Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .

DETAILED ACTION
This is a Final Office action in response to communications received November 30, 2021.  NO Claims have been amended, added or canceled.  Therefore, claims 1-20 are pending and addressed below. 


Claim Rejections - 35 USC § 102
In the event the determination of the status of the application as subject to AIA  35 U.S.C. 102 and 103 (or as subject to pre-AIA  35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status.  

The following is a quotation of the appropriate paragraphs of 35 U.S.C. 102 that form the basis for the rejections under this section made in this Office action:
A person shall be entitled to a patent unless –

(a)(1) the claimed invention was patented, described in a printed publication, or in public use, on sale or otherwise available to the public before the effective filing date of the claimed invention.



Claims 1-3, 5, 7-11, 13, 15-20 are rejected under 35 U.S.C. 102(a) (1) as being anticipated by Harrison (US2020/0195776 A1, file date 12/18/2018).

Claims 1, 9, 17:
With respect to claims 1, 9, 17, Harrison discloses a method/system for mutual authentication of communications/A computer program product for mutual authentication of communications (a service provider computing system in communication with devices of call recipients and caller, Figure 1) (a caller identification method, Figure 3), the computer program product comprising a computer readable storage medium having program instructions embodied therewith (a non-transitory computer readable medium having machine instructions stored thereon, 0006), the program instructions executable by a device to cause the device to/ comprising:
a memory with program instructions stored thereon; and a processor in communication with the memory (service provider computing system may also comprise a processor and a memory, 0004), wherein the program instructions are
executable by the processor to cause the system to:
detecting, at a consumer device, an incoming communication (a cold caller (i.e. 
an unknown and/or unexpected caller) places a telephone call to a call 
recipient, and the call recipient answers the telephone call, 0037, Figure 3, 302);
displaying, on the consumer device, a verification interface; receiving, from the consumer device, a first valid verification via the verification interface; (include a device identifier corresponding to the recipient computing device and/or biometric data 
corresponding to the call recipient, 0010) (The security token may include, for example, tokenized credentials that are unique to the call recipient, the message may include a device identifier (such as telephone or serial number of a mobile device being called), the message may include biometric data (e.g., a thumb print, facial recognition, voice signature, etc.) corresponding to the call recipient, the device identifier(s) and/or biometric data may be incorporated into the security token, 0039); 
in response to receiving the first valid verification, presenting, to an enterprise device, a
challenge interface; receiving, from the enterprise device, a second valid verification via the challenge interface; (the message may include credentials of the cold caller and may identify the call recipient, 0037, Figure 3, 308, 312, 314) (the service provider computing system 106 of the intermediary trust broker may then authenticate the cold caller credentials, 0042) (the service provider computing system 106 may also validate the identity of the call recipient, 0043);
in response to receiving the second valid verification, presenting, to both the consumer device and the enterprise device, a verification credential (the call recipient may be presented with a call verifier to help verify for the call recipient that the caller who initiated the telephone call (i.e., the entity with which the call recipient is speaking) is the same as the entity who has verified its identify via the service provider computing system 106, The call verifier may be, for example, a code spoken by the call recipient and by the caller, the call recipient may speak a catchphrase or an alphanumeric code, and the caller may enter the catchphrase or code into optional inclusions GUI 812 (e.g., at 816), The generated code may then be spoken by the caller and also delivered to the recipient computing device 104 to confirm that the caller with whom the call recipient is speaking is also the caller who is verifying his or her identity via the service provider computing system 104, 0049) (Figure 3, 316); andbased on the second valid verification, establishing, between the consumer device and the enterprise device, a connection for the incoming communication (the call may then proceed with greater trust, 0051, Figure 3, 318).

Claims 2, 10, 18:
With respect to claims 2, 10, 18, Harrison discloses wherein the first valid verification includes an authentic biometric measurement of a user of the consumer device, wherein the biometric measurement confirms the identity of the user of the consumer device (include a device identifier corresponding to the recipient computing device and/or biometric data corresponding to the call recipient, 0010) (The security token may include, for example, tokenized credentials that are unique to the call recipient, the message may include a device identifier (such as telephone or serial number of a mobile device being called), the message may include biometric data (e.g., a thumb print, facial recognition, voice signature, etc.) corresponding to the call recipient, the device identifier(s) and/or biometric data may be incorporated into the security token, 0039).



Claims 3, 11:
With respect to claims 3, 11, Harrison discloses wherein an invalid verification is received via the verification interface, the method further comprising:
determining a security criterion has been met; and in response to determining the security criterion has been met, adding an identifier for the consumer device to a lockout list (the service provider computing system 106 may transmit an alert to one or more recipient computing devices 104, such as the device corresponding to the device identifier received in the message, or another device known (in, e.g., data repository 138) to be associated with the call recipient identified in the message from the caller computing device 102, if authentication fails, that the caller is not authenticated, 0042).

Claims 5, 13:
With respect to claims 5, 13, Harrison discloses wherein an invalid verification is received via the challenge interface, the method further comprising:
determining a security criterion has been met; and in response to determining the security criterion has been met, adding an identifier for the enterprise device to a lockout list (an alerts region 810 to provide alerts and notifications received by the caller computing device 102 from the service provider computing system 106, alerts may indicate that authentication failed or was successful, that the caller should confirm the identity of the call recipient, that the caller is not authorized, that a prior authorization has been revoked, and so forth, 0068) (Figure 8, 810).

Claims 7, 15, 19:
With respect to claims 7, 15, 19, Harrison discloses wherein the first and second valid verifications are executed via an out-of-band line of communication (positive identification may be received through a distinct communications channel that is separate from the channel through which the telephone call is received (e.g., VoIP), 0027) (includes a plurality of caller computing devices 102 and recipient computing devices 104 communicating with a service provider computing system 106 via a network (represented by the double-headed arrows in FIG. 1).  The service provider computing system 106 may serve as an intermediary system between devices 102 and 104, 0030) (Figures 1, 2).

Claims 8, 16, 20:
With respect to claims 8, 16, 20, Harrison discloses wherein the first and second valid verifications include keys derived from unique identifiers of the consumer device and the enterprise device, respectively (The security token may include, for example, tokenized credentials that are unique to the call recipient and that help to authenticate the caller, 0039).







Claim Rejections - 35 USC § 103
In the event the determination of the status of the application as subject to AIA  35 U.S.C. 102 and 103 (or as subject to pre-AIA  35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status.  

The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102 of this title, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains.  Patentability shall not be negated by the manner in which the invention was made.



The factual inquiries set forth in Graham v. John Deere Co., 383 U.S. 1, 148 USPQ 459 (1966), that are applied for establishing a background for determining obviousness under 35 U.S.C. 103 are summarized as follows:
1. Determining the scope and contents of the prior art.
2. Ascertaining the differences between the prior art and the claims at issue.
3. Resolving the level of ordinary skill in the pertinent art.
4. Considering objective evidence present in the application indicating obviousness or nonobviousness.

Claims 4, 6, 12, 14 are rejected under 35 U.S.C. 103 as being unpatentable over Harrison (US2020/0195776 A1, file date 12/18/2018) in view of Sawant et al. (US10110738 B1, patent date 10/23/2018).

Claims 4, 12:
With respect to claims 4, 12, Harrison discloses the limitations of claims 3, 11, as addressed. 

Harrison does not disclose further comprising: determining the identifier was erroneously added to the lockout list; and in response to determining the identifier was erroneously added, removing the identifier from the lockout list as claimed.

However, Sawant et al. teaches a security service provider may have gathered a database of sample voice calls and classified the calls (e.g., as legitimate or illegitimate; as non-fraudulent or fraudulent, etc.) (Column 9, lines 24-27), a whitelist (e.g., a list of known legitimate callers, a contact list, etc.), blacklist, (Column 10, lines 3-4), further comprising: determining the identifier was erroneously added to the lockout list; and in response to determining the identifier was erroneously added, removing the identifier from the lockout list (performing module 110 may receive, from a user of the computing system who received the incoming voice call, a legitimacy classification of the incoming voice call and further train the neural network based on the legitimacy classification, performing module 110 may alert the user that the incoming voice call is potentially illegitimate, during the voice call and/or after the voice call, provide one or more input elements to allow the user to indicate whether the voice call was legitimate, Performing module 110 may use the input provided by the user to classify the voice call and further train the neural network based on the classifier, Column 11, line 66- Column 12, line 20).

Harrison and Sawant et al. are analogous art because they are from the same field of endeavor of authenticating calls.

It would have been obvious to one skilled in the art before the effective filing date of the claimed invention to use Sawant et al. in Harrison for further comprising:
determining the identifier was erroneously added to the lockout list; and in response to determining the identifier was erroneously added, removing the identifier from the lockout list as claimed for purposes of enhancing the caller identification system of Harrison by not having incoming calls based on whitelists may prevent telephone users from receiving legitimate--and sometimes important and expected--calls. (see Sawant et al. Column 1, lines 19-24)

Claims 6, 14:
With respect to claims 6, 14, Harrison discloses the limitations of claims 5, 13, as addressed. 



However, Sawant et al. teaches a security service provider may have gathered a database of sample voice calls and classified the calls (e.g., as legitimate or illegitimate; as non-fraudulent or fraudulent, etc.) (Column 9, lines 24-27), a whitelist (e.g., a list of known legitimate callers, a contact list, etc.), blacklist, (Column 10, lines 3-4), further comprising: determining the identifier was erroneously added to the lockout list; and in response to determining the identifier was erroneously added, removing the identifier from the lockout list (performing module 110 may receive, from a user of the computing system who received the incoming voice call, a legitimacy classification of the incoming voice call and further train the neural network based on the legitimacy classification, performing module 110 may alert the user that the incoming voice call is potentially illegitimate, during the voice call and/or after the voice call, provide one or more input elements to allow the user to indicate whether the voice call was legitimate, Performing module 110 may use the input provided by the user to classify the voice call and further train the neural network based on the classifier, Column 11, line 66- Column 12, line 20).

Harrison and Sawant et al. are analogous art because they are from the same field of endeavor of authenticating calls.


determining the identifier was erroneously added to the lockout list; and in response to determining the identifier was erroneously added, removing the identifier from the lockout list as claimed for purposes of enhancing the caller identification system of Harrison by not having incoming calls based on whitelists may prevent telephone users from receiving legitimate--and sometimes important and expected--calls. (see Sawant et al. Column 1, lines 19-24)



Response to Remarks/Arguments
Applicant's arguments filed on November 30, 2021 have been fully considered but they are not persuasive.  In the remarks, Applicant argues that:

Claims 1, 9, and 17:
(1) Harrison fails to disclose at least “based on the second valid verification, establishing, between the consumer device and the enterprise device, a connection for the incoming communication” as recited in independent claims 1, 9, and 17. Harrison discloses a method to verify a cold caller’s identity after a call connection has already been made between the caller and the recipient. The Office Action alleges that paragraph [0051] teaches the limitation by stating that “the call may proceed with greater trust.” As mentioned previously, a connection between the caller and the 

In response to remark/arguments (1), Examiner respectfully disagrees.  Examiner would like to point out that the claims recite “based on the second valid verification, establishing, between the consumer device and the enterprise device, a connection for the incoming communication” therefore establishing a connection, any connection and not a “new connection” as stated in the arguments.  Harrison discloses “The call may then proceed with greater trust (318)” (0051, Figure 3,3 18) and therefore examiner maintains that Harrison does teach and suggest this limitation.  


Conclusion
THIS ACTION IS MADE FINAL.  Applicant is reminded of the extension of time policy as set forth in 37 CFR 1.136(a).  
A shortened statutory period for reply to this final action is set to expire THREE MONTHS from the mailing date of this action.  In the event a first reply is filed within TWO MONTHS of the mailing date of this final action and the advisory action is not mailed until after the end of the THREE-MONTH shortened statutory period, then the shortened statutory period will expire on the date the advisory action is mailed, and any extension fee pursuant to 37 CFR 1.136(a) will be calculated from the mailing date of 

Any inquiry concerning this communication or earlier communications from the examiner should be directed to Helai Salehi whose telephone number is 571-270-7468.  The examiner can normally be reached on Monday - Friday from 9 am to 5 pm.
If attempts to reach the examiner by telephone are unsuccessful, the examiner's supervisor, Jeff Pwu, can be reached on 571-272-6798.  The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system.  Status information for published applications may be obtained from either Private PAIR or Public PAIR.  Status information for unpublished applications is available through Private PAIR only.  For more information about the PAIR system, see http://pair-direct.uspto.gov. Should you have questions on access to the Private PAIR system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free).

/HELAI SALEHI/
Examiner, Art Unit 2433

/JEFFREY C PWU/Supervisory Patent Examiner, Art Unit 2433