DETAILED ACTION
Notice of Pre-AIA or AIA Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .
This Office Action is in response to application 18/795,982 filed on 8/6/2024.
The examiner notes the IDS(s) filed on 10/3/2024 and 12/17/2024 has been considered.
Double Patenting
The nonstatutory double patenting rejection is based on a judicially created doctrine grounded in public policy (a policy reflected in the statute) so as to prevent the unjustified or improper timewise extension of the “right to exclude” granted by a patent and to prevent possible harassment by multiple assignees. A nonstatutory double patenting rejection is appropriate where the conflicting claims are not identical, but at least one examined application claim is not patentably distinct from the reference claim(s) because the examined application claim is either anticipated by, or would have been obvious over, the reference claim(s). See, e.g., In re Berg, 140 F.3d 1428, 46 USPQ2d 1226 (Fed. Cir. 1998); In re Goodman, 11 F.3d 1046, 29 USPQ2d 2010 (Fed. Cir. 1993); In re Longi, 759 F.2d 887, 225 USPQ 645 (Fed. Cir. 1985); In re Van Ornum, 686 F.2d 937, 214 USPQ 761 (CCPA 1982); In re Vogel, 422 F.2d 438, 164 USPQ 619 (CCPA 1970); In re Thorington, 418 F.2d 528, 163 USPQ 644 (CCPA 1969).
A timely filed terminal disclaimer in compliance with 37 CFR 1.321(c) or 1.321(d) may be used to overcome an actual or provisional rejection based on nonstatutory double patenting provided the reference application or patent either is shown to be commonly owned with the examined application, or claims an invention made as a result of activities undertaken within the scope of a joint research agreement. See MPEP § 717.02 for applications subject to examination under the first inventor to file provisions of the AIA as explained in MPEP § 2159. See MPEP § 2146 et seq. for applications not subject to examination under the first inventor to file provisions of the AIA . A terminal disclaimer must be signed in compliance with 37 CFR 1.321(b).
The USPTO Internet website contains terminal disclaimer forms which may be used. Please visit www.uspto.gov/patent/patents-forms. The filing date of the application in which the form is filed determines what form (e.g., PTO/SB/25, PTO/SB/26, PTO/AIA /25, or PTO/AIA /26) should be used. A web-based eTerminal Disclaimer may be filled out completely online using web-screens. An eTerminal Disclaimer that meets all requirements is auto-processed and approved immediately upon submission. For more information about eTerminal Disclaimers, refer to www.uspto.gov/patents/process/file/efs/guidance/eTD-info-I.jsp.
Claims 1, 13 and 18 are rejected on the ground of nonstatutory double patenting as being unpatentable over claim 5 of U.S. Patent No. 11,095,643. Although the claims at issue are not identical, they are not patentably distinct from each other because:
The examiner notes that Claim 5 of U.S. patent No. 11,095,643 anticipates, more specifically: Claim 1: A system comprising a partnership system managing a digital ID network, the partnership system comprising: at least one processor; and a non-transitory computer-readable medium storing instructions executable by the at least one processor, the instructions instructing the at least one processor to: identify a request to register a particular user with a digital ID network, wherein the request is provided from a first customer system within a plurality of customer systems in the digital ID network, wherein the particular user is associated with a first trust relationship with the first customer system; obtain a set of personally identifiable information (PII) associated with the particular user via the first customer system; perform an identity verification (IDV) and fraud risk evaluation analysis of the particular user based on the obtained set of PII; and in response to satisfying the IDV and fraud risk evaluation analysis: generate a first unique digital ID for the particular user for use within the digital ID network, wherein the first unique digital ID uniquely represents the particular user to the partnership system; transmit a generated image representing the first unique digital ID to an interface of the first customer system associated with interactions with the particular user, wherein the transmitted image includes instructions for the particular user to capture a photo in or to submit the image to verify the identity of the particular user via a mobile trust application installed on a mobile device associated with the particular user, wherein the mobile trust application is associated with the digital ID network and the partnership system; and in response to verifying the identity of the particular user via the mobile trust application installed at the mobile device by verifying that the photo or the image corresponds to the first unique digital ID of the particular user, bind the mobile device of the particular user to the first unique digital ID of the particular user within the digital ID network, wherein the mobile device is associated with a unique set of device information and the unique set of device information is incorporated into the generated first digital ID associated with the particular user, wherein the generated first digital ID is available to be used by the plurality of customer systems registered within the digital ID network for authentication of the particular user. Claim 4: The system of claim 1, wherein each customer system of the plurality of customer systems is associated with a set of entity-specific authentication rules, wherein each set of entity-specific authentication rules identifying a set of transactions for a particular customer system and identifying a level of authentication required by users associated with those transactions. Claim 5. The system of claim 4, wherein at least some of the transactions for a particular customer system require at least one first additional authentication operation for users associated with those transactions, wherein the at least one first additional authentication operation comprises a first authentication request to be transmitted from the partnership system to a particular mobile device previously bound with the digital ID associated with the particular transaction, the partnership system further configured to transmit the first authentication request to the mobile trust application installed on the particular mobile device, wherein the first authentication request is presented via the mobile trust application.
The examiner notes that the features emphasized above anticipate what is claimed in the limitations of Claims 1, 13 and 18 of the Instant Application.
Therefore, the claims are rejected under nonstatutory double patenting.
Claims 1, 13 and 18 are rejected on the ground of nonstatutory double patenting as being unpatentable over claim 6 of U.S. Patent No. 12,074,872 Although the claims at issue are not identical, they are not patentably distinct from each other because:
The examiner notes that Claim 1 of U.S. patent No. 12,074,872 anticipates, more specifically: Claim 1 A partnership system comprising: at least one processor; and a non-transitory computer-readable medium storing instructions executable by the at least one processor, the instructions instructing the at least one processor to: generate a first unique digital ID for a user for use within a digital ID network in response to a request to register a mobile device of the user, wherein the first unique digital ID uniquely represents the user to the partnership system; transmit a generated image representing the first unique digital ID to an interface of a first customer system associated with interactions with the user, wherein the first customer system is registered within the digital ID network, wherein the transmitted image includes instructions for the user to capture a photo in or to submit the image to verify an identity of the user via a mobile trust application installed on a mobile device associated with the user, and wherein the mobile trust application is associated with the digital ID network and the partnership system; and in response to verifying the identity of the user via the mobile trust application installed at the mobile device by verifying that the photo or the image corresponds to the first unique digital ID of the user, bind the mobile device of the user to the first unique digital ID of the user within the digital ID network by incorporating device information of the mobile device into the first unique digital ID so that the generated first unique digital ID is available to be used by the first customer system for authentication of the user. Claim 5. The system of claim 1, wherein the first customer system is associated with a set of customer-specific authentication rules, wherein each set of customer-specific authentication rules identify (1) a set of transactions for the first customer system and (2) a level of authentication required by users associated with those transactions. Claim 6. The system of claim 5, wherein at least some of the transactions for the first customer system require at least one first additional authentication operation for users associated with those transactions, wherein the at least one first additional authentication operation comprises a first authentication request to be transmitted from the partnership system to the mobile device of the user previously bound with the first unique digital ID associated with the transaction, the partnership system further configured to transmit the first authentication request to the mobile trust application installed on the mobile device, wherein the first authentication request is presented via the mobile trust application.
The examiner notes that the features emphasized above anticipate what is claimed in the limitations of Claims 1, 14 and 18 of the Instant Application.
Therefore, the claims are rejected under nonstatutory double patenting.
Claims 1, 13 and 18 are rejected on the ground of nonstatutory double patenting as being unpatentable over claim 1 of U.S. Patent No. 11,652,820 Although the claims at issue are not identical, they are not patentably distinct from each other because:
The examiner notes that Claim 1 of U.S. patent No. 11,652,820 anticipates, more specifically:
A computerized method performed by a partnership system, the partnership system comprising one or more processors, the method comprising: receiving, from a customer system, information associated with a request to perform a particular transaction associated with a digital identifier (ID) of a particular user, wherein the received information includes an identification of the particular user associated with the request, a type of transaction that is being performed, and a risk evaluation strategy; performing the risk evaluation strategy based on the received information, wherein the risk evaluation strategy requires an additional authentication operation to be performed, wherein the risk evaluation strategy is determined implicitly from the received information; determining whether the additional authentication operation is required based on at least one of the performed risk evaluation strategy or a fraud risk analysis; in response to determining that additional authentication operations are not required, performing an authentication of the request to perform the particular transaction and passing back the request to the customer system associated with the transaction without requiring additional interaction with the user to authenticate the transaction; and in response to determining that an additional authentication operation is required: establishing a secure channel with a mobile trust application of a mobile device bound to the digital ID of the particular user; performing the additional authentication operation required by the at least one of the risk evaluation strategy or the fraud risk analysis by preparing and sending real-time requests to the user via the mobile trust application; in response to receiving a response from the user to the requested authentication operation via the mobile trust application, determining whether the received response satisfies the additional authentication operation requirements for authorizing the transaction; in response to determining that the response does not satisfy the additional authentication operation, providing an indication of a failure and indicating to the customer system that the additional authentication operation failed; and in response to determining that the response satisfies the evaluation of the additional authentication operation by at least one of validating the identification of the user or confirming that the transaction request was not fraudulent, sending a result of a successful evaluation of the additional authentication operation to the customer system, wherein based on the result the requested transaction is authorized to be performed at the customer system.
The examiner notes that the features emphasized above anticipate what is claimed in the limitations of Claims 1, 13 and 18 of the Instant Application.
Therefore, the claims are rejected under nonstatutory double patenting
Claim Rejections - 35 USC § 103
In the event the determination of the status of the application as subject to AIA 35 U.S.C. 102 and 103 (or as subject to pre-AIA 35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis (i.e., changing from AIA to pre-AIA ) for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status.
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.
Claim(s) 1-9 and 12-20 is/are rejected under 35 U.S.C. 103 as being unpatentable over Oberheide (US 2018/0255054 A1) in view of Kapczynski (US 9,721,147 B1).
Regarding Claim 1;
Oberheide discloses a computerized method performed by a partnership system ([0009] – ...auth platform...), the partnership system comprising one or more processors ([0016] – processor), the method comprising:
determining whether an additional authentication operation is required to perform a particular transaction associated with [an account] of a particular user ([0009] - The method may be used in application such as web-based applications, remote access credentials, privileged account management, financial transactions, password recovery/reset mechanisms, physical access control, Automatic Teller Machine (ATM) withdrawals, domain name transfers, online or offline transactions, building access security, or any suitable application requiring authentication and/or authorization and [0010] - The authority device is preferably a device associated with an authentic agent that is a user or process that is legitimately authenticated or authorized to execute transactions and [0011] - Step S110, which includes registering an authority device for an account on an auth platform, functions to identify a device of an agent that is permitted to authenticate or authorize transactions. The registration preferably occurs prior to a transaction request, and is preferably performed during an initial setup of an account on the auth platform and [0012] – logging into a website and Claim 1 - ...using the multi-factor authentication account to identify the mobile user device of the user that is registered in association with the multi-factor authentication account...);
in response to determining that the additional authentication operation is required ([0011] - Step S110, which includes registering an authority device for an account on an auth platform, functions to identify a device of an agent that is permitted to authenticate or authorize transactions. The registration preferably occurs prior to a transaction request, and is preferably performed during an initial setup of an account on the auth platform. During the setup authentication and/or authorization rules are preferably set):
establishing a secure channel with a mobile trust application of a mobile device bound to the [an account] of the particular user ([0012] - Any suitable steps may be taken to secure the communication between the requesting entity, the auth platform and the authority device and [0013] - The message is preferably sent through a communication channel between the authority device and the auth platform. The communication channel is preferably a push notification service provided through the authority device. The communication channel may alternatively be a short message system SMS network, email, a instant message, an in-app notification system, web based websocket or publication-subscription channels, image based transmission of transaction information such as through QR-codes captured by a camera, or any suitable technique for messaging the device);
performing the additional authentication operation required by the at least one of a risk evaluation strategy or a fraud risk analysis by preparing and sending real-time requests to the particular user via the mobile trust application ([0011] - During the setup authentication and/or authorization rules are preferably set and [0012] - After a malicious transaction is prevented the approval rules for a transaction may be dynamically altered to increase security and [0013] - The realtime aspect of the messaging functions to enable authentication and authorization at the time of the transaction and [0014] - Step S140, which includes receiving an authority agent response from the authority device to the auth platform, functions to process a response from an authentic user or authorized user. The response preferably confirms or denies a transaction).
receiving a response from the particular user to the additional authentication operation via the mobile trust application ([0014] - Step S140, which includes receiving an authority agent response from the authority device to the auth platform, functions to process a response from an authentic user or authorized user. The response preferably confirms or denies a transaction);
in response to determining that the response does not satisfy the additional authentication operation, providing an indication of a failure and indicating to a customer system that the additional authentication operation failed ([0015] - Step S150 and S152, which includes if the authority agent response confirms the transaction, communicating a confirmed transaction to the initiator, and if the authority agent response denies the transaction, communicating a denied transaction to the initiator, function to communicate the authentication and/or authorization to the initiator of the transaction. Any suitable response to a transaction is preferably communicated back to the requesting entity (e.g., a third party website or an ATM machine). The requesting entity can then preferably take appropriate action. If the transaction is confirmed or approved, the transaction proceeds. If the transaction is denied or altered, the requesting entity preferably halts or prevents the transaction); and
denying authorization of the particular transaction ([0015]).
Oberheide fails to explicitly disclose a digital identifier ID [of a particular user].
However, in an analogous art, Kapczynski teaches a digital identifier ID [of a particular user] (col. 3, lines 65-col. 4, lines 16 – the digital ID).
Therefore, it would have been obvious to one of ordinarily skill in the art before the effective filing date of the claimed invention to combine the teachings of Kapczynski to the account of Oberheide to include a digital identifier ID [of a particular user].
One would have been motivated to combine the teachings of Kapczynski to Oberheide to do so as it provides / allows users to carry and present a validated digital ID for everyday use (Kapczynski, col. 1, lines 25-32).
Regarding Claim 2;
Oberheide in view of Kapczynski discloses the method of claim 1.
Oberheide further discloses comprising: determining that the response satisfies the additional authentication operation by at least one of validating an identification of the particular user or confirming that a request received for the particular transaction was not fraudulent ([0015] - Step S150 and S152, which includes if the authority agent response confirms the transaction, communicating a confirmed transaction to the initiator, and if the authority agent response denies the transaction, communicating a denied transaction to the initiator, function to communicate the authentication and/or authorization to the initiator of the transaction. Any suitable response to a transaction is preferably communicated back to the requesting entity (e.g., a third party website or an ATM machine). The requesting entity can then preferably take appropriate action. If the transaction is confirmed or approved, the transaction proceeds. If the transaction is denied or altered, the requesting entity preferably halts or prevents the transaction); and in response to determining that the response satisfies the additional authentication operation, sending a result of a successful evaluation of the additional authentication operation to the customer system, wherein based on the result the particular transaction is authorized to be performed at the customer system ([0015] - Step S150 and S152, which includes if the authority agent response confirms the transaction, communicating a confirmed transaction to the initiator, and if the authority agent response denies the transaction, communicating a denied transaction to the initiator, function to communicate the authentication and/or authorization to the initiator of the transaction. Any suitable response to a transaction is preferably communicated back to the requesting entity (e.g., a third party website or an ATM machine). The requesting entity can then preferably take appropriate action. If the transaction is confirmed or approved, the transaction proceeds. If the transaction is denied or altered, the requesting entity preferably halts or prevents the transaction).
Regarding Claim 3;
Oberheide in view of Kapczynski discloses the method of claim 1.
Oberheide further discloses comprising: receiving, from the customer system, information associated with a request to perform the particular transaction associated with the [account] of the particular user ([0011] - Step S110, which includes registering an authority device for an account on an auth platform, functions to identify a device of an agent that is permitted to authenticate or authorize transactions and [0012] – logging into a website and Claim 1 - ...using the multi-factor authentication account to identify the mobile user device of the user that is registered in association with the multi-factor authentication account...), wherein the received information includes an identification of the particular user associated with the request, a type of transaction that is being performed, and a risk evaluation strategy ([0011] - During the setup authentication and/or authorization rules are preferably set and [0012] - After a malicious transaction is prevented the approval rules for a transaction may be dynamically altered to increase security); and performing the risk evaluation strategy based on the received information ([0011] and [0012]), wherein the risk evaluation strategy requires the additional authentication operation to be performed, wherein determining that the additional authentication operation is required is in response to performing the risk evaluation strategy ([0011] - During the setup authentication and/or authorization rules are preferably set and [0012] - After a malicious transaction is prevented the approval rules for a transaction may be dynamically altered to increase security and [0013]).
Kapczynski further teaches a digital identifier ID [of a particular user] (col. 3, lines 65-col. 4, lines 16 – the digital ID).
Similar rationale and motivation is noted for the combination of Kapczynski to Oberheide in view of Kapczynski, as per claim 1, above.
Regarding Claim 4;
Oberheide in view of Kapczynski discloses the method of claim 3.
Oberheide further discloses wherein the risk evaluation strategy is customer-specific and is dependent on the type of the particular transaction being performed, wherein customer-specific risk evaluation rules are stored at the partnership system, and wherein a rule from the customer-specific risk evaluation rules is associated with the type of transaction ([0011] - During the setup authentication and/or authorization rules are preferably set and [0012] - After a malicious transaction is prevented the approval rules for a transaction may be dynamically altered to increase security and [0012] - Step S120, which includes receiving a transaction request from an initiator to the auth platform, functions to initiate a transaction. The transaction is preferably any event, transfer, action, or activity that requires authentication and/or authorization of an involved party. Exemplary transactions may include logging into a website, application or computer system; a user withdrawing money from an ATM; a user initiating a “forgotten password” procedure; a user attempting to enter a restricted area of a building or environment; a payment exchange between two entities; a user attempting to perform a restricted action in a computer system; and/or any suitable application requiring authentication and/or authorization.).
Regarding Claim 5;
Oberheide in view of Kapczynski discloses the method of claim 1.
Oberheide further discloses wherein determining that the additional authentication operation is required is based on performing a fraud risk analysis ([0011] - During the setup authentication and/or authorization rules are preferably set and [0012] - After a malicious transaction is prevented the approval rules for a transaction may be dynamically altered to increase security).
Regarding Claim 6;
Oberheide in view of Kapczynski discloses the method of claim 1.
Oberheide further discloses wherein the fraud risk analysis is performed based on received information, wherein the received information includes an identification of the particular user associated with a request for a transaction and a type of transaction that is requested to be performed, wherein a fraud evaluation based on the received information triggers a requirement for further authentication information prior to authorization of the particular transaction ([0011] - During the setup authentication and/or authorization rules are preferably set and [0012] - After a malicious transaction is prevented the approval rules for a transaction may be dynamically altered to increase security).
Regarding Claim 7;
Oberheide in view of Kapczynski discloses the method of claim 1.
Oberheide further discloses comprising: in response to determining that the additional authentication operation is not required: performing an authentication of the request to perform the particular transaction ([0015] - Step S150 and S152, which includes if the authority agent response confirms the transaction, communicating a confirmed transaction to the initiator, and if the authority agent response denies the transaction, communicating a denied transaction to the initiator, function to communicate the authentication and/or authorization to the initiator of the transaction. Any suitable response to a transaction is preferably communicated back to the requesting entity (e.g., a third party website or an ATM machine). The requesting entity can then preferably take appropriate action. If the transaction is confirmed or approved, the transaction proceeds. If the transaction is denied or altered, the requesting entity preferably halts or prevents the transaction);; and passing back the request to the customer system associated with the particular transaction without requiring additional interaction with the particular user to authenticate the particular transaction ([0015] - Step S150 and S152, which includes if the authority agent response confirms the transaction, communicating a confirmed transaction to the initiator, and if the authority agent response denies the transaction, communicating a denied transaction to the initiator, function to communicate the authentication and/or authorization to the initiator of the transaction. Any suitable response to a transaction is preferably communicated back to the requesting entity (e.g., a third party website or an ATM machine). The requesting entity can then preferably take appropriate action. If the transaction is confirmed or approved, the transaction proceeds. If the transaction is denied or altered, the requesting entity preferably halts or prevents the transaction).
Regarding Claim 8;
Oberheide in view of Kapczynski discloses the method of claim 1.
Oberheide further discloses wherein the particular transaction includes at least one of logins to customer systems, standard transactions, or relatively higher risk transactions 0012] - Step S120, which includes receiving a transaction request from an initiator to the auth platform, functions to initiate a transaction. The transaction is preferably any event, transfer, action, or activity that requires authentication and/or authorization of an involved party. Exemplary transactions may include logging into a website, application or computer system; a user withdrawing money from an ATM; a user initiating a “forgotten password” procedure; a user attempting to enter a restricted area of a building or environment; a payment exchange between two entities; a user attempting to perform a restricted action in a computer system; and/or any suitable application requiring authentication and/or authorization.).
Regarding Claim 9;
Oberheide in view of Kapczynski discloses the method of claim 1.
Oberheide further discloses wherein the secure channel is based on encrypted or otherwise protected communications between the partnership system and the mobile trust application ([0012] - n one variation, the communication sent from the requester is encrypted and the authority device preferably decrypts the information. This variation preferably prevents the auth platform from inspecting or accessing the communicated information which may be applicable when a third party is passing sensitive information through the auth platform. As an alternative variation, the communication between the requester and the auth platform is preferably encrypted or otherwise cryptographically protected and communication between the auth platform and the authority device verifies that the communication is from the authority device. Any suitable steps may be taken to secure the communication between the requesting entity, the auth platform and the authority device).
Regarding Claim 12;
Oberheide in view of Kapczynski discloses the method of claim 1.
Kapczynski further teaches wherein the digital ID of the particular user is generated as a unique digital ID for use within a digital ID network including the customer system, and wherein the unique digital ID uniquely represents the particular user to the partnership system. (col. 3, lines 65-col. 4, lines 16 – the digital ID and col. 10, lines 56-65).
Similar rationale and motivation is noted for the combination of Kapczynski to Oberheide in view of Kapczynski, as per claim 1, above.
Regarding Claim(s) 13-17; claim(s) 13-17 is/are directed to a/an non-transitory computer-readable medium associated with the method claimed in claim(s) 1-5. Claim(s) 13-17 is/are similar in scope to claim(s) 1-5, and is/are therefore rejected under similar rationale.
Regarding Claim(s) 18-20; claim(s) 18-20 is/are directed to a/an partnership system associated with the method claimed in claim(s) 1-3. Claim(s) 18-20 is/are similar in scope to claim(s) 1-3, and is/are therefore rejected under similar rationale.
Claim(s) 10 and 11 is/are rejected under 35 U.S.C. 103 as being unpatentable over Oberheide (US 2018/0255054 A1) in view of Kapczynski (US 9,721,147 B1) and further in view of Mattioli (US 2015/0193773 A1).
Regarding Claim 10;
Oberheide in view of Kapczynski discloses the method of claim 1.
Oberheide in view of Kapczynski fails to explicitly disclose wherein time for the response from the particular user to the additional authentication operation via the mobile trusted application is limited to a certain time limit before the particular transaction is rejected, and wherein the method further comprises: in response to determining that no response is received from the particular user to the additional authentication operation via the mobile trust application, providing an indication of the failure of the additional authentication operation to the customer system.
However, in an analogous art, Mattioli teaches wherein time for the response from the particular user to the additional authentication operation via the mobile trusted application is limited to a certain time limit before the particular transaction is rejected (Abstract - The system is configured to deny a transaction when the second authorization request is not approved within a time limit and FIG. 3 – Time limit reached → Transmit denial for transaction request to POS terminal and [0037]), and wherein the method further comprises: in response to determining that no response is received from the particular user to the additional authentication operation via the mobile trust application, providing an indication of the failure of the additional authentication operation to the customer system (Abstract - The system is configured to deny a transaction when the second authorization request is not approved within a time limit and FIG. 3 – Time limit reached → Transmit denial for transaction request to POS terminal and [0037]).
Therefore, it would have been obvious to one of ordinarily skill in the art before the effective filing date of the claimed invention to combine the teachings of Mattioli to the transaction of Oberheide in view of Kapczynski to include wherein time for the response from the particular user to the additional authentication operation via the mobile trusted application is limited to a certain time limit before the particular transaction is rejected, and wherein the method further comprises: in response to determining that no response is received from the particular user to the additional authentication operation via the mobile trust application, providing an indication of the failure of the additional authentication operation to the customer system.
One would have been motivated to combine the teachings of Kapczynski to Oberheide to do so as it reduces the risk of fraud occurring using a second, independent communication channel (Mattioli, [0015]).
Regarding Claim 11;
Oberheide discloses the method of claim 10.
Oberheide further discloses wherein the indication of the failure is provided if the response does not satisfy the additional authentication based on an explicit indication from the mobile trust application that the particular user was not associated with an original transaction request, a failed biometric response, or a failed response to a knowledge-based question ([0014] - Additionally, if a transaction is rejected a reason for rejection may be included such as “canceled because of change of mind” or “possible malevolent transaction”. Other variations may include a variety of options that may change based on the application).
Conclusion
The prior art made of record and not relied upon is considered pertinent to applicant's disclosure. See PTO-892 attached.
Any inquiry concerning this communication or earlier communications from the examiner should be directed to KARI L SCHMIDT whose telephone number is (571)270-1385. The examiner can normally be reached Monday-Friday 10am - 6pm (MDT).
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Luu Pham can be reached at (571)270-5002. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. Visit https://www.uspto.gov/patents/apply/patent-center for more information about Patent Center and https://www.uspto.gov/patents/docx for information about filing in DOCX format. For additional questions, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.
/KARI L SCHMIDT/ Primary Examiner, Art Unit 2439