DETAILED ACTION
A request for continued examination under 37 CFR 1.114, including the fee set forth in 37 CFR 1.17(e), was filed in this application after final rejection.  Since this application is eligible for continued examination under 37 CFR 1.114, and the fee set forth in 37 CFR 1.17(e) has been timely paid, the finality of the previous Office action has been withdrawn pursuant to 37 CFR 1.114.  Applicant's submission filed on 4/2/2021 has been entered.
Claims 1-20 are pending with claims 1, 3, 4, 9, 11, 13, 18 and 20 having been amended.

Notice of Pre-AIA  or AIA  Status
The present application is being examined under the pre-AIA  first to invent provisions. 

Response to Arguments
Applicant's arguments filed 4/2/2021 have been fully considered. 
Applicant’s arguments, with respect to the rejection(s) of amended claim(s) 1-7, 9, 11-16 and 18-20 under 102 have been fully considered and are persuasive. Therefore, the rejection has been withdrawn. However, upon further consideration, a new ground(s) of rejection is made in view of Grim (US 2013/0104198) in view of Bajenov et al (US 20130254857).

Double Patenting
The nonstatutory double patenting rejection is based on a judicially created doctrine grounded in public policy (a policy reflected in the statute) so as to prevent the unjustified or improper timewise extension of the “right to exclude” granted by a patent and to prevent possible harassment by multiple assignees. A nonstatutory double patenting rejection is appropriate where the conflicting claims are not identical, but at least one examined application claim is not patentably distinct from the reference claim(s) because the examined application claim is either anticipated by, or would have been obvious over, the reference claim(s). See, e.g., In re Berg, 140 F.3d 1428, 46 USPQ2d 1226 (Fed. Cir. 1998); In re Goodman, 11 F.3d 1046, 29 USPQ2d 2010 (Fed. Cir. 1993); In re Longi, 759 F.2d 887, 225 USPQ 645 (Fed. Cir. 1985); In re Van Ornum, 686 F.2d 937, 214 USPQ 761 (CCPA 1982); In re Vogel, 422 F.2d 438, 164 USPQ 619 (CCPA 1970); In re Thorington, 418 F.2d 528, 163 USPQ 644 (CCPA 1969).
A timely filed terminal disclaimer in compliance with 37 CFR 1.321(c) or 1.321(d) may be used to overcome an actual or provisional rejection based on nonstatutory double patenting provided the reference application or patent either is shown to be commonly owned with the examined application, or claims an invention made as a result of activities undertaken within the scope of a joint research agreement. See MPEP § 717.02 for applications subject to examination under the first inventor to file provisions of the AIA  as explained in MPEP § 2159.  See MPEP §§ 706.02(l)(1) - 706.02(l)(3) for applications not subject to examination under the first inventor to file provisions of the AIA . A terminal disclaimer must be signed in compliance with 37 CFR 1.321(b). 


Claims 1-20 are rejected on the ground of nonstatutory double patenting as being unpatentable over claim 1, 7 and 13 of U.S. Patent No. 9,213,833. Although the claims at issue are not identical, they are not patentably distinct from each other because each and every element of the above independent claims 1, 11 and 18 of the present application is broader and therefore anticipated by the corresponding independent claim 1, 7 and 13 of U.S. Patent No. 9,213,833.
16/656833 Claim 1
9,213,833 Claim 1
A method comprising:
A method comprising:
receiving a notification from a server, the notification including an indication of a sign-on attempt to a user account from a first device; 





receiving a notification, over a network, from a first application server that is hosting a first electronic service that is hosting a first user account, the notification reporting a detection of a user activity associated with the first account, the first application server being included in a plurality of application servers, the first electronic service being included in a plurality of electronic services, the first user account being included in a plurality of user accounts, the plurality of application servers respectively corresponds to the plurality of electronic 

identifying the notification reporting the detection of the user activity as a possible electronic intrusion into the first user account; 
determining a location corresponding to the user account; 
determining a location of a first user corresponding to the first user account; 
communicating over a network, based on the location, a request to a second device associated with the user account for instructions to respond to the notification, the second device being distinct from the first device; 
identifying whether to communicate a request to the first user for instructions to respond to the notification, based at least in part on the location of the first user;
receiving a response, over the network, responsive to the communicating of the request; and 

receiving a response from the first user, the response including instructions to block access to the first user account at the first application server; and 
communicating command information to the server based on the response.
communicating command information to the first application server based on the response, the command information including a command to block access to the first user account.


16/656833 Claim 11
9,213,833 Claim 1
A system comprising: at least one hardware processor and executable instructions accessible on a computer-readable medium that, when executed, cause the at least one hardware processor to perform operations comprising: 

A method comprising:
receiving a notification from a server, the notification including an indication of a sign-on attempt to a user account from a first device; 





receiving a notification, over a network, from a first application server that is hosting a first electronic service that is hosting a first user account, the notification reporting a detection of a user activity associated with the first account, the first application server being included in a plurality of application servers, the first electronic service being included in a 

identifying the notification reporting the detection of the user activity as a possible electronic intrusion into the first user account; 
determining a location corresponding to the user account; 
determining a location of a first user corresponding to the first user account;
communicating over a network, based on the location, a request to a second device associated with the user account for instructions to respond to the notification, the second device being distinct from the first device; 
identifying whether to communicate a request to the first user for instructions to respond to the notification, based at least in part on the location of the first user;
receiving a response, over the network, responsive to the communicating of the request; and 
receiving a response from the first user, the response including instructions to block access to the first user account at the first application server; and 
communicating command information to the server based on the response.
communicating command information to the first application server based on the response, the command information including a command to block access to the first user account.


16/656833 Claim 18
9,213,833 Claim 13
A machine-readable medium, having no transitory signals, that stores instructions and, when executed by at least one processor, causes the at least one processor to perform operations comprising: 
a machine readable medium, having no transitory signals, that stores instructions and, when executed by at least one machine, causes the at least one machine to perform operations comprising:
receiving a notification from a server, the notification including an indication of a sign-on attempt to a user account from a first device; 

receiving a notification, over a network, from a first application server that is hosting a first electronic service that is hosting a first user account, the notification reporting a detection of a user activity associated with the first account, 

identifying the notification reporting the detection of the user activity as a possible electronic intrusion into the first user account; 
determining a location corresponding to the user account; 
determining a location of a first user corresponding to the first user account;
communicating over a network, based on the location, a request to a second device associated with the user account for instructions to respond to the notification, the second device being distinct from the first device; 
identifying whether to communicate a request to the first user for instructions to respond to the notification, based at least in part on the location of the first user;
receiving a response, over the network, responsive to the communicating of the request; and 

receiving a response from the first user, the response including instructions to block access to the first user account at the first application server; and 
communicating command information to the server based on the response.
communicating command information to the first application server based on the response, the command information including a command to block access to the first user account.


Claims 1-20 rejected on the ground of nonstatutory double patenting as being unpatentable over claims 1-20 of U.S. Patent No. 9,531,739. Although the claims at issue are not identical, they are not patentably distinct from each other because each and every element of the above independent claims 1, 11 and 18 of the present .
16/656833 Claim 1
9,531,739 Claim 1
A method comprising: 
A method comprising: 
receiving a notification from a server, the notification including an indication of a sign-on attempt to a user account from a first device; 
receiving a notification, over a network, from a server, the notification reporting a detection of a user activity;

in response to receiving the notification reporting the detection of the user activity, identifying the user activity as a possible electronic intrusion into a user account; 
determining a location corresponding to the user account; 
determining a location of a user corresponding to the user account; 
communicating over a network, based on the location, a request to a second device associated with the user account for instructions to respond to the notification, the second device being distinct from the first device; 
identifying whether to communicate a request to the user for instructions to respond to the notification, based at least in part on the location of the user; 
receiving a response, over the network, responsive to the communicating of the request; and 

receiving a response from the user, the response including instructions to block access to the user account at the server; and 
communicating command information to the server based on the response.
communicating command information to the server based on the response, the command information including a command to block access to the user account.


16/656833 Claim 11
9,531,739 Claim 7
A system comprising: at least one hardware processor and executable instructions accessible on a computer-readable medium that, when executed, cause the at least one hardware processor to perform operations comprising: 
A system comprising: at least one processor; a memory; a set of instructions operable on the at least one processor to: receive a notification, over a network, from a server, the notification reporting a detection of a user activity; 

receiving a notification from a server, the notification including an indication of a sign-on attempt to a user account from a first device; 

identify, in response to receiving the notification reporting the detection of the user activity, the user activity as a possible electronic intrusion into a user account; 

determine a location of a user corresponding to the user account; 
communicating over a network, based on the location, a request to a second device associated with the user account for instructions to respond to the notification, the second device being distinct from the first device; 
identify whether to communicate a request to the user for instructions to respond to the notification, based at least in part on the location of the user; 

receiving a response, over the network, responsive to the communicating of the request; and 
receive a response from the user, the response including instructions to block access to the user account at the server; and 
communicating command information to the server based on the response.
communicate command information to the server based on the response, the command information including a command to block access to the user account.


16/656833 Claim 18
9,531,739 Claim 14
A machine-readable medium, having no transitory signals, that stores instructions and, when executed by at least one processor, causes the at least one processor to perform operations comprising: 
a machine readable medium, having no transitory signals, that stores instructions and, when executed by at least one machine, causes the at least one machine to perform operations comprising:
receiving a notification from a server, the notification including an indication of a sign-on attempt to a user account from a first device; 

receiving a notification, over a network, from a first application server that is hosting a first electronic service that is hosting a first user account, the notification reporting a detection of a user activity associated with the first account, the first application server being included in a plurality of application servers, the first electronic service being included in a plurality of electronic services, the first user account being included in a plurality of user accounts, the plurality of application servers respectively corresponds to the plurality of electronic services that respectively corresponding to the plurality of user accounts, the plurality of user accounts being respectively monitored for the user activity; 

identifying the notification reporting the detection of the user activity as a possible electronic intrusion into the first user account; 


determining a location corresponding to the user account; 
determining a location of a first user corresponding to the first user account;
communicating over a network, based on the location, a request to a second device associated with the user account for instructions to respond to the notification, the second device being distinct from the first device; 
identifying whether to communicate a request to the first user for instructions to respond to the notification, based at least in part on the location of the first user;
receiving a response, over the network, responsive to the communicating of the request; and 

receiving a response from the first user, the response including instructions to block access to the first user account at the first application server; and 
communicating command information to the server based on the response.
communicating command information to the first application server based on the response, the command information including a command to block access to the first user account.


Claims 1-20 rejected on the ground of nonstatutory double patenting as being unpatentable over claims 1-20 of U.S. Patent No. 9,882,922. Although the claims at issue are not identical, they are not patentably distinct from each other because each and every element of the above independent claims 1, 11 and 18 of the present application is broader and therefore anticipated by the corresponding independent claim 1, 7 and 14 of U.S. Patent No. 9,882,922.
16/656833 Claim 1
9,882,922 Claim 1
A method comprising: 
A method comprising:
receiving a notification from a server, the notification including an indication of a sign-on attempt to a user account from a first device; 
receiving, from a server, identification of a user activity for a user account for a service provided by the server; 
determining a location corresponding to the user account; 
determining a location of a user corresponding to the user account; 

identify whether to communicate a request to the user for instructions to respond to the user activity, based at least in part on the location of the user;
receiving a response, over the network, responsive to the communicating of the request; and 

In response to determination to communicate the request to the user for instructions, receive a response from the user, the response including instructions to block access to the user account at the server;
communicating command information to the server based on the response.
communicating command information to the server based on the response, the command information including a command to block access to the user account, wherein the command to block access to the user account prevents access to the user account until a command to unblock access to the account is received.


16/656833 Claim 11
9,882,922 Claim 7
A system comprising: at least one hardware processor and executable instructions accessible on a computer-readable medium that, when executed, cause the at least one hardware processor to perform operations comprising: 
A system comprising: at least one processor; a memory; and a set of instructions operable on the at least one processor to:
receiving a notification from a server, the notification including an indication of a sign-on attempt to a user account from a first device; 

receive, from a server, identification of a user activity for a user account for a service provided by the server; 
determining a location corresponding to the user account; 
determine a location of a user corresponding to the user account; 
communicating over a network, based on the location, a request to a second device associated with the user account for instructions to respond to the notification, the second device being distinct from the first device; 
identify whether to communicate a request to the user for instructions to respond to the user activity, based at least in part on the location of the user;

responsive to determination to communicate the request to the user for instructions, receive a response from the user, the response including instructions to block access to the user account at the server;
communicating command information to the server based on the response.
communicate command information to the server based on the response, the command information including a command to block access to the user account, wherein the command to block access to the user account prevents access to the user account until a command to unblock access to the account is received.



16/656833 Claim 18
9,882,922 Claim 14
A machine-readable medium, having no transitory signals, that stores instructions and, when executed by at least one processor, causes the at least one processor to perform operations comprising: 
a machine readable medium, having no transitory signals, that stores instructions and, when executed by at least one machine, causes the at least one machine to perform operations comprising:
receiving a notification from a server, the notification including an indication of a sign-on attempt to a user account from a first device; 

receiving, from a server, identification of a user activity for a user account for a service provided by the server; 
determining a location corresponding to the user account; 
determining a location of a user corresponding to the user account; 
communicating over a network, based on the location, a request to a second device associated with the user account for instructions to respond to the notification, the second device being distinct from the first device; 
identify whether to communicate a request to the user for instructions to respond to the user activity, based at least in part on the location of the user;
receiving a response, over the network, responsive to the communicating of the request; and 

in response to determination to communicate the request to the user for instructions, receive a response from the user, the response including instructions to block access to the user account at the server;

communicating command information to the server based on the response, the command information including a command to block access to the user account, wherein the command to block access to the user account prevents access to the user account until a command to unblock access to the account is received.


Claims 1-20 rejected on the ground of nonstatutory double patenting as being unpatentable over claims 1-20 of U.S. Patent No. 10,491,612. Although the claims at issue are not identical, they are not patentably distinct from each other because each and every element of the above independent claims 1, 11 and 18 of the present application is broader and therefore anticipated by the corresponding independent claim 1, 11 and 19 of U.S. Patent No. 10491,612.
16/656833 Claim 1
10,491,612 claim 11
A method comprising: 
A method comprising: 
receiving a notification from a server, the notification including an indication of a sign-on attempt to a user account from a first device; 
receiving a notification from a server that hosts a user account, the notification including an indication of a a sign-on attempt to the user account from a first device; 
identifying the sign-on attempt as a possible electronic intrusion into the user account; 


determining a location corresponding to the user account; 
determining a location of a user corresponding to the user account; 
communicating over a network, based on the location, a request to a second device associated with the user account for instructions to respond to the notification, the second device being distinct from the first device; 
communicating over a network, based on the location of the user, a request to a second device associated with the user;
receiving a response, over the network, responsive to the communicating of the request; and 




communicating command information to the server based on the response, the command information including a command to block access to the user account.


16/656833 Claim 11
10,491,612 claim 1
A system comprising: at least one hardware processor and executable instructions accessible on a computer-readable medium that, when executed, cause the at least one hardware processor to perform operations comprising: 
A system comprising: at least one hardware processor and executable instructions accessible on a computer-readable medium that, when executed, cause the at least one hardware processor to perform operations comprising: 



receiving a notification from a server, the notification including an indication of a sign-on attempt to a user account from a first device; 

receiving a notification from a server that hosts a user account, the notification including an indication of a sign-on attempt to the user account from a first device; 
identifying the sign-on attempt as a possible electronic intrusion into the user account; 

determining a location corresponding to the user account; 
determining a location of a user corresponding to the user account;
communicating over a network, based on the location, a request to a second device associated with the user account for instructions to respond to the notification, the second device being distinct from the first device; 
communicating over a network, based on the location of the user, a request to a second device associated with the user;
receiving a response, over the network, responsive to the communicating of the request; and 
receiving a response, over the network, responsive to the communicating of the request, the response including instructions to block access to the user account at the server; and
communicating command information to the server based on the response.
communicating command information to the server based on the response, the command information including a 



16/656833 Claim 18
10,491,612 claim 19
A machine-readable medium, having no transitory signals, that stores instructions and, when executed by at least one processor, causes the at least one processor to perform operations comprising: 
A machine readable medium, having no transitory signals, that stores instructions and, when executed by at least one machine, causes the at least one machine to perform operations comprising: 
receiving a notification from a server, the notification including an indication of a sign-on attempt to a user account from a first device; 

receiving a notification from a server that hosts a user account, the notification including an indication of a sign-on attempt to the user account from a first device; identifying the sign-on attempt as a possible electronic intrusion into the user account;
determining a location corresponding to the user account; 
determining a location of a user corresponding to the user account;
communicating over a network, based on the location, a request to a second device associated with the user account for instructions to respond to the notification, the second device being distinct from the first device; 
communicating over a network, based on the location of the user a request to a second device associated with the user;
receiving a response, over the network, responsive to the communicating of the request; and 

receiving a response, over the network, responsive to the communicating of the request, the response including instructions to block access to the user account at the server; and
communicating command information to the server based on the response.
communicating command information to the server based on the response, the command information including a command to block access to the user account.


Claim Rejections - 35 USC § 103
The following is a quotation of pre-AIA  35 U.S.C. 103(a) which forms the basis for all obviousness rejections set forth in this Office action:


Claims 1-7, 9, 11-16 and 18-20 are rejected under pre-AIA  35 U.S.C. 103(a) as being unpatentable over Grim (US 2013/0104198) in view of Bajenov et al (US 20130254857).
With respect to claim 1 Grim teaches a method comprising:
determining a location corresponding to the sign-on attempt (see Grim paragraph 0042 i.e. if the request automation latency is critical, the mobile authentication device 208 can pre-seed the permission response when the state of the automation criterion changes to allow the authentication service to respond appropriately without necessarily being required to contact the mobile device on-demand. For example, the criterion automation state can change when the mobile device enters or exits geographic regions where the permission response has been automated. This particular kind of pre-seeding method is known as "geo-fencing." Many other methods may be used to pre-seed an automated permission response); 
communicating over a network, based on the location, a request to a second device associated with the user account for instructions to respond to the notification, the second device being distinct from the first device (see Grim paragraph 0042 i.e. if the request automation latency is critical, the mobile authentication device 208 can pre-seed the permission response when the state of the automation criterion changes to allow the authentication service to respond appropriately without necessarily being required to contact the mobile device on-demand. For example, the criterion automation 
receiving a response, over the network, responsive to the communicating of the request (see Grim paragraph 0042 i.e. In this embodiment, the permission request includes a designator of the authenticating service 502, an action description 504, a user name 506, and a terminal description 508. Having been presented with the relevant information to inform an authentication decision, the user may either grant or deny the permission request using the corresponding buttons 510, 512 and paragraph 0046 i.e. The mobile device 208 is configured to receive sensory input from the user to determine the permission response. Sensory input includes tactile input (e.g., pushing a button), verbal input, or kinds of input. The mobile device 208 then sends the permission response to the authentication service 206); and 
communicating command information to the server based on the response (see Grim paragraph 0047 i.e. As previously noted, the exemplary methods and systems discussed herein have focused on login actions to a web site. However, the authentication methods and systems described can be applied to any situation where access or actions need to be authenticated over a computer network… Another embodiment can include transaction verification, such as providing a means for credit card processors to verify all or a subset of credit card transactions).


Bajenov teaches receiving a notification from a server, the notification including an indication of a possible unwanted sign-on attempt to a user account from a first device (See Bajenov paragraph 0030 i.e. As mentioned above, the security manager 114 may interact with the authentication manager 212 and the suspicious login information database 220 to synthesize a suspicion index that characterizes the legitimacy of the login attempt, the authenticity of the user, and/or the suspiciousness associated with the source of the login attempt. In this context, the suspicion index can be synthesized according to an algorithm that weights various indicators of suspiciousness (e.g., source, geographic location, presence of information associated with the login attempt in the suspicious login information database 220, etc.) in any desired combination. In one example, the suspicion index can be in the form of a numerical score assigned to a user session, indicating the probability that the session is created by an unauthorized or illegitimate user and paragraph 0039-0040 i.e. For example, even though the login information is not recorded in suspicious login information database 220, a prior suspicious login attempt could have originated at the source location thereby suggesting that, for example, a malicious party is attempting to access a number of user accounts using an ill-gotten collection of login information) and 	determining a location corresponding to the possible unwanted sign-on attempt (See Bajenov paragraph 0039 i.e. At step 404, the source location of the login attempt is determined and the suspicious login information database 220 is searched to 
It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to modify Grim in view of Bajenov to determine if the login attempt is a possible unwanted login by determining a suspicion index that characterizes the legitimacy of the login attempt. Where the suspicion index is synthesized according to an algorithm that weights various indicators of suspiciousness (e.g., source, geographic location, presence of information associated with the login attempt in the suspicious login information database 220, etc.) to detect a possible unwanted login and based on the suspicion index provide an addition security challenge to the user such as requiring the user to enter a security code sent to user through email or an SMS message sent to the user's mobile phone (see Bajenov paragraph 0031 and 0037). Therefore one would have been motivated to have determine if the login attempt is a possible unwanted login by determining a suspicion index that characterizes the legitimacy of the login attempt.
	With respect to claim 2 Grim teaches the method of claim 1, further comprising registering the second device for communication of the request (see grim paragraph 0035 i.e. In order for a mobile authentication device 208 to authenticate an authenticating service 204, the two first need to be paired together. The pairing process includes the communication of any information that is required for subsequent authentication requests to succeed. For example, if the authenticating service 204 wishes to require one-time-passwords ( OTP) to validate authentication requests, the pairing process will establish a shared secret (analogous to an encryption key) between 
With respect to claim 3 Grim teaches the method of claim 2, wherein: the registering of the second device for communication of the request comprises registering the user account to receive notifications regarding possible electronic intrusions; and the communicating of the request to the second device is further based on the registration of the user account (see Grim paragraph 0035 i.e. In order for a mobile authentication device 208 to authenticate an authenticating service 204, the two first need to be paired together. The pairing process includes the communication of any information that is required for subsequent authentication requests to succeed. For example, if the authenticating service 204 wishes to require one-time-passwords ( OTP) to validate authentication requests, the pairing process will establish a shared secret (analogous to an encryption key) between the mobile authentication device 208 and the authenticating service 204. When a subsequent authentication request is made, the mobile authentication device 208 will use this shared secret to generate the OTP, and the authentication will use it to verify that the OTP is correct).
With respect to claim 4 Grim teaches the method of claim 1, further comprising: identifying the possible unwanted sign-on attempt as a possible electronic intrusion into the user account (see Grim figure 5a and paragraphs 0028 i.e. When an authenticating service (e.g., a web site that requires a login or a car security computer) needs to authenticate a user action, an authentication request is sent to an authentication 
With respect to claim 5 Grim teaches the method of claim 1, wherein the communicating of the command information comprises communicating command information including a command to block access to the user account (see Grim paragraph 0045 i.e. The screen shot 500 shows a permission request displayed on mobile device 208 that is running an Android operating system. In this embodiment, the permission request includes a designator of the authenticating service 502, an action description 504, a user name 506, and a terminal description 508. Having been presented with the relevant information to inform an authentication decision, the user may either grant or deny the permission request using the corresponding buttons 510, 512).
With respect to claim 6 Grim teaches the method of claim l, further comprising communicating a second request for additional instructions (see Grim paragraph 0046 i.e. The mobile device 208 also is configured to receive sensory input from the user to automate the permission response).
With respect to claim 7 Grim teaches the method of claim 6, further comprising receiving a second response, over the network, the second response including additional instructions associated with access to the user account at the server.
(see Grim paragraph 0046 i.e. The mobile device 208 also is configured to receive sensory input from the user to automate the permission response).

With respect to claim 11 Grim teaches a system comprising:
at least one hardware processor and executable instructions accessible on a computer-readable medium that, when executed, cause the at least one hardware processor to perform operations comprising:
receiving a notification from a server, the notification including an indication of a sign-on attempt to a user account from a first device (see Grim paragraph 0039 i.e. As one possible example, a user may use his laptop to attempt to log in to a web-based email service. Here, the laptop is the authenticating terminal 202 and the web-based email service is the authenticating service 204. The authenticating service 204 will likely, but not necessarily, require the user to present some kind of first factor authenticating information (e.g., a password). Using embodiments of methods and systems disclosed herein, the authenticating service 204 is providing the user with an additional second factor for authentication, and so it then initiates an authentication request through the authentication service 206 and provides the appropriate pairing identifier for the user that is attempting authentication. The authentication service 206 
determining a location corresponding to the sign-on attempt (see Grim paragraph 0042 i.e. if the request automation latency is critical, the mobile authentication device 208 can pre-seed the permission response when the state of the automation criterion changes to allow the authentication service to respond appropriately without necessarily being required to contact the mobile device on-demand. For example, the criterion automation state can change when the mobile device enters or exits geographic regions where the permission response has been automated. This particular kind of pre-seeding method is known as "geo-fencing." Many other methods may be used to pre-seed an automated permission response); 
communicating over a network, based on the location, a request to a second device associated with the user account for instructions to respond to the notification, the second device being distinct from the first device (see Grim paragraph 0042 i.e. if the request automation latency is critical, the mobile authentication device 208 can pre-seed the permission response when the state of the automation criterion changes to allow the authentication service to respond appropriately without necessarily being required to contact the mobile device on-demand. For example, the criterion automation state can change when the mobile device enters or exits geographic regions where the permission response has been automated. This particular kind of pre-seeding method is known as "geo-fencing." Many other methods may be used to pre-seed an automated permission response); 

communicating command information to the server based on the response (see Grim paragraph 0047 i.e. As previously noted, the exemplary methods and systems discussed herein have focused on login actions to a web site. However, the authentication methods and systems described can be applied to any situation where access or actions need to be authenticated over a computer network… Another embodiment can include transaction verification, such as providing a means for credit card processors to verify all or a subset of credit card transactions).
Grim does not teach receiving a notification from a server, the notification including an indication of a sign-on attempt to a user account from a first device.
Bajenov teaches receiving a notification from a server, the notification including an indication of a possible unwanted sign-on attempt to a user account from a first device (See Bajenov paragraph 0030 i.e. As mentioned above, the security manager 114 may interact with the authentication manager 212 and the suspicious login 
It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to modify Grim in view of Bajenov to determine if the login attempt is a possible unwanted login by determining a suspicion index that characterizes the legitimacy of the login attempt. Where the suspicion index is synthesized according to an algorithm that weights various indicators of suspiciousness 
With respect to claim 12 Grim teaches the system of claim 11, wherein the operations further comprise registering the second device for communication of the request (see grim paragraph 0035 i.e. In order for a mobile authentication device 208 to authenticate an authenticating service 204, the two first need to be paired together. The pairing process includes the communication of any information that is required for subsequent authentication requests to succeed. For example, if the authenticating service 204 wishes to require one-time-passwords ( OTP) to validate authentication requests, the pairing process will establish a shared secret (analogous to an encryption key) between the mobile authentication device 208 and the authenticating service 204. When a subsequent authentication request is made, the mobile authentication device 208 will use this shared secret to generate the OTP, and the authentication will use it to verify that the OTP is correct).
With respect to claim 13 Grim teaches the system of claim 11, wherein the operations further comprise: identifying the possible unwanted sign-on attempt as a possible electronic intrusion into the user account (see Grim figure 5a and paragraphs 
With respect to claim 14 Grim teaches the system of claim 11, wherein the operations further comprise wherein the communicating of the command information comprises communicating command information including a command to block access to the user account (see Grim paragraph 0045 i.e. The screen shot 500 shows a permission request displayed on mobile device 208 that is running an Android operating system. In this embodiment, the permission request includes a designator of the authenticating service 502, an action description 504, a user name 506, and a terminal description 508. Having been presented with the relevant information to inform an authentication decision, the user may either grant or deny the permission request using the corresponding buttons 510, 512).
With respect to claim 15 Grim teaches the system of claim 11, wherein the operations further comprise communicating a second request for additional instructions (see Grim paragraph 0046 i.e. The mobile device 208 also is configured to receive sensory input from the user to automate the permission response).
With respect to claim 16 Grim teaches the system of claim 11, wherein the operations further comprise receiving a second response, over the network, the second 
(see Grim paragraph 0046 i.e. The mobile device 208 also is configured to receive sensory input from the user to automate the permission response).
With respect to claim 18 Grim teaches a machine-readable medium, having no transitory signals, that stores instructions and, when executed by at least one processor, causes the at least one processor to perform operations comprising:
receiving a notification from a server, the notification including an indication of a sign-on attempt to a user account from a first device (see Grim paragraph 0039 i.e. As one possible example, a user may use his laptop to attempt to log in to a web-based email service. Here, the laptop is the authenticating terminal 202 and the web-based email service is the authenticating service 204. The authenticating service 204 will likely, but not necessarily, require the user to present some kind of first factor authenticating information (e.g., a password). Using embodiments of methods and systems disclosed herein, the authenticating service 204 is providing the user with an additional second factor for authentication, and so it then initiates an authentication request through the authentication service 206 and provides the appropriate pairing identifier for the user that is attempting authentication. The authentication service 206 sends a permission request to the appropriate mobile authentication device 208 that responds with permission response as outlined herein); 
determining a location corresponding to the sign-on attempt (see Grim paragraph 0042 i.e. if the request automation latency is critical, the mobile authentication device 208 can pre-seed the permission response when the state of the automation criterion 
communicating over a network, based on the location, a request to a second device associated with the user account for instructions to respond to the notification, the second device being distinct from the first device (see Grim paragraph 0042 i.e. if the request automation latency is critical, the mobile authentication device 208 can pre-seed the permission response when the state of the automation criterion changes to allow the authentication service to respond appropriately without necessarily being required to contact the mobile device on-demand. For example, the criterion automation state can change when the mobile device enters or exits geographic regions where the permission response has been automated. This particular kind of pre-seeding method is known as "geo-fencing." Many other methods may be used to pre-seed an automated permission response); 
receiving a response, over the network, responsive to the communicating of the request (see Grim paragraph 0042 i.e. In this embodiment, the permission request includes a designator of the authenticating service 502, an action description 504, a user name 506, and a terminal description 508. Having been presented with the relevant information to inform an authentication decision, the user may either grant or deny the permission request using the corresponding buttons 510, 512 and paragraph 
communicating command information to the server based on the response (see Grim paragraph 0047 i.e. As previously noted, the exemplary methods and systems discussed herein have focused on login actions to a web site. However, the authentication methods and systems described can be applied to any situation where access or actions need to be authenticated over a computer network… Another embodiment can include transaction verification, such as providing a means for credit card processors to verify all or a subset of credit card transactions).
Grim does not teach receiving a notification from a server, the notification including an indication of a sign-on attempt to a user account from a first device.
Bajenov teaches receiving a notification from a server, the notification including an indication of a possible unwanted sign-on attempt to a user account from a first device (See Bajenov paragraph 0030 i.e. As mentioned above, the security manager 114 may interact with the authentication manager 212 and the suspicious login information database 220 to synthesize a suspicion index that characterizes the legitimacy of the login attempt, the authenticity of the user, and/or the suspiciousness associated with the source of the login attempt. In this context, the suspicion index can be synthesized according to an algorithm that weights various indicators of suspiciousness (e.g., source, geographic location, presence of information associated with the login attempt in the suspicious login information database 220, etc.) in any 
It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to modify Grim in view of Bajenov to determine if the login attempt is a possible unwanted login by determining a suspicion index that characterizes the legitimacy of the login attempt. Where the suspicion index is synthesized according to an algorithm that weights various indicators of suspiciousness (e.g., source, geographic location, presence of information associated with the login attempt in the suspicious login information database 220, etc.) to detect a possible unwanted login and based on the suspicion index provide an addition security challenge to the user such as requiring the user to enter a security code sent to user through email or an SMS message sent to the user's mobile phone (see Bajenov paragraph 0031 and 0037). Therefore one would have been motivated to have determine if the 
With respect to claim 19 Grim teaches the machine-readable medium of claim 18, wherein the operations further comprise registering the second device for communication of the request (see grim paragraph 0035 i.e. In order for a mobile authentication device 208 to authenticate an authenticating service 204, the two first need to be paired together. The pairing process includes the communication of any information that is required for subsequent authentication requests to succeed. For example, if the authenticating service 204 wishes to require one-time-passwords ( OTP) to validate authentication requests, the pairing process will establish a shared secret (analogous to an encryption key) between the mobile authentication device 208 and the authenticating service 204. When a subsequent authentication request is made, the mobile authentication device 208 will use this shared secret to generate the OTP, and the authentication will use it to verify that the OTP is correct).
With respect to claim 20 Grim teaches the machine-readable medium of claim 18, wherein the operations further comprise identifying the possible unwanted sign-on attempt as a possible electronic intrusion into the user account (see Grim figure 5a and paragraphs 0028 i.e. When an authenticating service (e.g., a web site that requires a login or a car security computer) needs to authenticate a user action, an authentication request is sent to an authentication service. If the authentication request has been sent out by an authenticating service, then ostensibly a first authentication factor has already been provided. In the case of a web site, the first factor is normally a username/password combination and paragraph 0045).

Claims 8, 10 and 17 are rejected under pre-AIA  35 U.S.C. 103(a) as being unpatentable over Grim (US 2013/0104198) in view of Bajenov et al (US 20130254857) in further view of Slonecker JR. (2007/0045403).
	With respect to claim 8, Grim does not teach the method of claim 7, further comprising sending a command to unblock access to the user account.
	Slonecker teaches further comprising sending a command to unblock access to the user account (see Slonecker paragraph 0009-0010 i.e. a financial account card owner is able to lock or unlock a card by providing a user request via an appropriate delivery channel to a card processor. The user request may be a request to lock an active or operable card, or to unlock a card that has previously been locked. The delivery channel for delivering the card owner request to the card processor may include, for example, a telephone, e.g., using a voice response unit (VRU), an automated teller machine (ATM), and/or a computer network interface, such as an online interface via an internet web site. The card owner request is forwarded via the selected delivery channel to a card processor implemented in a computer system that performs the requested card locking or unlocking operation. The card processor computer system may be operated by a bank, financial institution, or other entity that issues the financial account card to the card owner). 
It would have been obvious at the time the invention was made to a person having ordinary skill in the art to which said subject matter pertains to send a request to unblock access to an account (see Slonecker paragraph 0009-0010 i.e. a financial account card owner is able to lock or unlock a card by providing a user request via an 
With respect to claim 10, Grim does not teach the method of claim 1, further comprising: receiving a status update for the user account; and based on the status update, communicating updated command information to the server, the updated command information including a command to unblock access to the user account.
Slonecker teaches further comprising: receiving a status update for the user account; and based on the status update, communicating updated command information to the server, the updated command information including a command to unblock access to the user account (see Slonecker paragraph 0009-0010 i.e. a financial account card owner is able to lock or unlock a card by providing a user request via an appropriate delivery channel to a card processor. The user request may be a request to lock an active or operable card, or to unlock a card that has previously been locked. The delivery channel for delivering the card owner request to the card processor may 
It would have been obvious at the time the invention was made to a person having ordinary skill in the art to which said subject matter pertains to send a request to unblock access to an account (see Slonecker paragraph 0009-0010). Therefore one would have been motivated to have sent a status update to unblock access.
	With respect to claim 17 Grim does not teach the system of claim 16, wherein the operations further comprise sending a command to unblock access to the user account.
Slonecker teaches wherein the operations further comprise sending a command to unblock access to the user account (see Slonecker paragraph 0009-0010). 
It would have been obvious at the time the invention was made to a person having ordinary skill in the art to which said subject matter pertains to send a request to unblock access to an account (see Slonecker paragraph 0009-0010). Therefore one would have been motivated to have sent a status update to unblock access.

Conclusion
Any inquiry concerning this communication or earlier communications from the examiner should be directed to DEVIN E ALMEIDA whose telephone number is (571)270-1018.  The examiner can normally be reached on Monday-Thursday from 7:30 A.M. to 5:00 P.M.  The examiner can also be reached on alternate Fridays from 7:30 A.M. to 4:00 P.M. 
If attempts to reach the examiner by telephone are unsuccessful, the examiner's supervisor, Saleh Najjar, can be reached on 571-272-4006. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system.  Status information for published applications may be obtained from either Private PAIR or Public PAIR.  Status information for unpublished applications is available through Private PAIR only.  For more information about the PAIR system, see http://pair-direct.uspto.gov. Should you have questions on access to the Private PAIR system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free).


/DEVIN E ALMEIDA/Examiner, Art Unit 2492                                                                                                                                                                                                        

/SALEH NAJJAR/Supervisory Patent Examiner, Art Unit 2492