DETAILED ACTION
Continued Examination Under 37 CFR 1.114
A request for continued examination under 37 CFR 1.114, including the fee set forth in 37 CFR 1.17(e), was filed in this application after final rejection.  Since this application is eligible for continued examination under 37 CFR 1.114, and the fee set forth in 37 CFR 1.17(e) has been timely paid, the finality of the previous Office action has been withdrawn pursuant to 37 CFR 1.114.  Applicant's submission filed on 1/11/2022 has been entered.
 	Claims 1-5, 7-14 and 16-20 are pending with claims 1, 7, 11, 16, 18 and 20 having been amended.

Notice of Pre-AIA  or AIA  Status
The present application is being examined under the pre-AIA  first to invent provisions. 

Response to Arguments
Applicant's arguments filed 1/11/2022 have been fully considered. 
Applicant’s arguments with respect to newly amended claim(s) 1, 11 and 18  have been considered but are moot because the new ground of rejection does not rely on any reference applied in the prior rejection of record for any teaching or matter specifically challenged in the argument.

Double Patenting
The nonstatutory double patenting rejection is based on a judicially created doctrine grounded in public policy (a policy reflected in the statute) so as to prevent the unjustified or improper timewise extension of the “right to exclude” granted by a patent and to prevent possible harassment by multiple assignees. A nonstatutory double patenting rejection is appropriate where the conflicting claims are not identical, but at least one examined application claim is not patentably distinct from the reference claim(s) because the examined application claim is either anticipated by, or would have been obvious over, the reference claim(s). See, e.g., In re Berg, 140 F.3d 1428, 46 USPQ2d 1226 (Fed. Cir. 1998); In re Goodman, 11 F.3d 1046, 29 USPQ2d 2010 (Fed. Cir. 1993); In re Longi, 759 F.2d 887, 225 USPQ 645 (Fed. Cir. 1985); In re Van Ornum, 686 F.2d 937, 214 USPQ 761 (CCPA 1982); In re Vogel, 422 F.2d 438, 164 USPQ 619 (CCPA 1970); In re Thorington, 418 F.2d 528, 163 USPQ 644 (CCPA 1969).
A timely filed terminal disclaimer in compliance with 37 CFR 1.321(c) or 1.321(d) may be used to overcome an actual or provisional rejection based on nonstatutory double patenting provided the reference application or patent either is shown to be commonly owned with the examined application, or claims an invention made as a result of activities undertaken within the scope of a joint research agreement. See MPEP § 717.02 for applications subject to examination under the first inventor to file provisions of the AIA  as explained in MPEP § 2159.  See MPEP §§ 706.02(l)(1) - 706.02(l)(3) for applications not subject to examination under the first inventor to file provisions of the AIA . A terminal disclaimer must be signed in compliance with 37 CFR 1.321(b). 

Claims 1-20 are rejected on the ground of nonstatutory double patenting as being unpatentable over claim 1-20 of U.S. Patent No. 10,491,612 in view of Grim (US 2013/0104198) in view of Bailey et al (8,863,226). Although the claims at issue are not identical, they are not patentably distinct from each other. 
With respect to 16/656833 claim 1, U.S. Patent No. 10,491,612 claim 11 teaches.
16/656833 Claim 1
10,491,612 claim 11
A method comprising: 
A method comprising: 
receiving a notification from a server, the notification including an indication of a sign-on attempt to a user account from a first device; 
receiving a notification from a server that hosts a user account, the notification including an indication of a sign-on attempt to the user account from a first device; 
identifying the sign-on attempt as a possible electronic intrusion into the user account; 


determining a location corresponding to the user account; 
determining a location of a user corresponding to the user account; 
communicating over a network, based on the location, a request to the first device associated with the user account for instructions to respond to the notification, the second device being distinct from the first device; 
communicating over a network, based on the location of the user, a request to a second device associated with the user;


receiving a response, over the network, responsive to the communicating of the request, 
the response including instructions to block access to the user account at the server; and 

communicating command information to the server based on the response.
communicating command information to the server based on the response, the command information including a command to block access to the user account.


	U.S. Patent No. 10,491,612 does not disclose registering a first device associated with a user account to receive notifications regarding possible electronic intrusions or communicating to the first device a second request for additional instructions.
Grim (US 2013/0104198) teaches registering a first device associated with a user account to receive notifications regarding possible electronic intrusions Grim paragraph 0035 i.e. In order for a mobile authentication device 208 (i.e. claimed first device) to authenticate an authenticating service 204, the two first need to be paired together. The pairing process includes the communication of any information that is required for subsequent authentication requests to succeed. For example, if the authenticating service 204 wishes to require one-time-passwords (OTP) to validate authentication requests, the pairing process will establish a shared secret (analogous to an encryption key) between the mobile authentication device 208 and the authenticating service 204. When a subsequent authentication request is made, the mobile authentication device 208 will use this shared secret to generate the OTP, and the authentication will use it to verify that the OTP is correct and paragraph 0039);

	
	Bailey teaches communicating to the first device a second request for additional instructions (see Bailey figure 15 and column 10 line 58 — column 11 line 20 If required, a request for approval is then sent to the account owner at Block 1550. For example, an email message may be sent by the transaction server 314 to the account owner device 116, such as a device operated by a parent, requesting approval of the account owner. The email message may provide access to control panels analogous to FIGS. 7, 8 and/or 9 as were described above. These control panels may be adapted to the e-commerce environment. For example, an additional option may be provided in FIG. 8 to "Automatically approve if amount is less than $.sub.------------", with a drop-down box or slider provided to select the amount. Other options to approve by transaction frequency, type, source, etc., may be provided. A determination is then made at Block 1560 as to whether approval is received. If yes, then the transaction is completed at Block 1570. If not, the transaction is terminated).


With respect to 16/656833 claim 11, U.S. Patent No. 10,491,612 claim 1teaches.
16/656833 Claim 11
10,491,612 claim 1
A system comprising: at least one hardware processor and executable instructions accessible on a computer-readable medium that, when executed, cause the at least one hardware processor to perform operations comprising: 
A system comprising: at least one hardware processor and executable instructions accessible on a computer-readable medium that, when executed, cause the at least one hardware processor to perform operations comprising: 



receiving a notification from a server, the notification including an indication of a sign-on attempt to a user account from a first device; 

receiving a notification from a server that hosts a user account, the notification including an indication of a sign-on attempt to the user account from a first device; 
identifying the sign-on attempt as a possible electronic intrusion into the user account; 

determining a location corresponding to the user account; 
determining a location of a user corresponding to the user account;
communicating over a network, based on the location, a request to the first device associated with the user account for instructions to respond to the notification, the second device being distinct from the first device; 
communicating over a network, based on the location of the user, a request to a second device associated with the user;
receiving a response, over the network, responsive to the communicating of the request; and 
receiving a response, over the network, responsive to the communicating of the request, the response including instructions to block access to the user account at the server; and
communicating command information to the server based on the response.
communicating command information to the server based on the response, the command information including a command to block access to the user account.


U.S. Patent No. 10,491,612 does not disclose registering a first device associated with a user account to receive notifications regarding possible electronic intrusions or communicating to the first device a second request for additional instructions.
Grim (US 2013/0104198) teaches registering a first device associated with a user account to receive notifications regarding possible electronic intrusions Grim paragraph 0035 i.e. In order for a mobile authentication device 208 (i.e. claimed first device) to authenticate an authenticating service 204, the two first need to be paired together. The pairing process includes the communication of any information that is required for subsequent authentication requests to succeed. For example, if the authenticating service 204 wishes to require one-time-passwords (OTP) to validate authentication requests, the pairing process will establish a shared secret (analogous to an encryption key) between the mobile authentication device 208 and the authenticating service 204. When a subsequent authentication request is made, the mobile authentication device 208 will use this shared secret to generate the OTP, and the authentication will use it to verify that the OTP is correct and paragraph 0039);
It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to modify 10,491,612 in view of Grim (US 2013/0104198) to have registered a first device associated with a user account to receive notifications regarding possible electronic intrusions as way to supplement and fortify passwords authentication by preforming two-factor authentication before allowing a sign-on attempt for another device to access the user account (see Grim paragraph 0005-0006). Therefore one would have been motivated to have registered a first device associated with a user account to receive notifications regarding possible electronic intrusions as a way supplement and fortify passwords authentication
	
	Bailey teaches communicating to the first device a second request for additional instructions (see Bailey figure 15 and column 10 line 58 — column 11 line 20 If required, a request for approval is then sent to the account owner at Block 1550. For example, an email message may be sent by the transaction server 314 to the account owner device 116, such as a device operated by a parent, requesting approval of the account owner. The email message may provide access to control panels analogous to FIGS. 7, 8 and/or 9 as were described above. These control panels may be adapted to the e-commerce environment. For example, an additional option may be provided in FIG. 8 to "Automatically approve if amount is less than $.sub.------------", with a drop-down box or slider provided to select the amount. Other options to approve by transaction frequency, type, source, etc., may be provided. A determination is then made at Block 1560 as to whether approval is received. If yes, then the transaction is completed at Block 1570. If not, the transaction is terminated).
	It would have been obvious at the time the invention was made to a person having ordinary skill in the art to which said subject matter pertains to have used a two-party, role-based verification that allows an administrator or owner of an account to control and manage the activity of authorized users on an account such that when the administrator has not defined a policy that applies to a particular authorized user, a notification may be sent to the administrator in response to an activity performed by the authorized user. The notification may request approval from the administrator to allow the authorized user to complete the activity as a way to make sure only authorized activity are allowed (see Bailey column 1 line 57 — column 2 line 34). Therefore one would have been motivated to have requested approval from the account owner.

With respect to 16/656833 claim 18, U.S. Patent No. 10,491,612 claim 1 teaches.
16/656833 Claim 18
10,491,612 claim 1
A machine-readable medium, having no transitory signals, that stores instructions and, when executed by at least one processor, causes the at least one processor to perform operations comprising: 
A system comprising: at least one hardware processor and executable instructions accessible on a computer-readable medium that, when executed, cause the at least one hardware processor to perform operations comprising: 



receiving a notification from a server, the notification including an indication of a sign-on attempt to a user account from a first device; 

receiving a notification from a server that hosts a user account, the notification including an indication of a sign-on attempt to the user account from a first device; 
identifying the sign-on attempt as a possible electronic intrusion into the user account; 

determining a location corresponding to the user account; 
determining a location of a user corresponding to the user account;
communicating over a network, based on the location, a request to the first device associated with the user account for instructions to respond to the notification, the second device being distinct from the first device; 
communicating over a network, based on the location of the user, a request to a second device associated with the user;
receiving a response, over the network, responsive to the communicating of the request; and 

receiving a response, over the network, responsive to the communicating of the request, the response including instructions to block access to the user account at the server; and
communicating command information to the server based on the response.
communicating command information to the server based on the response, the command information including a command to block access to the user account.


U.S. Patent No. 10,491,612 does not disclose registering a first device associated with a user account to receive notifications regarding possible electronic intrusions or communicating to the first device a second request for additional instructions.
Grim (US 2013/0104198) teaches registering a first device associated with a user account to receive notifications regarding possible electronic intrusions Grim paragraph 0035 i.e. In order for a mobile authentication device 208 (i.e. claimed first device) to authenticate an authenticating service 204, the two first need to be paired together. The pairing process includes the communication of any information that is required for subsequent authentication requests to succeed. For example, if the authenticating service 204 wishes to require one-time-passwords (OTP) to validate authentication requests, the pairing process will establish a shared secret (analogous to an encryption key) between the mobile authentication device 208 and the authenticating service 204. When a subsequent authentication request is made, the mobile authentication device 208 will use this shared secret to generate the OTP, and the authentication will use it to verify that the OTP is correct and paragraph 0039);
It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to modify 10,491,612 in view of Grim (US 2013/0104198) to have registered a first device associated with a user account to receive notifications regarding possible electronic intrusions as way to supplement and fortify passwords authentication by preforming two-factor authentication before allowing a sign-on attempt for another device to access the user account (see Grim paragraph 0005-0006). Therefore one would have been motivated to have registered a first device associated with a user account to receive notifications regarding possible electronic intrusions as a way supplement and fortify passwords authentication
	
	Bailey teaches communicating to the first device a second request for additional instructions (see Bailey figure 15 and column 10 line 58 — column 11 line 20 If required, a request for approval is then sent to the account owner at Block 1550. For example, an email message may be sent by the transaction server 314 to the account owner device 116, such as a device operated by a parent, requesting approval of the account owner. The email message may provide access to control panels analogous to FIGS. 7, 8 and/or 9 as were described above. These control panels may be adapted to the e-commerce environment. For example, an additional option may be provided in FIG. 8 to "Automatically approve if amount is less than $.sub.------------", with a drop-down box or slider provided to select the amount. Other options to approve by transaction frequency, type, source, etc., may be provided. A determination is then made at Block 1560 as to whether approval is received. If yes, then the transaction is completed at Block 1570. If not, the transaction is terminated).
	It would have been obvious at the time the invention was made to a person having ordinary skill in the art to which said subject matter pertains to have used a two-party, role-based verification that allows an administrator or owner of an account to control and manage the activity of authorized users on an account such that when the administrator has not defined a policy that applies to a particular authorized user, a notification may be sent to the administrator in response to an activity performed by the authorized user. The notification may request approval from the administrator to allow the authorized user to complete the activity as a way to make sure only authorized activity are allowed (see Bailey column 1 line 57 — column 2 line 34). Therefore one would have been motivated to have requested approval from the account owner.

Claim Rejections - 35 USC § 103
The following is a quotation of pre-AIA  35 U.S.C. 103(a) which forms the basis for all obviousness rejections set forth in this Office action:
(a) A patent may not be obtained though the invention is not identically disclosed or described as set forth in section 102, if the differences between the subject matter sought to be patented and the prior art are such that the subject matter as a whole would have been obvious at the time the invention was made to a person having ordinary skill in the art to which said subject matter pertains. Patentability shall not be negatived by the manner in which the invention was made.

Claims 1-7, 9, 11-16 and 18-20 are rejected under pre-AIA  35 U.S.C. 103(a) as being unpatentable over Grim (US 2013/0104198) in view of Bajenov et al (US 20130254857) in view of Bailey et al (8,863,226).
With respect to claim 1 Grim teaches a method comprising:
registering a first device associated with a user account to receive notifications regarding possible electronic intrusions (see Grim paragraph 0035 i.e. In order for a mobile authentication device 208 (i.e. claimed first device) to authenticate an authenticating service 204, the two first need to be paired together. The pairing process includes the communication of any information that is required for subsequent authentication requests to succeed. For example, if the authenticating service 204 wishes to require one-time-passwords (OTP) to validate authentication requests, the pairing process will establish a shared secret (analogous to an encryption key) between the mobile authentication device 208 and the authenticating service 204. When a subsequent authentication request is made, the mobile authentication device 208 will use this shared secret to generate the OTP, and the authentication will use it to verify that the OTP is correct and paragraph 0039);
determining a location corresponding to the sign-on attempt (see Grim paragraph 0042 i.e. if the request automation latency is critical, the mobile authentication device 208 can pre-seed the permission response when the state of the automation criterion changes to allow the authentication service to respond appropriately without necessarily being required to contact the mobile device on-demand. For example, the criterion automation state can change when the mobile device enters or exits geographic regions where the permission response has been automated. This particular kind of pre-seeding method is known as "geo-fencing." Many other methods may be used to pre-seed an automated permission response); 
communicating over a network, based on the location, a request to a second device associated with the user account for instructions to respond to the notification, the second device being distinct from the first device (see Grim paragraph 0042 i.e. if the request automation latency is critical, the mobile authentication device 208 can pre-seed the permission response when the state of the automation criterion changes to allow the authentication service to respond appropriately without necessarily being required to contact the mobile device on-demand. For example, the criterion automation state can change when the mobile device enters or exits geographic regions where the permission response has been automated. This particular kind of pre-seeding method is known as "geo-fencing." Many other methods may be used to pre-seed an automated permission response); 
receiving a response, over the network, responsive to the communicating of the request (see Grim paragraph 0042 i.e. In this embodiment, the permission request includes a designator of the authenticating service 502, an action description 504, a user name 506, and a terminal description 508. Having been presented with the relevant information to inform an authentication decision, the user may either grant or deny the permission request using the corresponding buttons 510, 512 and paragraph 0046 i.e. The mobile device 208 is configured to receive sensory input from the user to determine the permission response. Sensory input includes tactile input (e.g., pushing a button), verbal input, or kinds of input. The mobile device 208 then sends the permission response to the authentication service 206); and 
communicating command information to the server based on the response (see Grim paragraph 0047 i.e. As previously noted, the exemplary methods and systems discussed herein have focused on login actions to a web site. However, the authentication methods and systems described can be applied to any situation where access or actions need to be authenticated over a computer network… Another embodiment can include transaction verification, such as providing a means for credit card processors to verify all or a subset of credit card transactions).

Grim does not teach receiving a notification from a server, the notification including an indication of a sign-on attempt to the user account from a second device; communicating to the first device a second request for additional instructions.

Bajenov teaches receiving a notification from a server, the notification including an indication of a possible unwanted sign-on attempt to a user account from a second device (See Bajenov paragraph 0030 i.e. As mentioned above, the security manager 114 may interact with the authentication manager 212 and the suspicious login information database 220 to synthesize a suspicion index that characterizes the legitimacy of the login attempt, the authenticity of the user, and/or the suspiciousness associated with the source of the login attempt. In this context, the suspicion index can be synthesized according to an algorithm that weights various indicators of suspiciousness (e.g., source, geographic location, presence of information associated with the login attempt in the suspicious login information database 220, etc.) in any desired combination. In one example, the suspicion index can be in the form of a numerical score assigned to a user session, indicating the probability that the session is created by an unauthorized or illegitimate user and paragraph 0039-0040 i.e. For example, even though the login information is not recorded in suspicious login information database 220, a prior suspicious login attempt could have originated at the source location thereby suggesting that, for example, a malicious party is attempting to access a number of user accounts using an ill-gotten collection of login information) and 	determining a location corresponding to the possible unwanted sign-on attempt (See Bajenov paragraph 0039 i.e. At step 404, the source location of the login attempt is determined and the suspicious login information database 220 is searched to determine if the source location has been scrutinized in the past for suspicious behavior).
It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to modify Grim in view of Bajenov to determine if the login attempt is a possible unwanted login by determining a suspicion index that characterizes the legitimacy of the login attempt. Where the suspicion index is synthesized according to an algorithm that weights various indicators of suspiciousness (e.g., source, geographic location, presence of information associated with the login attempt in the suspicious login information database 220, etc.) to detect a possible unwanted login and based on the suspicion index provide an addition security challenge to the user such as requiring the user to enter a security code sent to user through email or an SMS message sent to the user's mobile phone (see Bajenov paragraph 0031 and 0037). Therefore one would have been motivated to have determine if the login attempt is a possible unwanted login by determining a suspicion index that characterizes the legitimacy of the login attempt.
	
	Bailey teaches communicating to the first device a second request for additional instructions (see Bailey figure 15 and column 10 line 58 — column 11 line 20 If required, a request for approval is then sent to the account owner at Block 1550. For example, an email message may be sent by the transaction server 314 to the account owner device 116, such as a device operated by a parent, requesting approval of the account owner. The email message may provide access to control panels analogous to FIGS. 7, 8 and/or 9 as were described above. These control panels may be adapted to the e-commerce environment. For example, an additional option may be provided in FIG. 8 to "Automatically approve if amount is less than $.sub.------------", with a drop-down box or slider provided to select the amount. Other options to approve by transaction frequency, type, source, etc., may be provided. A determination is then made at Block 1560 as to whether approval is received. If yes, then the transaction is completed at Block 1570. If not, the transaction is terminated).
	It would have been obvious at the time the invention was made to a person having ordinary skill in the art to which said subject matter pertains to have used a two-party, role-based verification that allows an administrator or owner of an account to control and manage the activity of authorized users on an account such that when the administrator has not defined a policy that applies to a particular authorized user, a notification may be sent to the administrator in response to an activity performed by the authorized user. The notification may request approval from the administrator to allow the authorized user to complete the activity as a way to make sure only authorized activity are allowed (see Bailey column 1 line 57 — column 2 line 34). Therefore one would have been motivated to have requested approval from the account owner.

With respect to claim 2 Grim teaches the method of claim 1, further comprising registering the first device for communication of the request (see Grim paragraph 0035 i.e. In order for a mobile authentication device 208 to authenticate an authenticating service 204, the two first need to be paired together. The pairing process includes the communication of any information that is required for subsequent authentication requests to succeed. For example, if the authenticating service 204 wishes to require one-time-passwords ( OTP) to validate authentication requests, the pairing process will establish a shared secret (analogous to an encryption key) between the mobile authentication device 208 and the authenticating service 204. When a subsequent authentication request is made, the mobile authentication device 208 will use this shared secret to generate the OTP, and the authentication will use it to verify that the OTP is correct).
With respect to claim 3 Grim teaches the method of claim 2, wherein: the communicating of the request to the first device is further based on the registration of the user account (see Grim paragraph 0035 i.e. In order for a mobile authentication device 208 to authenticate an authenticating service 204, the two first need to be paired together. The pairing process includes the communication of any information that is required for subsequent authentication requests to succeed. For example, if the authenticating service 204 wishes to require one-time-passwords ( OTP) to validate authentication requests, the pairing process will establish a shared secret (analogous to an encryption key) between the mobile authentication device 208 and the authenticating service 204. When a subsequent authentication request is made, the mobile authentication device 208 will use this shared secret to generate the OTP, and the authentication will use it to verify that the OTP is correct).
With respect to claim 4 Grim teaches the method of claim 1, further comprising: identifying the possible unwanted sign-on attempt as a possible electronic intrusion into the user account (see Grim figure 5a and paragraphs 0028 i.e. When an authenticating service (e.g., a web site that requires a login or a car security computer) needs to authenticate a user action, an authentication request is sent to an authentication service. If the authentication request has been sent out by an authenticating service, then ostensibly a first authentication factor has already been provided. In the case of a web site, the first factor is normally a username/password combination and paragraph 0045).
With respect to claim 5 Grim teaches the method of claim 1, wherein the communicating of the command information comprises communicating command information including a command to block access to the user account (see Grim paragraph 0045 i.e. The screen shot 500 shows a permission request displayed on mobile device 208 that is running an Android operating system. In this embodiment, the permission request includes a designator of the authenticating service 502, an action description 504, a user name 506, and a terminal description 508. Having been presented with the relevant information to inform an authentication decision, the user may either grant or deny the permission request using the corresponding buttons 510, 512).
With respect to claim 7 Grim teaches the method of claim 1, but does not disclose further comprising receiving a second response, over the network, the second response including additional instructions associated with access to the user account at the server
Bailey teaches further comprising receiving a second response, over the network, the second response including additional instructions associated with access to the user account at the server (see Bailey figure 15 and column 10 line 58 — column 11 line 20 If required, a request for approval is then sent to the account owner at Block 1550. For example, an email message may be sent by the transaction server 314 to the account owner device 116, such as a device operated by a parent, requesting approval of the account owner. The email message may provide access to control panels analogous to FIGS. 7, 8 and/or 9 as were described above. These control panels may be adapted to the e-commerce environment. For example, an additional option may be provided in FIG. 8 to "Automatically approve if amount is less than $.sub.------------", with a drop-down box or slider provided to select the amount. Other options to approve by transaction frequency, type, source, etc., may be provided. A determination is then made at Block 1560 as to whether approval is received. If yes, then the transaction is completed at Block 1570. If not, the transaction is terminated).
	It would have been obvious at the time the invention was made to a person
having ordinary skill in the art to which said subject matter pertains to have requested
approval from the account owner via an email message to account owner device
requesting approval or disapproval before granting access to the account (see Bailey
column 10 line 58 — column 11 line 20). Therefore one would have been motivated to
have requested approval from the account owner.

With respect to claim 9 Grim teaches the method of claim 1, wherein the determining of the location corresponding to the possible unwanted sign-on attempt comprises receiving an indication of the location from the second device (see Grim paragraph 0026 i.e. This is done by leveraging the network connectivity and location awareness of modern mobile devices (such as smartphones, tablet computers, etc.) to provide an automated and unobtrusive authentication factor, which is typically a second factor of authentication to be used in conjunction with a first factor, for example a username/password login combination).
With respect to claim 11 Grim teaches a system comprising:
at least one hardware processor and executable instructions accessible on a computer-readable medium that, when executed, cause the at least one hardware processor to perform operations comprising:
registering a first device associated with a user account to receive notifications regarding possible electronic intrusions (see Grim paragraph 0035 i.e. In order for a mobile authentication device 208 (i.e. claimed first device) to authenticate an authenticating service 204, the two first need to be paired together. The pairing process includes the communication of any information that is required for subsequent authentication requests to succeed. For example, if the authenticating service 204 wishes to require one-time-passwords ( OTP) to validate authentication requests, the pairing process will establish a shared secret (analogous to an encryption key) between the mobile authentication device 208 and the authenticating service 204. When a subsequent authentication request is made, the mobile authentication device 208 will use this shared secret to generate the OTP, and the authentication will use it to verify that the OTP is correct and paragraph 0039),
receiving a notification from a server, the notification including an indication of a sign-on attempt to a user account from a first device (see Grim paragraph 0039 i.e. As one possible example, a user may use his laptop to attempt to log in to a web-based email service. Here, the laptop is the authenticating terminal 202 and the web-based email service is the authenticating service 204. The authenticating service 204 will likely, but not necessarily, require the user to present some kind of first factor authenticating information (e.g., a password). Using embodiments of methods and systems disclosed herein, the authenticating service 204 is providing the user with an additional second factor for authentication, and so it then initiates an authentication request through the authentication service 206 and provides the appropriate pairing identifier for the user that is attempting authentication. The authentication service 206 sends a permission request to the appropriate mobile authentication device 208 that responds with permission response as outlined herein); 
determining a location corresponding to the sign-on attempt (see Grim paragraph 0042 i.e. if the request automation latency is critical, the mobile authentication device 208 can pre-seed the permission response when the state of the automation criterion changes to allow the authentication service to respond appropriately without necessarily being required to contact the mobile device on-demand. For example, the criterion automation state can change when the mobile device enters or exits geographic regions where the permission response has been automated. This particular kind of pre-seeding method is known as "geo-fencing." Many other methods may be used to pre-seed an automated permission response); 
communicating over a network, based on the location, a request to a second device associated with the user account for instructions to respond to the notification, the second device being distinct from the first device (see Grim paragraph 0042 i.e. if the request automation latency is critical, the mobile authentication device 208 can pre-seed the permission response when the state of the automation criterion changes to allow the authentication service to respond appropriately without necessarily being required to contact the mobile device on-demand. For example, the criterion automation state can change when the mobile device enters or exits geographic regions where the permission response has been automated. This particular kind of pre-seeding method is known as "geo-fencing." Many other methods may be used to pre-seed an automated permission response); 
receiving a response, over the network, responsive to the communicating of the request (see Grim paragraph 0042 i.e. In this embodiment, the permission request includes a designator of the authenticating service 502, an action description 504, a user name 506, and a terminal description 508. Having been presented with the relevant information to inform an authentication decision, the user may either grant or deny the permission request using the corresponding buttons 510, 512 and paragraph 0046 i.e. The mobile device 208 is configured to receive sensory input from the user to determine the permission response. Sensory input includes tactile input (e.g., pushing a button), verbal input, or kinds of input. The mobile device 208 then sends the permission response to the authentication service 206); and 
communicating command information to the server based on the response (see Grim paragraph 0047 i.e. As previously noted, the exemplary methods and systems discussed herein have focused on login actions to a web site. However, the authentication methods and systems described can be applied to any situation where access or actions need to be authenticated over a computer network… Another embodiment can include transaction verification, such as providing a means for credit card processors to verify all or a subset of credit card transactions).
Grim does not teach receiving a notification from a server, the notification including an indication of a sign-on attempt to a user account from a first device; communicating to the first device a second request for additional instructions.
Bajenov teaches receiving a notification from a server, the notification including an indication of a possible unwanted sign-on attempt to a user account from a first device (See Bajenov paragraph 0030 i.e. As mentioned above, the security manager 114 may interact with the authentication manager 212 and the suspicious login information database 220 to synthesize a suspicion index that characterizes the legitimacy of the login attempt, the authenticity of the user, and/or the suspiciousness associated with the source of the login attempt. In this context, the suspicion index can be synthesized according to an algorithm that weights various indicators of suspiciousness (e.g., source, geographic location, presence of information associated with the login attempt in the suspicious login information database 220, etc.) in any desired combination. In one example, the suspicion index can be in the form of a numerical score assigned to a user session, indicating the probability that the session is created by an unauthorized or illegitimate user and paragraph 0039-0040 i.e. For example, even though the login information is not recorded in suspicious login information database 220, a prior suspicious login attempt could have originated at the source location thereby suggesting that, for example, a malicious party is attempting to access a number of user accounts using an ill-gotten collection of login information) and 	determining a location corresponding to the possible unwanted sign-on attempt (See Bajenov paragraph 0039 i.e. At step 404, the source location of the login attempt is determined and the suspicious login information database 220 is searched to determine if the source location has been scrutinized in the past for suspicious behavior).
It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to modify Grim in view of Bajenov to determine if the login attempt is a possible unwanted login by determining a suspicion index that characterizes the legitimacy of the login attempt. Where the suspicion index is synthesized according to an algorithm that weights various indicators of suspiciousness (e.g., source, geographic location, presence of information associated with the login attempt in the suspicious login information database 220, etc.) to detect a possible unwanted login and based on the suspicion index provide an addition security challenge to the user such as requiring the user to enter a security code sent to user through email or an SMS message sent to the user's mobile phone (see Bajenov paragraph 0031 and 0037). Therefore one would have been motivated to have determine if the login attempt is a possible unwanted login by determining a suspicion index that characterizes the legitimacy of the login attempt.
Bailey teaches communicating to the first device a second request for additional instructions (see Bailey figure 15 and column 10 line 58 — column 11 line 20 If required, a request for approval is then sent to the account owner at Block 1550. For example, an email message may be sent by the transaction server 314 to the account owner device 116, such as a device operated by a parent, requesting approval of the account owner. The email message may provide access to control panels analogous to FIGS. 7, 8 and/or 9 as were described above. These control panels may be adapted to the e-commerce environment. For example, an additional option may be provided in FIG. 8 to "Automatically approve if amount is less than $.sub.------------", with a drop-down box or slider provided to select the amount. Other options to approve by transaction frequency, type, source, etc., may be provided. A determination is then made at Block 1560 as to whether approval is received. If yes, then the transaction is completed at Block 1570. If not, the transaction is terminated).
	It would have been obvious at the time the invention was made to a person having ordinary skill in the art to which said subject matter pertains to have used a two-party, role-based verification that allows an administrator or owner of an account to control and manage the activity of authorized users on an account such that when the administrator has not defined a policy that applies to a particular authorized user, a notification may be sent to the administrator in response to an activity performed by the authorized user. The notification may request approval from the administrator to allow the authorized user to complete the activity as a way to make sure only authorized activity are allowed (see Bailey column 1 line 57 — column 2 line 34). Therefore one would have been motivated to have requested approval from the account owner.

With respect to claim 12 Grim teaches the system of claim 11, wherein the operations further comprise registering the first device for communication of the request (see grim paragraph 0035 i.e. In order for a mobile authentication device 208 to authenticate an authenticating service 204, the two first need to be paired together. The pairing process includes the communication of any information that is required for subsequent authentication requests to succeed. For example, if the authenticating service 204 wishes to require one-time-passwords ( OTP) to validate authentication requests, the pairing process will establish a shared secret (analogous to an encryption key) between the mobile authentication device 208 and the authenticating service 204. When a subsequent authentication request is made, the mobile authentication device 208 will use this shared secret to generate the OTP, and the authentication will use it to verify that the OTP is correct).

With respect to claim 13 Grim teaches the system of claim 11, wherein the operations further comprise: identifying the possible unwanted sign-on attempt as a possible electronic intrusion into the user account (see Grim figure 5a and paragraphs 0028 i.e. When an authenticating service (e.g., a web site that requires a login or a car security computer) needs to authenticate a user action, an authentication request is sent to an authentication service. If the authentication request has been sent out by an authenticating service, then ostensibly a first authentication factor has already been provided. In the case of a web site, the first factor is normally a username/password combination and paragraph 0045).

With respect to claim 14 Grim teaches the system of claim 11, wherein the operations further comprise wherein the communicating of the command information comprises communicating command information including a command to block access to the user account (see Grim paragraph 0045 i.e. The screen shot 500 shows a permission request displayed on mobile device 208 that is running an Android operating system. In this embodiment, the permission request includes a designator of the authenticating service 502, an action description 504, a user name 506, and a terminal description 508. Having been presented with the relevant information to inform an authentication decision, the user may either grant or deny the permission request using the corresponding buttons 510, 512).

With respect to claim 15 Grim teaches the system of claim 11, wherein the operations further comprise communicating a second request for additional instructions (see Grim paragraph 0046 i.e. The mobile device 208 also is configured to receive sensory input from the user to automate the permission response).

With respect to claim 16 Grim teaches the system of claim 11, but does not disclose wherein the operations further comprise receiving a second response, over the network, the second response including additional instructions associated with access to the user account at the server.
Bailey teaches further comprising receiving a second response, over the network, the second response including additional instructions associated with access to the user account at the server (see Bailey figure 15 and column 10 line 58 — column 11 line 20 If required, a request for approval is then sent to the account owner at Block 1550. For example, an email message may be sent by the transaction server 314 to the account owner device 116, such as a device operated by a parent, requesting approval of the account owner. The email message may provide access to control panels analogous to FIGS. 7, 8 and/or 9 as were described above. These control panels may be adapted to the e-commerce environment. For example, an additional option may be provided in FIG. 8 to "Automatically approve if amount is less than $.sub.------------", with a drop-down box or slider provided to select the amount. Other options to approve by transaction frequency, type, source, etc., may be provided. A determination is then made at Block 1560 as to whether approval is received. If yes, then the transaction is completed at Block 1570. If not, the transaction is terminated).
	It would have been obvious at the time the invention was made to a person having ordinary skill in the art to which said subject matter pertains to have used a two-party, role-based verification that allows an administrator or owner of an account to control and manage the activity of authorized users on an account such that when the administrator has not defined a policy that applies to a particular authorized user, a notification may be sent to the administrator in response to an activity performed by the authorized user. The notification may request approval from the administrator to allow the authorized user to complete the activity as a way to make sure only authorized activity are allowed (see Bailey column 1 line 57 — column 2 line 34). Therefore one would have been motivated to have requested approval from the account owner.

With respect to claim 18 Grim teaches a machine-readable medium, having no transitory signals, that stores instructions and, when executed by at least one processor, causes the at least one processor to perform operations comprising:
registering a first device associated with a user account to receive notifications regarding possible electronic intrusions (see Grim paragraph 0035 i.e. In order for a mobile authentication device 208 (i.e. claimed first device) to authenticate an authenticating service 204, the two first need to be paired together. The pairing process includes the communication of any information that is required for subsequent authentication requests to succeed. For example, if the authenticating service 204 wishes to require one-time-passwords ( OTP) to validate authentication requests, the pairing process will establish a shared secret (analogous to an encryption key) between the mobile authentication device 208 and the authenticating service 204. When a subsequent authentication request is made, the mobile authentication device 208 will use this shared secret to generate the OTP, and the authentication will use it to verify that the OTP is correct and paragraph 0039);
receiving a notification from a server, the notification including an indication of a sign-on attempt to a user account from a first device (see Grim paragraph 0039 i.e. As one possible example, a user may use his laptop to attempt to log in to a web-based email service. Here, the laptop is the authenticating terminal 202 and the web-based email service is the authenticating service 204. The authenticating service 204 will likely, but not necessarily, require the user to present some kind of first factor authenticating information (e.g., a password). Using embodiments of methods and systems disclosed herein, the authenticating service 204 is providing the user with an additional second factor for authentication, and so it then initiates an authentication request through the authentication service 206 and provides the appropriate pairing identifier for the user that is attempting authentication. The authentication service 206 sends a permission request to the appropriate mobile authentication device 208 that responds with permission response as outlined herein); 
determining a location corresponding to the sign-on attempt (see Grim paragraph 0042 i.e. if the request automation latency is critical, the mobile authentication device 208 can pre-seed the permission response when the state of the automation criterion changes to allow the authentication service to respond appropriately without necessarily being required to contact the mobile device on-demand. For example, the criterion automation state can change when the mobile device enters or exits geographic regions where the permission response has been automated. This particular kind of pre-seeding method is known as "geo-fencing." Many other methods may be used to pre-seed an automated permission response); 
communicating over a network, based on the location, a request to a second device associated with the user account for instructions to respond to the notification, the second device being distinct from the first device (see Grim paragraph 0042 i.e. if the request automation latency is critical, the mobile authentication device 208 can pre-seed the permission response when the state of the automation criterion changes to allow the authentication service to respond appropriately without necessarily being required to contact the mobile device on-demand. For example, the criterion automation state can change when the mobile device enters or exits geographic regions where the permission response has been automated. This particular kind of pre-seeding method is known as "geo-fencing." Many other methods may be used to pre-seed an automated permission response); 
receiving a response, over the network, responsive to the communicating of the request (see Grim paragraph 0042 i.e. In this embodiment, the permission request includes a designator of the authenticating service 502, an action description 504, a user name 506, and a terminal description 508. Having been presented with the relevant information to inform an authentication decision, the user may either grant or deny the permission request using the corresponding buttons 510, 512 and paragraph 0046 i.e. The mobile device 208 is configured to receive sensory input from the user to determine the permission response. Sensory input includes tactile input (e.g., pushing a button), verbal input, or kinds of input. The mobile device 208 then sends the permission response to the authentication service 206); and 
communicating command information to the server based on the response (see Grim paragraph 0047 i.e. As previously noted, the exemplary methods and systems discussed herein have focused on login actions to a web site. However, the authentication methods and systems described can be applied to any situation where access or actions need to be authenticated over a computer network… Another embodiment can include transaction verification, such as providing a means for credit card processors to verify all or a subset of credit card transactions).
Grim does not teach receiving a notification from a server, the notification including an indication of a sign-on attempt to a user account from a first device; communicating to the first device a second request for additional instructions.
Bajenov teaches receiving a notification from a server, the notification including an indication of a possible unwanted sign-on attempt to a user account from a first device (See Bajenov paragraph 0030 i.e. As mentioned above, the security manager 114 may interact with the authentication manager 212 and the suspicious login information database 220 to synthesize a suspicion index that characterizes the legitimacy of the login attempt, the authenticity of the user, and/or the suspiciousness associated with the source of the login attempt. In this context, the suspicion index can be synthesized according to an algorithm that weights various indicators of suspiciousness (e.g., source, geographic location, presence of information associated with the login attempt in the suspicious login information database 220, etc.) in any desired combination. In one example, the suspicion index can be in the form of a numerical score assigned to a user session, indicating the probability that the session is created by an unauthorized or illegitimate user and paragraph 0039-0040 i.e. For example, even though the login information is not recorded in suspicious login information database 220, a prior suspicious login attempt could have originated at the source location thereby suggesting that, for example, a malicious party is attempting to access a number of user accounts using an ill-gotten collection of login information) and 	determining a location corresponding to the possible unwanted sign-on attempt (See Bajenov paragraph 0039 i.e. At step 404, the source location of the login attempt is determined and the suspicious login information database 220 is searched to determine if the source location has been scrutinized in the past for suspicious behavior).
It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to modify Grim in view of Bajenov to determine if the login attempt is a possible unwanted login by determining a suspicion index that characterizes the legitimacy of the login attempt. Where the suspicion index is synthesized according to an algorithm that weights various indicators of suspiciousness (e.g., source, geographic location, presence of information associated with the login attempt in the suspicious login information database 220, etc.) to detect a possible unwanted login and based on the suspicion index provide an addition security challenge to the user such as requiring the user to enter a security code sent to user through email or an SMS message sent to the user's mobile phone (see Bajenov paragraph 0031 and 0037). Therefore one would have been motivated to have determine if the login attempt is a possible unwanted login by determining a suspicion index that characterizes the legitimacy of the login attempt.
Bailey teaches communicating to the first device a second request for additional instructions (see Bailey figure 15 and column 10 line 58 — column 11 line 20 If required, a request for approval is then sent to the account owner at Block 1550. For example, an email message may be sent by the transaction server 314 to the account owner device 116, such as a device operated by a parent, requesting approval of the account owner. The email message may provide access to control panels analogous to FIGS. 7, 8 and/or 9 as were described above. These control panels may be adapted to the e-commerce environment. For example, an additional option may be provided in FIG. 8 to "Automatically approve if amount is less than $.sub.------------", with a drop-down box or slider provided to select the amount. Other options to approve by transaction frequency, type, source, etc., may be provided. A determination is then made at Block 1560 as to whether approval is received. If yes, then the transaction is completed at Block 1570. If not, the transaction is terminated).
	It would have been obvious at the time the invention was made to a person
having ordinary skill in the art to which said subject matter pertains to have requested
approval from the account owner via an email message to account owner device
requesting approval or disapproval before granting access to the account (see Bailey
column 10 line 58 — column 11 line 20). Therefore one would have been motivated to
have requested approval from the account owner.

With respect to claim 19 Grim teaches the machine-readable medium of claim 18, wherein the operations further comprise registering the first device for communication of the request (see grim paragraph 0035 i.e. In order for a mobile authentication device 208 to authenticate an authenticating service 204, the two first need to be paired together. The pairing process includes the communication of any information that is required for subsequent authentication requests to succeed. For example, if the authenticating service 204 wishes to require one-time-passwords ( OTP) to validate authentication requests, the pairing process will establish a shared secret (analogous to an encryption key) between the mobile authentication device 208 and the authenticating service 204. When a subsequent authentication request is made, the mobile authentication device 208 will use this shared secret to generate the OTP, and the authentication will use it to verify that the OTP is correct).

With respect to claim 20 Grim teaches the machine-readable medium of claim 18, wherein the operations further comprise identifying the possible unwanted sign-on attempt as a possible electronic intrusion into the user account (see Grim figure 5a and paragraphs 0028 i.e. When an authenticating service (e.g., a web site that requires a login or a car security computer) needs to authenticate a user action, an authentication request is sent to an authentication service. If the authentication request has been sent out by an authenticating service, then ostensibly a first authentication factor has already been provided. In the case of a web site, the first factor is normally a username/password combination and paragraph 0045).

Claims 8, 10 and 17 are rejected under pre-AIA  35 U.S.C. 103(a) as being unpatentable over Grim (US 2013/0104198) in view of Bajenov et al (US 20130254857) in view of Bailey et al (8,863,226) in further view of Slonecker JR. (2007/0045403).
	With respect to claim 8, Grim teaches the method of claim 7, but does not disclose further comprising sending a command to unblock access to the user account.
	Slonecker teaches further comprising sending a command to unblock access to the user account (see Slonecker paragraph 0009-0010 i.e. a financial account card owner is able to lock or unlock a card by providing a user request via an appropriate delivery channel to a card processor. The user request may be a request to lock an active or operable card, or to unlock a card that has previously been locked. The delivery channel for delivering the card owner request to the card processor may include, for example, a telephone, e.g., using a voice response unit (VRU), an automated teller machine (ATM), and/or a computer network interface, such as an online interface via an internet web site. The card owner request is forwarded via the selected delivery channel to a card processor implemented in a computer system that performs the requested card locking or unlocking operation. The card processor computer system may be operated by a bank, financial institution, or other entity that issues the financial account card to the card owner). 
It would have been obvious at the time the invention was made to a person having ordinary skill in the art to which said subject matter pertains to send a request to unblock access to an account (see Slonecker paragraph 0009-0010 i.e. a financial account card owner is able to lock or unlock a card by providing a user request via an appropriate delivery channel to a card processor. The user request may be a request to lock an active or operable card, or to unlock a card that has previously been locked. The delivery channel for delivering the card owner request to the card processor may include, for example, a telephone, e.g., using a voice response unit (VRU), an automated teller machine (ATM), and/or a computer network interface, such as an online interface via an internet web site. The card owner request is forwarded via the selected delivery channel to a card processor implemented in a computer system that performs the requested card locking or unlocking operation. The card processor computer system may be operated by a bank, financial institution, or other entity that issues the financial account card to the card owner). Therefore one would have been motivated to have sent a status update to unblock access.

With respect to claim 10, Grim teaches the method of claim 1, but does not disclose further comprising: receiving a status update for the user account; and based on the status update, communicating updated command information to the server, the updated command information including a command to unblock access to the user account.
Slonecker teaches further comprising: receiving a status update for the user account; and based on the status update, communicating updated command information to the server, the updated command information including a command to unblock access to the user account (see Slonecker paragraph 0009-0010 i.e. a financial account card owner is able to lock or unlock a card by providing a user request via an appropriate delivery channel to a card processor. The user request may be a request to lock an active or operable card, or to unlock a card that has previously been locked. The delivery channel for delivering the card owner request to the card processor may include, for example, a telephone, e.g., using a voice response unit (VRU), an automated teller machine (ATM), and/or a computer network interface, such as an online interface via an internet web site. The card owner request is forwarded via the selected delivery channel to a card processor implemented in a computer system that performs the requested card locking or unlocking operation. The card processor computer system may be operated by a bank, financial institution, or other entity that issues the financial account card to the card owner). 
It would have been obvious at the time the invention was made to a person having ordinary skill in the art to which said subject matter pertains to send a request to unblock access to an account (see Slonecker paragraph 0009-0010). Therefore one would have been motivated to have sent a status update to unblock access.
	
With respect to claim 17 Grim teaches the system of claim 16, but does not disclose wherein the operations further comprise sending a command to unblock access to the user account.
Slonecker teaches wherein the operations further comprise sending a command to unblock access to the user account (see Slonecker paragraph 0009-0010). 
It would have been obvious at the time the invention was made to a person having ordinary skill in the art to which said subject matter pertains to send a request to unblock access to an account (see Slonecker paragraph 0009-0010). Therefore one would have been motivated to have sent a status update to unblock access.

Prior Art
	Kalavade et al (US 2003/0051041) titled “Method And Apparatus For Integrating Billing And Authentication Functions In Local Area And Wide Area Wireless Data Networks” teaches a two-factor authentication scheme, which uses a combination of a shared secret (login/password) and the SIM on a user's phone 30. Briefly, the user first logs in through a login and password. This login/password is stored in the CBG local database 14. This mechanism integrates with the existing RADIUS servers at a hotspot location. Subsequently, the authentication system validates the user with an additional secret token using the user's phone 30.

Conclusion
Any inquiry concerning this communication or earlier communications from the examiner should be directed to DEVIN E ALMEIDA whose telephone number is (571)270-1018.  The examiner can normally be reached on Monday-Thursday from 7:30 A.M. to 5:00 P.M.  The examiner can also be reached on alternate Fridays from 7:30 A.M. to 4:00 P.M. 
If attempts to reach the examiner by telephone are unsuccessful, the examiner's supervisor, Saleh Najjar, can be reached on 571-272-4006. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system.  Status information for published applications may be obtained from either Private PAIR or Public PAIR.  Status information for unpublished applications is available through Private PAIR only.  For more information about the PAIR system, see http://pair-direct.uspto.gov. Should you have questions on access to the Private PAIR system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free).

/DEVIN E ALMEIDA/Examiner, Art Unit 2492                                                                                                                                                                                                        
/ARAVIND K MOORTHY/Primary Examiner, Art Unit 2492