DETAILED ACTION


1.	The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .

2.	Claims 1-20 are pending.  Claims 1, 6 and 13 are independent.  

3.	The IDS’es submitted on 10/3/2019, 7/23/20, 9/22/2020, 11/18/2020, 3/10/2021 and 5/3/2021 have been considered.

Claim Objections
4.	Claims 4, 12 and 20 are objected to as being dependent upon a rejected base claim, but would be allowable if rewritten in independent form including all of the limitations of the base claim and any intervening claims.

Claim Rejections - 35 USC § 103
5.	The following is a quotation of 35 U.S.C. 103(a) which forms the basis for all obviousness rejections set forth in this Office action:
(a) A patent may not be obtained though the invention is not identically disclosed or described as set forth in section 102 of this title, if the differences between the subject matter sought to be patented and the prior art are such that the subject matter as a whole would have been obvious at the time the invention was made to a person having ordinary skill in the art to which said subject matter pertains.  Patentability shall not be negatived by the manner in which the invention was made.

6.	Claims 1-3, 5-11 and 13-19 are rejected under 35 U.S.C. 103(a) as being unpatentable over Forte (US PG Pub. 2015/0149359) in view of Kasad (US PG Pub. 2011/0296513). 
	As regarding claim 1, Forte discloses A system comprising: 
a telecommunication provider server configured for detecting a location of a mobile device [FIG. 1 and para. 44 and 47; out-of-band device 122]; 
a host server configured for conducting, with the mobile device, an electronic transaction within an interactive computing environment accessible over a data network [para. 34-36; web server 112]; and 
an identification-and-authentication system communicatively coupled to (i) the host server via a first communication channel [para. 49-52; verification request 120 and verification response sent to web server 112 via a communication channel that is being used as part of the transaction] and (ii) the telecommunication provider server via a second communication channel that is out-of-band with respect to the first communication channel [para. 42], wherein the identification-and-authentication system is configured for: 
obtaining, via the first communication channel, a data network identifier that identifies the mobile device [para. 39, 64, 79; obtaining device identifier], 
Forte does not explicitly disclose the following limitations that, however, are disclosed by Kasad generating, based on communications with the telecommunication provider server via the second communication channel, a dynamic identity-verification element comprising (i) the data network identifier and (ii) a location identifier that identifies a geographic location of the mobile device [FIG. 3, para. 9-11, 17, and 36], 
matching the dynamic identity-verification element to a device-and-location combination indicating unauthorized use of the host server by the mobile device [para. 36; matching the combination of the unique ID and the current location of the .
It would have been obvious to one of ordinary skill in the art at the time of filing of the invention to modify Forte’s system to further comprise the missing claim features, as disclosed by Kasad, in order to further enhance the security of the system by requiring a third, location-based level of security [Kasad abstract].
Kasad further discloses automatically transmitting a control signal to the host server [para. 36-37; transmitting an access denial signal], 
wherein the host server is further configured for preventing, responsive to the control signal, the mobile device from accessing a function for advancing the electronic transaction within the interactive computing environment [para. 36-37; denying access to the secure network resource].

As regarding claim 2, Forte and Kasad further disclose The system of claim 1, wherein the telecommunication provider server is further configured for: 
detecting the location of the mobile device using an access point of the data network managed by the telecommunication provider server [Forte para. 66 or Kasad para. 29-31]; and 
transmitting, to the identification-and-authentication system, location data identifying the detected location, wherein the identification-and-authentication system is configured for generating the dynamic identity-verification element by (i) obtaining the location identifier from the location data and (ii) combining the data network identifier and the location identifier into the dynamic identity-verification element [Kasad para. 36]. 	As regarding claim 3, Forte and Kasad further disclose The system of claim 1, wherein matching the dynamic identity-verification element to the device-and-location combination indicating unauthorized use comprises: 
accessing data identifying a set of valid locations for the mobile device; and determining that the set of valid locations lacks the location indicated by the location identifier in the dynamic identity-verification element [Kasad para. 36]. 	As regarding claim 5, Forte and Kasad further disclose The system of claim 1, wherein the location identifier comprises one or more of: relative location data indicating a distance between (i) a specified geographic location associated with the host server and (ii) the mobile device [Forte para 66]; and a set of geographic coordinates for the mobile device [Kasad element 550 of FIG. 3]. 	As regarding claim 6, Forte and Kasad disclose A method in which one or more processing devices of an identification-and-authentication system perform operations comprising: 
obtaining, via a first communication channel with a host server, a data network identifier that identifies a mobile device accessing an interactive computing environment provided by the host server [Forte para. 39, 64, 79; obtaining device identifier]; 
generating, from communications with a telecommunication provider server via a second communication channel that is out-of-band with respect to the first communication channel, a dynamic identity-verification element comprising (i) the data network identifier and (ii) a location identifier that identifies a geographic location of the mobile device [Kasad FIG. 3, para. 9-11, 17, and 36]; 
matching the dynamic identity-verification element to a device-and-location combination indicating unauthorized use of the host server by the mobile device [Kasad para. 36; matching the combination of the unique ID and the current location of the location authentication token 310 with an entry of authorized locations for pre-registered location authentication tokens stored in the user authorized locations database 300]; and 
preventing the mobile device from accessing a function for advancing an electronic transaction within the interactive computing environment [Kasad para. 36-37; denying access to the secure network resource]. 	As regarding claim 7, Forte and Kasad further disclose The method of claim 6, wherein preventing the mobile device from accessing the function comprises preventing identification data that is required for accessing the function from being transmitted to the mobile device [Kasad para. 36-37; denying access to the secure network resource].

As regarding claim 8, Forte and Kasad further disclose The method of claim 6, wherein preventing the mobile device from accessing the function comprises automatically transmitting a control signal to the host server that causes the host server to prevent the mobile device from accessing the function [para. 36-37; transmitting an access denial signal].

9, Forte and Kasad further disclose The method of claim 6, wherein matching the dynamic identity-verification element to the device-and-location combination indicating unauthorized use comprises: 
accessing data identifying a set of valid locations for the mobile device; and determining that the set of valid locations lacks the location indicated by the location identifier in the dynamic identity-verification element [Kasad para. 36].

As regarding claim 10, Forte and Kasad further disclose The method of claim 6, wherein the location identifier comprises relative location data indicating a distance between (i) a specified geographic location associated with the host server and (ii) the mobile device [Forte para 66].

As regarding claim 11, Forte and Kasad further disclose The method of claim 6, wherein the location identifier comprises a set of geographic coordinates for the mobile device [Kasad element 550 of FIG. 3].
As regarding claim 13, Forte and Kasad disclose An identification-and-authentication system comprising: 
a network interface device communicatively coupled to (i) a host server via a first communication channel and (ii) a telecommunication provider server via a second communication channel that is out-of-band with respect to the first communication channel [Forte para. 49-52; verification request 120 and verification response sent to web server 112 via a communication channel that is being used as part of the transaction]; 
a non-transitory computer-readable medium storing instructions [Forte para. 14]; and 
a processing device communicatively coupled to the network interface device and the non-transitory computer-readable medium [Forte para. 14], 
wherein the processing device is configured to execute the instructions and thereby perform operations comprising: obtaining, via the first communication channel, a data network identifier that identifies a mobile device accessing an interactive computing environment provided by the host server [Forte para. 39, 64, 79; obtaining device identifier], 
generating, from communications with a telecommunication provider server via a second communication channel that is out-of-band with respect to the first communication channel, a dynamic identity-verification element comprising (i) the data network identifier and (ii) a location identifier that identifies a geographic location of the mobile device during an electronic transaction [Kasad FIG. 3, para. 9-11, 17, and 36], 
computing, from the dynamic identity-verification element, an indicator of unauthorized use of the host server by the mobile device [Kasad para. 36; matching the combination of the unique ID and the current location of the location authentication token 310 with an entry of authorized locations for pre-registered location authentication tokens stored in the user authorized locations database 300], and 
preventing the mobile device from accessing a function for advancing an electronic transaction within the interactive computing environment [Kasad para. 36-37; denying access to the secure network resource].

As regarding claim 14, Forte and Kasad further disclose The identification-and-authentication system of claim 13, wherein preventing the mobile device from accessing the function comprises configuring the network interface device to transmit, to the host server, a control signal configured for causing the host server to prevent the mobile device from accessing the function [Kasad para. 36-37; denying access to the secure network resource].

As regarding claim 15, Forte and Kasad further disclose The identification-and-authentication system of claim 14, wherein the computing the indicator of the unauthorized use comprises matching the dynamic identity-verification element to a device-and-location combination indicating the unauthorized use, wherein the matching comprises: accessing data identifying a set of valid locations for the mobile device; and determining that the set of valid locations lacks the location indicated by the location identifier in the dynamic identity-verification element [Kasad para. 36; matching the combination of the unique ID and the current location of the location authentication token 310 with an entry of authorized locations for pre-registered location authentication tokens stored in the user authorized locations database 300].

As regarding claim 16, Forte and Kasad further disclose The identification-and-authentication system of claim 13, wherein computing the indicator of the unauthorized use comprises: configuring the network interface device to transmit, to the host server, a validation request having the location identifier; and determining, from a response to the validation request, that the location of the mobile device is invalid [Kasad para. 36-37; denying access to the secure network resource].
As regarding claim 17, Forte and Kasad further disclose The identification-and-authentication system of claim 16, wherein preventing the mobile device from accessing the function comprises preventing, based on determining that the location of the mobile device is invalid, identification data that is required for accessing the function from being transmitted to the mobile device [Kasad para. 36-37; denying access to the secure network resource].

As regarding claim 18, Forte and Kasad further disclose The identification-and-authentication system of claim 13, wherein the location identifier comprises relative location data indicating a distance between (i) a specified geographic location associated with the host server and (ii) the mobile device [Forte para 66].

As regarding claim 19, Forte and Kasad further disclose The identification-and-authentication system of claim 13, wherein the location identifier comprises a set of geographic coordinates for the mobile device [Kasad element 550 of FIG. 3].





Conclusion
Any inquiry concerning this communication or earlier communications from the examiner should be directed to THONG P TRUONG whose telephone number is (571)270-7905.  The examiner can normally be reached on M-F 8:30AM - 5:30PM.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, Applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.  
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Jeffrey Pwu can be reached on 57127267986798.  The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system.  Status information for published applications may be obtained from either Private PAIR or Public PAIR.  Status information for unpublished applications is available through Private PAIR only.  For more information about the PAIR system, see http://pair-direct.uspto.gov. Should you have questions on access to the Private PAIR system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free).  If you would like assistance from a USPTO Customer Service Representative or access to the automated information system, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.
/THONG TRUONG/
Examiner, Art Unit 2433

/JEFFREY C PWU/Supervisory Patent Examiner, Art Unit 2433