DETAILED ACTION
Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .

Status of Claims
This action is in reply to the amendments and remarks filed on 16 December 2021.
Claims 1-2, 4-5, 7-9, 12-18, 20-21, 23-24 have been amended. 
Claims 3, 11, 19, 22 have been canceled.
Claim 25 is new. 
Claims 1-2, 4-10, 12-18, 20-21, 23-25 are allowed.

Allowable Subject Matter
Claims 1-2, 4-10, 12-18, 20-21, 23-25 are allowed.
The following is a statement of reasons for allowance and a discussion of the closest prior art of record:
The claims at hand generally deal with a Personal Cloud Authentication (PCA) system for authenticating and verifying an online user using device data stored in a personal cloud platform of the user.  The claims determine if an authentication challenge is needed to be sent to a user before sending a response.  The claims disclose comparing two device identities that are stored in a database table before sending an authentication challenge question.  If the two devices are found in the user’s authentication table information in the cloud, then there is not requirement for an authentication challenge to be sent to the user and the transaction may proceed.  On the other hand, if the two devices 
The amended claimed invention provides a technical solution to a technical problem of the multiple steps of an authentication challenge.  The claims tie the language to a technical solution.   From the Applicant’s Remarks filed 22 September 2020: The pending claims include additional elements that enable the claimed system to address these specific problems of authentication computer systems. For example, Claim 1 recites a personal cloud authentication (PCA) system configured to authenticate online users by accessing device data stored on personal cloud platforms of the online users (e.g., data corresponding to multiple user computing devices of the online users, interconnected with each other via the online users' personal cloud platforms), such that a need for separate step-up challenges is eliminated. In particular, the PCA system i) builds a remote authentication table using a user profile of an online user, where the authentication table stores user device data (e.g., user device identifiers) of user computing devices known to typically be paired in a personal cloud platform of the online user, and ii) updates the authentication table in response to receiving transaction data associated with user account information of the online user, where updating the authentication table includes adding an additional user computing device identifier to the authentication table in response to detecting the additional user computing device identifier as paired in the transaction data, thereby enabling the PCA system to subsequently authenticate the online user using up-to-date data associated with the personal cloud platform of the online user. By doing so, the claimed system provides technical advantages including "(i) improving the overall efficiency of the payment network by reducing the number of data requiring authentication; (ii) reducing the number of denials for valid payment transactions; (iii) improving fraud detection; (iv) improving the ability to authenticate a user with the capabilities of the devices available; and (v) increasing user buy-in with authentication of the user computing devices to 
Mercille et al. (US 2016/0196558 A1) discloses implementing risk assessments based on connected devices.  First a user sets up a user account that includes name, address, social security number, phone number, other contact information, birthday, age (i.e., user identifier and user account information); user ID and/or password for user authentication and/or for accessing the user account to make and/or manage the transaction (i.e., authentication signature).  In addition, the user registers multiple devices (i.e., first primary user computing device identifier, first secondary user computing device identifier) and can also input any rules for the devices used during transaction.  Mercille discloses the system monitors the devices and the types of devices being used during the transactions to calculate the risk assessment.  Information regarding the detected or connected device is communicated to the system along with transaction information, such as location, time, purchase amounts devices that are connected to the user device during the transaction.  Also, the system analyzes the transaction data to determine which computing devices are being used during the transaction (i.e., extract the second primary user computing device identifier and the second secondary user computing device identifier.  Mercille discloses the system looks at the devices connected to the transaction and compares the devices being used for the transaction to the devices stored in the table to be used for a transaction (i.e., match the first primary user computing device identifier to the second primary user computing device identifier and the first secondary user computing device identifier to the second secondary user computing device identifier).  For example, the system may detect that devices A, B, and C are used routinely used for the transaction (i.e., authentication table), and may determine that only devices A and C are currently connected for the transaction; therefore, there is no match for device B.  Mercille discloses authenticating a user based on security status.  The system takes a desired action based on the risk assessment (i.e., authentication request) after assessing and comparing the devices detected or connected during the transactions and communicates the authentication response to the merchant.
Oberheide et al. (US 10,445,732 B2) discloses an authentication platform that is hosted on a cloud based platform.  The authentication platform is used during transactions and offers many different ways to check agent verification and when to send an authentication notification.  Oberheide discloses that identifiers (e.g., a model designation, a phone number, an OS version, an authorization application, etc.) are collected for multiple devices.  Oberheide discloses sending authentication notifications.  Oberheide discloses that agent verification data is verified by comparing the agent verification data to expected results for a particular user (which is stored in a database).  Oberheide discloses that agent verification data may be collected in many different manners, and may be collected without specifically requesting agent verification data from an authority device user.  For example, rules may be set that the authentication verification may be done by comparing an identifier of a device to a list of security sensitive devices that are cleared.  Oberheide also discloses that rules may be set to require a user to verify an authentication challenge if another verification challenge has failed.  Notifications will be sent to the user device.
Vincent et al. (US 2017/0126640 A1) discloses registering user data, such as user credentials associated with a user account and device identifier information for Device A, Device B, Device C, etc. in an authentication table.   Device A will be identified as a primary device and Device B will be identified as a secondary device.  The authentication table/database will be examined when a user needs to authenticate a device identify in order to complete a transaction.  Device A will be identified as a primary device and Device B will be identified as a secondary device.  Vincent discloses storing the user accounts and device identifiers in a database and updating the authentication database to include transaction details, authentication notification requests information, and secondary user device identifiers.  For example, Device B may be set as a secondary user device for primary Device A (e.g., user Device B to help authenticate primary user device A. In that case, Device B may be a secondary primary device, because it can be used as well as Device A for a transaction.  In addition, other secondary device identifiers are listed in the authentication table.  For example, Device C may be the secondary device to Device B because Device C may be used if Device B needs to help authenticate Device C at any point in time.  All in all, all of these device identifiers will be associated with the same user account and will all be authenticated to the same user account and authorized to complete transactions at a later date.  Vincent discloses that the authentication table is consulted to match the primary device, such as Device A, with a secondary device, such as Device B.  In this case, Device B is used to authenticate Device A; therefore, both devices are tied to the same user account.  The device identification is consulted in order to send notification messages.  This authentication verifies that the primary device, Device A, is the primary device and the secondary device, Device B, is the secondary device and can be used to authenticate Device A if need be.  In addition, this verification verifies that the devices are associated with the user account and are verified to proceed with the transaction.  Vincent discloses updating the stored authentication tables and data structures to reflect data received with notification responses (notifications sent during transactions).  One or more secondary devices (i.e., Device C) may be added to the authentication table to make a further transaction more efficient, as the device identifier will already be saved in the authentication table and associated with the user account.
Paul (US 2016/0269381 A1) discloses the application obtains an identifier from the device and provides the identifier to a server providing the cloud service.  The service determines whether the identifier matches one of the previously stored identifiers in the user’s account.  The user device accesses the cloud service database to store the identifier (i.e., the primary user computing device can store the various identifiers).). 
The closest Non Patent Literature the Examiner could find is Pavlovski “Unified Framework for Multifactor Authentication”.  Pavlovski discloses the importance of a unified authentication hub to increase authentication tools.  Pavlovski discloses: the authentication initiates with a directory look-up to retrieve user credentials; the returned credentials are applied to carry out 1st factor authentication where the password is typically hashed and compared to the stored value.
The closest Foreign Reference the Examiner could find is Wang (WO 2018/039377 A1).  Wang discloses efficiently and accurately identifying a user of an electronic device with limited user interaction.  Yam discloses receiving a mobile device identifier from the mobile device, transmitting the mobile device identifier to a service provider associated with the mobile device, and receiving information about that user from a set of candidates stored.
Examiner determined that it would not have been obvious to combine these arts to specifically disclose how this invention stores the collected data.  It would not have been obvious to combine these arts to disclose comparing two device identifiers, that are stored in a cloud, during  verification and determining if an authentication challenge needs to be sent or not (before sending the authentication challenge).  It would not have been obvious to combine these arts to disclose: A personal cloud authentication (PCA) system comprising one or more personal cloud authentication (PCA) computing devices for authenticating an online user via a personal cloud authentication (PCA) service using device data stored on a personal cloud platform of the online user, the one or more PCA computing devices comprising a processor communicatively coupled to a memory device, the processor configured to: store, within a database, enrollment data as a user profile associated with the online user, the enrollment data including a first primary user computing device identifier associated with a primary user computing device and a first secondary user computing device identifier associated with a secondary user computing device; build, within the database, an authentication table using the user profile, wherein the user profile includes a user identifier, authentication signatures, user account information, the first primary user computing device identifier, and the first secondary user computing device identifier; receive, from a merchant, transaction data associated with the user account information, the transaction data corresponding to a payment transaction; store the transaction data within the database, wherein the transaction data includes at least an authentication request, a second primary user computing device identifier and a second secondary user computing device identifier, the second secondary user computing device identifier indicative of a pairing between a candidate secondary user computing device and a candidate primary user computing device identified by the second primary user computing device identifier; parse the transaction data; extract the second primary user computing device identifier and the second secondary user computing device identifier from the transaction data; 221652-00882 PATENT compare the first primary user computing device identifier stored in the user profile to the extracted second primary user computing device identifier, and the first secondary user computing device identifier stored in the user profile to the extracted second secondary user computing device identifier; determine whether an authentication challenge is required to verify the online user based on the comparison, wherein: a) in response to i) the candidate primary user computing device matching the primary user computing device stored in the user profile and ii) the candidate secondary user computing device [[is]] matching the secondary user computing device stored in the user profile, determining that the authentication challenge is not required and the online user is verified; and b) in response to i) the candidate primary user computing device matching the primary user computing device stored in the user profile and ii) the candidate secondary user computing device not matching the secondary user computing device stored in the user profile, generating and transmitting the authentication challenge to the primary user computing device, receiving a response from the primary user computing device to the authentication challenge, and determining whether the online user is verified based on the response; generate an authentication response to the authentication request, wherein the authentication response includes one of an authentication approval of the online user when the online user is verified or an authentication denial of the online user when the online user is not verified; transmit the authentication response to the merchant; and 321652-00882 PATENT update the authentication table in response to receiving subsequent transaction data associated with the user account information, wherein updating the authentication table comprises adding an additional secondary user computing device identifier to the authentication table in response to detecting the additional secondary user computing device identifier in the subsequent transaction data, thereby enabling the PCA system to subsequently authenticate the online user using up-to-date data associated with the personal cloud platform of the online user.
Any comments considered necessary by applicant must be submitted no later than the payment of the issue fee and, to avoid processing delays, should preferably accompany the issue fee.  Such submissions should be clearly labeled “Comments on Statement of Reasons for Allowance”.

Conclusion
Any inquiry concerning this communication or earlier communications from the examiner should be directed to ALISON L LAMB whose telephone number is (571)272-1060. The examiner can normally be reached Monday-Thursday 8am-5pm EST.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Alexander Kalinowski can be reached on (571)272-6771. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.

Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. Visit https://www.uspto.gov/patents/apply/patent-center for more information about Patent Center and https://www.uspto.gov/patents/docx for information about filing in DOCX format. For additional questions, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.





/A.L.L./Examiner, Art Unit 3691                                                                                                                                                                                                        

/ALEXANDER G KALINOWSKI/Supervisory Patent Examiner, Art Unit 3691