DETAILED ACTION
Notice of AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .

Information Disclosure Statement
The information disclosure statement (IDS) submitted on 01/08/2021 and 08/06/2021 is in compliance with the provisions of 37 CFR 1.97.  Accordingly, the information disclosure statement is being considered by the examiner.

EXAMINER’S AMENDMENT
An examiner’s amendment to the record appears below. Should the changes and/or additions be unacceptable to applicant, an amendment may be filed as provided by 37 CFR 1.312. To ensure consideration of such an amendment, it MUST be submitted no later than the payment of the issue fee.
Authorization for this examiner’s amendment was given in an electronic communication with Nicholas C. Russell (Registration Number 68,922) on February 15, 2022.

Please replace the claims as follows: 
1. (currently amended) A system for security analysis and authentication across downstream applications, the system comprising: a controller comprising one or more memory devices with computer-readable program code stored thereon, one or more communication devices connected to a network, and one or more processing devices, wherein the one or more processing devices execute the computer- readable program code to: 

cause a one time password signature generation engine, comprising a first neural network machine learning system, to identify characteristics within the received one time password data and generate a password signature for the user based on the received one time password data associated with the user wherein the password signature comprises a collection of digital or character code associated with the identified characteristics within the received one time password data; 
identify a first set of authentication verification matching requirements based on the first application; 
determine a first user authentication value based on a comparison of the generated password signature for the user and the identified first set of authentication verification matching requirements based on the first application; determine whether the first user authentication value meets a predetermined threshold value associated with the first application; 
in response to determining that the first user authentication value meets the predetermined threshold value associated with the first application, authenticate the user, or
 in response to determining that the first user authentication value does not meet the predetermined threshold value associated with the first application, do not authenticate the user or prompt the user for additional authentication credentials; 
receive an authentication request for a second application from the user; 
 Page 34 of 44AttyDktNo. 9151US1.014033.3480identify a second set of authentication verification matching requirements based on the second application, wherein the second application is associated with different security parameters from the first application;

 determine whether the second user authentication value meets a predetermined threshold value associated with the second application; and in response to determining that the second user authentication value meets the predetermined threshold value associated with the second application, authenticate the user for the second application, or
 in response to determining that the second user authentication value does not meet the predetermined threshold value associated with the second application, do not authenticate the user for the second application or prompt the user for additional authentication credentials.

3. (currently amended) The system of claim 1, wherein the second user authentication value does not meet the predetermined threshold value for the second application, and wherein the one or more processing devices further execute the computer-readable program code to:
determine that alternative characteristics of the user are required to authenticate the user for the second application;
cause a user interface of a computing device of the user to prompt the user to provide a new one time password for the user based on the alternative characteristics of the user;
receive, from the computing device of the user, new one time password data associated with the user;
cause the one time password signature generation engine, comprising the first neural network machine learning system, to identify the new characteristics within the received new one time password data and generate a new password signature for the user based on the received new one time password data associated with the user;

in response to determining that the third user authentication value meets the predetermined threshold value associated with the second application, authenticate the user for the second application, or
in response to determining that the third user authentication value does not meet the predetermined threshold value associated with the second application, do not authenticate the user for the second application.

4. (currently amended) The system of claim 1, wherein the first set of authentication verification matching requirements based on the second application comprises at least one authentication verification matching requirement associated with a characteristic that is not included in the first set of authentication verification matching requirements based on the first application.

5. (currently amended) The system of claim 1, wherein the first set of authentication verification matching requirements based on the second application comprises at least one authentication verification matching requirement associated with a weighting value of a particular characteristic that is different from the first set of authentication verification matching requirements based on the first application.


receiving one time password data associated with a user for an authentication request of a first application;
causing a one time password signature generation engine, comprising a first neural network machine learning system, to identify characteristics within the received one time password data and generate a password signature for the user based on the received one time password data associated with the user wherein the password signature comprises a collection of digital or character code associated with the identified characteristics within the received one time password data;
identifying a first set of authentication verification matching requirements based on the first application;
determining a first user authentication value based on a comparison of the generated password signature for the user and the identified first set of authentication verification matching requirements based on the first application;
determining whether the first user authentication value meets a predetermined threshold value associated with the first application;
in response to determining that the first user authentication value meets the predetermined threshold value associated with the first application, authenticating the user, or
in response to determining that the first user authentication value does not meet the predetermined threshold value associated with the first application, not authenticating the user or prompt the user for additional authentication credentials;
receiving an authentication request for a second application from the user;

determining a second user authentication value based on a comparison of the generated password signature for the user and the identified second authentication verification matching requirements for the received second authentication request;
determining whether the second user authentication value meets a predetermined threshold value associated with the second application; and
in response to determining that the second user authentication value meets the predetermined threshold value associated with the second application, authenticate the user for the second application, or
in response to determining that the second user authentication value does not meet the predetermined threshold value associated with the second application, not authenticating the user for the second application or prompt the user for additional authentication credentials.

11. (currently amended) The computer program product of claim 9, wherein the second user authentication value does not meet the predetermined threshold value for the second application, and wherein the computer readable instructions further comprise instructions for:
determining that alternative characteristics of the user are required to authenticate the user for the second application;
causing a user interface of a computing device of the user to prompt the user to provide a new one time password for the user based on the alternative characteristics of the user;
receiving, from the computing device of the user, new one time password data associated with the user;
first neural network machine learning system, to identify the new characteristics within the received new one time password data and generate a new password signature for the user based on the received new one time password data associated with the user;
determining a third user authentication value based on a comparison of the generated new password signature for the user and the identified second authentication verification matching requirements for the received second authentication request determining whether the third user authentication value meets the predetermined threshold value associated with the second application; and
in response to determining that the third user authentication value meets the predetermined threshold value associated with the second application, authenticating the user for the second application, or
in response to determining that the third user authentication value does not meet the predetermined threshold value associated with the second application, not authenticating the user for the second application.

12. (currently amended) The computer program product of claim 9, wherein the first set of authentication verification matching requirements based on the second application comprises at least one authentication verification matching requirement associated with a characteristic that is not included in the first set of authentication verification matching requirements based on the first application.

13. (currently amended) The computer program product of claim 9, wherein the first set of authentication verification matching requirements based on the second application comprises at least first set of authentication verification matching requirements based on the first application.

17. (Cancelled)
18. (Cancelled)
19. (Cancelled)
20. (Cancelled)

Allowable Subject Matter
Claims 1-16 are allowed.
The following is a statement of reasons for the indication of allowable subject matter:  In interpreting the currently amended claims, in light of the specification as well arguments presented in the responses to the Office actions, the Examiner finds the claimed invention to be patentably distinct from the prior art of record.
Sun et al., U.S. Pat. Number 11,048,809 B1, teaches detecting misuse of online service access tokens may include receiving a user permission token to access an online service that manages one or more user resources, monitoring, based on utilization of the user permission token, usage data associated with an access token issued to a relying party for accessing the user resources managed by the online service, identifying, based on the usage data, activity associated with the access token being misused by the relying party, and performing, a security action that protects the user resources against the activity associated with the access token being misused by the relying party. 


What is missing is a teaching, motivation, or suggestion to modify and combine the prior art in such a way as to render obvious the act of cause a one time password signature generation engine, comprising a neural network machine learning system, to identify characteristics within the received one time password data and generate a password signature for the user based on the received one time password data associated with the user wherein the password signature comprises a collection of digital or character code associated with the identified characteristics within the received one time password data; identify a first set of authentication verification matching requirements based on the first application; determine a first user authentication value based on a comparison of the generated password signature for the user and the identified first set of authentication verification matching requirements based on the first application; determine whether the first user authentication value meets a predetermined threshold value associated with the first application, without the usage of impermissible hindsight reasoning.
	Thus, the prior art, when taken individually or in combination, does not fairly teach or suggest the limitations as a whole set forth in claims 1 and 9, and thus these claims are considered allowable. The dependent claims which further limit claims 1 and 9 are also allowed by virtue of their dependency.
Any comments considered necessary by applicant must be submitted no later than the payment of the issue fee and, to avoid processing delays, should preferably accompany the issue fee.  Such submissions should be clearly labeled “Comments on Statement of Reasons for Allowance.”
Any inquiry concerning this communication or earlier communications from the examiner should be directed to VU V TRAN whose telephone number is (571)270-1708.  The examiner can normally be reached on M-F, 8 AM- 4 PM.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Ashok Patel can be reached on 571-272-3972.  The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system.  Status information for published applications may be obtained from either Private PAIR or Public PAIR.  Status information for unpublished applications is available through Private PAIR only.  For more information about the PAIR system, see http://pair-direct.uspto.gov. Should you have questions on access to the Private PAIR system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative or access to the automated information system, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.

/VU V TRAN/Primary Examiner, Art Unit 2491