DETAILED ACTION
Notice of Pre-AIA or AIA Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .
Continued Examination Under 37 CFR 1.114
A request for continued examination under 37 CFR 1.114, including the fee set forth in 37 CFR 1.17(e), was filed in this application after final rejection. Since this application is eligible for continued examination under 37 CFR 1.114, and the fee set forth in 37 CFR 1.17(e) has been timely paid, the finality of the previous Office action has been withdrawn pursuant to 37 CFR 1.114. Applicant's submission filed on January 05, 2026 has been entered.
Response to arguments
Claims 1-10, 15 and 19 have been amended. No claim has been added or cancelled. Therefore, claims 1-20 are pending.
Claims 13-20 are rejected under over Slade, US pat. No 20150120572 in view of Oberheide, US pat. No 20160352516 in further view of Song, US 20160164866 A1 in further view of Buller, US pat. No 20240311452 in further view of VALKAITIS, US pat. No 20230139110 in further view of Nielsen, US pat. No 6021435.
Claim Rejections - 35 USC § 103
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.
Claims 1- 7, 10-16 and 19-20 are rejected under 35 U.S.C 103 as being unpatentable over Slade, US pat. No 20150120572 in view of Oberheide, US pat. No 20160352516 in further view of Song, US 20160164866 A1.
1. Slade discloses an electronic device (See Nitro, abstract; A mobile deposit application including a remotely accessible bank administrative interface module for setting a plurality of geographic-based security rules, a rules module communicative coupled to the bank administrative interface module, the rules module comprising bank-definable location parameters for enabling mobile deposit based on the geographic location of a mobile device) comprising: a display; (See Nitro, fig 1; a display) a network interface which enables the electronic device to connect to, and exchange data with, at least one second electronic device; (See Nitro, [0060]; In attempting a RDC mobile deposit GPS coordinate from mobile device 440 are sent to authentication server 450 which compares the GPS coordinates with the previously set restrictions and either authorizes or denies the mobile deposit) and a processor communicatively coupled to the display, (See Nitro, fig 11; element 400 and 440) the memory, (See Nitro, fig 11; element 400 and 440) and the network interface, and which executes program code of the 2FAR control module, (See Nitro, fig 11; element 400 and 440) which causes the electronic device to:
detect a 2FA readiness status of a receiving device to receive and present 2FA information; (See Nitro, [0046-0047] and [0050]; we can detect if the device has been jail-broken in the case of iOS or rooted in the case of Android. If this is detected then the application hides specific features, and notifies the user that the feature has been disabled for their protection) and in response to identifying the 2FA readiness status of the receiving device as not ready, display an alert on the display of the electronic device. (See Nitro, [0046-0047-0047]; If it is determined that the IP address originated outside of the allowed geographic area then the device is not serviced with the correct API request, instead returning a code to the app which is recognized as instructing the app to display that the feature has been disabled for their protection.) Nitro does not appear to explicitly disclose a memory having stored thereon at least one application and a two-factor authentication readiness (2FAR) control module [[and a database comprising fields associated with one or more of a group comprising applications, websites, operation types, and accounts identified as previously invoking a two-factor authentication (2FA) process at the electronic device;]] However, Oberheide discloses a memory having stored thereon at least one application and a two-factor authentication readiness (2FAR) control module; (See Oberheide, [0037]; a mobile device is configured for use as a two-factor authentication device i.e., see also fig 1; App storage)
Nitro and Oberheide are analogous art because they are from the same field of endeavor which is access control. It would have been obvious to a person of ordinary skill in the art before the effective filing date of the claimed invention to modify the invention of Nitro with the teaching of Oberheide to include the storage App because it would have allowed to storage a plurality of application allowing a device to perform specific functions.
The combination of Nitro and Oberheide does not appear to explicitly disclose detect a potential 2FA condition based on detecting an occurrence corresponding to at least one of the fields contained in the database; and a database comprising fields associated with one or more of a group comprising applications, websites, operation types, and accounts identified as previously invoking a two-factor authentication (2FA) process at the electronic device;
However, Song discloses detect a potential 2FA condition based on detecting an occurrence corresponding to at least one of the fields contained in the database; (See Song, [0023] and [0040-0042]; If a digital fingerprint has a higher match with an illicit digital fingerprint than a digital fingerprint of the associated account, the authentication transaction can be prevented or a secondary device warning can be triggered. See also The primary client and the secondary client can alternatively be any suitable application type that can act as distinct client endpoints. The secondary client is preferably able to display client concern notifications. When processing a 2FA request accompanied by a client concern notification, the secondary client will preferably display a notification. In another variation, the user must actively acknowledge or approve a client concern notification before completing 2FA. In some variations, concerns of the secondary client can similarly be conveyed to the first client.) and a database comprising fields associated with one or more of a group comprising applications, websites, operation types, and accounts identified as previously invoking a two-factor authentication (2FA) process at the electronic device; (See Song, [0040-0042]; the digital fingerprints collected for clients involved in authentication transactions may result in a client fingerprint used in (or suspected of) illicit use of the system 100. The method 200 can additionally include recording illicit digital fingerprints, which functions to establish a history of devices that are frequently used in suspicious behavior or in verified attacks. Such illicit digital fingerprints can be used across multiple accounts when exposing authentication transaction concerns. If a digital fingerprint has a higher match with an illicit digital fingerprint than a digital fingerprint of the associated account, the authentication transaction can be prevented or a secondary device warning can be triggered. The illicit digital fingerprints can be used in preventing attacks on fingerprints with no or little digital fingerprint history. Digital fingerprints are preferably collected for substantially each client involvement with an authentication transaction. Accordingly, a client fingerprint is captured and then evaluated. If the client fingerprint is determined to be an illicit fingerprint, the digital fingerprint can label, categorized, or otherwise stored with an association to illicit digital fingerprints. A digital fingerprint can be labeled an illicit fingerprint through automatic comparison to historical digital fingerprints of the account, through user confirmation of a concern notification on a second client device, or through any suitable approach.)
Nitro, Oberheide and Song are analogous art because they are from the same field of endeavor which is access control. It would have been obvious to a person of ordinary skill in the art before the effective filing date of the claimed invention to modify the invention of Nitro and Oberheide with the teaching of Song to include the database of triggers because it would have allowed the system to determine when to trigger a two-factor authentication.
2. The combination of Nitro, Oberheide and Song discloses the electronic device of claim 1, wherein to detect the 2FA readiness status, the processor is configured the electronic device to:
identify, as the receiving device, a second electronic device that is an authenticator device for the potential 2FA condition; (See Oberheide, [0024]; The device capability profiler 120 preferably checks for a set of hardware capabilities, platform enabled capabilities, qualitative capabilities of a device (e.g., processing speed, storage, etc.), and/or secondary device capabilities and uses these capabilities to generate one or more capability assessments.)
connect to the second electronic device via a local network; (See Oberheide, [0028] and [0030]; device capabilities may include enabling use of a connected secondary device)
and query the second electronic device to determine a status of a communication channel associated with the potential 2FA condition. (See Nitro, [0046-0047]) Nitro, Oberheide and Song are analogous art because they are from the same field of endeavor which is access control. It would have been obvious to a person of ordinary skill in the art before the effective filing date of the claimed invention to modify the invention of Nitro and Song with the teaching of Oberheide to include the storage App because it would have allowed to storage a plurality of application allowing a device to perform specific functions.
3. The combination of Nitro, Oberheide and Song discloses the electronic device of claim 2, wherein further, the processor is configured to cause the electronic device to: in response to determining that a network interface required for receiving the 2FA information is not enabled, enable the network interface on the second electronic device to allow receipt of the 2FA information. (See Nitro, [0019]; a software application enabled on non-transitory computer readable media to perform instructions on a computer (typically a web server portal networked to back-office support servers).)
4. The combination of Nitro, Oberheide and Song discloses the electronic device of claim 3, wherein to enable the network interface on the second electronic device, the processor is configured to cause the electronic device to: determine that the communication channel associated with the potential 2FA condition is a cellular network; (See Nitro, [0044]) and send a command to the second electronic device to enable a cellular network interface on the second electronic device. (See Nitro, [0054])
5. The combination of Nitro, Oberheide and Song discloses the electronic device of claim 3, wherein further, the processor is configured to cause the electronic device to: monitor the second electronic device for receipt of a one-time passcode (OTP) on the second electronic device; (See Nitro, [0047]; code received) retrieves the OTP from the second electronic device, the OTP being identified as the 2FA information received by the second electronic device to complete the 2FA condition; (See Nitro, [0046-0047]; Transactions such as financial data, banking or mobile check deposits require a server component and in addition to the device determining if it's location is permitted or not, the server API also limits web API requests to the geographically derived IP address of the requesting device. To do this, the IP address of the device is received by the server and compared with a Geo-Location database to determine the general geographic area. A configurable wider radius is used on the server side as mobile devices move from tower to tower thereby causing their IP addresses to change. [0047] If it is determined that the IP address originated outside of the allowed geographic area then the device is not serviced with the correct API request, instead returning a code to the app which is recognized as instructing the app to display that the feature has been disabled for their protection) and displays the OTP on the display of the electronic device. (See Nitro, [0046-0047]; Transactions such as financial data, banking or mobile check deposits require a server component and in addition to the device determining if it's location is permitted or not, the server API also limits web API requests to the geographically derived IP address of the requesting device. To do this, the IP address of the device is received by the server and compared with a Geo-Location database to determine the general geographic area. A configurable wider radius is used on the server side as mobile devices move from tower to tower thereby causing their IP addresses to change. [0047] If it is determined that the IP address originated outside of the allowed geographic area then the device is not serviced with the correct API request, instead returning a code to the app which is recognized as instructing the app to display that the feature has been disabled for their protection)
7. The combination of Nitro, Oberheide and Song discloses the electronic device of claim 6, wherein the user profile further comprises an identification of the receiving device, and the processor is configured to cause the electronic device to: identify a communication channel associated with the receiving device and a 2FA method; (See Nitro, [0046-0047]) and include in the alert, a message to check the status of at least the identified communication channel. (See Nitro, [0024]; a fraud alert module communicatively coupled to the rules server. Responsive to a geographically identified fraud attempt, a blocked geographic zone is automatically generated centered on the location of the fraud attempt. A predetermined wait constant is accessed by the fraud alert module wherein the blocked geographic zone is disabled after a duration of time defined by the wait constant has expired after the fraud attempt was first identified)
10. As to claim 10, the claim is rejected under the same rationale as claim 1. See the rejection of claim 1 above.
11. As to claim 11, the claim is rejected under the same rationale as claim 2. See the rejection of claim 2 above.
12. As to claim 12, the claim is rejected under the same rationale as claim 3. See the rejection of claim 3 above.
13. As to claim 13, the claim is rejected under the same rationale as claim 4. See the rejection of claim 4 above.
14. As to claim 14, the claim is rejected under the same rationale as claim 5. See the rejection of claim 5 above.
15. As to claim 15, the claim is rejected under the same rationale as claim 6. See the rejection of claim 6 above.
16. The combination of Nitro, Oberheide and Song discloses the method of claim 15, further comprising: obtaining an identification of the receiving device from the user profile; (See Nitro, [0022]) identifying a communication channel associated with the receiving device and the 2FA method; (See Nitro, [0046-0047]) and including in the alert, a message to check the status of at least the identified communication channel. (See Nitro, [0024]; a fraud alert module communicatively coupled to the rules server. Responsive to a geographically identified fraud attempt, a blocked geographic zone is automatically generated centered on the location of the fraud attempt. A predetermined wait constant is accessed by the fraud alert module wherein the blocked geographic zone is disabled after a duration of time defined by the wait constant has expired after the fraud attempt was first identified)
19. As to claim 19, the claim is rejected under the same rationale as claim 1. See the rejection of claim 1 above.
Claim 6 is rejected under 35 U.S.C 103 as being unpatentable over Slade, US pat. No 20150120572 in view of Oberheide, US pat. No 20160352516 in further view of Song, US 20160164866 A1 in further view of Buller, US pat. No 20240311452.
6. The combination of Nitro, Oberheide and Song discloses the electronic device of claim 1, wherein the 2FAR control module comprises an artificial intelligence (AI) engine, and to detect a potential 2FA condition, the processor is configured to cause the electronic device to: identify, using the AI engine, a currently presented webpage on the display of the electronic device as potentially requiring 2FA; (See Nitro, [0046]; Transactions such as financial data, banking or mobile check deposits require a server component and in addition to the device determining if it's location is permitted or not, the server API also limits web API requests to the geographically derived IP address of the requesting device. To do this, the IP address of the device is received by the server and compared with a Geo-Location database to determine the general geographic) and retrieve, from the database, a user profile corresponding to the currently presented webpage, wherein the user profile contains a 2FA configuration. (See Nitro, [0019], through this portal, a banking representative configures a mobile device application having a mobile deposit function to electronically capture images of a paper check and submit them for electronic deposit to a bank account. The bank representative does not need to have programming experience to manage the configuration settings.)
The combination of Nitro, Oberheide and Song does not appear to explicitly disclose the Artificial intelligence. However, Buller discloses the Artificial intelligence. (See Buller, [0028]. According to your specification, AI is embedded into a processor)
Nitro, Oberheide, Song and Buller are analogous art because they are from the same field of endeavor which is access control. It would have been obvious to a person of ordinary skill in the art before the effective filing date of the claimed invention to modify the invention of Nitro, Oberheide, and Song with the teaching of Buller to include the AI because it would have allowed faster processing of information.
Claims 8-9, 17-18 and 20 are rejected under 35 U.S.C 103 as being unpatentable over Slade, US pat. No 20150120572 in view of Oberheide, US pat. No 20160352516 in further view of Song, US 20160164866 A1 in further view of VALKAITIS, US pat. No 20230139110 in further view of Nielsen, US pat. No 6021435.
8. The combination of Nitro, Oberheide and Song discloses the electronic device of claim 1, wherein to detect a potential 2FA condition, the processor is configured to cause the electronic device to: identify the receiving device associated with the at least one 2FA method; (See Nitro, [0046-0047]; Transactions such as financial data, banking or mobile check deposits require a server component and in addition to the device determining if it's location is permitted or not, the server API also limits web API requests to the geographically derived IP address of the requesting device. To do this, the IP address of the device is received by the server and compared with a Geo-Location database to determine the general geographic area. A configurable wider radius is used on the server side as mobile devices move from tower to tower thereby causing their IP addresses to change. [0047] If it is determined that the IP address originated outside of the allowed geographic area then the device is not serviced with the correct API request, instead returning a code to the app which is recognized as instructing the app to display that the feature has been disabled for their protection) includes in the alert, a message to check the status of the identified receiving device and the identified VPN; (See Nitro, [0046-0047] and [0050]; we can detect if the device has been jail-broken in the case of iOS or rooted in the case of Android. If this is detected then the application hides specific features, and notifies the user that the feature has been disabled for their protection. See also [0050])
The combination of Nitro, Oberheide and Song does not appear to explicitly disclose identify one or more available virtual private network (VPN) applications on the electronic device; identify at least one 2FA method associated with establishing a VPN utilizing at least one of the one or more available VPN applications; and initiate an activation of the identified VPN.
However, VALKAITIS discloses identify one or more available virtual private network (VPN) applications on the electronic device; (See VALKAITIS, [0008] VPNs may employ user authentication, which may involve verification of credentials required to confirm authenticity/identity of the user. For instance, when a user launches the VPN application to request a VPN connection, the VPN service provider may authenticate the user device prior to providing the user device with access to VPN services.)
identify at least one 2FA method associated with establishing a VPN utilizing at least one of the one or more available VPN applications; (See VALKAITIS, [0008]; To provide improved security in the VPN, user authentication may include additional factors such as knowledge, possession, inheritance, or the like. Knowledge factors may include items (e.g., pin numbers) that an authentic user may be expected to know. Possession factors may include items (e.g., a token provider to provide one-time password (OTP) tokens) that an authentic user may be expected to possess at a time associated with the authentication. Inherent factors may include biometric items (e.g., fingerprint scans, retina scans, iris scans, or the like) that may be inherent traits of an authentic user.)
and initiate an activation of the identified VPN. (See VALKAITIS, [0008] VPNs may employ user authentication, which may involve verification of credentials required to confirm authenticity/identity of the user. For instance, when a user launches the VPN application to request a VPN connection, the VPN service provider may authenticate the user device prior to providing the user device with access to VPN services.)
Nitro, Oberheide, Song and VALKAITIS are analogous art because they are from the same field of endeavor which is access control. It would have been obvious to a person of ordinary skill in the art before the effective filing date of the claimed invention to modify the invention of Nitro with the teaching of Oberheide to include the VPN because it would have allowed to improve security. The combination of Nitro, Oberheide, Song and VALKAITIS does not appear to explicitly disclose determine that a secure URL is currently unreachable by the electronic device. However, Nielsen discloses determine that a secure URL is currently unreachable by the electronic device; (See Nielsen, fig 3; unreachable link)
Nitro, Oberheide, Song, VALKAITIS and Nielsen are analogous art because they are from the same field of endeavor which is access control. It would have been obvious to a person of ordinary skill in the art before the effective filing date of the claimed invention to modify the invention of Nitro, Oberheide, Song and VALKAITIS with the teaching of Oberheide to include the web address because it would have allowed to determine where resource are located.
9. The combination of Nitro, Oberheide, Song, VALKAITIS and Nielsen discloses the electronic device of claim 1, wherein to display an alert on the display of the electronic device, the processor is configured to cause the electronic device to: determine that one or more of the receiving device and an application on the receiving device supporting the communication of the 2FA information is unavailable; (See Nitro, [0046-0047] and [0050]); we can detect if the device has been jail-broken in the case of iOS or rooted in the case of Android. If this is detected then the application hides specific features, and notifies the user that the feature has been disabled for their protection) and indicate, within the alert that is displayed on the display, that a corresponding one or both of the second electronic device and the application is currently unavailable. (See Nitro, [0046-0047]; Transactions such as financial data, banking or mobile check deposits require a server component and in addition to the device determining if it's location is permitted or not, the server API also limits web API requests to the geographically derived IP address of the requesting device. To do this, the IP address of the device is received by the server and compared with a Geo-Location database to determine the general geographic area. A configurable wider radius is used on the server side as mobile devices move from tower to tower thereby causing their IP addresses to change. [0047] If it is determined that the IP address originated outside of the allowed geographic area then the device is not serviced with the correct API request, instead returning a code to the app which is recognized as instructing the app to display that the feature has been disabled for their protection)
17. As to claim 17, the claim is rejected under the same rationale as claim 8. See the rejection of claim 8 above.
18. As to claim 18, the claim is rejected under the same rationale as claim 9. See the rejection of claim 9 above.
20. As to claim 20, the claim is rejected under the same rationale as claim 8. See the rejection of claim 8 above.
Conclusion
The prior art made of record and not relied upon is considered pertinent to applicant's disclosure.
McClintock, US 9426139 B1, title “ Triggering A Request For An Authentication.”
Peterson, US 20180300676 A1, title “DELIVERY ROBOT AND METHOD OF OPERATION”.
Any inquiry concerning this communication or earlier communications from the examiner should be directed to JOSNEL JEUDY whose telephone number is (571)270-7476. The examiner can normally be reached M-F 10:00-8:00.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Arani T Taghi can be reached on (571)272-3787. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. Visit https://www.uspto.gov/patents/apply/patent-center for more information about Patent Center and https://www.uspto.gov/patents/docx for information about filing in DOCX format. For additional questions, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.
Date: 2/05/2026 /JOSNEL JEUDY/Primary Examiner, Art Unit 2438