DETAILED ACTION
Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .

Continued Examination Under 37 CFR 1.114
2.	A request for continued examination under 37 CFR 1.114, including the fee set forth in 37 CFR 1.17(e), was filed in this application after final rejection.  Since this application is eligible for continued examination under 37 CFR 1.114, and the fee set forth in 37 CFR 1.17(e) has been timely paid, the finality of the previous Office action has been withdrawn pursuant to 37 CFR 1.114.  Applicant's submission filed on 02/19/201 has been entered.
 
Response to Amendment
3. 	This communication is in response to the amendment filed on 02/19/2021. Claims have 11-13 have been added. Claims 1-5 and 7-13 are pending and Claims 1-5 and 7-10 are rejected, and Claims 11-13 are objected.
Response to Arguments
4.	Applicant's Arguments (Remarks Pages 10-20) filed 02/19/2021 have been fully considered but they are not persuasive and/or moot in view of the new ground of rejection necessitated by applicant's amendment. 
considered however, they are not persuasive and/or are moot in view of the new ground of rejection necessitated by applicant's amendment. 

	Applicant argues “Shteingart does not describe the following features of independent claim 8:
The user device processor is configured to:
- connect to a server through a supported Web type application or browser.

However, the examiner disagrees. Shteingart discloses that one or more computing devices including at least one processor (Shteingart: ¶ [0019]), access may be initiated via the user's registered mobile device (e.g., the first computing device 210) or via a client device from which the user desires to access the secure service or app (e.g., the second computing device 212)…, the authentication request including at least one identifying characteristic of the user (e.g., a user name). The initiation request is transmitted from the second computing device 212 to the server 214 (Shteingart: ¶ [0044], also see Fig. 2—212, 214). 
While the examiner agrees that Shteingart does not explicitly disclose connect to a server through a supported Web type application or browser, Ben on the other hand discloses that the application can be a corporate application, a web application, a CRM (customer relationship management) application, mobile banking application, NFC (near field communication) application, payment application or other. The application can run on a mobile device such as a mobile phone or PDA, or a PC (Ben: ¶ [0129], also see ¶ [0130]), system for NFC authentication 10/11 comes with an API (application programming interface) that allows developers to integrate wireless authentication in their applications based on BLUETOOTH proximity…, developer application can be any PC,  (Ben: ¶ [0142]). Therefore, PHOSITA would have understood that the combination of Shteingart and Ben discloses the features that the applicant is arguing about.

Applicant argues “Shteingart does not describe the following features of independent claim 8:
- load, from the server, data including executable data (Shteingart's server sends directly
to the first device (and not the second device, as a user device) a request for getting first device
credentials (¶ [0047]). Thus, the request is not executable data);

However, the examiner disagrees. However, Shteingart further discloses a the mobile device 210 and the second computing device 212 may be polled by a monitoring computer service or computer application (which may be running on the mobile device 210 and/or the second computing device 212) or online/in the cloud (Shteingart: ¶ [0053]), one or more of the illustrated components/modules may be implemented via the server 214 or as an Internet-based service…, the server 214 might be provided as a single computing device (Shteingart: ¶ [0034]), embodiments of the technology may be described in the general context of computer code or machine – useable instructions , including computer - useable or computer - executable instructions such as program modules  (Shteingart: ¶ [0024]), [Further, Examiner takes the official notice that it is well known in the art of network security to download executables from a server to a client device (i.e. scripts or applets which execute on a webpage, or entire applications from a server to a client device)]).

Applicant argues “Shteingart does not describe the following features of independent claim 8:

- detect on-line, through the Web type application or browser that executes the executable data, whether at least one identifier relating to at least one short range communication device does or does not exist in a vicinity of the user device (Shteingart's second device does not detect on-line the first device through a supported Web type application or browser that executes executable data loaded from the server (¶ [0047]). Rather, Shteingart's second device, as a user device, uses a distance detecting component 226 that is supported by Shteingart' s user device for an off-line detection (Fig. 2; ¶¶ [0051 ], [0055], and [0058]). The Office Action's citation to Shteingart' s ¶ [0024] does not refer to any executable data that is dynamically loaded into the user
device. Rather, Shteingart discloses that” ... executable instructions such as program modules ...,”
which refers to executable data that is present statically within the user device.)

However, the examiner disagrees. Shteingart further discloses the mobile device 210 and the second computing device 212 may be polled by a monitoring computer service or computer application (which may be running on the mobile device 210 and/or the second computing device 212) or online/in the cloud…, monitoring service or application may interrogate the mobile device 210 and the second computing device 212 regarding detected wireless communication networks, and determine that the mobile device 210 and the second computing device 212 are in proximity if at least a subset of the same wireless communication networks are detected (Shteingart: ¶ [0053], see also ¶ [0054]), one or more of the illustrated components/modules may be implemented via the server 214 or as an Internet-based service…, (Shteingart: ¶ [0034]), the mobile device 210 or the second computing device 212 may communicate an indication of its presence directly with the other device. In one embodiment, a communication session is established between the mobile device 210 and the second computing device 212 using a wireless communication technology, such as 
While the examiner agrees that Shteingart does not explicitly disclose detect on-line, through the Web type application or browser, Ben on the other hand discloses that the application can be a corporate application, a web application, a CRM (customer relationship management) application, mobile banking application, NFC (near field communication) application, payment application or other. The application can run on a mobile device such as a mobile phone or PDA, or a PC (Ben: ¶ [0129], also see ¶ [0130]), system for NFC authentication 10/11 comes with an API (application programming interface) that allows developers to integrate wireless authentication in their applications based on BLUETOOTH proximity…, developer application can be any PC, server or mobile terminal application including web applications that run in a browser…, when system for NFC authentication 10/11 is within proximity, the user is logged in automatically (Ben: ¶ [0142]), and the web application API makes a call to a browser plug-in. The plug-in enables the browser to automatically install Bluetooth drivers if they are not previously installed (user authorization may be required). Furthermore, the plug-in enables the browser application to communicate with system for NFC authentication (Ben: ¶ [0143]). Therefore, PHOSITA would have understood that the combination of Shteingart and Ben discloses the features that the applicant is arguing about.

Applicant argues “Shteingart does not describe the following features of independent claim 8:
	- send, to the server, at least one user identifier accompanied with the at least one detected
short range communication device identifier only if the at least one identifier relating to at least
one detected short range communication device exists in the vicinity of the user device (No on-line detection through a supported Web type application or browser that executed executable

Shteingart does not disclose that the user identifier in association with the first device ID
is to be detected on-line, through a user device, in a vicinity of the user device.
	
However, the examiner disagrees. The combination of Shteingart and Ben disclose online detection through supported web application or browser as discussed in previous response, and Shteingart further discloses device authentication credentials are generated that associated the mobile device (via one or more identifying details associated therewith) with the user credentials and, accordingly, the registered user (Shteingart: ¶ [0042]), the authentication component 242 of the mobile device 210 transmits the device authentication credential(s) associated therewith to the authentication component 224 of the second computing device 212 (that is, the device from which the registered user is seeking access to the secure service or app)…, the second computing device 212 then transmits the device authentication credential(s) to the authentication component 238 of the server 214 (Shteingart: ¶ [0046]).

	Applicant’s arguments with respect to Claim 1 are similar to Claim 8 and rejected using the similar rationales as discussed above. 

With respect to Claim 1, Applicant further argues:
Shteingart does not describe the following highlighted features of the steps recited in
independent claim 1, namely:
	- verifying, by the server, for the identified user, whether the at least one detected short
range communication device identifier is or is not present and, only if the at least one detected
short range communication device identifier is present, whether the at least one detected short

at least one reference short range communication device identifier (Shteingart' s user device does
not detect on-line a presence of the first device executing the executable data through a Web
type application or browser supported by the user device); and
- granting access, from the server, only if the at least one detected short range
communication device identifier is present and matches the at least predetermined part of the at
least one reference short range communication device identifier.

	The examiner respectfully disagrees. The combination of Shteingart and Ben disclose online detection through supported web application or browser as discussed in previous responses, and Shteingart further discloses both the user credentials and the device authentication credentials subsequently may be used to authenticate the particular mobile device (Shteingart: ¶ [0042]), the second computing device 212 then transmits the device authentication credential(s) to the authentication component 238 of the server 214 where verification of the mobile device 210 as associated with the registered user is performed (Shteingart: ¶ [0046], requires registration of both the user (resulting in generation of one or more user credentials to be utilized for subsequent login to the secured service or app) and of a mobile computing device that the user routinely has in close proximity, and of a mobile computing device that the user routinely has in close proximity (Shteingart: ¶ [0039]), determine that the mobile device 210 and the second computing device 212 are in proximity) (Shteingart: ¶ [0053]), and if authenticated, the user is permitted access to the desired secure service or app, for instance, by the access permitting component 230 of the second computing device 212  (Shteingart: ¶ [0047]), ¶ [0055]).


Applicant further argues:
Wisely does not describe the following features of the steps recited in independent claim
1, namely:
	A server registers a user identifier in association with a device ID to be detected on-line,
through a user device, in a vicinity of a user device (Rather, Wisely' s server registers only a list
of identifiers to be detected off-line in a vicinity of the mobile device, as the user device.);
- loading, from the server, to the user device, data including executable data (In contrast,
Wisely' s server sends, to the user device, an authentication challenge that constitutes no executable
data (ii [0046]).);
- detecting on-line, by the user device, through a supported Web type application or
browser that executes the executable data, whether at least one identifier relating to at least one
short range communication device does or does not exist in a vicinity of the user device (In
contrast, Wisely' s user device sends to the server the gathered tokens, as a response to a challenge
issued by the server (ii [0046]).);
- sending, from the user device, to the server, at least one user identifier accompanied with
the at least one detected short range communication device identifier only if the at least one
identifier relating to at least one detected short range communication device exists in the vicinity
of the user device (Wisely' s user device does not identify the user and does not detect on-line a
presence of the surrounding device executing the executable data by a supported Web type
application or browser);
- verifying, by the server, for the identified user, whether the at least one detected short
range communication device identifier is or is not present and, only if the at least one detected
short range communication device identifier is present, whether the at least one detected short
range communication device identifier does or does not match at least a predetermined part of the

- granting access, from the server, only if the at least one detected short range
communication device identifier is present and matches the at least predetermined part of the at
least one reference short range communication device identifier. 
	
Examiner disagrees: 
Applicant’s arguments with respect to Wisely are now moot in view of the new grounds of rejection necessitated by applicant’s amendment (Please see the 103 rejection below).
Applicant’s arguments with respect to independent Claims 9-10 are based on applicant’s arguments with respect to the features of Claim 1 and found unpersuasive for the reasons discussed above and/or moot in view of the new ground of rejection necessitated by Applicant's amendment.

Claim Rejections - 35 USC § 103
6.	The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.



7.	The factual inquiries set forth in Graham v. John Deere Co., 383 U.S. 1, 148 USPQ 459 (1966), that are applied for establishing a background for determining obviousness under 35 U.S.C. 103 are summarized as follows:
1. Determining the scope and contents of the prior art.

3. Resolving the level of ordinary skill in the pertinent art.
4. Considering objective evidence present in the application indicating obviousness or nonobviousness.

8.	This application currently names joint inventors. In considering patentability of the claims the examiner presumes that the subject matter of the various claims was commonly owned as of the effective filing date of the claimed invention(s) absent any evidence to the contrary.  Applicant is advised of the obligation under 37 CFR 1.56 to point out the inventor and effective filing dates of each claim that was not commonly owned as of the effective filing date of the later invention in order for the examiner to consider the applicability of 35 U.S.C. 102(b)(2)(C) for any potential 35 U.S.C. 102(a)(2) prior art against the later invention.

9.	Claims 1-2, 4, and 8-10 are rejected under 35 U.S.C. 103 as being unpatentable over Shteingart et al. (US 2017/0302659 A1, hereinafter Shteingart) in view of Ben Ayed (US 2011/0313922 A1, hereinafter Ben).

Regarding Claim 1,
Shteingart discloses a method for authenticating a user (Shteingart: [Abstract] Systems, methods, and computer-readable storage media are provided for authenticating users to secure services or apps utilizing reversed, hands-free and/or continuous two-factor authentication), wherein, a server registering at least one user identifier associated with at least one identifier relating to at least one reference short range communication device to be detected on-line, through a user device (Shteingart: ¶ [0032] network 218 may include, without limitation, one or more local area networks (LANs) and/or wide area networks (WANs). Such networking environments are commonplace in offices, enterprise-wide computer networks, intranets and the Internet, ¶ [0034] the server 214 might be provided as…, a computing device remote from one or more of the remaining components, ¶ [0041] To initiate registration, the user accesses the appropriate registration form (e.g., an online registration form accessible from a website or app program location that includes one more fields for receiving input of user-identifying information) via the second computing device 212, ¶ [0054] the mobile computing device 210 may communicate a device ID (or other identification, to the second computing device 212 over the communication session, also see ¶ [0040] the functions described herein as being performed by one or the other of the first and second computing devices 210, 212 are not mutually exclusive. Many of the described functions may be performed by either one or both of the first and second computing devices 210), in a vicinity of the user device (Shteingart: ¶ [0039] requires registration of both the user (resulting in generation of one or more user credentials to be utilized for subsequent login to the secured service or app) and of a mobile computing device that the user routinely has in close proximity to his or her presence, ¶ [0041]), the method comprises the following steps: 
connecting to the server from the user device, through a supported Web type application or browser (Shteingart: ¶ [0044] Access may be initiated via the user's registered mobile device (e.g., the first computing device 210) or via a client device from which the user desires to access the secure service or app (e.g., the second computing device 212)…, the authentication request including at least one identifying characteristic of the user (e.g., a user name). The initiation request is transmitted from the second computing device 212 to the server 214, also see Fig. 2—212, 214); 
(Shteingart: ¶ [0053] the mobile device 210 and the second computing device 212 may be polled by a monitoring computer service or computer application (which may be running on the mobile device 210 and/or the second computing device 212) or online/in the cloud, ¶ [0034] one or more of the illustrated components/modules may be implemented via the server 214 or as an Internet-based service…, the server 214 might be provided as a single computing device, a cluster of computing devices, or a computing device remote from one or more of the remaining components, ¶ [0024] Embodiments of the technology may be described in the general context of computer code or machine – useable instructions , including computer - useable or computer - executable instructions such as program modules, [Further, Examiner takes the official notice that it is well known in the art of network security to download executables from a server to a client device (i.e. scripts or applets which execute on a webpage, or entire applications from a server to a client device)], ¶[0025]); 
detecting on-line, by the user device, through the Web type application or browser that executes the executable data, whether at least one identifier relating to at least one short range communication device does or does not exist in a vicinity of the user device (Shteingart: ¶ [0053] the mobile device 210 and the second computing device 212 may be polled by a monitoring computer service or computer application (which may be running on the mobile device 210 and/or the second computing device 212) or online/in the cloud, ¶ [0034] one or more of the illustrated components/modules may be implemented via the server 214 or as an Internet-based service…, ¶ [0054] the mobile device 210 or the second computing device 212 may communicate an indication of its presence directly with the other device. In one embodiment, a communication session is established between the mobile device 210 and the second computing device 212 using a wireless communication technology, such as Bluetooth,…, the mobile computing device 210 may communicate a device ID ( or other identification) to the second computing device 212,  also see ¶ [0024]); 
sending, from the user device, to the server, at least one user identifier accompanied with the at least one detected short range communication device identifier only if the at least one identifier relating to at least one detected short range communication device exists in the vicinity of the user device (Shteingart: ¶ [0042] device authentication credentials are generated that associated the mobile device (via one or more identifying details associated therewith) with the user credentials and, accordingly, the registered user, ¶ [0046] the authentication component 242 of the mobile device 210 transmits the device authentication credential(s) associated therewith to the authentication component 224 of the second computing device 212 (that is, the device from which the registered user is seeking access to the secure service or app)…, the second computing device 212 then transmits the device authentication credential(s) to the authentication component 238 of the server 214, also see ¶ [0045], ¶ [0054]); 
identifying, by the server based on the at least one received user identifier, the user (Shteingart: ¶ [0042] Both the user credentials and the device authentication credentials subsequently may be used to authenticate the particular mobile device, ¶ [0044] an authentication request is issued by the authentication component 224 of the second computing device 212, the authentication request including at least one identifying characteristic of the user (e.g., a user name)…, request is transmitted from the second computing device 212 to the server 214 wherein it is received by the authentication component 238);
verifying, by the server, for the identified user, whether the at least one detected short range communication device identifier is or is not present and, only if the at least one detected short
(Shteingart: ¶ [0042] Both the user credentials and the device authentication credentials subsequently may be used to authenticate the particular mobile device, ¶ [0046] the second computing device 212 then transmits the device authentication credential(s) to the authentication component 238 of the server 214 where verification of the mobile device 210 as associated with the registered user is performed, ¶ [0039] requires registration of both the user (resulting in generation of one or more user credentials to be utilized for subsequent login to the secured service or app) and of a mobile computing device that the user routinely has in close proximity, and of a mobile computing device that the user routinely has in close proximity, ¶ [0053] monitoring service or application may poll the devices continuously, periodically, or as needed…, determine that the mobile device 210 and the second computing device 212 are in proximity); and 
granting access, from the server, only if the at least one detected short range communication device identifier is present and matches the at least predetermined part of the at least one reference short range communication device identifier (Shteingart: ¶ [0047] If authenticated, the user is permitted access to the desired secure service or app, for instance, by the access permitting component 230 of the second computing device 212, ¶ [0039] requires registration of both the user (resulting in generation of one or more user credentials to be utilized for subsequent login to the secured service or app) and of a mobile computing device, ¶ [0055]  device authentication credential indicates that the first computing device was utilized by a registered user upon registering for access to the service or app, ¶ [0053] monitoring service or application may poll the devices continuously, periodically, or as needed). 
through a supported Web type application or browser; and 
detecting on-line, by the user device, through the Web type application or browser that executes the executable data, whether at least one identifier relating to at least one short range communication device does or does not exist in a vicinity of the user device.
However, Ben from the similar field of endeavor as the claimed invention discloses that the application can be a corporate application, a web application, a CRM (customer relationship management) application, mobile banking application, NFC (near field communication) application, payment application or other. The application can run on a mobile device such as a mobile phone or PDA, or a PC (Ben: ¶ [0129], also see ¶ [0130]), system for NFC authentication 10/11 comes with an API (application programming interface) that allows developers to integrate wireless authentication in their applications based on BLUETOOTH proximity…, developer application can be any PC, server or mobile terminal application including web applications that run in a browser…, When system for NFC authentication 10/11 is within proximity, the user is logged in automatically (Ben: ¶ [0142]), and the web application API makes a call to a browser plug-in. The plug-in enables the browser to automatically install Bluetooth drivers if they are not previously installed (user authorization may be required). Furthermore, the plug-in enables the browser application to communicate with system for NFC authentication (Ben: ¶ [0143]).
Thus, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to incorporate the teachings of Ben in the teachings of Shteingart. A person having ordinary skill in the art would have been motivated to do so to provide a secure platform for enterprise applications where access is granted to people that carry system for NFC authentication…, and since mobile phones and mobile terminal can be lost stolen and forgotten, this  (Ben: ¶ [0142]).

Regarding Claim 2,
Claim 2 is dependent on Claim 1, and the combination of Shteingart and Ben discloses all the limitations of Claim 1. Shteingart further discloses wherein, prior to detecting by the user device whether at least one identifier relating to at least one short range communication device does or does not exist, the at least one short range communication device is paired with the user device (Shteingart: ¶ [0054] In one embodiment, a communication session is established between the mobile device 210 and the second computing device 212 using a wireless communication technology, such as Bluetooth, Wi-Fi, Wireless USB/Ultrawideband, near-field communication (NFC), WiMax, etc. An indication of device presence is then communicated between the mobile device 210 and the second computing device 212; for example, the mobile computing device 210 may communicate a device ID (or other identification) to the second computing device 212 over the communication session).

Regarding Claim 4,
Claim 4 is dependent on Claim 1, and the combination of Shteingart and Ben discloses all the limitations of Claim 1. Shteingart further discloses wherein the server creates or updates, based on at least one previous successful authentication, in association with at least one registered user identifier, a set of at least one identifier relating to at least one short range communication device, as the at least one identifier relating to at least one reference short range communication device to be detected in the vicinity of the user device (Shteingart: ¶ [0039] Registration of the mobile computing device results in generation of one or more device authentication credentials to be utilized for subsequent login to the secured service or app, ¶ [0042] device authentication credentials are generated that associated the mobile device (via one or more identifying details associated therewith) with the user credentials and, accordingly, the registered user. Both the user credentials and the device authentication credentials subsequently may be used to authenticate the particular mobile device as associated with the registering user). 

Regarding Claim 8,
Shteingart discloses a user device for authenticating a user, wherein the user device includes at least one processor and the user device processor is configured to (Shteingart: ¶ [0044] a client device from which the user desires to access the secure service or app (e.g., the second computing device 212, [Abstract] authenticating users to secure services or apps, ¶ [0019] (for instance, being performed by one or more computing devices including at least one processor), ¶ [0025]): 
connect, through a supported Web type application or browser, to a server (Shteingart: ¶ [0044] the authentication request including at least one identifying characteristic of the user (e.g., a user name). The initiation request is transmitted from the second computing device 212 to the server 214); 
load data, from the server, including executable data (Shteingart: ¶ [0053] the mobile device 210 and the second computing device 212 may be polled by a monitoring computer service or computer application (which may be running on the mobile device 210 and/or the second computing device 212) or online/in the cloud, ¶ [0034] one or more of the illustrated components/modules may be implemented via the server 214 or as an Internet-based service…, the server 214 might be provided as a single computing device, a cluster of computing devices, or a computing device remote from one or more of the remaining components, ¶ [0024] Embodiments of the technology may be described in the general context of computer code or machine – useable instructions , including computer - useable or computer - executable instructions such as program modules, [Further, Examiner takes the official notice that it is well known in the art of network security to download executables from a server to a client device (i.e. scripts or applets which execute on a webpage, or entire applications from a server to a client device)]); 
detect on-line, through the Web type application or browser that executes the executable data, whether at least one identifier relating to at least one short range communication device does or does not exist in a vicinity of the user device (Shteingart: ¶ [0053] the mobile device 210 and the second computing device 212 may be polled by a monitoring computer service or computer application (which may be running on the mobile device 210 and/or the second computing device 212) or online/in the cloud,  ¶ [0054] the mobile device 210 or the second computing device 212 may communicate an indication of its presence directly with the other device. In one embodiment, a communication session is established between the mobile device 210 and the second computing device 212 using a wireless communication technology, such as Bluetooth,…, the mobile computing device 210 may communicate a device ID ( or other identification) to the second computing device 212); and
send, to the server, at least one user identifier accompanied with the at least one detected short range communication device identifier only if the at least one identifier relating to at least one detected short range communication device exists in the vicinity of the user device (Shteingart: ¶ [0042] device authentication credentials are generated that associated the mobile device (via one or more identifying details associated therewith) with the user credentials and, accordingly, the registered user, ¶ [0046] the authentication component 242 of the mobile device 210 transmits the device authentication credential(s) associated therewith to the authentication component 224 of the second computing device 212 (that is, the device from which the registered user is seeking access to the secure service or app)…, the second computing device 212 then transmits the device authentication credential(s) to the authentication component 238 of the server 214, also see ¶ [0045], ¶ [0054]).
However, it is noted that Shteingart does not explicitly disclose connect, through a supported Web type application or browser, to a server; and
detect on-line, through the Web type application or browser that executes the executable data, whether at least one identifier relating to at least one short range communication device does or does not exist in a vicinity of the user device.
However, Ben further discloses that the application can be a corporate application, a web application, a CRM (customer relationship management) application, mobile banking application, NFC (near field communication) application, payment application or other. The application can run on a mobile device such as a mobile phone or PDA, or a PC (Ben: ¶ [0129], also see ¶ [0130]), system for NFC authentication 10/11 comes with an API (application programming interface) that allows developers to integrate wireless authentication in their applications based on BLUETOOTH proximity…, developer application can be any PC, server or mobile terminal application including web applications that run in a browser…, When system for NFC authentication 10/11 is within proximity, the user is logged in automatically (Ben: ¶ [0142]), and the web application API makes a call to a browser plug-in. The plug-in enables the browser to automatically install Bluetooth drivers if they are not previously installed (user authorization may be required). Furthermore, the plug-in enables the browser application to communicate with system for NFC authentication (Ben: ¶ [0143]).
Thus, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to incorporate the teachings of Ben in the teachings of Shteingart. A  (Ben: ¶ [0142]).

Regarding Claim 9,
Shteingart discloses a device for authenticating a user (Shteingart: [Abstract] authenticating users to secure services or apps, ¶ [0041] server 214), wherein, the device  including at least one processor (Shteingart: ¶ [0019] for instance, being performed by one or more computing devices including at least one processor), the device processor registering at least one user identifier associated with at least one identifier relating to at least one reference short range communication device to be detected on-line, through a user device (Shteingart: ¶ [0032] network 218 may include, without limitation, one or more local area networks (LANs) and/or wide area networks (WANs). Such networking environments are commonplace in offices, enterprise-wide computer networks, intranets and the Internet, ¶ [0034] the server 214 might be provided as…,a computing device remote from one or more of the remaining components, ¶ [0041] To initiate registration, the user accesses the appropriate registration form ( e.g., an online registration form accessible from a website or app program location that includes one more fields for receiving input of user-identifying information) via the second computing device 212, ¶ [0054] the mobile computing device 210 may communicate a device ID (or other identification, to the second computing device 212 over the communication session, also see ¶ [0040] the functions described herein as being performed by one or the other of the first and second computing devices 210, 212 are not mutually exclusive. Many of the described functions may be performed by either one or both of the first and second computing devices 210, ¶¶ [0019, 0025]), in a vicinity of the user device, and the device processor is configured to (Shteingart: ¶ [0039] requires registration of both the user (resulting in generation of one or more user credentials to be utilized for subsequent login to the secured service or app) and of a mobile computing device that the user routinely has in close proximity to his or her presence, ¶ [0041] server 214 receives the registration request from the registration component 220 of the second computing device 212, ¶[0019]): 
be connected from the user device (Shteingart: ¶ [0044] Access may be initiated via the user's registered mobile device (e.g., the first computing device 210) or via a client device from which the user desires to access the secure service or app (e.g., the second computing device 212)…, the authentication request including at least one identifying characteristic of the user (e.g., a user name). The initiation request is transmitted from the second computing device 212 to the server 214, also see Fig. 2—212, 214); 
load into the user device data including executable data (Shteingart: ¶ [0053] the mobile device 210 and the second computing device 212 may be polled by a monitoring computer service or computer application (which may be running on the mobile device 210 and/or the second computing device 212) or online/in the cloud, ¶ [0034] one or more of the illustrated components/modules may be implemented via the server 214 or as an Internet-based service…, the server 214 might be provided as a single computing device, a cluster of computing devices, or a computing device remote from one or more of the remaining components, ¶ [0024] Embodiments of the technology may be described in the general context of computer code or machine – useable instructions , including computer - useable or computer - executable instructions such as program modules, [Further, Examiner takes the official notice that it is well known in the art of network security to download executables from a server to a client device (i.e. scripts or applets which execute on a webpage, or entire applications from a server to a client device)]); 
receive, from the user device, at least one user identifier accompanied with the at least one detected short range communication device identifier only if the at least one identifier relating to at least one detected short range communication device was detected online in a vicinity of the user device via a Web type application or browser executing the executable data (Shteingart: ¶ [0042] device authentication credentials are generated that associated the mobile device (via one or more identifying details associated therewith) with the user credentials and, accordingly, the registered user, ¶ [0046] the authentication component 242 of the mobile device 210 transmits the device authentication credential(s) associated therewith to the authentication component 224 of the second computing device 212 (that is, the device from which the registered user is seeking access to the secure service or app)…, the second computing device 212 then transmits the device authentication credential(s) to the authentication component 238 of the server 214, also see ¶ [0045], ¶ [0053], ¶ [0054]); 
identify, based on the at least one received user identifier, the user (Shteingart: ¶ [0042] Both the user credentials and the device authentication credentials subsequently may be used to authenticate the particular mobile device, ¶ [0044] an authentication request is issued by the authentication component 224 of the second computing device 212, the authentication request including at least one identifying characteristic of the user (e.g., a user name)…, request is transmitted from the second computing device 212 to the server 214 wherein it is received by the authentication component 238);
verify, for the identified user, whether the at least one detected short range communication device identifier is or is not present and, only if the at least one detected short range communication device identifier is present, whether the at least one detected short range communication device (Shteingart: ¶ [0042] Both the user credentials and the device authentication credentials subsequently may be used to authenticate the particular mobile device, ¶ [0046] the second computing device 212 then transmits the device authentication credential(s) to the authentication component 238 of the server 214 where verification of the mobile device 210 as associated with the registered user is performed, ¶ [0039] requires registration of both the user (resulting in generation of one or more user credentials to be utilized for subsequent login to the secured service or app) and of a mobile computing device that the user routinely has in close proximity, and of a mobile computing device that the user routinely has in close proximity, ¶ [0053] monitoring service or application may poll the devices continuously, periodically, or as needed…, determine that the mobile device 210 and the second computing device 212 are in proximity); and 
grant access only if the at least one detected short range communication device identifier is present and matches the at least predetermined part of the at least one reference short range communication device identifier (Shteingart: ¶ [0047] If authenticated, the user is permitted access to the desired secure service or app, for instance, by the access permitting component 230 of the second computing device 212, ¶ [0039] requires registration of both the user (resulting in generation of one or more user credentials to be utilized for subsequent login to the secured service or app) and of a mobile computing device, ¶ [0055]  device authentication credential indicates that the first computing device was utilized by a registered user upon registering for access to the service or app, ¶ [0053] monitoring service or application may poll the devices continuously, periodically, or as needed).
However, it is noted that Shteingart does not explicitly disclose receive, from the user device, at least one user identifier accompanied with the at least one detected short range communication via a Web type application or browser executing the executable data.
However, Ben further discloses that the application can be a corporate application, a web application, a CRM (customer relationship management) application, mobile banking application, NFC (near field communication) application, payment application or other. The application can run on a mobile device such as a mobile phone or PDA, or a PC (Ben: ¶ [0129], also see ¶ [0130]), system for NFC authentication 10/11 comes with an API (application programming interface) that allows developers to integrate wireless authentication in their applications based on BLUETOOTH proximity…, developer application can be any PC, server or mobile terminal application including web applications that run in a browser…, When system for NFC authentication 10/11 is within proximity, the user is logged in automatically (Ben: ¶ [0142]), and the web application API makes a call to a browser plug-in. The plug-in enables the browser to automatically install Bluetooth drivers if they are not previously installed (user authorization may be required). Furthermore, the plug-in enables the browser application to communicate with system for NFC authentication (Ben: ¶ [0143]).
Thus, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to incorporate the teachings of Ben in the teachings of Shteingart. A person having ordinary skill in the art would have been motivated to do so to provide a secure platform for enterprise applications where access is granted to people that carry system for NFC authentication…, and since mobile phones and mobile terminal can be lost stolen and forgotten, this system prevents loss and theft, and at the same time prevents access by unauthorized users (Ben: ¶ [0142]).

Regarding Claim 10,
Shteingart discloses a system for authenticating a user, wherein, the system including a server and at least one user device (Shteingart: [Abstract] Systems, methods, and computer-readable storage media are provided for authenticating users to secure services or apps, ¶ [0041] server 214…, second computing device 212), ¶ [0019] (for instance, being performed by one or more computing devices including at least one processor)), the server registering at least one user identifier associated with at least one identifier relating to at least one reference short range communication device to be detected on-line, through a user device (Shteingart: ¶ [0032] network 218 may include, without limitation, one or more local area networks (LANs) and/or wide area networks (WANs). Such networking environments are commonplace in offices, enterprise-wide computer networks, intranets and the Internet, ¶ [0034] the server 214 might be provided as…,a computing device remote from one or more of the remaining components, ¶ [0041] To initiate registration, the user accesses the appropriate registration form ( e.g., an online registration form accessible from a website or app program location that includes one more fields for receiving input of user-identifying information) via the second computing device 212, ¶ [0054] the mobile computing device 210 may communicate a device ID (or other identification, to the second computing device 212 over the communication session, also see ¶ [0040] the functions described herein as being performed by one or the other of the first and second computing devices 210, 212 are not mutually exclusive. Many of the described functions may be performed by either one or both of the first and second computing devices 210, ¶ [0025]), in a vicinity of the user device, the user device including at least one processor, the user device processor being configured to connect (Shteingart: ¶ [0039] requires registration of both the user (resulting in generation of one or more user credentials to be utilized for subsequent login to the secured service or app) and of a mobile computing device that the user routinely has in close proximity to his or her presence, ¶ [0041] server 214 receives the registration request from the registration component 220 of the second computing device 212, ¶ [0019] (for instance, being performed by one or more computing devices including at least one processor)), the server including at least one processor, the server processor is configured to (Shteingart: ¶[0025], see also Fig. 1) and discloses all the limitations of Claim 10, in combination with Ben, as discussed in Claim 1. Therefore, Claim 10 is rejected using the same rationales as discussed in Claim 1.

10.	Claims 3, 5 and 7 are rejected under 35 U.S.C. 103 as being unpatentable over Shteingart et al. (US 2017/0302659 A1, hereinafter Shteingart) in view of Ben Ayed (US 2011/0313922 A1, hereinafter Ben) and further in view of Wisely et al. (US 2009/0265775 A1, hereinafter Wisely).

Regarding Claim 3,
Claim 3 is dependent on Claim 1, and the combination of Shteingart and Ben discloses all the limitations of Claim 1. However, it is noted that the combination of Shteingart and Ben does not explicitly disclose wherein, prior to sending to the server from the user device at least one user identifier accompanied with the at least one detected short range communication device identifier, the user device involves the user to select the at least one detected short range communication device identifier.
However, Wisely from the similar field of endeavor as the claimed invention discloses that the user device identifies the other devices using wireless access technologies such as WLAN air interface protocols for example IEEE802.11a (WiFi), personal area network air interface protocols such as BluetoothTM (Wisely: ¶ [0018]), user device 10 may be configured to “know’ that it must gather 3 such company related tokens, and can then stop (Wisely: ¶ [0045]), and server 11 then  (Wisely: ¶ [0047]).
Thus, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to incorporate the teachings of Wisely in the teachings of Shteingart and Ben. A person having ordinary skill in the art would have been motivated to do so because the tokens required for authentication may depend on the level of security required for the requested service. For example general access to the company Intranet may require a relatively low level of Security, whereas access to a restricted document may require a high level (Wisely: ¶ [0063]).

Regarding Claim 5,
Claim 5 is dependent on Claim 1, and the combination of Shteingart and Ben discloses all the limitations of Claim 1. Shteingart further discloses wherein, when the user is authenticated without having submitted user authentication data, the user device continues to detect on-line, through the Web type application or browser that executes the executable data, whether the at least one detected short range communication device identifier does or does not still exist in the vicinity of the user device (Shteingart: ¶ [0042] device authentication credentials are generated that associated the mobile device (via one or more identifying details associated therewith) with the user credentials and, accordingly, the registered user. Both the user credentials and the device authentication credentials subsequently may be used to authenticate the particular mobile device as associated with the registering user, ¶ [0053] the mobile device 210 and the second computing device 212 may be polled by a monitoring computer service or computer application (which may be running on the mobile device 210 and/or the second computing device 212) or online/in the cloud…, monitoring service or application may poll the devices continuously, periodically, or as needed); and 
still granting access, from the server, only if the at least one detected short range communication device identifier still present and still matches the at least predetermined part of the at least one reference short range communication device identifier (Shteingart: ¶ [0047] If authenticated, the user is permitted access to the desired secure service or app, for instance, by the access permitting component 230 of the second computing device 212, ¶ [0039] requires registration of both the user (resulting in generation of one or more user credentials to be utilized for subsequent login to the secured service or app) and of a mobile computing device, ¶ [0055]  device authentication credential indicates that the first computing device was utilized by a registered user upon registering for access to the service or app, ¶ [0053] monitoring service or application may poll the devices continuously, periodically, or as needed); or 
denying access only either if the at least one detected short range communication device identifier does no longer match the at least predetermined part of the at least one reference short range communication device identifier or if there is no detected short range communication
device identifier (Shteingart: ¶ [0039] requires registration of both the user (resulting in generation of one or more user credentials to be utilized for subsequent login to the secured service or app) and of a mobile computing device, ¶ [0047] If authenticated, the user is permitted access, ¶ [0053]). 
However, it is noted that Shteingart does not explicitly disclose: wherein, when the user is authenticated without having submitted user authentication data, the user device continues to detect on-line, through the Web type application or browser that executes the executable data, 
However, Ben further discloses that the application can be a corporate application, a web application, a CRM (customer relationship management) application, mobile banking application, NFC (near field communication) application, payment application or other. The application can run on a mobile device such as a mobile phone or PDA, or a PC (Ben: ¶ [0129], also see ¶ [0130]), system for NFC authentication 10/11 comes with an API (application programming interface) that allows developers to integrate wireless authentication in their applications based on BLUETOOTH proximity…, developer application can be any PC, server or mobile terminal application including web applications that run in a browser…, When system for NFC authentication 10/11 is within proximity, the user is logged in automatically (Ben: ¶ [0142]), and the web application API makes a call to a browser plug-in. The plug-in enables the browser to automatically install Bluetooth drivers if they are not previously installed (user authorization may be required). Furthermore, the plug-in enables the browser application to communicate with system for NFC authentication (Ben: ¶ [0143]).
Thus, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to incorporate the teachings of Ben in the teachings of Shteingart. A person having ordinary skill in the art would have been motivated to do so to provide a secure platform for enterprise applications where access is granted to people that carry system for NFC authentication…, and since mobile phones and mobile terminal can be lost stolen and forgotten, this system prevents loss and theft, and at the same time prevents access by unauthorized users (Ben: ¶ [0142]).
However, it is noted that the combination of Shteingart and Ben does not explicitly disclose: denying access only either if the at least one detected short range communication device identifier 
However, Wisely further discloses the user device 10 identifies other wireless devices 13 located around it gathers tokens from some or all of these and forwards the tokens to the server 11 (Wisely: ¶ [0041]), identifiers or tokens gathered from the other devices could be simply their MAC addresses or some other data with which to uniquely identify them or identify them as company related devices (Wisely: ¶ [0042], also see ¶ [0047]), and the if the recently supplied token list meets the predetermined requirements (ie 3 matching tokens), then the server 11 sets up the conference call (119; 7). If the threshold is not meet, a denial of service message is sent (120; 7) (Wisely: ¶ [0060]).
Thus, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to incorporate the teachings of Wisely in the teachings of Shteingart and Ben. A person having ordinary skill in the art would have been motivated to do so because the tokens required for authentication may depend on the level of security required for the requested service. For example, general access to the company Intranet may require a relatively low level of security, whereas access to a restricted document may require a high level (Wisely: ¶ [0063]).

Regarding Claim 7,
Claim 7 is dependent on Claim 1, and the combination of Shteingart and Ben discloses all the limitations of Claim 1. However, it is noted that Shteingart further discloses wherein an administrator of the server defines, as a security rule, a required number of the at least one reference short range communication device to be detected on-line in the vicinity of the user device (Shteingart: ¶ [0053] the mobile device 210 and the second computing device 212 may be polled by a monitoring computer service or computer application (which may be running on the mobile device 210 and/or the second computing device 212) or online/in the cloud, ¶ [0034] one or more of the illustrated components/modules may be implemented via the server 214 or as an Internet-based service…, ¶ [0054], ¶ [0024]).
However, it is noted that Shteingart and Ben does not explicitly disclose wherein an administrator of the server defines, as a security rule, a required number of the at least one reference short range communication device to be detected on-line in the vicinity of the user device
However, Wisely further discloses that user device 10 may be configured to “know’ that it must gather 3 such company related tokens, and can then stop (Wisely: ¶ [0045]), server 11 then either forwards the received tokens to a database 12 for matching with a list of authentication tokens such as company device identifiers, or requests a list of company devices identifiers (a company asset register for wireless devices) (Wisely: ¶ [0047]), and in addition to requiring a number of matching tokens to set up a secure session with the server, the server 11 may be configured to periodically require the user device 10 to supply tokens (Wisely: ¶ [0048]).
Thus, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to incorporate the teachings of Wisely in the teachings of Shteingart and Ben. A person having ordinary skill in the art would have been motivated to do so because the tokens required for authentication may depend on the level of security required for the requested service. For example general access to the company Intranet may require a relatively low level of Security, whereas access to a restricted document may require a high level (Wisely: ¶ [0063]).

Allowable Subject Matter	
11.	Claims 11-13 are objected to as being dependent upon a rejected base claim, but would be allowable if rewritten in independent form including all of the limitations of the base claim and any intervening claims.

Conclusion
12.	The prior art made of record and not relied upon is considered pertinent to applicant's disclosure. 
US-20130145420-A1
US-20140344904-A1
US-20150215299-A1
US-9075979-B1
US-20130174252-A1
Any inquiry concerning this communication or earlier communications from the examiner should be directed to SAMEERA WICKRAMASURIYA whose telephone number is (571)272-1507.  The examiner can normally be reached on MON-FRI 8AM-4:30PM EST.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.  
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, JUNG W. KIM can be reached on (571)272-3804.  The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system.  Status information for published applications 

/SAMEERA WICKRAMASURIYA/
Examiner, Art Unit 2494

/ROBERT B LEUNG/Primary Examiner, Art Unit 2494                                                                                                                                                                                                        4-09-2021