Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .

Continued Examination Under 37 CFR 1.114
A request for continued examination under 37 CFR 1.114, including the fee set forth in 37 CFR 1.17(e), was filed in this application after final rejection.  Since this application is eligible for continued examination under 37 CFR 1.114, and the fee set forth in 37 CFR 1.17(e) has been timely paid, the finality of the previous Office action has been withdrawn pursuant to 37 CFR 1.114.  Applicant's submission filed on 1/7/2021 has been entered.

Response to Amendment
This is in response to the amendments filed on 1/7/2021.  Claims 1, 4-10, 13, 15-20 have been amended. Claims 1-20 are currently pending and have been considered below. 

Response to Arguments
Applicant’s arguments with respect to claim(s) 1 and 17 have been considered but are moot because the new ground of rejection does not rely on any reference applied in the prior rejection of record for any teaching or matter specifically challenged in the argument.
Applicant’s further arguments with respect to claim(s) 10 have been considered but are moot because the new ground of rejection does not rely on any reference applied in the prior rejection of record for any teaching or matter specifically challenged in the argument.

Claim Rejections - 35 USC § 103
In the event the determination of the status of the application as subject to AIA  35 U.S.C. 102 and 103 (or as subject to pre-AIA  35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status.  
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.

Claims 1-3, 6, 17 and 19 is/are rejected under 35 U.S.C. 103 as being unpatentable over “Andrews” (US 2017/0346815) in view of “Gruschka” (US 2012/0266224) in further view of “Shastri” (US 10,158,489).

Regarding Claim 1:
Andrews teaches:
A method comprising: 
“Per block 603, a first client device of the user may be notified to complete a first authentication challenge, such as a username/password. Per block 605, authentication attributes may be received … Block 605, may also correspond to receiving the primary authentication challenge factor provided by the user”); 
authenticating the user of the first client device based on the credentials (Fig. 6, step 607 - YES; ¶0059, “Per block 607, it may be determined (e.g., by the registration server 110 and/or access manager 118) whether the one or more of the 1st client device attributes specified in block 605 match corresponding registered attributes … may receive the first authentication challenge credential and the device fingerprint … which may be checked against the table 200 … to determine whether the same first authentication challenge credential and the device fingerprint has been registered”; ¶0060, “Per block 611, if one or more of the cline attributes match, then it may be determined … whether there is a second client device registered to the user”); 
in response to authenticating the user (Fig. 6, step 611 and 613), generating, by the server device, a challenge … (Fig. 6, step 615; ¶0061, “Per block 615, the second client device may then be notified (e.g., by the access manager 118 …) to complete a second authentication challenge credential”; i.e., in response to a positive match of the received credential at the server, send a second authentication challenge to a second device of the user); 
“Per block 613 … the first client device may be notified (e.g., by the access manager 118) that the user must complete secondary authentication”), …; 
receiving, by the server device and from a second client device, an indication that the second client device attests to an identity of one or more of the first client device or the user of the first client device (Fig. 6, step 617; ¶0062, “The user may then enter a second authentication credential as part of the second authentication challenge … Per block 617, one or more authentication attributes ... from the … second client device may be received (e.g., by the access manager 118)”; i.e., receive secondary authentication credentials from the second client device of the user that “attests” to the identity of the first client device of the user - see ¶0038) … and wherein the second client device is different from the first client device that is requesting access to the one or more services associated with the server device (Fig. 7 details the respective client devices as being different, shown here by Client Device A and Client Device B); and 
based on the indication that the second client device attests to the identity of one or more of the first client device or the user of the first client device (Fig. 6, step 621; ¶0064, “Per block 621, if one or more of the second client device attributes match the one or more registered attributes needed, the access may be granted (e.g., by the access manager 118) to the protected resource”), transmitting, by the server device and to the first client device, an indication that the first client device has been granted access to the one or more services associated with the server device (¶0044, “The user 406 may first request access (e.g., from the banking app 203 of FIG. 2) to the protected resource 416 … using the client device 402”; ¶0052, “If there is a match, the access manager 418 may then allow access to the protected resource 416”; ¶0058, “FIG. 6 is a flow diagram of an example process 600 for determining whether a particular user may have access to a protected source ... The process 600 … may include the operations as specified in FIG. 4 … The process 600 may begin at block 601 when a user request is received (e.g., by the bank app 203…) in order to access a particular resource”; i.e., allow access to the protected sources at the first client device by virtue of matching the first and second attribute information. The examiner considers the “indication” to be the granting of access to the protected resource transmitted to the first client device’s banking app). 
Andrews does not disclose:
… generating, by the server device, a challenge code;
transmitting, by the server device and to the first client device, a request for attestation of the first client device, wherein the request for attestation comprises the challenge code and an identifier for the server device; 
receiving, by the server device and from a second client device, an indication … wherein the indication comprises the challenge code … ;
Gruschka teaches:
… generating, by the server device, a challenge code (¶0004, “A challenge may be for example a random number chosen by the authentication server…”);
transmitting, by the server device and to the client device, a request for attestation of the client device, wherein the request for attestation comprises the challenge code and an identifier for the server device (Fig. 1a, element 80; ¶0027, “The site … sends a challenge 80, e.g., a 2D barcode 80 which has the random data 110 and the site’s domain name example.com 50 encoded therein”; i.e., a request to authenticate a user is received at the user’s client device from a server, the request further containing a random data challenge and the server’s domain name); 
	Before the effective filing date of the claimed invention, it would have been obvious to one with ordinary skill in the art to modify Andrews’ multifactor authentication system by enhancing Andrews’ verification request to include a challenge code and an identifier of a server being authenticated to, as taught by Gruschka, in order to provide a secure and reliable method to validate to the server.
	The motivation is to provide an identifier of a website, such as a domain name, along with a randomized challenge code that enable the a user seeking access to the website to generate a one-time passcode for that website. Such method provides an easier, more secure, scalable, and flexible manner of providing authentication to the website (Gruschka, ¶0009). 
Andrews in view of Gruschka does not disclose:
receiving, by the server device and from a second client device, an indication … wherein the indication comprises the challenge code … ;
Shastri teaches:
receiving, by the server device (Fig. 19 outlines a process implemented at an access management server; Col. 24, lines 38-42) and from a second client device (Fig. 19, step 1920 - “Receive decrypted data from the second device”), an indication … wherein the indication comprises the challenge code (Fig. 19, steps 1918 and 1920; Col. 25, lines 65-67 & Col. 26, lines 1-9 disclose the access management server 
Before the effective filing date of the claimed invention, it would have been obvious to one with ordinary skill in the art to modify Andrews in view of Gruschka’s multifactor authentication system by enhancing Andrews in view of Gruschka’s verification response message from a second device to include an original challenge received at a first device, from a different second device, as taught by Shastri, in order to ensure that unknown devices can be trusted in a simplified manner .
	The motivation is to maintain multiple layers of security by making it difficult for outside users from authenticating a first device by requiring a secondary device to retrieve, from the first device, a challenge code to send back to an access management server. This not only prevents the outside users from accessing a desired service from the server, but also provides an simplified method for legitimate users of unknown devices to access the service device by enabling password-less authentication (Shastri, Col. 2, lines 42-49).

Regarding Claim 2:
The method of claim 1, wherein Andrews in view of Gruschka in further view of Shastri further teaches the challenge code comprises a one-time challenge code (Gruschka, Fig. 1b, element 42 discloses a one-time password that’s calculated by hashing the at least random data 110), and wherein the generating the challenge code comprises “A challenge may be for example a random number chosen by the authentication server…”).

Regarding Claim 3:
The method of claim 1, wherein Andrews in view of Gruschka in further view of Shastri further teaches the identifier for the server device comprises a uniform resource identifier for the server device (Gruschka, Fig. 1a, “example.com”).

Regarding Claim 6:
The method of claim 1, Andrews in view of Gruschka in further view of Shastri further teaching
wherein the transmitting the indication that the first client device has been granted access to the one or more services is based on a determination that the challenge code received from the second client device corresponds to the challenge code transmitted to the first client device (Shastri, Fig. 19, step 1922).

Regarding Claims 17 and 19:
Apparatus claims 17 and 19 correspond to respective method claims 1 and 6 and do not recite any further limitations. Therefore claims 17 and 19 are rejected by applying the same rationale used to reject claims 1 and 6 above, respectively.

Claims 4, 7-9, 18, and 20 is/are rejected under 35 U.S.C. 103 as being unpatentable over “Andrews” (US 2017/0346815) in view of “Gruschka” (US 2012/0266224) in view of “Shastri” (US 10,158,489) in further view of “Ligatti” (US 2018/0262505).

Regarding Claim 4:
Andrews in view of Gruschka in further view of Shastri teaches:
The method of claim 1, …
Andrews in view of Gruschka in further view of Shastri does not disclose:
… determining a plurality of users authorized for attestation of the first client device; and 
transmitting, by the server device and to the first client device, data indicating the plurality of users authorized for attestation of the first client device.
Ligatti teaches:
… determining a plurality of users authorized for attestation of the first client device (Fig. 8, messages 825 indicate a determined plurality of users to send an authentication challenge to); and 
transmitting, by the server device and to the first client device, data indicating the plurality of users authorized for attestation of the first client device (Fig. 1, element 1140; Fig. 12; ¶0049, “The voting users 1110B, 1110C may then respond by each sending an authentication vote 1125, 1130 to the authenticator computing device. The authenticator computing device 1105 then analyzes the received authentication votes to determine whether or not to grant access to the requesting user 1101A”).

	The motivation is enhance the security of a multifactor authentication system by requiring other factors, such as from a plurality of devices, to verify a first device. Requiring additional devices to verify the first device strengthens the overall security of the system by reducing the likelihood that an authentication factor may be spoofed or stolen. 

Regarding Claim 7:
Andrews in view of Gruschka in further view of Shastri teaches:
The method of claim 1, …
Andrews in view of Gruschka in further view of Shastri does not disclose:
… further comprising: 
receiving, by the server device and from a third client device, an indication that the third client device attests to the identity of one or more of the first client device or the user of the first client device, 
wherein the transmitting the indication that the first client device has been granted access to one or more services is based on the indication that the third client 
Ligatti teaches:
… further comprising: 
receiving, by the server device (Fig. 1, element 1105) and from a third client device (Fig. 1, element 1110c), an indication that the third client device attests to the identity of one or more of the first client device or the user of the first client device (Fig. 1, element 1130), 
wherein the transmitting the indication that the first client device has been granted access to one or more services is based on the indication that the third client device attests to the identity of one or more of the first client device or the user of the first client device (Fig. 1, element 1140; Fig. 12; ¶0049, “The voting users 1110B, 1110C may then respond by each sending an authentication vote 1125, 1130 to the authenticator computing device. The authenticator computing device 1105 then analyzes the received authentication votes to determine whether or not to grant access to the requesting user 1101A”).
Before the effective filing date of the claimed invention, it would have been obvious to one with ordinary skill in the art to modify Andrews in view of Gruschka in further view of Shastri’s multifactor authentication system by enhancing Andrews in view of Gruschka in further view of Shastri’s system to receive a second verification message from a third device to validate a first device, as taught by Ligatti, in order to enhance the security of the system.


Regarding Claim 8:
Andrews in view of Gruschka teaches:
The method of claim 1, …
Andrews in view of Gruschka does not disclose:
… further comprising:
based on a quantity of one or more client devices attesting to the identity of one or more of the first client device or the user of the first client device, determining, by the server device, a level of access of the first client device to the one or more services associated with the server device.
Ligatti teaches:
… further comprising:
based on a quantity of one or more client devices attesting to the identity of one or more of the first client device or the user of the first client device (Fig. 12 details a first verifying client device 105b and a second verifying client device 105b attesting to the identity of requesting client device 105a), determining, by the server device, a level of access of the first client device (¶0117, “If the authenticator computing device 103 determines that the responses 840, 845 received from the first and second verifying client devices 105B are valid for the issued authentication challenge 825, the authenticator computing device 103 sends an access grant 850 to the requesting client device 105A thereby granting the requesting client device 105A access to the resource”; i.e., the examiner interprets granting access as a “full-level” of access) to the one or more services associated with the server device (¶0060, “According to some embodiments, the authentication system can receive a request from the first device to access one or more resources”).
Before the effective filing date of the claimed invention, it would have been obvious to one with ordinary skill in the art to modify Andrews in view of Gruschka’s multifactor authentication system by enhancing Andrews in view of Gruschka’s system to require a number of devices to verify a first device, as taught by Ligatti, in order to enhance the security of the system.
	The motivation is enhance the security of a multifactor authentication system by requiring another factor, such as from a third device, to verify a first device. Requiring additional devices to verify the first device strengthens the overall security of the system by reducing the likelihood that an authentication factor may be spoofed or stolen. 

Regarding Claim 9:
Andrews in view of Gruschka in further view of Shastri teaches:
The method of claim 1, …
Andrews in view of Gruschka in further view of Shastri does not disclose:
… further comprising: 
based on a level of access of the second client device to the one or more services associated with the server device, determining, by the server device, a level of 
Ligatti teaches:
… further comprising: 
based on a level of access of the second client device to the one or more of services (¶0060, “According to some embodiments, the authentication system can receive a request from the first device to access one or more resources”) associated with the server device (¶0066, “In this embodiment, during registration, the authenticator (e.g., an "authentication server") can establish an associated set of user devices and can associate each of the user devices of the associated set of user devices with more than one user”), determining, by the server device, a level of access of the first client device to the one or more of services associated with the server device (¶0066, “The authenticator can then grant access to a requested resource to any user associated with the associated set of user devices using at least two user devices of the associated set of user devices. In this way, anonymous authentication is provided to a user requesting access to a resource by granting access to all of the users within the associated set of user devices. Once authenticated, a device has the same access level as allowed for any device in the associated set”; i.e., grant access to a user device based on the access granted to an associated set of user devices).
Before the effective filing date of the claimed invention, it would have been obvious to one with ordinary skill in the art to modify Andrews in view of Gruschka in further view of Shastri’s multifactor authentication system by enhancing Andrews in view of Gruschka in further view of Shastri’s system to provide anonymous authentication of 
	The motivation is enable secure anonymous authentication via associating verification devices with a first device to be authenticated so that the first device may authenticated without revealing their identity (Ligatti, ¶0067).

Regarding Claims 18 and 20:
Apparatus claims 18 and 20 correspond to respective method claims 4 and 7 and contain no further limitation. Therefore claims 18 and 20 are rejected by applying the same rationale used to reject claims 4 and 7 above, respectively.

Claim 5 is/are rejected under 35 U.S.C. 103 as being unpatentable over “Andrews” (US 2017/0346815) in view of “Gruschka” (US 2012/0266224) in view of “Shastri” (US 10,1584,89) in further view of “Copsey” (US 2014/0259129).

Regarding Claim 5:
Andrews in view of Gruschka in further view of Shastri teaches:
The method of claim 1, …
Andrews in view of Gruschka in further view of Shastri does not disclose:
… wherein the receiving the indication that the second client device attests to the identity of one or more of the first client device or the user of the first client device is performed after an authentication of the second client device by a second server device.
Copsey teaches:
… wherein the receiving the indication that the second client device attests to the identity of one or more of the first client device or the user of the first client device (Figure 3, step 360; ¶0094, “An authentication response may be received at the security system at step 360 from the collaborative authenticator”) is performed after an authentication of the second client device (Figure 3, step 320, “The collaborative authenticator may provide this authentication identifier to the security system at step 320”; i.e., the collaborative authenticator device presents data verifying the user (step 360) after being verified at step 320) by a second server device (Fig. 5 details that the Collaborative Authentication Security Infrastructure (i.e., the “second server device”) is separate from backend services 515 (i.e., the “first server device”)).	
Before the effective filing date of the claimed invention, it would have been obvious to one with ordinary skill in the art to modify Andrews in view of Gruschka in further view of Shastri’s multifactor authentication system by enhancing Andrews in view of Gruschka in further view of Shastri’s system to authenticate a second device prior to the second device verifying a first device, as taught by Copsey, in order to enhance the security of the system.
	The motivation is enhance the security of a multifactor authentication system that utilizes a second device to verify a first device by requiring the second device to authenticate to a server prior to verifying the first device. This prevents a malicious entity from obtaining the second device and impersonating a valid user of the second device in order to circumvent the multifactor authentication requirements.  

Claims 10-12 and 14 is/are rejected under 35 U.S.C. 103 as being unpatentable over “Andrews” (US 2017/0346815) in view of “Gruschka” (US 2012/0266224) in further view of “Varadarajan” (US 2013/0124855).

Regarding Claim 10:
Andrews teaches:
A method comprising: 
transmitting, by a first client device and to a server device, credentials for authenticating a user of the first client device (Fig. 6, step 605; ¶0058, “Per block 603, a first client device of the user may be notified to complete a first authentication challenge, such as a username/password. Per block 605, authentication attributes may be received … Block 605, may also correspond to receiving the primary authentication challenge factor provided by the user”);  -42 -B&W Ref.: 007737.00871 Client Ref.: ID1429US 
receiving, by the first client device and from the server device, a request for attestation of the first client device (Fig. 6, step 613; ¶0061, “Per block 613 … the first client device may be notified (e.g., by the access manager 118) that the user must complete secondary authentication”), …
receiving, by the first client device and from the server device, an indication that the first client device has been granted access to one or more services associated with the server device, wherein the indication that the first client device has been granted access is based on an attestation sent by a second client device to the server device (¶0044, “The user 406 may first request access (e.g., from the banking app 203 of FIG. 2) to the protected resource 416 … using the client device 402”; ¶0052, “If there is a match, the access manager 418 may then allow access to the protected resource 416”; ¶0058, “FIG. 6 is a flow diagram of an example process 600 for determining whether a particular user may have access to a protected source ... The process 600 … may include the operations as specified in FIG. 4 … The process 600 may begin at block 601 when a user request is received (e.g., by the bank app 203…) in order to access a particular resource”; i.e., allow access to the protected sources at the first client device by virtue of matching the first and second attribute information. The examiner considers the “indication” to be the granting of access to the protected resource transmitted to the first client device’s banking app).
Andrews does not disclose:
wherein the request for attestation comprises a challenge code generated by the server device and an identifier for the server device; 
generating, by the first client device, a code by encoding at least: 
the challenge code, 
the identifier for the server device, and 
data identifying one or more of the first client device or the user of the first client device; 
displaying, by the first client device, the code; and 
Gruschka teaches:
wherein the request for attestation comprises a challenge code generated by the server device (¶0004, “A challenge may be for example a random number chosen by the authentication server…”) and an identifier for the server device (Fig. 1a, element 80; ¶0027, “The site … sends a challenge 80, e.g., a 2D barcode 80 which has the random data 110 and the site’s domain name example.com 50 encoded therein”; i.e., a request to authenticate a user is received at the user’s client device from a server, the request further containing a random data challenge and the server’s domain name); 
generating … a code (¶0027, “The site … sends a challenge 80, e.g., a 2D barcode 80 which has the random data 110 and the site’s domain name example.com 50 encoded therein”) by encoding at least: 
the challenge code (¶0027, “The site … sends a challenge 80, e.g., a 2D barcode 80 which has the random data 110 … encoded therein”), 
the identifier for the server device (¶0027, “The site … sends a challenge 80, e.g., a 2D barcode 80 which has the … the site’s domain name example.com 50 encoded therein”), and 
data identifying one or more of the first client device or the user of the first client device (¶0032, “The site retrieves the corresponding public key 46 for the user name 21 and encrypts the site’s domain name … and random data using this public key 46 … The result is then encoded as 2D barcode 80 as in the first embodiment”); 
displaying, by the first client device, the code (Fig. 1a details the code 80 being displayed as a QR code at a client device 90); and 
	Before the effective filing date of the claimed invention, it would have been obvious to one with ordinary skill in the art to modify Andrews’ multifactor authentication system by enhancing Andrews’ verification request to include a challenge code and an identifier of a server being authenticated to, as taught by Gruschka, in order to provide a secure and reliable method to validate to the server.

Andrews in view of Gruschka does not disclose:
generating, by the first client device, a code by encoding …
However, Varadarajan discloses:
generating, by the first client device, a code by encoding (¶0049, “At step 412, the security client 200 generates the QR code 302 utilizing the transaction information B received from the security server 204 at step 410”) …
Because both Andrews in view of Gruschka and Varadarajan disclose methods of generating QR codes, it would have been obvious to one skilled in the art to substitute one method of generating a QR code for the other to achieve the predictable results of generating a QR code at a first client device via encoding. Furthermore, Varadarajan further makes it known that a QR code may be generated at the security client or at a security server (see paragraph 49, “In the alternative, the security server 204 may generate the QR code 302 at step 410 before transmitting that transaction information B to the security client 200”), which also supports the above rationale for simple substituting one known method of generating a QR code (at a server) for another known method of generating a QR code (at a client device).

Regarding Claim 11:
“A challenge may be for example a random number chosen by the authentication server…”).

Regarding Claim 12:
The method of claim 10, wherein Andrews in view of Gruschka in further view of Varadarajan further teaches the identifier for the server device comprises a uniform resource identifier for the server device (Gruschka, Fig. 1a, “example.com”).

Regarding Claim 14:
The method of claim 10, wherein Andrews in view of Gruschka in further view of Varadarajan further teaches the code comprises a Quick Response (QR) code (Gruschka, Fig. 1a details the code 80 being displayed as a QR code at a client device 90).

Claims 13, 15, and 16 is/are rejected under 35 U.S.C. 103 as being unpatentable over “Andrews” (US 2017/0346815) in view of “Gruschka” (US 2012/0266224) in view of “Varadarajan” (US 2013/0124855) in further view of “Ligatti” (US 2018/0262505).

Regarding Claim 13:
Andrews in view of Gruschka further in view of Varadarajan teaches:
The method of claim 10, …
Andrews in view of Gruschka further in view of Varadarajan does not disclose:
receiving, by the first client device and from the server device, data indicating a plurality of users for attestation of the first client device, 
wherein displaying the code comprises displaying, by the first client device, the code and the plurality of users for attestation of the first client device.  
Ligatti teaches:
receiving, by the first client device and from the server device, data indicating a plurality of users for attestation of the first client device (Fig. 8, messages 825 indicate a determined plurality of users to send an authentication challenge to), 
wherein displaying the code comprises displaying, by the first client device, the code and the plurality of users for attestation of the first client device (Fig. 1, element 1140; Fig. 12; ¶0049, “The voting users 1110B, 1110C may then respond by each sending an authentication vote 1125, 1130 to the authenticator computing device. The authenticator computing device 1105 then analyzes the received authentication votes to determine whether or not to grant access to the requesting user 1101A”).  
Before the effective filing date of the claimed invention, it would have been obvious to one with ordinary skill in the art to modify Andrews in view of Gruschka in further view of Varadarajan’s multifactor authentication system by enhancing Andrews in view of Gruschka in further view of Varadarajan’s system to receive a second verification message from a plurality of devices validate a first device, as taught by Ligatti, in order to enhance the security of the system.


Regarding Claim 15:
Andrews in view of Gruschka in further view of Varadarajan teaches:
The method of claim 10, …
Andrews in view of Gruschka in further view of Varadarajan does not disclose:
… wherein the indication that the first client device has been granted access is based on an attestation of the first client device by one or more of other client devices, and wherein the one or more of other client devices comprises the second client device.
Ligatti teaches:
… wherein the indication that the first client device has been granted access is based on an attestation of the first client device by one or more of other client devices (Fig. 1, element 1140; Fig. 12; ¶0049, “The voting users 1110B, 1110C may then respond by each sending an authentication vote 1125, 1130 to the authenticator computing device. The authenticator computing device 1105 then analyzes the received authentication votes to determine whether or not to grant access to the requesting user 1101A”), and wherein the one or more of other client devices comprises the second client device (Fig. 1, elements 1110b is construed as being the “another” client device while element 1110c serves as being a part of the “plurality of other client devices”).

	The motivation is enhance the security of a multifactor authentication system by requiring other factors, such as from a plurality of devices, to verify a first device. Requiring additional devices to verify the first device strengthens the overall security of the system by reducing the likelihood that an authentication factor may be spoofed or stolen. 

Regarding Claim 16:
Andrews in view of Gruschka in further view of Varadarajan teaches:
The method of claim 10, …
Andrews in view of Gruschka in further view of Varadarajan does not disclose:
… further comprising: 
receiving, by the first client device and from the server device, an indication of a quantity of attestations of the first client device by one or more other client devices; and 
displaying, by the first client device, the indication of the quantity of attestations of the client device by the one or more other client devices.
Ligatti teaches:
… further comprising: 

displaying, by the c first lient device, the indication of the quantity of attestations of the client device by the one or more other client devices (Fig. 14, element 1025; ¶0120, “… when the authentication process starts, a nonce and/or a QR-code version of this nonce can be generated by the server. Once the nonce is generated, the QR code can be generated. Finally, the server can send the created QR code to the device 105 requesting access to the application”; i.e., display the authentication challenge as a QR code at the client device. The authentication message being the claimed “indication of the number of attestations”).
Before the effective filing date of the claimed invention, it would have been obvious to one with ordinary skill in the art to modify Andrews in view of Gruschka in further view of Varadarajan’s multifactor authentication system by enhancing Andrews in view of Gruschka in further view of Varadarajan’s system to require other devices to verify a first device and provide an indication to the first devices the other devices that need to verify the first device, as taught by Ligatti, in order to enhance the security of the system.

Pertinent Prior Art:
The prior art made of record and not relied upon is considered pertinent to applicant's disclosure. “Blasi” (US 2016/0380997) discloses a system where a first device is authenticated to a server by the server transmitting a token to the first device and the first device sending the token to a second device. The second device maintaining a trusted identifier with the server such that when the second device attests to the first device, the server can complete authentication of the first device.

Contact Information
Any inquiry concerning this communication or earlier communications from the examiner should be directed to DANIEL B POTRATZ whose telephone number is (571)270-5329.  The examiner can normally be reached on M-F 10 A.M. - 6 P.M. CST.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.  

Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system.  Status information for published applications may be obtained from either Private PAIR or Public PAIR.  Status information for unpublished applications is available through Private PAIR only.  For more information about the PAIR system, see http://pair-direct.uspto.gov. Should you have questions on access to the Private PAIR system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative or access to the automated information system, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.




/DANIEL B POTRATZ/Primary Examiner, Art Unit 2491