DETAILED ACTION
Notice of Pre-AIA or AIA Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .
Election/Restrictions
Applicant’s election without traverse of Group I: Claims 1-4, 6, 9-12, 14 and 17-20 in the reply filed on 8/14/2025 is acknowledged.
Claim Rejections - 35 USC § 103
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.
The factual inquiries for establishing a background for determining obviousness under 35 U.S.C. 103 are summarized as follows:
1. Determining the scope and contents of the prior art.
2. Ascertaining the differences between the prior art and the claims at issue.
3. Resolving the level of ordinary skill in the pertinent art.
4. Considering objective evidence present in the application indicating obviousness or nonobviousness.
This application currently names joint inventors. In considering patentability of the claims the examiner presumes that the subject matter of the various claims was commonly owned as of the effective filing date of the claimed invention(s) absent any evidence to the contrary. Applicant is advised of the obligation under 37 CFR 1.56 to point out the inventor and effective filing dates of each claim that was not commonly owned as of the effective filing date of the later invention in order for the examiner to consider the applicability of 35 U.S.C. 102(b)(2)(C) for any potential 35 U.S.C. 102(a)(2) prior art against the later invention.
Claims 1, 9 and 17 are rejected under 35 U.S.C. 103 as being unpatentable over US 20240015515 A1 (hereinafter “Jaiswal”), further in view of US 20220217135 A1 (hereinafter "Jarvis").
Regarding independent claims 1, 9 and 17:
Claim 1:
Jaiswal discloses:
A method for securing a two-factor authentication against subscriber identity module (SIM) hijacking (see abstract: “A telecommunications system is configured to prevent Subscriber Identity Module (SIM) swap scams. The system includes multiple network nodes and a database. When a SIM change occurs for a given phone number, a messaging process is triggered between the network nodes that temporarily sets a flag in the database associated with that phone number. While the flag is set in the database, messages for the phone number are not delivered in a normal manner. Instead, the messages are analyzed by the network for the presence of secure information, such as one-time passwords (OTPs).”), the method comprising:
receiving, by a server computer providing a communications service, a first short message service (SMS) message addressed to a subscriber of a mobile network service(¶18: “…While the flag is set, the network monitors text messages, e.g., Short Messaging Service (SMS) messages, routed toward the phone number with the new SIM. When a text message is received at the network…”, in other words, the network intercepts a SMS that is destined for a particular subscriber on the network);
determining, by the server computer, that the first SMS message comprises an authentication code for use in accessing a web service (¶18: “…, rather than simply deliver the message to the device with the new SIM, a messaging flow is triggered to determine or predict whether the text message includes an OTP. For example, the text message can be transmitted to a node that executes an artificial intelligence model that analyzes text for OTPs.”, in other words, the previously intercepted SMS is not inspected as to whether it contains text for OTPs).
Jaiswal does not disclose:
dividing, by the server computer, the authentication code into a first portion and a second portion;
transmitting, by the server computer, a second SMS message comprising the first portion of the authentication code to a native messaging application executing on a mobile device associated with the subscriber, using as an address a unique identifier associated with a subscriber identity module (SIM) of the mobile device; and
transmitting, by the server computer, a message comprising the second portion of the authentication code to one or more unified communications messaging clients associated with the subscriber;
wherein the first portion of the authentication code and the second portion of the authentication code are to be provided together for use in accessing the web service.
However, in an analogous art, Jarvis discloses:
dividing, by the server computer, the authentication code into a first portion and a second portion (see ¶39: “segmenting an OTP into at least a first part and the second part”, Jarvis discloses how a generated OTP is segmented into two distinct parts for multi-channel transmission);
transmitting, by the server computer, a second SMS message comprising the first portion of the authentication code to a native messaging application executing on a mobile device associated with the subscriber, using as an address a unique identifier associated with a subscriber identity module (SIM) of the mobile device (see ¶37: “In some embodiments, the OTP may be segmented by the server 101 into multiple parts for transmission to the mobile device 160 via distinct respective messaging channels (e.g., SMS, MMS, email, chat app).”, ¶39: “(6) transmitting the first part and the second part via distinct messaging app/messaging channels to the requesting device” and ¶47: “For example, the first messaging app may be an SMS app…”, the OTP is segmented into multiple parts and transmitted via respective messaging channels including SMS – note, while not spelled out ‘using an address…a unique identifier’, it is inherent by the mere mention of SMS, sending a text message via SMS follows the standard outlined in 3GPP TS 23.040, 3GPP TS 24.011 and 3GPP TS 29.002 by invoking the 3GPP stack, requiring using the subscriber’s MSISDN to send the SMS to a particular subscriber (all incorporated by reference and cited on PTO-892); and
transmitting, by the server computer, a message comprising the second portion of the authentication code to one or more unified communications messaging clients associated with the subscriber (see ¶37: “In some embodiments, the OTP may be segmented by the server 101 into multiple parts for transmission to the mobile device 160 via distinct respective messaging channels (e.g., SMS, MMS, email, chat app).”, ¶39: “(6) transmitting the first part and the second part via distinct messaging app/messaging channels to the requesting device” and ¶47: “For example… while the second messaging app may be an email app, or a chat app…”);
wherein the first portion of the authentication code and the second portion of the authentication code are to be provided together for use in accessing the web service (see Fig. 3A-3C and ¶56-57: “In this example, the first messaging app is shown as an SMS app, which displays the received first part of the OTP in a banner display. As shown herein, the banner displays that the message is sent from an entity 314 associated with “227896” and only partial content of the OTP message is displayed. Detecting that the message contains OTP information, the first messaging app 302 is configured to present to the user a “COPY CODE” button 312.”, to summarize, an SMS with a portion of the OTP is received and the user gets to copy that partial code to memory, then via a different messaging channel: “…the user receives the second part of the OTP in the second messaging app. Here, the second messaging app is illustrated as an email app 332. As shown herein, the email app 332 displays in the “From” field 334 that the email message is sent from Capital One; in the “To” field 338 that the email message is directed to the user at the email address of customer@gamil.com, and in the subject field 336 that “Capital One: You authentication code.” Further, the email app 332 further displays the anonymized second part 352 of the OTP as part of the content in body field 350. . Similarly, the anonymized second part 352 of the OTP is rendered by the email app 332 as an operable link. Upon the user's selection of the displayed second part, and a subsequent operation to paste into the text field 322 of the app 320 shown at the right hand side of FIG. 3B, the real content of the second part of the OTP is transferred securely from the email app 332 to the app 320, without the user or other parties being able to comprehend the real content of the second part of the OTP.”, here the second application is an email client and the second part of the OTP is sent via email. Fig 3A: 306 includes the 3 character code that was received via SMS, Fig. 3B: 326 now shows the 3 character code received via SMS and the 3 character code received via email totaling 6 characters – note that the code is hidden with asterisk).
It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to modify Jaiswal’s message-handling-logic, in particular the flow that (1) intercepts and analyzes the SMS and (2) blocks delivery upon detecting an OTP, by incorporating Jarvis’s segmentation and dual-channel transmission teachings. Jarvis expressly discloses segmenting an authentication factor (such as an OTP) into a first portion and a second portion and then transmitting the first portion via the native SMS channel and the second portion via a unified-communications messaging client (such as an IM/chat client). Such a combination merely applies the predictable, routine enhancement of splitting a sensitive code and using multiple independent channels to secure multi-factor authentication. The modification yields the well-recognized security benefit that compromise of any single channel still leaves the attacker without the complete OTP.
Claim 9:
Jaiswal discloses:
A system for securing a two-factor authentication against subscriber identity module (SIM) hijacking (see abstract: “A telecommunications system is configured to prevent Subscriber Identity Module (SIM) swap scams. The system includes multiple network nodes and a database. When a SIM change occurs for a given phone number, a messaging process is triggered between the network nodes that temporarily sets a flag in the database associated with that phone number. While the flag is set in the database, messages for the phone number are not delivered in a normal manner. Instead, the messages are analyzed by the network for the presence of secure information, such as one-time passwords (OTPs).”), the system comprising:
one or more processors;
a memory storing instructions that, when executed by the one or more processors, cause the system to:
receive, by a server computer providing a communications service, a first short message service (SMS) message addressed to a subscriber of a mobile network service (¶18: “…While the flag is set, the network monitors text messages, e.g., Short Messaging Service (SMS) messages, routed toward the phone number with the new SIM. When a text message is received at the network…”, in other words, the network intercepts a SMS that is destined for a particular subscriber on the network);
determine, by the server computer, that the first SMS message comprises an authentication code for use in accessing a web service (¶18: “…, rather than simply deliver the message to the device with the new SIM, a messaging flow is triggered to determine or predict whether the text message includes an OTP. For example, the text message can be transmitted to a node that executes an artificial intelligence model that analyzes text for OTPs.”, in other words, the previously intercepted SMS is not inspected as to whether it contains text for OTPs).
Jaiswal does not disclose:
divide, by the server computer, the authentication code into a first portion and a second portion;
transmit, by the server computer, a second SMS message comprising the first portion of the authentication code to a native messaging application executing on a mobile device associated with the subscriber, using as an address a unique identifier associated with a subscriber identity module (SIM) of the mobile device; and
transmit, by the server computer, a message comprising the second portion of the authentication code to one or more unified communications messaging clients associated with the subscriber;
wherein the first portion of the authentication code and the second portion of the authentication code are to be provided together for use in accessing the web service.
However, in an analogous art, Jarvis discloses:
divide, by the server computer, the authentication code into a first portion and a second portion (see ¶39: “segmenting an OTP into at least a first part and the second part”, Jarvis discloses how a generated OTP is segmented into two distinct parts for multi-channel transmission);
transmit, by the server computer, a second SMS message comprising the first portion of the authentication code to a native messaging application executing on a mobile device associated with the subscriber, using as an address a unique identifier associated with a subscriber identity module (SIM) of the mobile device (see ¶37: “In some embodiments, the OTP may be segmented by the server 101 into multiple parts for transmission to the mobile device 160 via distinct respective messaging channels (e.g., SMS, MMS, email, chat app).”, ¶39: “(6) transmitting the first part and the second part via distinct messaging app/messaging channels to the requesting device” and ¶47: “For example, the first messaging app may be an SMS app…”, the OTP is segmented into multiple parts and transmitted via respective messaging channels including SMS – note, while not spelled out ‘using an address…a unique identifier’, it is inherent by the mere mention of SMS, sending a text message via SMS follows the standard outlined in 3GPP TS 23.040, 3GPP TS 24.011 and 3GPP TS 29.002 by invoking the 3GPP stack, requiring using the subscriber’s MSISDN to send the SMS to a particular subscriber (all incorporated by reference and cited on PTO-892); and
transmit, by the server computer, a message comprising the second portion of the authentication code to one or more unified communications messaging clients associated with the subscriber (see ¶37: “In some embodiments, the OTP may be segmented by the server 101 into multiple parts for transmission to the mobile device 160 via distinct respective messaging channels (e.g., SMS, MMS, email, chat app).”, ¶39: “(6) transmitting the first part and the second part via distinct messaging app/messaging channels to the requesting device” and ¶47: “For example… while the second messaging app may be an email app, or a chat app…”);
wherein the first portion of the authentication code and the second portion of the authentication code are to be provided together for use in accessing the web service (see Fig. 3A-3C and ¶56-57: “In this example, the first messaging app is shown as an SMS app, which displays the received first part of the OTP in a banner display. As shown herein, the banner displays that the message is sent from an entity 314 associated with “227896” and only partial content of the OTP message is displayed. Detecting that the message contains OTP information, the first messaging app 302 is configured to present to the user a “COPY CODE” button 312.”, to summarize, an SMS with a portion of the OTP is received and the user gets to copy that partial code to memory, then via a different messaging channel: “…the user receives the second part of the OTP in the second messaging app. Here, the second messaging app is illustrated as an email app 332. As shown herein, the email app 332 displays in the “From” field 334 that the email message is sent from Capital One; in the “To” field 338 that the email message is directed to the user at the email address of customer@gamil.com, and in the subject field 336 that “Capital One: You authentication code.” Further, the email app 332 further displays the anonymized second part 352 of the OTP as part of the content in body field 350. . Similarly, the anonymized second part 352 of the OTP is rendered by the email app 332 as an operable link. Upon the user's selection of the displayed second part, and a subsequent operation to paste into the text field 322 of the app 320 shown at the right hand side of FIG. 3B, the real content of the second part of the OTP is transferred securely from the email app 332 to the app 320, without the user or other parties being able to comprehend the real content of the second part of the OTP.”, here the second application is an email client and the second part of the OTP is sent via email. Fig 3A: 306 includes the 3 character code that was received via SMS, Fig. 3B: 326 now shows the 3 character code received via SMS and the 3 character code received via email totaling 6 characters – note that the code is hidden with asterisk).
It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to modify Jaiswal’s message-handling-logic, in particular the flow that (1) intercepts and analyzes the SMS and (2) blocks delivery upon detecting an OTP, by incorporating Jarvis’s segmentation and dual-channel transmission teachings. Jarvis expressly discloses segmenting an authentication factor (such as an OTP) into a first portion and a second portion and then transmitting the first portion via the native SMS channel and the second portion via a unified-communications messaging client (such as an IM/chat client). Such a combination merely applies the predictable, routine enhancement of splitting a sensitive code and using multiple independent channels to secure multi-factor authentication. The modification yields the well-recognized security benefit that compromise of any single channel still leaves the attacker without the complete OTP.
Claim 17:
Jaiswal discloses:
A non-transitory computer-readable medium storing instructions that, when executed by one or more processors, cause the one or more processors to perform steps for securing a two- factor authentication against subscriber identity module (SIM) hijacking (see abstract: “A telecommunications system is configured to prevent Subscriber Identity Module (SIM) swap scams. The system includes multiple network nodes and a database. When a SIM change occurs for a given phone number, a messaging process is triggered between the network nodes that temporarily sets a flag in the database associated with that phone number. While the flag is set in the database, messages for the phone number are not delivered in a normal manner. Instead, the messages are analyzed by the network for the presence of secure information, such as one-time passwords (OTPs).”), the steps comprising:
receiving a first short message service (SMS) message addressed to a subscriber of a mobile network service (¶18: “…While the flag is set, the network monitors text messages, e.g., Short Messaging Service (SMS) messages, routed toward the phone number with the new SIM. When a text message is received at the network…”, in other words, the network intercepts a SMS that is destined for a particular subscriber on the network);
determining that the first SMS message comprises an authentication code (¶18: “…, rather than simply deliver the message to the device with the new SIM, a messaging flow is triggered to determine or predict whether the text message includes an OTP. For example, the text message can be transmitted to a node that executes an artificial intelligence model that analyzes text for OTPs.”, in other words, the previously intercepted SMS is not inspected as to whether it contains text for OTPs).
Jaiswal does not disclose:
dividing the authentication code into a first portion and a second portion;
transmitting a second SMS message comprising the first portion of the authentication code to a native messaging application executing on a mobile device associated with the subscriber, using as an address a unique identifier associated with a subscriber identity module (SIM) of the mobile device; and
transmitting a message comprising the second portion of the authentication code to one or more unified communications messaging clients associated with the subscriber.
However, in an analogous art, Jarvis discloses:
dividing the authentication code into a first portion and a second portion (see ¶39: “segmenting an OTP into at least a first part and the second part”, Jarvis discloses how a generated OTP is segmented into two distinct parts for multi-channel transmission);
transmitting a second SMS message comprising the first portion of the authentication code to a native messaging application executing on a mobile device associated with the subscriber, using as an address a unique identifier associated with a subscriber identity module (SIM) of the mobile device (see ¶37: “In some embodiments, the OTP may be segmented by the server 101 into multiple parts for transmission to the mobile device 160 via distinct respective messaging channels (e.g., SMS, MMS, email, chat app).”, ¶39: “(6) transmitting the first part and the second part via distinct messaging app/messaging channels to the requesting device” and ¶47: “For example, the first messaging app may be an SMS app…”, the OTP is segmented into multiple parts and transmitted via respective messaging channels including SMS – note, while not spelled out ‘using an address…a unique identifier’, it is inherent by the mere mention of SMS, sending a text message via SMS follows the standard outlined in 3GPP TS 23.040, 3GPP TS 24.011 and 3GPP TS 29.002 by invoking the 3GPP stack, requiring using the subscriber’s MSISDN to send the SMS to a particular subscriber (all incorporated by reference and cited on PTO-892); and
transmitting a message comprising the second portion of the authentication code to one or more unified communications messaging clients associated with the subscriber (see ¶37: “In some embodiments, the OTP may be segmented by the server 101 into multiple parts for transmission to the mobile device 160 via distinct respective messaging channels (e.g., SMS, MMS, email, chat app).”, ¶39: “(6) transmitting the first part and the second part via distinct messaging app/messaging channels to the requesting device” and ¶47: “For example… while the second messaging app may be an email app, or a chat app…”).
It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to modify Jaiswal’s message-handling-logic, in particular the flow that (1) intercepts and analyzes the SMS and (2) blocks delivery upon detecting an OTP, by incorporating Jarvis’s segmentation and dual-channel transmission teachings. Jarvis expressly discloses segmenting an authentication factor (such as an OTP) into a first portion and a second portion and then transmitting the first portion via the native SMS channel and the second portion via a unified-communications messaging client (such as an IM/chat client). Such a combination merely applies the predictable, routine enhancement of splitting a sensitive code and using multiple independent channels to secure multi-factor authentication. The modification yields the well-recognized security benefit that compromise of any single channel still leaves the attacker without the complete OTP.
Claims 2-3, 10-11 and 18-19 are rejected under 35 U.S.C. 103 as being unpatentable over US 20240015515 A1 (hereinafter “Jaiswal”) in view of US 20220217135 A1 (hereinafter "Jarvis"), and further in view of US 20160210633 (hereinafter “Epelman”).
Regarding claim 2, 10, 18:
Claim 2:
Epelman teaches the following limitation that is not taught in the combination Jaiswal in view of Jarvis as applied in the rejection of claim 1:
determining, by the server computer, a threat score for the subscriber, based on locations associated with recent logins by the subscriber to the unified communications service (¶50: “wherein the first transaction takes place at a first location and at a first time; providing user account data for a second transaction, wherein the second transaction takes place at a second location and at a second time, wherein a server computer determines a time difference between the first time and the second time”, a time difference is created using both the location and time of transactions); and
comparing, by the server computer, the threat score to a threshold (¶50: “wherein the server computer compares the time difference to a reasonable travel time (RTT) value between the first location and the second location, the RTT value generated based on a plurality of transaction pairs that each comprise an initial transaction at an initial time at the first location and a subsequent transaction at a subsequent time at the second location, wherein the server computer determines, based on comparing the time difference to the RTT value, that the time difference meets or exceeds a threshold, and wherein the server computer generates an alert or modifies a risk score”, the time difference that is calculated earlier is compared with a RTT value that is calculated as to what is considered a reasonable time to travel between the locations and the system determines if a threshold is met or exceeded);
wherein dividing the authentication code into the first portion and the second portion occurs responsive to determining that the threat score transgresses the threshold (¶50, “difference meets or exceeds a threshold…generating an alert”, an action (i.e. alert) is generated when the threshold is transgressed).
It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to modify Jaiswal in view of Jarvis’s system of detecting fraudulent swim swaps by using multi-channel authentication using split authentication codes, in particular the flow that (1) detects an SMS containing an authentication code and (2) splits the authentication code, by incorporating Epelman’s system of determining a first and second location of a transaction request and calculating both the time and geographic distance to establish whether the transaction is fraudulent by adapting it to determine if a user’s request for an authentication code is fraudulent or not based on reasonable distance to travel. Such a combination merely applies the predictable, routine enhancement of determining time and location of a user to calculate the distances between subsequent requests and evaluate whether the travel/movement times are reasonable. The reasoning for such a modification is found in the prior art: “fraudulent transaction approvals may be reduced through the utilization of reasonable travel time (RTT) values generated based upon historical transaction data” (¶5, Epelman).
Claim 10:
Epelman teaches the following limitation that is not taught in the combination Jaiswal in view of Jarvis as applied in the rejection of claim 9:
determine a threat score for the subscriber, based on locations associated with recent logins by the subscriber to the unified communications service (¶50: “wherein the first transaction takes place at a first location and at a first time; providing user account data for a second transaction, wherein the second transaction takes place at a second location and at a second time, wherein a server computer determines a time difference between the first time and the second time”, a time difference is created using both the location and time of transactions);
compare the threat score to a threshold (¶50: “wherein the server computer compares the time difference to a reasonable travel time (RTT) value between the first location and the second location, the RTT value generated based on a plurality of transaction pairs that each comprise an initial transaction at an initial time at the first location and a subsequent transaction at a subsequent time at the second location, wherein the server computer determines, based on comparing the time difference to the RTT value, that the time difference meets or exceeds a threshold, and wherein the server computer generates an alert or modifies a risk score”, the time difference that is calculated earlier is compared with a RTT value that is calculated as to what is considered a reasonable time to travel between the locations and the system determines if a threshold is met or exceeded); and
divide the authentication code into the first portion and the second portion responsive to determining that the threat score transgresses the threshold (¶50, “difference meets or exceeds a threshold…generating an alert”, an action (i.e. alert) is generated when the threshold is transgressed).
It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to modify Jaiswal in view of Jarvis’s system of detecting fraudulent swim swaps by using multi-channel authentication using split authentication codes, in particular the flow that (1) detects an SMS containing an authentication code and (2) splits the authentication code, by incorporating Epelman’s system of determining a first and second location of a transaction request and calculating both the time and geographic distance to establish whether the transaction is fraudulent by adapting it to determine if a user’s request for an authentication code is fraudulent or not based on reasonable distance to travel. Such a combination merely applies the predictable, routine enhancement of determining time and location of a user to calculate the distances between subsequent requests and evaluate whether the travel/movement times are reasonable. The reasoning for such a modification is found in the prior art: “fraudulent transaction approvals may be reduced through the utilization of reasonable travel time (RTT) values generated based upon historical transaction data” (¶5, Epelman).
Claim 18:
Epelman teaches the following limitation that is not taught in the combination Jaiswal in view of Jarvis as applied in the rejection of claim 17:
determining a threat score for the subscriber, based on locations associated with recent logins by the subscriber to the unified communications service (¶50: “wherein the first transaction takes place at a first location and at a first time; providing user account data for a second transaction, wherein the second transaction takes place at a second location and at a second time, wherein a server computer determines a time difference between the first time and the second time”, a time difference is created using both the location and time of transactions);
comparing the threat score to a threshold (¶50: “wherein the server computer compares the time difference to a reasonable travel time (RTT) value between the first location and the second location, the RTT value generated based on a plurality of transaction pairs that each comprise an initial transaction at an initial time at the first location and a subsequent transaction at a subsequent time at the second location, wherein the server computer determines, based on comparing the time difference to the RTT value, that the time difference meets or exceeds a threshold, and wherein the server computer generates an alert or modifies a risk score”, the time difference that is calculated earlier is compared with a RTT value that is calculated as to what is considered a reasonable time to travel between the locations and the system determines if a threshold is met or exceeded); and
dividing the authentication code into the first portion and the second portion responsive to determining that the threat score transgresses the threshold (¶50, “difference meets or exceeds a threshold…generating an alert”, an action (i.e. alert) is generated when the threshold is transgressed).
It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to modify Jaiswal in view of Jarvis’s system of detecting fraudulent swim swaps by using multi-channel authentication using split authentication codes, in particular the flow that (1) detects an SMS containing an authentication code and (2) splits the authentication code, by incorporating Epelman’s system of determining a first and second location of a transaction request and calculating both the time and geographic distance to establish whether the transaction is fraudulent by adapting it to determine if a user’s request for an authentication code is fraudulent or not based on reasonable distance to travel. Such a combination merely applies the predictable, routine enhancement of determining time and location of a user to calculate the distances between subsequent requests and evaluate whether the travel/movement times are reasonable. The reasoning for such a modification is found in the prior art: “fraudulent transaction approvals may be reduced through the utilization of reasonable travel time (RTT) values generated based upon historical transaction data” (¶5, Epelman).
Regarding claims 3, 11 and 19:
Claim 2:
The combination Jaiswal, Jarvis and Epelman teach the following limitations:
The method of claim 2, wherein determining the threat score comprises:
identifying, from the locations associated with the recent logins by the subscriber, a first login at a first location and time (¶50-59, see explanation provided in the rejection of claim 2 as it incorporates the subsequent step of using the time to calculate the time difference);
identifying, from the locations associated with the recent logins by the subscriber, a second login at a second location and time, wherein the second time is within a specified time period of the first time (¶50-59, see explanation provided in the rejection of claim 2 as it incorporates the subsequent step of using the time to calculate the time difference);
determining a distance between the first location and the second location (¶50-59, see explanation provided in the rejection of claim 2 as it incorporates the subsequent step of using the time to calculate the time difference);
determining, based on the distance and the specified time period, that the distance for the specified time period exceeds a threshold, indicating it would be impractical for the subscriber to physically move from the first location to the second location within the specified time period (¶50-59, see explanation provided in the rejection of claim 2 as it incorporates the subsequent step of using the time to calculate the time difference); and
responsive to determining that it would be impractical to move between the first and second locations within the specified time period, increasing the threat score (¶50-59, see explanation provided in the rejection of claim 2 as it incorporates the subsequent step of using the time to calculate the time difference).
Claim 11:
The combination Jaiswal, Jarvis and Epelman teach the following limitations:
identify, from the locations associated with the recent logins by the subscriber, a first login at a first location and time (¶50-59, see explanation provided in the rejection of claim 10 as it incorporates the subsequent step of using the time to calculate the time difference).
identify, from the locations associated with the recent logins by the subscriber, a second login at a second location and time, wherein the second time is within a specified time period of the first time (¶50-59, see explanation provided in the rejection of claim 10 as it incorporates the subsequent step of using the time to calculate the time difference);
determine a distance between the first location and the second location (¶50-59, see explanation provided in the rejection of claim 10 as it incorporates the subsequent step of using the time to calculate the time difference);
determine, based on the distance and the specified time period, that the distance for the specified time period exceeds a threshold, indicating it would be impractical for the subscriber to physically move from the first location to the second location within the specified time period (¶50-59, see explanation provided in the rejection of claim 10 as it incorporates the subsequent step of using the time to calculate the time difference); and
responsive to determining that it would be impractical to move between the first and second locations within the specified time period, increase the threat score (¶50-59, see explanation provided in the rejection of claim 10 as it incorporates the subsequent step of using the time to calculate the time difference).
Claim 19:
The combination Jaiswal, Jarvis and Epelman teach the following limitations:
identifying, from the locations associated with the recent logins by the subscriber, a first login at a first location and time (¶50-59, see explanation provided in the rejection of claim 18 as it incorporates the subsequent step of using the time to calculate the time difference);
identifying, from the locations associated with the recent logins by the subscriber, a second login at a second location and time, wherein the second time is within a specified time period of the first time (¶50-59, see explanation provided in the rejection of claim 18 as it incorporates the subsequent step of using the time to calculate the time difference);
determining a distance between the first location and the second location (¶50-59, see explanation provided in the rejection of claim 18 as it incorporates the subsequent step of using the time to calculate the time difference);
determining, based on the distance and the specified time period, that the distance for the specified time period exceeds a threshold, indicating it would be impractical for the subscriber to physically move from the first location to the second location within the specified time period (¶50-59, see explanation provided in the rejection of claim 18 as it incorporates the subsequent step of using the time to calculate the time difference); and
responsive to determining that it would be impractical to move between the first and second locations within the specified time period, increasing the threat score (¶50-59, see explanation provided in the rejection of claim 18 as it incorporates the subsequent step of using the time to calculate the time difference).
Claims 4, 12 and 20 are rejected under 35 U.S.C. 103 as being unpatentable over US 20240015515 A1 (hereinafter “Jaiswal”) in view of US 20220217135 A1 (hereinafter "Jarvis") and US 20160210633 (hereinafter “Epelman”), and further in view of US 20190172067 A1 (hereinafter “Arora”).
Regarding claims 4, 12, and 20:
Claim 4:
The combination Jaiswal, Jarvis and Epelman teaches:
identifying, from the locations associated with the recent logins by the subscriber, a first login at a first geographic location (see Epelman, ¶50-59: “the first transaction takes place at a first location”).
Arora teaches the following limitation that is not taught in the combination Jaiswal in view of Jarvis and Epelman as applied in the rejection of claim 2:
accessing, by the server computer, a data store indicating location risk scores for a plurality of geographic locations, wherein the location risk scores are based on histories of fraudulent activity associated with the geographic locations (¶40: “The memory 224 may be configured to store, for example, the blockchain associated with the blockchain network 104 or other data associated therewith, fraud rates for geographic locations and other factors, feedback data regarding determined fraud scores”);
determining a first location risk score associated with the first geographic location (“the processing server 102 may include the likelihood of fraud based on the geographic location in the determination of the risk score, such as by increasing the risk if the transacting entity is located in a geographic area where fraud is more often perpetuated”); and
increasing the threat score by an amount based on the first location risk score (“the processing server 102 may include the likelihood of fraud based on the geographic location in the determination of the risk score, such as by increasing the risk if the transacting entity is located in a geographic area where fraud is more often perpetuated”).
It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to modify Jaiswal in view of Jarvis and Epelman’s system of detecting fraudulent swim swaps by using multi-channel authentication using split authentication codes, in particular the flow that (1) detects an SMS containing an authentication code and (2) splits the authentication code and (3) determining a first and second location of a transaction request, by incorporating Arora’s method of determining fraudulent geographic areas by using historical data associated with areas of high fraud activity. Such a combination merely applies the predictable, routine enhancement of determining whether a request is originating from a high fraud area and whether to mitigate the threat based on the area from where the request is made.
Claim 12:
The combination Jaiswal, Jarvis and Epelman teaches:
identify, from the locations associated with the recent logins by the subscriber, a first login at a first geographic location (see Epelman, ¶50-59: “the first transaction takes place at a first location”).
Arora teaches the following limitation that is not taught in the combination Jaiswal in view of Jarvis and Epelman as applied in the rejection of claim 10:
access a data store indicating location risk scores for a plurality of geographic locations, wherein the location risk scores are based on histories of fraudulent activity associated with the geographic locations (¶40: “The memory 224 may be configured to store, for example, the blockchain associated with the blockchain network 104 or other data associated therewith, fraud rates for geographic locations and other factors, feedback data regarding determined fraud scores”);
determine a first location risk score associated with the first geographic location (“the processing server 102 may include the likelihood of fraud based on the geographic location in the determination of the risk score, such as by increasing the risk if the transacting entity is located in a geographic area where fraud is more often perpetuated”); and
increase the threat score by an amount based on the first location risk score (“the processing server 102 may include the likelihood of fraud based on the geographic location in the determination of the risk score, such as by increasing the risk if the transacting entity is located in a geographic area where fraud is more often perpetuated”).
It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to modify Jaiswal in view of Jarvis and Epelman’s system of detecting fraudulent swim swaps by using multi-channel authentication using split authentication codes, in particular the flow that (1) detects an SMS containing an authentication code and (2) splits the authentication code and (3) determining a first and second location of a transaction request, by incorporating Arora’s method of determining fraudulent geographic areas by using historical data associated with areas of high fraud activity. Such a combination merely applies the predictable, routine enhancement of determining whether a request is originating from a high fraud area and whether to mitigate the threat based on the area from where the request is made.
Claim 20:
The combination Jaiswal, Jarvis and Epelman teaches:
identify, from the locations associated with the recent logins by the subscriber, a first login at a first geographic location (see Epelman, ¶50-59: “the first transaction takes place at a first location”).
Arora teaches the following limitation that is not taught in the combination Jaiswal in view of Jarvis and Epelman as applied in the rejection of claim 18:
accessing a data store indicating location risk scores for a plurality of geographic locations, wherein the location risk scores are based on histories of fraudulent activity associated with the geographic locations (¶40: “The memory 224 may be configured to store, for example, the blockchain associated with the blockchain network 104 or other data associated therewith, fraud rates for geographic locations and other factors, feedback data regarding determined fraud scores”);
determining a first location risk score associated with the first geographic location (“the processing server 102 may include the likelihood of fraud based on the geographic location in the determination of the risk score, such as by increasing the risk if the transacting entity is located in a geographic area where fraud is more often perpetuated”); and
increasing the threat score by an amount based on the first location risk score (“the processing server 102 may include the likelihood of fraud based on the geographic location in the determination of the risk score, such as by increasing the risk if the transacting entity is located in a geographic area where fraud is more often perpetuated”).
It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to modify Jaiswal in view of Jarvis and Epelman’s system of detecting fraudulent swim swaps by using multi-channel authentication using split authentication codes, in particular the flow that (1) detects an SMS containing an authentication code and (2) splits the authentication code and (3) determining a first and second location of a transaction request, by incorporating Arora’s method of determining fraudulent geographic areas by using historical data associated with areas of high fraud activity. Such a combination merely applies the predictable, routine enhancement of determining whether a request is originating from a high fraud area and whether to mitigate the threat based on the area from where the request is made.
Claims 6 and 14 are rejected under 35 U.S.C. 103 as being unpatentable over US 20240015515 A1 (hereinafter “Jaiswal”) in view of US 20220217135 A1 (hereinafter "Jarvis"), and further in view of US 5583517 (hereinafter “Yokev”).
Regarding claims 6 and 14:
Claim 6:
The combination Jaiswal and Jarvis teaches:
The method of claim 1 (see rejections of claim 1 above).
Yokev teaches the following limitation that is not taught in the combination Jaiswal in view of Jarvis as applied in the rejection of claim 1:
wherein the authentication code in the first SMS message is an eight character one-time passcode for use in logging into a website, the method further comprising:
dividing the eight character passcode into a first portion having a length of four characters, and a second portion having a length of four characters (Col. 10:3-22, discloses splitting a 64-bit data block into two equal 32-bit sub-blocks for transmission over separate frequency hops. Although the prior art discusses bits rather than characters, it would have been obvious to one skilled in the art to apply the same splitting technique at the character level, as characters are commonly encoded as multiple bits. The motivation to split data for transmission efficiency and reliability is well recognized.).
It would have been obvious to one of ordinary skill in the art prior to the effective filing date to modify the message-handling approach disclosed by Jaiswal by incorporating the segmentation and multi-channel transmission techniques taught by Jarvis, further supported by the data splitting principles disclosed in Bruckert. Jaiswal discloses intercepting and analyzing SMS messages containing authentication codes to prevent SIM hijacking but does not teach dividing the authentication code into multiple parts or transmitting these parts via different communication channels. Jarvis explicitly discloses segmenting an authentication code, such as an OTP, into multiple portions and transmitting these portions via distinct messaging channels, including native SMS and unified communications clients.
Bruckert discloses splitting a 64-bit data block into two equal 32-bit sub-blocks for transmission over separate frequency hops. Since characters are commonly encoded as 8 bits each, an 8-character passcode corresponds to 64 bits, and splitting it into two 4-character portions corresponds to splitting the 64-bit block into two 32-bit sub-blocks. Therefore, the splitting technique disclosed by Bruckert is directly analogous to dividing an 8-character authentication code into two 4-character portions.
Combining these teachings is a predictable and routine enhancement motivated by the desire to improve security and transmission reliability. The modification yields the well-recognized benefit that compromise of any single communication channel does not expose the entire authentication code, thereby reducing the risk of unauthorized access. Accordingly, it would have been obvious to one skilled in the art to apply the splitting and multi-channel transmission techniques of Jarvis and Bruckert to the message-handling system of Jaiswal by deciding to split 8 character messages (64 bits) into two equal 4 character messages (32 bits), as 64 bits fits well into the overall 64-bit architectures found in most modern operating systems.
Claim 14:
The combination Jaiswal and