Notice of Pre-AIA or AIA Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .
DETAILED ACTION
1. This action is responsive to: an original application filed on 1 November 2024 with acknowledgement that this application is a continuation of EPO application EP23383118.9 filed 3 November 2023.
2. Claims 1-14 are currently pending. Claims 1 and 10 are independent claims.
3. The IDS submitted on 1 November 2024 has been considered.
Claim Objections
4. Claim 1 is objected to because of the following informalities: the claim contains the following phrases:
“each one of the one or more user-configurable security being linked to a producer service and providing information about the user, each producer service being enrolled in the XFA authorization backend”
“and each one of the one or more user-configurable security being received after each producer service having gone through an authentication enrolling process with the XFA authorization backend using a factor enrolling authorization processing unit”
The Examiner objects to the claim because it appears the phrase “user-configurable security” should state “user-configurable security factor”. Appropriate correction is required.
5. Claims 9 and 14 are objected to because of the following informalities: the claims state the following phrase: “wherein the Internet-connected asset comprises a smart car, a wearable device, a bank-account”. The Examiner objects to the claims because it appears that the word “or” or the phrase “at least one of” is missing from the claim. Appropriate correction is required.
Claim Rejections – 35 USC § 103
6. The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102 of this title, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.
7. Claims 1-2, 4-5, 7-11, and 13-14, are rejected under 35 U.S.C. 103 as being unpatentable over Prasad et al. U.S. Patent No. 10,164,973 in view of Shahidzadeh et al. U.S. Patent No. 10,325,259 (hereinafter ‘259) cited in the IDS.
As to independent claim 1, “A secure authorization method, comprising: providing, an extra factor authentication, XFA, authorization backend, the XFA authorization backend having registered therein a user that wants to protect access to an Internet-connected asset or protect the performance of an operation on the Internet-connected asset, the Internet-connected asset comprising a service backend computer where the Internet-connected asset is assigned to the user through an identifying element of the user” is taught in ‘973 Abstract and col. 4 ,lines 11-55;
“when the user wants to access the Internet-connected asset or the performance of an operation on the Internet-connected asset, the XFA authorization backend receiving a checking enquire for at least one of the one or more user-configurable security factors; and in response to the checking enquire, the XFA authorization backend checking if the user fulfils the enquired user-configurable security factor/s using the identifying element, and authorizing or denying the access or the performance of the operation based on a result of the checking” is shown in ‘973 Abstract and col. 4, lines 11-55;
the following is not explicitly taught in ‘973:
“receiving, by the XFA authorization backend, one or more user-configurable security factors, each one of the one or more user-configurable security being linked to a producer service and providing information about the user” however ‘259 teaches a level of assurance (LOA) server that determines authorization for LOA Provider and Relying Party (RP) services (i.e. producer service) and entities in col. 1, line 34 through col. 2, line 8;
“each producer service being enrolled in the XFA authorization backend, and each one of the one or more user-configurable security being received after each producer service having gone through an authentication enrolling process with the XFA authorization backend using a factor enrolling authorization processing unit, and after a consumer service with the service backend computer having gone through a factor subscription process with the user using a factor subscription authorization processing unit” however ‘259 teaches enrolling at least one of a plurality of LOA Provider devices as well as receiving a request from a Client Device to register the LOA Provider in col. 2, lines 9-33;
It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention of a backend authentication system taught in ‘973 to include a means to provide information about a producer service being enrolled in the extra factor authorization (XFA) backend system One of ordinary skill in the art would have been motivated to perform such a modification to prevent online fraud see ‘259 (col. 1, lines 19 et seq.).
As to dependent claim 2, “The method of claim 1, wherein the identifying element comprises a phone number of the user” is taught in ‘259 col. 5, lines 19-21.
As to dependent claim 4, “The method claim 1, wherein the authentication enrolling process comprises using an access token identifying the producer, the identifying element of the user, and information descriptive of the reason of why the producer service wants to ask the user for permission for enrolling” is shown in ‘259 col. 11, lines 3-67.
As to dependent claim 5, “The method of claim 1, wherein the factor subscription process comprises using the access token identifying the producer service, the identifying element of the user, and information including the user-configurable security factors the producer service is interested to subscribe” is disclosed in ‘259 col. 11, lines 3-67.
As to dependent claim 7, “The method of claim 1, wherein the authentication enrolling process and/or the factor subscription process comprises using a software application installed in a smart computing device” is taught in ‘973 col. 8, lines 43-49.
As to dependent claim 8, “The method of claim 1, wherein each producer being enrolled in the XFA authorization backend by means of a unique ID and a service identification description” is shown in ‘259 col. 11, lines 41-67.
As to dependent claim 9, “The method of claim 1, wherein the Internet-connected asset comprises a smart car, a wearable device, a bank-account” is disclosed in ‘973 col. 5, lines 15-65.
As to independent claim 10. A secure authorization system, comprising: an Internet-connected asset of a user for which the user wants to protect access to or the performance of an operation therein; a service backend computer in which the Internet-connected asset is assigned to the user through an identifying element of the user; a factor enrolling authorization processing unit; a factor subscription authorization processing unit; an extra factor authentication, XFA, authorization backend configured to assist the user in the protection of the Internet-connected asset” ” is taught in ‘973 Abstract and col. 4, lines 11-55;
“when the user wants to access the Internet-connected asset or the performance of an operation on the Internet-connected asset, receive a checking enquire for at least one of the one or more user-configurable security; and in response to the checking enquire, check if the user fulfils the enquired user-configurable security factor/s using the identifying element, and authorize or deny the access or the performance of the operation based on a result of the checking” is shown in ‘973 Abstract and col. 4, lines 11-55;
the following is not explicitly taught in ‘973:
“a plurality of producer services, each one of the producer services being configured to provide information about the user using a user-configurable security factor; wherein the XFA authorization backend is configured to: receive one or more user-configurable security factors, the latter being received after each producer service having gone through an authentication enrolling process with the XFA authorization backend using the factor enrolling authorization processing unit” however ‘259 teaches a level of assurance (LOA) server that determines authorization for LOA Provider and Relying Party (RP) services (i.e. producer service) and entities in col. 1, line 34 through col. 2, line 8;
“and after a consumer service with the service backend computer having gone through a factor subscription process with the user using the factor subscription authorization processing unit” however ‘259 teaches enrolling at least one of a plurality of LOA Provider devices as well as receiving a request from a Client Device to register the LOA Provider in col. 2, lines 9-33;
It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention of a backend authentication system taught in ‘973 to include a means to provide information about a producer service being enrolled in the extra factor authorization (XFA) backend system One of ordinary skill in the art would have been motivated to perform such a modification to prevent online fraud see ‘259 (col. 1, lines 19 et seq.).
As to dependent claim 11. The system of claim 10, wherein the identifying element comprises a phone number of the user” is taught in ‘259 col. 5, lines 19-21.
As to dependent claim 13. The system of claim 10, further comprising a software application installed in a smart computing device, the authentication enrolling process and/or the factor subscription process being made using the software application” is taught in ‘973 col. 8, lines 43-49.
As to dependent claim 14. The system of claim 10, wherein the Internet-connected asset comprises a smart car, a wearable device, a bank-account” is disclosed in ‘973 col. 5, lines 15-65.
8. Claims 3, 6, and 12, are rejected under 35 U.S.C. 103 as being unpatentable over Prasad et al. U.S. Patent No. 10,164,973 in view of Shahidzadeh et al. U.S. Patent No. 10,325,259 (hereinafter ‘259) in further view of Sokolov et al. U.S. Patent No. 10,200,359 (hereinafter ‘359).
As to dependent claim 3, the following is not explicitly taught in ‘973 and 259: “The method claim 1, wherein the user-configurable security factors comprise an integer, a float, a Boolean, a geolocation position, and/or a string however ‘359 teaches in col. 7, lines 3-11.
It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention of a backend authentication system taught in ‘973 and ‘359 to include a means to a string in an extra factor authorization (XFA) backend system One of ordinary skill in the art would have been motivated to perform such a modification to improve multi-factor authentication (MFA) systems see ‘359 col. 1, lines 9-39.
As to dependent claim 6, “The method of claim 1, wherein the authentication enrolling process and/or the factor subscription process comprises using a SMS” is taught in ‘359 col. 6, lines 51-59.
As to dependent claim 12. The system of claim 10, wherein the user-configurable security factors comprise an integer, a float, a Boolean, a geolocation position, and/or a string” is shown in ‘359 col. 7, lines 3-11.
9. The prior art made of record and not relied upon is considered pertinent to applicant’s disclosure.
Angara et al. U.S. Patent No. 11,080,385 is directed to method and system for enabling multi-factor authentication for seamless website logins.
Conclusion
10. Any inquiry concerning this communication or earlier communications from the examiner should be directed to ELLEN C TRAN whose telephone number is (571) 272-3842. The examiner can normally be reached Monday-Friday.
Examiner interviews are available via telephone and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, Applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Jeff Pwu can be reached at 571-272-6798. The fax phone number for the organization where this application or proceeding is assigned is (571) 273-8300.
Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. Visit https://www.uspto.gov/patents/apply/patent-center for more information about Patent Center and https://www.uspto.gov/patents/docx for information about filing in DOCX format. For additional questions, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.
___________________________
/ELLEN TRAN/Primary Examiner, Art Unit 2433 6 February 2026