DETAILED ACTION
Notice of Pre-AIA or AIA Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .
Status of claims
This office action is in response to claims filed on 04/09/2026
Claims 1-8, 9, 11-15 and 21-26 are pending and rejected; claims 1, 9 and 22 are independent claims; claims 10 and 16-20 are canceled.
Response to Arguments
Applicant’s arguments filed on 04/09/2026 have been considered but are moot because the new ground of rejection does not rely on any reference applied in the prior rejection of record for any teaching or matter specifically challenged in the argument.
Objection (Informalities)
Claim 8 is objected to for reciting: wherein the one or more processors are further configured provide; instead of wherein the one or more processors are further configured to provide.
Correction is requested.
Claim Rejections - 35 USC § 103
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.
Claim(s) 1-4, 6, 8-9, 11-12, 14, and 22-25 are rejected under 35 U.S.C. 103 as being unpatentable over Angara et al. US Patent No.: 11,080,385 B1 (hereinafter Angara) in view of Najafi et al. US Pub. No.: 2010/0107229 A1 (hereinafter Najafi)
Angara teaches:
As to claim 1, a system for accessing a remote third-party server comprising: an electronic device having a memory to store executable instructions and one or more processors (see Angara Fig. 1), when implementing the executable instructions, to:
utilize a two-factor authentication process at a remote authentication server via an authentication application to create a two-factor authentication (see Angara Figs. 1-2, 4 and Col. 6 lines 13-15, modules 102 [i.e. application] to setup multi-factor authentication [i.e. via authentication application to create two-factor authentication] on websites 210 on behalf of a user of computing device 202; Col. 8 lines 13-19, one or more of the systems described herein may retrieve one or more rules for establishing the multi-factor authentication on the website. For example, setup module 104 may, as part of computing device 202 in FIG. 2, retrieve multi-factor authentication rules 212 for one or more websites 210.; Col. 5 lines 31-36, server 206 [i.e. remote authentication server] may be a cloud-based authentication server providing credentials and setting up user/password combinations for user multi-factor authentication on one or more websites [i.e. utilizing a two-factor authentication process at a remote authentication server server]);
after-the utilize step at the remote authentication server, at a later time, communicate a one-factor authentication directly to the remote authentication server (see Angara Col. 6 lines 57-62, At step 304, one or more of the systems described herein may detect user login credentials for initiating a multi-factor authentication session on the website. For example, detection module 106 may, as part of computing device 202 in FIG. 2, automatically detect when a user enters user login credentials 222 in a website 210.);
obtain, at the electronic device, the two-factor authentication from the remote authentication server in response to communicating the one-factor authentication (see Angara Col. 7 lines 5-12, receive, in response to the user login credentials being detected [i.e. in response to communicating the one-factor authentication], a request for multi-factor authentication data, associated with the numerical sequence, from the website; Col. 7 lines 25-43, 308, one or more of the systems described herein may retrieve, utilizing an application programming interfaces (APIs), the multi-factor authentication data from a secure storage associated with the user. For example, login module 110 may, as part of computing device 202 in FIG. 2, retrieve, utilizing APIs 124, multi-factor authentication data 128 from secure storage 208. [i.e. obtaining at the electronic device the two-factor authentication in response to communicating the one-factor authentication], the secure storage being in the authentication server see Col.5 lines 59-65); and
Even though Angara discloses:
access with the electronic device based on the two-factor authentication obtained from to the remote authentication server (see Angara Col. 5 lines 31-36, server 206 [i.e. remote authentication server] may be a cloud-based authentication server providing credentials and setting up user/password combinations for user multi-factor authentication on one or more websites [i.e. utilizing a two-factor authentication process at a remote authentication server server];Col. 7 lines 44-49, At step 310, one or more of the systems described herein may provide, utilizing the APIs, the multi-factor authentication data to the website to login the user. For example, login module 110 may, as part of computing device 202 in FIG. 2, utilize APIs 124 to provide multi-factor authentication data 128 to websites 210 to login the user).
Angara does not explicitly disclose but the related art Najafi teaches:
Access, with the electronic device, the remote third-party server based on the two-factor authentication obtained from the remote authentication server (see Najafi ¶30, Once validation server 130 has ascertained the identity of user 105 with a high degree of certainty (using two factors), third party application server 140 can provide user 105 access to the requested resource (e.g., online bank account or company VPN).
Therefore, it would have been obvious to one with ordinary skill in the art before the effective filing date of the invention, to modify the system and methods for enabling multi-factor authentication for seamless website logins disclosed by Angara to include a method and apparatus for time-based one-time password generation using a wireless communications device for two-factor authentication, as thought by Najafi, a person with ordinary skill in the art would have been motivated to use time-based one-time security code generation for two-factor authentication to access a third-party server to enhance security because traditionally static passwords can more easily be accessed by an unauthorized intruder given enough attempts and time (see Najafi ¶¶5-8).
As to claim 2, the combination of Angara and Najafi teaches the system of claim 1, wherein the access to the remote third-party server is provided without communicating a two-factor authentication from the electronic device to the remote third-party server (see Angara Col. 7 lines 44-49, At step 310, one or more of the systems described herein may provide, utilizing the APIs, the multi-factor authentication data to the website to login the user. For example, login module 110 may, as part of computing device 202 in FIG. 2, utilize APIs 124 to provide multi-factor authentication data 128 to websites 210 to login the user [i.e. two/multi-factor authentication data is provided to the website of the authentication server from the electronic device without communicating a two-factor authentication from the electronic device to the remote third-party server])
As to claim 3, the combination of Angara and Najafi teaches the system of claim 1, wherein the two-factor authentication is part of a three-factor authentication (see Angara Col. 1 lines 38-40, a computer-implemented method for enabling multi-factor authentication)
As to claim 4, the combination of Angara and Najafi teaches the system of claim 1, wherein the remote third-party server is at least one of a bank server, a credit card server, or a work server (see Najafi ¶26, user 105 can register with a bank to enable two-factor authentication for accessing his/her online bank account)
Similar rational applies as above to combiner the cited prior arts of record.
As to claim 6, the combination of Angara and Najafi teaches the system of claim 1, wherein obtaining the two-factor authentication includes receiving at the electronic device a code from the remote authentication server (see Angara Col. 6 lines 1-5, Multi-factor authentication data 128 may include token 214 and confirmation code 216. Token 214 and confirmation code 216 may be out-of-band credentials utilized in multi-factor authentication communication between server 206 and computing device 202 based on multi-factor authentication rules 212.)
As to claim 8, the combination of Angara and Najafi teaches the system of claim 1, wherein the one or more processors are further configured to provide, for a determined period of time, a one factor authentication to a user after the third-party server has been accessed (see Najafi ¶50, security codes generated by security code generation application are time-based one-time passwords, meaning each security code is valid for a period of time).
Therefore, it would have been obvious to one with ordinary skill in the art before the effective filing date of the invention, to modify the system and methods for enabling multi-factor authentication for seamless website logins disclosed by Angara to include a method and apparatus for time-based one-time password generation using a wireless communications device for two-factor authentication, as thought by Najafi, a person with ordinary skill in the art would have been motivated to use time-based one-time security code generation for two-factor authentication to access a third-party server to enhance security because traditionally static passwords can more easily be accessed by an unauthorized intruder given enough attempts and time (see Najafi ¶¶5-8).
10. (Cancelled).
16.-20. (Cancelled).
Angara discloses:
As to claim 22, a system for accessing a remote third-party server comprising:
an electronic device having a memory to store executable instructions and one or more processors, when implementing the executable instructions (see Angara Fig. 1), to:
utilize a two-factor authentication process at a remote authentication server via an authentication application to create a two-factor authentication (see Angara Figs. 1-2, 4 and Col. 6 lines 13-15, modules 102 [i.e. application] to setup multi-factor authentication [i.e. via authentication application to create two-factor authentication] on websites 210 on behalf of a user of computing device 202; Col. 8 lines 13-19, one or more of the systems described herein may retrieve one or more rules for establishing the multi-factor authentication on the website. For example, setup module 104 may, as part of computing device 202 in FIG. 2, retrieve multi-factor authentication rules 212 for one or more websites 210.; Col. 5 lines 53-56, server 206 [i.e. remote authentication server] may be a cloud-based authentication server providing credentials and setting up user/password combinations for user multi-factor authentication on one or more websites [i.e. utilizing a two-factor authentication process at a remote authentication server server]);
after the utilize step at the remote authentication server, at a later time, communicate a one-factor authentication to the remote authentication server (see Angara Col. 6 lines 57-62, At step 304, one or more of the systems described herein may detect user login credentials for initiating a multi-factor authentication session on the website. For example, detection module 106 may, as part of computing device 202 in FIG. 2, automatically detect when a user enters user login credentials 222 in a website 210.);
the remote authentication server having a memory to store executable instructions and one or more processors, when implementing the executable instructions to: send the two-factor authentication to a remote third-party server in response to receiving the one-factor authentication at the later time (see Angara Col. 7 lines 5-12, receive, in response to the user login credentials being detected [i.e. in response to communicating the one-factor authentication], a request for multi-factor authentication data, associated with the numerical sequence, from the website; Col. 7 lines 25-43, 308, one or more of the systems described herein may retrieve, utilizing an application programming interfaces (APIs), the multi-factor authentication data from a secure storage associated with the user. For example, login module 110 may, as part of computing device 202 in FIG. 2, retrieve, utilizing APIs 124, multi-factor authentication data 128 from secure storage 208. [i.e. obtaining at the electronic device the two-factor authentication in response to communicating the one-factor authentication], the secure storage being in the authentication server see Col.5 lines 59-65); and
Even though Angara discloses:
wherein the one or more processors of the electronic device to: access, with the electronic device, based on the two-factor authentication communicated from the remote authentication server (see Angara Col. 5 lines 31-36, server 206 [i.e. remote authentication server] may be a cloud-based authentication server providing credentials and setting up user/password combinations for user multi-factor authentication on one or more websites [i.e. utilizing a two-factor authentication process at a remote authentication server server]; Col. 7 lines 44-49, At step 310, one or more of the systems described herein may provide, utilizing the APIs, the multi-factor authentication data to the website to login the user. For example, login module 110 may, as part of computing device 202 in FIG. 2, utilize APIs 124 to provide multi-factor authentication data 128 to websites 210 to login the user).
Angara does not explicitly disclose but the related art Najafi teaches:
access, with the electronic device, the remote third-party server based on the two-factor authentication communicated from to the remote authentication server (see Najafi ¶30, Once validation server 130 has ascertained the identity of user 105 with a high degree of certainty (using two factors), third party application server 140 can provide user 105 access to the requested resource (e.g., online bank account or company VPN).
Therefore, it would have been obvious to one with ordinary skill in the art before the effective filing date of the invention, to modify the system and methods for enabling multi-factor authentication for seamless website logins disclosed by Angara to include a method and apparatus for time-based one-time password generation using a wireless communications device for two-factor authentication, as thought by Najafi, a person with ordinary skill in the art would have been motivated to use time-based one-time security code generation for two-factor authentication to access a third-party server to enhance security because traditionally static passwords can more easily be accessed by an unauthorized intruder given enough attempts and time (see Najafi ¶¶5-8).
As to independent claim 9, this claim directed to a method executed by the system of claim 1; therefore it is rejected along similar rationale.
As to dependent claims 11 and 12, these claims contain substantially similar subject matter as claims 3 and 4 respectively ; therefore they are rejected along the same rationale.
As to dependent claim 14, these claims contain substantially similar subject matter as claim 8; therefore they are rejected along the same rationale.
As to dependent claims 23-25 these claims contain substantially similar subject matter as claims 2-4; therefore they are rejected along the same rationale.
Claim(s) 5, 13 and 26 are rejected under 35 U.S.C. 103 as being unpatentable over Angara in view of Najafi as applied above to claims 1, 9 and 22 and further in view of Oberheide et al US Pub. No.: 2018/0285552 A1 (hereinafter Oberheide)
As to claim 5, The combination of Angara and Najafi discloses claim 1, the combination of Angara and Najafi does not explicitly disclose but the related art Oberheide teaches: the system of claim 1, wherein the two-factor authentication is communicated to the remote authentication server over a secure communication channel (see Oberheide ¶46, third party application, a background service, or in a secondary application, processing the authentication request functions to cryptographically secure communication with the TFA service; ¶47: secure transport )
Therefore, it would have been obvious to one with ordinary skill in the art before the effective filing date of the invention, to modify the system and methods for enabling multi-factor authentication for seamless website logins disclosed by Angara and a method and apparatus for time-based one-time password generation using a wireless communications device for two-factor authentication disclosed by Najafi, to communicate the two-factor authentication with the remote authentication server over a secure communication channel, as thought by Oberheide, a person with ordinary skill in the art would have been motivated because, cryptographically secured communication channel enable trust between the service provider and the remote authentication server (see Oberheide ¶22).
As to dependent claims 13 and 26, these claims contain substantially similar subject matter as claim 5; therefore they are rejected along the same rationale.
Claim(s) 7 and 15 are rejected under 35 U.S.C. 103 as being unpatentable over Angara in view of Najafi as applied above to claims 1 and 9 and further in view of Vasudevan et al US Pub. No.: 2020/0366665 A1 (hereinafter Vasudevan)
As to claim 7, The combination of Angara and Najafi discloses the system of claim 1, the combination of Angara and Najafi does not explicitly disclose but the related art Vasudevan teaches: wherein the one or more processors are further configured to: determine a profile of a user of the electronic device (see Vasudevan ¶23, Event verification program 110 determines whether a user profile exists for the user providing the device selection); and
obtain the two-factor authentication based on the profile determined (see Vasudevan ¶30, event verification program 110 initializes the two-step factor and identifies (304) a second device associated with the user based on the profile for the user)
Therefore, it would have been obvious to one with ordinary skill in the art before the effective filing date of the invention, to modify the system and methods for enabling multi-factor authentication for seamless website logins disclosed by Angara and a method and apparatus for time-based one-time password generation using a wireless communications device for two-factor authentication disclosed by Najafi, to determine a profile of a user of the electronic device and to obtain the two-factor authentication based on the profile determined, as thought by Vasudevan, a person with ordinary skill in the art would have been motivated because, additional verification step including user profile prevent system compromise (see Vasudevan ¶3).
As to dependent claim 15, this claim contain substantially similar subject matter as claim 7; therefore they are rejected along the same rationale.
Claim(s) 21 is rejected under 35 U.S.C. 103 as being unpatentable over Angara in view of Najafi as applied above to claim 1 and further in view of Manoselvam et al US Pub. No.: 2020/0380058 A1 (hereinafter Manoselvam)
As to claim 21, The combination of Angara and Najafi discloses the system of claim 1, the combination of Angara and Najafi does not explicitly disclose but the related art Manoselvam teaches: wherein the one or more processors further to implement a selection of an amount of factors to be authenticated (see Manoselvam ¶44, when initially creating an account for the secure web application 304, a user 302 may be able to select the number of authentication factors required to access certain webpages of the web application 304).
Therefore, it would have been obvious to one with ordinary skill in the art before the effective filing date of the invention, to modify the system and methods for enabling multi-factor authentication for seamless website logins disclosed by Angara and a method and apparatus for time-based one-time password generation using a wireless communications device for two-factor authentication disclosed by Najafi, to implement a selection of an amount of factors to be authenticated, as thought by Manoselvam, a person with ordinary skill in the art would have been motivated because, multi-factor authentication systems that require provision of multiple items of authentication evidence are used to improve security and identity verification (see Manoselvam ¶2).
Conclusion
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Cathy Thiaw can be reached at 5712701138. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. Visit https://www.uspto.gov/patents/apply/patent-center for more information about Patent Center and https://www.uspto.gov/patents/docx for information about filing in DOCX format. For additional questions, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.
NEGA . WOLDEMARIAM
Examiner
Art Unit 2407
/N.W/ Examiner, Art Unit 2407
/Catherine Thiaw/ Supervisory Patent Examiner, Art Unit 2407 6/19/2026