DETAILED ACTION
Notice of Pre-AIA  or AIA  Status
The present application is being examined under the pre-AIA  first to invent provisions. 
This Office Action is in response to Amendment filed on 12/30/2020.
Claims 1-9, 11-20 have been amended; claims 10 and 21 (original Claim 20) have been canceled; claim 22 has been newly canceled; Claims 1, 5 and 18 (original Claim 17) are independent claims. Claims 1-9, 11-20 and 22 have been examined and are pending. This Action is made Final. 


Response to Arguments
The Objection to Claims 6-16 and original Claims 18-20 are withdraw as the claims has been amended.
The rejection of claim 2 under 35 U.S.C. § 112, second paragraph is withdrawn as the claim have been amended.
The Double Patenting to Claims 1-9, 11-20 and 22 has been modified to address the newly amended features and further is maintained as applicants have requested that the rejection be held in abeyance.
Applicants’ arguments with respect to claims 1-9, 11-20 and 22 have been considered but are moot in view of the new ground(s) of rejection.



Claim Objections
The numbering of claims is not in accordance with 37 CFR 1.126 which requires the original numbering of the claims to be preserved throughout the prosecution.  When claims are canceled, the remaining claims must not be renumbered.  When new claims are presented, they must be numbered consecutively beginning with the number next following the highest numbered claims previously presented (whether entered or not).
The examiner respectfully notes claims 12 (duplicate) and 13-20 are now misnumbered as Claims 14-21.  The examiner notes Misnumbered Claim 21 (i.e., original Claim 20) has been canceled.  The examiner notes this improper number per 37 CFR 1.126.  The examiner has maintained the rejection based on the original claim set and has, attempted to clearly, map misnumbered claims to the original claim set.  The examiner suggests to applicant to cancel both original claim 12 and 12 (duplicate) and re-write these as new dependent claims and keeping the original claim numbering regarding claims 13-20.   

Double Patenting
The nonstatutory double patenting rejection is based on a judicially created doctrine grounded in public policy (a policy reflected in the statute) so as to prevent the unjustified or improper timewise extension of the “right to exclude” granted by a patent and to prevent possible harassment by multiple assignees. A nonstatutory double patenting rejection is appropriate where the conflicting claims are not identical, but at least one examined application claim is not patentably distinct from the reference claim(s) because the examined application claim is either anticipated by, or would have been obvious over, the reference claim(s). See, e.g., In re Berg, 140 F.3d 1428, 46 USPQ2d 1226 (Fed. Cir. 1998); In re Goodman, 11 F.3d 1046, 29 USPQ2d In re Longi, 759 F.2d 887, 225 USPQ 645 (Fed. Cir. 1985); In re Van Ornum, 686 F.2d 937, 214 USPQ 761 (CCPA 1982); In re Vogel, 422 F.2d 438, 164 USPQ 619 (CCPA 1970); In re Thorington, 418 F.2d 528, 163 USPQ 644 (CCPA 1969).
A timely filed terminal disclaimer in compliance with 37 CFR 1.321(c) or 1.321(d) may be used to overcome an actual or provisional rejection based on nonstatutory double patenting provided the reference application or patent either is shown to be commonly owned with the examined application, or claims an invention made as a result of activities undertaken within the scope of a joint research agreement. See MPEP § 717.02 for applications subject to examination under the first inventor to file provisions of the AIA  as explained in MPEP § 2159.  See MPEP §§ 706.02(l)(1) - 706.02(l)(3) for applications not subject to examination under the first inventor to file provisions of the AIA . A terminal disclaimer must be signed in compliance with 37 CFR 1.321(b). 
The USPTO Internet website contains terminal disclaimer forms which may be used. Please visit www.uspto.gov/patent/patents-forms. The filing date of the application in which the form is filed determines what form (e.g., PTO/SB/25, PTO/SB/26, PTO/AIA /25, or PTO/AIA /26) should be used. A web-based eTerminal Disclaimer may be filled out completely online using web-screens. An eTerminal Disclaimer that meets all requirements is auto-processed and approved immediately upon submission. For more information about eTerminal Disclaimers, refer to www.uspto.gov/patents/process/file/efs/guidance/eTD-info-I.jsp.

Claims 1, 5 and 17 (misnumbered Claim 18) are rejected on the ground of nonstatutory double patenting as being unpatentable over claim 1 of U.S. Patent No. 10,129,250. Although the claims at issue are not identical, they are not patentably distinct from each other because:

Instant Application 16/138,007
US Patent 10,129,250
Claim 1, and similarly Claim 5:  A method of authenticating a web-based application, the method comprising: 
registering a mobile communication device for an authentication account at a remote authentication platform; 
at the remote authentication platform comprising an Internet-accessible server hosted on a distributed computing system: 
tracking the mobile communication device using an IP address and an identifier of the mobile IP address

receiving from a client, via a first communication channel, transaction data relating to an attempt by a user to access a web-based application via the client; identifying the authentication account 





































responsive to identifying the authentication account, transmitting to the mobile communication device, via a second communication channel determined base don tracking the mobile communication device, an authentication message; 











receiving, via the second communication channel, a response to the authentication message from the mobile communication device; and




transmitting to the client, via the first communication channel, a confirmation or a denial of the attempt to access the web-based application based on the response to the authentication message from the client.
Claim 1: A method of multi-factor authentication of a digital transaction, the method comprising:
prior to initiating a digital transaction, registering a multi-factor authentication account and registering a mobile user device of a user in association with the multi-factor authentication account on a remote authentication service for performing a second factor of authentication for the digital transaction; 
at a third-party service provider: 

receiving a transaction request from an initiator using an initiating user device distinct from the registered mobile user device for initiating the digital transaction, the transaction request comprising user authentication credentials for performing a first factor of authentication at the third-party service provider;
authenticating the initiator based on the user authentication credentials; 
in response to a successful authentication of the initiator, transmitting an application programming interface (API) request to a multi-factor authentication API server of the remote authentication service, the API request comprising an authentication request and transaction request data associated with the transaction request to the remote authentication service; 
preventing the remote authentication service from inspecting one or more features of the transaction request data from the third-party service provider, wherein the preventing includes encrypting the transaction request data at the third-party service provider prior to transmitting the transaction request data to the remote authentication service;

receiving the API request from the third-party service provider, wherein the transaction request data comprises (i) details of the transaction request and (ii) multi-factor authentication account identification data; using the multi-factor authentication account identification data to identify the multi-factor authentication account registered with and maintained by the remote authentication service; 
using the multi-factor authentication account to identify the mobile user device of the user that is registered in association with the multi-factor authentication account; 
in response to identifying the registered mobile device associated with the multi-factor authentication account, pushing an authentication message via a persistent connection from the multi-factor authentication API to an authentication , the authentication message comprising (a) the details of the transaction request and (ii) a request for either a confirmation input from the user that confirms the details of the transaction request or a denial input that denies the details of the transaction request; 
decrypting the transaction request data only at the registered mobile user device; 
receiving, from the authentication service application, an authentication response to the authentication notification, the authentication response comprising data of the confirmation input or data of the denial input; 
returning, from the multi-factor authentication API server, an API response comprising authentication response data relating to the authentication response to the third-party service provider; 
completing the digital transaction or denying the digital transaction based on the authentication response data






Instant Application 16/138,007
US Patent 10,129,250
Claim 17 (misnumbered Claim 18):  A method of multi-factor authentication of a digital transaction, the method comprising:
prior to initiating a digital transaction, registering a multi-factor authentication account and registering a mobile communication device of a user in association with the multi-factor authentication account on a remote authentication service for performing a second factor of authentication for the digital transaction; 
at a third-party service provider: 
receiving, via a first communication channel, a transaction request from an initiator for 

authenticating the initiator based on the user authentication credentials; 
in response to a successful authentication of the initiator, transmitting, via one or more networks, transaction request data associated with the transaction request to the remote authentication service; 











at the remote authentication service:  tracking the mobile communication device using an IP address and an identifier of the mobile communciaiton device


receiving, via a second communication channel, the transaction request data from the third-party service provider, wherein the transaction request data comprises (i) details of the transaction request and (ii) multi-factor authentication account identification data; using the multi-factor authentication account identification data to identify the multi-factor authentication account registered with and maintained by the remote authentication service; 
using the multi-factor authentication account to identify the mobile communication device of the user that is registered in association with the multi-factor authentication account; 


in response to identifying the mobile communication device that is registered in association with the multi-factor authentication account, transmitting, via a third communication channel, from the remote authentication service an authentication message to the mobile communication device, the authentication message comprising (a) the details of the transaction request and (ii) a request for either a confirmation input that confirms the details of the transaction request or a denial input that denies the details of the transaction request; 

receiving, via the third communication channel, from the mobile communication device that has been registered an authentication response to the authentication message, the authentication response comprising data of the confirmation input or data of the denial input; transmitting, via the 
completing the digital transaction or denying the digital transaction based on the authentication response data.
Claim 1: A method of multi-factor authentication of a digital transaction, the method comprising:
prior to initiating a digital transaction, registering a multi-factor authentication account and registering a mobile user device of a user in association with the multi-factor authentication account on a remote authentication service for performing a second factor of authentication for the digital transaction; 
at a third-party service provider: 
receiving a transaction request from an initiator using an initiating user device distinct from the registered mobile user device for initiating the digital transaction, the transaction request comprising user authentication credentials for performing a first factor of authentication at the third-party service provider;
authenticating the initiator based on the user authentication credentials; 
in response to a successful authentication of the initiator, transmitting an application programming interface (API) request to a multi-factor authentication API server of the remote authentication service, the API request comprising an authentication request and transaction request data associated with the transaction request to the remote authentication service; 
preventing the remote authentication service from inspecting one or more features of the transaction request data from the third-party service provider, wherein the preventing includes encrypting the transaction request data at the third-party service provider prior to 
at the remote authentication service comprising the multi-factor authentication API server: 



receiving the API request from the third-party service provider, wherein the transaction request data comprises (i) details of the transaction request and (ii) multi-factor authentication account identification data; using the multi-factor authentication account identification data to identify the multi-factor authentication account registered with and maintained by the remote authentication service; 

using the multi-factor authentication account to identify the mobile user device of the user that is registered in association with the multi-factor authentication account; 
in response to identifying the registered mobile device associated with the multi-factor authentication account, pushing an authentication message via a persistent connection from the multi-factor authentication API to an authentication service application hosted on the registered mobile device of the user, the authentication message comprising (a) the details of the transaction request and (ii) a request for either a confirmation input from the user that confirms the details of the transaction request or a denial input that denies the details of the transaction request; 
decrypting the transaction request data only at the registered mobile user device; 
receiving, from the authentication service application, an authentication response to the authentication notification, the authentication response comprising data of the confirmation input or data of the denial input; 
returning, from the multi-factor authentication API server, an API response comprising authentication response data relating to the authentication response to the third-party service provider; 

completing the digital transaction or denying the digital transaction based on the authentication response data


Claim 1, and similarly Claim 5 and 17 (misnumbered Claim 18), of the Instant Application would correspond to Claim 1 of U.S. Patent No. 10,129,250, as the features of U.S. Patent No. 10,129,250 are substantially similar to that of the Instant Application.  More specifically, one of ordinary skill in the art would realize the steps recited, supra, in U.S. Patent 10,129,250, provides substantially similar functions as claimed in the Instant Application, and those substantially similar functions are further found in U.S. Patent 10,129,250 are obvious variants to that claimed in the Instant Application. Therefore the Instant Application is rejected under nonstatutory double patenting.

As per claims 2-4, 6- 9, 11-16 (misnumbered Claim 12-17), and 18-19 (misnumbered Claim 19-20), and 22, claims 2-4, 6- 9, 11-16 (misnumbered Claim 12-17), and 18-19 . 

Claims 1, 5 and 17 (misnumbered Claim 18) are rejected on the ground of nonstatutory double patenting as being unpatentable over claim 1 of U.S. Patent No. 9,992,194. Although the claims at issue are not identical, they are not patentably distinct from each other because:

Instant Application 16/138,007
US Patent 9,992,194
Claim 1, and similarly Claim 5:  A method of authenticating a web-based application, the method comprising: registering a mobile communication device for an authentication account at a remote authentication platform: tracking the mobile communication device using an IP address and an identifier of the mobile IP address







at the authentication platform comprising an Internet-accessible server hosted on a distributed computing system: 
receiving from a client, via a first communication channel, transaction data relating to an attempt by a user to access a web-based application via the client; 







identifying the authentication account associated with the mobile communication device based on the transaction data; responsive to identifying the authentication account, 

















transmitting to the mobile communication device, via a second communication channel, determined base don tracking the mobile communication device an authentication message; receiving, via the second communication channel, a response to the authentication message from the mobile communication device; and
















































Claim 1: A method of completing a transaction comprising the steps of: registering a user authentication device of an authentic user on a remote auth platform comprising a web server;
registering a user authoritative device of an authoritative agent on the remote auth platform; 
setting a transaction confirmation threshold requiring a confirmation response from the user authentication device of the authentic user and an authorization response from the user authoritative device of the authoritative 
receiving, at a user interface having Internet accessibility, user login input from a user for initiating the transaction request, wherein the user login input comprises user authentication credentials for performing an initial authentication of the user at the user interface, and wherein the user interface is maintained by a first entity; 
identifying whether the user comprises the authentic user for the transaction request based on the user login input comprising the user authentication credentials received at the user interface; 
in response to identifying the user as authenticated based on the user login input, transmitting by the user interface via an application programming interface (API) the transaction request to the remote auth platform that is separate and independent from the user interface and that performs at least a second authentication of the user, wherein the remote auth platform is maintained by a second entity;
separately, at the remote auth platform, performing the second authentication of the user by performing the steps of: 
(i) using the transaction request to identify the user authentication device of the authentic user registered at the remote auth platform; (ii) using the transaction request to identify the user authoritative device of the authoritative agent that is registered at the remote auth platform; 
(iii) transmitting via a secure push-based communication channel a first push-based challenge to the user authentication device, the first push-based challenge comprising a message including details of the transaction request and a request to confirm or deny the transaction request by submitting one of a user input at the user authentication device to confirm the transaction request or a user input at the user authentication device to deny the transaction request; 
(iv) receiving from the user authentication device, via the secure push-based communication channel, a response to the push-based challenge comprising the user input to confirm the transaction request or the user input to deny the transaction request; 
(v) transmitting via a second secure push-based communication channel a second push-based challenge to the user authoritative device, the second push-based challenge comprising a message including details of the transaction request and a request to authorize or deny authorization of the transaction request of the authentic user by submitting one of an authoritative user input at the user authoritative device to authorize the transaction request or an authoritative user input at the user authoritative device to deny authorization of the transaction request; 

when the responses to the first push-based challenge confirms the transaction request and the response to the second push-based challenge authorizes the transaction request thereby satisfying the transaction confirmation threshold, transmitting, via the API, from the remote auth platform an attestation to the first entity that the authentic user of the authentication device confirmed the transaction request, or 
when the response to the first push-based challenge does not confirm the transaction request or when the response to the second push-based challenge denies authorization of the transaction request thereby not satisfying the transaction confirmation threshold, transmitting, via the API, from the remote auth platform an attestation to the first entity that the authentic user of the authentication device or the authoritative user of the authoritative device denied the transaction request.


Instant Application 16/138,007
US Patent 9,992,194
Claim 17 (misnumbered Claim 18):  A method of multi-factor authentication of a digital transaction, the method comprising:
prior to initiating a digital transaction, registering a multi-factor authentication account and registering a mobile communication device of a user in association with the multi-factor authentication account on a remote authentication service for performing a second factor of authentication for the digital transaction; 




at a third-party service provider: 


authenticating the initiator based on the user authentication credentials; 



in response to a successful authentication of the initiator, transmitting, via one or more networks, transaction request data associated with the transaction request to the remote authentication service; 












at the remote authentication service: 
tracking the mobile communication device using an IP address and an identifier of the mobile commination device
receiving, via a second communication channel, the transaction request data from the third-party service provider, 
wherein the transaction request data comprises (i) details of the transaction request and (ii) multi-factor authentication account identification data; using the multi-factor authentication account identification data to identify the multi-factor authentication account registered with and maintained by the remote authentication service; 



in response to identifying the mobile communication device that is registered in association with the multi-factor authentication account, transmitting, via a third communication channel, from the remote authentication service an authentication message to the mobile communication device, the authentication message comprising (a) the details of the transaction request and (ii) a request for either a confirmation input that confirms the details of the transaction request or a denial input that denies the details of the transaction request; receiving, via the third communication channel, from the mobile communication device that has been registered, an authentication response to the 


 


















completing the digital transaction or denying the digital transaction based on the authentication response data.
Claim 1: A method of completing a transaction comprising the steps of: registering a user authentication device of an authentic user on a remote auth platform comprising a web server;
registering a user authoritative device of an authoritative agent on the remote auth platform; 
setting a transaction confirmation threshold requiring a confirmation response from the user authentication device of the authentic user and an authorization response from the user authoritative device of the authoritative agent to enable a completion of a transaction request; 
receiving, at a user interface having Internet accessibility, user login input from a user for initiating the transaction request, wherein the user login input comprises user authentication credentials for performing an initial authentication of the user at the user interface, and wherein the user interface is maintained by a first entity; 
identifying whether the user comprises the authentic user for the transaction request based on the user login input comprising the user authentication credentials received at the user interface; 
in response to identifying the user as authenticated based on the user login input, transmitting by the user interface via an application programming interface (API) the transaction request to the remote auth platform that is separate and independent from the user interface and that performs at least a second authentication of the user, wherein the remote auth platform is maintained by a second entity;





separately, at the remote auth platform, performing the second authentication of the user by performing the steps of: 
(i) using the transaction request to identify the user authentication device of the authentic user registered at the remote auth platform; (ii) using the transaction request to identify the user authoritative device of the authoritative agent that is registered at the remote auth platform; 
(iii) transmitting via a secure push-based communication channel a first push-based challenge to the user authentication device, the first push-based challenge comprising a message including details of the transaction request and a request to confirm or deny the transaction request by submitting one of a user input at the user authentication device to confirm the transaction request or a user input at the user authentication device to deny the transaction request; 
(iv) receiving from the user authentication device, via the secure push-based communication channel, a response to the push-based challenge comprising the user input to confirm the transaction request or the user input to deny the transaction request; 
(v) transmitting via a second secure push-based communication channel a second push-based challenge to the user authoritative device, the second push-based challenge comprising a message including details of the transaction request and a request to authorize or deny authorization of the transaction request of the authentic user by submitting one of an authoritative user input at the user authoritative device to authorize the transaction request or an authoritative user 
(vi) processing the responses to the first push-based challenge and the second push-based challenge to determine whether the second authentication of the authenticated-user is successful and the transaction request is authorized; and 
when the responses to the first push-based challenge confirms the transaction request and the response to the second push-based challenge authorizes the transaction request thereby satisfying the transaction confirmation threshold, transmitting, via the API, from the remote auth platform an attestation to the first entity that the authentic user of the authentication device confirmed the transaction request, or 
when the response to the first push-based challenge does not confirm the transaction request or when the response to the second push-based challenge denies authorization of 
transmitting, via the API, from the remote auth platform an attestation to the first entity that the authentic user of the authentication device or the authoritative user of the authoritative device denied the transaction request.


Claim 1, and similarly Claim 5 and 17 (misnumbered Claim 18), of the Instant Application would correspond to Claim 1 of U.S. Patent No. 9,992,194, as the features of U.S. Patent No. 9,992,194 are substantially similar to that of the Instant Application.  More specifically, one of ordinary skill in the art would realize the steps recited, supra, in U.S. Patent 9,992,194, provides substantially similar functions as claimed in the Instant Application, and those substantially similar functions are further found in U.S. Patent 9,992,194 are obvious variants to that claimed in the Instant Application. Therefore the Instant Application is rejected under nonstatutory double patenting.
As per claims 2-4, 6- 9, 11-16 (misnumbered Claim 12-17), and 18-19 (misnumbered Claim 19-20), and 22, claims 2-4, 6- 9, 11-16 (misnumbered Claim 12-17), and 18-19 (misnumbered Claim 19-20), and 22 depend from independent claims 1, 5 and 17 respectively and inherit the Double Patenting rejection. 


Claim Rejections - 35 USC § 103
In the event the determination of the status of the application as subject to AIA  35 U.S.C. 102 and 103 (or as subject to pre-AIA  35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status.  
The following is a quotation of pre-AIA  35 U.S.C. 103(a) which forms the basis for all obviousness rejections set forth in this Office action:
(a) A patent may not be obtained though the invention is not identically disclosed or described as set forth in section 102, if the differences between the subject matter sought to be patented and the prior art are such that the subject matter as a whole would have been obvious at the time the invention was made to a person having ordinary skill in the art to which said subject matter pertains. Patentability shall not be negatived by the manner in which the invention was made.

This application currently names joint inventors. In considering patentability of the claims under pre-AIA  35 U.S.C. 103(a), the examiner presumes that the subject matter of the various claims was commonly owned at the time any inventions covered therein were made absent any evidence to the contrary.  Applicant is advised of the obligation under 37 CFR 1.56 to point out the inventor and invention dates of each claim that was not commonly owned at the time a later invention was made in order for the examiner to consider the applicability of pre-AIA  35 U.S.C. 103(c) and potential pre-AIA  35 U.S.C. 102(e), (f) or (g) prior art under pre-AIA  35 U.S.C. 103(a).
Claim 1, 2, 5, 8, 13-15 (misnumbered Claim 14-16), 17 (misnumbered Claim 18) and 18 (misnumbered Claim 19) is/are rejected under pre-AIA  35 U.S.C. 103(a) as being unpatentable over Rable (US 7,331,518 B2) in view of Williams et al. (US 2009/0259848 A1) and Sullivan et al. (US 2006/014082 A1).
Regarding Claim 1;
Rable discloses a method of authenticating ... (Abstract and col. 8, lines 36-55), the method comprising:
registering a mobile communication device for an authentication account at a remote authentication platform (FIG. 3 and col. 6, lines 30-61 - An Account Holder Membership Setup Module 100 according to a particular embodiment of the invention is shown in FIG. 3.... The account information received at Step 110 may include, for example, an account identifier (e.g., an account number) associated with an account (e.g., a credit card account, or bank account) that the account holder would like to have covered by the transaction confirmation service. ... Next, the system advances to Step 120, where it receives mobile electronic device contact information from the account holder (e.g., information that may be used to facilitate communication with one or more portable electronic devices). This information may include, for example, a cell phone number (e.g., the account holder's cell phone number)...);
 at the remote authentication platform comprising an Internet-accessible server hosted on a distributed computing system (FIG. 1 and col. 8, lines 43-55 - For example, in one embodiment, if a user requests to pay for a particular purchase transaction using a specified account (e.g., the account specified by the account holder at Step 110 above) at a participating merchant (e.g., a retailer that is registered to participate in the transaction confirmation service), the merchant's computer system sends details of the requested transaction to a Transaction Confirmation Server 10 associated with the transaction confirmation service. The Transaction Confirmation Server 10 then executes a Transaction Confirmation Module 300, such as the Transaction Confirmation Module 300 shown in FIGS. 5A and 5B):
(FIG. 5A and col. 8, lines 56-col. 9, lines 4 - ...the system begins at Step 310 where it receives transaction information from a merchant with whom a request has been made to pay for a transaction using a particular account that has been registered with the transaction confirmation service.);
identifying the authentication account associated with the mobile communication device based on the transaction data (FIG. 5A - col. 8, lines 56-col. 9, lines 4 - ...the system begins at Step 310 where it receives transaction information from a merchant with whom a request has been made to pay for a transaction using a particular account that has been registered with the transaction confirmation service and col. 9, lines 5-15 - Next, the system advances to Step 320 where it transmits a message to the account holder (or other individual who has been designated to confirm transactions associated with the particular account) requesting confirmation that the account holder or other designated individual approves the requested transaction. In various embodiments of the invention, this message is sent to an electronic device (e.g., a cellular phone) associated with the account holder (or other designated individual) in the form of an SMS message that is generated automatically (or substantially automatically) by the Transaction Confirmation Server 10);
responsive to identifying the authentication account, transmitting to the mobile communication device, via a second communication channel, an authentication message (FIG. 5A and col. 5, lines 5-15 - In various embodiments of the invention, this message is sent to an electronic device (e.g., a cellular phone) associated with the account holder (or other designated individual) in the form of an SMS message that is generated automatically (or substantially automatically) by the Transaction Confirmation Server 10. The system preferably uses the mobile electronic device contact information that the system received at Step 120 to facilitate transmission of the "confirmation request" message to the appropriate individual. An exemplary SMS "confirmation request" message is shown in FIG. 6);
receiving, via the second communication channel, a response to the authentication message from the mobile communication device (FIG. 5A-5B and FIG. 6 and col. 9, lines 59-col. 10, lines 8 -   Returning to Step 330 in FIG. 5A, if the system determines that it has received a response from the account holder (or other designated individual), the system advances to Step 340 where it determines whether the response included in the confirmation that the account holder (or other designated individual) has confirmed the requested transaction.);
transmitting to the client, via the first communication channel, a confirmation or a denial of the ... based on the response to the authentication message from the client (FIG. 5A-5B and FIG. 6 and col. 10, lines 3-8 – message... confirmed and lines 14-20 – message ... not been confirmed).
	Rable fails to explicitly disclose: 
A method of authenticating a web-based application, the method comprising:
at the remote authentication platform...:
	tracking the mobile communication device using an IP address and an identifier of the mobile communication device;
receiving from a client... ... an attempt by a user to access a web-based application via the client;
responsive..., transmitting to the mobile communication device, via a second communication channel determined baked on tracking the mobile communication device; and

However, in an analogous art, Williams teaches similar features of a method of authenticating a web-based application ([0014] and [0019]), the method comprising:
at the authentication platform ... ([0019] – authentication server):
receiving from a client, via a first communication channel, transaction data relating to an attempt by a user to access a web-based application via the client ([0014] and [0019] and [0022])
... transmitting to the mobile communication device, via a second communication channel, an authentication message ([0019] - ... the authentication server conducts an out-of-band (OOB) transaction wit h the user’s device to verify that the user is in possession of the device and [0023]);
receiving, via the second communication channel, a response to the authentication message from the mobile communication device (FIG. 3 and [0023] - This ANM informs the user that a transaction is being conducted and prompts him to enter a secret personal knowledge Token 170 (different from the password entered previously) (e.g. a memorized number or phrase), confirming that he has possession of the device (150 or 160). That personal knowledge token is returned to the Authentication and Key Server 131 as a response using the same channel from which the prompt to enter in was received (e.g. SMS reply, voice response, dual-tone multi frequency (DTMF) entry));
transmitting to the client, via a first communication channel,  a confirmation or a denial of the attempt to access the web-based application based on the response to the authentication message from the client ([0026]).
(Williams, [0003]).
However, in an analogous art, Sullivan teaches 
at the remote ... platform... ([0038] – web server/internet appliance):
	tracking the mobile communication device using an IP address and an identifier of the mobile communication device ([0038] - ...monitor all communications from the user bound to that IP Address (e.g., note which MAC Address/Circuit ID has that IP Address, so that it can now track activity of that MAC Address/Circuit ID) (i.e., device identifier));
responsive..., transmitting to the mobile communication device, via a second communication channel determined based on tracking the mobile communication device ([0038] - From that point on, the Internet appliance monitors the IP Address assignment server to determine if any changes to the IP Address have been made. When a change is made, the Internet appliance updates the information with the relevant servers of the ISP to ensure that the user's preferences are maintained. Of course, the same type of monitoring can be accomplished for situations where a user has elected to receive all services or any subset of services offered by the ISP. Upon completion of a communication session and the commencement of a new session, the Internet appliance can identify the new IP Address that is bound to the particular unique identifier(s) for the user/computer/subscriber, consult its database to determine the services to provide to that particular user/computer/subscriber, and inform the relevant servers of the ISP of the services to provide to the IP Address).
Therefore, it would have been obvious at the time the invention was made to combine the teachings of Sullivan to the method of Rable and Williams to include at the remote ... platform...: tracking the mobile communication device using an IP address and an identifier of the mobile communication device; responsive..., transmitting to the mobile communication device, via a second communication channel determined based on tracking the mobile communication device. One would have been motivated to combine the teachings of Sullivan to Rable and Williams to provide users with services... to the users based on database of information relevant to each user by controlling communication traffic and ... that also provides a secure, confidential way to track the behavior or preferences of individual users or networks (Sullivan, [0002] and [0013]).

Regarding Claim 2;
Rable and Williams and Sullivan disclose the method to Claim 1.
Rable disclose the client comprises one of a client application, a client device (FIG. 1 – Merchant and FIG. 5A), and a client website that communicates, via the first communication channel, with the Internet-accessible server of the remote authentication platform (FIG. 1 and col. 8, lines 35-55).
 

Regarding Claim 5;
Rable discloses a method of authenticating a ... transaction (Abstract and col. 8, lines 36-55), the method comprising: 
registering a mobile communication device for an authentication account at a remote authentication platform (FIG. 3 and col. 6, lines 30-61 - An Account Holder Membership Setup Module 100 according to a particular embodiment of the invention is shown in FIG. 3.... The account information received at Step 110 may include, for example, an account identifier (e.g., an account number) associated with an account (e.g., a credit card account, or bank account) that the account holder would like to have covered by the transaction confirmation service. ... Next, the system advances to Step 120, where it receives mobile electronic device contact information from the account holder (e.g., information that may be used to facilitate communication with one or more portable electronic devices). This information may include, for example, a cell phone number (e.g., the account holder's cell phone number)...);
at the remote authentication platform comprising an Internet-accessible server hosted on a distributed computing system (FIG. 1 and col. 8, lines 43-55 - For example, in one embodiment, if a user requests to pay for a particular purchase transaction using a specified account (e.g., the account specified by the account holder at Step 110 above) at a participating merchant (e.g., a retailer that is registered to participate in the transaction confirmation service), the merchant's computer system sends details of the requested transaction to a Transaction Confirmation Server 10 associated with the transaction confirmation service. The Transaction Confirmation Server 10 then executes a Transaction Confirmation Module 300, such as the Transaction Confirmation Module 300 shown in FIGS. 5A and 5B): 
(FIG. 5A and col. 8, lines 56-col. 9, lines 4 - ...the system begins at Step 310 where it receives transaction information from a merchant with whom a request has been made to pay for a transaction using a particular account that has been registered with the transaction confirmation service.);;
identifying the authentication account associated with the mobile communication device based on the transaction data (FIG. 5A - col. 8, lines 56-col. 9, lines 4 - ...the system begins at Step 310 where it receives transaction information from a merchant with whom a request has been made to pay for a transaction using a particular account that has been registered with the transaction confirmation service and col. 9, lines 5-15 - Next, the system advances to Step 320 where it transmits a message to the account holder (or other individual who has been designated to confirm transactions associated with the particular account) requesting confirmation that the account holder or other designated individual approves the requested transaction. In various embodiments of the invention, this message is sent to an electronic device (e.g., a cellular phone) associated with the account holder (or other designated individual) in the form of an SMS message that is generated automatically (or substantially automatically) by the Transaction Confirmation Server 10); 
responsive to identifying the authentication account, transmitting to the mobile communication device, via a second communication channel, an authentication message (FIG. 5A and col. 5, lines 5-15 - In various embodiments of the invention, this message is sent to an electronic device (e.g., a cellular phone) associated with the account holder (or other designated individual) in the form of an SMS message that is generated automatically (or substantially automatically) by the Transaction Confirmation Server 10. The system preferably uses the mobile electronic device contact information that the system received at Step 120 to facilitate transmission of the "confirmation request" message to the appropriate individual. An exemplary SMS "confirmation request" message is shown in FIG. 6);
receiving, via the second communication channel, a response to the authentication message from the mobile communication device (FIG. 5A and col. 5, lines 5-15 - In various embodiments of the invention, this message is sent to an electronic device (e.g., a cellular phone) associated with the account holder (or other designated individual) in the form of an SMS message that is generated automatically (or substantially automatically) by the Transaction Confirmation Server 10. The system preferably uses the mobile electronic device contact information that the system received at Step 120 to facilitate transmission of the "confirmation request" message to the appropriate individual. An exemplary SMS "confirmation request" message is shown in FIG. 6);
Page 14 of 22DUOS-Poi-US4 transmitting to the service provider, via the first communication channel, a confirmation of the digital transaction or a denial of the ... transaction based on the response to the authentication message from the mobile communication device (FIG. 5A-5B and FIG. 6 and col. 10, lines 3-8 – message... confirmed and lines 14-20 – message ... not been confirmed).
	Rable fails to explicitly disclose: 
A method of authenticating a digital transaction, the method comprising:
at the authentication platform...:
tracking the mobile communication device using an IP address and an identifier of the mobile communication device;

responsive..., transmitting to the mobile communication device, via a second communication channel determined baked on tracking the mobile communication device; and
transmitting to the service provider, via the first communication channel, a confirmation of the digital transaction or a denial of the digital transaction based on the response to the authentication message from the mobile communication device.
However, in an analogous, art Williams teaches similar features of a method of authenticating a web-based application ([0014] and [0019]), the method comprising:
at the authentication platform ... ([0019] – authentication server):
receiving, via a first communication channel, from a service provider transaction data relating to an attempt by a user to perform the digital transaction with the service provider ([0014] and [0019] and [0022])
... transmitting to the mobile communication device, via a second communication channel, an authentication message ([0019] - ... the authentication server conducts an out-of-band (OOB) transaction wit h the user’s device to verify that the user is in possession of the device and [0023]);
receiving, via the second communication channel, a response to the authentication message from the mobile communication device (FIG. 3 and [0023] - This ANM informs the user that a transaction is being conducted and prompts him to enter a secret personal knowledge Token 170 (different from the password entered previously) (e.g. a memorized number or phrase), confirming that he has possession of the device (150 or 160). That personal knowledge token is returned to the Authentication and Key Server 131 as a response using the same channel from which the prompt to enter in was received (e.g. SMS reply, voice response, dual-tone multi frequency (DTMF) entry));
transmitting to the service provider, via the first communication channel, a confirmation of the digital transaction or a denial of the digital transaction based on the response to the authentication message from the mobile communication device ([0026]).
Therefore, it would have been obvious at the time the invention was made to combine the teachings of Williams to the method of Rable to include a method of authenticating a digital transaction, the method comprising: at the authentication platform...: receiving, via a first communication channel, from a service provider transaction data relating to an attempt by a user to perform a digital transaction with the service provider; transmitting to the service provider, via the first communication channel, a confirmation of the digital transaction or a denial of the digital transaction based on the response to the authentication message from the mobile communication device. One would have been motivated to combine the teachings of Williams to Rable to provide users with a means for authenticating an electronic identity assertion, with a very high confidence that the asserted electronic identity belongs to the person who is asserting it, as opposed to someone who is attempting to pose as another (Williams, [0003]).
However, in an analogous art, Sullivan teaches 
at the remote ... platform... ([0038] – web server/internet appliance):
	tracking the mobile communication device using an IP address and an identifier of the mobile communication device ([0038] - ...monitor all communications from the user bound to that IP Address (e.g., note which MAC Address/Circuit ID has that IP Address, so that it can now track activity of that MAC Address/Circuit ID) (i.e., device identifier));
([0038] - From that point on, the Internet appliance monitors the IP Address assignment server to determine if any changes to the IP Address have been made. When a change is made, the Internet appliance updates the information with the relevant servers of the ISP to ensure that the user's preferences are maintained. Of course, the same type of monitoring can be accomplished for situations where a user has elected to receive all services or any subset of services offered by the ISP. Upon completion of a communication session and the commencement of a new session, the Internet appliance can identify the new IP Address that is bound to the particular unique identifier(s) for the user/computer/subscriber, consult its database to determine the services to provide to that particular user/computer/subscriber, and inform the relevant servers of the ISP of the services to provide to the IP Address).
Therefore, it would have been obvious at the time the invention was made to combine the teachings of Sullivan to the method of Rable and Williams to include at the remote ... platform...: tracking the mobile communication device using an IP address and an identifier of the mobile communication device; responsive..., transmitting to the mobile communication device, via a second communication channel determined based on tracking the mobile communication device. One would have been motivated to combine the teachings of Sullivan to Rable and Williams to provide users with services... to the users based on database of information relevant to each user by controlling communication traffic and ... that also provides a secure, confidential way to track the behavior or preferences of individual users or networks (Sullivan, [0002] and [0013]).


Regarding Claim 8;
Rable and Williams and Sullivan disclose the method to Claim 5.
Rable discloses wherein the ... transaction is initiated in an online environment over one or more communication networks (FIG. 1 and col. 10, lines 30-48).
Williams teaches wherein the digital transaction is initiated in an online environment over one or more communication networks ([0014] and [0019] – authentication server):

Regarding Claim 13 (misnumbered Claim 14);
Rable and Williams and Sullivan disclose the method to Claim 5.
Rable discloses the transaction data comprises a request to access [an] ... account maintained by the service provider (FIG. 1 and col. 10, lines 30-48).
Williams teaches the transaction data comprises a request to access a digital account maintained by the service provider ([0004]-[0005] and [0014] – any sensitive online transaction  and [0019] – authentication server):

Regarding Claim 14 (misnumbered Claim 15);
Rable and Williams and Sullivan disclose the method to Claim 5.
Rable discloses the transaction data comprises a request to access [an] ... account through a website (FIG. 1 and col. 10, lines 30-48 – On-line).
Williams teaches the transaction data comprises a request to access a digital account through a website ([0004]-[0005] and [0014] – any sensitive online transaction and [0019] – authentication server):

Regarding Claim 15 (misnumbered Claim 16);
Rable and Williams and Sullivan disclose the method to Claim 5.
Rable discloses the transaction data comprises a request to perform an action on a computer system (FIG. 1 and col. 10, lines 30-48 – purchases... opening of a new account... transfer of funds).
Williams teaches the transaction data comprises a request to perform an action on a computer system ([0004]-[0005] – access the content and [0014] – any sensitive online transaction and [0019] – authentication server):

Regarding Claim 17 (misnumbered Claim 18);
Rable discloses a method of multi-factor authentication of a ... transaction (Abstract and col. 8, lines 36-55 and col. 11, lines 44-56 – approve or deny (or recommended approving or denying) a particular transaction based one or more of a variety of different factors), the method comprising: 
prior to initiating a ... transaction, registering a multi-factor authentication account and registering a mobile communication device of a user in association with the multi-factor authentication account on a remote authentication service for performing a second factor of authentication for the ... transaction (FIG. 3 and col. 6, lines 30-61 - An Account Holder Membership Setup Module 100 according to a particular embodiment of the invention is shown in FIG. 3.... The account information received at Step 110 may include, for example, an account identifier (e.g., an account number) associated with an account (e.g., a credit card account, or bank account) that the account holder would like to have covered by the transaction confirmation service. ... Next, the system advances to Step 120, where it receives mobile electronic device contact information from the account holder (e.g., information that may be used to facilitate communication with one or more portable electronic devices). This information may include, for example, a cell phone number (e.g., the account holder's cell phone number)...);
at a third-party service provider (FIG. 1 – merchant pos terminal):
receiving, via a first communication channel, a transaction request from an initiator for initiating the ... transaction, ... (FIG. 1 and col. 8, lines 43-55 - For example, in one embodiment, if a user requests to pay for a particular purchase transaction using a specified account (e.g., the account specified by the account holder at Step 110 above) at a participating merchant (e.g., a retailer that is registered to participate in the transaction confirmation service), the merchant's computer system sends details of the requested transaction to a Transaction Confirmation Server 10 associated with the transaction confirmation service. The Transaction Confirmation Server 10 then executes a Transaction Confirmation Module 300, such as the Transaction Confirmation Module 300 shown in FIGS. 5A and 5B);
 transmitting, via one or more networks, transaction request data associated with the transaction request to the remote authentication service (FIG. 1 and col. 8, lines 43-55 - For example, in one embodiment, if a user requests to pay for a particular purchase transaction using a specified account (e.g., the account specified by the account holder at Step 110 above) at a participating merchant (e.g., a retailer that is registered to participate in the transaction confirmation service), the merchant's computer system sends details of the requested transaction to a Transaction Confirmation Server 10 associated with the transaction confirmation service. The Transaction Confirmation Server 10 then executes a Transaction Confirmation Module 300, such as the Transaction Confirmation Module 300 shown in FIGS. 5A and 5B);
at the remote authentication service: 
(FIG. 5A and col. 8, lines 56-col. 9, lines 4 - ...the system begins at Step 310 where it receives transaction information from a merchant with whom a request has been made to pay for a transaction using a particular account that has been registered with the transaction confirmation service. This transaction information may include, for example, one or more of the following types of information associated with the transaction: (1) an account number associated with the account from which payment has been requested (i.e., multi-factor authentication account identification data); (2) the requested payment amount; (3) the name of the individual requesting the payment; (4) the merchant category code of the merchant involved in the transaction; (5) the type of goods or services involved in the transaction (i.e., details of the transaction); and/or (6) any other suitable type of information associated with the transaction.);
using the multi-factor authentication account identification data to identify the multi-factor authentication account registered with and maintained by the remote authentication service (col. 10, lines 41-56 - In particular embodiments of the invention, before generating and transmitting the "request for confirmation" message at Step 320, the Transaction Confirmation Server 10 may receive "out of wallet" data related to the account holder (or other designated individual), or other suitable data (e.g., "in wallet" data), from an appropriate source (e.g., from a database associated with the Transaction Confirmation Server or from a third party source)); 
using the multi-factor authentication account to identify the mobile communication device of the user that is registered in association with the multi-factor authentication account (FIG. 5A - col. 8, lines 56-col. 9, lines 4 - ...the system begins at Step 310 where it receives transaction information from a merchant with whom a request has been made to pay for a transaction using a particular account that has been registered with the transaction confirmation service and col. 9, lines 5-15 - Next, the system advances to Step 320 where it transmits a message to the account holder (or other individual who has been designated to confirm transactions associated with the particular account) requesting confirmation that the account holder or other designated individual approves the requested transaction. In various embodiments of the invention, this message is sent to an electronic device (e.g., a cellular phone) associated with the account holder (or other designated individual) in the form of an SMS message that is generated automatically (or substantially automatically) by the Transaction Confirmation Server 10); 
in response to identifying the mobile communication device that is registered in association with the multi-factor authentication account, transmitting, via a third communication channel, from the remote authentication service an authentication message to the mobile communication device, the authentication message comprising (a) the details of the transaction request and (ii) a request for either a confirmation input that confirms the details of the transaction request or a denial input that denies the details of the transaction request (FIG. 5A and col. 5, lines 5-15 - In various embodiments of the invention, this message is sent to an electronic device (e.g., a cellular phone) associated with the account holder (or other designated individual) in the form of an SMS message that is generated automatically (or substantially automatically) by the Transaction Confirmation Server 10. The system preferably uses the mobile electronic device contact information that the system received at Step 120 to facilitate transmission of the "confirmation request" message to the appropriate individual. An exemplary SMS "confirmation request" message is shown in FIG. 6 and col. 10, lines 64-col 11, lines 10);
(FIG. 5A-B and FIG. 6 and and col. 5, lines 5-15 - In various embodiments of the invention, this message is sent to an electronic device (e.g., a cellular phone) associated with the account holder (or other designated individual) in the form of an SMS message that is generated automatically (or substantially automatically) by the Transaction Confirmation Server 10. The system preferably uses the mobile electronic device contact information that the system received at Step 120 to facilitate transmission of the "confirmation request" message to the appropriate individual. An exemplary SMS "confirmation request" message is shown in FIG. 6);
transmitting, via the second communication channel, authentication response data relating to the authentication response to the third-party service provider (FIG. 5A-5B and FIG. 6 and col. 10, lines 3-8 – message... confirmed and lines 14-20 – message ... not been confirmed).; 
completing the digital transaction or denying the digital transaction based on the authentication response data (FIG. 5A-5B and FIG. 6 and col. 10, lines 3-8 – message... confirmed and lines 14-20 – message ... not been confirmed).
Rable fails to explicitly disclose: 
A method of ... authentication of a digital transaction, the method comprising:
	...a digital transaction...;
	at a third-party service provider: 
receiving, via a first communication channel, a transaction request from an initiator for initiating the digital transaction, the transaction request comprising user 
authenticating the initiator based on the user authentication credentials; 
in response to a successful authentication of the initiator, transmitting, via one or more networks, ... data associated with the transaction ... to the remote authentication service; 
at the remote authentication service:
tracking the mobile communication device using an IP address and an identifier of the mobile communication device;
transmitting, vie the second commination channel determined based on tracking of the mobile commutation device... 
completing the digital traction request or denying the digital transaction based on the authentication response data.
However, in an analogous, art Williams teaches similar features of a method of ... authentication of a digital transaction ([0014] and [0019]), the method comprising:
...a digital transaction... ([0014] and [0019])
	at a third-party service provider ([0019] – Network Server): 
receiving, via a first communication channel, a transaction request from an initiator for initiating the digital transaction, the transaction request comprising user authentication credentials for performing a first factor of authentication at the third-party service provider ([0019] – a first user conducts a user name/password transaction with a network server...);
authenticating the initiator based on the user authentication credentials ([0019] – a first user conducts a user name/password transaction with a network server...);
([0019] - Turning to system flow diagram, At 10, according to the general method of the present invention, a first user conducts a user name/password transaction with a network server as a means of establishing his identity electronically. Next, at 20, the network server informs an authentication server (both which may be a single system or device) that a user is attempting to conduct a transaction. Next, at 30, the authentication server conducts an out-of-band (OOB) transaction with the user's device to verify that the user is in possession of the device)
at the authentication platform ... ([0019] – authentication server):
receiving...from the registered mobile device an authentication response to the authentication message, the authentication response ... ([0019] and [0023] - This ANM informs the user that a transaction is being conducted and prompts him to enter a secret personal knowledge Token 170 (different from the password entered previously) (e.g. a memorized number or phrase), confirming that he has possession of the device (150 or 160)); 
transmitting, via the second communication channel, authentication response data relating to the authentication response to the third-party service provider ([0019] and [0026]); 
completing the digital transaction or denying the digital transaction based on the authentication response data ([0019] and [0026]).
Therefore, it would have been obvious at the time the invention was made to combine the teachings of Williams to the method of Rable to include a method of ... authentication of a digital transaction, the method comprising: ...a digital transaction...; at a third-party service provider: receiving, via a first communication channel, a transaction request from an initiator for initiating the digital transaction, the transaction request comprising user authentication credentials for (Williams, [0003]).
However, in an analogous art, Sullivan teaches 
at the remote ... platform... ([0038] – web server/internet appliance):
tracking the mobile communication device using an IP address and an identifier of the mobile communication device ([0038] - ...monitor all communications from the user bound to that IP Address (e.g., note which MAC Address/Circuit ID has that IP Address, so that it can now track activity of that MAC Address/Circuit ID) (i.e., device identifier)); and
transmitting, vie the second commination channel determined based on tracking of the mobile commutation device... ([0038] - From that point on, the Internet appliance monitors the IP Address assignment server to determine if any changes to the IP Address have been made. When a change is made, the Internet appliance updates the information with the relevant servers of the ISP to ensure that the user's preferences are maintained. Of course, the same type of monitoring can be accomplished for situations where a user has elected to receive all services or any subset of services offered by the ISP. Upon completion of a communication session and the commencement of a new session, the Internet appliance can identify the new IP Address that is bound to the particular unique identifier(s) for the user/computer/subscriber, consult its database to determine the services to provide to that particular user/computer/subscriber, and inform the relevant servers of the ISP of the services to provide to the IP Address).
Therefore, it would have been obvious at the time the invention was made to combine the teachings of Sullivan to the method of Rable and Williams to include at the remote ... platform...: tracking the mobile communication device using an IP address and an identifier of the mobile communication device and transmitting, vie the second commination channel determined based on tracking of the mobile commutation device.   One would have been motivated to combine the teachings of Sullivan to Rable and Williams to provide users with services... to the users based on database of information relevant to each user by controlling communication traffic and ... that also provides a secure, confidential way to track the behavior or preferences of individual users or networks (Sullivan, [0002] and [0013]).

Regarding Claim 18 (misnumbered Claim 19);
Rable and Williams and Sullivan disclose the method to Claim 1.
	Rable discloses in response to receiving the authentication response data, transmitting a response via the first communication channel to the transaction request from the third-party service provider to an electronic initiator device of the initiator that is distinct from the mobile communication device ([0050] - if the transaction processing system receives a response from the account holder (or other designated individual) specifically denying the transaction, the transaction processing system may send a message to the merchant (e.g., the merchant's transaction processing system) advising the merchant that the transaction has been denied).

Claim 3, 6 and 19 (misnumbered Claim 20) is/are rejected under pre-AIA  35 U.S.C. 103(a) as being unpatentable over Rable (US 7,331,518 B2) in view of Williams et al. (US 2009/0259848 A1) and Sullivan et al. (US 2006/014082 A1) and further in view of Upp et al. (US 2005/0237962 A1).

Regarding Claim 3, and similarly Claim 6 and 19 (misnumbered Claim 20);
Rable and Williams and Sullivan disclose the method to Claim 1.
Rable discloses messaging between the mobile communication device and the remote authentication platform using [a] connection (FIG. 1 and FIG. 5A-5B).
Rable and Williams and Sullivan fails to explicitly disclose identifying a change in the IP address of the mobile communication device when the mobile communication device moves from a first network to a second network; initiating a second persistent connection different from a first persistent connection of the first communication channel between the remote authentication platform and the mobile communication device; updating a state of the mobile communication device at the authentication account at the remote authentication platform; and messaging between the mobile communication device and the remote authentication platform using the second persistent connection.
However, in an analogous art, Upp  teaches identifying a change in the IP address of the mobile communication device when the mobile communication device moves from a first network to a second network (Upp, [0022] - In general, the home agent 123 is responsible for tracking the location or point of attachment within the WLAN for mobile stations, such as MS 103, during their operations on the WLAN and does so by mapping or associating the WLAN IP address 420 to the MNIP address 410and [0035] - As noted above the IP registration allows the home agent serving the WLAN to associate the MNIP address and WLAN IP address, in order to properly route messages to the MS. After mobile IP registration, the MS may be viewed as having a persistent presence within the WLAN, e.g. external nodes can send datagrams to the MNIP address and the home agent will tunnel these packets to the WLAN IP address and [0037] - When the MS moves to another or second subnet and corresponding AP or otherwise needs to leave the original subnet and AP, the controller 205 is further cooperatively operable with the transceiver 203 to scan for a suitable second AP); initiating a second persistent connection different from a first persistent connection of the first communication channel between the remote authentication platform and the mobile communication device (Upp, [0022] and [0035] and [0040] – request... a new or second WLAN IP address... the home agent now associates the second WLAN IP address and MNIP address); updating a state of the mobile communication device at the authentication account at the remote authentication platform ([0040] – request... a new or second WLAN IP address... the home agent now associates the second WLAN IP address and MNIP address); and messaging between the mobile communication device and the remote authentication platform using the second persistent connection ([0003] - Additionally, many applications, such as Microsoft Outlook, instant messaging and mounted file servers, while not time sensitive, require persistent TCP connections in order to operate properly and [0040] – request... a new or second WLAN IP address... the home agent now associates the second WLAN IP address and MNIP address).
Therefore, it would have been obvious at the time the invention was made to combine the teachings of Upp to the method of Rable and Williams and Sullivan to disclose identifying a change in the IP address of the mobile communication device when the mobile communication device moves from a first network to a second network; initiating a second persistent connection (Upp, [0001]).

Claim 4 is/are rejected under pre-AIA  35 U.S.C. 103(a) as being unpatentable over Rable (US 7,331,518 B2) in view of Williams et al. (US 2009/0259848 A1) and Sullivan et al. (US 2006/014082 A1) and further in view of Nam et al. (US 7,374,079 B2).

Regarding Claim 4;
Rable and Williams and Sullivan disclose the method to Claim 1.
	Rable teaches the remote authentication platform (FIG. 1).
	Rable and Williams and Sullivan fails to explicitly disclose further comprising: preventing [a] platform from inspecting one or more features of the transaction data from the service provider, wherein the preventing includes encrypting the one or more features of the transaction data at the service provider prior to transmitting the transaction data to the... platform; and decrypting the one or more features of the transaction data at the mobile communication device.
	However, in an analogous art, Nam teaches preventing [a] platform from inspecting one or more features of the transaction data from the service provider, wherein the preventing (Nam, FIG. 1 and col. 6, lines 46-51 – Moreover, the mobile communication system 10 and the banking server 40 disclosed in the invention may fundamentally make use of an encryption solution such as E2E (end to end), .... for security of data and financial information under the mobile environment.); and decrypting the one or more features of the transaction data at the mobile communication device (Nam, FIG. 1 and col. 6, lines 46-51 – Moreover, the mobile communication system 10 and the banking server 40 disclosed in the invention may fundamentally make use of an encryption solution such as E2E (end to end), .... for security of data and financial information under the mobile environment.).  As reasonably constructed E2E provides encryption between endpoints (i.e., mobile device and server) in which no intermediaries (FIG. 1) have access to said data and information.
Therefore, it would have been obvious at the time the invention was made to combine the teachings of Nam to the method of Rable and Williams and Sullivan to preventing [a] platform from inspecting one or more features of the transaction data from the service provider, wherein the preventing includes encrypting the one or more features of the transaction data at the service provider prior to transmitting the transaction data to the... platform; and decrypting the one or more features of the transaction data at the mobile communication device. One would have been motivated to combine the teachings of Nam to Rable and Williams and Sullivan to provide users with a “secure” encryption solution (Nam, col. 6, lines 45-51). 

Claim 7 is/are rejected under pre-AIA  35 U.S.C. 103(a) as being unpatentable over Rable (US 7,331,518 B2) in view of Williams et al. (US 2009/0259848 A1) Sullivan et al. (US 2006/014082 A1) and further in view of Asher (US 8,824,455 B1).

Regarding Claim 7;
Rable and Williams and Sullivan disclose the method to Claim 5.
Rable discloses if a user of the mobile communication device provides a denial input denying the digital transaction, ...receiving at the remote authentication platform (FIG. 5A-5B and FIG. 6 and col. 10, lines 14-20 – message ... not been confirmed).
Rable and Williams and Sullivan fails to explicitly disclose ... additionally receiving ...a selection input of one of a plurality of available denial responses identifying a reason for the denial input.
However, in an analogous art, Asher teaches additionally receiving ...a selection input of one of a plurality of available denial responses identifying a reason for the denial input (Asher, col. 7, lines 51-63 - receiving a response message from the user endpoint device of the called party responding to the user metadata from the originating party, wherein the response message comprises user metadata from the called party embedded in a second session initiation protocol signaling message, wherein the user metadata from the called party comprises denial response data when the user endpoint device of the called party determined to deny the call based upon the user authentication data of the originating party, wherein the denial response data is selected from a plurality of possible denial response data based upon the user authentication data of the originating party; and displaying the user metadata from the called party.)
(Asher, col. 1, lines 25-27).


Claim 9 is/are rejected under pre-AIA  35 U.S.C. 103(a) as being unpatentable over Rable (US 7,331,518 B2) in view of Williams et al. (US 2009/0259848 A1) Sullivan et al. (US 2006/014082 A1) and further in view of Varghese (US 2006/0282660 A1).

Regarding Claim 9;
Rable and Williams and Sullivan disclose the method to Claim 5.
Rable discloses if the service provider denies the digital transaction abase don the response to the authentication message (FIG. 5A-5B and FIG. 6 and col. 10, lines 3-8 – message... confirmed and lines 14-20 – message ... not been confirmed).
Rable and Williams and Sullivan fails to explicitly disclose ...denies the... transaction..., dynamically altering dynamically altering by, the remote authentication platform authentication requirements for future digital transactions involving the authentication account.
However, in an analogous art, Varghese teaches ...denies the... transaction... (Varghese, FIG. 15B – Consecutive failures for a device, Consecutive Failures for an User), dynamically altering dynamically altering by, the remote authentication platform authentication requirements (Varghese, [0038] – It evaluates the pre, post and in-session characteristics of each transaction to ensure fraud detection and transactional integrity. The methods then provide a service provider with scores, actions, and alerts. For example, if a transaction has a high risk score and is thus potentially fraudulent, one preferred action is to hold the transaction and to then seek secondary authentication or secondary challenge. [0149] - For example, the service provider or the user/subscriber to the service provider may request a heightened security login interface for certain types of transactions perceived to have heightened risk of fraud). 
Therefore, it would have been obvious at the time the invention was made to combine the teachings of Varghese to the method of Rable and Williams and Sullivan to include ...denies the... transaction..., dynamically altering dynamically altering, by the remote authentication platform authentication requirements for future digital transactions involving the authentication account. One would have been motivated to combine the teachings of Varghese to Rable and Williams and Sullivan to provide users with a means for providing protection against identity theft over a computer network (Varghese, [0002]).







Claim 11 is/are rejected under pre-AIA  35 U.S.C. 103(a) as being unpatentable over Rable (US 7,331,518 B2) in view of Williams et al. (US 2009/0259848 A1) Sullivan et al. (US 2006/014082 A1) and further in view of Marcellino (US 2009/0305732).

Regarding Claim 11;
Rable and Williams and Sullivan disclose the method to Claim 5.
Rable discloses the second communication channel (FIG. 5A and col. 5, lines 5-15 - In various embodiments of the invention, this message is sent to an electronic device (e.g., a cellular phone) associated with the account holder (or other designated individual) in the form of an SMS message that is generated automatically (or substantially automatically) by the Transaction Confirmation Server 10. The system preferably uses the mobile electronic device contact information that the system received at Step 120 to facilitate transmission of the "confirmation request" message to the appropriate individual. An exemplary SMS "confirmation request" message is shown in FIG. 6);
Rable and Williams and Sullivan fails to explicitly the ... communication channel comprises persistent connection provide via a push notification services associated with the mobile communication device.  
However, in an analogous art, Marcellino teaches the ... communication channel comprises persistent connection provide via a push notification services associated with the mobile communication device (Marcellino, [0007] - Thus, a push notification service is a persistent notification service. In order to maintain a push notification service, the mobile device periodically refreshes the connection to the push notification service (e.g., by transmitting a ping message to the push server)).  
(Marcellino, [0004]).

Claims 12 and 12 (duplicate and misnumbered as Claim 13) is/are rejected under pre-AIA  35 U.S.C. 103(a) as being unpatentable over Rable (US 7,331,518 B2) in view of Williams et al. (US 2009/0259848 A1) Sullivan et al. (US 2006/014082 A1) and further in view of Baker et al (US 2006/0020495 A1) .

Regarding Claim 12;
Rable and Williams and Sullivan disclose the method to Claim 5.
Rable discloses completing the digital transaction includes if the response to the authentication message from the mobile communication device comprises a confirmation that confirms the digital transaction (FIG. 5A-5B and FIG. 6 and col. 10, lines 3-8 – message... confirmed).
Rable and Williams and Sullivan fails to explicitly disclose communicating to the user a confirmation of the digital transaction. 
However, in an analogous art, Baker teaches communicating to the user a confirmation of the digital transaction (Baker, [0023]-[0025] - a message 281 may be transmitted to some or all of the users 228 indicating approval)
(Baker, [0008]).

Regarding Claim 12 (duplicate and misnumbered as Claim 13);
Rable and Williams and Sullivan disclose the method to Claim 1.
Rable discloses denying the digital transaction includes if the response to the authentication message from the mobile communication device comprises a denial that denies the digital transaction (FIG. 5A-5B and FIG. 6 and col. 10, lines 14-20 – message ... not been confirmed).
Rable and Williams and Sullivan fails to explicitly disclose communicating to the user a denial of the digital transaction. 
However, in an analogous art, Baker teaches communicating to the user a denial of the digital transaction (Baker, [0023]-[0025] - In the event ... is denied ... a message 281 to that effect may be generated and transmitted to any, some or all of the users 228 indicating denial)
Therefore, it would have been obvious at the time the invention was made to combine the teachings of Baker to the method of Rable and Williams and Sullivan to include communicating to the user a denial of the digital transaction. One would have been motivated to combine the teachings of Baker to Rable and Williams and Sullivan to provide users with a means for assisting in... processing, payment, and account management... (Baker, [0008]).

Claims 16 (misnumbered Claim 17) is/are rejected under pre-AIA  35 U.S.C. 103(a) as being unpatentable over Rable (US 7,331,518 B2) in view of Williams et al. (US 2009/0259848 A1) and Sullivan et al. (US 2006/014082 A1) and further in view of Hardt (US 2010/0180001 A1).

Regarding Claim 16 (misnumbered Claim 17);
Rable and Williams and Sullivan disclose the method to Claim 5.
Rable discloses the authentication message (FIG. 6).
Rable and Williams and Sullivan fails to explicitly disclose the ... message comprises a size-limited message to the mobile communication device including a unique identifier of a full message that is larger than the size-limited message.
However, in an analogous art, Hardt teaches the ... message comprises a size-limited message to the mobile communication device including a unique identifier of a full message that is larger than the size-limited message (Hardt, FIG. 4 and [0046] - One skilled in the art will appreciate that in another embodiment, when a user activates alert 128 on mobile device 122, the mobile device 122 itself responds to the alert by showing the related content. The differing embodiments allow for different mobile devices with differing capabilities to be used to the fullest extent of their capacity as desired by the user. The messaging system can determine whether to follow through on the action associated with alert 1 128 on mobile device 122 or on computer 126 based on the context of the interaction).
Therefore, it would have been obvious at the time the invention was made to combine the teachings of Hardt to the method of Rable and Williams and Sullivan to include communicating to the user a confirmation of the digital transaction. One would have been motivated to combine the teachings of Hardt to Rable and Williams and Sullivan to provide users with a means for (Hardt, [0046]).



Claims 22 is/are rejected under pre-AIA  35 U.S.C. 103(a) as being unpatentable over Rable (US 7,331,518 B2) in view of Williams et al. (US 2009/0259848 A1) Sullivan et al. (US 2006/014082 A1) and further in view of Coulter et al. (US 2010/0121767 A1).

Regarding Claim 22;
Rable and Williams and Sullivan disclose the method to Claim 1.
Rable and Williams and Sullivan fails to explicitly disclose setting one or more authorization rules that identify the mobile communication device and at least one other communication device for the authentication account and priority of each of the mobile communication device and the at least one other communication device; and selecting the mobile communication device as a destination for the authentication message based on the one or more authorization rules.
However, in an analogous art, Coulter teaches setting one or more authorization rules that identify the mobile communication device and at least one other communication device for the authentication account and priority of each of the mobile communication device and the at least one other communication device (Coulter, [0032] - The intermediary service may maintain a prioritized list of fallback methods to use, and may proceed through the list until the transaction notification message is delivered to the customer or until a certain period has elapsed and the service declares a delivery failure); and selecting the mobile communication device as a  (Coulter [0032] - In the event that the intermediary service 204 is unable to transmit the transaction notification message to the mobile device, the intermediary service may support fallback methods for transmitting a transaction notification message to the customer. For example, in the event that the intermediary service is unable to communicate with the mobile device using an XMPP-formatted message, the service may also send the transaction notification message to the device using a short message service (SMS) message, an email message, or through another messaging channel. In some embodiments, the intermediary service may call the mobile device (if the mobile device has voice capability) and may use an Interactive Voice Response (IVR) system to solicit the confirmation from the customers. If the mobile device cannot be reached via any channel, in some embodiments the intermediary service 204 transmits the transaction notification message to a different device capable of receiving data messages that is associated with the customer, such as a personal computer. Alternatively, the intermediary service may attempt to communicate with the user through a land-line telephone. The intermediary service may maintain a prioritized list of fallback methods to use, and may proceed through the list until the transaction notification message is delivered to the customer or until a certain period has elapsed and the service declares a delivery failure).
Therefore, it would have been obvious at the time the invention was made to combine the teachings of Coulter to the method of Rable and Williams and Sullivan to include setting one or more authorization rules that identify the mobile communication device and at least one other communication device for the authentication account and priority of each of the mobile communication device and the at least one other communication device; and selecting the mobile communication device as a destination for the authentication message based on the one or more (Coulter, [0032]).


Conclusion
Applicant's amendment necessitated the new ground(s) of rejection presented in this Office action.  Accordingly, THIS ACTION IS MADE FINAL.  See MPEP § 706.07(a).  Applicant is reminded of the extension of time policy as set forth in 37 CFR 1.136(a).  
A shortened statutory period for reply to this final action is set to expire THREE MONTHS from the mailing date of this action.  In the event a first reply is filed within TWO MONTHS of the mailing date of this final action and the advisory action is not mailed until after the end of the THREE-MONTH shortened statutory period, then the shortened statutory period will expire on the date the advisory action is mailed, and any extension fee pursuant to 37 CFR 1.136(a) will be calculated from the mailing date of the advisory action.  In no event, however, will the statutory period for reply expire later than SIX MONTHS from the date of this final action. 

Any inquiry concerning this communication or earlier communications from the examiner should be directed to KARI L SCHMIDT whose telephone number is (571)270-1385.  The examiner can normally be reached on Monday-Friday 10am - 6pm (MDT).
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is 
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Luu Pham can be reached on (571)270-5002.  The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system.  Status information for published applications may be obtained from either Private PAIR or Public PAIR.  Status information for unpublished applications is available through Private PAIR only.  For more information about the PAIR system, see https://ppair-my.uspto.gov/pair/PrivatePair. Should you have questions on access to the Private PAIR system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative or access to the automated information system, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.






/KARI L SCHMIDT/Primary Examiner, Art Unit 2439