METHOD, APPARATUS, SYSTEM, AND NON-TRANSITORY COMPUTER READABLE MEDIUM FOR USER VERIFICATION AND AUTHENTICATION

Notice of Pre-AIA or AIA Status The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA . Information Disclosure Statement The information disclosure statement (IDS) submitted on 10/03/2024 and 04/30/2025 are in compliance with the provisions of 37 CFR 1.97. Accordingly, the information disclosure statement is being considered by the examiner. Claim Rejections - 35 USC § 103 The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action: A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made. Claim(s) 1-5,7-9,12-19 and 21-25 are rejected under 35 U.S.C. 103 as being unpatentable over Soulez (US20200351658) in view of Hessler (US20140096215). Regarding Claim 1, Soulez discloses A server for authenticating and verifying users of an online service, (Paragraph [0012] Examiner Note (E.N.) When a user signs up for an online access at a bank’s website, the bank sends a PIN number to a phone number associated with the user.) the server comprising: a memory storing computer readable instructions; and processing circuitry configured to execute the computer readable instructions to cause the server to: (Paragraph [0074]) receive a network request from a client device associated with the online service in response to a user access attempt of the online service associated with a user, (Paragraph [0016] E.N. The number verifier is a software component that receives a request from a computer system of a customer. The computer system comprises one or more data processing apparatus and the request comprises a phone number of a user that the customer wants to verify.) the network request including message recipient information for a mobile- terminated (MT) short message service (SMS) message and a unique one-time password or pin (OTP) code associated with the user, (Paragraph [0031] E.N. The PIN generator component generates a password to be included for the message to be sent to the phone number. A password may be a text string or a series of numerical digits or a PIN number. The password may also be a one-time password. The PIN generator generates a one-time password by applying a hash function to a combination of a secret key and a time stamp, or additionally a phone number.) calculate at least one first signature based on the network request and a shared secret key, (Paragraph [0031] E.N. The PIN generator generates a one-time password by applying a hash function to a combination of a secret key and a time stamp, or additionally a phone number.) the at least one first signature associated with the user, (Paragraph [0033] E.N. The workflow updater creates a list of communication channel to be used to send the message to a destination device associated with the phone number. The destination device may be a cell phone or a computer device supporting a VOIP function.) transmit a network response to the client device, (Paragraph [0050] E.N. The channel manager sends to the destination device a corresponding message via the primary channel.) the network response causing the client device to transmit a call-to-action (CTA) message to at least one user device associated with the user, (Paragraph [0031 and 0050] E.N. After receiving the message, the user of the destination device can read/listen to the password in the message and submit the password to the computer system. determine whether a mobile-originated (MO) SMS message corresponding to the CTA message was received within a desired response time period, and (Paragraph [0031 and 0050] E.N. The PIN generator can retire the one-time password after a pre-determined period of time (e.g. 15 minutes) from the time of the time stamp, such that it is unlikely the one-time password is re-used later on.) based on results of the determination, determine a status of the user access attempt. (Paragraph [0030] E.N. Status indicates whether the request is accepted or rejected.) Soulez does not, but in related art, Hessler discloses the secret key shared with the client device, (Paragraph [0017] E.N. The four primary modes of authentication above username/password or single-sign-on (SSO): (1) seed and read (store credential on device and reference upon subsequent authentication); (2) scratch and match (script-based dynamic browser/device recognition, cookies); (3) ring and ping (out-of-band, one-time passwords or tokens, shared secrets, PINs) Therefore, it would be obvious to one of ordinary skill in the art, prior to the effective filing date of the claimed invention to have modified Soulez to incorporate the teachings of Hessler because Soulez does not explicitly disclose the secret key shared with the client device which is taught by Hessler. Incorporating the teachings of Hessler to Soulez allows for the use of shared secrets for better end to end security between the host and client. Regarding Claim 2, Soulez in view of Hessler discloses the server of Claim 1. Soulez further discloses wherein the user access attempt corresponds to at least one of: a user account creation attempt on the online service, a user account log-in attempt on the online service, a transaction attempt on the online service, a new user device log- in attempt on the online service, a log-in attempt at a new geographical location, a password reset with the online service, a new support request with the online service, adding or editing personal account information with the online service, or any combinations thereof. (Paragraph [0012] E.N. A business uses a two-factor authentication method to authenticate a user’s identity. The bank confirms the user’s identity if the PIN number submitted by the user matches the PIN number sent to their mobile device.) Regarding Claim 3, Soulez in view of Hessler discloses the server of Claim 1. Soulez further discloses wherein the message recipient information includes at least one of a mobile phone number associated with the user, a PTSN phone number associated with the user, a virtual phone number associated with the user, a proxy phone number associated with the server, a proxy phone number associated with the client device, or any combinations thereof. (Paragraph [0016] E.N. The number verifier receives a request from a computer system of a customer. The system comprises one or more data processing apparatus at the same or different geographic locations. The request comprises a phone number of a user that the customer wants to verify. The number verifier receives the request from the computer system through one or more data communication networks such as the Internet or a PSTN.) Regarding Claim 4, Soulez in view of Hessler discloses the server of Claim 1. Soulez further discloses wherein the server is further caused to: receive the MO SMS message from the at least one user device via the server, or receive the MO SMS message from the at least one user device via the client device; (Paragraph [0016] The number verifier receives the request from the computer system through one or more data communication networks such as the Internet or a public switched telephone number (PSTN), See [0012,0050]). determine the status of the user access attempt based on contents of the received MO SMS message, (Paragraph [0030] E.N. Status indicates whether the request is accepted or rejected. For instance, the number verifier can reject the request if the phone number provided by the computer system is not valid (e.g., with a wrong number of digits), or the phone number has been verified before as an invalid or fake number.) the calculated at least one first signature, (Paragraph [0031] E.N. The PIN generator may be a one-time password, for example, by applying a hash function to a combination of a secret key) and the desired response time period; and transmit the determined status of the user access attempt to the client device. (Paragraph [0026] E.N. After receiving the request from the computer system via the API, the number verifier can provide output to the computer system using the following output fields.) Regarding Claim 5, Soulez in view of Hessler discloses the server of Claim 4. Soulez further discloses wherein the server is further caused to determine the status of the user access attempt by: (Paragraph [0030] E.N. Status indicates whether the request is accepted or rejected.) determining whether the MO SMS message is received before expiration of the desired response time period, (Paragraph [0030-0031] E.N. The PIN generator can generate a one-time password and retire the one-time password after a pre-determined period of time from the time of the time stamp.) determining whether the second signature matches at least one of the calculated at least one first signature associated with the user, (Paragraph [0030-0031] E.N. The number verifier can reject the request if the phone number provided by the computer system is not valid (wrong number of digits) or the phone number has been verified before as an invalid or fake number.) Soulez does not, but in related art, Hessler discloses wherein the MO SMS message includes a second signature; (Paragraph [0057] E.N. The second signature may potentially correlate or conflict with the first signature of the server. Furthermore, the user may “perform” certain behavioral actions which are also preferably interrogated in real-time and further strengthen the second signature of the user.) and determining whether the matching first signature was calculated during the desired response time period. (Paragraph [0057] E.N. Upon completion creating the first and second signatures, the server and device preferably compare their respective signatures over the smart channel, bypassing the user channel (e.g., browser) and host channel. If the first signature and second signature match, the entire context is preferably mutually authenticated. If the first signature and second signature fail to match, the mutual context is preferably not authenticated.) Therefore, it would be obvious to one of ordinary skill in the art, prior to the effective filing date of the claimed invention to have modified Soulez to incorporate the teachings of Hessler because Soulez does not explicitly disclose a second signature and determining whether the matching first signature was calculated during the desired response time period which is taught by Hessler. Incorporating the teachings of Hessler to Soulez allows for the doing a comparison between the signatures in a timely manner to determine if there is a match. Regarding Claim 7, Soulez in view of Hessler discloses the server of Claim 1. Soulez further discloses wherein the network response includes at least one communication account identifying information associated with the server or the client device, the communication account identifying information being at least one of: a local phone number, a national phone number, an international phone number, a toll-free phone number, a mobile phone number, a short code, a long code, a network specific number, or any combinations thereof. (Paragraph [0016] E.N. The number verifier receives the request from the computer system through one or more data communication networks such as the Internet or a public switched telephone number (PSTN), See [0030-0031]) Regarding Claim 8, Soulez in view of Hessler discloses the server of Claim 1. Soulez further discloses wherein the at least one user device includes at least a mobile phone device associated with the user; (Paragraph [0016] E.N. The request comprises a phone number of a user that the customer wants to verify. The number verifier can receive the request from the computer system through one or more data communication networks such as the Internet or a public switched telephone number (PSTN)) and the server is further caused to, generate the MT SMS message in response to the received network request, (Paragraph [0012] E.N. A business uses a two-factor authentication method to authenticate a user’s identity. The bank confirms the user’s identity if the PIN number submitted by the user matches the PIN number sent to the phone number, See [0016]) the MT SMS message including the OTP code associated with the user and the message recipient information, the message recipient information being a phone number associated with the mobile phone device; (Paragraph [0030-0031] E.N. The PIN generator generates a one-time password by applying a hash function to a combination of a secret key and a time stamp, or additionally the phone number, See [0033] and [0039]) and transmit the MT SMS message to the mobile phone device associated with the user in response to an expiration of the desired response time period or a determined status of the user access attempt indicating failure. (Paragraph [0031] E.N. The PIN generator component generates a password to be included for the message to be sent to the phone number. A password may be a text string or a series of numerical digits or a PIN number. The password may also be a one-time password. The PIN generator generates a one-time password by applying a hash function to a combination of a secret key and a time stamp, or additionally a phone number.), See [0026] and [0030]) Regarding Claim 9, Soulez in view of Hessler discloses the server of Claim 8. Soulez further discloses wherein the server is further caused to: (Paragraph [0012]) cancel transmission of the MT SMS message to the mobile phone device in response to the determined status of the user access attempt indicating success prior to the expiration of the desired response time period. (Paragraph [0060] E.N. The number verifier can terminate the current workflow if a number of flailed passwords exceeds a specific number (e.g. 3 times), See [0030-0031]). Regarding Claim 12, Soulez discloses A client device associated with an online service, (Paragraph [0012] and [0016] E.N. A business (e.g., a retailer, bank, or instant messaging service) can use a two-factor authentication method to authenticate a user's identify.) the client device comprising: a memory storing computer readable instructions; and processing circuitry configured to execute the computer readable instructions to cause the client device to: (Paragraph [0074]) receive a user access attempt from a primary user device associated with a user, (Paragraph [0012] E.N. A business (e.g., a retailer, bank, or instant messaging service) can use a two-factor authentication method to authenticate a user’s identify.) the user access attempt including at least a phone number associated with the user, (Paragraph [0012] and [0016] E.N. The request comprises a phone number of a user that the customer wants to verify. The number verifier can receive the request from the computer system through one or more data communication networks such as the Internet or a public switched telephone number (PSTN)) generate a unique one-time password or pin (OTP) code associated with the user, (Paragraph [0031] E.N. The PIN generator can generate a one-time password, for example, by applying a hash function to a combination of a secret key (or a previous password) and a time stamp, or additionally the phone number.) transmit a network request to an authentication/verification server, (Paragraph [0012] and [0016] E.N. The computer system comprises one or more data processing apparatus at the same or different geographic locations. The request comprises a phone number of a user that the customer wants to verify.) the network request including message recipient information for a mobile-terminated (MT) short message service (SMS) message and the OTP code, (Paragraph [0031], E.N. The PIN generator is a software component that generates a password to be included for the message to be sent to the phone number. In some implementations, a password can be a text string. A password can be a series of numerical digits or a PIN number. A number of digits in a PIN number or a length (character count) of a text string can be specified by the Code length value described above, See [0016], [0033] and [0039]) calculate at least one first signature associated with the user based on the network request and a shared secret key, (Paragraph [0016] and [0031] E.N. The PIN generator generates a one-time password, by applying a hash function to a combination of a secret key and a time stamp.)) receive a network response from the authentication/verification server, (Paragraph [0031] and [0050] E.N. API access key and API secret key are used to verify the customer. RequestlD is the identifier for the initial request. PIN code is the password submitted by the user) determine a device type of the primary user device, (Paragraph [0039]) generate a call-to-action (CTA) message for the user based on the determined device type, (Paragraph [0039] and [0050] E.N. The channel manager first sends to the destination device a corresponding message via the primary channel. After receiving the message, the user of the destination device can read (or listen to) the password in the message, and submit the password to the computer system of the customer.) and transmit the CTA message to the primary user device. (Paragraph [0050]) Soulez does not, but in related art, Hessler discloses the secret key shared with the authentication/verification server, (Paragraph [0017] E.N. The four primary modes of authentication above username/password or single-sign-on (SSO): (1) seed and read (store credential on device and reference upon subsequent authentication); (2) scratch and match (script-based dynamic browser/device recognition, cookies); (3) ring and ping (out-of-band, one-time passwords or tokens, shared secrets, PINs) Therefore, it would be obvious to one of ordinary skill in the art, prior to the effective filing date of the claimed invention to have modified Soulez to incorporate the teachings of Hessler because Soulez does not explicitly disclose the secret key shared with the client device which is taught by Hessler. Incorporating the teachings of Hessler to Soulez allows for the use of shared secrets for better end to end security between the host and client. Regarding Claim 13, Soulez in view of Hessler discloses the client device of claim 12. Soulez further discloses wherein the phone number associated with the user is at least one of a mobile phone number associated with the user, a PTSN phone number associated with the user, a virtual phone number associated with the user, a proxy phone number associated with the server, a proxy phone number associated with the client device, or any combinations thereof. (Paragraph [0016] E.N. The number verifier receives the request from the computer system through one or more data communication networks such as the Internet or a public switched telephone number (PSTN).) Regarding Claim 14, Soulez in view of Hessler discloses the client device of claim 12. Soulez further discloses wherein the transmitting of the CTA message causes the primary user device to display the CTA message to the user for a desired response time period. (Paragraph [0061] E.N. If the number verifier determines that a conversion event for the message of the primary channel has not occurred within a specified time period, the channel manager may send to the destination device a corresponding message via a secondary channel.) Regarding Claim 15, Soulez in view of Hessler discloses the client device of claim 14. Soulez further discloses wherein the network response includes at least one communication account identifying information associated with the authentication/verification server or the client device; (Paragraph [0030-0031] and [0050]) in response to the device type of the primary user device being a mobile phone device, (Paragraph [0039] and [0050]) in response to the device type of the primary user device being a non-mobile phone device, (Paragraph [0039] E.N. If the destination device is a land-line phone, the workflow updater designates the fixed-line phone’s voice channel as the primary and secondary channels, since messaging services are not available.) cause the mobile phone device to automatically compose a mobile-originated (MO) SMS message, (Paragraph [0032] E.N. The template manager is a software component that accesses template stored in the template database and composes the message by inserting at least the brand name received in the requested and the password generated by the PIN generator, See [0031]). the automatically composing the MO SMS message including pre-populating a message recipient field of the MO SMS message with the at least one communication account identifying information associated with the authentication/verification server or the client device, (Paragraph [0030-0032] E.N. RequestID is an identifier for the request that can be used later for verifying the user and phone number, by providing a PIN number submitted by the user, as will be further described below. Workflow is a list of communication channels that can be used to send the message to the phone number. The list of communication channels will be further described below. Status indicates whether the request is accepted or rejected) and pre-populating a message body of the MO SMS message with the calculated at least one signature associated with the user. (Paragraph [0030-0032] E.N. The PIN generator can generate a one-time password, for example, by applying a hash function to a combination of a secret key (or a previous password) and a time stamp, or additionally the phone number.) Soulez does not, but in related art, Hessler discloses the CTA message includes a clickable CTA; the CTA message includes a scannable CTA, the scannable CTA being at least one of a barcode or quick response (QR) code; and the clickable and the scannable CTA are both configured to (Paragraph [0071] E.N. Due to session environmental opportunities or constrains, the path or link to the second template is embodied by object for consumption by the device by a visual or audible code (QR code, hyperlink, image, sound (scanned or sensed by a capable mobile device). Therefore, it would be obvious to one of ordinary skill in the art, prior to the effective filing date of the claimed invention to have modified Soulez to incorporate the teachings of Hessler because Soulez does not explicitly disclose CTA messages which is taught by Hessler. Incorporating the teachings of Hessler to Soulez allows for the use of CTA messages to be used in combination with security measures for a more secure system. Regarding Claim 16, Soulez in view of Hessler discloses the client device of claim 15. Soulez further discloses wherein the client device is further caused to: receive the MO SMS message from the primary user device or a secondary user device; (Paragraph [0039] E.N. The workflow updater can also designate the cellular phone's SMS message service as the primary channel, and as a secondary channel, and designate the voice channel as another secondary channel. In this way, the channel manager can first sends a message through the SMS message, if no conversion event happens, the channel manager can re-try the SMS message service, before initiating a phone call through the voice channel, See [0030-0032]) and forward the MO SMS message to the authentication/verification server. (Paragraph [0050] E.N. the channel manager 120 first sends to the destination device 150 a corresponding message via the primary channel. After receiving the message, the user of the destination device can read (or listen to) the password in the message, and submit the password to the computer system of the customer.) Regarding Claim 17, Soulez in view of Hessler discloses the client device of claim 15. Soulez further discloses wherein the client device is further caused to: receive a user access attempt status message from the authentication/verification server, the user access attempt status message indicating a determined status of the user access attempt. (Paragraph [0030] and [0050] E.N. the number verifier can reject the request if the phone number provided by the computer system is not valid (e.g., with a wrong number of digits), or the phone number has been verified before as an invalid or fake number. An invalid or fake number can be stored in the performance data database. The number verifier can also reject the request if the phone number is of specific prefixes, networks, or number types.) Regarding Claim 18, Soulez in view of Hessler discloses the client device of claim 17. Soulez further discloses wherein the client device is further caused to: transmit a message to the primary user device in response to expiration of the desired response time period or the determined status of the user access attempt indicating failure, (Paragraph [0060] E.N. The password submitted by the user may not match the original password because, for example, the user has mistaken one or more digits (or characters) in the password. As another example, the password may have been submitted not by a user, but by a fraudulent machine (e.g., a bot). In some implementations, the number verifier can terminate the current workflow if a number of failed passwords 220 exceeds a specified number (e.g., 3 times). The customer can submit a new request to re-start the phone number and identity verification.) the message prompting the user to enter the OTP code; receive a user input from the primary user device; (Paragraph [0050] E.N. The channel manager first sends to the destination device a corresponding message via the primary channel. After receiving the message, the user of the destination device can read (or listen to) the password in the message, and submit the password to the computer system of the customer.) and determine the user access attempt status based on the received user input and the OTP code associated with the user. (Paragraph [0030-0032] E.N. The number verifier can reject the request if the phone number provided by the computer system is not valid (e.g., with a wrong number of digits), or the phone number has been verified before as an invalid or fake number. An invalid or fake number can be stored in the performance data database. The number verifier can also reject the request if the phone number is of specific prefixes, networks, or number types.) Regarding Claim 19, Soulez in view of Hessler discloses the client device of claim 15. Soulez further discloses wherein the at least one communication account identifying information associated with the authentication/verification server or the client device is at least one of: a local phone number, a national phone number, an international phone number, a toll-free phone number, a mobile phone number, a short code, a long code, a network specific number, or any combinations thereof. (Paragraph [0016] The number verifier can receive the request from the computer system through one or more data communication networks such as the Internet or a public switched telephone number (PSTN).) Regarding Claim 21, Soulez in view of Hessler discloses the client device of claim 12. Soulez further discloses wherein the user access attempt corresponds to at least one of: a user account creation attempt on the online service, a user account log-in attempt on the online service, a transaction attempt on the online service, a new user device log- in attempt on the online service, a log-in attempt at a new geographical location, a password reset with the online service, a new support request with the online service, adding or editing personal account information with the online service, or any combinations thereof. (Paragraph [0012] E.N. A business (e.g., a retailer, bank, or instant messaging service) uses a two-factor authentication method to authenticate a user's identify. For instance, when a user signs up for an online access at a bank's website, the bank (e.g., servers hosting the website) sends a PIN number to a phone number associated with the user.) Regarding Claim 22, Soulez discloses A user device associated with a user accessing an online service, (Paragraph [0012] E.N. A business (e.g., a retailer, bank, or instant messaging service) uses a two-factor authentication method to authenticate a user's identify. For instance, when a user signs up for an online access at a bank's website, the bank (e.g., servers hosting the website) sends a PIN number to a phone number associated with the user.) the user device comprising: a memory storing computer readable instructions; and processing circuitry configured to execute the computer readable instructions to cause the user device to: (Paragraph [0074]) transmit a user access attempt to a client device associated with the online service, (Paragraph [0026], [0030-0032] and [0050] E.N. The number verifier can reject the request if the phone number provided by the computer system is not valid (e.g., with a wrong number of digits), or the phone number has been verified before as an invalid or fake number. An invalid or fake number can be stored in the performance data database. The number verifier can also reject the request if the phone number is of specific prefixes, networks, or number types.) the user access attempt including at least a phone number associated with the user, (Paragraph [0016]) receive a call-to-action (CTA) message from the client device, (Paragraph [0039] and [0050]) Soulez does not, but in related art, Hessler discloses and display the CTA message to the user for a desired response time period. (Paragraph [0092] E.N. The user is then presented with a private, one-time challenge out-of-band factors, sent out of band that main user preferably enters into the mobile device application on the second device.) Therefore, it would be obvious to one of ordinary skill in the art, prior to the effective filing date of the claimed invention to have modified Soulez to incorporate the teachings of Hessler because Soulez does not explicitly disclose display the CTA message to the user for a desired response time period which is taught by Hessler. Incorporating the teachings of Hessler to Soulez allows for the user to receive a call to action message in a timely manner in order to access said server/device. Regarding Claim 23, Soulez in view of Hessler discloses the user device of Claim 22. Soulez further discloses wherein the user device is further caused to: receive a user input engaging the CTA message; (Paragraph [0050] E.N. The channel manager first sends to the destination device a corresponding message via the primary channel. After receiving the message, the user of the destination device can read (or listen to) the password in the message, and submit the password to the computer system of the customer. For instance, the user can submit the password through a web page served by the computer system.) automatically compose a mobile originated (MO) short message service (SMS) message in response to the user input, (Paragraph [0026] E.N. After receiving the request from the computer system via the API, the number verifier can provide output to the computer system using the following output fields of the API) the automatically composing the MO SMS message including pre-populating a message recipient field of the MO SMS message with at least one communication account identifying information associated with an authentication/verification server or associated with the client device, (Paragraph [0030-0032] E.N. RequestID is an identifier for the request that can be used later for verifying the user and phone number, by providing a PIN number submitted by the user, as will be further described below. Workflow is a list of communication channels that can be used to send the message to the phone number. The list of communication channels will be further described below. Status indicates whether the request is accepted or rejected)) and pre-populating a message body of the MO SMS message with at least one signature associated with the user calculated by the client device; (Paragraph [0026] E.N. After receiving the request from the computer system via the API, the number verifier can provide output to the computer system using the following output fields of the API) transmit the MO SMS message to the at least one communication account identifying information associated with the authentication/verification server or the client device; and receive a user access attempt status message corresponding to the user access attempt from the client device in response to the transmitted MO SMS message. (Paragraph [0030] E.N. The number verifier can reject the request if the phone number provided by the computer system is not valid (e.g., with a wrong number of digits), or the phone number has been verified before as an invalid or fake number. An invalid or fake number can be stored in the performance data database. The number verifier can also reject the request if the phone number is of specific prefixes, networks, or number types.) Regarding Claim 24, Soulez in view of Hessler discloses the user device of Claim 23. Soulez further discloses wherein the user device is further caused to: receive a mobile-terminated (MT) SMS message from the authentication/verification server in response to an expiration of a desired response time period or the user access attempt status message indicating failure of the user access attempt, (Paragraph [0050] E.N. The channel manager first sends to the destination device a corresponding message via the primary channel. After receiving the message, the user of the destination device can read (or listen to) the password in the message, and submit the password to the computer system of the customer. For instance, the user can submit the password through a web page served by the computer system) the message prompting the user to enter a unique one-time password or pin (OTP) code; (Paragraph [0031] E.N. The PIN generator can generate a one-time password, for example, by applying a hash function to a combination of a secret key (or a previous password) and a time stamp, or additionally the phone number.) receive a user input from the user in response to the MT SMS message; and transmit a user response message to the client device, the user response message including the user input. (Paragraph [0030] E.N. The number verifier can reject the request if the phone number provided by the computer system is not valid (e.g., with a wrong number of digits), or the phone number has been verified before as an invalid or fake number. An invalid or fake number can be stored in the performance data database. The number verifier can also reject the request if the phone number is of specific prefixes, networks, or number types.) Regarding Claim 25, Soulez in view of Hessler discloses the user device of Claim 23. Soulez further discloses wherein the at least one communication account identifying information associated with the authentication/verification server or the client device is at least one of: a local phone number, a national phone number, an international phone number, a toll-free phone number, a mobile phone number, a short code, a long code, a network specific number, or any combinations thereof. (Paragraph [0016] E.N. The number verifier receives the request from the computer system through one or more data communication networks such as the Internet or a public switched telephone number (PSTN)) Claim(s) 6 and 20 are rejected under 35 U.S.C. 103 as being unpatentable over Soulez (US20200351658) in view of Hessler (US2014096215) and in further view of Frederick (US20140171035). Regarding Claim 6, Soulez in view of Hessler discloses the server of claim 1. Soulez further discloses determine fraud potential information associated with the user access attempt (Paragraph [0030] E.N. The number verifier also rejects the request if the phone number is of specific prefixes, networks or number types.) and transmit the determined fraud potential information to the client device. (Paragraph [0030-0031] E.N. The number verifier also rejects the request if the phone number is of specific prefixes, networks or number types.) Soulez and Hessler do not, but in related art, Frederick discloses wherein the server is further caused to: perform a home location register (HLR) lookup on a phone number associated with the at least one user device to determine an International Mobile Subscriber Identity (IMSI) number associated with the phone number; (Paragraph [0097] E.N. The device subscriber information database comprises a Subscriber Presence and Profile Database (SSPD) such as a Home Location Register (HLR) and is maintained by a cellular provider. The control component receives device information which comprise information about the device. The device information includes an Integrated Circuit Card Identifier (ICCD) (e.g. an International Mobile Subscriber Identity (IMSI)) which is a unique identifier for the subscriber module (SIM) assigned to each device. If the ICCDs do not match, then that indicates that a new SIM card is associated with the phone number, which indicates that a new phone is associated with the phone number.) based on the determined IMSI number; (Paragraph [0097] E.N. The device information includes an Integrated Circuit Card Identifier (ICCID) (e.g. an International Mobile Subscriber Identity (IMSI)), which is a unique identifier for the subscriber identity module (SIM) assigned to each device.) Therefore, it would be obvious to one of ordinary skill in the art, prior to the effective filing date of the claimed invention to have modified Soulez in view of Hessler to incorporate the teachings of Frederick because Soulez and Hessler do not explicitly disclose home location register and IMSI number which is taught by Frederick. Incorporating the teachings of Frederick to Soulez and Hessler allows for verifying if the phone numbers given/used are valid numbers. Regarding Claim 20, Soulez in view of Hessler discloses the client device of claim 12. Soulez further discloses wherein the client device is further caused to: receive fraud potential information associated with the user access attempt from the authentication/verification server, (Paragraph [0030-0032] and [0050] E.N. The number verifier can reject the request if the phone number provided by the computer system is not valid (e.g., with a wrong number of digits), or the phone number has been verified before as an invalid or fake number. An invalid or fake number can be stored in the performance data database. The number verifier can also reject the request if the phone number is of specific prefixes, networks, or number types.) and determine the user access attempt status based on the received fraud potential information. (Paragraph [0016] and [0030-0032] E.N. The number verifier can reject the request if the phone number provided by the computer system is not valid (e.g., with a wrong number of digits), or the phone number has been verified before as an invalid or fake number. An invalid or fake number can be stored in the performance data database. The number verifier can also reject the request if the phone number is of specific prefixes, networks, or number types.) Soulez and Hessler do not, but in related art, Frederick discloses the fraud potential information determined based on an International Mobile Subscriber Identity (IMSI) number associated with the phone number associated with the user received from a home location register (HLR) lookup performed on the phone number associated with the user; (Paragraph [0097] E.N. The device subscriber information database comprises a Subscriber Presence and Profile Database (SSPD) such as a Home Location Register (HLR) and is maintained by a cellular provider. The control component receives device information which comprise information about the device. The device information includes an Integrated Circuit Card Identifier (ICCD) (e.g. an International Mobile Subscriber Identity (IMSI)) which is a unique identifier for the subscriber module (SIM) assigned to each device. If the ICCDs do not match, then that indicates that a new SIM card is associated with the phone number, which indicates that a new phone is associated with the phone number.) Therefore, it would be obvious to one of ordinary skill in the art, prior to the effective filing date of the claimed invention to have modified Soulez in view of Hessler to incorporate the teachings of Frederick because Soulez and Hessler do not explicitly disclose home location register and IMSI number which is taught by Frederick. Incorporating the teachings of Frederick to Soulez and Hessler allows for verifying if the phone numbers given/used are valid numbers. Claim(s) 10-11 are rejected under 35 U.S.C. 103 as being unpatentable over Soulez (US20200351658) in view of Hessler (US2014096215) and in further view of Landrok (US20170364911) Regarding Claim 10, Soulez in view of Hessler discloses the server of claim 1. Soulez further discloses wherein the server is further caused to calculate the at least one first signature by: (Paragraph [0031] E.N. The PIN generator can generate a one-time password, for example, by applying a hash function to a combination of a secret key (or a previous password) and a time stamp, or additionally the phone number.) and the shared secret key. (Paragraph [0016] and [0031] E.N. The PIN generator generates a one-time password, by applying a hash function to a combination of a secret key and a time stamp.) Soulez and Hessler do not, but in related art, Landrok discloses generating a unique keyed-hash using a desired hashing algorithm on at least the OTP code, (Paragraph [0103] E.N. The derived version is a hash value of the one-time password. The hash value is determined using a standard on way algorithm. The hash of the one-time password is then compared with the hash returned by the device) Therefore, it would be obvious to one of ordinary skill in the art, prior to the effective filing date of the claimed invention to have modified Soulez in view of Hessler to incorporate the teachings of Landrok because Soulez and Hessler do not explicitly disclose generating a unique keyed-hash using a desired hashing algorithm which is taught by Landrok. Incorporating the teachings of Landrok to Soulez and Hessler allows for the system to have a unique value for comparison of the keys and the OTP for authentication. Regarding Claim 11, Soulez in view of Hessler discloses the server of claim 1. Soulez further discloses wherein the network request includes a message body; (Paragraph [0044] E.N. When a customer submits a request by an API call, the customer can select the desired workflow with an additional input field (Template). The number verifier receives a request from the computer system of a customer. The request comprises a phone number that the customer wants to verify.) and the server is further caused to calculate the at least one first signature by: (Paragraph [0030-0031] E.N. The PIN generator generates a one-time password, by applying a hash function to a combination of a secret key and a time stamp.) using a desired hashing algorithm on the message body included in the network request and the shared secret key. (Paragraph [0031] The PIN generator generates a one-time password, by applying a hash function to a combination of a secret key and a time stamp.)) Soulez and Hessler do not, but in related art, Landrok discloses generating a unique keyed-hash US20170364911 (Paragraph [0103] and [0126] E.N. The details in the message is cryptographically secured using e.g. a key hash value, an encrypted hash value or another cryptographic technique.) Therefore, it would be obvious to one of ordinary skill in the art, prior to the effective filing date of the claimed invention to have modified Soulez in view of Hessler to incorporate the teachings of Landrok because Soulez and Hessler do not explicitly disclose generating a unique keyed-hash which is taught by Landrok. Incorporating the teachings of Landrok to Soulez and Hessler allows for the system to have a unique value for comparison of the keys and the OTP for authentication. Conclusion Any inquiry concerning this communication or earlier communications from the examiner should be directed to AAYUSH ARYAL whose telephone number is (571)272-2838. The examiner can normally be reached 8:00 a.m. - 5:30 p.m.. Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice. If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Joseph Hirl can be reached at (571) 272-3685. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300. Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. Visit https://www.uspto.gov/patents/apply/patent-center for more information about Patent Center and https://www.uspto.gov/patents/docx for information about filing in DOCX format. For additional questions, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000. /AAYUSH ARYAL/Examiner, Art Unit 2435 /JOSEPH P HIRL/Supervisory Patent Examiner, Art Unit 2435