DETAILED ACTION
 	This Office Action is in response to the IDS (Information Disclosure Statement)  filed on 02/26/2021. Claims 1-20 are presented for examination on the merits.
Notice of Pre-AIA  or AIA  Status

 	The present application is being examined under the first inventor to file provisions of the AIA .
Information Disclosure Statement

 	The information disclosure statement (IDS) submitted on 02/26/2021 has been considered. The submission is in compliance with the provisions of 37 CFR 1.97. Form PTO-1449 is signed and attached hereto.
Terminal Disclaimer
The terminal disclaimer filed on 12/01/2020 disclaiming the terminal portion of any patent granted on this application which would extend beyond the expiration date of Application No. 15/813,712 and Application 15/689,073 have been reviewed and is accepted. The terminal disclaimer has been recorded.
					Response to Arguments
1.	In view of the response filed on 12/01/2020 and applicant’s remarks in page 8 with respect to rejection under double patenting have been considered. In view of the aforesaid response and upon further search/consideration, the rejection mailed on 09/21/2020 are hereby withdrawn.

 				Allowable Subject Matter
2.	  Claims 1-20 are allowed over prior art of record.
Reasons for Allowance 
3. 	The following is an examiner’s statement of reasons for allowance:
 The independent claims 1, 9, and 19 are allowed and the corresponding dependent claims depend upon one of the above-mentioned allowed claims and are therefore allowed by virtue of their dependencies. 

 	Further, Bailey (US 8312519 B1, prior art on the record) discloses a method, system, and apparatus for agile generation of one time passcodes (OTPs) in a security environment, the security environment having a OTP generator comprising a OTP generator algorithm and a validator, the method comprising generating a OTP at the OTP generator according to a variance technique; wherein the variance technique is selected from a set of variance techniques, receiving the OTP at a validator, determining, at the validator, the variance technique used by the OTP generator to generate the OTP, and determining whether to validate the OTP based on the OTP and variance technique (Bailey, Col. 2, lines 15-25).
Drake (US 20170346851 A1, prior art on the record) discloses authentication, techniques to resist phishing attacks, techniques to neutralize the effects of malware, and numerous related computer security improvements, as well as providing user-experience improvements including increased speed of authentication, enrolment, integration, and other operational aspects, and greater ease of use, convenience, ability to scale and other improvements. In general, the present invention makes the use of 
Further, Drake discloses an improved security system needs to work against an enormous variety of threats, and it needs to be able to work everywhere, for everyone, at all times. It is important that an improved security solution be fast, easy to use, easy to set up, easy to install, non-controversial, and convenient. Additional benefits, such as making authentication fun, using psychological techniques to improve user happiness or mental wellbeing, or improving other aspects of a user's life, may also benefit security, especially in commercial situations where the decision to activate the improved security is left for the user to make (Drake, Paragraph 0023).
   	Although, the cited references above are from same or similar fields of endeavor however, the Applicant’s invention is directed towards automatic upgrade from one step authentication to two step authentication via application programming interface. The subject matters of independent claim 1 is allowable since certain key features of the claimed invention are not taught or fairly suggested by the prior art. 
 Specifically, the limitations in claim 1 that recite: “the password and grants the client limited permission with respect to permitted API operations and requires the two step authentication for each subsequent logon attempt; generating, by the client, a one time passcode (OTP) based upon the shared secret; sending the OTP to the server via the API, wherein the API includes a Representational state transfer (REST) API; and granting, responsive to the server validating the OTP against the shared secret, a 
 
  Further, the limitations in claim 1 with respect to automatic upgrade from one step authentication to two step authentication via application programming interface includes “generating, by the client, a one time passcode (OTP) based upon the shared secret; sending the OTP to the server via the API; granting, responsive to the server validating the OTP against the shared secret, a second set of permissions for operations associated with the API; and transmitting the user ID, the password, and a current OTP generated based upon the shared secret to the server in a subsequent logon operation” in ordered combination with the rest of the limitations recited in independent claim 1.
 	 The claimed subject matters are novel and non-obvious in scope over the prior art of record as the prior-art references fail to teach each and every features of the independent claim(s) including the limitations set forth above.
  	In view of the foregoing, the scope of claimed subject matters renders the invention patentably distinct as none of the prior art of record including the references cited in the IDS filed on 26 February, 2021, either taken by itself or in any combination, would have anticipated or made obvious the invention of the present application at or before the time it was filed. Therefore, all of the previous rejections have been removed and the current claims are in condition for allowance.
 	Furthermore, the Examiner performed updated search which does not yield other specific references that reasonably, either alone or in combination, would result a proper rejection of all the claimed features presented in independent claim 1 under 35 U.S.C 102 or 35 U.S.C.103 with proper motivation. 

 				Conclusion
4.	 Any inquiry concerning this communication or earlier communications from the examiner should be directed to MAHFUZUR RAHMAN whose telephone number is (571)270-7638.  The examiner can normally be reached on Monday thru Friday.
 	Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
 	If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Yin-Chen Shaw can be reached on 571-272-8878.  The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
 	Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system.  Status information for published applications may be obtained from either Private PAIR or Public PAIR.  Status information for unpublished applications is available through Private PAIR only.  For more information about the PAIR system, see http://pair-direct.uspto.gov. Should you have questions on access to the Private PAIR system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a 

/MAHFUZUR RAHMAN/
Primary Examiner, Art Unit 2498