DETAILED ACTION
This Office Action is in response to the application 16/414,987 filed on 05/17/2019.
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .
Claims 1-20 have been examined and are pending in this application. Claims 1, 9, and 17 are independent.
Information Disclosure Statement
The information disclosure statement (IDS), submitted on 05/17/2019 and 05/28/2019, is in compliance with the provisions of 37 CFR 1.97.  Accordingly, the information disclosure statement is being considered by the examiner.
Claim Objections
Claim 9 is objected to because of the following informalities:  
As to claim 9, claim 9 is directed to a program product, and recites, “one or more storage media.” 
To avoid any uncertainty in interpretation the claim to non-statutory subject matter while the specification, such as paragraphs 0047-0048, 0051, and 0051, states that the memory is a computer-readable storage media, and further states that “a computer readable storage medium, as used herein, is not to be construed as being transitory signals per se, such as radio waves or other freely propagating electromagnetic waves, electromagnetic “ “one or more non-transitory storage media.” for better clarity of the claim scope (emphasis added).
Appropriate correction(s) is required.

Claim Rejections - 35 USC § 103
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102 of this title, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains.  Patentability shall not be negated by the manner in which the invention was made.

This application currently names joint inventors. In considering patentability of the claims the examiner presumes that the subject matter of the various claims was commonly owned as of the effective filing date of the claimed invention(s) absent any evidence to the contrary.  Applicant is advised of the obligation under 37 CFR 1.56 to point out the inventor and effective filing dates of each claim that was not commonly owned as of the effective filing date of the later invention in order for the examiner to consider the applicability of 35 U.S.C. 102(b)(2)(C) for any potential 35 U.S.C. 102(a)(2) prior art against the later invention.
Claims 1-3, 6-11, and 14-19 are rejected under 35 U.S.C. 103 as being unpatentable over Craswell (“Craswell,” US 2020/0084204, filed on 09/09/2018), in view of Dotan et al (“Dotan,” US 9,332,433, patented on 05/03/2016).
As to claim 1, Craswell teaches a method (Craswell: pars 0017-0019; Fig 1, a multi-factor authentication (MFA) system and method involving two separate devices) comprising: 
responsive to determining a first user authentication was prompted in a first application on a first device associated with a user (Craswell: pars 0017, 0028, Fig 1, 2, the MFA process is started by a software component on a first computing system identifying request information for an access code to allow access to a network resource. User of the first device provides sign-in information on the system prompted window); 
identifying, by one or more processors, a second application on a second device in which the first event from the plurality of events (Craswell: pars 0029-0033, 0047, if a MFA process is required for an access of resources on first device associated with a resource/application, the required MFA authentication process involves a second device to perform a MFA process. The enrolled MFA service data with a user ID is stored);
generating, by one or more processors, an authentication question based on the first event, wherein the authentication question is a second user authentication (Craswell: pars 0029-0033, generates a second level authentication process [i.e. second user authentication] for multi-factor authentication  );
responsive to determining an answer provided by the user to the authentication question is correct, granting, by one or more processors, access to the first user authentication prompt (Craswell: pars 0029-0033, allowing access to the requested resource based on verification of second authentication parameters inputted by the user in response to system prompt for second level authentication).
Craswell does not explicitly teach identifying, by one or more processors, a first event from a plurality of events that previously occurred in a select time frame, wherein the first event relates to a first action performed by the user in the second application.
However, in an analogous art, Dotan teaches identifying, by one or more processors, a first event from a plurality of events that previously occurred in a select time frame, wherein the first event relates to a first action performed by the user in the second application (Dotan: Column 1, lines 56-67, col 2, lines 1-20, performing an authentication process, where a first application running on a client device, processing first set of authentication factors, and a second application running on a client device, processing second set of authentication factors associated with the first set of authentication factors).
Therefore, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to combine the teachings of Dotan with the method/system of Craswell for the benefit of providing a user with a means for using of a another second application in first device to perform part of the second level authentication process to perform multi-factor authentication within the same device to prevent act of malicious plug-ins and unauthorized access (Dotan: column 1, lines 26-67, col 2, lines 1-20). 
As to claim 2, the combination of Craswell and Dotan teaches the method of claim 1 
(Craswell: pars 0031, 0047, the access request type is defined by the parameter whether multi-factor authentication process is needed or not. The enrolled MFA service data with a user ID is stored in management records for each of its users. Those identity management records include a user ID).
As to claim 3, the combination of Craswell and Dotan teaches the method of claim 2, 
Craswell further teaches further comprising: responsive to determining the second application out of the plurality of applications is activated, receiving, by one or more processors, event data for the first event based on the user profile; and
storing, by one or more processors, the event data for the first event, along with a user identifier for the user and a device identifier for the second device (Craswell: pars 0031, 0047, the access request type is defined by the parameter whether multi-factor authentication process is needed or not. The enrolled MFA service data with a user ID is stored in management records for each of its users. Those identity management records include a user ID).
As to claim 6, the combination of Craswell and Dotan teaches the method of claim 1, 
Craswell further teaches wherein generating the authentication question based on the first event, further comprises: responsive to analyzing the first event and the second application, parsing, by one or more processors, legible content associated with the first event and the second application; responsive to identifying the first action performed by the user in the second application, compiling, by one or more processors, the authentication question relating to the first action performed by the user in the second application. (Craswell: pars 0031-0033, 0047, the access request type is defined by the parameter whether multi-factor authentication process is needed or not based on the access policy and stored user information)
As to claim 7, the combination of Craswell and Dotan teaches the method of claim 1, 
Craswell and Dotan further teaches wherein identifying the second application on the second device based on the user profile associated with the user, further comprises: identifying, by one or more processors, the second device out of a plurality of devices, wherein the second device is in a vicinity of the first device (Craswell: pars 0019, 0020, 0023, 0033, the second device is separate from first device and connected remotely over network, such as WiFi network); and
identifying, by one or more processors, the second application out of a plurality of applications, wherein a first category for the first application is different than a second category for the second application, wherein the first category and the second category are based on a provided service (Craswell: pars 0029-0033, the second application is MFA associated application different from the first application of the first device.  Dotan: Column 1, lines 56-67, col 2, lines 1-20, the first application running on a client device, processing first set of authentication factors, and the second application running on a client device, processing second set of authentication factors).
As to claim 8, the combination of Craswell and Dotan teaches the method of claim 1, 
further comprising: extracting, by one or more processors, a plurality of parameters for the first user authentication prompt, wherein the plurality of parameters are selected from a group consisting of: an event category, a timestamp, a geographic location, and a device identifier (Craswell: pars 0031, 0045, 0047, period parameter. The access request type is defined by the parameter whether multi-factor authentication process is needed or not);
selecting, by one or more processors, a subset cluster of events from a plurality of clusters of events utilizing a rule-based affinity function; computing, by one or more processors, a distance score for each event in the subset cluster of events, wherein the distance score specifics a similarity between each event and the first user authentication prompt; responsive to assigning a weight factor for each distance score based on comparable event in other clusters, selecting, by one or more processors, the first event from the plurality of events that previously occurred in the second application based on the distance score and the weight factor (Craswell: pars 0029-0033, the MFA application process the association of the access request based on the policy and the authentication parameter information provided with the access request on the first application on the first device.  Dotan: Column 1, lines 56-67, col 2, lines 1-20, col 10, lines 22-55, the first application running on a client device, processing first set of authentication factors, and the second application running on a client device, processing second set of authentication factors. Verify the consistency among the device information based on the policy).
As to claim 9, the claim is directed to a computer program product and the claim limitations are similar to limitations of claim, and therefore, the claim is also rejected for the same reason set forth for above for claim 1.
As to claims 10-11, and 14-16, the claim limitations are similar to limitations of claims 2-3, and 6-8, and therefore, the claims are also rejected for the same reason set forth for above for claims 2-3, and 6-8.
As to claim 17, the claim is directed to a system and the claim limitations are similar to limitations of claim, and therefore, the claim is also rejected for the same reason set forth for above for claim 1.
Claims 4-5, 12-13, and 20 are rejected under 35 U.S.C. 103 as being unpatentable over Craswell (“Craswell,” US 2020/0084204, filed on 09/09/2018), in view of Dotan et al (“Dotan,” US 9,332,433, patented on 05/03/2016), and further in view Reiss (“Reiss,” US 2019/0385143, patented on 06/19/2018).
As to claim 4, the combination of Craswell and Dotan teaches the method of claim 1, 
Craswell teaches that user sign-in and two step verification are promoted to the user (Craswell: pars 0028-0029; Fig 2, 3), but Craswell or Dotan does not teach further comprising: performing, by one or more processors, a first action in a user interface of the (Craswell: pars 0028-0029; Fig 2, 3, user sign-in and two step verification are promoted to the user).
However, in an analogous art, Reiss teaches further comprising: performing, by one or more processors, a first action in a user interface of the first application on the first device, wherein the action includes greying-out the first user authentication prompt, wherein highlighting one or more fields in the first application for entry of user credentials is disabled (Reiss: pars 0023-0024, 0029; Fig 2-4, pop-up window for second level authentication prompt is displayed to the user overlaying on the top of the initial user interface).
Therefore, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to combine the teachings of Reiss with the method/system of Craswell and Dotan for the benefit of providing a user with a means implementing a process where the user is prompt to enter second level authentication parameter displaying over the initial user interface (Reiss: pars 0023-0024, 0029; Fig 2-4). 
As to claim 5, the combination of Craswell and Dotan teaches the method of claim 4, Craswell and Reiss further teaches wherein granting access to the first user authentication prompt, further comprises: performing, by one or more processors, a second action in the user interface of the first application on the first device, wherein the second action includes reversing the greying-out of the first user authentication prompt, wherein highlighting one or more fields in the first application for entry of user credentials is  (Craswell: pars 0028-0029; Fig 2, 3, user sign-in and two step verification are promoted to the user. Reiss: pars 0023-0024, 0029; Fig 2-4, pop-up window for second level authentication prompt is displayed to the user overlaying on the top of the initial user interface).
As to claims 12 and 13, the claim limitations are similar to limitations of claims 4 and 5, and therefore, the claims are also rejected for the same reason set forth for above for claims 4 and 5.
As to claim 20, the claim limitations are similar to limitations of claim 4, and therefore, the claims are also rejected for the same reason set forth for above for claim 4.
Conclusion
Any inquiry concerning this communication or earlier communications from the examiner should be directed to Jahangir Kabir whose telephone number is (571) 270-3355.  The examiner can normally be reached on 9:00- 5:00 Mon-Thu.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Luu Pham can be reached on (571) 270-5002.  The fax number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system.  Status information for published applications may be obtained from either Private PAIR or Public PAIR.  Status information for unpublished applications is available through Private PAIR only.  For more information about the PAIR system, see http://pair-direct.uspto.gov. Should you have questions on 

/JAHANGIR KABIR/             Primary Examiner, Art Unit 2439