Verification of Automatic Responses to Authentication Requests on Authorized Mobile Devices

DETAILED ACTION 1. Pending claims for reconsideration are claims 1-5, and 7-21. Claims 1, 10, 16, and 20 have been amended. Claim 6 has been cancelled. Claim 21 is new Response to Arguments 2. Applicant's arguments filed 8/07/2025 have been fully considered but they are not persuasive. In the remarks, applicant argues in substance: That- Applicant submits that the cited references, taken singly or in combination, do not teach or suggest “receiving, from the mobile device, one or more automatically generated responses for” “factors” “in a current multi-factor authentication procedure” where the “responses are automatically generated at and transmitted from the mobile device using a computer learning model,” as recited in claim 1. In response to applicants’ argument – Shahidzadeh discloses in Column 16/lines 35-43 physical and logical data may include user habits, biometrics ( e.g. , iris scans ) , traffic intelligence , passwords ambient DNA , third party , mobile analytics , device ( i.e. , 200 , 202 ) fingerprint , device browser fingerprint , and / or multi - factor authentication and in coloumn1/lines 40-48 a first mobile device having a first network interface configured to be communicatively coupled to a network utilizing a secure communication protocol and at least one first hardware processor of a plurality of hardware processors coupled to a first memory and configured to : receive a first 45 security code key and embed the first security code key in the first memory. That- the cited references, taken singly or in combination, do not teach or suggest that “the current set of parameters and the previous set of parameters include respective values for a wearable device parameter that indicates whether a wearable device is being worn by a user of the mobile device and whether the wearable device is unlocked, wherein information stored by the wearable device is accessible to the user when the wearable device is unlocked” as recited in claim 1. In response to applicants’ argument – Ziraknejad discloses in Col.14/lines 17-19 that a watch may be considered to provide continuous authentication as long as it is worn without interruption , or is worn within a defined set of parameters. Claim Rejections - 35 USC § 103 The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action: A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made. 3. Claims 1-21 are rejected under 35 U.S.C. 103 as being unpatentable over Patent No.: US 11,101,993 B1 to Shahidzadeh in view of Patent No.: US 10,701,067 B1 to Ziraknejad et al(hereafter referenced as Ziraknejad), in further view of Pub.No.: US 2020/0311285 A1 to JOCHEMS et al(hereafter referenced as JOCHEM). Regarding claim 1, Shahidzadeh discloses “a non-transitory computer-readable medium having instructions stored thereon that are capable of execution by a server (server [Fig.4/item 100]) computer system to perform operations comprising: sending, to a mobile device (i.e. send to user device [Fig.4/item 200/202]), “one or more requests corresponding to one or more factors in a current multi-factor authentication procedure(physical and logical data may include user habits, biometrics ( e.g. , iris scans ) , traffic intelligence , passwords ambient DNA , third party , mobile analytics , device ( i.e. , 200 , 202 ) fingerprint , device browser fingerprint , and / or multi - factor authentication [Col.16/lines 35-43]) ; receiving, from the mobile device, one or more automatically generated responses for the one or more factors”(first mobile device having a first network interface configured to be communicatively coupled to a network utilizing a secure communication protocol and at least one first hardware processor of a plurality of hardware processors coupled to a first memory and configured to : receive a first 45 security code key and embed the first security code key in the first memory [Col.1/lines 40-48) , wherein the one or more responses are automatically generated at and transmitted from the mobile device using a computer learning model based on a current set of parameters for the current multi-factor authentication procedure and a previous set of parameters for a prior multi-factor authentication procedure”(post authorization will be continuous both in physical and cyber space where machine learning algorithms may detect, recognize and predict every move of the user and able to identify anomalies [Col.4/lines 38-41]) , Shahidzadeh does not explicitly disclose “wherein the current set of parameters and the previous set of parameters include respective values for a frequency of login parameter that indicates how often a user of the mobile device logs into a set of one or more accounts and a wearable device parameter that indicates whether a wearable device is being worn by a user of the mobile device and whether the wearable device is unlocked, wherein information stored by the wearable device is accessible to the user when the wearable device is unlocked”; However, Ziraknejad in an analogous art discloses “wherein the current set of parameters and the previous set of parameters include respective values a frequency of login parameter that indicates how often a user of the mobile device logs into a set of one or more accounts and for a wearable device parameter (watch may be considered to provide continuous authentication as long as it is worn without interruption , or is worn within a defined set of parameters Ziraknejad [Col.14/lines 17-19]) that indicates whether a wearable device is being worn by a user of the mobile device and whether the wearable device is unlocked, wherein information stored by the wearable device is accessible to the user when the wearable device is unlocked.”(If an unlocked state of the watch or continuous wear of the watch since the last authentication were not present, the user can be given the opportunity to authenticate by entering the device unlock code for the watch Ziraknejad [Col.13/lines 4-8]). Therefore, it would have been obvious to one of ordinary skill in the art at the time the invention was filed to modify Shahidzadeh’s authentication and authorization of a communication device with Ziraknejad’s credential management using a wearable device in order to provide additional security. One of ordinary skill in the art would have been motivated to combine because Shahidzadeh discloses a wearable device requiring authentication and authorization, Ziraknejad teaches credential management using a wearable device, and both are from the same field of endeavor. Neither Shahidzadeh nor Ziraknejad explicitly discloses “determining, based on a current state of the mobile device received with the one or more automatically generated responses and one or more prior states of the mobile device stored at the server computer system, a risk score for the one or more automatically generated responses; and generating, based on the risk score, an authorization decision for an authorization request corresponding to the current multi-factor authentication procedure. However, JOCHEMS in an analogous art discloses “determining, based on a current state of the mobile device received with the one or more automatically generated responses and one or more prior states of the mobile device stored at the server computer system, a risk score for the one or more automatically generated responses(generating a risk score JOCHEMS[Fig.2/item 120]); and generating, based on the risk score, an authorization decision for an authorization request corresponding to the current multi-factor authentication procedure” (the device generated risk score based on the device data may be sent 230 without sending the device data itself . In this way , requirements of data regulation may be fulfilled , for example , while enabling improved authentication of a user JOCHEMS [par.0042]). Therefore, it would have been obvious to one of ordinary skill in the art at the time the invention was filed to modify Shahidzadeh’s authentication and authorization of a communication device and Ziraknejad’s credential management using a wearable device, with JOCHEMS methods and devices for user authentication in order to provide additional security. One of ordinary skill in the art would have been motivated to combine because Shahidzadeh discloses a wearable device requiring authentication and authorization, Ziraknejad teaches credential management using a wearable device, JOCHEMS discloses an authorization process with devices, and all are from the same field of endeavor. Regarding claim 2 in view of claim 1, the references combined discloses “wherein determining the risk score is performed by: inputting the current state of the mobile device into a machine learning model stored at the server computer system” (The online server 300a can determine whether there is a high risk , a medium risk , or a low risk that the request is sent from a non - authorized user , for example . If at the online server 300a it is decided , that the request received at the online server 300a has a medium risk to be sent by a non - authorized user , the online the server 300a can send instructions to the user device 300 to enable running a personalized local risk detector at the user device 300 JOCHEMS[par.0048]). Regarding claim 3 in view of claim 1, the references combined disclose “wherein the determining includes: determining a similarity value based on comparing the current state of the mobile device and the one or more prior states of the mobile device; and assigning, based on the similarity value, a risk score to the one or more automatically generated responses” (device generated risk score based on the device data may be sent 230 without sending the device data itself . In this way , requirements of data regulation may be fulfilled , for example , while enabling improved authentication of a user JOCHEMS[par.0042]). Regarding claim 4 in view of claim 1, the references combined disclose “wherein generating the authorization decision is further based on: comparing the risk score to a plurality of risk thresholds; and determining, based on the risk score satisfying a particular risk threshold, whether to escalate the current multi-factor authentication procedure” (the risk score is above an upper threshold the request may be blocked instantly. the risk score is below a lower threshold, the request may be allowed instantly JOCHEMS [par.0024]). Regarding claim 5 in view of claim 1, the references combined disclose “wherein the one or more prior states and the current state of the mobile device include: respective values for types of parameters included in the current set of parameters” (watch may be considered to provide continuous authentication as long as it is worn without interruption , or is worn within a defined set of parameters Ziraknejad [Col.14/lines 17-19]); “and respective values for one or more of the following types of mobile device parameters: a location, an IP address, and permissions for an account currently logged in on the mobile device.”(when a client device submits a login request, the request may include the location of the client device , for example , based on GPS coordinates , Wi - Fi access point triangulation data , cellular network tri angulation data , or IP address information Ziraknejad [Col.36/lines 49-53]). Regarding claim 6 in view of claim 1, the references combined disclose “wherein the current set of parameters and the previous set of parameters include respective values one or more of the following types of parameters: a frequency of login parameter that indicates how often user of the mobile device logs into a set of one or more accounts “(watch 110 may send data indicating the user selection, as well as information about the context of the watch 110. This context information, e.g., sensor data or device state information, can confirm that the authentication is sufficient and provide data used for logging or reporting purposed Ziraknejad [Col.13/lines 48-52]). Regarding claim 7 in view of claim 1, the references combined disclose “wherein the one or more requests corresponding to the one or more factors are sent to the mobile device based on receiving a response from the mobile device approving or denying a first request in a first multi-factor authentication procedure initiated by the mobile device for a first account ; and wherein the current multi-factor authentication procedure is initiated by another computing device for authentication for a different account than the first account”(alternative third step of authentication via an out of band notification initiated by location based services that sends a push notification to user devices 200 or 202 Shahidzadeh[Col.12/lines 35-38]) ; “and wherein the current multi-factor authentication procedure is initiated by another computing device for authentication for a different account than the first account”(the additional validation may also be a plurality of protocol’s at the service facility Shahidzadeh [Col.12/lines 38-40]). Regarding claim 8 in view of claim 1, the references combined disclose “wherein the authorization decision indicates, based on the risk score satisfying a particular risk threshold, to disable automated generation of multi-factor authentication responses performed on the mobile device using the computer learning model.” (The online server 300a can determine whether there is a high risk , a medium risk , or a low risk that the request is sent from a non - authorized user , for example . If at the online server 300a it is decided , that the request received at the online server 300a has a medium risk to be sent by a non - authorized user , the online the server 300a can send instructions to the user device 300 to enable running a personalized local risk detector at the user device 300 JOCHEMS[par.0048]). Regarding claim 9 in view of claim 1, the references combined disclose “wherein the authorization decision indicates to, based on the risk score satisfying a particular risk threshold” (the risk score is above an upper threshold the request may be blocked instantly. the risk score is below a lower threshold, the request may be allowed instantly JOCHEMS [par.0024]): “deny the authorization request corresponding to the current multi-factor authentication procedure; and transmit, to a system administrator of a risk system, a notification regarding the authorization request, including the risk score for the authorization request” (the risk score is above an upper threshold the request may be blocked instantly. the risk score is below a lower threshold, the request may be allowed instantly JOCHEMS [par.0024]). Regarding claim 10, Shahidzadeh discloses “a method, comprising: sending, by a server(server [Fig.4/item 100]) computer system to a mobile device(i.e. send to user device [Fig.4/item 200/202]), one or more requests corresponding to one or more factors in a multi-factor authentication procedure”(physical and logical data may include user habits, biometrics ( e.g. , iris scans ) , traffic intelligence , passwords ambient DNA , third party , mobile analytics , device ( i.e. , 200 , 202 ) fingerprint , device browser fingerprint , and / or multi - factor authentication [Col.16/lines 35-43]); “receiving, by the server computer system from the mobile device, one or more automatically generated responses for the one or more factors”(first mobile device having a first network interface configured to be communicatively coupled to a network utilizing a secure communication protocol and at least one first hardware processor of a plurality of hardware processors coupled to a first memory and configured to : receive a first 45 security code key and embed the first security code key in the first memory [Col.1/lines 40-48). Shahidzadeh does not explicitly disclose “wherein the one or more responses are automatically generated at and transmitted from the mobile device using a computer learning model based on a current set of parameters for the multi-factor authentication procedure and a previous set of parameters for a prior multi-factor authentication procedure, wherein the current set of parameters and the previous set of parameters include respective values for a frequency of login parameter that indicates how often a user of the mobile device logs into a set of one or more accounts and a wearable device parameter that indicates whether a wearable device is being worn by a user of the mobile device and whether the wearable device is unlocked, wherein information stored by the wearable device is accessible to the user when the wearable device is unlocked.” However, Ziraknejad in an analogous art discloses “wherein the one or more responses are automatically generated at and transmitted from the mobile device using a computer learning model based on a current set of parameters for the multi-factor authentication procedure and a previous set of parameters for a prior multi-factor authentication procedure(watch may be considered to provide continuous authentication as long as it is worn without interruption , or is worn within a defined set of parameters Ziraknejad [Col.14/lines 17-19]), “wherein the current set of parameters and the previous set of parameters include respective values for a frequency of login parameter that indicates how often a user of the mobile device logs into a set of one or more accounts and a wearable device parameter that indicates whether a wearable device is being worn by a user of the mobile device and whether the wearable device is unlocked(watch may be considered to provide continuous authentication as long as it is worn without interruption , or is worn within a defined set of parameters Ziraknejad [Col.14/lines 17-19]), wherein information stored by the wearable device is accessible to the user when the wearable device is unlocked.” (If an unlocked state of the watch or continuous wear of the watch since the last authentication were not present, the user can be given the opportunity to authenticate by entering the device unlock code for the watch Ziraknejad [Col.13/lines 4-8]). Therefore, it would have been obvious to one of ordinary skill in the art at the time the invention was filed to modify Shahidzadeh’s authentication and authorization of a communication device with Ziraknejad’s credential management using a wearable device in order to provide additional security. One of ordinary skill in the art would have been motivated to combine because Shahidzadeh discloses a wearable device requiring authentication and authorization, Ziraknejad teaches credential management using a wearable device, and both are from the same field of endeavor. Neither Shahidzadeh nor Ziraknejad explicitly discloses “determining, by the server computer system based on a current state of the mobile device received with the one or more automatically generated responses and one or more prior states of the mobile device stored at the server computer system, a risk score for the one or more automatically generated responses; and generating, by the server computer system based on the risk score, an authorization decision for an authorization request corresponding to the multi-factor authentication procedure. However, JOCHEMS in an analogous art discloses “determining, by the server computer system based on a current state of the mobile device received with the one or more automatically generated responses and one or more prior states of the mobile device stored at the server computer system, a risk score for the one or more automatically generated responses (generating a risk score JOCHEMS[Fig.2/item 120]); and generating, by the server computer system based on the risk score, an authorization decision for an authorization request corresponding to the multi-factor authentication procedure” (the device generated risk score based on the device data may be sent 230 without sending the device data itself . In this way , requirements of data regulation may be fulfilled , for example , while enabling improved authentication of a user JOCHEMS [par.0042]). Therefore, it would have been obvious to one of ordinary skill in the art at the time the invention was filed to modify Shahidzadeh’s authentication and authorization of a communication device and Ziraknejad’s credential management using a wearable device, with JOCHEMS methods and devices for user authentication in order to provide additional security. One of ordinary skill in the art would have been motivated to combine because Shahidzadeh discloses a wearable device requiring authentication and authorization, Ziraknejad teaches credential management using a wearable device, JOCHEMS discloses an authorization process with devices, and all are from the same field of endeavor. Regarding claim 11 in view of claim 10, the references combined disclose “wherein determining the risk score is performed by: inputting the current state of the mobile device into a machine learning model stored at the server computer system” wherein the machine learning model is trained at the server computer system using one or more prior states of the mobile device gathered for one or more prior multi- factor authentication procedures during a particular prior interval of time” (The online server 300a can determine whether there is a high risk , a medium risk , or a low risk that the request is sent from a non - authorized user , for example . If at the online server 300a it is decided , that the request received at the online server 300a has a medium risk to be sent by a non - authorized user , the online the server 300a can send instructions to the user device 300 to enable running a personalized local risk detector at the user device 300 JOCHEMS[par.0048]). Regarding claim 12 in view of claim 10, the references combined disclose “wherein generating the authorization decision is further based on: comparing the risk score to a plurality of risk thresholds; and determining, based on the risk score satisfying a particular risk threshold, whether to escalate the multi-factor authentication procedure” (the risk score is above an upper threshold the request may be blocked instantly. the risk score is below a lower threshold, the request may be allowed instantly JOCHEMS [par.0024]). Regarding claim 13 in view of claim 10, the references combined disclose “wherein the one or more prior states and the current state of the mobile device include: respective values for types of parameters included in the current set of parameters” (watch may be considered to provide continuous authentication as long as it is worn without interruption , or is worn within a defined set of parameters Ziraknejad [Col.14/lines 17-19]); “and respective values for one or more of the following types of mobile device parameters: a location, an IP address, and permissions for an account currently logged in on the mobile device.” (when a client device submits a login request, the request may include the location of the client device , for example , based on GPS coordinates , Wi - Fi access point triangulation data , cellular network triangulation data , or IP address information Ziraknejad [Col.36/lines 49-53]). Regarding claim 14 in view of claim 10, the references combined disclose “wherein the one or more automatic responses received from the mobile device are received for an authorization requested by the mobile device”(transaction module 118 may further provide automatic authorizations or rejections based on the authorization policies Shahidzadeh [Col.9/lines 36-39]). Regarding claim 15 in view of claim 10, the references combined disclose “wherein the current set of parameters and previous set of parameters include respective values one or more of the following types of parameters: one or more parameters that indicate personally identifiable information (PII) that is stored on the mobile device that is not shared with other devices, and a wireless signature parameter based on wireless signatures of one or more nearby devices.”(resource device receives the data from the phone 105, determines that it is valid and sufficient to gain access, and provides access in response [Col.14/lines 59-62]). Regarding claim 16, Shahidzadeh discloses “ system, comprising: at least one processor; and a memory having instructions stored thereon that are executable by the at least one processor to cause the system to: send, to a mobile device(i.e. send to user device [Fig.4/item 200/202]),, one or more requests corresponding to one or more factors in a multi-factor authentication procedure” (physical and logical data may include user habits, biometrics ( e.g. , iris scans ) , traffic intelligence , passwords ambient DNA , third party , mobile analytics , device ( i.e. , 200 , 202 ) fingerprint , device browser fingerprint , and / or multi - factor authentication [Col.16/lines 35-43]); receive, from the mobile device, one or more automatically generated responses for the one or more factors” (first mobile device having a first network interface configured to be communicatively coupled to a network utilizing a secure communication protocol and at least one first hardware processor of a plurality of hardware processors coupled to a first memory and configured to : receive a first 45 security code key and embed the first security code key in the first memory [Col.1/lines 40-48), Shahidzadeh does not explicitly disclose “wherein the one or more responses are automatically generated at and transmitted from the mobile device using a computer learning model based on a current set of parameters for the multi-factor authentication procedure and a previous set of parameters for a prior multi-factor authentication procedure, wherein the current set of parameters and the previous set of parameters include respective values for a frequency of login parameter that indicates how often a user of the mobile device logs into a set of one or more accounts and a wearable device parameter that indicates whether a wearable device is being worn by a user of the mobile device and whether the wearable device is unlocked, wherein information stored by the wearable device is accessible to the user when the wearable device is unlocked.” However, Ziraknejad in an analogous art discloses “wherein the one or more responses are automatically generated at and transmitted from the mobile device using a computer learning model based on a current set of parameters for the multi-factor authentication procedure and a previous set of parameters for a prior multi-factor authentication procedure (watch may be considered to provide continuous authentication as long as it is worn without interruption , or is worn within a defined set of parameters Ziraknejad [Col.14/lines 17-19]), “wherein the current set of parameters and the previous set of parameters include respective values for a frequency of login parameter that indicates how often a user of the mobile device logs into a set of one or more accounts(watch may be considered to provide continuous authentication as long as it is worn without interruption , or is worn within a defined set of parameters Ziraknejad [Col.14/lines 17-19]), and a wearable device parameter that indicates whether a wearable device is being worn by a user of the mobile device and whether the wearable device is unlocked, wherein information stored by the wearable device is accessible to the user when the wearable device is unlocked” (If an unlocked state of the watch or continuous wear of the watch since the last authentication were not present, the user can be given the opportunity to authenticate by entering the device unlock code for the watch Ziraknejad [Col.13/lines 4-8]). Therefore, it would have been obvious to one of ordinary skill in the art at the time the invention was filed to modify Shahidzadeh’s authentication and authorization of a communication device with Ziraknejad’s credential management using a wearable device in order to provide additional security. One of ordinary skill in the art would have been motivated to combine because Shahidzadeh discloses a wearable device requiring authentication and authorization, Ziraknejad teaches credential management using a wearable device, and both are from the same field of endeavor. Neither Shahidzadeh nor Ziraknejad explicitly discloses “determine, based on a current state of the mobile device received with the one or more automatically generated responses and one or more prior states of the mobile device stored at the system, a risk score for the one or more automatically generated responses; and generate, based on the risk score, an authorization decision for an authorization request corresponding to the multi-factor authentication procedure.” However, JOCHEMS in an analogous art discloses “determine, based on a current state of the mobile device received with the one or more automatically generated responses and one or more prior states of the mobile device stored at the system, a risk score for the one or more automatically generated responses” (generating a risk score JOCHEMS[Fig.2/item 120]); and generate, based on the risk score, an authorization decision for an authorization request corresponding to the multi-factor authentication procedure” (the device generated risk score based on the device data may be sent 230 without sending the device data itself . In this way , requirements of data regulation may be fulfilled , for example , while enabling improved authentication of a user JOCHEMS [par.0042]). Therefore, it would have been obvious to one of ordinary skill in the art at the time the invention was filed to modify Shahidzadeh’s authentication and authorization of a communication device and Ziraknejad’s credential management using a wearable device, with JOCHEMS methods and devices for user authentication in order to provide additional security. One of ordinary skill in the art would have been motivated to combine because Shahidzadeh discloses a wearable device requiring authentication and authorization, Ziraknejad teaches credential management using a wearable device, JOCHEMS discloses an authorization process with devices, and all are from the same field of endeavor. Regarding claim 17 in view of claim 16, the references combined disclose “wherein determining the risk score is performed by: inputting the current state and the one or more prior states of the mobile device into a machine learning model stored at the system, wherein the machine learning model is trained at the system using one or more prior states of the mobile device gathered for one or more prior multi- factor authentication procedures during a particular prior interval of time during a particular prior interval of time” (The online server 300a can determine whether there is a high risk , a medium risk , or a low risk that the request is sent from a non - authorized user , for example . If at the online server 300a it is decided , that the request received at the online server 300a has a medium risk to be sent by a non - authorized user , the online the server 300a can send instructions to the user device 300 to enable running a personalized local risk detector at the user device 300 JOCHEMS[par.0048]). Regarding claim 18 in view of claim 16, the references combined disclose “wherein generating the authorization decision is further based on: comparing the risk score to a plurality of risk thresholds; and determining, based on the risk score satisfying a particular risk threshold, whether to escalate the multi-factor authentication procedure.” (the risk score is above an upper threshold the request may be blocked instantly. the risk score is below a lower threshold, the request may be allowed instantly JOCHEMS [par.0024]). Regarding claim 19 in view of claim 16, the references combined disclose “wherein the one or more prior states and the current state of the mobile device include: respective values for types of parameters included in the current set of parameters” (watch may be considered to provide continuous authentication as long as it is worn without interruption , or is worn within a defined set of parameters Ziraknejad [Col.14/lines 17-19]); “and respective values for one or more of the following types of mobile device parameters: a location, an IP address, and permissions for an account currently logged in on the mobile device.” (when a client device submits a login request, the request may include the location of the client device , for example , based on GPS coordinates , Wi - Fi access point triangulation data , cellular network tri angulation data , or IP address information Ziraknejad [Col.36/lines 49-53]). Regarding claim 20 in view of claim 16, the references combined discloses “wherein the determining includes: determining a similarity value based on comparing the current state of the mobile device and the one or more prior states of the mobile device; and assigning, based on the similarity value, a risk score to the one or more automatically generated responses”(Sensor data provided from the watch , combined with sensory input from the phone can be used as variables in multifactor authentication and risk scoring algorithms Ziraknejad [Col.23/lines 41-44]). Regarding claim 21 in view of claim 10, the references combined discloses “wherein the determining includes: determining a similarity value based on comparing the current state of the mobile device and the one or more prior states of the mobile device; and assigning, based on the similarity value, a risk score to the one or more automatically generated responses”(Sensor data provided from the watch , combined with sensory input from the phone can be used as variables in multifactor authentication and risk scoring algorithms Ziraknejad [Col.23/lines 41-44]). Conclusion THIS ACTION IS MADE FINAL. Applicant is reminded of the extension of time policy as set forth in 37 CFR 1.136(a). A shortened statutory period for reply to this final action is set to expire THREE MONTHS from the mailing date of this action. In the event a first reply is filed within TWO MONTHS of the mailing date of this final action and the advisory action is not mailed until after the end of the THREE-MONTH shortened statutory period, then the shortened statutory period will expire on the date the advisory action is mailed, and any nonprovisional extension fee (37 CFR 1.17(a)) pursuant to 37 CFR 1.136(a) will be calculated from the mailing date of the advisory action. In no event, however, will the statutory period for reply expire later than SIX MONTHS from the mailing date of this final action. Any inquiry concerning this communication or earlier communications from the examiner should be directed to MICHAEL D ANDERSON whose telephone number is (571)270-5159. The examiner can normally be reached Mon-Fri 9am-6pm. Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice. If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Jeffrey Pwu can be reached at (571) 272-6798. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300. Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. Visit https://www.uspto.gov/patents/apply/patent-center for more information about Patent Center and https://www.uspto.gov/patents/docx for information about filing in DOCX format. For additional questions, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000. /MICHAEL D ANDERSON/Examiner, Art Unit 2433 /JEFFREY C PWU/Supervisory Patent Examiner, Art Unit 2433