DETAILED ACTION
Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .

Status of Claims
Claims 1 and 15 are amended.
Claims 2, 4-6, 8, 16, 18-22, 28, and 30 are canceled.
Claims 7 and 9-14 are withdrawn.
Claims 1, 3, 7, 9-15, 17, 23-27, and 29 are pending.

Response to Remarks
35 U.S.C. § 112
Applicant’s amendments to the claims have overcome this ground of rejection.  Accordingly, this ground of rejection is withdrawn.

35 U.S.C. § 103
Applicant’s arguments with respect to claim(s) 1, 3, 15, 17, 23-27, and 29 have been considered but are moot because the new ground of rejection does not rely on any reference applied in the prior rejection of record for any teaching or matter specifically challenged in the argument.

Claim Rejections - 35 USC § 103
In the event the determination of the status of the application as subject to AIA  35 U.S.C. 102 and 103 (or as subject to pre-AIA  35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status.  
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.

The factual inquiries for establishing a background for determining obviousness under 35 U.S.C. 103 are summarized as follows:
1. Determining the scope and contents of the prior art.
2. Ascertaining the differences between the prior art and the claims at issue.
3. Resolving the level of ordinary skill in the pertinent art.
4. Considering objective evidence present in the application indicating obviousness or nonobviousness.
Claims 1, 3, 15, 17, and 30 is/are rejected under 35 U.S.C. 103 as being unpatentable over U.S. Patent Pub. No. 2016/0247156 to Hwang et al. in view of U.S. Patent Pub. No. 2015/0199679 to Palanisamy, and U.S. Patent Pub. No. 2014/0040126 to Andrews et al.
Per Claim 1: Hwang discloses:
A method comprising: (see Hwang at Abstract: Systems and methods are disclosed for provisioning resources from a first user account to a second user and wearable device for use in a secure transaction.)
launching, in response to a user request, a digitization application (e.g., secure transaction module) on a first user interface device (e.g., master device), the first user interface device having a first unique identifier; (see Hwang at ¶ 39: In step 402, the user launches the secure transaction module on the master device and authenticates the primary user and primary device to the transaction-processing server. In various embodiments, the primary user may be authenticated though username and password, biometric reading such as a fingerprint scanner or eye/retinal scanner, a user PIN or other security capabilities of the master device. In various embodiments, the master device may be authenticated through a device identifier, a secure token, encryption key exchange or other authentication protocols.  See also ¶ 27: An administration module 214 provides the user of the master device 210 with an administrative interface to manage secure transactions, interface with the transaction processing server 230 and manage account settings and delegations, including adding one or more secondary users and devices and setting resource allocation settings and transaction restrictions.  See also ¶ 39: In various embodiments, the master device may be authenticated through a device identifier, a secure token, encryption key exchange or other authentication protocols.)
authenticating the user via the wallet provider; (see Hwang at ¶ 39: In step 402, the user launches the secure transaction module on the master device and authenticates the primary user and primary device to the transaction-processing server. In various embodiments, the primary user may be authenticated though username and password, biometric reading such as a fingerprint scanner or eye/retinal scanner, a user PIN or other security capabilities of the master device. In various embodiments, the master device may be authenticated through a device identifier, a secure token, encryption key exchange or other authentication protocols.)
receiving, from the first user interface device, a request at the issuer of the account (e.g., service provider e.g., bank) to digitize the user account associated with the first user interface device on a second user interface device (e.g., secondary device), the second user interface device having a second unique identifier, wherein digitization comprises the preparation, by a tokenization service provider, of a provisioning package, personalization scripts and data for provisioning a token for the user account associated with the first user interface device to the second user interface device and based on the first unique identifier and the second unique identifier; (Examiner’s Note: the language “wherein digitization comprises the preparation, by a tokenization service provider, of a provisioning package, generation of cryptographic keys, personalization scripts and data for provisioning a token for the user account associated with the first user interface device to the second user interface device based on the first unique identifier and the second unique identifier” has been considered and determined to not distinguish over the prior art.  It fails to distinguish over the prior art because the claim requires only receiving a request to digitize the user account.  It does not recite actually digitizing the user account.  In other words, as currently recited, the claim recites that the digitization is a desired result of receiving the request.  However, for compact prosecution purposes, the following citation is provided: see Hwang at ¶ 15: FIG. 1 is a flow chart 100 illustrating an embodiment of an exemplary secure transaction process. In step 110, a primary user operates a master device, such as a smart phone, which is authenticated for secure transactions through a service provider. The primary user accesses a corresponding master account managed by the service provider (e.g., PayPal or a bank), and identifies a secondary user and associated secondary device that may be used to access certain services offered by the service provider.  See also ¶ 37: The restriction module 236 interfaces with the secure transaction modules 212 and 242 to establish and implement restrictions on the secure transactions initiated through the secondary device 240. In various embodiments, restrictions may be geographic (e.g., can only spend money at an amusement park), time and date based (e.g., can only spend on the weekends), use restricted (e.g., can only use the funds to purchase food) and size restricted (e.g., no purchase over $20). The defined restrictions are stored in the account/transaction database 270.  See also ¶ 41: In various embodiments, one or more tokens may be received and stored for use by the secondary device, single-use or multi-use tokens may be used, and the tokens may be generated and transmitted to the secondary device by the master device or the service provider.  See also ¶ 40: In step 404, the master device establishes communications with the secure transaction module on the secondary device and retrieves unique device identification information for the secondary device.)
providing the first unique identifier and the second unique identifier to the wallet provider; (see Hwang at ¶ 39: In various embodiments, the master device may be authenticated through a device identifier, a secure token, encryption key exchange or other authentication protocols.  See also ¶ 40: In step 404, the master device establishes communications with the secure transaction module on the secondary device and retrieves unique device identification information for the secondary device. In step 406, the master device transmits encrypted secondary user and secondary device information to the transaction process server for association with the primary user account.)
linking the first user interface device to the second user interface device by the first unique identifier and the second unique identifier; (see Hwang at ¶ 40: In step 404, the master device establishes communications with the secure transaction module on the secondary device and retrieves unique device identification information for the secondary device. In step 406, the master device transmits encrypted secondary user and secondary device information to the transaction process server for association with the primary user account. The transaction processing server returns authentication information for the secondary device and, in step 408, the master device transmits the authentication information to the secondary device.)
[[after the linking,]] receiving, at the wallet provider from the first user interface device, authentication information (e.g., encrypted secondary user and secondary device information) for the second user interface device; (see Hwang at ¶ 40: In step 404, the master device establishes communications with the secure transaction module on the secondary device and retrieves unique device identification information for the secondary device. In step 406, the master device transmits encrypted secondary user and secondary device information to the transaction process server for association with the primary user account. The transaction processing server returns authentication information for the secondary device and, in step 408, the master device transmits the authentication information to the secondary device. In one embodiment, the master device and secondary device communicate through the respective secure transaction modules. In an alternate embodiment, the master device configures the account for access by the secondary device and provides the transaction-processing server with contact information for the secondary user, such as a mobile number or email address. The transaction-processing server then sends a message to the secondary device that communicates with the transaction-processing server (bypassing the primary device) to complete the authentication process.)
authenticating, at the wallet provider, the second user interface device based on the linking and the received authentication information for the second user interface device; (see Hwang at ¶ 40: In step 404, the master device establishes communications with the secure transaction module on the secondary device and retrieves unique device identification information for the secondary device. In step 406, the master device transmits encrypted secondary user and secondary device information to the transaction process server for association with the primary user account. The transaction processing server returns authentication information for the secondary device and, in step 408, the master device transmits the authentication information to the secondary device. In one embodiment, the master device and secondary device communicate through the respective secure transaction modules. In an alternate embodiment, the master device configures the account for access by the secondary device and provides the transaction-processing server with contact information for the secondary user, such as a mobile number or email address. The transaction-processing server then sends a message to the secondary device that communicates with the transaction-processing server (bypassing the primary device) to complete the authentication process.  See also ¶ 15: FIG. 1 is a flow chart 100 illustrating an embodiment of an exemplary secure transaction process. In step 110, a primary user operates a master device, such as a smart phone, which is authenticated for secure transactions through a service provider. The primary user accesses a corresponding master account managed by the service provider (e.g., PayPal or a bank), and identifies a secondary user and associated secondary device that may be used to access certain services offered by the service provider. In various embodiments, the secondary user and device may be identified manually by the primary (e.g., “add friend”), through family account features, by locating devices in vicinity, in response to a request received from a user and through social media or contacts lists.)
However, Hwang fails to disclose, but Palanisamy, an analogous art of payment tokenization, discloses:
receiving, at the first user interface device, a user request for digitization of a user account associated with the first user interface device; (see Palanisamy at ¶ 74: A payment credential provisioning process may be initiated. For example, a consumer 110 may indicate a desire to activate mobile payment functionality for the communication device 120 (e.g. Bob's device 1) via a mobile application.)
transmitting the received user request for digitization to a wallet provider; (see Palanisamy at ¶ 75: In step S710, the payment processor server computer 140 may receive a tokenization eligibility request message including the PAN 0256 and any other suitable information from the digital wallet provider server computer 130, after it communicates with the consumer 110.)
receiving, at the first user interface device, a token, in response to approval of the issuer of the account to tokenize the account; (see Palanisamy at ¶ 85: In step S755, the payment processor server computer 140 may provide the second payment token 4969 and any other suitable information to the communication device 120 (e.g. using the provisioning module 447). For example, the payment processor server computer 140 may generate and deliver provisioning scripts to the communication device 120 (e.g. directly or via the digital wallet provider server computer 130).  See also ¶ 76: If the risk level is low, then a subsequently generated tokenization eligibility response message may indicate that a token may be generated.)
wherein digitization comprises the preparation, by a tokenization service provider, of a provisioning package, generation of cryptographic keys, personalization scripts and data for provisioning a device token for the user account associated with the first user interface device to the second user interface device, wherein the device token is specific to the second user interface device; (see Palanisamy at ¶ 85: In step S755, the payment processor server computer 140 may provide the second payment token 4969 and any other suitable information to the communication device 120 (e.g. using the provisioning module 447). For example, the payment processor server computer 140 may generate and deliver provisioning scripts to the communication device 120 (e.g. directly or via the digital wallet provider server computer 130).  See also ¶ 37: A “provisioning script” may include may include any source code, machine code, executable file, or other instructions operable to provision a device or assist in the provisioning of a device. A provisioning script may be written in any suitable programming language, such as C, C++, Java, Python, or assembly. In some cases, the provisioning script may include specific calls or commands to hardware elements. For example, if an EMV card or communication device is being provisioned, a provisioning script may operate according to “EMV Card Personalization Specification version 1.0,” which defines commands that may be used to provision an EMV smart card. In some cases, a provisioning script may comprise personalization data in addition to instructions operable to provision the personalization data.  See also ¶ 25: In embodiments of the invention, different payment devices are provisioned with different payment tokens.)
approving, by the issuer of the account, the second user interface device to receive the device token; (see Palanisamy at ¶ 76: If the risk level is low, then a subsequently generated tokenization eligibility response message may indicate that a token may be generated.  See also FIG. 6: Bob’s Device 2 has also been approved to receive a payment token)
generating the device token by the token service provider associated with the user account in response to the approval; (see Palanisamy at ¶ 83: In step S745, the payment processor server computer 140 may generate a second payment token 4969 associated with the first payment token 7891 (e.g. using the payment token generation module 445 and the payment token association module 446).)
provisioning the generated device token to the second user interface device, wherein provisioning of the device token to the second user interface device digitizes the second user interface device; and (Examiner’s Note: the language “wherein provisioning of the at least one token to the second user interface device digitizes the second user interface device” has been considered and determined to recite an desired result of provisioning the generated token to the second user interface device.  Therefore, it fails to distinguish over the prior art.  However, for compact prosecution purposes, the following citation is provided: see Palanisamy at ¶ 85: In step S755, the payment processor server computer 140 may provide the second payment token 4969 and any other suitable information to the communication device 120 (e.g. using the provisioning module 447). For example, the payment processor server computer 140 may generate and deliver provisioning scripts to the communication device 120 (e.g. directly or via the digital wallet provider server computer 130).
receiving the provisioned device token at the second user interface device. (see Palanisamy at ¶ 85: In step S755, the payment processor server computer 140 may provide the second payment token 4969 and any other suitable information to the communication device 120 (e.g. using the provisioning module 447). For example, the payment processor server computer 140 may generate and deliver provisioning scripts to the communication device 120 (e.g. directly or via the digital wallet provider server computer 130).  See also FIG. 6: Bob’s Device 2 has also been approved to receive a payment token)
It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to modify Hwang to provide a payment token to the first and second devices as disclosed in Palanisamy.  One of ordinary skill in the art would have been motivated to do so to enable both consumer devices disclosed in Hwang to make purchases using payment tokens.  
However, the combination of Hwang and Palanisamy fails to disclose, but Andrews, an analogous art of registering multiple devices to a digital wallet, discloses:
providing a user interface associated with an issuer of an account; (see Andrews at ¶ 49: The user 101 can use a web server 141 on the payment processing system 140 to view, register, download, upload, or otherwise access the payment processing system 140 via a website 142 and a communication network 105.)
wherein linking further comprises determining, via one of a wallet provider and an Issuer of the user account, the first user interface device and the second user interface device are both linked to the user account; (see Andrews at ¶ 59: In block 225, the user device 110 is added to the list of devices on the digital wallet account 121. In an example embodiment, a page on a user interface of the digital wallet account 121 provides a listing of user devices associated with the digital wallet account 121.)
Further, while Hwang discloses linking the first user interface device to the second user interface device and receiving authentication information for the second user interface device, Hwang is silent regarding the order of these two operations.  However, Andrews discloses receiving authentication information for a second device after the second device has been linked in an authorized pool (see ¶ 58: In block 220, the digital wallet application module 111 on the user device 110 is authorized by the user 101. In an example embodiment the user 101 must enter an authorization for the setup to be initiated by the payment processing system 140. That is, the payment processing system 140 can require a username and password, or other suitable authorization protocol, to begin the setup process for the digital wallet application module 111. In alternate example embodiments, the authorization of the user 101 can be required at any point of the setup process, such as before the installation of the digital wallet application module 111 or after the setup process has begun.)
It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to modify Hwang to provide a user interface and receiving authentication information for a second device after the second device has been linked to the first device as disclosed in Andrews.  One of ordinary skill in the art would have been motivated to do so to make it more user-friendly for a user to request tokens for a secondary device.

Per Claim 15: Claim 15 recites subject matter similar to that discussed above in connection with claim 1.  Claim 15 further recites, and Hwang further discloses:
A system comprising: a first user interface device; (see Hwang at ¶ 20: System 200 includes a primary user 202, a primary device 210, a secondary user 204, a secondary device 240, and a payment-processing server 230 in communication over a network 220.)
a memory for storing program instructions; (see Hwang at ¶ 48: Components of computer system 600 also include a system memory component 614 (e.g., RAM), a static storage component 616 (e.g., ROM), and/or a disk or flash drive 617. Computer system 600 performs specific operations by processor(s) 612 and other components by executing one or more sequences of instructions contained in system memory component 614.)
an authentication processor, coupled to the memory, and operative to execute program instructions to: (see Hwang at ¶ 20: System 200 includes a primary user 202, a primary device 210, a secondary user 204, a secondary device 240, and a payment-processing server 230 in communication over a network 220.)

Per Claims 3 and 17: The combination of Hwang, Palanisamy, and Andrews discloses the subject matter of claims 1 and 15, from which claims 3 and 17 depend, respectively.  Hwang further discloses:
wherein the token is for association with at least one second user device. (Examiner’s Note: this claim element has been considered and determined to recite an intended use of the token.  Therefore, it fails to distinguish over the prior art.  However, for compact prosecution purposes, the following citation is provided: see Hwang at ¶ 41: In various embodiments, one or more tokens may be received and stored for use by the secondary device, single-use or multi-use tokens may be used, and the tokens may be generated and transmitted to the secondary device by the master device or the service provider.)

Per Claim 30: The combination of Hwang, Palanisamy, and Andrews discloses the subject matter of claim 1, from which claim 30 depends.  Hwang further discloses:
wherein linking the first user interface device to the second user interface device by the first unique identifier and the second unique identifier further comprises: determining the first user interface device and the second user interface device are both linked to the user account. (see Hwang at ¶ 41: In step 424, the secondary device transmits a unique device identifier and user authentication information to the master device. In step 428, the secondary device receives authentication information from the secure transaction module of the master device and stores the information in a secure location, such as a secure element. In one embodiment, the authentication information includes a token associated with the primary user's account, and may be used to enter into an electronic payment transaction with funds coming out of a portion of the primary user's account allocated to the secondary user.)

Claim 29 is/are rejected under 35 U.S.C. 103 as being unpatentable over Hwang, Palanisamy, and Andrews as applied to claim 1 above, and further in view of U.S. Patent Pub. No. 2017/0330188 to Canh.
Per Claim 29: The combination of Hwang, Palanisamy, and Andrews discloses the subject matter of claim 1, from which claim 29 depends.  However, the combination of Hwang, Palanisamy, and Andrews fails to disclose, but Canh, an analogous art of payment tokens, discloses:
receiving, at the first user interface device, notification that the device token was received by the second user interface device. (see Canh at ¶ 182: The payment server 420 may transmit to the second electronic device 405 the token based on the post-payment information to be shared, and in operation 1237, may generate information regarding token delivery completion with respect to the post-payment information to be shared, and may send a notification corresponding thereto to the first electronic device 400. Then, the first electronic device 400 may confirm that the to-be-shared post-payment information requested by the first electronic device 400 is delivered to the second electronic device 405.)
It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to modify Hwang so that the first payment device receives a notification that the second payment device has received a payment token using the techniques disclosed in Canh.  As in Canh, it would have been within the capabilities of one of ordinary skill in the art to send a notification to a first device of payment token transfer to a secondary device to the first and second devices in Hwang with the predicted result transmitting notification information as needed in Hwang.

Claims 23-25 is/are rejected under 35 U.S.C. 103 as being unpatentable over Hwang, Palanisamy, and Andrews as applied to claim 15 above, and further in view of U.S. Patent Pub. No. 2015/0356560 to Shastry et al.
Per Claim 23: The combination of Hwang, Palanisamy, and Andrews discloses the subject matter of claim 15, from which claim 23 depends.  However, the combination of Hwang, Palanisamy, and Andrews fails to disclose, but Shastry, an analogous art of payment tokens, discloses:
receive from a merchant at least one request to generate a higher assurance level associated with the token. (see Shastry at ¶ 90: FIG. 5B shows a block diagram 520 for modifying an assurance level associated a token based on the transaction history, in accordance with some embodiments of the invention. In FIG. 5B, the mobile application 502 is provisioned with a token having a low assurance level, as described above in connection with FIG. 5A. After being provisioned with the low assurance level token, the mobile application 502 provides transaction history updates 510 to the payment processing server 504 (step 4). In some embodiments, the mobile application 502 may send periodical updates (e.g. transaction history update messages) to the processing server 504 as transactions are completed. In other embodiments, the mobile application 502 may send transaction updates to the payment processing server 504 when the predetermined criteria (i.e. criteria determined by the authorization platform 506) is met. Upon satisfying the predetermined criteria, the payment processing server 504 may upgrade the status of the token previously sent to the mobile application 502 (step 5).  See also ¶ 87: When the user downloads and executes the mobile application 502 (e.g. a merchant mobile application), the user may be prompted to load payment account information to the mobile application 502.)
It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to modify the payment tokens in Hwang to include a token assurance level as disclosed in Shastry.  One of ordinary skill in the art would have been motivated to do so to increase the confidence that the transaction is not fraudulent.

Per Claim 24: The combination of Hwang, Palanisamy, Andrews, and Shastry discloses the subject matter of claim 23, from which claim 24 depends.  However, the combination of Hwang, Palanisamy, and Andrews fails to disclose, but Shastry discloses:
wherein the request is for the user to authenticate their account with the merchant. (see Shastry at ¶ 27: In response to a token request from the merchant, the token provider issues tokens with varying status based on a confidence level determined in light of the data received from the token requestor. For example, the status of the token may indicate that the token is a trusted token associated with a high assurance level. Such token may be used without restrictions by the merchant mobile application. Alternatively, the status of the token may indicate that the token is an untrusted token associated with a low assurance level. Such token may have restrictions imposed thereupon. For example, a token with a low assurance level may be used for transactions below a pre-determined value (e.g. money amount) or may be used only with proper user identifying information (e.g. showing user ID card, providing a PIN and/or a card verification value (e.g. CVV), user biometrics and the like).  See also ¶ 73)
It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to modify Hwang so that a user authenticates an account with a merchant as disclosed in Shastry.  One of ordinary skill in the art would have been motivated to do so to increase the confidence that the transaction is not fraudulent.

Per Claim 25: The combination of Hwang, Palanisamy, Andrews, and Shastry discloses the subject matter of claim 24, from which claim 25 depends.  However, the combination of Hwang, Palanisamy, and Andrews fails to disclose, but Shastry discloses:
initiate a communication between the user and the merchant. (see Shastry at ¶ 53: The merchant 130 may be capable to sell goods and/or services to the consumer 120. The merchant 130 may receive payment information comprising a token from the consumer 120. The merchant 130 may send the token to the acquirer 135 for payment authorization.)
It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to include the subject matter of Shastry in the Hwang system.  One of ordinary skill in the art would have been motivated to do so to increase the confidence that the transaction is not fraudulent.

Claims 26-27 is/are rejected under 35 U.S.C. 103 as being unpatentable over Hwang, Palanisamy, Andrews, and Shastry as applied to claim 25 above, and further in view of U.S. Patent No. 9,444,824 to Balazs et al.
Per Claim 26: The combination of Hwang, Palanisamy, Andrews, and Shastry discloses the subject matter of claim 25, from which claim 26 depends.  However, the combination of Hwang, Palanisamy, Andrews, and Shastry fails to disclose, but Balazs, an analogous art of securing financial information, discloses:
generate, based on the initiated communication, two or more higher assurance level requests, wherein at least two of the higher assurance level requests are presented on a same user interface. (see Balazs at 15:8-34: The method or system may detect whether there is going to be a change in the level of assurance at 610A based at least in part upon one or more flow nodes encountered in the flow or user actions or interactions during the user's access to the financial management system. For example, the user may be initially authenticated by the username and password to access the financial management system. During the user's interaction with the financial management system, the user may wish to access information including, for example, the user's social security number, the user's bank account information, the user's birthday, or other more sensitive, confidential, or critical information that the user is not authorized to view or access at the current level of assurance. The method or system may determine that there is going to be a change in the current level of assurance to a heightened level of assurance at 610A.)
While Balazs does not explicitly disclose a second higher assurance level request, Balazs does suggest a second higher assurance level request because the above-cited portion discloses generating a higher assurance level request whenever there is going to be a change in the level of assurance.  One of ordinary skill in the art before the effective filing date of the claimed invention, would have appreciated that multiple changes may be possible.
It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to include the subject matter of Balazs in the Hwang system.  One of ordinary skill in the art would have been motivated to do so to further increase the security of the financial information in Hwang.

Per Claim 27: The combination of Hwang, Palanisamy, Andrews, Shastry, and Balazs discloses the subject matter of claim 26, from which claim 27 depends.  However, the combination of Hwang, Palanisamy, Andrews, and Shastry fails to disclose, but Balazs discloses:
receive a selection of one or more higher assurance requests to provide authentication information. (see Balazs at 15:8-34: The method or system may detect whether there is going to be a change in the level of assurance at 610A based at least in part upon one or more flow nodes encountered in the flow or user actions or interactions during the user's access to the financial management system. For example, the user may be initially authenticated by the username and password to access the financial management system. During the user's interaction with the financial management system, the user may wish to access information including, for example, the user's social security number, the user's bank account information, the user's birthday, or other more sensitive, confidential, or critical information that the user is not authorized to view or access at the current level of assurance. The method or system may determine that there is going to be a change in the current level of assurance to a heightened level of assurance at 610A.)
It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to include the subject matter of Balazs in the Hwang.  One of ordinary skill in the art would have been motivated to do so to further increase the security of the financial information in Hwang.

Conclusion
The prior art made of record and not relied upon is considered pertinent to applicant's disclosure.
U.S. Patent No. 10,122,719 discloses systems and methods for authenticating a user are described herein. A system comprises a processor subsystem; and a memory including instructions, which when executed by the processor subsystem, cause the processor subsystem to: receive at a server from a first user device, a first authentication token; receive at the server from a second user device, a second authentication token; authenticate the user based on the first and second authentication tokens; and establish a communication session from the server to the first user device when the user is authenticated.
Applicant's amendment necessitated the new ground(s) of rejection presented in this Office action.  Accordingly, THIS ACTION IS MADE FINAL.  See MPEP § 706.07(a).  Applicant is reminded of the extension of time policy as set forth in 37 CFR 1.136(a).  
A shortened statutory period for reply to this final action is set to expire THREE MONTHS from the mailing date of this action.  In the event a first reply is filed within TWO MONTHS of the mailing date of this final action and the advisory action is not mailed until after the end of the THREE-MONTH shortened statutory period, then the shortened statutory period will expire on the date the advisory action is mailed, and any extension fee pursuant to 37 CFR 1.136(a) will be calculated from the mailing date of the advisory action.  In no event, however, will the statutory period for reply expire later than SIX MONTHS from the date of this final action. 
Any inquiry concerning this communication or earlier communications from the examiner should be directed to NILESH B KHATRI whose telephone number is (571)270-7083. The examiner can normally be reached 8:30 AM - 5:30 PM Monday-Friday, alternating Fridays off.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Neha Patel can be reached on (571) 270-1492. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. Visit https://www.uspto.gov/patents/apply/patent-center for more information about Patent Center and https://www.uspto.gov/patents/docx for information about filing in DOCX format. For additional questions, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.





/N.B.K./Examiner, Art Unit 3685                                                                                                                                                                                                        
/JAMES D NIGH/Senior Examiner, Art Unit 3685