DETAILED ACTION
1.	The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .
2.	This communication is in response to applicant's amendment dated 11/19/2021 and interview dated 2/22/2022.
3.	Applicant's remarks, filed on 11/19/2021, with respect to the art rejection of the claims have been fully considered and they are persuasive as amended and in the light of the Examiner's amendments. 
EXAMINER’S AMENDMENT
4.1.	An examiner’s amendment to the record appears below. Should the changes and/or additions be unacceptable to applicant, an amendment may be filed as provided by 37 CFR 1.312. To ensure consideration of such an amendment, it MUST be submitted no later than the payment of the issue fee. 
Authorization for this examiner’s amendment was given in a telephone interview with Emily S. White (Reg. No. 70,588) on 2/22/2022.

4.2.	This listing of claims will replace all prior versions and listings of claims in the application:
1.	(Currently Amended) An enterprise server for performing two-way authentication with a mobile device in a network, the enterprise server comprising:
a memory; 
a transceiver; and
at least one processor, coupled to the memory, configured to: 
;
calculate an authenticity score based on the received UCR[[,]]; 
validate or invalidate an authenticity of the mobile device based on the authenticity score;[[,]] 
upon invalidating the authenticity of the mobile device, deny the mobile device a connection to the network;[[,]]
upon validating the authenticity of the mobile device, generate a one-time pre-shared secret based on a knowledge of a prior context, the prior context comprising a prior behavioral context;[[,]] and
control the transceiver to transmit the one-time pre-shared secret to the mobile device for the mobile device to validate an authenticity of the enterprise server based on the transmitted one-time pre-shared secret to perform the two-way authentication,
wherein the authenticity score for validating the mobile device is calculated based on the received UCR and a previously stored UCR that the enterprise server previously received from the mobile device and that comprises the prior behavioral context, and
wherein the one-time pre-shared secret is generated based on the previously stored UCR as an evidence of authenticity of the enterprise server.

2.	(Canceled) 

1, wherein the authenticity score is a logical multi-factor distance between the received UCR and the previously stored UCR.

4.	(Previously Presented) The enterprise server according to claim 3, wherein the at least one processor is further configured to:
validate or invalidate the authenticity of the mobile device based on whether the calculated authenticity score meets a predetermined risk threshold;
invalidate the authenticity of the mobile device by determining the calculated authenticity score does not meet the predetermined risk threshold;
validate the authenticity of the mobile device by determining the calculated authenticity score meets a predetermined risk threshold; and
in response to validating the authenticity of the mobile device, allow the mobile device to connect to the network.

5.	(Currently Amended) The enterprise server according to claim [[2]]1, 
wherein the one-time pre-shared secret transmitted to the mobile device includes a hash value of the previously stored UCR, and
wherein the hash value is sent as a single-use pre-shared secret to confirm the authenticity of the enterprise server.

6.	(Original) The enterprise server according to claim 1, wherein the received UCR comprises hashed data blocks. 

7.	(Previously Presented) The enterprise server according to claim 6, 
wherein the hashed data blocks received for an initial session with the enterprise server include a one-time random nonce block, and
wherein the at least one processor is further configured to substitute at least one of a root hash or one or more of interior hash blocks of a prior Merkle context tree to the hashed data blocks received for any subsequent sessions with the enterprise server. 

8.	(Original) The enterprise server according to claim 6, wherein the at least one processor is further configured to: 
construct a Merkle context tree based on the hashed data blocks, and
generate hash blocks including interior hash blocks and a root hash of the Merkle context tree. 

9.	(Original) The enterprise server according to claim 8, wherein the at least one processor is further configured to: 
calculate the authenticity score based on a degree of match between the constructed Merkle context tree and a prior Merkle context tree, and
allow a connection to a mobile device when the authenticity score based on the degree of match is greater than a threshold value for allowable risk set by the enterprise server.



11.	(Currently Amended) A method of an enterprise server for performing two-way authentication with a mobile device in a network, the method comprising:
receiving, by an enterprise server of the network, a user context record (UCR) generated based on one or more sensors of the mobile device when the mobile device initiates a connection request to the network;
calculating, by the enterprise server, an authenticity score based on the received UCR; 
validating or invalidating, by the enterprise server, an authenticity of the mobile device based on the authenticity score; 
upon invalidating the authenticity of the mobile device, deny the mobile device a connection to the network;
upon validating the authenticity of the mobile device, generating, by the enterprise server, a one-time pre-shared secret based on a knowledge of a prior context, the prior context comprising a prior behavioral context; and 
transmitting the one-time pre-shared secret to the mobile device for the mobile device to validate an authenticity of the enterprise server based on the transmitted one-time pre-shared secret to perform the two-way authentication,
wherein the authenticity score for validating the mobile device is calculated based on the received UCR and a previously stored UCR that the enterprise server previously received from the mobile device and that comprises the prior behavioral context, and
wherein the one-time pre-shared secret is generated based on the previously stored UCR as an evidence of authenticity of the enterprise server.

12.	(Canceled) 

13.	(Currently Amended) The method according to claim [[12]]11, wherein the authenticity score is a logical multi-factor distance between the received UCR and the previously stored UCR.

14.	(Previously Presented) The method according to claim 13, further comprising:
validating or invalidating the authenticity of the mobile device based on whether the calculated authenticity score meets a predetermined risk threshold;
invalidating the authenticity of the mobile device by determining the calculated authenticity score does not meet the predetermined risk threshold;
validating the authenticity of the mobile device by determining the calculated authenticity score meets a predetermined risk threshold; and
in response to validating the authenticity of the mobile device, allowing the mobile device to connect to the network.

11, 
wherein the one-time pre-shared secret transmitted to the mobile device includes a hash value of the previously stored UCR, and
wherein the hash value is sent only as a single-use pre-shared secret to confirm the authenticity of the enterprise server.

16.	(Original) The method according to claim 11, wherein the received UCR comprises hashed data blocks. 

17.	(Original) The method according to claim 16, 
wherein the hashed data blocks for an initial session with the enterprise server include a one-time random nonce block, and
wherein the hashed data blocks for subsequent sessions with the enterprise server include at least one of a root hash or one or more of interior hash blocks of a Merkle context tree. 

18.	(Original) The method according to claim 16, further comprising: 
constructing a Merkle context tree based on the hashed data blocks, and
generating hash blocks including interior hash blocks and a root hash of the Merkle context tree. 

19.	(Original) The method according to claim 18, further comprising: 

allowing a connection to a mobile device when the authenticity score based on the degree of match is greater than a threshold value for allowable risk set by the enterprise server.

20.	(Previously Presented) The method according to claim 18, wherein the one-time pre-shared secret transmitted to the mobile device comprises one or more hash blocks of a prior Merkle tree for confirming the authenticity of the enterprise server. 

21.	(Currently Amended) A mobile device for performing two-way authentication with an enterprise server in a network, the mobile device comprising:
a memory; 
one or more sensors; and
at least one processor, coupled to the memory, configured to:
initiate a connection request to the enterprise server;[[,]]
generate a user context record (UCR) based on the one or more sensors when the connection request is initialized;[[,]]
transmit the UCR to the enterprise server for the enterprise server to validate an authenticity of the mobile device;[[,]] 
receive, as an evidence of authenticity of the enterprise server, a one-time pre-shared secret from the enterprise server when the authenticity of the mobile device is validated, the one-time pre-shared secret being based on a knowledge the one-time pre-shared secret being based on a previously provided UCR that the mobile device previously transmitted to the enterprise server and that comprises the prior behavioral context; and 
validate an authenticity of the enterprise server based on the one-time pre-shared secret received to perform the two-way authentication.

22.	(Currently Amended) The mobile device according to claim 21, 
wherein the one-time pre-shared secret received by the mobile device includes a hash value of [[a]]the previously provided UCR that the mobile device previously transmitted to the enterprise server and that comprises the prior behavioral context, and
wherein the hash value is received only as a one-time pre-shared secret to confirm the authenticity of the enterprise server.

23.	(Original) The mobile device according to claim 22, wherein the at least one processor is further configured to compare the received hash value with a prior hash value stored in a memory of the mobile device to validate the authenticity of the enterprise server before connecting to the enterprise server.

24.	(Original) The mobile device according to claim 21, wherein the UCR comprises hashed data blocks. 


construct a Merkle context tree based on the hashed data blocks, and
generate hash blocks including interior hash blocks and a root hash of the Merkle context tree. 

26.	(Currently Amended) A method of a mobile device for performing two-way authentication with an enterprise server in a network, the method comprising:
initiating a connection request to the enterprise server;
generating, by a mobile device, a user context record (UCR) based on one or more sensors of the mobile device when the connection request to the network; 
transmitting, by the mobile device, the UCR to the enterprise server for the enterprise server to validate an authenticity of the mobile device; 
receiving, by the mobile device, as an evidence of authenticity of the enterprise server, a one-time pre-shared secret from the enterprise server when the authenticity of the mobile device is validated, the one-time pre-shared secret being based on a knowledge of a prior context, the prior context comprising a prior behavioral context, the one-time pre-shared secret being based on a previously provided UCR that the mobile device previously transmitted to the enterprise server and that comprises the prior behavioral context; and 
validating, by the mobile device, an authenticity of the enterprise server based on the one-time pre-shared secret received to perform the two-way authentication.


wherein the one-time pre-shared secret received by the mobile device includes a hash value of [[a]]the previously provided UCR that the mobile device previously transmitted to the enterprise server and that comprises the prior behavioral context, and
wherein the hash value is received only as a one-time pre-shared secret to confirm the authenticity of the enterprise server.

28.	(Original) The method according to claim 27, further comprising:
 comparing the received hash value with prior hash value stored in a memory of the mobile device to validate the authenticity of the enterprise server before connecting to the enterprise server.

29.	(Original) The method according to claim 26, wherein the UCR comprises hashed data blocks. 

30.	(Original) The method according to claim 29, further comprising: 
constructing a Merkle context tree based on the hashed data blocks, and
generating hash blocks including interior hash blocks and a root hash of the Merkle context tree.
Allowable Subject Matter
5.1.	Claims 1, 3-11, 13-30 are allowed.



b).  US Patent Application No. 20070220253 to Law et al discloses a communication system and method are configured for mutual authentication between two parties. In one embodiment a first party generates a first one-time password and sends it to a second party. The second party authenticates the first party by generating a one-time password using the same algorithm, secrets and parameters and matching it with the received first one-time password. If the received first one-time password matches with a generated password, the second party generates a consecutive one-time password, and sends it to the first party. The first party authenticates the consecutive one-time password by generating a one-time password consecutive to the first one-time password and matching with the received consecutive one-time password. If they match, the mutual authentication is completed successfully.

c).  US Patent Application No. 20140344128 to Nikankin et al discloses a financial distress rating system is provided to forecast potential episodes of financial risk. The financial distress rating system can also predict the probability of financial distress at certain times. The financial distress rating system can utilize mobile operator data as well as transaction history of the user to predict with much greater accuracy than profiling methods alone. The forecasts of financial distress can be used to assess the risk of delayed payments (e.g., to the mobile operator, creditors, utilities, services, banks, etc). The forecasts of financial distress can also be used to market goods and services to the customer based on the financial distress rating. For instance, overdraft protection, short term loans, and other financial services can be offered to customers that are facing a period of financial distress.

5.3. 	The following is an examiner's statement of reasons for allowance: thecombination of Das et al., , Law et al., Nikankin et al., and Scott et al., whether alone or in combination with the other prior arts of record fail to teach or render obvious "…calculate an authenticity score based on the received UCR; validate or invalidate an authenticity of the mobile device based on the authenticity score; upon invalidating the authenticity of the mobile device, deny the mobile device a connection to the network; upon validating the authenticity of the mobile device, generate a one-time pre-shared secret based on a knowledge of a prior context, the prior context comprising a prior behavioral context; and control the transceiver to transmit the one-time pre-shared secret to the mobile device for the mobile device to validate an authenticity of the enterprise server based on the transmitted one-time pre-shared secret to perform the 
Therefore, independent claim 1 is allowable over the prior arts of record.  The other independent claims 11, 21, 26 recite similar subject matter server (side/client sider verification). Consequently, independent claims 11, 21, 26 are also allowable over the prior arts of record.
Claims 3-10, 13-20, 22-25, 27-30 are directly or indirectly dependent upon claims 1, 11, 21, 26 therefore, they are also allowable over the prior arts of record.

Conclusion
6.	Any inquiry concerning this communication or earlier communications from the examiner should be directed to HARUNUR RASHID whose telephone number is (571)270-7195. The examiner can normally be reached 9 AM to 5PM.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Eleni A. Shiferaw can be reached on (571) 272-3867. The fax phone 
Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. Visit https://www.uspto.gov/patents/apply/patent-center for more information about Patent Center and https://www.uspto.gov/patents/docx for information about filing in DOCX format. For additional questions, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.

HARUNUR . RASHID
Primary Examiner
Art Unit 2497



/HARUNUR RASHID/Primary Examiner, Art Unit 2497