DETAILED ACTION
Notice of Pre-AIA or AIA Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .
Response to Arguments
Applicant’s arguments, see pp. 7-11 of the response, filed October 27, 2025, with respect to the rejection(s) for claims 1-21 under §§ 102, 103 have been fully considered but are not persuasive.
Regarding claim 1, Applicant asserts that the “Jaskolski carrier application is not a background application” and further describes a definition for a “background application” that is neither in the claims nor explicitly required by the specification. That is, Applicant alleges that a “background application” is an “application launched in the process of authenticating a user device at the mobile application.” Remarks at 9. This specificity is not recited in the claims. Further, the specification specifically states that the “background application may be launched in response to authenticating a device user at the mobile application,” which does not limit the meaning of the term in the claim. See Specification [0006].
Therefore, Applicant’s assertion that the “background application” receive a narrow definition is unfounded under MPEP § 2111. (“Because applicant has the opportunity to amend the claims during prosecution, giving a claim its broadest reasonable interpretation will reduce the possibility that the claim, once issued, will be interpreted more broadly than is justified.”).
Further, Applicant states that the Jaskolski carrier application does not interact with the messaging application and does not perform a scan on an SMS message or carry out any of the other steps set forth in the claim. Remarks at 9. Applicant emphasizes this point by stating that Jaskolski messages are analyzed by a carrier network “before” they are delivered to a mobile device. Remarks at 9.
These two assertions by Applicant are in conflict. First, Applicant asserts that there is no interaction between Jaskolski’s carrier application and message application, and then Applicant asserts that the interaction is merely “before” the interaction takes place. That is, Applicant argues against the level of interaction being insufficient to meet the claim terms while admitting that there is some interaction between the two. Applicant’s claims do not specify the level of interaction required in order to meet the claimed elements—only that there is some interaction. The Broadest Reasonable Interpretation of these elements is met by the interaction of the carrier application of Jaskolski and the messaging application.
Further, Applicant states that Jaskolski “only acts in response to the presence of the OTP, not an absence.” Remarks at 9. To the contrary, the Office Action cited [0035] of Jaskolski, which relates to “a basic message” that does not contain the OTP code as discussed in [0036].
It is also worth mentioning that the phrase “when the security marker is not present” is contingent under MPEP § 2111.04(II). (“The broadest reasonable interpretation of a method (or process) claim having contingent limitations requires only those steps that must be performed and does not include steps that are not required to be performed because the condition(s) precedent are not met.”). In other words, the rest of the elements of the claim are not required to be met when the condition precedent (i.e., when the security is not present) is not met (i.e., the security marker is present).
Therefore, the rejection is maintained.
Claim Rejections - 35 USC § 102
In the event the determination of the status of the application as subject to AIA 35 U.S.C. 102 and 103 (or as subject to pre-AIA 35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis (i.e., changing from AIA to pre-AIA ) for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status.
The following is a quotation of the appropriate paragraphs of 35 U.S.C. 102 that form the basis for the rejections under this section made in this Office action:
A person shall be entitled to a patent unless –
(a)(2) the claimed invention was described in a patent issued under section 151, or in an application for patent published or deemed published under section 122(b), in which the patent or application, as the case may be, names another inventor and was effectively filed before the effective filing date of the claimed invention.
Claims 1-6 and 11-19 are rejected under 35 U.S.C. 102(a)(2) as being anticipated by U.S. Publication No. 2024/0114342 (hereinafter “Jaskolski”)
Regarding claim 1, Jaskolski teaches: A method for cross-channel verification of a communication, the method comprising: at a mobile device, launching a background application ([0045] an application on the mobile device), the background application configured to interact with an SMS application ([0045] a messaging application on the mobile device); at the background application: scanning a communication received at the SMS application from a first party for a security marker ([0045] determining whether an SMS message comprises a one-time passcode (OTP)); and when the security marker is not present: extracting encoded data from the SMS message format ([0035] If the SMS message is basic, then the transaction delivery agent 224 forwards the SMS message information to enhancement push encrypter 225.), the encoded data comprising a protocol identifier, a time stamp, a sender address, and a short message center (inherent in a forwarded message according to 3GPP TS 23.040 v.11.3.0 – 3.2.0 Introduction: The SMS comprises 8 elements particular to the submission and reception of messages: Validity-Period; Service-Centre-Time-Stamp; Protocol-Identifier; More-Messages-to-Send; Priority; Messages-Waiting; Alert-SC. MT Correlation ID.); initiating a communication with a second party at the SMS application; and inserting the extracted data into the communication with the second party ([0045] delivering the SMS message to an application on the mobile device).
Regarding claim 2, Jaskolski teaches: the second party comprising an enterprise fraud alert system ([0029] Further, the disclosed technique can provide a level of assurance that the message is not fraud or phishing to users as the system applies filtering rules as user respond with ‘report fraud/spam’ as a rules engine applies logic based on onboarding and user report of fraud/spam messages in app 212.).
Regarding claim 3, Jaskolski teaches: further comprising, launching the background application in response to authentication of a mobile device user at an enterprise mobile application ([0029], [0091] In one or more embodiments, an analysis of data can be subject to authorization from user(s) associated with the data, such as . . . selective authorization based on types of data, and so forth.).
Regarding claim 4, Jaskolski teaches: displaying a selectable option at the enterprise mobile application to launch the background application ([0091] In one or more embodiments, an analysis of data can be subject to authorization from user(s) associated with the data, such as an opt-in, an opt-out, acknowledgement requirements, notifications . . . and so forth.).
Regarding claim 5, Jaskolski teaches: wherein a scan at the background application is limited to matching a visual cue ([0045] a one-time passcode (OTP)).
Regarding claim 6, Jaskolski teaches: wherein the visual cue is a security passphrase ([0045] a one-time passcode (OTP)).
Regarding claim 11, Jaskolski teaches: A method for cross-channel verification, the method comprising: at a first communication channel: authenticating a customer; in response to the authentication, launching a background application ([0091] In one or more embodiments, an analysis of data can be subject to authorization from user(s) associated with the data, such as an opt-in, an opt-out, acknowledgement requirements, notifications . . . and so forth.), the background application configured to interact with the first communication channel and a second communication channel ([0045] determining whether an SMS message comprises a one-time passcode (OTP)); at the background application: scanning a communication received at the second communication channel from a first party for a security marker ([0045] determining whether an SMS message comprises a one-time passcode (OTP)); and when the security marker is not present: extracting encoded data from the communication ([0035] If the SMS message is basic, then the transaction delivery agent 224 forwards the SMS message information to enhancement push encrypter 225.); and inserting the extracted data into a communication to a second party via the second communication channel ([0045] delivering the SMS message to an application on the mobile device).
Regarding claim 12, Jaskolski teaches: the second communication channel comprising an SMS application and the extracted data comprising a protocol identifier, a time stamp, a sender address, and a short message center (inherent in a forwarded message according to 3GPP TS 23.040 v.11.3.0 – 3.2.0 Introduction: The SMS comprises 8 elements particular to the submission and reception of messages: Validity-Period; Service-Centre-Time-Stamp; Protocol-Identifier; More-Messages-to-Send; Priority; Messages-Waiting; Alert-SC. MT Correlation ID.).
Regarding claim 13, Jaskolski teaches: when the security marker is not present, displaying an alert associated with the communication at the first communication channel; and when the security marker is present, displaying a cleared status for the communication at the first communication channel ([0091] In one or more embodiments, an analysis of data can be subject to authorization from user(s) associated with the data, such as an opt-in, an opt-out, acknowledgement requirements, notifications . . . and so forth.).
Regarding claim 14, Jaskolski teaches: receiving input of a security marker at the first communication channel; storing security marker in association with a user account; and at a multi-channel communication server: accessing the security marker; and transmitting a communication comprising the security marker via the second communication channel ([0058] Computer-readable storage media can be accessed by one or more local or remote computing devices, e.g., via access requests, queries or other data retrieval protocols, for a variety of operations with respect to the information stored by the medium. [0069], [0077]).
Regarding claim 15, Jaskolski teaches: autogenerating a security marker at the first communication channel; storing the security marker in association with a customer account ([0029] Additionally, the user of mobile device 213 may already be biometrically authenticated by mobile device 213, thereby ensuring that the user is the subscriber registered with the carrier. Further, the disclosed technique can provide a level of assurance that the message is not fraud or phishing to users as the system applies filtering rules as user respond with ‘report fraud/spam’ as a rules engine applies logic based on onboarding and user report of fraud/spam messages in app 212.); and at a multi-channel communication server: accessing the security marker; and transmitting a communication comprising the security marker via the second communication channel ([0030] In an embodiment, the subscriber of mobile device 213 provides a consent authorization, whereby the user opts-in to a risk assessment process, thereby agreeing to permit the carrier to discover OTP text messages and share information with businesses (service providers) seeking to verify the identity of the subscriber. Likewise, a service provider can opt-in to onboarding with this service, and when they do, once the user of mobile device 213 verifies the push notification 214, NE 220 sends a risk assessment information message 215 back to equipment 201 of the service provider.).
Regarding claim 16, Jaskolski teaches: displaying a selectable option at the first communication channel to launch the background application ([0030] In an embodiment, the subscriber of mobile device 213 provides a consent authorization, whereby the user opts-in to a risk assessment process, thereby agreeing to permit the carrier to discover OTP text messages and share information with businesses (service providers) seeking to verify the identity of the subscriber.).
Regarding claim 17, Jaskolski teaches: One or more non-transitory computer-readable media storing computer-executable instructions which, when executed by a processor on a computer system, perform a method for integrating real-time verification across multiple enterprise channels, the method comprising: at a first communication channel comprising a mobile device application: authenticating a user ([0091] In one or more embodiments, an analysis of data can be subject to authorization from user(s) associated with the data, such as an opt-in, an opt-out, acknowledgement requirements, notifications . . . and so forth.); launching a background application, the background application configured to interact with the first communication channel and a second communication channel; at the background application: scanning a communication received at the second communication channel for a security marker ([0045] determining whether an SMS message comprises a one-time passcode (OTP)); when the security marker is not present: extracting encoded data from the communication ([0035] If the SMS message is basic, then the transaction delivery agent 224 forwards the SMS message information to enhancement push encrypter 225.); initiating a new communication at the second communication channel; and inserting the extracted data into the new communication ([0045] delivering the SMS message to an application on the mobile device).
Regarding claim 18, Jaskolski teaches: launching the background application in response to authentication of the user at the first communication channel ([0029], [0091] In one or more embodiments, an analysis of data can be subject to authorization from user(s) associated with the data, such as . . . selective authorization based on types of data, and so forth.).
Regarding claim 19, Jaskolski teaches: displaying a selectable option at the first communication channel to launch the background application ([0091] In one or more embodiments, an analysis of data can be subject to authorization from user(s) associated with the data, such as an opt-in, an opt-out, acknowledgement requirements, notifications . . . and so forth.).
Claim Rejections - 35 USC § 103
In the event the determination of the status of the application as subject to AIA 35 U.S.C. 102 and 103 (or as subject to pre-AIA 35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis (i.e., changing from AIA to pre-AIA ) for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status.
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.
The factual inquiries for establishing a background for determining obviousness under 35 U.S.C. 103 are summarized as follows:
1. Determining the scope and contents of the prior art.
2. Ascertaining the differences between the prior art and the claims at issue.
3. Resolving the level of ordinary skill in the pertinent art.
4. Considering objective evidence present in the application indicating obviousness or nonobviousness.
This application currently names joint inventors. In considering patentability of the claims the examiner presumes that the subject matter of the various claims was commonly owned as of the effective filing date of the claimed invention(s) absent any evidence to the contrary. Applicant is advised of the obligation under 37 CFR 1.56 to point out the inventor and effective filing dates of each claim that was not commonly owned as of the effective filing date of the later invention in order for the examiner to consider the applicability of 35 U.S.C. 102(b)(2)(C) for any potential 35 U.S.C. 102(a)(2) prior art against the later invention.
Claims 7 and 8 are rejected under 35 U.S.C. 103 as being unpatentable over Jaskolski in view of U.S. Publication No. 2021/0112024 (hereinafter “Everton”)
Regarding claim 7, Jaskolski does teach processing an SMS message which is known in the art to be converted to email messages and vice versa. Jaskolski does not teach: the background application further configured to interact with an email application, the method further comprising, at the background application: scanning a communication received at the email application from a first party for the security marker; and when the security marker is not present: extracting encoded data from the email data format, the encoded data comprising an email protocol, an IP address, and a reply path; initiating a communication with a second party at the email application; and inserting the extracted data into the communication with the second party.
However, in the same field of endeavor, Everton teaches: the background application further configured to interact with an email application, the method further comprising, at the background application: scanning a communication received at the email application from a first party for the security marker ([0017] Where, for example, the brand recognizer 204 detects that either or both of image 214 and image 218 is/are associated with a particular brand (“BRAND”) (e.g., the images are or contain BRAND's logo, BRAND's name, a trademark owned by BRAND, and/or the like), the message router 206 looks up BRAND's authorized senders and/or authorized sending IP addresses in the database 207.); and when the security marker is not present: extracting encoded data from the email data format, the encoded data comprising an email protocol, an IP address, and a reply path ([0016] For illustration of the operation of brand recognizer 204 and message router 206, shown in FIG. 2 is an example email message 202 where the content of the MAIL FROM field in the SMTP envelope 220 is sender@txdomain.com, the content of the “from” message header is alias@aliasdomain.com, the content of the RCPT TO field in the SMTP envelope 220 is user@rxdomain.com, and the content of the “to” message header is alias@aliasdomain.com. The message body 222 of the email message 202 comprises image 214, text 216, and image 218. Each of the images may be a CID embedded image (via an <img src=cid . . . > tag), a BASE64 inline embedded image, or a remote linked image (via an <img src-http:// . . . > tag).); initiating a communication with a second party at the email application; and inserting the extracted data into the communication with the second party (the email processing backend 116).
Therefore, it would have been obvious to a person of ordinary skill in the art before the effective filing date of the claimed invention to modify Jaskolski to include the feature of email scanning and a combination of Jaskolski with Everton renders the claim prima facie obvious within the described scope of the prior art and any indicated differences within the level of one of ordinary skill in the art (e.g., telecommunications engineer) according to a combination of known prior art elements with known methods to yield predictable results. MPEP 2143(I)(A) (e.g., providing detection of spear phishing).
Regarding claim 8, Jaskolski does not teach: further comprising limiting the scan of the communication received at the email application to an email header.
However, in the same field of endeavor, Everton teaches: further comprising limiting the scan of the communication received at the email application to an email header ([0025] As an example, the additional processing may comprise inspecting the headers of the email messages 202 to determine the sender's email address, domain IP address, and/or other information and then see if that information is on a whitelist or blacklist in the senders database 207.).
Therefore, it would have been obvious to a person of ordinary skill in the art before the effective filing date of the claimed invention to modify Jaskolski to include the feature of email header scanning and a combination of Jaskolski with Everton renders the claim prima facie obvious within the described scope of the prior art and any indicated differences within the level of one of ordinary skill in the art (e.g., telecommunications engineer) according to a combination of known prior art elements with known methods to yield predictable results. MPEP 2143(I)(A) (e.g., providing detection of spear phishing).
Claims 9 and 20 are rejected under 35 U.S.C. 103 as being unpatentable over Jaskolski in view of U.S. Publication No. 2014/0324694 (hereinafter “Fernandes”)
Regarding claim 9, Jaskolski does not teach teaches: further comprising, when the security marker is not present, locking a financial account associated with a user of the mobile device.
However, in the same field of endeavor, Fernandes teaches: further comprising, when the security marker is not present, locking a financial account associated with a user of the mobile device (Abstract - This disclosure includes methods and systems for restricting a transfer of funds from an electronic financial account after a lock feature has been engaged in response to an account lock request).
Therefore, it would have been obvious to a person of ordinary skill in the art before the effective filing date of the claimed invention to modify Jaskolski to include the feature of account locking in response to a scan and a combination of Jaskolski with Fernandes renders the claim prima facie obvious within the described scope of the prior art and any indicated differences within the level of one of ordinary skill in the art (e.g., telecommunications engineer) according to a combination of known prior art elements with known methods to yield predictable results. MPEP 2143(I)(A) (e.g., providing account locking).
Regarding claim 20, Jaskolski does not teach teaches: further comprising, when the security marker is not present, locking a financial account associated with a user of the mobile device.
However, in the same field of endeavor, Fernandes teaches: further comprising, when the security marker is not present, locking a financial account associated with a user of the mobile device (Abstract - This disclosure includes methods and systems for restricting a transfer of funds from an electronic financial account after a lock feature has been engaged in response to an account lock request).
Therefore, it would have been obvious to a person of ordinary skill in the art before the effective filing date of the claimed invention to modify Jaskolski to include the feature of account locking in response to a scan and a combination of Jaskolski with Fernandes renders the claim prima facie obvious within the described scope of the prior art and any indicated differences within the level of one of ordinary skill in the art (e.g., telecommunications engineer) according to a combination of known prior art elements with known methods to yield predictable results. MPEP 2143(I)(A) (e.g., providing account locking).
Claims 10 and 21 are rejected under 35 U.S.C. 103 as being unpatentable over Jaskolski in view of U.S. Publication No. 2013/0103944 (hereinafter “Adams”)
Regarding claim 10, Jaskolski does not teach: when the security marker is not present, disabling a link in the communication
However, in the same field of endeavor, Adams teaches: when the security marker is not present, disabling a link in the communication (Abstract - A method, device and computer readable memory are provided for verifying hypertext links in an encrypted e-mail message to be sent to a mobile device to remove links that may contain malicious programs, link to a phishing website, or potentially comprise security of the mobile device or expose the user to unsafe sites or content).
Therefore, it would have been obvious to a person of ordinary skill in the art before the effective filing date of the claimed invention to modify Jaskolski to include the feature of removing a link in response to a scan and a combination of Jaskolski with Adams renders the claim prima facie obvious within the described scope of the prior art and any indicated differences within the level of one of ordinary skill in the art (e.g., telecommunications engineer) according to a combination of known prior art elements with known methods to yield predictable results. MPEP 2143(I)(A) (e.g., providing link removal).
Regarding claim 21, Jaskolski does not teach: when the security marker is not present, disabling a link in the communication
However, in the same field of endeavor, Adams teaches: when the security marker is not present, disabling a link in the communication (Abstract - A method, device and computer readable memory are provided for verifying hypertext links in an encrypted e-mail message to be sent to a mobile device to remove links that may contain malicious programs, link to a phishing website, or potentially comprise security of the mobile device or expose the user to unsafe sites or content).
Therefore, it would have been obvious to a person of ordinary skill in the art before the effective filing date of the claimed invention to modify Jaskolski to include the feature of removing a link in response to a scan and a combination of Jaskolski with Adams renders the claim prima facie obvious within the described scope of the prior art and any indicated differences within the level of one of ordinary skill in the art (e.g., telecommunications engineer) according to a combination of known prior art elements with known methods to yield predictable results. MPEP 2143(I)(A) (e.g., providing link removal).
Conclusion
The prior art made of record and not relied upon is considered pertinent to applicant's disclosure.
U.S. Publication No. 2023/0412610 (Goldstein) related to a system and method for distributing multifactor authentication data to trusted parties
U.S. Publication No. 2007/0136573 (Steinberg) related to a system and method of using two or more multi-factor authentication mechanisms to authenticate online parties
U.S. Publication No. 2022/0174092 (Farjon) related to a trusted sender signature messaging system
IETF RFC 5322 – Internet Message Format
ETSI TS 23.040 v11.3.0 – Technical Realization of the Short Message Service
THIS ACTION IS MADE FINAL. Applicant is reminded of the extension of time policy as set forth in 37 CFR 1.136(a).
A shortened statutory period for reply to this final action is set to expire THREE MONTHS from the mailing date of this action. In the event a first reply is filed within TWO MONTHS of the mailing date of this final action and the advisory action is not mailed until after the end of the THREE-MONTH shortened statutory period, then the shortened statutory period will expire on the date the advisory action is mailed, and any nonprovisional extension fee (37 CFR 1.17(a)) pursuant to 37 CFR 1.136(a) will be calculated from the mailing date of the advisory action. In no event, however, will the statutory period for reply expire later than SIX MONTHS from the mailing date of this final action.
Any inquiry concerning this communication or earlier communications from the examiner should be directed to JUSTIN BARRY whose telephone number is (571)272-0201. The examiner can normally be reached 8:00am EST to 5:00pm EST.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Jinsong HU can be reached at (571) 272-3965. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. Visit https://www.uspto.gov/patents/apply/patent-center for more information about Patent Center and https://www.uspto.gov/patents/docx for information about filing in DOCX format. For additional questions, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.
/JAB/ Examiner, Art Unit 2643
/JINSONG HU/ Supervisory Patent Examiner, Art Unit 2643