Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .
1.This action is responsive to the communication filed on June 4, 2020. At this time, claims 1-20 are pending and addressed below.
In the event the determination of the status of the application as subject to AIA  35 U.S.C. 102 and 103 (or as subject to pre-AIA  35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status.  

                                                                         Double Patenting
4. The nonstatutory double patenting rejection is based on a judicially created doctrine grounded in public policy (a policy reflected in the statute) so as to prevent the unjustified or improper timewise extension of the "right to exclude" granted by a patent and to prevent possible harassment by multiple assignees. A nonstatutory obviousness-type double patenting rejection is appropriate where the conflicting claims are not identical, but at least one examined application claim is not patentably distinct from the reference claim(s) because the examined application claim is either anticipated by, or would have been obvious over, the reference claim(s). See, e.g., In re Berg, 140 F.3d 1428, 46 USPQ2d 1226 (Fed. Cir. 1998); In re Goodman, 11 F.3d 1046, 29 USPQ2d 2010 (Fed. Cir. 1993);  In re Longi, 759 F.2d 887, 225 USPQ 645 (Fed. Cir. 1985); In re Van Omum, 686 F.2d 937, 214 USPQ 761 (CCPA 1982); In re Vogel, 422 F.2d 438, 164 USPQ 619 (CCPA 1970); and In re Thorington, 418 F.2d 528, 163 USPQ 644 (CCPA 1969). 
A timely filed terminal disclaimer in compliance with 37 CFR 1.321(c) or 1.321(d) may be used to overcome an actual or provisional rejection based on a nonstatutory double patenting ground provided the conflicting application or patent either is shown to be commonly owned with this application, or claims an invention made as a result of activities undertaken within the scope of a joint research agreement. 
Effective January 1, 1994, a registered attorney or agent of record may sign a terminal disclaimer. A terminal disclaimer signed by the assignee must fully comply with 37 CFR 3.73(b). 

Claims 1-1-6, 9-13 and 16 are rejected on the ground of nonstatutory obviousness-type double patenting as being unpatentable over  1-4, 8, 11 and 14    of US patent number 10728240. The conflicting claims are not identical, they are not patentably distinct from each other because the current application contains claims that are broader in scope than the claims of the patent number 10728240 and are anticipated by the claims  1-4, 8, 11 and 14 . 

This is a provisional obviousness double patenting rejection.    

                                                   Claims Comparison Table

16892798
Patent Number
10728240
A method for variable-step authentication at a server, comprising: receiving, from a communication device, a request for a communication involving the communication device in a controlled environment; determining a trust level associated with a participant of the communication device, wherein the trust level indicates a number of authentication steps to be successfully verified in order for the participant to participate in the communication; establishing an authentication procedure for the communication based on the trust level associated with the participant, wherein the authentication procedure includes a number of authentication steps indicated by the trust level; transmitting, by the server to the communication device, the authentication procedure prior to initiating the communication; receiving, from the communication device, responses to the authentication procedure; and establishing the communication upon successful verification of the responses.
2. The method of claim 1, further comprising: updating the trust level based on the responses to the authentication procedure, wherein the updating the trust level comprises adding another authentication step or removing at least one authentication step from the authentication procedure. 
3. The method of claim 2, wherein adding the another authentication step is based on unsuccessful verification of the responses and removing the at least one authentication step is based on the successful verification of the responses. 



4. The method of claim 1, wherein the authentication procedure comprises a first authentication step and a second authentication step, and in receiving the responses to the authentication procedure, the method further comprises: receiving a first response to the first authentication step; and receiving a second response to the second authentication step.
2. The method of claim 1, further comprising: verifying the first response; receiving the second response to the second authentication step; and verifying the second response. 
5. The method of claim 1, further comprising: determining that at least one response of the responses includes an authorization of payment for the communication. 
3. The method of claim 2, wherein in response to verifying the first response and the second response, determining that at least one of the 

4. The method of claim 1, wherein the first authentication step and the second authentication step are selected from: a biometric challenge, a password challenge, or a confirmation challenge. 


9. A server for performing variable-step authentication, comprising: a memory; and a processor coupled to the memory, the processor configured to: receive, from a communication device, a request for a communication involving the communication device in a controlled environment; determine a trust level associated with a participant of the communication device, wherein the trust level indicates a number of authentication steps to be successfully verified in order for the participant to participate in the communication; establish an authentication procedure for the communication based on the trust level associated with the participant, wherein the authentication procedure includes the number of authentication steps indicated by the trust level; transmit, by the server to the communication device, the authentication 
10. The server of claim 9, the processor further configured to: update the trust level based on the responses to the authentication procedure, wherein updating the trust level comprises adding another authentication step or removing at least one authentication step from the authentication procedure. 11. The server of claim 10, wherein adding the another authentication step is based on unsuccessful verification of the responses and removing the at least one authentication step is based on the successful verification of the responses.


   11. The server of claim 8, wherein the first trust level and the second trust level are provided by the controlled environment, the first trust level is based on at least one of authentication history of the first participant, an identity of the second participant, or a profile of the first participant, and the second trust level is based on at least one of authentication history of the second participant, an identity of the first participant, or a profile of the second participant. 
13. The server of claim 9, wherein authentication steps in the authentication procedure are selected from: a biometric challenge, a password challenge, or a confirmation challenge.
14. The server of claim 8, wherein the first authentication step and the second authentication step are selected from: a biometric challenge, a password challenge, or a confirmation challenge.
16. A method for variable-step authentication at a communication device, comprising: transmitting, by the communication device to a server, a 






















Claim Rejections - 35 USC § 103
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.

Claims 1, 4-9 and 12-20 are rejected under 35 U.S.C 103 as being unpatentable over Nguyen, UIS pat.No 20080028453  in view of SALONEN, US pat.No 20140282958. 

Claims 1, 9 and 16. Nguyen discloses a method for variable-step authentication at a server, (See Nguyen, abstract; a method for authenticating a user involves receiving a request from the user to access a resource, where the resource is associated with at least one authentication requirement, determining a trust level associated with access to the resource) comprising:  
receiving, from a communication device, a request for a communication involving the communication device in a controlled environment; (See Nguyen,[0005]; a computer system to receive a request from the user to access a resource)
determining a trust level associated with a participant of the communication device, wherein the trust level indicates a number of authentication steps to be successfully verified in order for the participant to participate in the communication; (See Nguyen, [0026]; the trust engine (116) is configured to determine a requisite trust level for a user or a user session (i.e., the authenticated session opened by the IAM framework (100) when a user requests access to a resource) 
establishing an authentication procedure for the communication based on the trust level associated with the participant, wherein the authentication procedure includes a number of authentication steps  (See Nguyen, [0031] Thus, based on the trust level associated with access to a resource, a user may be prompted for different user credentials and the authentication method chosen to authentication the user may depend on the trust level required. See also [0029]; the authentication method used for a high (208) trust level may be a two-factor authorization (218) authentication method) 
Nguyen does not appear to explicitly disclose transmitting, by the server to the communication device, the authentication procedure prior to initiating the communication; 
receiving, from the communication device, responses to the authentication procedure; 
and establishing the communication upon successful verification of the responses. 
However, SALONEN discloses transmitting, by the server to the communication device, the authentication procedure prior to initiating the communication; (See Salonen, [0082]; the authentication app sends instructions to the user interface, so that the user knows what is expected of them. For instance, the authentication app may instruct the user to pinch their left earlobe with their right hand while holding the mobile terminal in their left hand in such a manner that the gesture can be captured with the camera. ) 
                          receiving, from the communication device, responses to the authentication procedure; (See Salonen, [0010]; a least one response to the challenge is received from the user ) 
and establishing the communication upon successful verification of the responses. (See  Salonen, [ 0087 ]; authorization of a payment ,the user with a given user ID has passed the authentication. )
Nguyen and Salonen are analogous art because they are from the same field of endeavor which is authentication. It would have been obvious to a person of ordinary skill in the art before the effective filing date of the claimed invention to modify the invention of Nguyen with the teaching of Salonen to include the authentication app because it would have sent authentication procedure to the users. 
 

Claim 5. The combination Nguyen and Salonen discloses the method of claim 1, further comprising: determining that at least one response of the responses includes an authorization of payment for the communication. (See Salonen, [ 0087 ]; authorization of a payment ,the user with a given user ID has passed the authentication. )
Nguyen and Salonen are analogous art because they are from the same field of endeavor which is authentication. It would have been obvious to a person of ordinary skill in the art before the effective filing date of the claimed invention to modify the invention of Nguyen with the teaching of Salonen to include the authentication app because it would have sent authentication procedure to the users. 
Claim 6. The combination Nguyen and Salonen discloses the method of claim 1, wherein authentication steps in the authentication procedure are selected from: a biometric challenge, a password challenge, or a confirmation challenge. (See Salonen, [0016])
Nguyen and Salonen are analogous art because they are from the same field of endeavor which is authentication. It would have been obvious to a person of ordinary skill in the art before the effective filing date of the claimed invention to modify the invention of Nguyen with the teaching of Salonen to include the authentication app because it would have sent authentication procedure to the users. 
 Claim 7. The combination Nguyen and Salonen discloses the method of claim 1, wherein the trust level is provided by the controlled environment and is based on at least one of authentication history of the 
Nguyen and Salonen are analogous art because they are from the same field of endeavor which is authentication. It would have been obvious to a person of ordinary skill in the art before the effective filing date of the claimed invention to modify the invention of Nguyen with the teaching of Salonen to include the authentication app because it would have sent authentication procedure to the users. 
Claim 8. The combination Nguyen and Salonen discloses the method of claim 1, wherein the communication involves a second participant, further comprising: determining a second trust level associated with the second participant; (See Nguyen, [0026]) and transmitting a second authentication procedure that is established based on the second trust level to the second participant. (See Nguyen, [ 0005 ]; determine a trust level associated with access to the resource, obtain user credentials based on the trust level associated with the resource, select an authentication method for authenticating the user based on the trust level associated with the resource, generate user authentication information based on the trust level associated with the resource and the user credentials obtained )
Claim 12. The combination Nguyen and Salonen discloses the server of claim 9, wherein the trust level is provided by the controlled environment and the trust level is based on at least one of an authentication history of the participant, an identity of a second participant involved with the communication, or a profile of the participant. (See Salomen, [0057]; based on user good history)
Nguyen and Salonen are analogous art because they are from the same field of endeavor which is authentication. It would have been obvious to a person of ordinary skill in the art before the effective filing date of the claimed invention to modify the invention of Nguyen with the teaching of Salonen to include the authentication app because it would have sent authentication procedure to the users. 
 Claim 13. The combination Nguyen and Salonen discloses the server of claim 9, wherein authentication steps in the authentication procedure are selected from: a biometric challenge, a password challenge, or a confirmation challenge. (See Salonen, [0016]; For instance, biometric ) Nguyen and Salonen are analogous art because they are from the same field of endeavor which is authentication. It would have been obvious to a person of ordinary skill in the art before the effective filing date of the claimed invention to modify the invention of Nguyen with the teaching of Salonen to include the biometric information because it would have allowed stronger authentication. Claim 14. The combination Nguyen and Salonen discloses the server of claim 9, the processor further configured to: determine that at least one response of the responses includes an authorization of payment for the communication. (See  Salonen, [ 0087 ]; authorization of a payment ,the user with a given user ID has passed the authentication. )
Nguyen and Salonen are analogous art because they are from the same field of endeavor which is authentication. It would have been obvious to a person of ordinary skill in the art before the effective filing date of the claimed invention to modify the invention of Nguyen with the teaching of Salonen to include the authentication app because it would have sent authentication procedure to the users. 
Nguyen and Salonen are analogous art because they are from the same field of endeavor which is authentication. It would have been obvious to a person of ordinary skill in the art before the effective filing date of the claimed invention to modify the invention of Nguyen with the teaching of Salonen to include the authentication app because it would have sent authentication procedure to the users. 
 Claim 15. The combination Nguyen and Salonen discloses the server of claim 9, wherein the authentication procedure comprises a first authentication step and a second authentication step, and in receiving responses to the authentication procedure, the processor is further configured to: receive a first response to the first authentication step; and receive a second response to the second 
Nguyen and Salonen are analogous art because they are from the same field of endeavor which is authentication. It would have been obvious to a person of ordinary skill in the art before the effective filing date of the claimed invention to modify the invention of Nguyen with the teaching of Salonen to include the authentication app because it would have sent authentication procedure to the users. 
 
Claim 17. The combination Nguyen and Salonen discloses the method of claim 16, further comprising: transmitting, to the server, a second response to the second authentication step. See Nguyen, [0026]) and transmitting a second authentication procedure based on the second trust level to the second participant. (See Nguyen, [ 0005 ]; determine a trust level associated with access to the resource, obtain user credentials based on the trust level associated with the resource, select an authentication method for authenticating the user based on the trust level associated with the resource, generate user authentication information based on the trust level associated with the resource and the user credentials obtained)
Claim 18. The combination Nguyen and Salonen discloses the method of claim 17, wherein the first response and the second response include information selected from: biometric information, a password, and alphanumeric sequence. (See Salonen, [0016]; For instance, biometric information from the user's face, iris and/or at least one fingerprint can be captured with the smartphone's camera. Alternatively or additionally, a voice sample of the user may be captured by the smartphone's microphone.) Claim 19. The combination Nguyen and Salonen discloses the method of claim 17, wherein the first response and the second response are selected from: an email message, an short message service (SMS) message, and a biometric response. (See Salonen, [0016]; For instance, biometric information from the user's face, iris and/or at least one fingerprint can be captured with the smartphone's camera. Alternatively or additionally, a voice )Claim 20. The combination Nguyen and Salonen discloses the method of claim 16, wherein the authentication procedure further comprises a third authentication step. (See Salonen [0020];Combinations of username, password and/or PIN code are well known in the context of simpler authentication schemes, and they can be used in the third category of authentication information of the present disclosure as examples of "what you know". Combinations of factual questions and answers, like "your mother's maiden name" are also well known. A feature shared by usernames, passwords, PIN codes and answers to factual questions is that they are entered via the terminal's keyboard or keypad (which may be implemented by means of a touch-sensitive display). )

Allowable Subject Matter
Claims 2 and 3 (together); 10 and 11(together) are objected to as being dependent upon a rejected base claim, but would be allowable if rewritten in independent form including all of the limitations of the base claim and any intervening claims.

                                                                   Conclusion
The prior art made of record and not relied upon is considered pertinent to applicant's disclosure. 
Stelzner, US pat.No 20160065537.
Freeman, US pat.No 20070101400.
Haines, GB-2411554-A
Any inquiry concerning this communication or earlier communications from the examiner should be directed to JOSNEL JEUDY whose telephone number is (571)270-7476.  The examiner can normally be reached on M-F 10:00-8:00.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is 
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Arani T Taghi can be reached on (571)272-3787.  The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system.  Status information for published applications may be obtained from either Private PAIR or Public PAIR.  Status information for unpublished applications is available through Private PAIR only.  For more information about the PAIR system, see https://ppair-my.uspto.gov/pair/PrivatePair. Should you have questions on access to the Private PAIR system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative or access to the automated information system, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.

Date: 9/7/2021




/JOSNEL JEUDY/Primary Examiner, Art Unit 2438