, but rather successful decryption is the
`
`basis for authenticating the user. Afi‘. N. Kamrani filed 030112, WW13-15; Afi‘. K. Kamrani filed
`
`030112, WW14-16; Afi‘. Hewittfiled 030112, WW1 7-19; and Afi‘. Hosseinzadelz filed 030112, WW13-
`
`15.
`
`Hill teaches the use of digital tokens as a payment mechanism. The digital tokens are not
`
`used to authenticate the user. The issuer merely authenticates the digital tokens as Valid payment
`
`but not as authentication of the user. Afi‘. N. Kamrani filed 03 01 1 2, WW16-19; Afi‘. K. Kamrani
`
`filed 030112, WW17-20; Afi‘. Hewitt filed 030112, WW21 -23; and Afi‘. Hosseinzadelz filed 030112,
`
`WW16-19.
`
`2. Ascertaining the Dififerences Between the Prior Art and Claims at Issue
`
`The Claims at issue include the limitations that the dynamic SecureCode is generated
`
`during the transaction between the user and the Extemal-Entity and that the so generated
`
`dynamic SecureCode is then used by a Central Entity to authenticate the user to an External
`
`Entity. Kaliski, Jr. does not authenticate a user based on any code generated during the
`
`transaction between the user and the merchant because successful decryption forms the basis of
`
`authentication in Kaliski, Jr. Afi”. N. Kamrani filed 030112, WW13—15;Afi”. K. Kamrani filed
`
`030112, WW14-16; Afi‘. Hewittfiled 030112, WW1 7-19; and Afi‘. Hosseinzadelz filed 030112, WW13-
`
`15.
`
`Hill also does not authenticate a user based on a code generated during the transaction. In
`
`fact, Hill fails to teach any authentication of the user but merely authentication of payment
`
`tokens, which are not used for authentication of the user. Afi‘. N. Kamrani filed 03 01 1 2, WW16-
`
`-17-
`
`

`
`U.S. Patent Application No. 12/210,926
`
`Attorney Docket No. KAMR002USO
`
`19; Afi‘. K. Kamranifiled 030112, WW17—20; Afi”. Hewittfiled 030112, WW21—23; and Afi‘.
`
`Hosseinzadeh filed 03 01 1 2, WW16—19. Hill is merely cited for the claim element that the
`
`SecureCode becomes invalid after use.
`
`Nonce Is Not Recited SecureCode
`
`The Examiner equates the nonce of Kaliski, Jr. to the SecureCode of the present application
`
`(“wherein the nonce corresponds to the recited dynamic SecureCode.” Office Action, p. 4). But
`
`the Applicants respectfully submit that the nonce is not equivalent to the recited dynamic
`
`SecureCode. Afi”. N. Kamranifiled 030112, WW58; Afi”. K. Kamranifiled 030112, WW6—9; Afi”.
`
`Hewitt filed 030112, WW9—12; and Afi‘. Hosseinzadeh filed 030112, WW5—8. A nonce is merely a
`
`session identifier that is associated with each user’s session in a client server arrangement. Id.
`
`Authentication Not Based on SecureCode
`
`Next, the Office Action contends that Kaliski, Jr. teaches the claim element
`
`“authenticating
`
`the user during the transaction if the digital identity is valid.” For this claim
`
`element, the Examiner refers to paragraph [Ol 12] of Kaliski, Jr. However, in Kaliski, Jr.
`
`authentication is not based on the digital identity that includes the nonce, but rather
`
`authentication is based on successful decryption of an electronic signature. Afi”. N. Kamrani filed
`
`030112, WW13—15;Afi‘. K. Kamranifiled 030112, WW14—16;Afi‘. Hewittfiled 030112, WW1 7-19;
`
`and Afi‘. Hosseinzadeh filed 030112, WW13—15.
`
`In Kaliski, Jr. authentication is not based on the nonce, rather the nonce is merely an
`
`identifier used to indicate “whether or not the authentication attempt associated with the nonce
`
`was successful.” Kaliski, Jr., W[0112]. Afi”. N. Kamranifiled 030112, WW58; Afi”. K. Kamrani
`
`-18-
`
`

`
`filed 030112, WW6—9; Afi”. Hewittfiled 030112, WW9—12; and Afi”. Hosseinzadelzfiled 030112, WW5-
`
`8.
`
`U.S. Patent Application No. 12/210,926
`
`Attorney Docket No. KAMR002USO
`
`Authentication Server Equated with the Central Entity by the Office Action Does Not
`Authenticate the User as Recited in the Claims
`
`The Office Action equates the recited Central Entity with the Authentication Server 730
`
`of FIG. 7 from Kaliski, Jr. Oflice Action, p. 4. Claim 1 specifically states “authenticating by the
`
`Central Entity the user during the transaction...” However, the Authentication Server 730 of
`
`Kaliski, Jr. does not authenticate the user, but rather the web server 710 authenticates the user
`
`based on successful decryption of the user’s digital signature. Afi‘. N. Kamrani filed 03 01 1 2,
`
`WW10—12;Afi‘. K. Kamranifiled 030112, WW11—13;Afi‘. Hewittfiled 030112, WW14—16; and Afi‘.
`
`Hosseinzadelz filed 030112, WW1 0-12.
`
`Authentication Server Equated with the Central Entity by the Office Action Does Not
`
`Receive Authentication Request as Recited in the Claims
`
`Claim 1 also recites “receiving electronically by the Central Entity a request for
`
`authenticating the user based on a digital identity during the transaction, which digital identity
`
`includes the SecureCode.” However, the Authentication Server 730 of Kaliski, Jr. does not
`
`receive a request for authenticating the user because the web server 710 authenticates the user
`
`based on successful decryption of the user’s digital signature. Afi‘. N. Kamrani filed 03 01 1 2, W9;
`
`Afi‘. K. Kamrani filed 030112, W10; Afi‘. Hewitt filed 030112, W13; and Afi‘. Hosseinzadeh filed
`
`03 01 1 2, W9. Thus, neither reference includes the recited claim elements of: (l) authenticating
`
`the user based on a SecureCode; (2) receiving an authentication request message by a Central
`
`Entity, which message includes a SecureCode generated by the Central Entity; (3) authenticating
`
`-19-
`
`

`
`U.S. Patent Application No. 12/210,926
`
`Attorney Docket No. KAMR002USO
`
`the user by the Central Entity that generated the SecureCode. Without these features, the
`
`suggested combination fails to state a primafacie case of obviousness. Reconsideration and
`
`withdrawal of the rejection of these claims is therefore respectfully requested.
`
`CLAIMS REMAIN PATENTABLE OVER KALISKI, JR. AND HILL TAKEN ALONE
`OR IN COMBINATION WITH CERTAIN OFFICIAL NOTICE
`
`The Office Action rejected claims 23, 66, 68, 70 and 71 under 35 U.S.C. § l03(a) as
`
`being unpatentable over the combination of Kaliski, Jr. and Hill and further in View of certain
`
`Official Notice. The Office Action contends that the above mentioned combination of Kaliski,
`
`Jr. and Hill discloses all of the elements of the claim at issue, except for “wherein the request for
`
`the dynamic code is received by a computer associated with a first trusted authenticator and the
`
`authentication request is received by a computer associated with a second trusted authenticator
`
`that is different than the first trusted authenticator,” for which the Office Action provides certain
`
`Official Notice. The Office Action takes Official Notice for this teaching absent from Kaliski,
`
`Jr. and Hill. Specifically, the Office Action states:
`
`Official Notice is taken that it is old and well—known practice in the
`
`art that in some system or arrangement more than one computer is
`
`used to provide services to their clients (i.e., different computers
`
`for different purposes and services). Therefore, it would have been
`
`obvious to a person of ordinary skill in the art at the time of the
`
`invention was made [sic] to modify the system of Kaliski—Hill to
`
`deploy one computer for providing a dynamic code to a client and
`
`another computer for authenticating the dynamic code (i.e.,
`
`verifying the identity of the user) whenever the user request [sic] a
`
`service because this arrangement would make the system of
`
`Kaliski—Hill capable of handling cases such as when the entity and
`the user have their own different trusted authenticators.
`
`Office Action, p. 9.
`
`-20-
`
`

`
`U.S. Patent Application No. 12/210,926
`
`Attorney Docket No. KAMR002USO
`
`The Applicants respectfully submit that the Official Notice does not encompass the claimed
`
`subject matter. The cited claim element states that there are different trusted authenticators for
`
`the request for a dynamic code and the authentication request based on the dynamic code. The
`
`Official Notice taken does not state that it is old and well—known in the art to use different trusted
`
`authenticators, but merely that different computers are used for different purposes. There is a
`
`missing feature in the Official Notice — that different trusted authenticators are used for these
`
`specific different purposes. Therefore, the Applicants respectfully submit that splitting up the
`
`functions of receiving a request for a dynamic code and receiving an authentication request
`
`between different trusted authenticators is not a well—known practice, and if the Examiner is
`
`assuming so, then the Applicants respectfully request that the Examiner provide support for this
`
`contention from the prior art.
`
`According to the M.P.E.P. § 2144.03(C), “If Applicant Challenges a Factual Assertion as
`
`Not Properly Officially Noticed or Not Properly Based Upon Common Knowledge, the Examiner
`
`Must Support the Finding With Adequate Evidence.” In this instance, the Applicants have
`
`shown that the recited Official Notice is different than the claim element at issue. Therefore, the
`
`Applicants respectfully submit they have adequately traversed the finding of Official Notice.
`
`To adequately traverse [a finding of Official Notice], an applicant
`
`must specifically point out the supposed errors in the examiner’ s
`
`action, which would include stating why the noticed fact is not
`
`considered to be common knowledge or well—known in the art. See
`37 CFR I.III(b). See also Chevenard, 139 F.2d at 713, 60 USPQ
`
`at 241 (“[I]n the absence of any demand by appellant for the
`
`examiner to produce authority for his statement, we will not
`consider this contention.”).
`
`M.P.E.P § 2l44.03(C).
`
`The Applicants contend that merely knowing that “more than one computer [can be] used
`
`to provide services to their clients (i.e., different computers for different purposes and services)”
`
`-21-
`
`

`
`does not lead one to the conclusion that one should use different trusted authenticators for the
`
`U.S. Patent Application No. 12/210,926
`
`Attorney Docket No. KAMR002USO
`
`different recited purposes.
`
`If applicant adequately traverses the examiner’s assertion of
`
`official notice, the examiner must provide documentary evidence
`
`in the next Office action if the rejection is to be maintained. See 37
`CFR I.I04(c)(2). See also Zurko, 258 F.3d at 1386, 59 USPQ2d at
`
`1697 (“[T]he Board [or examiner] must point to some concrete
`
`evidence in the record in support of these findings” to satisfy the
`
`substantial evidence test). If the examiner is relying on personal
`
`knowledge to support the finding of what is known in the art, the
`
`examiner must provide an affidavit or declaration setting forth
`
`specific factual statements and explanation to support the finding.
`See 37 CFR I.I04(d)(2).
`
`M.P.E.P § 2144.03(C).
`
`The Applicants therefore specifically request that the Examiner provide documentary evidence
`
`in the next Office action that different trusted authenticators are used for receiving a request for a
`
`dynamic code and receiving an authentication request based on the dynamic code, if this rejection
`
`is to be maintained.
`
`Moreover, these claims remain patentable for at least the reasons set forth above with
`
`respect to the combination of Kaliski, Jr. and Hill. The Applicants therefore respectfully request
`
`reconsideration and withdrawal of the rejection of claims 23, 66, 68, 70 and 71.
`
`CONCLUSION
`
`The Applicant respectfully submits this application is in condition for allowance and
`
`requests issuance of a Notice of Allowance.
`
`Although not believed necessary, the Office is hereby authorized to charge any fees
`
`required under 37 C.F.R. § 1.16 or § 1.17 or credit any overpayments to the deposit account of
`
`MICHAEL P FORTKORT PC, Deposit Account No. 50-3776.
`
`-22-
`
`

`
`U.S. Patent Application No. 12/210,926
`
`Attorney Docket No. KAMR002USO
`
`In the event the prosecution of this Application can be efficiently advanced by a phone
`
`discussion, it is requested that the undersigned attorney be called at (703) 435-9390.
`
`Respectfully submitted,
`
`By
`
`/Michael P. Fortkort/
`
`Michael P. Fortkort
`
`(Reg. No. 35,141)
`
`
`Date: March 1 2012
`
`MICHAEL P FORTKORT PC
`
`The International Law Center
`
`13164 Lazy Glen Lane
`
`Oak Hill, Virginia 20171
`
`Please direct telephone calls to:
`Michael P. Fortkort
`
`703-435-9390
`
`703-435-8857 (facsimile)
`
`-23-
`
`

`
`U.S. Patent Application No. 12/210,926
`Attorney Docket No. IQAMR002USO
`
`Certification Under 37 C.F.R.
`
`1.8
`
`I hereby certify that on March 1, 2012 this correspondence is being: (a) deposited with the
`United States Postal Service in an envelope addressed to Commissioner for Patents, P.O.
`Box 1450, Alexandria, Virginia 22313-1450; or (b) transmitted via facsimile to facsimile
`number 571-273-8300; or (c) electronically filed with the U.S. Patent Office.
`
`
`Date: March 1 2012
`
`Signature:
`
`/Michael P. Fortkort/
`Michael P. Fortkort
`
`(Reg. No. 35,141)
`
`IN THE UNITED STATES PATENT & TRADEMARK OFFICE
`
`APPLICANT: NADER ASGHARI-KAMRANI and IQAMRAN ASGHARI-KAMRANI
`
`SERIAL NO.: 12/210,926
`
`FILING DATE: September 15, 2008
`
`EXAMINER: Mr. Abdulhakim Nobahar
`
`ART UNIT: 2432
`
`TITLE: CENTRALIZED IDENTIFICATION AND AUTHENTICATION SYSTEM AND
`METHOD
`
`ATTORNEY DOCKET: KAMR002USO
`
`CONFIRMATION NO.: 7516
`
`VIA ELECTRONIC FILING SYSTEM
`ASSISTANT COMMISSIONER FOR PATENTS
`
`WASHINGTON, D.C. 20231
`
`AFFIDAVIT UNDER RULE 132
`
`Applicants hereby submit this affidavit in support of their response to the Office
`
`Action mailed January 6, 2012 which rejected the pending claims.
`
`This affidavit is being provided as testimony in the prosecution of U.S. Serial No.
`
`12/210,926, and pursuant to the provisions of 37 C.F.R. § 1.132. The witness hereby avers
`
`and testifies as follows:
`
`- 24 -
`
`

`
`B2/2Elf‘2B12
`
`13:52
`
`73322763285
`
`CGI FED 523A
`
`PAGE B3/1B
`
`U.S. Patent Application No. 12/210,926
`Attorney Docket No. KAMROOZUSO
`
`1.
`
`I am Nader Asghaxi—Kamrani, one of the inventors listed in US. patent
`
`Application, whi