DETAILED ACTION
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .
Claims 1-20 are presented for examination.
Receipt is acknowledged of certified copies of papers required by 37 CFR 1.55.
The IDS filed 8/13/2020 has been considered.

Claim Rejections - 35 USC § 103
In the event the determination of the status of the application as subject to AIA  35 U.S.C. 102 and 103 (or as subject to pre-AIA  35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status.  
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.

Claims 1-20 are rejected under 35 U.S.C. 103 as being unpatentable over Avetisov et al. (U.S. Patent Application Publication Number 2020/0067922), hereinafter referred to as Avetisov, in view of Benoit et al. (U.S. Patent Application Publication Number 2016/0050565), hereinafter referred to as Benoit, further in view of Kalinichenko et al. (U.S. Patent Application Publication Number 2014/0237236), hereinafter referred to as Kalinichenko.
Avetisov disclosed techniques for authentication using a device other than the client device attempting to access the asset.  In an analogous art, Benoit disclosed techniques for linking client information for authentication.  Also in an analogous art, Kalinichenko disclosed techniques for using a mobile device as a secondary factor authentication device.  All of these systems deal directly with authentication via client devices.
Regarding claim 1, Avetisov discloses a method of authentication adaptive to a secured application, when the secured application initiates an authentication request, the method comprising: receiving, by an authentication server, a request for authentication of a session of the
secured application initiated on a first entity (paragraph 82, client attempts to access resource and information passed to authorization server); storing, by the authentication server, a part of continuous streams of random real-time data and a user’s public key (paragraph 91, device record includes representations of credentials and public key); transmitting, by the authentication server, notification of the data to a second entity (paragraph 115, transmits notification to mobile device); receiving, by the authentication server, a second encrypted data from the second entity, wherein the second encrypted data is created by encrypting the part of continuous streams of random real-time data using the user’s private key (paragraph 117, receives response including representation of credential signed using private key); authenticating, by the authentication server, the second encrypted data received from the second entity by comparing data decrypted from the second encrypted data with the part of continuous streams of random real-time data stored in the authentication server (paragraph 118, determines authentication result based on whether received representation of credential matches stored representation of credential); initiating, by the authentication server, first action to allow access or to continue the access to the session of the secured application when the authentication is successful (paragraph 118, user successfully authenticated and access attempt granted); and initiating, by the authentication server, second action to terminate the session of the secured application when the authentication is unsuccessful (paragraph 118, user did not successfully authenticate and access attempt denied).
Avetisov does not explicitly state encrypting, by the authentication server, the data using a user’s public key to form a first encrypted data when the request is received, transmitting, by the authentication server, the first encrypted data to the first entity, and decrypting the first encrypted data using a user’s private key to get the part of continuous streams of random real-time data.  However, manipulating data in such a fashion was well known in the art as evidenced by Benoit.  Since the inventions encompass the same field of endeavor, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to modify the system of Avetisov by adding the ability for encrypting, by the authentication server, the data using a user’s public key to form a first encrypted data when the request is received, transmitting, by the authentication server, the first encrypted data to the first entity, and decrypting the first encrypted data using a user’s private key to get the part of continuous streams of random real-time data as provided by Benoit (see paragraph 5, authentication server encrypts authentication credential with client public key, and encrypted authentication credential transmitted to client device, and client device decrypts encrypted authentication credential using client private key).  One of ordinary skill in the art would have recognized the benefit that providing credentials to a client device in this way would allow for minimal manual input from a user of the client device (see Benoit, paragraph 32).
The combination of Avetisov and Benoit does not explicitly state wherein the first entity communicates the first encrypted data to the second entity.  However, sending credential data in such a fashion was well known in the art as evidenced by Kalinichenko.  Since the inventions encompass the same field of endeavor, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to modify the combination of Avetisov and Benoit by adding the ability that the first entity communicates the first encrypted data to the second entity as provided by Kalinichenko (see paragraph 28, client device transmits authentication token to mobile device).  One of ordinary skill in the art would have recognized the benefit that effectuating authentication in this way would provide a decreased amount of disturbance to a user relative to an amount of disturbance common with other multifactor authentication processes (see Kalinichenko, paragraph 26).
Regarding claim 2, the combination of Avetisov, Benoit, and Kalinichenko discloses wherein the second entity is registered with the authentication server (Avetisov, paragraph 91, mobile device registered with authorization server).
Regarding claim 3, the combination of Avetisov, Benoit, and Kalinichenko discloses wherein the continuous streams of random real-time data generation are based on at least one of dynamic parameters and random severity score (Avetisov, paragraph 87, refreshed representations generated via encryption algorithm).
Regarding claim 4, the combination of Avetisov, Benoit, and Kalinichenko discloses wherein the random severity score depends on a type of the secured application (Avetisov, paragraph 67, representations differ for different relying parties, and paragraph 88, relying parties segmented into groups).
Regarding claim 5, the combination of Avetisov, Benoit, and Kalinichenko discloses wherein the dynamic parameters comprise at least one of matching factor, maximum acceptable time delay, buffer size of the first entity and the second entity, type of data, data rate, the type of the secured application, type of the first entity and the second entity, network latency among the authentication server, the first entity and the second entity, type of communication mechanism used between the first entity and the second entity and technical limitations of the communication mechanism used between the first entity and the second entity (Avetisov, paragraph 87, representations of credential values).
Regarding claim 6, the combination of Avetisov, Benoit, and Kalinichenko discloses wherein communication mechanism between the first entity and the second entity comprises wired, Wi-Fi, Bluetooth, Near Field Communication (NFC) and modulation techniques to convert data to audio, video, vibration and light transfer (Kalinichenko, paragraph 25, executes pairing process between client device and mobile device, where the claimed protocols are considered well known ways to complete pairing between devices).
Regarding claim 7, the combination of Avetisov, Benoit, and Kalinichenko discloses wherein the first entity and the second entity are a same device (Avetisov, paragraph 57, access attempt may be from mobile device itself).
Regarding claim 8, the combination of Avetisov, Benoit, and Kalinichenko discloses wherein the initiating first action to allow access or to continue the access to the session of the secured application comprises: if the compared data matches or exceeds threshold value calculated by the authentication server, granting, by the authentication server, the access to the session of the secured application or allowing, by the authentication server, to continue the access to the session of the secured application (Avetisov, paragraph 118, determines authentication result based on whether received representation of credential matches stored representation of credential, and user successfully authenticated and access attempt granted).
Regarding claim 9, the combination of Avetisov, Benoit, and Kalinichenko discloses wherein the initiating second action to terminate the session of the secured application comprises: if the compared data does not match or exceed the threshold value calculated by the
authentication server, denying, by the authentication server, the access to the session of the secured application (Avetisov, paragraph 118, determines authentication result based on whether received representation of credential matches stored representation of credential, and user did not successfully authenticate and access attempt denied).
Regarding claim 10, Avetisov discloses an authentication server for authentication adaptive to a secured application, the server comprising: a processor; and a memory communicatively coupled to the processor, wherein the memory stores processor-executable instructions, which on execution, cause the processor to: receive a request for authentication of a session of the secured application initiated on a first entity (paragraph 82, client attempts to access resource and information passed to authorization server); store a part of continuous streams of random real-time data and a user’s public key (paragraph 91, device record includes representations of credentials and public key); transmit notification of the data to a second entity (paragraph 115, transmits notification to mobile device); receive a second encrypted data from the second entity, wherein the second encrypted data is created by encrypting the part of continuous streams of random real-time data using the user’s private key (paragraph 117, receives response including representation of credential signed using private key); authenticate the second encrypted data received from the second entity by comparing data decrypted from the second encrypted data with the part of continuous streams of random real-time data stored in the authentication server (paragraph 118, determines authentication result based on whether received representation of credential matches stored representation of credential); initiate first action to allow access or to continue the access to the session of the secured application when the authentication is successful (paragraph 118, user successfully authenticated and access attempt granted); and initiate second action to terminate the session of the secured application when the authentication is unsuccessful (paragraph 118, user did not successfully authenticate and access attempt denied).
Avetisov does not explicitly state the processor to encrypt the data using a user’s public key to form a first encrypted data when the request is received, transmit the first encrypted data to the first entity, and decrypting the first encrypted data using a user’s private key to get the part of continuous streams of random real-time data.  However, manipulating data in such a fashion was well known in the art as evidenced by Benoit.  Since the inventions encompass the same field of endeavor, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to modify the system of Avetisov by adding the ability for the processor to encrypt the data using a user’s public key to form a first encrypted data when the request is received, transmit the first encrypted data to the first entity, and decrypting the first encrypted data using a user’s private key to get the part of continuous streams of random real-time data as provided by Benoit (see paragraph 5, authentication server encrypts authentication credential with client public key, and encrypted authentication credential transmitted to client device, and client device decrypts encrypted authentication credential using client private key).  One of ordinary skill in the art would have recognized the benefit that providing credentials to a client device in this way would allow for minimal manual input from a user of the client device (see Benoit, paragraph 32).
The combination of Avetisov and Benoit does not explicitly state wherein the first entity communicates the first encrypted data to the second entity.  However, sending credential data in such a fashion was well known in the art as evidenced by Kalinichenko.  Since the inventions encompass the same field of endeavor, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to modify the combination of Avetisov and Benoit by adding the ability that the first entity communicates the first encrypted data to the second entity as provided by Kalinichenko (see paragraph 28, client device transmits authentication token to mobile device).  One of ordinary skill in the art would have recognized the benefit that effectuating authentication in this way would provide a decreased amount of disturbance to a user relative to an amount of disturbance common with other multifactor authentication processes (see Kalinichenko, paragraph 26).
Regarding claim 11, the combination of Avetisov, Benoit, and Kalinichenko discloses wherein the second entity is registered with the authentication server (Avetisov, paragraph 91, mobile device registered with authorization server).
Regarding claim 12, the combination of Avetisov, Benoit, and Kalinichenko discloses wherein the continuous streams of random real-time data generation are based on at least one of dynamic parameters and random severity score (Avetisov, paragraph 87, refreshed representations generated via encryption algorithm).
Regarding claim 13, the combination of Avetisov, Benoit, and Kalinichenko discloses wherein the random severity score depends on a type of the secured application (Avetisov, paragraph 67, representations differ for different relying parties, and paragraph 88, relying parties segmented into groups).
Regarding claim 14, the combination of Avetisov, Benoit, and Kalinichenko discloses wherein the dynamic parameters comprise at least one of matching factor, maximum acceptable time delay, buffer size of the first entity and the second entity, type of data, data rate, the type of the secured application, type of the first entity and the second entity, network latency among the authentication server, the first entity and the second entity, type of communication mechanism used between the first entity and the second entity and technical limitations of the communication mechanism used between the first entity and the second entity (Avetisov, paragraph 87, representations of credential values).
Regarding claim 15, the combination of Avetisov, Benoit, and Kalinichenko discloses wherein communication mechanism between the first entity and the second entity comprises wired, Wi-Fi, Bluetooth, Near Field Communication (NFC) and modulation techniques to convert data to audio, video, vibration and light transfer (Kalinichenko, paragraph 25, executes pairing process between client device and mobile device, where the claimed protocols are considered well known ways to complete pairing between devices).
Regarding claim 16, the combination of Avetisov, Benoit, and Kalinichenko discloses wherein the first entity and the second entity are a same device (Avetisov, paragraph 57, access attempt may be from mobile device itself).
Regarding claim 17, the combination of Avetisov, Benoit, and Kalinichenko discloses the server causes the processor to: grant the access to the session of the secured application or allow to continue the access to the session of the secured application, if the compared data matches or exceeds threshold value calculated by the authentication server (Avetisov, paragraph 118, determines authentication result based on whether received representation of credential matches stored representation of credential, and user successfully authenticated and access attempt granted).
Regarding claim 18, the combination of Avetisov, Benoit, and Kalinichenko discloses the server causes the processor to: deny the access to the session of the secured application, if the compared data does not match or exceed the threshold value calculated by the authentication server (Avetisov, paragraph 118, determines authentication result based on whether received representation of credential matches stored representation of credential, and user did not successfully authenticate and access attempt denied).
Regarding claim 19, Avetisov discloses a non-transitory computer readable medium including instructions stored thereon that when processed by at least one processor cause an authentication server to perform operations comprising: receiving a request for authentication of a session of the secured application initiated on a first entity (paragraph 82, client attempts to access resource and information passed to authorization server); storing a part of continuous streams of random real-time data and a user’s public key (paragraph 91, device record includes representations of credentials and public key); transmitting notification of the data to a second entity (paragraph 115, transmits notification to mobile device); receiving a second encrypted data from the second entity, wherein the second encrypted data is created by encrypting the part of continuous streams of random real-time data using the user’s private key (paragraph 117, receives response including representation of credential signed using private key); authenticating the second encrypted data received from the second entity by comparing data decrypted from the second encrypted data with the part of continuous streams of random real-time data stored in the authentication server (paragraph 118, determines authentication result based on whether received representation of credential matches stored representation of credential); initiating first action to allow access or to continue the access to the session of the secured application when the authentication is successful (paragraph 118, user successfully authenticated and access attempt granted); and initiating second action to terminate the session of the secured application when the authentication is unsuccessful (paragraph 118, user did not successfully authenticate and access attempt denied).
Avetisov does not explicitly state encrypting the data using a user’s public key to form a first encrypted data when the request is received, transmitting the first encrypted data to the first entity, and decrypting the first encrypted data using a user’s private key to get the part of continuous streams of random real-time data.  However, manipulating data in such a fashion was well known in the art as evidenced by Benoit.  Since the inventions encompass the same field of endeavor, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to modify the system of Avetisov by adding the ability for encrypting the data using a user’s public key to form a first encrypted data when the request is received, transmitting the first encrypted data to the first entity, and decrypting the first encrypted data using a user’s private key to get the part of continuous streams of random real-time data as provided by Benoit (see paragraph 5, authentication server encrypts authentication credential with client public key, and encrypted authentication credential transmitted to client device, and client device decrypts encrypted authentication credential using client private key).  One of ordinary skill in the art would have recognized the benefit that providing credentials to a client device in this way would allow for minimal manual input from a user of the client device (see Benoit, paragraph 32).
The combination of Avetisov and Benoit does not explicitly state wherein the first entity communicates the first encrypted data to the second entity.  However, sending credential data in such a fashion was well known in the art as evidenced by Kalinichenko.  Since the inventions encompass the same field of endeavor, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to modify the combination of Avetisov and Benoit by adding the ability that the first entity communicates the first encrypted data to the second entity as provided by Kalinichenko (see paragraph 28, client device transmits authentication token to mobile device).  One of ordinary skill in the art would have recognized the benefit that effectuating authentication in this way would provide a decreased amount of disturbance to a user relative to an amount of disturbance common with other multifactor authentication processes (see Kalinichenko, paragraph 26).
Regarding claim 20, the combination of Avetisov, Benoit, and Kalinichenko discloses wherein the instructions when processed by the at least one processor cause the authentication server to perform operations comprising: granting the access to the session of the secured application or allow to continue the access to the session of the secured application, if the compared data matches or exceeds threshold value calculated by the authentication server (Avetisov, paragraph 118, determines authentication result based on whether received representation of credential matches stored representation of credential, and user successfully authenticated and access attempt granted).

Conclusion
The prior art made of record and not relied upon is considered pertinent to applicant's disclosure.
Shteingart et al. (U.S. Patent Application Publication Number 2017/0302659) disclosed techniques for authenticating users utilizing continuous two-factor authentication.
Any inquiry concerning this communication or earlier communications from the examiner should be directed to Victor Lesniewski whose telephone number is (571)272-2812. The examiner can normally be reached Monday thru Friday, 9am to 5pm.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Carl Colin can be reached on 571-272-3862. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. Visit https://www.uspto.gov/patents/apply/patent-center for more information about Patent Center and https://www.uspto.gov/patents/docx for information about filing in DOCX format. For additional questions, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.




/Victor Lesniewski/Primary Examiner, Art Unit 2493