Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .

Response to Arguments
Applicant's arguments filed on January 28, 2022 have been fully considered but they are not persuasive to overcome the prior arts in record and place the claims in a better condition for allowance for at least the following reasons. 
In the applicant’s response, the applicant argues that Larkin discusses “USSD as the delivery and collection mechanism for sensitive data” and that “USSD traffic is sent over the mobile network signaling network as opposed to the Internet as in therefore more secure”. However, Larkin fails to show or suggest using USSD “in response to determining that the Internet connection to the web service is unavailable,” as recited in claim 1 among other elements in combination. To the contrary, Larkin teaches away from using the Internet by deeming it less secure than USSD (“...as opposed to the Internet as in therefore more secure,” jd.). In fact, Larkin does not appear to discuss determining the availability or unavailability of an Internet connection at all. Accordingly, Larkin fails to show or suggest the combination of using an Internet connection to a web service “in response to determining that the Internet connection to the web service is available,” and using USSD “in response to determining that the Internet connection to the web service is unavailable,” as recited in claim 1 among other elements in combination. The applicant continues to argue that Larkin also fails to show or suggest “the second message is generated 
The applicant’s argument in the above statement contains errors. The argument failed to recognize that the argued feature “using USSD in response to determining that the Internet connection to the web service is unavailable,” and “the second message is generated based at least in part on at least one of the cryptographic key or the authentication token” are rejected over Larkin in view of Gorgy rather than only rejected over Larkin as portrayed by the applicant’ representative. The applicant’s argument is silent or ignoring the secondary prior art Gorgy. In the response, the applicant's argument is presented against the references individually, by selectively attacking a single reference (Larkin) where the rejections are based on combinations of references (Larkin in view of Gorgy). 
The above argued feature are rejected over Larkin in view of Gorgy as follows:
initiate the second authenticated action based at least in part on sending a second message to a mobile network operator service using Unstructured Supplementary Service Data (USSD), wherein the second message is generated based at least in part on at least one of the cryptographic key or the authentication token (Page 10: lines 27-43: means for communicating, delivering and obtaining information from a user of a mobile application by using Unstructured Supplementary Service Data (USSD) as the bearer and communication channel in relation to mobile device applications that requires the user to enter authentication credentials that is sent to an Application Service Provider to be allowed perform a service through the same mobile device. The usage of USSD as the delivery and collection mechanism for sensitive data for a user of a mobile application is more secure as there is currently limited capability in mobile devices to 
LARKIN further discloses that the security agent of the invention has means to isolate the device from all communications networks (for example Internet) except for example a private communications network with an ASP, while a user on a device is using an application or aspects of an application which require enhanced security and threat mitigation (Page 9: lines 50-52).
LARKIN does not explicitly disclose in response to receiving the second user request, determine that the Internet connection to the web service is unavailable, in response to determining that the Internet connection to the web service is unavailable, initiate the second authenticated action.  Gorgy, in analogous art however, discloses in response to receiving the second user request, determine that the Internet connection to the web service is unavailable, in response to determining that the Internet connection to the web service is unavailable, initiate the second authenticated action ([0010-0012]: utilize Short Message Service (SMS) to approve fund transfer without the need of active internet connection or third party fund transfer applications).
The examiner would like to further notes that, in a situation where Internet connection is unreliable, degraded in performance, compromised or vulnerable to such as DDoS attack, LARKIN provides a means to isolate the device from all communications networks (for example Internet) except for example a private communications network using Unstructured Supplementary Service Data (USSD). LARKIN’s disclosure or teaching directed in a similar way as in claim 1 or addressing the same problems the applicant’s intended to invent rather than isolate the device from all communications networks or Internet when the internet is compromised. During device isolation (internet interruption and web service is unavailable since Gory utilize Short Message Service (SMS) to approve fund transfer without the need of active internet connection or third party fund transfer applications.

LARKIN further discloses “the second message is generated based at least in part on at least one of the cryptographic key or the authentication token” in Page 10: lines 27-43: that requires the user to enter authentication credentials that is sent to an Application Service Provider to be allowed perform a service through the same mobile device. The authentication credential from user name and password is sent to an Application Service Provider as a generated message. This is further elaborated in LARKIN Page 13: lines 16-22: The user is for example asked to enter, but not limited to, the authentication credentials, e.g. a PIN Code or a Password (knowledge factor) and then click's "send" to reply to the USSD Request. Once the user has entered the PIN Code and clicked "Send" an USSD Response is sent back to the USSD Gateway from the Mobile Handset. The password is transferred securely and efficiently over SS7 back to the invention Security Manager. Using USSD instead of for example SMS as the bearer for any request for the user to present additional authentication credentials is a more secure solution as there are currently no SW support for listening on USSD traffic in Android or iPhone mobile devices. Due to the lack of USSD listening capability it makes it more difficult for a potential fraudsters to compromise and listen to the traffic sent over USSD by for example using malware that has been installed on a user's mobile device. Additionally by using USSD as the bearer for 

The applicant’s representative continues to argue that by stating Gorgy pertains only to SMS and not to USSD. In fact, Gorgy contains no mention of USSD at all. Second, Gorgy does not show or suggest “in response to determining that the Internet connection to the web service is unavailable, initiate the second authenticated action.” 
Again in the response, the applicant's argument is presented against the references individually, by selectively attacking a single reference (Gorgy) where the rejections are based on combinations of references (Larkin in view of Gorgy). The applicant stats that Gorgy pertains only to SMS and not to USSD and by stating Gorgy contains no mention of USSD at all, but the applicant’s representative failed to explain why Gory is required to mention USSD at all, when Larkin already discloses USSD in full. 
Yet, the examiner would like to remind the applicant’s representative that both SMS and USSD are readily available text message delivery format over mobile communication network (GSM) available for user selection, where USSD messages are used for up to 182 characters long in real time messaging unlike SMS messaging. 
Gorgy discloses, in response to receiving the second user request, determine that the Internet connection to the web service is unavailable, in response to determining that the Internet connection to the web service is unavailable, initiate the second authenticated action ([0010-0012]: utilize Short Message Service (SMS) to approve fund transfer without the need of 
Unlike the applicant’s representative argument, Gorgy can determine whether internet connection in unavailable because Gorgy is operating on an Internet infrastructure as follows: [0018]: Payor 160 sends SMS to the webserver 110 of the present invention. The webserver 110 makes an entry of the received SMS for e.g. time of message, user details, payee's number etc. before sending the message to the network. Received SMS is further converted into HTTP (Hyper Text Transfer Protocol) before notifying payee of transaction initiation. Meanwhile, the payee 180 sends the reply to the webserver 110 with the requested invoice or bill amount. HTTP is further converted to SMS and sent to the payor 160. This protocol conversion is necessary because the request coming from webserver 110 is generally in the form of HTTP (Hyper Text Transfer Protocol) which effectively cross links and navigate various nodes of the webspace. The SMS gateway 120 acts as a bridge between SMS and HTTP network formats. Furthermore, SMS gateway communicates with SMS Centre (SMSC) 140 through SMS protocol 170 over network 130. Most of these SMS protocols or SMSC protocols are proprietary to the phone carrier 150 or service provider. The SMS Centre 140 stores the messages sent by the payor 160 and delivers to the intended payee 170.

For at least the above reasons, the applicant’s representative arguments are not persuasive to overcome the prior arts in record and place claim 1 in condition for allowance. Claims 6 and 12 are having substantially similar claimed features and therefore the applicant’s . 

Claim Rejections - 35 USC § 103
In the event the determination of the status of the application as subject to AIA  35 U.S.C. 102 and 103 (or as subject to pre-AIA  35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status.  
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.

Claims 1-20 are rejected under 35 U.S.C. 103 as being unpatentable over LARKIN WO 2016050990 A1 in view of Gorgy US 20210248586 A1.

As per claim 1:
LARKIN discloses a non-transitory computer-readable medium embodying a program executable in a mobile computing device, wherein when executed the program causes the mobile computing device to at least:
receive at least one of a cryptographic key or an authentication token using an Internet connection to a web service (Page 1: lines 38-44: a security module configured to receive 
receive a first user request to perform a first authenticated action (Page 2: lines 28-35: 3D Secure functionality for mobile devices and services including means for 3D Secure for secure telephone (including mobile phone) payments, provides security for mobile applications communicating with Application Service Providers (ASPs) that requires enhanced security and threat mitigation); 
in response to receiving the first user request, determine that the Internet connection to the web service is available (Page 3: lines 36-40: provide means to route data; Page 5: lines 43-provides means for routing traffic to public data network (i.e. Internet));
in response to determining that the Internet connection to the web service is available, initiate the first authenticated action based at least in part on sending a first message to the web service via the Internet connection (Page 6: lines 6-15: provided a user identity generation; Page 8: lines 27-31: Using a combination of the device factor (mobile device identity) and knowledge factor (location of mobile device) to authenticate a user Covers both direct mobile Internet, Mobile connected over WIFI router, tethered connections (using the mobile device as a hotspot));
receive a second user request to perform a second authenticated action (Page 9: lines 26-32: provides secure identity establishment and risk management of endpoint devices in a communications network, including risk management associated with identity of endpoint 
initiate the second authenticated action based at least in part on sending a second message to a mobile network operator service using Unstructured Supplementary Service Data (USSD), wherein the second message is generated based at least in part on at least one of the cryptographic key or the authentication token (page 13: lines 1-20; Page 10: lines 27-43: means for communicating, delivering and obtaining information from a user of a mobile application by using Unstructured Supplementary Service Data (USSD) as the bearer and communication channel in relation to mobile device applications that requires the user to enter authentication credentials that is sent to an Application Service Provider to be allowed perform a service through the same mobile device. The usage of USSD as the delivery and collection mechanism for sensitive data for a user of a mobile application is more secure as there is currently limited capability in mobile devices to listen to and obtain the information by using malware running on the mobile device. In addition, USSD traffic is sent over the mobile network signalling network as opposed to the Internet and is therefore more secure. Page 13: lines 16-22: The user is for example asked to enter, but not limited to, the authentication credentials, e.g. a PIN Code or a Password (knowledge factor) and then click's "send" to reply to the USSD Request. Once the user has entered the PIN Code and clicked "Send" an USSD Response is sent back to the USSD Gateway from the Mobile Handset. The password is transferred securely and efficiently over SS7 back to the invention Security Manager. Using USSD instead of for example SMS as the bearer for any request for the user to present additional authentication credentials is a more secure solution as there are currently no SW support for listening on USSD traffic in Android or 

LARKIN discloses the security agent of the invention has means to isolate the device from all communications networks (for example Internet) except for example a private communications network with an ASP, while a user on a device is using an application or aspects of an application which require enhanced security and threat mitigation (Page 9: lines 50-52).
LARKIN does not explicitly disclose in response to receiving the second user request, determine that the Internet connection to the web service is unavailable, in response to determining that the Internet connection to the web service is unavailable, initiate the second authenticated action.  Gorgy, in analogous art however, discloses in response to receiving the second user request, determine that the Internet connection to the web service is unavailable, in response to determining that the Internet connection to the web service is unavailable, initiate the second authenticated action ([0010-0012]: utilize Short Message Service (SMS) to approve fund transfer without the need of active internet connection or third party fund transfer applications. The payor and the payee process fund transfer in lesser time and securely and solely through mobile phone's SMS service; [0018-0020]: upon receiving the SMS request, the payor replies with their security PIN (which the payor obtained during initial registration with 
Therefore, it would have been obvious to a person having ordinary skill in the art before the effective filing date of the invention to modify the claimed limitations of Internet connection to the web service disclosed by LARKIN to include in response to receiving the second user request, determine that the Internet connection to the web service is unavailable, in response to determining that the Internet connection to the web service is unavailable, initiate the second 

As per claim 2:
LARKIN discloses wherein the first authenticated action and the second authenticated action comprise at least one of: a payment action, an order placement action, or a shopping cart modification action (Page 6: lines 36-50: transaction information).

As per claim 3:
LARKIN discloses wherein when executed the program further causes the mobile computing device to at least:
generate a first confirmation user interface in response to receiving a first confirmation via the Internet connection that the first authenticated action has been performed (Page 29: lines 21-25: to use the service, downloads and installs the app on the mobile device, and the app directs the mobile user to a secure registration method of the invention. As part of secure registration the security manager of the invention (refer to Figure 2) can verify the identity of the mobile device user, by communicating with and leveraging risk management procedures and analysis that the network security service can perform that are detailed elsewhere in the document); and


As per claim 4:
Gorgy discloses wherein when executed the program further causes the mobile computing device to at least: determine the second authenticated action based at least in part on first data scanned from a two-dimensional barcode (0004-007: Once the mobile wallet application is installed, the wallet stores the credit card, debit card and rewards information by linking a personal identification format for example a key, a QR Code or owner's image; 0025: printer bar code as storage); and
generate a confirmation user interface in response to receiving a confirmation that the second authenticated action has been performed, the confirmation user interface generated based at least in part on second data scanned from the two-dimensional barcode (0004-007: verify their customers through SMS for multi factor authentication  on scanned QR Code or bar code)

As per claim 5:
LARKIN discloses wherein when executed the program further causes the mobile computing device to at least receive the second user request from another mobile computing device connected to the mobile computing device via a personal area network connection (Page 8: lines 28-31:  Using a combination of the device factor (mobile device identity) and knowledge factor (location of mobile device) to authenticate a user Covers both direct mobile Internet, Mobile connected over WIFI router, tethered connections (using the mobile device as a hotspot); Page 12: lines 20-25: 2-factor authentication for mobile devices and services is required).



As per claim 6:
LARKIN discloses a system, comprising:
a first computing device; and an application executable in the first computing device, wherein when executed the application causes the first computing device to at least (Page 14: lines 17-27: one or more devices and an Application Service Provider and one or more network elements,  a mobile device tethered to another mobile device acting as a mobile WiFi hotspot):
determine that a first authenticated action is to be performed (Page 2: lines 28-35: 3D Secure functionality for mobile devices and services including means for 3D Secure for secure telephone (including mobile phone) payments, provides security for mobile applications 
determine that an Internet connection to a second computing device is available (Page 3: lines 36-40: provide means to route data; Page 5: lines 43-provides means for routing traffic to public data network (i.e. Internet));
initiate the first authenticated action based at least in part on sending a first message to the second computing device via the Internet connection (Page 6: lines 6-15: provided a user identity generation; Page 8: lines 27-31: Using a combination of the device factor (mobile device identity) and knowledge factor (location of mobile device) to authenticate a user Covers both direct mobile Internet, Mobile connected over WIFI router, tethered connections (using the mobile device as a hotspot));
determine that a second authenticated action is to be performed (Page 9: lines 26-32: provides secure identity establishment and risk management of endpoint devices in a communications network, including risk management associated with identity of endpoint devices; provides secure multi-factor authentication for mobile devices and services; confirm the identity and the location of the mobile device and therefore the user of the service); and
initiate the second authenticated action based at least in part on sending a second message to a third computing device corresponding to a mobile network operator using Unstructured Supplementary Service Data (USSD) (page 13: lines 1-20; Page 10: lines 27-43: means for communicating, delivering and obtaining information from a user of a mobile application by using Unstructured Supplementary Service Data (USSD) as the bearer and communication channel in relation to mobile device applications that requires the user to 

LARKIN discloses the security agent of the invention has means to isolate the device from all communications networks (for example Internet) except for example a private 
Gorgy, in analogous art however, discloses the first computing device determine that the Internet connection to the second computing device is unavailable ([0010-0012]: utilize Short Message Service (SMS) to approve fund transfer without the need of active internet connection or third party fund transfer applications. The payor and the payee process fund transfer in lesser time and securely and solely through mobile phone's SMS service; [0018-0020]: upon receiving the SMS request, the payor replies with their security PIN (which the payor obtained during initial registration with the Transaction management system of the present invention) or other forms of approvals like fingerprint and Face ID (set by the payor during initial registration with the Transaction management system) for the approval of fund transfer. At step 380, the transaction ID, PIN or fingerprint or Face ID and Phone numbers of the payor is authenticated by the transaction management. [0018]: Payor 160 sends SMS to the webserver 110 of the present invention. The webserver 110 makes an entry of the received SMS for e.g. time of message, user details, payee's number etc. before sending the message to the network. Received SMS is further converted into HTTP (Hyper Text Transfer Protocol) before notifying payee of transaction initiation. Meanwhile, the payee 180 sends the reply to the webserver 110 with the requested invoice or bill amount. HTTP is further converted to SMS and sent to the payor 160. This protocol conversion is necessary because the request coming from webserver 110 is generally in the form of HTTP (Hyper Text Transfer Protocol) which effectively cross links and navigate various nodes 
Therefore, it would have been obvious to a person having ordinary skill in the art before the effective filing date of the invention to modify the claimed limitations of the first computing device disclosed by LARKIN to include the first computing device determine that the Internet connection to the second computing device is unavailable. This modification would have been obvious because a person having ordinary skill in the art would have been motivated by the desire to provide a quicker and convenient way to approve fund transfer using SMS service from plurality of service providers irrespective of whether the user's phone number is associated with a certain pre-paid wireless service provider as suggested by Gorgy (0007-0011).

As per claim 7:
LARKIN discloses wherein when executed the application further causes the first computing device to at least: receive a first confirmation from the second computing device via the Internet connection, the first confirmation indicating that the first authenticated action has been performed (Page 29: lines 21-25: to use the service, downloads and installs the app on the mobile device, and the app directs the mobile user to a secure registration method of the invention. As part of secure registration the security manager of the invention (refer to Figure 2) can verify the identity of the mobile device user, by communicating with and leveraging risk 
receive a second confirmation from the third computing device via a non-Internet channel, the second confirmation indicating that the second authenticated action has been performed (Page 11: lines 43-52; Page 12: lines 26-50: the user is for example asked to enter, but not limited to, the authentication credentials, e.g. a PIN Code or a Password (knowledge factor) and then click's "send" to reply to the USSD Request. Once the user has entered the PIN Code and clicked "Send" an USSD Response is sent back to the USSD Gateway from the Mobile Handset. The password is transferred securely and efficiently over SS7 back to the invention Security Manager).

As per claim 8:
LARKIN discloses wherein when executed the application further causes the first computing device to at least: generate a first user interface that presents the first confirmation and includes at least one component to cause network content to be requested by the application; and generate a second user interface that presents the second confirmation and omits the at least one component (Page 64: lines 26-50:   the registration of the user's "Safe Place" can be done by the user through an application, some sort of web interface or a Graphical User Interface (GUI) where there user can for example register one or multiple "Safe Places”; the additional authentication code could be to the user's mobile device using the invention's mentioned USSD communication channel. Alternatively, the invention could request the user to enter an additional authentication factor by requesting it through USSD).

As per claim 9:
LARKIN discloses wherein when executed the application further causes the first computing device to at least: receive a cryptographic key via the Internet connection; and encrypt at least a portion of the second message using the cryptographic key (Page 8: lines 31-32: enables application service providers to use mobile devices certificate keys by using the mobile network operators as Public Key Infrastructure (PKI) issuers).

As per claim 10:
LARKIN discloses wherein when executed the application further causes the first computing device to at least: receive a plurality of authentication tokens via the Internet connection; and include a particular authentication token from the plurality of authentication tokens in the second message (Column 82: lines 8-15: the first user could be authenticated by the bank's website through normal authentication procedures, e.g. entry of username and password, entry of a PIN Code that the user knows, entry of a PIN code sent to the first users mobile device (the invention could authenticate the user's mobile before sending it), entry of a token from a token generator). 

As per claim 11:
LARKIN discloses wherein when executed the application further causes the first computing device to at least receive a request to perform the second authenticated action from a fourth computing device connected to the first computing device via a personal area network 

As per claim 12:
LARKIN discloses a method, comprising:
determining, via a first computing device, that an authenticated action is requested to be performed (Page 6: lines 6-15: provided a user identity generation; Page 8: lines 27-31: Using a combination of the device factor (mobile device identity) and knowledge factor (location of mobile device) to authenticate a user Covers both direct mobile Internet, Mobile connected over WIFI router, tethered connections (using the mobile device as a hotspot); and
initiating, via the first computing device, the authenticated action using a communication channel that connects the first computing device to a second computing device (Page 10: lines 27-43: means for communicating, delivering and obtaining information from a user of a mobile application by using Unstructured Supplementary Service Data (USSD) as the bearer and communication channel in relation to mobile device applications that requires the user to enter authentication credentials that is sent to an Application Service Provider to be allowed perform a service through the same mobile device. The usage of USSD as the delivery and collection mechanism for sensitive data for a user of a mobile application is more secure as there is currently limited capability in mobile devices to listen to and obtain the information by using 

LARKIN discloses the security agent of the invention has means to isolate the device from all communications networks (for example Internet) except for example a private communications network with an ASP, while a user on a device is using an application or aspects of an application which require enhanced security and threat mitigation (Page 9: lines 50-52). LARKIN does not explicitly disclose determining, via the first computing device, that Internet connectivity is unavailable to the first computing device, wherein the Internet is inaccessible through the communication channel. 
Gorgy, in analogous art however, discloses determining, via the first computing device, that Internet connectivity is unavailable to the first computing device, wherein the Internet is inaccessible through the communication channel ([0010-0012]: utilize Short Message Service (SMS) to approve fund transfer without the need of active internet connection or third party fund transfer applications. The payor and the payee process fund transfer in lesser time and securely and solely through mobile phone's SMS service; [0018-0020]: upon receiving the SMS request, the payor replies with their security PIN (which the payor obtained during initial registration with the Transaction management system of the present invention) or other forms of approvals like fingerprint and Face ID (set by the payor during initial registration with the Transaction management system) for the approval of fund transfer. At step 380, the transaction ID, PIN or fingerprint or Face ID and Phone numbers of the payor is authenticated by the transaction management. [0018]: Payor 160 sends SMS to the webserver 110 of the present invention. The 
Therefore, it would have been obvious to a person having ordinary skill in the art before the effective filing date of the invention to modify the claimed limitations of the first computing device and communication channel disclosed by LARKIN to include determining, via the first computing device, that Internet connectivity is unavailable to the first computing device, wherein the Internet is inaccessible through the communication channel. This modification would have been obvious because a person having ordinary skill in the art would have been motivated by the desire to provide a quicker and convenient way to approve fund transfer using SMS service from plurality of service providers irrespective of whether the user's phone number is associated with a certain pre-paid wireless service provider as suggested by Gorgy (0007-0011).


LARKIN discloses wherein the authenticated action comprises a first authenticated action, and the method further comprises:
determining, via the first computing device, that a second authenticated action is requested to be performed (Page 2: lines 28-35: 3D Secure functionality for mobile devices and services including means for 3D Secure for secure telephone (including mobile phone) payments, provides security for mobile applications communicating with Application Service Providers (ASPs) that requires enhanced security and threat mitigation); 
determining, via the first computing device, that the Internet connectivity is available to the first computing device (Page 3: lines 36-40: provide means to route data; Page 5: lines 43-provides means for routing traffic to public data network (i.e. Internet)); and
initiating, via the first computing device, the second authenticated action using an Internet connection to a third computing device (Page 6: lines 6-15: provided a user identity generation; Page 8: lines 27-31: Using a combination of the device factor (mobile device identity) and knowledge factor (location of mobile device) to authenticate a user Covers both direct mobile Internet, Mobile connected over WIFI router, tethered connections (using the mobile device as a hotspot)).

As per claim 14:
LARKIN discloses receiving, via the first computing device, a cryptographic key using an Internet connection prior to determining that the Internet connectivity is unavailable to the first computing device (Page 8: lines 31-32: enables application service providers to use mobile 
encrypting, via the first computing device, a message using the cryptographic key; and wherein initiating the authenticated action further comprises sending, via the first computing device, the message using the communication channel (Page 8: lines 31-32: enables application service providers to use mobile devices certificate keys by using the mobile network operators as Public Key Infrastructure (PKI) issuers).

As per claim 15:
LARKIN discloses receiving, via the first computing device, an authentication token using an Internet connection prior to determining that the Internet connectivity is unavailable to the first computing device (Column 82: lines 8-15: the first user could be authenticated by the bank's website through normal authentication procedures, e.g. entry of username and password, entry of a PIN Code that the user knows, entry of a PIN code sent to the first users mobile device (the invention could authenticate the user's mobile before sending it), entry of a token from a token generator);
generating, via the first computing device, a message that includes the authentication token (Page 56: an ASP may utilize the invention to by utilizing the mobile network and USSD to either collect additional authentication credentials (for example a certain number of digits from a PIN code, a generated ΡIΝ from a token generator, etc.), or to present a One Time Password (OTP) to the user); and


As per claim 16:
LARKIN discloses receiving, via the first computing device, a confirmation using the communication channel that the authenticated action has been performed (Page 6: lines 6-15: provided a user identity generation; Page 8: lines 27-31: Using a combination of the device factor (mobile device identity) and knowledge factor (location of mobile device) to authenticate a user Covers both direct mobile Internet, Mobile connected over WIFI router, tethered connections (using the mobile device as a hotspot)); and
causing, via the first computing device, a user interface including the confirmation to be presented (Page 64: lines 26-50:  the registration of the user's "Safe Place" can be done by the user through an application, some sort of web interface or a Graphical User Interface (GUI) where there user can for example register one or multiple "Safe Places”; the additional authentication code could be to the user's mobile device using the invention's mentioned USSD communication channel. Alternatively, the invention could request the user to enter an additional authentication factor by requesting it through USSD).

As per claim 17:


As per claim 18:
LARKIN discloses wherein the second computing device corresponds to a mobile network operator, and initiating the authenticated action further comprises sending at least one message to the second computing device via Unstructured Supplementary Service Data (USSD) (Page 10: lines 27-43: means for communicating, delivering and obtaining information from a user of a mobile application by using Unstructured Supplementary Service Data (USSD) as the bearer and communication channel in relation to mobile device applications that requires the user to enter authentication credentials that is sent to an Application Service Provider to be allowed perform a service through the same mobile device. The usage of USSD as the delivery and collection mechanism for sensitive data for a user of a mobile application is more secure as there is currently limited capability in mobile devices to listen to and obtain the information by using malware running on the mobile device. In addition, USSD traffic is sent over the mobile network signalling network as opposed to the Internet and is therefore more secure).

As per claim 19:
LARKIN discloses wherein initiating the authenticated action further comprises sending at least one message to the second computing device via Short Message Service (SMS) (Page 10: lines20-25: verifying and providing secure identity and risk management including risk management associated with identity, for many heterogeneous services and communications including inbound and outbound messaging (such as SMS and USSD), inbound and outbound data (such as mobile data), and inbound and outbound voice services (such as voice calls, including multi-party calls) such as for example to/from a service provider, and also includes, scenarios where the user is using their phone as a mobile WiFi hotspot).

As per claim 20:
LARKIN discloses wherein initiating the authenticated action further comprises sending at least one message to the second computing device via a telephone call (Page 10: lines20-25: verifying and providing secure identity and risk management including risk management associated with identity, for many heterogeneous services and communications including inbound and outbound messaging (such as SMS and USSD), inbound and outbound data (such as mobile data), and inbound and outbound voice services (such as voice calls, including multi-party calls) such as for example to/from a service provider, and also includes, scenarios where the user is using their phone as a mobile WiFi hotspot).

Conclusion
The prior art made of record and not relied upon is considered pertinent to applicant's disclosure. See the notice of reference cited in form PTO-892 for additional prior art.

THIS ACTION IS MADE FINAL.  Applicant is reminded of the extension of time policy as set forth in 37 CFR 1.136(a).  
A shortened statutory period for reply to this final action is set to expire THREE MONTHS from the mailing date of this action.  In the event a first reply is filed within TWO MONTHS of the mailing date of this final action and the advisory action is not mailed until after the end of the THREE-MONTH shortened statutory period, then the shortened statutory period will expire on the date the advisory action is mailed, and any extension fee pursuant to 37 CFR 1.136(a) will be calculated from the mailing date of the advisory action.  In no event, however, will the statutory period for reply expire later than SIX MONTHS from the mailing date of this final action. 

Contact Information
Any inquiry concerning this communication or earlier communications from the examiner should be directed to TECHANE GERGISO whose telephone number is (571)272-3784. The examiner can normally be reached 9:30am to 6:30pm.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.

Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. Visit https://www.uspto.gov/patents/apply/patent-center for more information about Patent Center and https://www.uspto.gov/patents/docx for information about filing in DOCX format. For additional questions, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.





/TECHANE GERGISO/Primary Examiner, Art Unit 2494