Prosecution Insights
Last updated: July 17, 2026
Application No. 18/449,202

DEVICE AND METHOD FOR ACCESSING A REMOTE THIRD- PARTY SERVER

Non-Final OA §103
Filed
Aug 14, 2023
Examiner
WOLDEMARIAM, NEGA
Art Unit
2407
Tech Center
2400 — Computer Networks
Assignee
Lenovo (United States) Inc.
OA Round
4 (Non-Final)
76%
Grant Probability
Favorable
4-5
OA Rounds
7m
Est. Remaining
94%
With Interview

Examiner Intelligence

Grants 76% — above average
76%
Career Allowance Rate
474 granted / 624 resolved
+18.0% vs TC avg
Strong +18% interview lift
Without
With
+18.1%
Interview Lift
resolved cases with interview
Typical timeline
3y 6m
Avg Prosecution
13 currently pending
Career history
639
Total Applications
across all art units

Statute-Specific Performance

§101
0.3%
-39.7% vs TC avg
§103
91.2%
+51.2% vs TC avg
§102
7.6%
-32.4% vs TC avg
§112
0.6%
-39.4% vs TC avg
Black line = Tech Center average estimate • Based on career data from 624 resolved cases

Office Action

§103
DETAILED ACTION Notice of Pre-AIA or AIA Status The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA . Status of claims This office action is in response to claims filed on 04/09/2026 Claims 1-8, 9, 11-15 and 21-26 are pending and rejected; claims 1, 9 and 22 are independent claims; claims 10 and 16-20 are canceled. Response to Arguments Applicant’s arguments filed on 04/09/2026 have been considered but are moot because the new ground of rejection does not rely on any reference applied in the prior rejection of record for any teaching or matter specifically challenged in the argument. Objection (Informalities) Claim 8 is objected to for reciting: wherein the one or more processors are further configured provide; instead of wherein the one or more processors are further configured to provide. Correction is requested. Claim Rejections - 35 USC § 103 The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action: A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made. Claim(s) 1-4, 6, 8-9, 11-12, 14, and 22-25 are rejected under 35 U.S.C. 103 as being unpatentable over Angara et al. US Patent No.: 11,080,385 B1 (hereinafter Angara) in view of Najafi et al. US Pub. No.: 2010/0107229 A1 (hereinafter Najafi) Angara teaches: As to claim 1, a system for accessing a remote third-party server comprising: an electronic device having a memory to store executable instructions and one or more processors (see Angara Fig. 1), when implementing the executable instructions, to: utilize a two-factor authentication process at a remote authentication server via an authentication application to create a two-factor authentication (see Angara Figs. 1-2, 4 and Col. 6 lines 13-15, modules 102 [i.e. application] to setup multi-factor authentication [i.e. via authentication application to create two-factor authentication] on websites 210 on behalf of a user of computing device 202; Col. 8 lines 13-19, one or more of the systems described herein may retrieve one or more rules for establishing the multi-factor authentication on the website. For example, setup module 104 may, as part of computing device 202 in FIG. 2, retrieve multi-factor authentication rules 212 for one or more websites 210.; Col. 5 lines 31-36, server 206 [i.e. remote authentication server] may be a cloud-based authentication server providing credentials and setting up user/password combinations for user multi-factor authentication on one or more websites [i.e. utilizing a two-factor authentication process at a remote authentication server server]); after-the utilize step at the remote authentication server, at a later time, communicate a one-factor authentication directly to the remote authentication server (see Angara Col. 6 lines 57-62, At step 304, one or more of the systems described herein may detect user login credentials for initiating a multi-factor authentication session on the website. For example, detection module 106 may, as part of computing device 202 in FIG. 2, automatically detect when a user enters user login credentials 222 in a website 210.); obtain, at the electronic device, the two-factor authentication from the remote authentication server in response to communicating the one-factor authentication (see Angara Col. 7 lines 5-12, receive, in response to the user login credentials being detected [i.e. in response to communicating the one-factor authentication], a request for multi-factor authentication data, associated with the numerical sequence, from the website; Col. 7 lines 25-43, 308, one or more of the systems described herein may retrieve, utilizing an application programming interfaces (APIs), the multi-factor authentication data from a secure storage associated with the user. For example, login module 110 may, as part of computing device 202 in FIG. 2, retrieve, utilizing APIs 124, multi-factor authentication data 128 from secure storage 208. [i.e. obtaining at the electronic device the two-factor authentication in response to communicating the one-factor authentication], the secure storage being in the authentication server see Col.5 lines 59-65); and Even though Angara discloses: access with the electronic device based on the two-factor authentication obtained from to the remote authentication server (see Angara Col. 5 lines 31-36, server 206 [i.e. remote authentication server] may be a cloud-based authentication server providing credentials and setting up user/password combinations for user multi-factor authentication on one or more websites [i.e. utilizing a two-factor authentication process at a remote authentication server server];Col. 7 lines 44-49, At step 310, one or more of the systems described herein may provide, utilizing the APIs, the multi-factor authentication data to the website to login the user. For example, login module 110 may, as part of computing device 202 in FIG. 2, utilize APIs 124 to provide multi-factor authentication data 128 to websites 210 to login the user). Angara does not explicitly disclose but the related art Najafi teaches: Access, with the electronic device, the remote third-party server based on the two-factor authentication obtained from the remote authentication server (see Najafi ¶30, Once validation server 130 has ascertained the identity of user 105 with a high degree of certainty (using two factors), third party application server 140 can provide user 105 access to the requested resource (e.g., online bank account or company VPN). Therefore, it would have been obvious to one with ordinary skill in the art before the effective filing date of the invention, to modify the system and methods for enabling multi-factor authentication for seamless website logins disclosed by Angara to include a method and apparatus for time-based one-time password generation using a wireless communications device for two-factor authentication, as thought by Najafi, a person with ordinary skill in the art would have been motivated to use time-based one-time security code generation for two-factor authentication to access a third-party server to enhance security because traditionally static passwords can more easily be accessed by an unauthorized intruder given enough attempts and time (see Najafi ¶¶5-8). As to claim 2, the combination of Angara and Najafi teaches the system of claim 1, wherein the access to the remote third-party server is provided without communicating a two-factor authentication from the electronic device to the remote third-party server (see Angara Col. 7 lines 44-49, At step 310, one or more of the systems described herein may provide, utilizing the APIs, the multi-factor authentication data to the website to login the user. For example, login module 110 may, as part of computing device 202 in FIG. 2, utilize APIs 124 to provide multi-factor authentication data 128 to websites 210 to login the user [i.e. two/multi-factor authentication data is provided to the website of the authentication server from the electronic device without communicating a two-factor authentication from the electronic device to the remote third-party server]) As to claim 3, the combination of Angara and Najafi teaches the system of claim 1, wherein the two-factor authentication is part of a three-factor authentication (see Angara Col. 1 lines 38-40, a computer-implemented method for enabling multi-factor authentication) As to claim 4, the combination of Angara and Najafi teaches the system of claim 1, wherein the remote third-party server is at least one of a bank server, a credit card server, or a work server (see Najafi ¶26, user 105 can register with a bank to enable two-factor authentication for accessing his/her online bank account) Similar rational applies as above to combiner the cited prior arts of record. As to claim 6, the combination of Angara and Najafi teaches the system of claim 1, wherein obtaining the two-factor authentication includes receiving at the electronic device a code from the remote authentication server (see Angara Col. 6 lines 1-5, Multi-factor authentication data 128 may include token 214 and confirmation code 216. Token 214 and confirmation code 216 may be out-of-band credentials utilized in multi-factor authentication communication between server 206 and computing device 202 based on multi-factor authentication rules 212.) As to claim 8, the combination of Angara and Najafi teaches the system of claim 1, wherein the one or more processors are further configured to provide, for a determined period of time, a one factor authentication to a user after the third-party server has been accessed (see Najafi ¶50, security codes generated by security code generation application are time-based one-time passwords, meaning each security code is valid for a period of time). Therefore, it would have been obvious to one with ordinary skill in the art before the effective filing date of the invention, to modify the system and methods for enabling multi-factor authentication for seamless website logins disclosed by Angara to include a method and apparatus for time-based one-time password generation using a wireless communications device for two-factor authentication, as thought by Najafi, a person with ordinary skill in the art would have been motivated to use time-based one-time security code generation for two-factor authentication to access a third-party server to enhance security because traditionally static passwords can more easily be accessed by an unauthorized intruder given enough attempts and time (see Najafi ¶¶5-8). 10. (Cancelled). 16.-20. (Cancelled). Angara discloses: As to claim 22, a system for accessing a remote third-party server comprising: an electronic device having a memory to store executable instructions and one or more processors, when implementing the executable instructions (see Angara Fig. 1), to: utilize a two-factor authentication process at a remote authentication server via an authentication application to create a two-factor authentication (see Angara Figs. 1-2, 4 and Col. 6 lines 13-15, modules 102 [i.e. application] to setup multi-factor authentication [i.e. via authentication application to create two-factor authentication] on websites 210 on behalf of a user of computing device 202; Col. 8 lines 13-19, one or more of the systems described herein may retrieve one or more rules for establishing the multi-factor authentication on the website. For example, setup module 104 may, as part of computing device 202 in FIG. 2, retrieve multi-factor authentication rules 212 for one or more websites 210.; Col. 5 lines 53-56, server 206 [i.e. remote authentication server] may be a cloud-based authentication server providing credentials and setting up user/password combinations for user multi-factor authentication on one or more websites [i.e. utilizing a two-factor authentication process at a remote authentication server server]); after the utilize step at the remote authentication server, at a later time, communicate a one-factor authentication to the remote authentication server (see Angara Col. 6 lines 57-62, At step 304, one or more of the systems described herein may detect user login credentials for initiating a multi-factor authentication session on the website. For example, detection module 106 may, as part of computing device 202 in FIG. 2, automatically detect when a user enters user login credentials 222 in a website 210.); the remote authentication server having a memory to store executable instructions and one or more processors, when implementing the executable instructions to: send the two-factor authentication to a remote third-party server in response to receiving the one-factor authentication at the later time (see Angara Col. 7 lines 5-12, receive, in response to the user login credentials being detected [i.e. in response to communicating the one-factor authentication], a request for multi-factor authentication data, associated with the numerical sequence, from the website; Col. 7 lines 25-43, 308, one or more of the systems described herein may retrieve, utilizing an application programming interfaces (APIs), the multi-factor authentication data from a secure storage associated with the user. For example, login module 110 may, as part of computing device 202 in FIG. 2, retrieve, utilizing APIs 124, multi-factor authentication data 128 from secure storage 208. [i.e. obtaining at the electronic device the two-factor authentication in response to communicating the one-factor authentication], the secure storage being in the authentication server see Col.5 lines 59-65); and Even though Angara discloses: wherein the one or more processors of the electronic device to: access, with the electronic device, based on the two-factor authentication communicated from the remote authentication server (see Angara Col. 5 lines 31-36, server 206 [i.e. remote authentication server] may be a cloud-based authentication server providing credentials and setting up user/password combinations for user multi-factor authentication on one or more websites [i.e. utilizing a two-factor authentication process at a remote authentication server server]; Col. 7 lines 44-49, At step 310, one or more of the systems described herein may provide, utilizing the APIs, the multi-factor authentication data to the website to login the user. For example, login module 110 may, as part of computing device 202 in FIG. 2, utilize APIs 124 to provide multi-factor authentication data 128 to websites 210 to login the user). Angara does not explicitly disclose but the related art Najafi teaches: access, with the electronic device, the remote third-party server based on the two-factor authentication communicated from to the remote authentication server (see Najafi ¶30, Once validation server 130 has ascertained the identity of user 105 with a high degree of certainty (using two factors), third party application server 140 can provide user 105 access to the requested resource (e.g., online bank account or company VPN). Therefore, it would have been obvious to one with ordinary skill in the art before the effective filing date of the invention, to modify the system and methods for enabling multi-factor authentication for seamless website logins disclosed by Angara to include a method and apparatus for time-based one-time password generation using a wireless communications device for two-factor authentication, as thought by Najafi, a person with ordinary skill in the art would have been motivated to use time-based one-time security code generation for two-factor authentication to access a third-party server to enhance security because traditionally static passwords can more easily be accessed by an unauthorized intruder given enough attempts and time (see Najafi ¶¶5-8). As to independent claim 9, this claim directed to a method executed by the system of claim 1; therefore it is rejected along similar rationale. As to dependent claims 11 and 12, these claims contain substantially similar subject matter as claims 3 and 4 respectively ; therefore they are rejected along the same rationale. As to dependent claim 14, these claims contain substantially similar subject matter as claim 8; therefore they are rejected along the same rationale. As to dependent claims 23-25 these claims contain substantially similar subject matter as claims 2-4; therefore they are rejected along the same rationale. Claim(s) 5, 13 and 26 are rejected under 35 U.S.C. 103 as being unpatentable over Angara in view of Najafi as applied above to claims 1, 9 and 22 and further in view of Oberheide et al US Pub. No.: 2018/0285552 A1 (hereinafter Oberheide) As to claim 5, The combination of Angara and Najafi discloses claim 1, the combination of Angara and Najafi does not explicitly disclose but the related art Oberheide teaches: the system of claim 1, wherein the two-factor authentication is communicated to the remote authentication server over a secure communication channel (see Oberheide ¶46, third party application, a background service, or in a secondary application, processing the authentication request functions to cryptographically secure communication with the TFA service; ¶47: secure transport ) Therefore, it would have been obvious to one with ordinary skill in the art before the effective filing date of the invention, to modify the system and methods for enabling multi-factor authentication for seamless website logins disclosed by Angara and a method and apparatus for time-based one-time password generation using a wireless communications device for two-factor authentication disclosed by Najafi, to communicate the two-factor authentication with the remote authentication server over a secure communication channel, as thought by Oberheide, a person with ordinary skill in the art would have been motivated because, cryptographically secured communication channel enable trust between the service provider and the remote authentication server (see Oberheide ¶22). As to dependent claims 13 and 26, these claims contain substantially similar subject matter as claim 5; therefore they are rejected along the same rationale. Claim(s) 7 and 15 are rejected under 35 U.S.C. 103 as being unpatentable over Angara in view of Najafi as applied above to claims 1 and 9 and further in view of Vasudevan et al US Pub. No.: 2020/0366665 A1 (hereinafter Vasudevan) As to claim 7, The combination of Angara and Najafi discloses the system of claim 1, the combination of Angara and Najafi does not explicitly disclose but the related art Vasudevan teaches: wherein the one or more processors are further configured to: determine a profile of a user of the electronic device (see Vasudevan ¶23, Event verification program 110 determines whether a user profile exists for the user providing the device selection); and obtain the two-factor authentication based on the profile determined (see Vasudevan ¶30, event verification program 110 initializes the two-step factor and identifies (304) a second device associated with the user based on the profile for the user) Therefore, it would have been obvious to one with ordinary skill in the art before the effective filing date of the invention, to modify the system and methods for enabling multi-factor authentication for seamless website logins disclosed by Angara and a method and apparatus for time-based one-time password generation using a wireless communications device for two-factor authentication disclosed by Najafi, to determine a profile of a user of the electronic device and to obtain the two-factor authentication based on the profile determined, as thought by Vasudevan, a person with ordinary skill in the art would have been motivated because, additional verification step including user profile prevent system compromise (see Vasudevan ¶3). As to dependent claim 15, this claim contain substantially similar subject matter as claim 7; therefore they are rejected along the same rationale. Claim(s) 21 is rejected under 35 U.S.C. 103 as being unpatentable over Angara in view of Najafi as applied above to claim 1 and further in view of Manoselvam et al US Pub. No.: 2020/0380058 A1 (hereinafter Manoselvam) As to claim 21, The combination of Angara and Najafi discloses the system of claim 1, the combination of Angara and Najafi does not explicitly disclose but the related art Manoselvam teaches: wherein the one or more processors further to implement a selection of an amount of factors to be authenticated (see Manoselvam ¶44, when initially creating an account for the secure web application 304, a user 302 may be able to select the number of authentication factors required to access certain webpages of the web application 304). Therefore, it would have been obvious to one with ordinary skill in the art before the effective filing date of the invention, to modify the system and methods for enabling multi-factor authentication for seamless website logins disclosed by Angara and a method and apparatus for time-based one-time password generation using a wireless communications device for two-factor authentication disclosed by Najafi, to implement a selection of an amount of factors to be authenticated, as thought by Manoselvam, a person with ordinary skill in the art would have been motivated because, multi-factor authentication systems that require provision of multiple items of authentication evidence are used to improve security and identity verification (see Manoselvam ¶2). Conclusion Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice. If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Cathy Thiaw can be reached at 5712701138. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300. Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. Visit https://www.uspto.gov/patents/apply/patent-center for more information about Patent Center and https://www.uspto.gov/patents/docx for information about filing in DOCX format. For additional questions, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000. NEGA . WOLDEMARIAM Examiner Art Unit 2407 /N.W/ Examiner, Art Unit 2407 /Catherine Thiaw/ Supervisory Patent Examiner, Art Unit 2407 6/19/2026
Read full office action

Prosecution Timeline

Show 5 earlier events
Nov 21, 2025
Interview Requested
Dec 09, 2025
Applicant Interview (Telephonic)
Dec 09, 2025
Examiner Interview Summary
Dec 12, 2025
Request for Continued Examination
Dec 18, 2025
Response after Non-Final Action
Jan 12, 2026
Non-Final Rejection mailed — §103
Apr 09, 2026
Response Filed
Jun 24, 2026
Non-Final Rejection mailed — §103 (current)

Precedent Cases

Applications granted by this same examiner with similar technology

Patent 12676849
Account Authentication Using Synthetic Merchants
2y 2m to grant Granted Jul 07, 2026
Patent 12652281
USING A NATIVE LOGIN SCREEN TO LOG IN TO AN ALTERNATE SYSTEM
3y 2m to grant Granted Jun 09, 2026
Patent 12652172
SEPARATE ENCRYPTION OF DIFFERENT PARAMETERS OF AN ACCESS TOKEN
2y 0m to grant Granted Jun 09, 2026
Patent 12641078
SYSTEMS AND METHODS FOR AUTHENTICATING ACCESS TO A SERVICE BY A MOBILE DEVICE
3y 4m to grant Granted May 26, 2026
Patent 12615249
AES-GCM Engine Optimized for Execute-in-Place Authenticated Decryption
3y 4m to grant Granted Apr 28, 2026
Study what changed to get past this examiner. Based on 5 most recent grants.

Strategy Recommendation AI-generated — please review before filing

Get a prosecution strategy drawn from examiner precedents, rejection analysis, and claim mapping.
Typically takes 5-10 seconds — AI-generated, attorney review required before filing

Prosecution Projections

4-5
Expected OA Rounds
76%
Grant Probability
94%
With Interview (+18.1%)
3y 6m (~7m remaining)
Median Time to Grant
High
PTA Risk
Based on 624 resolved cases by this examiner. Grant probability derived from career allowance rate.

Sign in with your work email

Enter your email to receive a magic link. No password needed.

Personal email addresses (Gmail, Yahoo, etc.) are not accepted.

Free tier: 3 strategy analyses per month