DETAILED ACTION
Notice of Pre-AIA or AIA Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .
Continued Examination Under 37 CFR 1.114
A request for continued examination under 37 CFR 1.114, including the fee set forth in 37 CFR 1.17(e), was filed in this application after final rejection. Since this application is eligible for continued examination under 37 CFR 1.114, and the fee set forth in 37 CFR 1.17(e) has been timely paid, the finality of the previous Office action has been withdrawn pursuant to 37 CFR 1.114. Applicant's submission filed on 12/05/2025 has been entered. This Office-action is made Non-Final.
Status of claims
This office action is in response to claims filed on 12/05/2025
Claims 1-20 are pending and rejected; claims 1, 9 and 16 are independent claims
Response to Arguments
Applicant's arguments filed on 12/05/2025 have been fully considered but they are not persuasive.
With respect to applicant’s argument: “Oberheide is disclosing a system where an electronic device of a user must provide both a first and a second authentication. As such, Oberheide does not disclose or suggest an electronic device having one or more processors configured to communicate a one-factor authentication to a remote authentication server and obtain a two-factor authentication that is communicated to the remote authentication server in response to communicating the one-factor authentication.”
Examiner respectfully disagree with applicant’s argument for the following reasons: Oberheide discloses (see Oberheide Figs. 8-12 and ¶19, two-factor authentication (TFA) service ¶¶41-42, the authentication request preferably includes a device ID… In an alternative variation, the authentication request may include a user name, account ID, or an alternative identifier [i.e. on-factor authentication]; ¶¶19 41-42 47, Step S240, which includes validating an application response, functions to obtain user confirmation. The application response is preferably received at the TFA service. The application response can include a cryptographic signature or be otherwise cryptographically validated as originating from the device. The TFA service can verify the origin of the authentication response [i.e. validating the application response is including cryptographic signature… is the second/two factor authentication]; 47, Step S240, which includes validating an application response, functions to obtain user confirmation. The application response is preferably received at the TFA service. The application response can include a cryptographic signature or be otherwise cryptographically validated as originating from the device. The TFA service can verify the origin of the authentication response [i.e. validating the application response is including cryptographic signature… is the second/two factor authentication]) disclosing the recited claim limitation.
Claim Rejections - 35 USC § 102
The following is a quotation of the appropriate paragraphs of 35 U.S.C. 102 that form the basis for the rejections under this section made in this Office action:
A person shall be entitled to a patent unless –(a)(1) the claimed invention was patented, described in a printed publication, or in public use, on sale, or otherwise available to the public before the effective filing date of the claimed invention.
Claim(s) 1-20 are rejected under 35 U.S.C. 102(a)(1) as being anticipated by Oberheide et al. US Pub. No.: 2018/0285552 A1 (hereinafter Oberheide).
Oberheide teaches:
As to claim 1, a system for accessing a remote third-party server (see Oberheide ¶19 and Fig. 1) comprising: an electronic device having a memory to store executable instructions and one or more processors (see Fig. 1), when implementing the executable instructions, to:
utilize a two-factor authentication process at a remote authentication server via an authentication application to create a two-factor authentication (see Oberheide Figs. 1, 7 10, ¶¶17 19 32 35, providing a TFA client service to an application of a service provider S300 [i.e. utilizing authentication application to create two-factor authentication], which functions to integrate TFA application logic and authentication data management within the interactions of an outside application as shown in FIG. 10. Step S300 preferably enables outside developers and users of an authentication layer (e.g., a TFA service platform) to provide multi-factor authentication or authorization functionality without exposing end users of the service provider to the TFA service platform [i.e. a remote authentication server], which may be an unknown entity to the end user. [i.e. utilize authentication process at a remote authentication server via an authentication application to create a two-factor authentication]; ¶40, Step S130, which includes pairing a device with the account through the activation code, functions to create an association between a device ID and a particular device application. The device application may process the activation code to verify that the request is valid. Additionally, the device application may perform any suitable configuration so that the device application may subsequently be used for TFA. Configuring for TFA may include characterizing the identity of the application instance and/or device; registering the application for push notifications, subscriptions, or other messaging systems; configuring a passcode generation service; collecting any information such as a pin code, passcode generation tokens, biometric readings, or other information; and/or performing any suitable processes for the application to be used as an additional factor of security [i.e. in the utilization/registration stage] );
after-the utilize step at the remote authentication server, at a later time (see Oberheide ¶40, the device application may perform any suitable configuration so that the device application may subsequently be used for TFA), communicate a one-factor authentication to the remote authentication server (see Oberheide Fig. 8 and ¶19, two-factor authentication (TFA) service ¶¶41-42, the authentication request preferably includes a device ID… In an alternative variation, the authentication request may include a user name, account ID, or an alternative identifier [i.e. one-factor authentication] );
obtain the two-factor authentication from the remote authentication server in response to communicating the one-factor authentication (see Oberheide Fig. 8 and ¶¶19 41-42 47, Step S240, which includes validating an application response application response … is preferably received at the TFA service. The application response can include a cryptographic signature or be otherwise cryptographically validated as originating from the device. The TFA service can verify the origin of the authentication response… the confirmation response may be communicated to the TFA service by the application or any suitable component of the device. The TFA service can validate, assess, verify, or check the response obtained from the application. [i.e. validating the application response is including cryptographic signature… is the second/two factor authentication] ); and
access a remote third-party server based on the two-factor authentication communicated to the remote authentication server (see Oberheide Fig. 8 ¶¶32 48, Step S250, which includes transmitting an assessment, functions to transfer the result of the second factor of authentication to the service provider. If the user confirmed the authentication request in the device application, the TFA service preferably communicates a successful completion of the second factor of authentication)
As to claim 2, the system of claim 1, wherein the access to the remote third-party server is provided without communicating a two-factor authentication from the electronic device to the remote third-party server (see Oberheide ¶¶23 49, This method can function to enable a TFA request to be completed without the device application communicating directly with the TFA service)
As to claim 3, the system of claim 1, wherein the two-factor authentication is part of a three-factor authentication (see Oberheide ¶18, system is preferably implemented for authentication but may additionally or alternatively be used for authorization or for any suitable form of an additional factor of security (e.g., used as a third factor of authentication or to authorize an authentication attempt))
As to claim 4, the system of claim 1, wherein the remote third-party server is at least one of a bank server, a credit card server, or a work server (see Oberheide ¶19, any suitable web accessible service [i.e. credit card, bank or work server is an intended use that does not further limit the claim])
As to claim 5, the system of claim 1, wherein the two-factor authentication is communicated to the remote authentication server over a secure communication channel (see Oberheide ¶46, third party application, a background service, or in a secondary application, processing the authentication request functions to cryptographically secure communication with the TFA service)
As to claim 6, the system of claim 1, wherein obtaining the two-factor authentication includes receiving at the electronic device a code from the remote authentication server (see Oberheide ¶¶28 49, transmitting an activation code S120, pairing a device with the account through the activation code S130, receiving an authentication request for an enrolled application S210)
As to claim 7, the system of claim 1, wherein the one or more processors are further configured to: determine a profile of a user of the electronic device (see Oberheide ¶¶36-37 user enrolment to TFA based on user profile); and
obtain the two-factor authentication based on the profile determined (see Oberheide ¶¶40-41, pairing a device with the account through the activation code… directs a user to the application, and then a user can complete the two-factor authentication)
As to claim 8, the system of claim 1, wherein the one or more processors are further configured provide, for a determined period of time, a one factor authentication to a user after the third-party server has been accessed (see Oberheide ¶22, the service provider performs HMAC-SHA of the user identifier, the integration key, and an expiration timestamp using the secret key as the HMAC key after the first factors of authentication are completed by the service provider).
As to independent claim 9, this claim directed to a method executed by the system of claim 1; therefore it is rejected along similar rationale.
As to independent claim 16, this claim directed to a computer program product comprising a non-transitory computer readable storage medium comprising computer executable code executed by the system of claim 1; therefore it is rejected along similar rationale.
As to dependent claims 10-12 and 17-19, these claims contain substantially similar subject matter as claims 2-4; therefore they are rejected along the same rationale.
As to dependent claim 13, this claim contain substantially similar subject matter as claim 5; therefore they are rejected along the same rationale.
As to dependent claims 14 and 20, these claims contain substantially similar subject matter as claim 8; therefore they are rejected along the same rationale.
As to dependent claim 15, this claim contain substantially similar subject matter as claim 7; therefore they are rejected along the same rationale.
Conclusion
Any inquiry concerning this communication or earlier communications from the examiner should be directed to NEGA WOLDEMARIAM whose telephone number is (571)270-7478. The examiner can normally be reached Monday to Friday, 8am-5pm.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Cathy Thiaw can be reached at 5712701138. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. Visit https://www.uspto.gov/patents/apply/patent-center for more information about Patent Center and https://www.uspto.gov/patents/docx for information about filing in DOCX format. For additional questions, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.
NEGA . WOLDEMARIAM
Examiner
Art Unit 2407
/N.W/ Examiner, Art Unit 2407
/Catherine Thiaw/ Supervisory Patent Examiner, Art Unit 2407 1/9/2026