Notice of Pre-AIA  or AIA  Status
1.	The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .

Response to Amendment
2.	The Amendment filed February 2, 2022 has been entered.  Claims 1-3, 5, 7, 9, 11-14, and 16-25 are pending and are rejected for the reasons set forth below. 

Claim Rejections - 35 USC § 101
3.	35 U.S.C. 101 reads as follows:
Whoever invents or discovers any new and useful process, machine, manufacture, or composition of matter, or any new and useful improvement thereof, may obtain a patent therefor, subject to the conditions and requirements of this title.


4.	1-3, 5, 7, 9, 11-14, and 16-25 are rejected under 35 U.S.C. §101 because the claimed invention recites and is directed to a judicial exception to patentability (i.e., a law of nature, a natural phenomenon, or an abstract idea) and does not include an inventive concept that is “significantly more” than the judicial exception under the January 2019 and October 2019 patentable subject matter eligibility guidance (2019 PEG) analysis which follows. 

Step 1
5.	Under the 2019 PEG step 1 analysis, it must first be determined whether the claims are directed to one of the four statutory categories of invention (i.e., process, machine, manufacture, or composition of matter).  Applying step 1 of the analysis for patentable subject matter to the claims, it is determined that the claims are directed to the statutory category of a process (claims 1-3, 5, 7, 9, 11-14, and 16-25). Therefore, we proceed to step 2A, Prong 1. 

Step 2A, Prong 1
6.	Under the 2019 PEG step 2A, Prong 1 analysis, it must be determined whether the claims recite an abstract idea that falls within one or more designated categories of patent ineligible subject matter (i.e., organizing human activity, mathematical concepts, and mental processes) that amount to a judicial exception to patentability.  
Claim 1 recites the abstract idea of: 
A… method of authenticating a user currently accessing a restricted-access account… the method comprising:
receiving a request to authenticate the user…;
verifying that authentication data of the user matches verification data… wherein the verification data is associated with a network identification (ID) of a [[mobile device]] that is linked to the restricted-access account of the user;
verifying that a location of an IP address from which the user is currently accessing the restricted-access account matches a current location of the [[mobile device]]; and
authenticating the user based on the verifications that the authentication data of the user matches the verification data and that the location of the IP address from which the user is currently accessing the restricted-access account matches the current location of the [[mobile device]].
Here, the recited abstract idea falls within one or more of the three enumerated 2019 PEG categories of patent ineligible subject matter, to wit: certain methods of organizing human activity, which includes fundamental economic practices or principles and/or commercial interactions (e.g., here, mitigating risk and granting a user access to an account). Claim 1 primarily recites steps for receiving and verifying data for the purpose of authenticating a user attempting to gain access to a restricted-access account. This authentication process is configured to prevent or minimize the risk of fraudulent activity and, as a result, enhance the security of online transactions. Therefore, claim 1 may be categorized as a fundamental economic activity, namely mitigating risk. However, claim 1 may also be categorized as a commercial interaction because it recites steps for providing a user access to a restricted access account.

Step 2A, Prong 2
7.	Under the 2019 PEG step 2A, Prong 2 analysis, the identified abstract idea to which claim 1 is directed does not include limitations or additional elements that integrate the abstract idea into a practical application. 
Besides reciting the abstract idea, the limitations of claim 1 also recite generic computer components (e.g. a computer network and a mobile device). In particular, the recited features of the abstract idea are merely being applied on a computer or computing device or via software programming that is simply being used as a tool (“apply it”) to implement the abstract idea (See e.g., MPEP §2106.05(f)). Therefore, these computer components are recited at a high level of generality such that they amount to no more than mere instructions to apply the exception using generic computer components. In other words, the additional elements are simply used as tools to perform the abstract idea.
Thus, claim 1 does not include any limitations or additional elements that integrate the abstract idea into a practical application. As a result, claim 1 is directed to an abstract idea.
	
Step 2B
8.	Under the 2019 PEG step 2B analysis, the additional elements of claim 1 are evaluated to determine whether they amount to something “significantly more” than the recited abstract idea (i.e., an innovative concept). 
Here, the recited computer components, such as: a computer network and a mobile device, do not amount to an innovative concept since, as stated above in the Step 2A, Prong 2 analysis, the claims are simply using the computer components as a tool to carry out the abstract idea (i.e., “apply it”) on a computer or computing device and/or via software programming (See e.g., MPEP §2106.05(f)). The computer components are specified at a high level of generality, where they are being used in the claims to simply implement the abstract idea and are not themselves being technologically improved (See e.g., MPEP §2106.05 I.A.); (See also e.g., applicant’s Specification at least Paragraph 17). 
Thus, claim 1 does not recite any additional elements that amount to “significantly more” than the abstract idea.  

Additional Independent Claims
9.	Independent claims 11 and 21 are similarly rejected under 35 U.S.C. 101 for the reasons described below:

Claim 11 recites the abstract idea of:
A multi-factor authentication method… to protect against fraudulent on-line purchases, the method comprising: 
receiving… a request for authorization of an on-line purchase, wherein the on-line purchase is initiated by the [[mobile device]] via the restricted-access account, 
the request for authorization of the on-line purchase includes a first user name associated with the restricted-access account, an IP address of the [[mobile device]], and an account number identifying a payment account for the on-line purchase; 
verifying… that the first user name matches a second user name currently registered as a user name for a network identification (ID) of the [[mobile device]], 
wherein the network ID of the [[mobile device]] is linked to the restricted-access account, 
verifying… that an initiation location of the on-line purchase matches a current location of the [[mobile device]], wherein the initiation location of the on-line purchase is determined from the IP address of the [[mobile device]];
verifying… that the first user name matches a third user name registered as a user name for the payment account;
determining… an authorization score for the on-line purchase based at least in part on the verifications that the first user name matches the second user name, that the initiation location of the on-line purchase matches the current location of the [[mobile device]], and that the first user name matches the third user name; and
transmitting… the authorization score, wherein based on the transmitted authorization score, the [[application server]] approves the on-line purchase.
Similarly, as described above regarding claim 1, the recited abstract idea falls within one or more of the three enumerated 2019 PEG categories of patent ineligible subject matter, to wit: certain methods of organizing human activity, which includes fundamental economic practices or principles and/or commercial interactions (e.g., here, mitigating risk and facilitating a transaction). Claim 11 primarily recites steps for receiving and verifying data for the purpose of authenticating a user attempting to complete an online transaction. This authentication process is configured to prevent or minimize the risk of fraudulent activity and, as a result, enhance the security of online transactions. Therefore, claim 11 may be categorized as a fundamental economic activity, namely mitigating risk. However, claim 11 may also be categorized as a commercial interaction because it recites steps for receiving a transaction request and determining whether the transaction should be allowed to proceed.
Additionally, the limitation that states, “wherein the network ID [[of the mobile device]] is determined from a link between the network ID [[of the mobile device]] and the restricted-access account” has been considered part of the abstract idea for the following reason. Paragraphs 27 and 28 of the applicant’s specification state that the network ID of the mobile device may be “linked” to the credit card account number (i.e. the restricted-access account). However, there is no indication that the development of the “link” between the network ID and the restricted-access account comprises any technical feature beyond merely associating the network ID with the restricted-access account. Therefore, this limitation amounts to no more than merely determining the network ID based on a stored association between the network ID and the restricted-access account. 
Under the 2019 PEG step 2A, Prong 2 analysis, the identified abstract idea to which claim 11 is directed does not include limitations or additional elements that integrate the abstract idea into a practical application.
Besides reciting the abstract idea, the limitations of claim 11 also recite generic computer components (e.g. a mobile device used as a token, an authentication server, and an application server). In particular, the recited features of the abstract idea are merely being applied on a computer or computing device or via software programming that is simply being used as a tool (“apply it”) to implement the abstract idea (See e.g., MPEP §2106.05(f)). Therefore, these additional elements are recited at a high level of generality such that they amount to no more than mere instructions to apply the exception using generic computer components.

Under the 2019 PEG step 2B analysis, the additional elements of claim 11 are evaluated to determine whether they amount to something “significantly more” than the recited abstract idea. (i.e., an innovative concept). 
Here, the recited additional elements, such as: a mobile device used as a token, an authentication server, and an application server, do not amount to an innovative concept since, as stated above in the Step 2A, Prong 2 analysis, the claims are simply using the additional elements as a tool to carry out the abstract idea (i.e., “apply it”) on a computer or computing device and/or via software programming (See e.g., MPEP §2106.05(f)).
Thus, claim 11 does not recite any additional elements that amount to “significantly more” than the abstract idea.  

Claim 21 recites the abstract idea of:
A multi-factor authentication method… to protect against fraudulent registration with an application server, the method comprising:
receiving… a request for authorization of a registration of a restricted-access account, wherein the registration is initiated by the [[mobile device]], and
the request for authorization of the registration includes a first user name associated with the restricted-access account to be registered and an IP address of the [[mobile device]];
verifying… that the first user name matches a second user name currently registered as a user name for a network identification (ID) of the [[mobile device]];
verifying… that an initiation location of the registration matches a current location of the [[mobile device]], wherein the initiation location of the registration is determined from the IP address of the [[mobile device]];
determining… an authorization score for the registration based at least in part on the verifications that the first user name matches the second user name and that the initiation location of the registration matches the current location of the [[mobile device]]; and
transmitting… the authorization score, wherein based on the transmitted authorization score, the [[application server]] registers the restricted-access account.
Similarly, as described above regarding claim 1, the recited abstract idea falls within one or more of the three enumerated 2019 PEG categories of patent ineligible subject matter, to wit: certain methods of organizing human activity, which includes fundamental economic practices or principles and/or commercial interactions (e.g., here, mitigating risk and facilitating a transaction). Claim 21 primarily recites steps for receiving and verifying data for the purpose of authenticating a user attempting to establish/register an account. This authentication process is configured to prevent or minimize the risk of fraudulent activity and, as a result, enhance the security of online interactions. Therefore, claim 21 may be categorized as a fundamental economic activity, namely mitigating risk. However, claim 21 may also be categorized as a commercial interaction because it recites steps for establishing an account, such as an account with a financial institution.
Under the 2019 PEG step 2A, Prong 2 analysis, the identified abstract idea to which claim 21 is directed does not include limitations or additional elements that integrate the abstract idea into a practical application.
Besides reciting the abstract idea, the limitations of claim 21 also recite generic computer components (e.g. a mobile device used as a token, an authentication server, and an application server). In particular, the recited features of the abstract idea are merely being applied on a computer or computing device or via software programming that is simply being used as a tool (“apply it”) to implement the abstract idea (See e.g., MPEP §2106.05(f)). Therefore, these additional elements are recited at a high level of generality such that they amount to no more than mere instructions to apply the exception using generic computer components.
Under the 2019 PEG step 2B analysis, the additional elements of claim 21 are evaluated to determine whether they amount to something “significantly more” than the recited abstract idea. (i.e., an innovative concept). 
Here, the recited additional elements, such as: a mobile device used as a token, an authentication server, and an application server, do not amount to an innovative concept since, as stated above in the Step 2A, Prong 2 analysis, the claims are simply using the additional elements as a tool to carry out the abstract idea (i.e., “apply it”) on a computer or computing device and/or via software programming (See e.g., MPEP §2106.05(f)).
Thus, claim 21 does not recite any additional elements that amount to “significantly more” than the abstract idea.  

Dependent Claims
10.	Dependent claims 2, 3, 5, 7, 9, 12-14, 16-20, and 22-25 are also rejected under 35 U.S.C. 101 for the reasons described below: 
Claims 2, 13, and 22 simply refine the abstract idea because they recite a process step that falls under the category of organizing human activity, namely a fundamental economic practice and/or a commercial interaction, as described above regarding claims 1, 11, and 21. Determining a current location of the mobile device is merely a necessary data analysis step for verifying the location of the user. 
Claims 3, 14, and 23 merely provide further description to the process of “determining the current location of the mobile device” recited in claims 2, 13, and 22. Simply stating that the current location of the mobile device is determined based on information requested and received from a network provider does not provide any indication of an improvement to identity authentication or transaction processing technology. Rather, this merely clarifies where the location data is received from. 
Claim 5 states, “transmitting a notification to an application server of the authentication of the user.” This limitation merely states that a result of the authentication process is transmitted to the application server. Such a limitation amounts to no more than mere data outputting/transmitting, which is a form of insignificant extra-solution activity (See MPEP 2106.05(g): OIP Techs., Inc. v. Amazon.com, Inc., 788 F.3d 1359, 1363 (Fed. Cir. 2015)). As stated in MPEP 2106.05(d), a factual determination is required to support a conclusion that an additional element (or combination of additional elements) is well-understood, routine, conventional activity (Berkheimer v. HP, Inc., 881 F.3d 1360, 1368 (Fed. Cir. 2018)). In view of this requirement set forth by Berkheimer, this limitation does not integrate the abstract idea into a practical application, or amount to significantly more than the abstract idea, because the courts have found the concept of mere data outputting/transmitting to be well-understood, routine, and conventional activity (See MPEP 2106.05(d): OIP Techs., Inc., v. Amazon.com, Inc., 788 F.3d 1359, 1363 (Fed. Cir. 2015); and buySAFE, Inc. v. Google, Inc., 765 F.3d 1350, 1355, (Fed. Cir. 2014)).
Claim 7 simply refines the abstract idea because it recites a process step (i.e., verifying that gathered street address information for a user matches street address information that is stored in association with the user) that falls under the category of organizing human activity, namely a fundamental economic practice and/or a commercial interaction, as described above regarding claim 1.
Claim 9 states, “determining that a first user name associated with the restricted-access account matches a second user name that is currently registered as a user of the network ID of the mobile device.” This limitation simply refines the abstract idea because it recites a process step that falls under the category of organizing human activity, namely a fundamental economic practice and/or a commercial interaction, as described above regarding claim 1. Merely adding an additional step for verifying additional information associated with the user (e.g. a user name) does not add any additional element beyond the abstract idea of mitigating risk.
Claim 12 states, “wherein the network ID of the mobile device is linked to the 5restricted-access account prior to the receiving of the request for authorization of the on-line purchase.” This limitation merely provides further description to the “restricted-access account” recited in claim 11. Simply stating that the restricted-access account is linked to the network ID does not provide any indication of an improvement to identity authentication or transaction processing technology. Rather, this merely provides clarification regarding how the various components of the claim are associated with each other.
Claims 16 and 24 states, “determining at the authentication server, the network ID of the mobile device by querying, based on the IP address of the mobile device, a server that is separate from the authentication server, for the network ID of the mobile device.” This limitation merely states that the network ID is obtained from a server that is separate from the authentication server. Such a limitation amounts to no more than mere data gathering, which is a form of insignificant extra-solution activity (See MPEP 2106.05(g): CyberSource v. Retail Decisions, Inc., 654 F.3d 1366, 1375 (Fed. Cir. 2011); and OIP Techs., Inc. v. Amazon.com, Inc., 788 F.3d 1359, 1363 (Fed. Cir. 2015)). As stated in MPEP 2106.05(d), a factual determination is required to support a conclusion that an additional element (or combination of additional elements) is well-understood, routine, conventional activity (Berkheimer v. HP, Inc., 881 F.3d 1360, 1368 (Fed. Cir. 2018)). In view of this requirement set forth by Berkheimer, this limitation does not integrate the abstract idea into a practical application, or amount to significantly more than the abstract idea, because the courts have found the concept of mere data gathering to be well-understood, routine, and conventional activity (See MPEP 2106.05(d): OIP Techs., Inc., v. Amazon.com, Inc., 788 F.3d 1359, 1363 (Fed. Cir. 2015); and buySAFE, Inc. v. Google, Inc., 765 F.3d 1350, 1355, (Fed. Cir. 2014)).
Claims 17 and 25 state, “wherein the current location of the mobile device is determined at the authentication server via global positioning system (GPS) information from the mobile device.” This limitation merely provides further description to the process of determining the current location of the mobile device recited in claims 13 and 22. Simply stating that the system utilizes GPS technology to gather the location data amounts to no more than mere instructions to apply the exception using generic computer components (e.g. a GPS system).
Claims 18 and 19 simply refine the abstract idea because they recite a process step that falls under the category of organizing human activity, namely a fundamental economic practice and/or a commercial interaction, as described above regarding claim 11. These claims state that the process of verifying the third user information comprises transmitting and receiving data to/from a credit bureau. This process falls under the category of a fundamental economic practice (e.g. mitigating risk) because it recites steps for verifying user data for the purpose of preventing fraudulent transactions.
Claim 20 states, “wherein the personal identifying information includes at least one of a date of birth of a user of the restricted access account, at least a portion of a social security number of the user, and the account number identifying the payment account.” This limitation merely provides further description to the “personal identifying information” recited in claim 19. Simply stating that the personal identifying information comprises various data associated with the user does not provide any indication of an improvement to identity authentication or transaction processing technology. Rather, this merely provides clarification regarding what data is included in the personal identifying information.
Thus, the dependent claims do not add any additional element or subject matter that provides a technological improvement (i.e., an integration into a practical application) that results in the claims being directed to patent eligible subject matter or include an element or feature that is significantly more than the recited abstract idea (i.e., a technological inventive concept under Step 2B). Therefore, claims 2-10 and 12-20 do not overcome the requirements set forth under 35 U.S.C. 101.

Claim Rejections - 35 USC § 103
11.	In the event the determination of the status of the application as subject to AIA  35 U.S.C. 102 and 103 (or as subject to pre-AIA  35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status.  
	The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.

12.	Claims 1-3, 5, 7, and 9 are rejected under 35 U.S.C. 103 as being unpatentable over Brown (U.S. Pre-Grant Publication No. 20180295514) in view of Trinh (U.S. Patent No. 10206099).

Claim 1
	Regarding Claim 1, Brown teaches:
A computer-implemented method of authenticating a user currently accessing a restricted-access account over a computer network, the method comprising (See at least the Abstract: Describes a system/method for facilitating authentication of a user. This authentication process may be utilized for authorizing access to a user account [Paragraph 14]):
receiving a request to authenticate the user over the computer network (See at least Paragraph 95: The authentication service may be configured to receive, from a first entity, an indication of a request. In some embodiments, the request is or was received at the first entity, to access an account from a device associated with a user [see Figure 5, 505]);
verifying that authentication data (Paragraph 95: first device authentication data) of the user matches verification data (Paragraph 99: second device identification data) that is acquired over the computer network wherein the verification data is associated with a network identification (Paragraph 99: SubscriberID) of a mobile device that is linked to the restricted-access account of the user (See at least Paragraphs 95, 99, and 101-102: The request includes at least one instance of first device identification information [i.e. authentication data] of at least one user and/or device having authorization to access the account. The authentication service receives second device identification information [i.e. verification data] associated with a subscriberID [i.e. a network identification], from a network provider [Figure 5, 525]. The authentication service then compares first identification information to the second identification information provided by the network provider to determine if there is a match [Figure 5, 535]. The user's account may be linked to one or more phone numbers [i.e. the subscriberID] before the request is received [See Paragraph 96]);
verifying that a location [[of an IP address]] from which the user is [[currently accessing]] the restricted-access account matches a current location of the mobile device (See at least Paragraphs 119 and 120: In addition to the steps described in Figure 5, the authentication service may also request first location data from the first entity [i.e. a current location of the mobile device; Figure 6B, 660] and second location data that is registered in association with the user [i.e. an allowed initiation location for the transaction; Figure 6B, 665]. The first and second location data are then compared to determine if there is a match [see Paragraph 122; Figure 6B, 675]. Examiner’s Note: Brown does not explicitly state that the location information is determined based on an IP address from which the user is currently accessing their account. However, Trinh does teach this concept as described below); and
authenticating the user based on the verifications that the authentication data of the user matches the verification data (See at least Paragraph 102: In an instance of a match between the first device identification information and second device identification information, the authentication server may be configured to prompt the first entity to grant the device access to the account) and that the location [[of the IP address]] from which the user is [[currently accessing]] the restricted-access account matches the current location of the mobile device (See at least Paragraph 123: The first and second location data are then compared to determine if there is a match [see Paragraph 122; Figure 6B, 675]. In an instance of a match between the first location data and second location data the authentication server may be configured to prompt the first entity to grant the device access to the account).

	Regarding Claim 1, Brown does not explicitly teach, but Trinh, however, does teach:
verifying that a location of an IP address from which the user is currently accessing the restricted-access account matches a current location of the mobile device (See at least Col. 4, Lines 27-55: Describes a system for providing geolocation-based two-factor authentication to a user. The authentication service receives the location of a mobile device via a GPS [i.e., the current location of the mobile device]. The authentication service may compare the current location of the mobile device with the location of the authentication request [e.g., obtained through various sources, such as the IP address]. The location of the authentication request is determined when the authentication request is received. Therefore, the location of the authentication request is determined when the user is currently attempting to access their account); and
authenticating the user based on the verifications that… the location of the IP address from which the user is currently accessing the restricted-access account matches the current location of the mobile device (See at least Col. 4, Lines 27-55: If the locations are within a specified range of one another, the authentication service grants the user access to the application server).
	Therefore, it would have been obvious to one of ordinary skill in the art, before the effective filing date of the application, to combine the teachings of Brown and Trinh in order to increase the convenience of two-factor authentication techniques (Trinh: Col. 3, Lines 3-13). This increases the likelihood that user will adopt and continuously utilize the two-factor authentication procedures (Trinh: Col. 1, Lines 41-48).

Claim 2
	Regarding Claim 2, Brown does not explicitly teach, but Trinh, however, does teach:
prior to the verification that the location of the IP address from which the user is currently accessing the restricted-access account matches the current location of the mobile device, determining the current location of the mobile device (See at least Paragraph 17: The authentication service receives the location of a mobile device via a GPS [i.e., the current location of the mobile device]. This occurs before the current location data is compared to the location of the authentication request).
	Therefore, it would have been obvious to one of ordinary skill in the art, before the effective filing date of the application, to combine the teachings of Brown and Trinh in order to increase the convenience of two-factor authentication techniques (Trinh: Col. 3, Lines 3-13). This increases the likelihood that user will adopt and continuously utilize the two-factor authentication procedures (Trinh: Col. 1, Lines 41-48). The location of the mobile device must be determined before it can be compared to the location of the authentication request. 

Claim 3
	Regarding Claim 3, Brown teaches:
wherein the determining of the current location of the mobile device comprises: upon receiving the request to authenticate the user, determining a mobile provider that manages the network ID of the mobile device (See at least Paragraph 91: The authentication service may request and receive location data of the user device from the network provider when the user device attempts to access the secured system. Examiner's Note: Although not explicitly stated by Brown, it would have been obvious to one of ordinary skill in the art that the authentication service would first need to identify the network provider before submitting a request for location information to the network provider); and
transmitting a request for the current location of the mobile device to the mobile provider; and receiving the current location of the mobile device from the mobile provider (See at least Paragraph 91: The authentication service may request and receive the location data of the user device from the network provider).

Claim 5
	Regarding Claim 5, Brown teaches:
transmitting a notification to an application server, of the authentication of the user (See at least Paragraph 102: The authentication server may prompt the first entity [i.e. an application server; See Paragraph 95] to grant the device access to the account. In other words, the authentication server transmits a notification to the first entity regarding the authentication status of the device).

Claim 7
	Regarding Claim 7, Brown teaches:
further comprising verifying that street address information for the user currently accessing the restricted-access account matches street address information for a user of the network ID of the mobile device (See at least Paragraphs 99-101: The identification information that is obtained and compared/verified may include a billing address of the user that the network provider has associated with the device).

Claim 9
	Regarding Claim 9, Brown teaches:
determining that a first user name associated with the restricted-access account matches a second user name that is currently registered as a user of the network ID of the mobile device (See at least Paragraph 95: The request to access the user account originates from a first entity, which may be an online banking platform/bank server [application server]. In other words, the account being accessed by the user is associated with the first entity [i.e. the application server]).


13.	Claims 11-14 and 17 are rejected under 35 U.S.C. 103 as being unpatentable over Brown (U.S. Pre-Grant Publication No. 20180295514) in view of Prakash (U.S. Pre-Grant Publication No. 20120030110), and in further view of Subramanian (U.S. Pre-Grant Publication No. 20150269579).

Claim 11
	Regarding Claim 11, Brown teaches:
A multi-factor authentication method using a mobile device as a token to protect against fraudulent on-line purchases, the method comprising (See at least the Paragraph 14: Describes a method for performing two-factor authentication. The authentication may be used for a variety of purposes [e.g. accessing an account and performing payment transactions; see Paragraphs 3-8 and 52]. The system utilizes a mobile device to perform the authentication [see Paragraph 55]):
receiving at an authentication server from an application server hosting a restricted-access account, a request for authorization of an on-line purchase (See at least Paragraph 95: A first entity [i.e. an application server] may submit an authentication request to an authentication service [i.e. an authentication server]. The authentication process may also be used for authorizing online transactions [see at least Paragraphs 3-8 and 52; the disclosed systems and methods may be utilized by payment systems and e-commerce platforms]), wherein the on-line purchase is initiated by the mobile device via the restricted-access account (See at least Paragraphs 54 and 56: The authentication process may be initiated by a user operating a user device [i.e. a mobile device see Paragraphs 54 and 56] to access the secured system/account),
the request for authorization of the on-line purchase includes a first user name associated with the restricted-access account, [[an IP address of the mobile device that initiated the on-line transaction, and an account number identifying a payment account for the on-line transaction]] (See at least Paragraph 95: A first user may submit a request to access an account via an authentication service [Figure 5, 505]. The request includes at least one instance of first identification information of at least one user and/or device having authorization to access the account. The identification information may include the name of a user associated with the account [see Paragraphs 99 and 104]. Examiner’s Note: Brown does not explicitly teach that the request includes an IP address and an account number. However, these limitations are taught by Prakash and Subramanian as described below);
verifying at the authentication server, that the first user name matches a second user name currently registered as a user name for a network identification (ID) of the mobile device (See at least Paragraph 99 and 101-102: The authentication service receives second identification information associated with a subscriberID [i.e. a network ID], from a network provider [Figure 5, 525]. The second device identification information includes a name of the user. The authentication service then compares the first identification information [i.e. the received from the user at Figure 5, 505] to the second identification information provided by the network provider to determine if there is a match [Figure 5, 535]), 
wherein the network ID of the mobile device is linked to the restricted-access account (See at least Paragraph 96: The user may provide their bank or online banking platform with a list of one or more phone numbers, also referred to as a subscriberID [i.e. a network ID], that identifies devices that are allowed to access the account [i.e. a link between the subscriberID and the account is formed]);
verifying at the authentication server, that an initiation location of the on-line purchase matches a current location of the mobile device (See at least Paragraphs 119 and 120: In addition to the steps described in Figure 5, the authentication service may also request first location data from the first entity [i.e. a current location of the mobile device; Figure 6B, 660] and second location data that is registered in association with the user [i.e. an allowed initiation location for the transaction; Figure 6B, 665]. The first and second location data are then compared to determine if there is a match [see Paragraph 122; Figure 6B, 675]),
determining at the authentication server, an authorization score for the on-line purchase (See at least Paragraph 50: Determining whether there is a match between data received by the authentication service may be reported in a granular form, such as a score ranging from 0-100) based at least in part on the verifications that the first user name matches the second user name, that the initiation location of the on-line purchase matches the current location of the mobile device (This score may be applied to both the match between first and second device identification [i.e. determining a match between a first and second user name, Paragraphs 101-102] and the match between first and second location information [i.e. determining a match between the initiation location of the on-line transaction and the current location of the mobile device, Paragraphs 122 and 123]), [[and verifying that the third user name matches the first user name]] (Examiner’s Note: Brown does not explicitly teach that a score may be determined based on verifying that the third user name matches the first user name. However, this limitation is taught by Subramanian as described below); and
transmitting by the authentication server to the application server, the authorization score, wherein based on the transmitted authorization score, the application server approves the on-line purchase (See at least Paragraphs 102-104: The indication of a match/score may be transmitted from the authentication service to the first entity in order to grant access to the account or approve the transaction).

	Regarding Claim 11, Brown does not explicitly teach, but Prakash, however, does teach:
the request for authorization of the on-line purchase includes… an IP address of the mobile device that initiated the on-line purchase (See at least Paragraph 57: Describes a system for location-based authentication of transactions. An authorization server [i.e. an authentication server] may receive an order for goods/services from a vendor server [i.e. an application server]. Additionally, the vendor server may transmit location information of a user mobile computing device to the authentication server. The location information may comprise an IP address of the mobile computing device); and
wherein the initiation location of the on-line purchase is determined from the IP address of the mobile device (See at least Paragraph 58: The payment authorization server may be configured to validate the location of the mobile computing device. To do so, the payment authorization server may trace the IP path to determine an origination location from which the order to the e-commerce vendor server was submitted and compare the origination location to the location determined based on the IP address of the mobile computing device);
	Therefore, it would have been obvious to one of ordinary skill in the art, before the effective filing date of the application, to combine the teachings of Brown and Prakash in order to provide an accurate location based on the requirements of the particular authentication procedure being implemented (Prakash: Paragraph 57). Additionally, utilizing the IP address of the mobile device allows the system to trace the IP path to determine an origination location from which the order to the e-commerce vendor server was submitted (Prakash: Paragraph 52].

	Regarding Claim 11, the combination of Brown and Prakash does not explicitly teach, but Subramanian, however, does teach:
the request for authorization of the on-line purchase includes… an account number identifying a payment account for the on-line purchase (See at least Paragraphs 52 and 54: Describes a system for authenticating transactions. The authentication gateway node [i.e. the authentication server] receives an e-commerce authentication request from a merchant node [i.e. the application server]. The request includes cardholder information including the cardholder's account number [see Paragraph 54]);
verifying at the authentication server, that the first user name matches a third user name registered as a user name for the payment account (See at least Paragraphs 53: The authentication gateway node compares cardholder information included in the authentication request with information stored in a repository [also see Paragraphs 68 and 69]. The cardholder information may include the cardholder’s name associated with the account [See Paragraph 54]); and
determining at the authentication server, an authorization score for the on-line purchase based at least in part on the verifications that… the first user name matches the third user name (See at least Paragraphs 52-54: The authentication gateway node generates a risk score based on the comparison of cardholder data [e.g. the cardholder's name and account number].)
	Therefore, it would have been obvious to one of ordinary skill in the art, before the effective filing date of the application, to combine the teachings of Brown, Prakash, and Subramanian in order to confirm the identity of the purchaser and reduce the prevalence of fraud in eCommerce transactions (Subramanian: Paragraph 18). Adding an extra form of data (e.g. a name linked to the account number) reduces the likelihood that a fraudulent transaction will be authorized.

Claim 12
	Regarding Claim 12, Brown teaches:
wherein the network ID of the mobile device is linked to the restricted-access account prior to the receiving of the request for authorization of the on-line purchase (See at least Paragraph 96: The user's account may be linked to one or more phone numbers [i.e. the subscriberID] before the request is received).

Claim 13
	Regarding Claim 13, Brown teaches:
prior to the verification that the initiation location of the on-line purchase matches the current location of the mobile device, determining at the authentication server the current location of the mobile device (See at least Paragraphs 119 and 122: The authentication service may receive, from the network provider, the first location data of the user device [Paragraph 119; Figure 6B, 660] before comparing it to the second location data [Paragraph 122; Figure 6B, 675]).

Claim 14
	Regarding Claim 14, Brown teaches:
wherein the determining of the current location of the mobile device comprises: upon receiving the request for authorization of the on-line purchase, determining at the authentication server, a mobile provider that manages the network ID of the mobile device (See at least Paragraph 91: The authentication service may request and receive location data of the user device from the network provider when the user device attempts to access the secured system. Examiner's Note: Although not explicitly stated by Brown, it would have been obvious to one of ordinary skill in the art that the authentication service would first need to identify the network provider before submitting a request for location information to the network provider);
transmitting, by the authentication server to the mobile provider, a request for the current location of the mobile device; and receiving, at the authentication server from the mobile provider, the current location of the mobile device from the mobile provider (See at least Paragraph 91: The authentication service may request and receive the location data of the user device from the network provider).

Claim 17
	Regarding Claim 17, Brown does not explicitly teach, but Prakash, however, does teach:
wherein the current location of the mobile device is determined at the authentication server via global positioning system (GPS) information from the mobile device (See at least Paragraph 14: The determined location of the mobile computing device may be embodied as location coordinates [e.g., GPS coordinates])
	Therefore, it would have been obvious to one of ordinary skill in the art, before the effective filing date of the application, to combine the teachings of Brown and Prakash in order to provide an accurate location based on the requirements of the particular authentication procedure being implemented (Prakash: Paragraph 57).


14.	Claim 16 is rejected under 35 U.S.C. 103 as being unpatentable over Brown (U.S. Pre-Grant Publication No. 20180295514) in view of Prakash (U.S. Pre-Grant Publication No. 20120030110) and Subramanian (U.S. Pre-Grant Publication No. 20150269579), and in further view of Bao (U.S. Patent No. 9992198).

Claim 16
	Regarding Claim 16, the combination of Brown, Prakash, and Subramanian does not explicitly teach, but Bao, however, does teach:
determining at the authentication server, the network ID of the mobile device by querying, based on the IP address of the mobile device, a server that is separate from the authentication server, for the network ID of the mobile device (See at least Col. 3, Line 63 - Col. 4, Line 34: Describes a process for authenticating a user of a user device. A client application server [i.e. an authentication server] transmits an authentication request to a network authentication server [i.e. a server that is separate from the authentication server] via the user device. The network authentication server may identify an MDN [i.e., a network ID] of the user device based on the IP address assigned to the user device. The network authentication server may send a copy of the MDN of the user device to the client application server).
	Therefore, it would have been obvious to one of ordinary skill in the art, before the effective filing date of the application, to combine the teachings of Brown, Prakash, Subramanian, and Bao in order to enable users to access services protected by two-factor security systems without having to provide additional authentication information (Bao: Col. 2, Lines 6-18). 


15.	Claims 18-20 are rejected under 35 U.S.C. 103 as being unpatentable over Brown (U.S. Pre-Grant Publication No. 20180295514) in view of Prakash (U.S. Pre-Grant Publication No. 20120030110) and Subramanian (U.S. Pre-Grant Publication No. 20150269579), and in further view of Ng (U.S. Pre-Grant Publication No. 20130173449).

Claim 18
	Regarding Claim 18, the combination of Brown, Prakash, and Subramanian does not explicitly teach, but Ng, however, does teach:
wherein the verification that the first user name matches the third user name comprises: transmitting, by the authentication server to a credit bureau, the first user name and the account number identifying the payment account (See at least Paragraphs 45-47: Describes a system for validating consumer information through a third-party system [i.e. an authentication server]. The consumer information [e.g. the consumer's name and an account number] may be forwarded to a credit bureau for validation); and
receiving at the authentication server from the credit bureau, an acknowledgement that the first user name matches the third user name (See at least Paragraphs 47 and 48: The consumer information is validated by matching the submitted consumer information with consumer information in a retrieved indicative report [see Paragraph 19]. The credit bureau may be contacted to process the authentication. The consumer is the contacted regarding the acceptance/failure of the authentication).
	Therefore, it would have been obvious to one of ordinary skill in the art, before the effective filing date of the application, to combine the teachings of Brown, Prakash, Subramanian, and Ng in order to ensure that the user information used to authorize the transaction is maintained by a trustworthy entity (e.g. a credit bureau). This increases the likelihood of achieving the correct authorization result.

Claim 19
	Regarding Claim 19, the combination of Brown, Prakash, and Subramanian does not explicitly teach, but Ng, however, does teach:
wherein the verification that the first user name matches the third user name comprises: transmitting, by the authentication server to a credit bureau, personal identifying information included in the request for authorization of the on-line purchase and the first user name (See at least Paragraphs 45-47: Describes a system for validating consumer information through a third-party system [i.e. an authentication server]. The consumer information [e.g. the consumer's name and an account number] may be forwarded to a credit bureau for validation); and
receiving, at the authentication server from the credit bureau, an acknowledgement that, based on the personal identifying information, the first user name matches the third user name (See at least Paragraphs 47 and 48: The consumer information is validated by matching the submitted consumer information with consumer information in a retrieved indicative report [see Paragraph 19]. The credit bureau may be contacted to process the authentication. The consumer is the contacted regarding the acceptance/failure of the authentication).
	Therefore, it would have been obvious to one of ordinary skill in the art, before the effective filing date of the application, to combine the teachings of Brown, Prakash, Subramanian, and Ng in order to ensure that the user information used to authorize the transaction is maintained by a trustworthy entity (e.g. a credit bureau). This increases the likelihood of achieving the correct authorization result.

Claim 20
	Regarding Claim 20, the combination of Brown, Prakash, and Subramanian does not explicitly teach, but Ng, however, does teach:
wherein the personal identifying information includes at least one of a date of birth of a user of the restricted-access account, at least a portion of a social security number of the user, and the account number identifying the payment account (See at least Paragraph 45: The consumer information may include a date of birth, an account number, and/or a universal ID number)
	Therefore, it would have been obvious to one of ordinary skill in the art, before the effective filing date of the application, to combine the teachings of Brown, Prakash, Subramanian, and Ng in order to ensure that the system is validating relevant information regarding the identity of the user.

16.	Claims 21-23 and 25 are rejected under 35 U.S.C. 103 as being unpatentable over Brown (U.S. Pre-Grant Publication No. 20180295514) in view of Prakash (U.S. Pre-Grant Publication No. 20120030110).

Claim 21
	Regarding Claim 21, Brown teaches:
A multi-factor authentication method using a mobile device as a token to protect against fraudulent registration with an application server, the method comprising (See at least the Paragraph 14: Describes a method for performing two-factor authentication. The authentication may be used for a variety of purposes [e.g. establishing/registering an account; see Paragraphs 177 and 178]. The system utilizes a mobile device to perform the authentication [see Paragraph 55]).
receiving at an authentication server from the application server, a request for authorization of a registration of a restricted-access account, wherein the registration is initiated by the mobile device (See at least Paragraph 95: A first entity [i.e. an application server] may submit an authentication request to an authentication service [i.e. an authentication server]. The authentication process may be initiated by a user operating a user device [i.e. a mobile device; See Paragraphs 54 and 56] to establish a user account [See Paragraphs 177 and 178]), and
the request for authorization of the registration includes a first user name associated with the restricted-access account to be registered [[and an IP address of the mobile device]] (See at least Paragraph 95: A first user may submit a request to access an account, or establish an account [See Paragraphs 177-178], via an authentication service [Figure 5, 505]. The request includes at least one instance of first identification information of at least one user and/or device having authorization to access the account. The identification information may include the name of a user associated with the account [see Paragraphs 99 and 104]. Examiner’s Note: Brown does not explicitly teach that the request includes an IP address of the mobile device. However, Prakash does teach this limitation as described below);
verifying at the authentication server, that the first user name matches a second user name currently registered as a user name for a network identification (ID) of the mobile device (See at least Paragraph 99 and 101-102: The authentication service receives second identification information associated with a subscriberID [i.e. a network ID], from a network provider [Figure 5, 525]. The second device identification information includes a name of the user. The authentication service then compares the first identification information [i.e. the information received from the user at Figure 5, 505] to the second identification information provided by the network provider to determine if there is a match [See Figure 5, 535]);
verifying at the authentication server, that an initiation location of the registration matches a current location of the mobile device (See at least Paragraphs 119 and 120: In addition to the steps described in Figure 5, the authentication service may also request first location data from the first entity [i.e. a current location of the mobile device; Figure 6B, 660] and second location data that is registered in association with the user [i.e. an allowed initiation location for the transaction; Figure 6B, 665]. The first and second location data are then compared to determine if there is a match [see Paragraph 122; Figure 6B, 675]),
determining at the authentication server, an authorization score for the registration based at least in part on the verifications that the first user name matches the second user name and that the initiation location of the registration matches the current location of the mobile device (See at least Paragraph 50: Determining whether there is a match between data received by the authentication service may be reported in a granular form, such as a score ranging from 0-100. This score may be applied to both the match between first and second device identification [i.e. determining a match between a first and second user name, Paragraphs 101-102] and the match between first and second location information [i.e. determining a match between the initiation location of the on-line transaction and the current location of the mobile device]); and
transmitting by the authentication server to the application server, the authorization score, wherein based on the transmitted authorization score, the application server registers the restricted-access account (See at least Paragraphs 102-104: The indication of a match/score may be transmitted from the authentication service to the first entity in order to grant access to the account or approve the transaction).

	Regarding Claim 21, Brown does not explicitly teach, but Prakash, however, does teach:
the request for authorization of the registration includes… an IP address of the mobile device (See at least Paragraph 57: Describes a system for location-based authentication of transactions. An authorization server [i.e. an authentication server] may receive an order for goods/services from a vendor server [i.e. an application server]. Additionally, the vendor server may transmit location information of a user mobile computing device to the authentication server. The location information may comprise an IP address of the mobile computing device. Examiner’s Note: Although the authentication process described by Prakash is performed in the context of e-commerce transactions, it would have been obvious to one of ordinary skill in the art that these authentication procedures could easily be applied to a process for establishing an account, as described by Brown); and
wherein the initiation location of the registration is determined from the IP address of the mobile device (See at least Paragraph 58: The payment authorization server may be configured to validate the location of the mobile computing device. To do so, the payment authorization server may trace the IP path to determine an origination location from which the order to the e-commerce vendor server was submitted and compare the origination location to the location determined based on the IP address of the mobile computing device).

Claim 22
	Regarding Claim 22, Brown teaches:
prior to the verification that the initiation location of the registration matches the current location of the mobile device, determining at the authentication server, the current location of the mobile device (See at least Paragraphs 119 and 122: The authentication service may receive, from the network provider, the first location data of the user device [Paragraph 119; Figure 6B, 660] before comparing it to the second location data [Paragraph 122; Figure 6B, 675]).

Claim 23
	Regarding Claim 23, Brown teaches:
wherein the determining of the current location of the mobile device comprises: upon receiving the request for authorization of the registration, determining at the authentication server, a mobile provider that manages the network ID of the mobile device (See at least Paragraph 91: The authentication service may request and receive location data of the user device from the network provider when the user device attempts to access the secured system. Examiner's Note: Although not explicitly stated by Brown, it would have been obvious to one of ordinary skill in the art that the authentication service would first need to identify the network provider before submitting a request for location information to the network provider); and
transmitting by the authentication server to the mobile provider, a request for the current location of the mobile device; and receiving at the authentication server from the mobile provider, the current location of the mobile device (See at least Paragraph 91: The authentication service may request and receive the location data of the user device from the network provider).

Claim 25
	Regarding Claim 25, Brown does not explicitly teach, but Prakash, however, does teach:
wherein the current location of the mobile device is determined at the authentication server via global positioning system (GPS) information from the mobile device (See at least Paragraph 14: The determined location of the mobile computing device may be embodied as location coordinates [e.g., GPS coordinates]).
	Therefore, it would have been obvious to one of ordinary skill in the art, before the effective filing date of the application, to combine the teachings of Brown and Prakash in order to provide an accurate location based on the requirements of the particular authentication procedure being implemented (Prakash: Paragraph 57).


17.	Claim 24 is rejected under 35 U.S.C. 103 as being unpatentable over Brown (U.S. Pre-Grant Publication No. 20180295514) in view of Prakash (U.S. Pre-Grant Publication No. 20120030110), and in further view of Bao (U.S. Patent No. 9992198).

Claim 24
	Regarding Claim 24, the combination of Brown and Prakash does not explicitly teach, but Bao, however, does teach:
determining at the authentication server, the network ID of the mobile device by querying, based on the IP address of the mobile device, a server that is separate from the authentication server, for the network ID of the mobile device (See at least Col. 3, Line 63 - Col. 4, Line 34: Describes a process for authenticating a user of a user device. A client application server [i.e. an authentication server] transmits an authentication request to a network authentication server [i.e. a server that is separate from the authentication server] via the user device. The network authentication server may identify an MDN [i.e., a network ID] of the user device based on the IP address assigned to the user device. The network authentication server may send a copy of the MDN of the user device to the client application server).
	Therefore, it would have been obvious to one of ordinary skill in the art, before the effective filing date of the application, to combine the teachings of Brown, Prakash, and Bao in order to enable users to access services protected by two-factor security systems without having to provide additional authentication information (Bao: Col. 2, Lines 6-18). 


Response to Arguments
18.	Applicant’s arguments filed February 2, 2022 have been fully considered. 

Arguments Regarding 35 U.S.C. 101
19.	Applicant’s arguments (Amendment, Pgs. 12-16) concerning the prior rejection of the claims under 35 USC §101, including supposed deficiencies in the rejection, are not persuasive for the following reasons.  Under the prior and current 101 analysis under 2019 PEG, the amended claims recite and are directed to a patent ineligible abstract idea, without something significantly more, for the reasons given above after consideration of the claimed features and elements.  The abstract idea has been restated herein in line with the 2019 PEG guidance and the amended claims.  Applicant is directed to the above full Alice/Mayo analysis in the 101 rejection. 
Additionally, on page 13 of their remarks, the applicant argues, “Authenticating the user in this manner offers multiple advantages, including… The claims thus demonstrate improvements over prior art methods of authenticating a user. Therefore, the claims do not recite a judicial exception, i.e., an abstract idea.” The examiner respectfully disagrees. Specifically, the examiner notes that the claims simply recite methods/systems for utilizing various data to authenticate a user. Such limitations clearly recite a method of organizing human activity. The fact that there may be benefits to the particular method for authenticating the user does not prevent the claims from reciting an abstract idea.
Additionally, on page 13 of their remarks, the applicant argues, “Such features of claims 1, 11, and 17 do not merely “apply it” with the alleged judicial exception nor generally link use of the alleged judicial exception to a particular technological environment. Such features recite practical applications that provide the advantages discussed above, namely preventing a fraudster from accessing a restricted account (and potentially making an on-line purchase) as long as the fraudster is not near the user’s mobile device, bolstering security without requiring the user to perform any additional steps beyond transmitting a request, and accounting for the user’s potential mobility. Therefore, Applicant respectfully submits that the claims of the present application are patent-eligible under USPTO Step 2A, Prong 2.” The examiner respectfully disagrees. Specifically, the examiner notes that the claims do not recite any additional element that amounts to a technical improvement to any technology or technological field. Rather, the claims merely recite a series of steps for verifying various information associated with a user in order to prevent an unauthorized user from accessing an account. Simply stating that this information is verified by a generic server using GPS technology does not amount to an improvement in any technology or technological field. Rather, the claims simply recite improvements to the abstract idea itself.
Additionally, on pages 15 and 16 of their remarks, the applicant cites CosmoKey Solutions to argue that the claims recite additional elements that amount to “significantly more” than the abstract idea. The examiner respectfully disagrees that the claims recited in the instant application are comparable to the claims recited in CosmoKey Solutions. Specifically, the examiner notes that, as stated by the applicant, the court in CosmoKey Solutions noted that, “claims directed to specific verification methods that depart from earlier approaches and improve computer technology eligible under § 101.” As stated above, the claims recited in the instant application do not provide any indication of an improvement to any technology or technological field. Rather, the claims simply utilize generic computer-related technology to perform the abstract idea.
	Additionally, on page 16 of their remarks, the applicant argues, “Applicant respectfully submits that such claim features are not well-understood, routine, and previously known in the industry.” Examiner notes that preemption is not a standalone test for patent eligibility. Furthermore, preemption concerns have already been addressed by the Examiner through the application of the two-step framework. A specific abstract idea is still an abstract idea and is not eligible for patent protection without significantly more recited in the claim (See Ariosa Diagnostics, In.c v. Seqenom, Inc., 788 F.3d 1371, 1379 (Fed. Cir. 2015); see also OIP Tech., Inc. v. Amazon.com, Inc. 788 F.3d 1359, 1362-63 (Fed Cir. 2015); Return Mail, Inc. v. USPS, 123 USPQ2d 1813, 1827 (Fed. Cir. 2017)). While preemption may signal patent ineligible subject matter, the absence of complete preemption does not demonstrate patent eligibility (Ariosa, 788 F.3d 1379).
Therefore, for these reasons and the reasons given above, the rejection of these claims under 35 U.S.C. §101 is maintained. 

Arguments Regarding 35 U.S.C. 103
20.	Applicant’s arguments regarding the prior art rejections applied to claims 1-3, 5, 7, 9, and 16 are moot in view of the new grounds of rejection necessitated by applicant’s claim amendments. 
	However, on page 18 of their remarks, the applicant argues, “Amended claim 11 recites a similar limitation to the above limitation of amended claim 1, which is not taught or suggested by Brown, Prakash, or Subramanian.” The examiner respectfully disagrees. Specifically, the examiner notes that claim 11 simply states that, “the initiation location of the on-line purchase is determined from the IP address of the mobile device.” Claim 11 does not provide any indication that the initiation location of the transaction must be determined while the user is currently engaged in the transaction. Rather, claim 11 simply states that the initiation location is determined based on an IP address of the mobile device. Therefore, the prior rejection of claims 11-14 and 17-20 under 35 U.S.C. 103 has been maintained. However, the rejection has been updated to reflect the newly added claim amendments.


Conclusion
THIS ACTION IS MADE FINAL.  Applicant is reminded of the extension of time policy as set forth in 37 CFR 1.136(a).  
A shortened statutory period for reply to this final action is set to expire THREE MONTHS from the mailing date of this action.  In the event a first reply is filed within TWO MONTHS of the mailing date of this final action and the advisory action is not mailed until after the end of the THREE-MONTH shortened statutory period, then the shortened statutory period will expire on the date the advisory action is mailed, and any extension fee pursuant to 37 CFR 1.136(a) will be calculated from the mailing date of the advisory action.  In no event, however, will the statutory period for reply expire later than SIX MONTHS from the mailing date of this final action. 
	Any inquiry concerning this communication or earlier communications from the examiner should be directed to WILLIAM D NEWLON whose telephone number is (571)272-4407. The examiner can normally be reached Mon - Fri 9:30 - 5:30.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Namrata Boveja can be reached on (571) 272-8105. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. Visit https://www.uspto.gov/patents/apply/patent-center for more information about Patent Center and https://www.uspto.gov/patents/docx for information about filing in DOCX format. For additional questions, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.





/WILLIAM D NEWLON/Examiner, Art Unit 3696                                                                                                                                                                                                        
/SCOTT S TROTTER/Primary Examiner, Art Unit 3696