DETAILED ACTION
Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .

Information Disclosure Statement
The information disclosure statement (IDS) submitted on 06/24/2020 is in compliance with the provisions of 37 CFR 1.97.  Accordingly, the information disclosure statement is being considered by the examiner.

Claim Rejections - 35 USC § 112
The following is a quotation of 35 U.S.C. 112(b):
(b)  CONCLUSION.—The specification shall conclude with one or more claims particularly pointing out and distinctly claiming the subject matter which the inventor or a joint inventor regards as the invention.


The following is a quotation of 35 U.S.C. 112 (pre-AIA ), second paragraph:
The specification shall conclude with one or more claims particularly pointing out and distinctly claiming the subject matter which the applicant regards as his invention.


Claims 14 and 15 are rejected under 35 U.S.C. 112(b) or 35 U.S.C. 112 (pre-AIA ), second paragraph, as being indefinite for failing to particularly point out and distinctly claim the subject matter which the inventor or a joint inventor (or for applications subject to pre-AIA  35 U.S.C. 112, the applicant), regards as the invention.
Claims 14 and 15 are confusing and examiner does not understand what the applicant is trying to claim. Each claim recites the limitation "determining that the identity associated with the first device occurs".  Examiner does not understand what exactly is 

Claim Rejections - 35 USC § 102
The following is a quotation of the appropriate paragraphs of 35 U.S.C. 102 that form the basis for the rejections under this section made in this Office action:
A person shall be entitled to a patent unless –

(a)(1) the claimed invention was patented, described in a printed publication, or in public use, on sale, or otherwise available to the public before the effective filing date of the claimed invention.


(a)(2) the claimed invention was described in a patent issued under section 151, or in an application for patent published or deemed published under section 122(b), in which the patent or application, as the case may be, names another inventor and was effectively filed before the effective filing date of the claimed invention.

Claims 1-5, 7-8, 14-15, 17, 19-20, 23-25, 28-29, and 31-32 are rejected under 35 U.S.C. 102(a)(1) as being anticipated by Vanderveen et al. (US 20140310782 A1; hereinafter “Vanderveen”).
As per claims 1, 31 and 32, Vanderveen discloses: a method, server, and non-transitory, computer-readable medium, the server (Vanderveen, [0054] and [0114], authorization server) comprising: 
one or more network interfaces to communicate with a computer network on a verification channel (Vanderveen, [0099], [0114], and [0117], wireless/communication interface to communicate with devices); 
a processor (Vanderveen, Fig. 8, processor 814) coupled to the network interfaces and adapted to execute one or more processes; and 

receiving, over a verification channel, a notification of a communication on a communication channel between a first device and a second device (Vanderveen, [0054], [0083], and [0086]-[0087], authorization server receives and authorization request over a communications link (verification channel, see [0099]) indicating communication on a link (communication channel) between a first device 206 and a second device 208); 
determining whether an identity associated with the first device is verified (Vanderveen, [0065], [0083], and [0086]-[0087], the authentication server determines whether an identity associated with the first device 206 is verified); and 
informing, to the second device over the verification channel, whether the identity associated with the first device is verified (Vanderveen, [0065], [0083], and [0087], the authorization server sends an authentication ticket associated with the first device 206 to the second device 208, which indicates whether the identity of the device 206 is verified), wherein the second device is caused to manage the communication according to whether the identity of the first device is verified (Vanderveen, [0085] and [0087]-[0088],  the second device 208 establishes a secure communication session upon determining that the identity of the first device 206 is verified).

As per claim 2, claim 1 is incorporated and Vanderveen discloses: wherein the first device is an initiating device of the communication to the second device as a 

As per claim 3, claim 1 is incorporated and Vanderveen discloses: wherein the second device is an initiating device of the communication to the first device as a receiving device (Vanderveen, [0054] and [0058], either first device 206 and second device 208 can initiate communication with each other, making the initiator the initiating device and the other device the receiving device).

As per claim 4, claim 1 is incorporated and Vanderveen discloses: wherein the notification is received from the second device (Vanderveen, [0087], [0054], [0058], and [0073], because either the first or second devices can be the initiating device, whoever is the corresponding receiving device would receive the identifier of the initiating device and forward it to the authorization server, therefore, the authorization server receives the notification from whoever the receiving device).

As per claim 5, claim 1 is incorporated and Vanderveen discloses: wherein the notification is received from the first device (Vanderveen, [0087], [0054], [0058], and [0073], because either the first or second devices can be the initiating device, whoever is the corresponding receiving device would receive the identifier of the initiating device and forward it to the authorization server, therefore, the authorization server receives the notification from whoever the receiving device).

As per claim 7, claim 1 is incorporated and Vanderveen discloses: receiving a verification of the identity from a verification service client application on the first device over the verification channel (Vanderveen, [0064], first device 206 sends credential information to authorization server to authenticate/verify the first device from a user application ([0061]) on the first device); and 
wherein informing the second device over the verification channel whether the identity associated with the first device is verified comprises relaying verification of the identity (Vanderveen, [0087], authentication ticket including the verified identity is relayed to the second device).

As per claim 8, claim 1 is incorporated and Vanderveen discloses: performing verification of the identity with the first device over the verification channel (Vanderveen, [0064], first device 206 sends credential information to authorization server to authenticate/verify the first device); and 
wherein informing the second device over the verification channel whether the identity associated with the first device is verified comprises relaying a result of the performed verification (Vanderveen, [0087], authentication ticket including the verified identity (i.e., verified result) is relayed to the second device).

As per claim 14, claim 1 is incorporated and Vanderveen discloses: wherein determining that the identity associated with the first device occurs prior to receiving the 

As per claim 15, claim 1 is incorporated and Vanderveen discloses: wherein determining that the identity associated with the first device occurs in response to receiving the notification of the communication (Vanderveen, [0087], identity of first device 206 is verified in response to the second device obtaining authorization ticket of the first device ([0087])).

As per claim 17, claim 1 is incorporated and Vanderveen discloses: wherein the communication is selected from a group consisting of: a user-to-user communication; a user-to-enterprise communication; and an enterprise-to-user communication (Vanderveen, [0058] and [0050], peer-to-peer communication).

As per claim 19, claim 1 is incorporated and Vanderveen discloses: wherein the identity associated with the first device is verified without the second device accessing personally identifying information (PII) associated with the identity (Vanderveen, [0087] and [0083], first device 206 utilizes the identifier of the second device 208 to retrieve and verify the authorization ticket of the second device 208 without accessing PII associated with the identifier).

As per claim 20, claim 1 is incorporated and Vanderveen discloses: wherein the communication is selected from a group consisting of: a voice communication; a video 

As per claim 23, claim 1 is incorporated and Vanderveen discloses: wherein receiving the notification of the communication comprises receiving an intention of either the first device or the second device as an initiating device to initiate the communication prior to the communication being established (Vanderveen, [0060]-[0061], “sending the Authorization Request Message can be triggered by an order for user applications to enable a wireless link,” which occurs prior to communication being established).

As per claim 24, claim 23 is incorporated and Vanderveen discloses: wherein the intention comprises a particular time of initiating the communication (Vanderveen, [0066], validity period of a start time and an end time).

As per claim 25, claim 23 is incorporated and Vanderveen discloses: forwarding the intention to either of the first device or the second device as a receiving device (Vanderveen, [0067], authorization ticket is sent to first device 206, [0087], authorization ticket can be obtained by either first or second device as a receiving device in verifying the other/initiating device).

As per claim 28, claim 1 is incorporated and Vanderveen discloses: determining, by the server, whether an identity associated with the second device is verified (Vanderveen, [0064], server verifies the identity of the second device); and 
informing, from the server to the first device over the verification channel, whether the identity associated with the second device is verified (Vanderveen, [0087], first device obtains authorization ticket which informs the first device that the second device is verified).

As per claim 29, claim 1 is incorporated and Vanderveen discloses: determining that the identity associated with the first device is verified based on receiving a verification token from the first device (Vanderveen, [0087], “the second device 208 can transmit its (unique) identifier and the first device 206 utilizes the identifier to retrieve and verify the second device's authorization ticket, which can be obtained from a server.” Examiner submits that the authentication ticket of the first device can be obtained by the second device using this same process. Furthermore, examiner submits that when the second device retrieves the first device’s authorization ticket (i.e. token) from the server, the first device would have to send it’s ticket to the server first, thus the identity is verified based on the server receiving a verification token from the first device); and
wherein informing, from the server to the second device over the verification channel, whether the identity associated with the first device is verified comprises relaying the verification token to the second device (Vanderveen, [0087], “the second device 208 can transmit its (unique) identifier and the first device 206 utilizes the .

Claim Rejections - 35 USC § 103
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.

Claim 6 is rejected under 35 U.S.C. 103 as being unpatentable over Vanderveen in view of Rathineswaran et al. (US 20190089688 A1; hereinafter “Rathineswaran”).
As per claim 6, claim 5 is incorporated and Vanderveen does not disclose, however, Rathineswaran teaches or suggests: initiating a timer in response to the notification; waiting to receive a notification from the second device of the communication commencing; and determining that the identity associated with the first device is unverified after expiration of the timer prior to receiving the notification from the second device of the communication commencing (Rathineswaran, [0054], “if security clearance from both the first user and the second user are not received after a period of time, at procedure 290, the authentication module 144 may determine that the twin factor authentication process for the first user fails”).
.

Claims 9, 21, 22, and 26 are rejected under 35 U.S.C. 103 as being unpatentable over Vanderveen in view of Naguthanawala et al. (US 10117098 B1; hereinafter “Naguthanawala”).
As per claim 9, claim 1 is incorporated and Vanderveen does not disclose, however, Naguthanawala teaches or suggests: failing to verify the identity associated with the first device (Naguthanawala, col. 5 lines 4-77, verification fails); and wherein informing the second device over the verification channel whether the identity associated with the first device is verified comprises informing the second device that the identity associated with the first device is unverified (Naguthanawala, col. 5 lines 41-44, user authentication verification service informs call center computing device that verification failed).
It would have been obvious to a person having ordinary skill in the art before the effective filing date of the claimed invention to modify/combine the teachings of Vanderveen to include informing the second device that the verification of the first device failed over a verification channel as taught by Naguthanawala for the benefit of automating the task of authenticating users that was previously performed by humans 

As per claim 21, claim 1 is incorporated and Vanderveen does not disclose, however, Naguthanawala teaches or suggests: wherein the identity associated with the first device is verified based on one or more authentication factors selected from a group consisting of: facial recognition; fingerprint recognition; iris recognition; device location information; social security number input; federal identification number input; password input; pin input; security question input; and credit card code input (Naguthanawala, col. 5 lines 12-23, identity of user is authenticated based on fingerprint, password entry or answer to a security question).
It would have been obvious to a person having ordinary skill in the art before the effective filing date of the claimed invention to modify/combine the teachings of Vanderveen to include authenticating a user based on fingerprint, password or answer to a security question as taught by Naguthanawala because a person of ordinary skill in the art would know to combine prior art elements according to known methods to yield the predictable result of authenticating a user (KSR).

As per claim 22, claim 1 is incorporated and Vanderveen does not disclose, however, Naguthanawala teaches or suggests: wherein the identity associated with the first device is verified based on one or more authentication factors input at the first device (Naguthanawala, col. 5 lines 24-32, authenticating user based on challenge-
It would have been obvious to a person having ordinary skill in the art before the effective filing date of the claimed invention to modify/combine the teachings of Vanderveen to include determining the identity associated with the initiating device without access to any authentication factors input at the initiating device as taught by Naguthanawala for the benefit of automating the task of authenticating users that was previously performed by humans (Naguthanawala, col. 2 lines 43-47). Furthermore, if sensitive information is required by the user, sensitive/private information need not be communicated over an insecure channel (Naguthanawala, col. 2 lines 27-30).

As per claim 26, claim 1 is incorporated and Vanderveen does not disclose, however, Naguthanawala teaches or suggests: relaying an identity verification request from the second device to the first device during the communication (Naguthanawala, col. 4 lines 34-37, call center computing device requests that user authentication verification service authenticate the identity of the first party, col. 5 lines 12-23, authentication request if relayed to mobile computing device); and 
relaying a verification of identity in response to the identity verification request from the first device to the second device without the second device having access to 
It would have been obvious to a person having ordinary skill in the art before the effective filing date of the claimed invention to modify/combine the teachings of Vanderveen to include determining the identity associated with the initiating device without access to any authentication factors input at the initiating device as taught by Naguthanawala for the benefit of automating the task of authenticating users that was previously performed by humans (Naguthanawala, col. 2 lines 43-47). Furthermore, if sensitive information is required by the user, sensitive/private information need not be communicated over an insecure channel (Naguthanawala, col. 2 lines 27-30).

Claim 10 is rejected under 35 U.S.C. 103 as being unpatentable over Vanderveen in view of Naguthanawala and further in view of Rathineswaran.
As per claim 10, claim 9 is incorporated and the modified Vanderveen does not disclose, however, Rathineswaran teaches or suggests: initiating a timer in response to receiving the notification of the communication; and wherein failing to verify the identity is based on expiration of the timer prior to verifying the identity (Rathineswaran, [0054], “if security clearance from both the first user and the second user are not received after a period of time, at procedure 290, the authentication module 144 may determine that the twin factor authentication process for the first user fails”).
.

Claims 11-12 are rejected under 35 U.S.C. 103 as being unpatentable over Vanderveen in view of Tian et al. (US 20160253481 A1; hereinafter “Tian”).
As per claim 11, claim 1 is incorporated and Vanderveen does not disclose, however, Tian teaches or suggests: wherein determining whether the identity associated with the first device is verified comprises: invoking a verification service client application on the first device to obtain verification (Tian, [0162]-[0163], instruct/invoke client application to authenticate).
It would have been obvious to a person having ordinary skill in the art before the effective filing date of the claimed invention to modify/combine the teachings of Vanderveen to include initiating a verification of the identity through a client application as taught by Tian for the benefit of avoiding security problems such as spoofing (Tian, [0090]).

As per claim 12, claim 11 is incorporated and the modified Vanderveen does not disclose, however, Tian teaches or suggests: wherein the verification service client application preexists on the first device (Tian, [0008], client-side application is installed 
It would have been obvious to a person having ordinary skill in the art before the effective filing date of the claimed invention to modify/combine the teachings of the modified Vanderveen to include initiating a verification of the identity through a client application as taught by Tian for the benefit of avoiding security problems such as spoofing (Tian, [0090]).

Claim 13 is rejected under 35 U.S.C. 103 as being unpatentable over Vanderveen in view of Tian and further in view of Chaudhary et al. (US 20160192108 A1; hereinafter “Chaudhary”).
As per claim 13, claim 11 is incorporated and the modified Vanderveen does not disclose, however, Chaudhary teaches or suggests: wherein the verification service client application is not preexisting on the first device, and wherein invoking the verification service client application comprises prompting the first device to install the verification service client application (Chaudhary, [0036]-[0038], determining that the user device does not have the application and prompting the user device to install the application for authentication purposes).
It would have been obvious to a person having ordinary skill in the art before the effective filing date of the claimed invention to modify/combine the teachings of the modified Vanderveen to include prompting the first device to install the verification application when the application is not preexisting on the first device as taught by .

Claims 16 and 27 are rejected under 35 U.S.C. 103 as being unpatentable over Vanderveen in view of Shahidzadeh et al. (US 10325259B1; hereinafter “Shahidzadeh”).
As per claim 16, claim 1 is incorporated and Vanderveen does not disclose, however, Shahidzadeh teaches or suggests: wherein determining whether the identity is verified comprises one or more multi-factor authentication (MFA) queries (Shahidzadeh, Abstract, multi-factor authentication).
It would have been obvious to a person having ordinary skill in the art before the effective filing date of the claimed invention to modify/combine the teachings of Vanderveen to include using multi-factor authentication as taught by Shahidzadeh for the benefit of improving authentication of users and their transactions to mitigate the occurrence of information security fraud (Shahidzadeh, col. 14 lines 55-60).

As per claim 27 claim 1 is incorporated and Vanderveen does not disclose, however, Shahidzadeh teaches or suggests: in response to the identity being verified (Shahidzadeh, col. 14 lines 1-2, user logs into the system): 
relaying a request for increased assurance of verification of the identity from the second device to the first device during the communication (Shahidzadeh, col. 14 line 4, request escalation of the level of assurance); and 

It would have been obvious to a person having ordinary skill in the art before the effective filing date of the claimed invention to modify/combine the teachings of Vanderveen to include increasing the assurance of verification as taught by Shahidzadeh for the benefit of improving authentication of users and their transactions to mitigate the occurrence of information security fraud (Shahidzadeh, col. 14 lines 55- 60).

Claim 18 is rejected under 35 U.S.C. 103 as being unpatentable over Vanderveen in view of Scruby et al. (US 20190149539 A1).
As per claim 18, claim 1 is incorporated and Vanderveen does not disclose, however, Scruby teaches or suggests: wherein the identity associated with the first device is verified in response to attestation of a user identity at the first device (Scruby, Abstract, verifying the identity of the first device based on attestation of a user at the first device using a user at a second device).
It would have been obvious to a person having ordinary skill in the art before the effective filing date of the claimed invention to modify/combine the teachings of Vanderveen to include verifying the identity of the first device in response to attestation of a user identity at the first device as taught by Scruby for the benefit of performing .

Claim 30 is rejected under 35 U.S.C. 103 as being unpatentable over Vanderveen in view of Wang et al. (US 20190325129 A1; hereinafter “Wang”).
As per claim 30, claim 29 is incorporated and Vanderveen does not disclose, however, Wang teaches or suggests: wherein the second device is configured to pass the verification token to a third device to cause the third device to determine that the identity associated with the first device is verified based on receiving the verification token (Vanderveen, [0024], client application passes the access token to the resource-hosting server (i.e., third device) to verify the token).
It would have been obvious to a person having ordinary skill in the art before the effective filing date of the claimed invention to modify/combine the teachings of Vanderveen to include passing the verification token to a third device as taught by Wang because a person of ordinary skill in the art would know to combine prior art elements according to known methods to yield the predictable result of verifying a token (KSR).

Conclusion
The prior art made of record and not relied upon is considered pertinent to applicant's disclosure. Refer to PTO-892, Notice of References Cited for a listing of analogous art.

Any inquiry concerning this communication or earlier communications from the examiner should be directed to ALEXANDER R LAPIAN whose telephone number is (571)272-7552.  The examiner can normally be reached on M-F 9:30-6:00 PM.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Kristine Kincaid can be reached on 571-272-4063.  The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system.  Status information for published applications may be obtained from either Private PAIR or Public PAIR.  Status information for unpublished applications is available through Private PAIR only.  For more information about the PAIR system, see https://ppair-my.uspto.gov/pair/PrivatePair. Should you have questions on access to the Private PAIR system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative or access 


ALEXANDER R. LAPIAN
Examiner
Art Unit 2437



/ALEXANDER R LAPIAN/Examiner, Art Unit 2437   

/KRISTINE L KINCAID/Supervisory Patent Examiner, Art Unit 2437