DETAILED ACTION

Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .

Claims 1-22 are presented for examination.

Claim Objections
Claims 4 and 13 are objected to because of the following informalities:  
In claim 4, line 3: “the primary device” lacks antecedent basis;
In claim 13, lines 17-18: “first sets of credentials related to registrations of other users” is unclear if it relates to “first set of credentials related to registrations of other users”.
Appropriate correction is required.

Claim Rejections - 35 USC § 103
In the event the determination of the status of the application as subject to AIA  35 U.S.C. 102 and 103 (or as subject to pre-AIA  35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status.  
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the 

This application currently names joint inventors. In considering patentability of the claims the examiner presumes that the subject matter of the various claims was commonly owned as of the effective filing date of the claimed invention(s) absent any evidence to the contrary.  Applicant is advised of the obligation under 37 CFR 1.56 to point out the inventor and effective filing dates of each claim that was not commonly owned as of the effective filing date of the later invention in order for the examiner to consider the applicability of 35 U.S.C. 102(b)(2)(C) for any potential 35 U.S.C. 102(a)(2) prior art against the later invention.
Claims 1-4 and 7 is/are rejected under 35 U.S.C. 103 as being unpatentable over Sebastian et al. (US 2013/0340048 A1 and Sebastian hereinafter) in view of Zhang (US 2020/0036788 A1), and further in view of Kim et al. (US 2019/0075102 and Kim hereinafter).
As to claim 1, Sebastian discloses a system and method for mobile application management framework, the system and method having:
prompting a user to provide a first set of credentials (0025, lines 2-12); 
receiving the first set of credentials (0025, lines 6-10); 
using an initial verification process including at least one of validity, a uniqueness, a suspicious contextual detection, or statistical recurrence verification process, to verify the first set of credentials based on stored data (0025, lines 6-10); 
registering the user for a service based on at least one of a positive result of the initial verification process or a positive result of the second strong validation process (0026, lines 36-42); 
refusing to register the user for the service based on at least a negative result of the initial verification process and the negative result of the second strong validation process (0026, lines 27-28).
Sebastian fails to specifically disclose:
based on a negative result of the initial verification process: prompting the user to provide a second set of credentials, wherein the first and second sets of credentials are both associated with the user, 
receiving the second set of credentials; 
using a second strong validation process to validate the second set of credentials based on the stored data; 
blacklisting the verified second set of credentials upon registering the user.
Nonetheless, these features are well known in the art and would have been an obvious modification of the teachings disclosed by Sebastian, as taught by Zhang.
Zhang discloses a system and method for elastic cloud storage on multiple locations, the system and method having:
based on a negative result of the initial verification process: prompting the user to provide a second set of credentials, wherein the first and second sets of credentials are both associated with the user (0048, lines 18-25), 
receiving the second set of credentials (0048, lines 18-25); 
using a second strong validation process to validate the second set of credentials based on the stored data (0048, lines 15-18). 
Given the teaching of Zhang, a person having ordinary skill in the art before the effective filing date of the claimed invention would have readily recognized the desirability and advantages of modifying the teachings of Sebastian with the teachings of Zhang by validating a second set of credentials when first credentials fail. Zhang recites motivation by disclosing that validating a second set of credentials when an initial validation fails permits access (0048, lines 18-25). It is obvious to apply the teachings of Zhang to the teachings of Sebastian by validating a second set of credentials in order to permit access.

Sebastian in view of Zhang fails to specifically disclose:
blacklisting the verified second set of credentials upon registering the user.
Nonetheless, this feature is well known in the art and would have been an obvious modification of the teachings disclosed by Sebastian in view of Zhang, as taught by Kim.
Kim discloses a system and method discloses a system and method for FIDO universal authentication, the system and method having:
blacklisting the verified second set of credentials upon registering the user (0127, lines 1-4; 0128, lines 1-4).
Given the teaching of Kim, a person having ordinary skill in the art before the effective filing date of the claimed invention would have readily recognized the desirability and advantages of modifying the teachings of Sebastian in view of Zhang with the teachings of Kim by blacklisting verified second set of credentials. Kim recites motivation by disclosing that including credentials in the disallowed user list prevents the user terminal of the same user from being registered again (0128, lines 1-4). It is obvious that the teachings of Kim would have improved the teachings of Sebastian in view of Zhang by blacklisting verified second set of credentials in order to prevent a user’s terminal from registering again.

As to claim 2, Sebastian in view of Zhang fails to specifically disclose:
rejecting registration of the user for the service after completion of the initial verification process, when the user enters at least one blacklisted credential from the first set of credentials.
Nonetheless, this feature is well known in the art and would have been an obvious modification of the teachings disclosed by Sebastian in view of Zhang, as taught by Kim.

rejecting registration of the user for the service after completion of the initial verification process, when the user enters at least one blacklisted credential from the first set of credentials (0096, lines 1-8).
Given the teaching of Kim, a person having ordinary skill in the art before the effective filing date of the claimed invention would have readily recognized the desirability and advantages of modifying the teachings of Sebastian in view of Zhang with the teachings of Kim by rejecting registration of the user. Please refer to the motivation recited above with respect to claim 1 as to why it is obvious to apply the teachings of Kim to the teachings of Sebastian in view of Zhang.

As to claim 3, Sebastian fails to specifically disclose:
wherein, during the second strong validation process, the user is requested to authorize collecting information about a primary device used for the registration of the user, and wherein the information about the primary device is collected.
Nonetheless, this feature is well known in the art and would have been an obvious modification of the teachings disclosed by Sebastian, as taught by Zhang.
Zhang discloses:
wherein, during the second strong validation process, the user is requested to authorize collecting information about a primary device used for the registration of the user, and wherein the information about the primary device is collected (0049, lines 1-3).
Given the teaching of Zhang, a person having ordinary skill in the art before the effective filing date of the claimed invention would have readily recognized the desirability and advantages of modifying the teachings of Sebastian with the teachings of Zhang by validating a second set of credentials when first 

As to claim 4, Sebastian fails to specifically disclose:
wherein the initial verification process includes operations comprising: collecting an Internet provider address of the primary device; 
estimating a location of the primary device based on the Internet provider address.
Nonetheless, this feature is well known in the art and would have been an obvious modification of the teachings disclosed by Sebastian, as taught by Zhang.
Zhang discloses:
wherein the initial verification process includes operations comprising: collecting an Internet provider address of the primary device (0049, lines 1-3); 
estimating a location of the primary device based on the Internet provider address (0049, lines 8-11).
Given the teaching of Zhang, a person having ordinary skill in the art before the effective filing date of the claimed invention would have readily recognized the desirability and advantages of modifying the teachings of Sebastian with the teachings of Zhang by validating a second set of credentials when first credentials fail. Please refer to the motivation recited above with respect to claim 1 as to why it is obvious to apply the teachings of Zhang to the teachings of Sebastian.

As to claim 7, Sebastian discloses:
requesting the user to provide a phone number for a phone (0026, lines 29-32); 
providing a code via the phone to the user (0026, lines 29-32); 
validating the phone by receiving the code from the user, the code being a credential from the second set of credentials (0026, lines 32-42).

Claim 6 is/are rejected under 35 U.S.C. 103 as being unpatentable over Sebastian in view of Zhang and Kim as applied to claim 1 above, and further in view of Wynn et al. (US 2012/0204243 A1 and Wynn hereinafter).
As to claim 6, Sebastian in view of Zhang and Kim fails to specifically disclose:
wherein during the second strong validation process, the user is requested to provide a credit card, wherein the credit card information is collected, and wherein the credit card is charged a small fee to verify the credit card.
Nonetheless, this feature is well known in the art and would have been an obvious modification of the teachings disclosed by Sebastian in view of Zhang and Kim, as taught by Wynn.
Wynn discloses a system and method for network curation, the system and method having:
wherein during the second strong validation process, the user is requested to provide a credit card, wherein the credit card information is collected, and wherein the credit card is charged a small fee to verify the credit card (0089, lines 6-13).
Given the teaching of Wynn, a person having ordinary skill in the art before the effective filing date of the claimed invention would have readily recognized the desirability and advantages of modifying the teachings of Sebastian in view of Zhang and Kim with the teachings of Wynn by charging a fee to verify a credit card. Wynn recites motivation by disclosing that charging a fee to a credit card provides a way to confirm the identity of a user prior to granting access (0089, lines 6-13). It is obvious that the teachings of Wynn would have improved the teachings of Sebastian in view of Zhang and Kim by charging a fee to a credit card in order to confirm the identity of a user.

Claim 8 is/are rejected under 35 U.S.C. 103 as being unpatentable over Sebastian in view of Zhang and Kim as applied to claim 1 above, and further in view of Ziraknejad et al. (US Patent 10,701,067 B1 and Ziraknejad hereinafter).
As to claim 8, Sebastian in view of Zhang and Kim fails to specifically disclose:
collecting and evaluating behavior biometrics of the user.
Nonetheless, this feature is well known in the art and would have been an obvious modification of the teachings disclosed by Sebastian in view of Zhang and Kim, as taught by Ziraknejad.
Ziraknejad discloses a system and method for credential management using wearable devices, the system and method having:
collecting and evaluating behavior biometrics of the user (col. 11, line 51-col. 12, line 14).
Given the teaching of Ziraknejad, a person having ordinary skill in the art before the effective filing date of the claimed invention would have readily recognized the desirability and advantages of modifying the teachings of Sebastian in view of Zhang and Kim with the teachings of Ziraknejad by collecting and evaluating behavior biometrics of the user.  Ziraknejad recites motivation by disclosing that collecting and evaluating behavior biometrics of a user can verify whether the behavior matches a pattern and the user can be allowed access (col 12, lines 1-14). It is obvious that the teachings of Ziraknejad would have improved the teachings of Sebastian in view of Zhang and Kim by collecting and evaluating behavior biometrics in order to verify a user.

Claim 17 is/are rejected under 35 U.S.C. 103 as being unpatentable over Sebastian in view of Zhang and Kim as applied to claim 1 above, and further in view of Shen et al. (US Patent 9,858,402 B2 and Shen hereinafter).
As to claim 17, Sebastian in view of Zhang and Kim fails to specifically disclose:
wherein registering the user is conducted using a primary device via a browser having a browser plugin, the browser plugin configured to collect information about the primary device.
Nonetheless, this feature is well known in the art and would have been an obvious modification of the teachings disclosed by Sebastian in view of Zhang and Kim, as taught by Shen.
Shen discloses a system and method for usable security of online password management with sensor-based authentication, the system and method having:
wherein registering the user is conducted using a primary device via a browser having a browser plugin, the browser plugin configured to collect information about the primary device (col. 7, lines 13-25).
Given the teaching of Shen, a person having ordinary skill in the art before the effective filing date of the claimed invention would have readily recognized the desirability and advantages of modifying the teachings of Sebastian in view of Zhang and Kim with the teachings of Shen by registering a user using a browser with a plugin. Shen recites motivation by disclosing that using a browser plugin allows raw content of a webpage to be accessed and intercept the login process to ensure security (col. 7, lines 13-25). It is obvious that the teachings of Shen would have improved the teachings of Sebastian in view of Zhang and Kim by using a browser plugin in order to ensure security.

Claims 18 and 19 is/are rejected under 35 U.S.C. 103 as being unpatentable over Sebastian in view of Zhang and Kim as applied to claim 1 above, and further in view of Cornick et al. (WO 2013/002903 A2 and Cornick hereinafter).
As to claim 18, Sebastian in view of Zhang and Kim fails to specifically disclose:
collecting information about the user using at least one outside source; formulating a question for the user; asking the user the question; and determining an authenticity of the user based on an answered question.
Nonetheless, this feature is well known in the art and would have been an obvious modification of the teachings disclosed by Sebastian in view of Zhang and Kim, as taught by Cornick.
Cornick discloses a system and method for user enrollment in a secure biometric verification system, the system and method having:
collecting information about the user using at least one outside source; formulating a question for the user; asking the user the question; and determining an authenticity of the user based on an answered question (page 17, lines 17-20).
Given the teaching of Cornick, a person having ordinary skill in the art before the effective filing date of the claimed invention would have readily recognized the desirability and advantages of modifying the teachings of Sebastian in view of Zhang and Kim with the teachings of Cornick by determining authenticity of a user based on a question. Cornick recites motivation by disclosing that using external sources to ask questions to a user ensures a more secure authentication of a user’s identity (page 17, lines 17-20). It is obvious that the teachings of Cornick would have improved the teachings of Sebastian in view of Zhang and Kim by determining authenticity of a user based on a question in order to provide security authentication of a user’s identity.

As to claim 19, Sebastian in view of Zhang and Kim fails to specifically disclose:
wherein the at least one outside source comprises one of social media posts for the user, posts related to the user, social media links to the user, credit information for the user, and background check for the user.

Cornick discloses:
wherein the at least one outside source comprises one of social media posts for the user, posts related to the user, social media links to the user, credit information for the user, and background check for the user (page 17, lines 17-18).
Given the teaching of Cornick, a person having ordinary skill in the art before the effective filing date of the claimed invention would have readily recognized the desirability and advantages of modifying the teachings of Sebastian in view of Zhang and Kim with the teachings of Cornick by using posts, credit information, or a background check as an outside source. It is obvious that the teachings of Cornick would have improved the teachings of Sebastian in view of Zhang and Kim.

Allowable Subject Matter
Claims 20-22 are allowed.
The following is an examiner’s statement of reasons for allowance: 
Although the prior art of record (such as Sebastian) teaches providing the user with an initial registration process, wherein the initial registration process requires the user to enter a first set of credentials, the first set of credentials including a username (0025, lines 2-12); determining an initial qualification for registration based on: verification of the first set of credentials based on a stored data (0025, lines 6-10); registering the user for a service based on a positive initial qualification (0026, lines 36-42);  sending to a secondary device a secure token (0026, lines 29-32); requesting the user to enter the secure token via the primary device (0026, lines 32-42); refusing to register the user for the service based on a negative initial qualification and the negative second qualification (0026, lines 27-28); Zhang teaches providing the user with a second registration process, based on a negative initial qualification, wherein the second registration process includes operations comprising (0048, lines 18-25): collecting information about the primary device (0049, lines 1-3); determining a second qualification by validating at least one of the credit card, the primary device information or secondary device information associated with the user (0048, lines 15-18); Wynn teaches requesting the user to authorize a charge for a credit card (0089, lines 6-13); and charging the credit card (0089, lines 6-13); and Kim teaches blacklisting the validated data record upon registering the user (0127, lines 1-4; 0128, lines 1-4), none of the prior art of record alone or in combination teaches evaluating statistical biometrics data of the user when the user is entering the first set of credentials during the initial registration process; determining whether suspicious issues are present; determining an initial qualification for registration based on: an absence of the suspicious issues presented in the statistical biometrics data; registering the user for the service based on a positive second qualification.
Further although the prior art of record (such as Sebastian) teaches prompting a user to provide a first set of credentials (0025, lines 2-12); receiving the first set of credentials (0025, lines 6-10); providing the user with an initial verification process, using at least one of validity, unique replication, suspicious contextual detection, or statistical replication verification process to verify the first set of credentials based on stored data (0025, lines 6-10); registering the user for a service, based a positive result of the initial verification process (0026, lines 36-42); Parker et al. (US 2019/0207949 A1 and Parker hereinafter) teaches monitoring a user activity while performing the service for the user (0029, lines 1-3); monitoring one or more associated user devices used to facilitate the user activity (0035, lines 1-10); Zhang teaches when the service is suspended: prompting the user to provide a second set of credentials, wherein the first and second sets of credentials are both associated with the user, the second set of credentials has at least one credential that is different from every credential from the first set of credentials, the second set of credentials including at least one of a credit card number, a phone number, a username, or a device information associated with the user (0047, lines 8-10; 0048, lines 18-25); receiving the second set of credentials (0048, lines 18-25); and using a second strong validation process to verify the second set of credentials based on the stored data (0048, lines 18-25); and Kim teaches blacklisting any verified credentials from the first or the second set of credentials (0127, lines 1-4; 0128, lines 1-4), none of the prior art of record alone or in combination teaches suspending the service when the activity of the user is statistically similar to activities of previously registered users; resuming the service, based on a positive verification of the second set of credentials.
The closest prior art made of record are:
Sebastian discloses a system and method for mobile application management framework.
Zhang discloses a system and method for elastic cloud storage on multiple locations.
Wynn discloses a system and method for network curation.
Kim discloses a system and method for FIDO universal authentication using the same.
Parker discloses a system and method for account verification.
	
Any comments considered necessary by applicant must be submitted no later than the payment of the issue fee and, to avoid processing delays, should preferably accompany the issue fee.  Such submissions should be clearly labeled “Comments on Statement of Reasons for Allowance.”

Claims 5 and 9-16 are objected to as being dependent upon a rejected base claim, but would be allowable if rewritten in independent form including all of the limitations of the base claim and any intervening claims.

Prior Art Made of Record
The prior art made of record and not relied upon is considered pertinent to applicant's disclosure. 
Bhuyan et al. (US 2010/0263032 A1) discloses a system and method for web to IMS registration and authentication for an unmanaged IP client device.
Cheng et al. (US 2006/0048213 A1) discloses a system and method for authenticating a client using linked authentication credentials.
Meier et al. (US 2004/0103282 A1) discloses a system and method for 802.11 using a compressed reassociation
Rodriguez et al. (US 2018/0176017 A1) discloses a system and method for digital identity.
Roebuck (US 2016/0180484 A1) discloses a system and method for contextual authentication.
Verma et al. (US 2019/0305955 A1) discloses a system and method for push notification authentication.

Conclusion
Any inquiry concerning this communication or earlier communications from the examiner should be directed to SARAH SU whose telephone number is (571)270-3835. The examiner can normally be reached 7:30 AM - 4:00 PM.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.

Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. Visit https://www.uspto.gov/patents/apply/patent-center for more information about Patent Center and https://www.uspto.gov/patents/docx for information about filing in DOCX format. For additional questions, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.
/SARAH SU/Primary Examiner, Art Unit 2431