RADIO ACCESS NETWORK SECURE AUTHENTICATION

§102 §103

DETAILED ACTION Notice of Pre-AIA or AIA Status The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA . Response to Amendment The Amendment filed December 16, 2025 has been entered. Claims 1-2 and 4-19 are pending in the application. Applicant has submitted amendments to the claims along with other remarks. Applicant’s amendments regarding the drawings have overcome the objection. Claims 1-2 and 4-19 are still rejected by prior art references, refer to the following rejection for details. Response to Arguments Applicant’s arguments and amendments, see pp. 6-9 of the response, filed June 30, 2025, with respect to the rejection(s) of claim(s) 1-6 and 11-12 under § 103 have been fully considered but are not persuasive. Regarding amended claim 1, Applicant argues that Santos does not teach the elements of “locations of the wireless user device over time” without addressing teaching of the primary reference in combination with Santos. For example, Gailloux teaches: (11:66-12:5) “The authenticator server application 130 may compare the current location of the UE 102, indicated by the GPS coordinates, to a history of locations of the UE 102.” Santos further teaches that the locations that comprise a cell ID and location area code (LAC) would have been obvious to someone of ordinary skill in the art at the time the application was filed. Therefore, the rejection is maintained. Claim Rejections - 35 USC § 102 In the event the determination of the status of the application as subject to AIA 35 U.S.C. 102 and 103 (or as subject to pre-AIA 35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis (i.e., changing from AIA to pre-AIA ) for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status. The following is a quotation of the appropriate paragraphs of 35 U.S.C. 102 that form the basis for the rejections under this section made in this Office action: A person shall be entitled to a patent unless – (a)(1) the claimed invention was patented, described in a printed publication, or in public use, on sale, or otherwise available to the public before the effective filing date of the claimed invention. Claim Rejections - 35 USC § 103 In the event the determination of the status of the application as subject to AIA 35 U.S.C. 102 and 103 (or as subject to pre-AIA 35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis (i.e., changing from AIA to pre-AIA ) for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status. The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action: A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made. The factual inquiries for establishing a background for determining obviousness under 35 U.S.C. 103 are summarized as follows: 1. Determining the scope and contents of the prior art. 2. Ascertaining the differences between the prior art and the claims at issue. 3. Resolving the level of ordinary skill in the pertinent art. 4. Considering objective evidence present in the application indicating obviousness or nonobviousness. Claims 1-2, 4-5, 7-17, and 19 are rejected under 35 U.S.C. 103 as being unpatentable over Gailloux in view of European Patent Publication No. EP4319231 (hereinafter “Santos”). Regarding claim 1, Gailloux teaches: A system comprising: at least one computing device, including at least one processor configured to: receive a location of a wireless user device associated with a request for user account authentication for a mobile network operator (MNO) ((11:62-67) In the event a level 4 authentication was also requested, the authentication request 164 may comprise a command to the authenticator client application 116 to invoke a GPS position fix determination on the UE 102 and to return the GPS coordinates in the authenticator reply message 174.); compare the location of the wireless user device associated with the request for user account authentication with a location profile of locations of the wireless user device over time to determine if the location of the wireless user device associated with the request for user account authentication satisfies a threshold associated with the location profile ((11:66-12:5) The authenticator server application 130 may compare the current location of the UE 102, indicated by the GPS coordinates, to a history of locations of the UE 102. If the GPS coordinates indicate that the UE 102 is located within a customary geographical region, the level 4 authentication may be deemed to have passed otherwise the level 4 authentication may be deemed to have passed.); and responsive to satisfying the threshold ((12:27-35) The authenticator server application 130 may analyze the GPS coordinate data provided by the authenticator client application 116 to determine a centroid of GPS coordinates and a radius that encloses some predefined percentage of the GPS coordinates, for example 60%, 70%, 80% or some other percentage. This region defined by the centroid and the radius may be deemed the customary geographical region of operation of the UE 102 and used for performing the level 4 authentication.) associated with the location profile for the wireless user device, generate a response to the request for user account authentication ((14:7-16) At block 216, the authenticator server application transmits an authentication result to the third party that sent the authentication request. The authentication result may be provided as a binary value, for example success or failure, pass or fail.). Gailloux does not specifically teach: wherein the radio access network data comprises Cell ID and location area code (LAC) for each location of the wireless user device and populating the location profile for the wireless user device with a Cell ID and LAC for each location for the wireless user device over time. However, in the same field of endeavor, Santos teaches: wherein the radio access network data comprises Cell ID and location area code (LAC) for each location of the wireless user device ([0048] The RAN 40 may convert the CID, LAC, CGI or other identifier of a cell or transceiver used to transmit the authentication message to the user device to any other form of location information for identifying the user device, such as co-ordinates or a geographic region. The RAN 40 may then transmit the co-ordinates or geographic region (or the location information) to the authentication server 30. Alternatively, the RAN 40 may transmit the CID, LAC, CGI or other identifier of a cell or transceiver used to transmit the authentication message to the user device 50 directly to the authentication server 30, wherein the authentication server 30 interprets the CID, LAC, CGI or other identifier of a cell or transceiver with reference to a suitable database.) and further comprising: populating the location profile for the wireless user device with a Cell ID and LAC for each location for the wireless user device over time ([0047] For example, the SMSC may record the Cell ID (CID) associated with the transceiver which transmitted the SMS message to the user device 50. Based on the CID or other identifier such as a Location Area Code (LAC), or Cell Global Identity (CGI), information pertaining to the location of the user device 50 which receives the SMS message may be determined. For example, based on a CID or LAC, the authentication service may determine that the user device is located within a certain geographic region. [0048] The RAN 40 may convert the CID, LAC, CGI or other identifier of a cell or transceiver used to transmit the authentication message to the user device to any other form of location information for identifying the user device, such as co-ordinates or a geographic region. . . . Alternatively, the RAN 40 may transmit the CID, LAC, CGI or other identifier of a cell or transceiver used to transmit the authentication message to the user device 50 directly to the authentication server 30, wherein the authentication server 30 interprets the CID, LAC, CGI or other identifier of a cell or transceiver with reference to a suitable database. ). Therefore, it would have been obvious to a person of ordinary skill in the art before the effective filing date of the claimed invention to modify Gailloux to include the feature of including data that comprises CID and LAC and a combination of Gailloux with Santos renders the claim prima facie obvious within the described scope of the prior art and any indicated differences within the level of one of ordinary skill in the art (e.g., telecommunications engineer) according to a combination of known prior art elements with known methods to yield predictable results. MPEP 2143(I)(A) (e.g., including data that comprises CID and LAC and maintaining the location profile). Regarding claim 2, Gailloux does not specifically teach: wherein the locations of the wireless user device over time are accessed from radio access network (RAN) data. However, in the same field of endeavor, Santos teaches: wherein the locations of the wireless user device over time are accessed from radio access network (RAN) data ([0047]In step 102, the RAN 40 generates location information of the user device 50 when the RAN 40 transmits the authentication message to the user device 50. For example, where the authentication message is transmitted as an SMS message, the Short Message Service Centre (SMSC) responsible for transmitting the SMS message to the user device 50 generates location information of the user device 50 when the authentication message (SMS message) is transmitted to the user device 50 over the RAN 40. For example, when transmitting the SMS message to the user device 50 the SMSC may identify the cell, or transceiver used to transmit the SMS message to the user device 50. For example, the SMSC may record the Cell ID (CID) associated with the transceiver which transmitted the SMS message to the user device 50. Based on the CID or other identifier such as a Location Area Code (LAC), or Cell Global Identity (CGI), information pertaining to the location of the user device 50 which receives the SMS message may be determined. For example, based on a CID or LAC, the authentication service may determine that the user device is located within a certain geographic region. As such, the generation of a CID, LAC, or CGI by the RAN 40 when transmitting the SMS message to the user device is a generation of location information of the user device 50.). Therefore, it would have been obvious to a person of ordinary skill in the art before the effective filing date of the claimed invention to modify Gailloux to include the feature of accessing RAN data and a combination of Gailloux with Santos renders the claim prima facie obvious within the described scope of the prior art and any indicated differences within the level of one of ordinary skill in the art (e.g., telecommunications engineer) according to a combination of known prior art elements with known methods to yield predictable results. MPEP 2143(I)(A) (e.g., accessing RAN data). Regarding claim 4, Gailloux teaches: wherein the response to the request for user account authentication is one of approve, deny, or request additional authentication ((14:11-13) The authentication result may be provided as a binary value, for example success or failure, pass or fail.). Regarding claim 5, Gailloux does not specifically teach: wherein maintaining the location profile of the wireless user device is maintained by a core network of the MNO. However, in the same field of endeavor, Santos teaches: wherein maintaining the location profile of the wireless user device is maintained by a core network of the MNO ([0047] For example, when transmitting the SMS message to the user device 50 the SMSC may identify the cell, or transceiver used to transmit the SMS message to the user device 50. For example, the SMSC may record the Cell ID (CID) associated with the transceiver which transmitted the SMS message to the user device 50. [0052] Associations between cells and geographic regions may be stored in a database, for example a database of the authentication server 30. [0053] The location information associated with the IP address of the user terminal 10 may be derived from an IP address database and the like. In the embodiment of Fig. 1, the authentication server 30 may determine a geographic region associated with the user terminal based on the IP address. The size of the geographic region may depend on the information available to the authentication server 30 regarding the IP address associated with the user terminal 10. For example, the authentication server 30 may determine a geographic region (e.g. a country, county or state or department, or city, or town) by comparing the IP address to an IP address database. In some embodiments, the authentication server 30 may have additional information regarding an address or location associated with an IP address associated with a user terminal 10. For example, the authentication server 30 may have a database comprising information associating a place of business or an address with an IP address of a user terminal 10). Therefore, it would have been obvious to a person of ordinary skill in the art before the effective filing date of the claimed invention to modify Gailloux to include (or obvious to try) the feature of maintaining the location profile on a core network and a combination of Gailloux with Santos renders the claim prima facie obvious within the described scope of the prior art and any indicated differences within the level of one of ordinary skill in the art (e.g., telecommunications engineer) according to a combination of known prior art elements with known methods to yield predictable results. MPEP 2143(I)(A) (e.g., maintaining the location profile on a core network). Regarding claim 7, Gailloux teaches: wherein the request for user account authentication originates at the wireless user device ((8:38-42) When a user of the UE 102 initiates a purchase transaction, the retail web page may transfer the browser application 117 to a web page of a payment web server application 122 executing on a server 120 (e.g., the browser presents the web page provided by the payment web server application 122). (11:62-67) In the event a level 4 authentication was also requested, the authentication request 164 may comprise a command to the authenticator client application 116 to invoke a GPS position fix determination on the UE 102 and to return the GPS coordinates in the authenticator reply message 174.). Regarding claim 8, Gailloux teaches: A method comprising: receiving a location of a wireless user device associated with a request for user account authentication for a mobile network operator (MNO) ((11:62-67) In the event a level 4 authentication was also requested, the authentication request 164 may comprise a command to the authenticator client application 116 to invoke a GPS position fix determination on the UE 102 and to return the GPS coordinates in the authenticator reply message 174.); comparing the location of the wireless user device associated with the request for user account authentication with a location profile of locations of the wireless user device over time to determine if the location associated with the wireless user device for the request for user account authentication satisfies a threshold associated with the location profile ((11:66-12:5) The authenticator server application 130 may compare the current location of the UE 102, indicated by the GPS coordinates, to a history of locations of the UE 102. If the GPS coordinates indicate that the UE 102 is located within a customary geographical region, the level 4 authentication may be deemed to have passed otherwise the level 4 authentication may be deemed to have passed.); and responsive to satisfying the threshold ((12:27-35) The authenticator server application 130 may analyze the GPS coordinate data provided by the authenticator client application 116 to determine a centroid of GPS coordinates and a radius that encloses some predefined percentage of the GPS coordinates, for example 60%, 70%, 80% or some other percentage. This region defined by the centroid and the radius may be deemed the customary geographical region of operation of the UE 102 and used for performing the level 4 authentication.) associated with the location profile for the wireless user device, generating a response to the request for user account authentication ((14:7-16) At block 216, the authenticator server application transmits an authentication result to the third party that sent the authentication request. The authentication result may be provided as a binary value, for example success or failure, pass or fail.). Gailloux does not specifically teach: wherein the radio access network data comprises Cell ID and location area code (LAC) for each location of the wireless user device and populating the location profile for the wireless user device with a Cell ID and LAC for each location for the wireless user device over time. However, in the same field of endeavor, Santos teaches: wherein the radio access network data comprises Cell ID and location area code (LAC) for each location of the wireless user device ([0048] The RAN 40 may convert the CID, LAC, CGI or other identifier of a cell or transceiver used to transmit the authentication message to the user device to any other form of location information for identifying the user device, such as co-ordinates or a geographic region. The RAN 40 may then transmit the co-ordinates or geographic region (or the location information) to the authentication server 30. Alternatively, the RAN 40 may transmit the CID, LAC, CGI or other identifier of a cell or transceiver used to transmit the authentication message to the user device 50 directly to the authentication server 30, wherein the authentication server 30 interprets the CID, LAC, CGI or other identifier of a cell or transceiver with reference to a suitable database.) and further comprising: populating the location profile for the wireless user device with a Cell ID and LAC for each location for the wireless user device over time ([0047] For example, the SMSC may record the Cell ID (CID) associated with the transceiver which transmitted the SMS message to the user device 50. Based on the CID or other identifier such as a Location Area Code (LAC), or Cell Global Identity (CGI), information pertaining to the location of the user device 50 which receives the SMS message may be determined. For example, based on a CID or LAC, the authentication service may determine that the user device is located within a certain geographic region. [0048] The RAN 40 may convert the CID, LAC, CGI or other identifier of a cell or transceiver used to transmit the authentication message to the user device to any other form of location information for identifying the user device, such as co-ordinates or a geographic region. . . . Alternatively, the RAN 40 may transmit the CID, LAC, CGI or other identifier of a cell or transceiver used to transmit the authentication message to the user device 50 directly to the authentication server 30, wherein the authentication server 30 interprets the CID, LAC, CGI or other identifier of a cell or transceiver with reference to a suitable database. ). Therefore, it would have been obvious to a person of ordinary skill in the art before the effective filing date of the claimed invention to modify Gailloux to include the feature of including data that comprises CID and LAC and a combination of Gailloux with Santos renders the claim prima facie obvious within the described scope of the prior art and any indicated differences within the level of one of ordinary skill in the art (e.g., telecommunications engineer) according to a combination of known prior art elements with known methods to yield predictable results. MPEP 2143(I)(A) (e.g., including data that comprises CID and LAC and maintaining the location profile). Regarding claim 9, Gailloux teaches: collecting radio access network data from the wireless user device ((12:12-19) The authenticator server application 130 may periodically determine a customary geographical region for each of a plurality of UEs 102 that have been provisioned with the authenticator client application 116. The authenticator client application 116 may periodically report one or more GPS coordinates to the authenticator server application 130 to promote the authenticator server application 130 to build a history of locations of the UE 102.). Regarding claim 10, Gailloux does not specifically teach: parsing the radio access network data into Cell ID and LAC. However, in the same field of endeavor, Santos teaches: parsing the radio access network data into Cell ID and LAC ([0048] The RAN 40 may convert the CID, LAC, CGI or other identifier of a cell or transceiver). Therefore, it would have been obvious to a person of ordinary skill in the art before the effective filing date of the claimed invention to modify Gailloux to include the feature of parsing the radio access network data into Cell ID and LAC and a combination of Gailloux with Santos renders the claim prima facie obvious within the described scope of the prior art and any indicated differences within the level of one of ordinary skill in the art (e.g., telecommunications engineer) according to a combination of known prior art elements with known methods to yield predictable results. MPEP 2143(I)(A) (e.g., parsing the radio access network data into Cell ID and LAC). Regarding claim 11, Gailloux does not specifically teach: populating the location profile for the wireless user device with the Cell ID and the LAC for each location for the wireless user device over time. However, in the same field of endeavor, Santos teaches: populating the location profile for the wireless user device with the Cell ID and the LAC for each location for the wireless user device over time ([0048] The RAN 40 may convert . . . to any other form of location information for identifying the user device, such as co-ordinates or a geographic region.). Therefore, it would have been obvious to a person of ordinary skill in the art before the effective filing date of the claimed invention to modify Gailloux to include the feature of populating the location profile and a combination of Gailloux with Santos renders the claim prima facie obvious within the described scope of the prior art and any indicated differences within the level of one of ordinary skill in the art (e.g., telecommunications engineer) according to a combination of known prior art elements with known methods to yield predictable results. MPEP 2143(I)(A) (e.g., populating the location profile). Regarding claim 12, Gailloux does not specifically teach: further comprising: maintaining the location profile for wireless user device collected Cell ID and LAC for the wireless user device. However, in the same field of endeavor, Santos teaches: further comprising: maintaining the location profile for wireless user device collected Cell ID and LAC for the wireless user device ([0048] Alternatively, the RAN 40 may transmit the CID, LAC, CGI or other identifier of a cell or transceiver used to transmit the authentication message to the user device 50 directly to the authentication server 30, wherein the authentication server 30 interprets the CID, LAC, CGI or other identifier of a cell or transceiver with reference to a suitable database.). Therefore, it would have been obvious to a person of ordinary skill in the art before the effective filing date of the claimed invention to modify Gailloux to include the feature of maintaining the location profile and a combination of Gailloux with Santos renders the claim prima facie obvious within the described scope of the prior art and any indicated differences within the level of one of ordinary skill in the art (e.g., telecommunications engineer) according to a combination of known prior art elements with known methods to yield predictable results. MPEP 2143(I)(A) (e.g., maintaining the location profile). Regarding claim 13, Gailloux teaches: A non-transitory computer-readable medium storing instructions that when executed by a processor cause the processor to perform operations comprising: receiving a location of a wireless user device associated with a request for user account authentication for a mobile network operator (MNO) ((11:62-67) In the event a level 4 authentication was also requested, the authentication request 164 may comprise a command to the authenticator client application 116 to invoke a GPS position fix determination on the UE 102 and to return the GPS coordinates in the authenticator reply message 174.); comparing the location of the wireless user device associated with the request for user account authentication with a location profile of locations of the wireless user device over time to determine if the location associated with the wireless user device for the request for user account authentication satisfies a threshold associated with the location profile ((11:66-12:5) The authenticator server application 130 may compare the current location of the UE 102, indicated by the GPS coordinates, to a history of locations of the UE 102. If the GPS coordinates indicate that the UE 102 is located within a customary geographical region, the level 4 authentication may be deemed to have passed otherwise the level 4 authentication may be deemed to have passed.); and responsive to satisfying the threshold ((12:27-35) The authenticator server application 130 may analyze the GPS coordinate data provided by the authenticator client application 116 to determine a centroid of GPS coordinates and a radius that encloses some predefined percentage of the GPS coordinates, for example 60%, 70%, 80% or some other percentage. This region defined by the centroid and the radius may be deemed the customary geographical region of operation of the UE 102 and used for performing the level 4 authentication.) associated with the location profile for the wireless user device, generating a response to the request for user account authentication ((14:7-16) At block 216, the authenticator server application transmits an authentication result to the third party that sent the authentication request. The authentication result may be provided as a binary value, for example success or failure, pass or fail.). Gailloux does not specifically teach: wherein the radio access network data comprises Cell ID and location area code (LAC) for each location of the wireless user device and populating the location profile for the wireless user device with a Cell ID and LAC for each location for the wireless user device over time. However, in the same field of endeavor, Santos teaches: wherein the radio access network data comprises Cell ID and location area code (LAC) for each location of the wireless user device ([0048] The RAN 40 may convert the CID, LAC, CGI or other identifier of a cell or transceiver used to transmit the authentication message to the user device to any other form of location information for identifying the user device, such as co-ordinates or a geographic region. The RAN 40 may then transmit the co-ordinates or geographic region (or the location information) to the authentication server 30. Alternatively, the RAN 40 may transmit the CID, LAC, CGI or other identifier of a cell or transceiver used to transmit the authentication message to the user device 50 directly to the authentication server 30, wherein the authentication server 30 interprets the CID, LAC, CGI or other identifier of a cell or transceiver with reference to a suitable database.) and further comprising: populating the location profile for the wireless user device with a Cell ID and LAC for each location for the wireless user device over time ([0047] For example, the SMSC may record the Cell ID (CID) associated with the transceiver which transmitted the SMS message to the user device 50. Based on the CID or other identifier such as a Location Area Code (LAC), or Cell Global Identity (CGI), information pertaining to the location of the user device 50 which receives the SMS message may be determined. For example, based on a CID or LAC, the authentication service may determine that the user device is located within a certain geographic region. [0048] The RAN 40 may convert the CID, LAC, CGI or other identifier of a cell or transceiver used to transmit the authentication message to the user device to any other form of location information for identifying the user device, such as co-ordinates or a geographic region. . . . Alternatively, the RAN 40 may transmit the CID, LAC, CGI or other identifier of a cell or transceiver used to transmit the authentication message to the user device 50 directly to the authentication server 30, wherein the authentication server 30 interprets the CID, LAC, CGI or other identifier of a cell or transceiver with reference to a suitable database. ). Therefore, it would have been obvious to a person of ordinary skill in the art before the effective filing date of the claimed invention to modify Gailloux to include the feature of including data that comprises CID and LAC and a combination of Gailloux with Santos renders the claim prima facie obvious within the described scope of the prior art and any indicated differences within the level of one of ordinary skill in the art (e.g., telecommunications engineer) according to a combination of known prior art elements with known methods to yield predictable results. MPEP 2143(I)(A) (e.g., including data that comprises CID and LAC and maintaining the location profile). Regarding claim 14, Gailloux does not specifically teach: wherein the locations of the wireless user device over time are accessed from radio access network (RAN) data. However, in the same field of endeavor, Santos teaches: wherein the locations of the wireless user device over time are accessed from radio access network (RAN) data ([0047] In step 102, the RAN 40 generates location information of the user device 50 when the RAN 40 transmits the authentication message to the user device 50. For example, where the authentication message is transmitted as an SMS message, the Short Message Service Centre (SMSC) responsible for transmitting the SMS message to the user device 50 generates location information of the user device 50 when the authentication message (SMS message) is transmitted to the user device 50 over the RAN 40. For example, when transmitting the SMS message to the user device 50 the SMSC may identify the cell, or transceiver used to transmit the SMS message to the user device 50. For example, the SMSC may record the Cell ID (CID) associated with the transceiver which transmitted the SMS message to the user device 50. Based on the CID or other identifier such as a Location Area Code (LAC), or Cell Global Identity (CGI), information pertaining to the location of the user device 50 which receives the SMS message may be determined. For example, based on a CID or LAC, the authentication service may determine that the user device is located within a certain geographic region. As such, the generation of a CID, LAC, or CGI by the RAN 40 when transmitting the SMS message to the user device is a generation of location information of the user device 50.). Therefore, it would have been obvious to a person of ordinary skill in the art before the effective filing date of the claimed invention to modify Gailloux to include the feature of accessing RAN data and a combination of Gailloux with Santos renders the claim prima facie obvious within the described scope of the prior art and any indicated differences within the level of one of ordinary skill in the art (e.g., telecommunications engineer) according to a combination of known prior art elements with known methods to yield predictable results. MPEP 2143(I)(A) (e.g., accessing RAN data). Regarding claim 15, Gailloux does not specifically teach: wherein the radio access network data comprises Cell ID and location area code (LAC) for each location of the wireless user device. However, in the same field of endeavor, Santos teaches: wherein the radio access network data comprises Cell ID and location area code (LAC) for each location of the wireless user device ([0048] The RAN 40 may convert the CID, LAC, CGI or other identifier of a cell or transceiver used to transmit the authentication message to the user device to any other form of location information for identifying the user device, such as co-ordinates or a geographic region. The RAN 40 may then transmit the co-ordinates or geographic region (or the location information) to the authentication server 30. Alternatively, the RAN 40 may transmit the CID, LAC, CGI or other identifier of a cell or transceiver used to transmit the authentication message to the user device 50 directly to the authentication server 30, wherein the authentication server 30 interprets the CID, LAC, CGI or other identifier of a cell or transceiver with reference to a suitable database.). Therefore, it would have been obvious to a person of ordinary skill in the art before the effective filing date of the claimed invention to modify Gailloux to include the feature of including data that comprises CID and LAC and a combination of Gailloux with Santos renders the claim prima facie obvious within the described scope of the prior art and any indicated differences within the level of one of ordinary skill in the art (e.g., telecommunications engineer) according to a combination of known prior art elements with known methods to yield predictable results. MPEP 2143(I)(A) (e.g., including data that comprises CID and LAC). Regarding claim 16, Gailloux teaches: wherein the response to the request for user account authentication is one of approve, deny, or request additional authentication ((14:11-13) The authentication result may be provided as a binary value, for example success or failure, pass or fail.). 0Regarding claim 17, Gailloux does not specifically teach: wherein a core network of the MNO maintains the location profile of the wireless user device. However, in the same field of endeavor, Santos teaches: wherein a core network of the MNO maintains the location profile of the wireless user device ([0047] For example, when transmitting the SMS message to the user device 50 the SMSC may identify the cell, or transceiver used to transmit the SMS message to the user device 50. For example, the SMSC may record the Cell ID (CID) associated with the transceiver which transmitted the SMS message to the user device 50. [0052] Associations between cells and geographic regions may be stored in a database, for example a database of the authentication server 30. [0053] The location information associated with the IP address of the user terminal 10 may be derived from an IP address database and the like. In the embodiment of Fig. 1, the authentication server 30 may determine a geographic region associated with the user terminal based on the IP address. The size of the geographic region may depend on the information available to the authentication server 30 regarding the IP address associated with the user terminal 10. For example, the authentication server 30 may determine a geographic region (e.g. a country, county or state or department, or city, or town) by comparing the IP address to an IP address database. In some embodiments, the authentication server 30 may have additional information regarding an address or location associated with an IP address associated with a user terminal 10. For example, the authentication server 30 may have a database comprising information associating a place of business or an address with an IP address of a user terminal 10). Therefore, it would have been obvious to a person of ordinary skill in the art before the effective filing date of the claimed invention to modify Gailloux to include (or obvious to try) the feature of maintaining the location profile on a core network and a combination of Gailloux with Santos renders the claim prima facie obvious within the described scope of the prior art and any indicated differences within the level of one of ordinary skill in the art (e.g., telecommunications engineer) according to a combination of known prior art elements with known methods to yield predictable results. MPEP 2143(I)(A) (e.g., maintaining the location profile on a core network). Regarding claim 19, Gailloux teaches: wherein the request for user account authentication originates at the wireless user device ((8:38-42) When a user of the UE 102 initiates a purchase transaction, the retail web page may transfer the browser application 117 to a web page of a payment web server application 122 executing on a server 120 (e.g., the browser presents the web page provided by the payment web server application 122). (11:62-67) In the event a level 4 authentication was also requested, the authentication request 164 may comprise a command to the authenticator client application 116 to invoke a GPS position fix determination on the UE 102 and to return the GPS coordinates in the authenticator reply message 174.). Claims 6 and 18 are rejected under 35 U.S.C. 103 as being unpatentable over Gailloux in view of Santos and further in view of U.S. Publication No. 2022/0248233 (hereinafter “Reeves”). Regarding claim 6, the combination of Gailloux and Santos does not specifically teach: wherein the request for user account authentication is for one of subscriber identification module (SIM) swap, user account password reset or a user account wireless billing account transaction. However, in the same field of endeavor, Reeves teaches: wherein the request for user account authentication is for one of subscriber identification module (SIM) swap, user account password reset or a user account wireless billing account transaction ([0008] In another embodiment, a method of assigning a risk score for user authentication by a UE is disclosed. The method comprises assigning a risk score, by a mobile service provider, to a user account based on risk behaviors ratings in the user account, wherein the risk behavior ratings are determined by a user activity log, a device history, a purchase history, and a location history of the UE, wherein the user activity includes a SIM card authorization.). Therefore, it would have been obvious to a person of ordinary skill in the art before the effective filing date of the claimed invention to modify the combination of Gailloux and Santos to include the request for a SIM swap and a combination of Gailloux and Santos with Reeves renders the claim prima facie obvious within the described scope of the prior art and any indicated differences within the level of one of ordinary skill in the art (e.g., telecommunications engineer) according to a combination of known prior art elements with known methods to yield predictable results. MPEP 2143(I)(A) (e.g., requesting a SIM swap). Regarding claim 18, the combination of Gailloux and Santos does not specifically teach: wherein the request for user account authentication is for one of subscriber identification module (SIM) swap, user account password reset or a user account wireless billing account transaction. However, in the same field of endeavor, Reeves teaches: wherein the request for user account authentication is for one of subscriber identification module (SIM) swap, user account password reset or a user account wireless billing account transaction ([0008] In another embodiment, a method of assigning a risk score for user authentication by a UE is disclosed. The method comprises assigning a risk score, by a mobile service provider, to a user account based on risk behaviors ratings in the user account, wherein the risk behavior ratings are determined by a user activity log, a device history, a purchase history, and a location history of the UE, wherein the user activity includes a SIM card authorization.). Therefore, it would have been obvious to a person of ordinary skill in the art before the effective filing date of the claimed invention to modify the combination of Gailloux and Santos to include the request for a SIM swap and a combination of Gailloux and Santos with Reeves renders the claim prima facie obvious within the described scope of the prior art and any indicated differences within the level of one of ordinary skill in the art (e.g., telecommunications engineer) according to a combination of known prior art elements with known methods to yield predictable results. MPEP 2143(I)(A) (e.g., requesting a SIM swap). Conclusion The prior art made of record and not relied upon is considered pertinent to applicant's disclosure. U.S. Publication No. 2021/0058383 (Colon) related to location-based mobile device authentication U.S. Publication No. 2022/0385656 (Gujarathi) related to secondary multifactor authentication WIPO Publication No. 03/075125 (Roese) related to location aware data network Applicant's amendment necessitated the new ground(s) of rejection presented in this Office action. Accordingly, THIS ACTION IS MADE FINAL. See MPEP § 706.07(a). Applicant is reminded of the extension of time policy as set forth in 37 CFR 1.136(a). A shortened statutory period for reply to this final action is set to expire THREE MONTHS from the mailing date of this action. In the event a first reply is filed within TWO MONTHS of the mailing date of this final action and the advisory action is not mailed until after the end of the THREE-MONTH shortened statutory period, then the shortened statutory period will expire on the date the advisory action is mailed, and any nonprovisional extension fee (37 CFR 1.17(a)) pursuant to 37 CFR 1.136(a) will be calculated from the mailing date of the advisory action. In no event, however, will the statutory period for reply expire later than SIX MONTHS from the mailing date of this final action. Any inquiry concerning this communication or earlier communications from the examiner should be directed to JUSTIN BARRY whose telephone number is (571)272-0201. The examiner can normally be reached 8:00am EST to 5:00pm EST. Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice. If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Jinsong HU can be reached at (571) 272-3965. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300. Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. Visit https://www.uspto.gov/patents/apply/patent-center for more information about Patent Center and https://www.uspto.gov/patents/docx for information about filing in DOCX format. For additional questions, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000. /JAB/ Examiner, Art Unit 2643 /JINSONG HU/ Supervisory Patent Examiner, Art Unit 2643