DETAILED ACTION
Notice of Pre-AIA  or AIA  Status
The present application is being examined under the pre-AIA  first to invent provisions. 
This Office Action is in response to Application 17/490,726 filed on 9/30/2021.
Claims 1-20 have been examined and are pending in this application. 
The examiner notes the IDSs filed on 9/30/2021 has been considered. 

Double Patenting
The nonstatutory double patenting rejection is based on a judicially created doctrine grounded in public policy (a policy reflected in the statute) so as to prevent the unjustified or improper timewise extension of the “right to exclude” granted by a patent and to prevent possible harassment by multiple assignees. A nonstatutory double patenting rejection is appropriate where the conflicting claims are not identical, but at least one examined application claim is not patentably distinct from the reference claim(s) because the examined application claim is either anticipated by, or would have been obvious over, the reference claim(s). See, e.g., In re Berg, 140 F.3d 1428, 46 USPQ2d 1226 (Fed. Cir. 1998); In re Goodman, 11 F.3d 1046, 29 USPQ2d 2010 (Fed. Cir. 1993); In re Longi, 759 F.2d 887, 225 USPQ 645 (Fed. Cir. 1985); In re Van Ornum, 686 F.2d 937, 214 USPQ 761 (CCPA 1982); In re Vogel, 422 F.2d 438, 164 USPQ 619 (CCPA 1970); In re Thorington, 418 F.2d 528, 163 USPQ 644 (CCPA 1969).
A timely filed terminal disclaimer in compliance with 37 CFR 1.321(c) or 1.321(d) may be used to overcome an actual or provisional rejection based on nonstatutory double patenting provided the reference application or patent either is shown to be commonly owned with the examined application, or claims an invention made as a result of activities undertaken within the scope of a joint research agreement. See MPEP § 717.02 for applications subject to examination under the first inventor to file provisions of the AIA  as explained in MPEP § 2159.  See MPEP §§ 706.02(l)(1) - 706.02(l)(3) for applications not subject to examination under the first inventor to file provisions of the AIA . A terminal disclaimer must be signed in compliance with 37 CFR 1.321(b). 
The USPTO Internet website contains terminal disclaimer forms which may be used. Please visit www.uspto.gov/patent/patents-forms. The filing date of the application in which the form is filed determines what form (e.g., PTO/SB/25, PTO/SB/26, PTO/AIA /25, or PTO/AIA /26) should be used. A web-based eTerminal Disclaimer may be filled out completely online using web-screens. An eTerminal Disclaimer that meets all requirements is auto-processed and approved immediately upon submission. For more information about eTerminal Disclaimers, refer to www.uspto.gov/patents/process/file/efs/guidance/eTD-info-I.jsp.

Claims 1, 7 and 17 are rejected on the ground of nonstatutory double patenting as being unpatentable over claim 1 of U.S. Patent No. 11,172,361. Although the claims at issue are not identical, they are not patentably distinct from each other because:

The examiner notes that Claim 1 of U.S. patent No. 11,172,361 recites substantially similar subject matter, more specifically: 
A method of authenticating a web-based application, the method comprising: registering a mobile communication device for an authentication account at a remote authentication platform; at the remote authentication platform comprising an Internet-accessible server hosted on a distributed computing system: tracking the mobile communication device using an IP address and an identifier of the mobile communication device by identifying a change in the IP address of the mobile communication device when the mobile communication device moves from a first network to a second network and updating, at the authentication account at the remote authentication platform, a state of the mobile communication device in which a persistent connection is newly established; receiving from a client, via a first communication channel, transaction data relating to an attempt by a user to access the web-based application via the client; preventing the remote authentication platform from inspecting one or more features of the transaction data from a service provider; identifying the authentication account associated with the mobile communication device based on the transaction data; determining a second communication channel among at least two channels based on the state of the mobile communication device; responsive to identifying the authentication account, transmitting to the mobile communication device, via the second communication channel, an authentication message; receiving, via the second communication channel, a response to the authentication message from the mobile communication device; and transmitting to the client, via the first communication channel, a confirmation or a denial of the attempt to access the web-based application based on the response to the authentication message from the client.

The examiner notes that the features emphasized above are obvious variants to that claimed in the limitations of Claims 1, 7 and 17 of the Instant Application.

Claims 2-6, 8-16 and 18-20 depend from respective independent Claims 1, 7 and/or 17 thus, would respectfully inherit the Double Patenting rejection.
Claim Rejections - 35 USC § 101
35 U.S.C. 101 reads as follows:
Whoever invents or discovers any new and useful process, machine, manufacture, or composition of matter, or any new and useful improvement thereof, may obtain a patent therefor, subject to the conditions and requirements of this title.


Claims 17-20 rejected under 35 U.S.C. 101 as being directed to non-statutory subject matter.
Regarding claim 17, the claim calls for a system. However, the claimed system does not include any hardware embodiments.  As recited in the body of the claim, the claimed system contains: “an Internet-accessible server hosted on a distributed computing system,”. The specification does not explicitly define the claimed Internet-accessible server and distributed computing system are implemented only as hardware.  One of ordinary skill in the art would understand that “server” and “distributed computing system” could be implemented in software (i.e., virtual servers/machines); see Ex parte Strub (Appeal 2010-005727).  The nominal recitation to a "system" in the preamble does not limit the body of the claim as it only states the invention' s purpose or intended use; see Catalina Marketing Int'l, Inc., v. Coolsavings.com Inc., 289 F.3d 801,808 (Fed. Cir. 2002).   The Examiner respectfully suggests that the claim be further amended to positively recite at least one hardware element within the body of the claim to make the claim statutory subject matter under 35 U.S.C. 101.  
Regarding claims 18-20; Claims 18-20 are also rejected under 35 U.S.C. 101 as being directed to non-statutory subject matter for the same reasons.
 

Claim Rejections - 35 USC § 103
In the event the determination of the status of the application as subject to AIA  35 U.S.C. 102 and 103 (or as subject to pre-AIA  35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status.  
The following is a quotation of pre-AIA  35 U.S.C. 103(a) which forms the basis for all obviousness rejections set forth in this Office action:
(a) A patent may not be obtained though the invention is not identically disclosed or described as set forth in section 102, if the differences between the subject matter sought to be patented and the prior art are such that the subject matter as a whole would have been obvious at the time the invention was made to a person having ordinary skill in the art to which said subject matter pertains. Patentability shall not be negatived by the manner in which the invention was made.

This application currently names joint inventors. In considering patentability of the claims under pre-AIA  35 U.S.C. 103(a), the examiner presumes that the subject matter of the various claims was commonly owned at the time any inventions covered therein were made absent any evidence to the contrary.  Applicant is advised of the obligation under 37 CFR 1.56 to point out the inventor and invention dates of each claim that was not commonly owned at the time a later invention was made in order for the examiner to consider the applicability of pre-AIA  35 U.S.C. 103(c) and potential pre-AIA  35 U.S.C. 102(e), (f) or (g) prior art under pre-AIA  35 U.S.C. 103(a).
Claim 1, 2, 5-7, 10, 13-15, 17, and 18 is/are rejected under pre-AIA  35 U.S.C. 103(a) as being unpatentable over Rable (US 7,331,518 B2) in view of Williams et al. (US 2009/0259848 A1).



Regarding Claim 1;
Rable discloses a method of authenticating ... (Abstract and col. 8, lines 36-55), the method comprising:
registering a mobile communication device for an authentication account at a remote authentication platform (FIG. 3 and col. 6, lines 30-61 - An Account Holder Membership Setup Module 100 according to a particular embodiment of the invention is shown in FIG. 3.... The account information received at Step 110 may include, for example, an account identifier (e.g., an account number) associated with an account (e.g., a credit card account, or bank account) that the account holder would like to have covered by the transaction confirmation service. ... Next, the system advances to Step 120, where it receives mobile electronic device contact information from the account holder (e.g., information that may be used to facilitate communication with one or more portable electronic devices). This information may include, for example, a cell phone number (e.g., the account holder's cell phone number)...);
 at the remote authentication platform comprising an Internet-accessible server hosted on a distributed computing system (FIG. 1 and col. 8, lines 43-55 - For example, in one embodiment, if a user requests to pay for a particular purchase transaction using a specified account (e.g., the account specified by the account holder at Step 110 above) at a participating merchant (e.g., a retailer that is registered to participate in the transaction confirmation service), the merchant's computer system sends details of the requested transaction to a Transaction Confirmation Server 10 associated with the transaction confirmation service. The Transaction Confirmation Server 10 then executes a Transaction Confirmation Module 300, such as the Transaction Confirmation Module 300 shown in FIGS. 5A and 5B):
receiving from a client, via a first communication channel, transaction data ... via the client (FIG. 5A and col. 8, lines 56-col. 9, lines 4 - ...the system begins at Step 310 where it receives transaction information from a merchant with whom a request has been made to pay for a transaction using a particular account that has been registered with the transaction confirmation service.);
identifying the authentication account associated with the mobile communication device based on the transaction data (FIG. 5A - col. 8, lines 56-col. 9, lines 4 - ...the system begins at Step 310 where it receives transaction information from a merchant with whom a request has been made to pay for a transaction using a particular account that has been registered with the transaction confirmation service and col. 9, lines 5-15 - Next, the system advances to Step 320 where it transmits a message to the account holder (or other individual who has been designated to confirm transactions associated with the particular account) requesting confirmation that the account holder or other designated individual approves the requested transaction. In various embodiments of the invention, this message is sent to an electronic device (e.g., a cellular phone) associated with the account holder (or other designated individual) in the form of an SMS message that is generated automatically (or substantially automatically) by the Transaction Confirmation Server 10);
responsive to identifying the authentication account, transmitting to the mobile communication device, via a second communication channel, an authentication message (FIG. 5A and col. 5, lines 5-15 - In various embodiments of the invention, this message is sent to an electronic device (e.g., a cellular phone) associated with the account holder (or other designated individual) in the form of an SMS message that is generated automatically (or substantially automatically) by the Transaction Confirmation Server 10. The system preferably uses the mobile electronic device contact information that the system received at Step 120 to facilitate transmission of the "confirmation request" message to the appropriate individual. An exemplary SMS "confirmation request" message is shown in FIG. 6);
receiving, via the second communication channel, a response to the authentication message from the mobile communication device (FIG. 5A-5B and FIG. 6 and col. 9, lines 59-col. 10, lines 8 -   Returning to Step 330 in FIG. 5A, if the system determines that it has received a response from the account holder (or other designated individual), the system advances to Step 340 where it determines whether the response included in the confirmation that the account holder (or other designated individual) has confirmed the requested transaction.);
transmitting to the client, via the first communication channel, a confirmation or a denial of the ... based on the response to the authentication message from the client (FIG. 5A-5B and FIG. 6 and col. 10, lines 3-8 – message... confirmed and lines 14-20 – message ... not been confirmed).
	Rable fails to explicitly disclose: 
A method of authenticating a web-based application, the method comprising:
at the authentication platform...:
receiving from a client... ...  relating to an attempt by a user to access a web-based application via the client;
transmitting to the client... a confirmation or a denial of the attempt to access the web-based application based on the response to the authentication message from the client.
However, in an analogous, art Williams teaches similar features of a method of authenticating a web-based application ([0014] and [0019]), the method comprising:
at the authentication platform ... ([0019] – authentication server):
receiving from a client, via a first communication channel, transaction data relating to an attempt by a user to access a web-based application via the client ([0014] and [0019] and [0022])
[... transmitting to the mobile communication device, via a second communication channel, an authentication message ([0019] - ... the authentication server conducts an out-of-band (OOB) transaction wit h the user’s device to verify that the user is in possession of the device and [0023]);
receiving, via the second communication channel, a response to the authentication message from the mobile communication device (FIG. 3 and [0023] - This ANM informs the user that a transaction is being conducted and prompts him to enter a secret personal knowledge Token 170 (different from the password entered previously) (e.g. a memorized number or phrase), confirming that he has possession of the device (150 or 160). That personal knowledge token is returned to the Authentication and Key Server 131 as a response using the same channel from which the prompt to enter in was received (e.g. SMS reply, voice response, dual-tone multi frequency (DTMF) entry));]
transmitting to the client, via a first communication channel,  a confirmation or a denial of the attempt to access the web-based application based on the response to the authentication message from the client ([0026]).
Therefore, it would have been obvious at the time the invention was made to combine the teachings of Williams to the method of Rable to include a method of authenticating a web-based application, the method comprising: at the authentication platform...: receiving from a client... ... an attempt by a user to access a web-based application via the client; transmitting to the client... a confirmation or a denial of the attempt to access the web-based application based on the response to the authentication message from the client. 
One would have been motivated to combine the teachings of Williams to Rable to do so as it provide/allows users with a means for authenticating an electronic identity assertion, with a very high confidence that the asserted electronic identity belongs to the person who is asserting it, as opposed to someone who is attempting to pose as another (Williams, [0003]).

Regarding Claim 2;
Rable and Williams disclose the method to Claim 1.
Rable disclose wherein the client comprises one of a client application, a client device (FIG. 1 – Merchant and FIG. 5A), and a client website in operable communication, via the first communication channel, with the Internet-accessible server of the authentication platform (FIG. 1 and col. 8, lines 35-55).

Regarding Claim 5;
Rable and Williams disclose the method to Claim 1.
Rable disclose wherein the second communication channel is one of a short message system, an email, an instant message, an in-app notification system, a web based websocket, a publication-subscription channel, or a push notification system (col. 7, lines 6-17 – SMS)




Regarding Claim 6;
Rable and Williams disclose the method to Claim 1.
Rable disclose wherein the first communication channel and the second communication channel are different data channels (FIG. 6 – Depicts the SMS and contains Acme.com (i.e., retailer) and col. 5, lines 4-15 - ...retailer participating in the transaction confirmation server...a and col. 9, lines 5-20).  As constructed acme.com (i.e., would represent the first communication channel) and the SMS (i.e., would represent the second communication channel).

 Regarding Claim 7;
Rable discloses a method of authenticating a ... transaction (Abstract and col. 8, lines 36-55), the method comprising: 
registering a mobile communication device for an authentication account at a remote authentication platform (FIG. 3 and col. 6, lines 30-61 - An Account Holder Membership Setup Module 100 according to a particular embodiment of the invention is shown in FIG. 3.... The account information received at Step 110 may include, for example, an account identifier (e.g., an account number) associated with an account (e.g., a credit card account, or bank account) that the account holder would like to have covered by the transaction confirmation service. ... Next, the system advances to Step 120, where it receives mobile electronic device contact information from the account holder (e.g., information that may be used to facilitate communication with one or more portable electronic devices). This information may include, for example, a cell phone number (e.g., the account holder's cell phone number)...);
at the remote authentication platform comprising an Internet-accessible server hosted on a distributed computing system (FIG. 1 and col. 8, lines 43-55 - For example, in one embodiment, if a user requests to pay for a particular purchase transaction using a specified account (e.g., the account specified by the account holder at Step 110 above) at a participating merchant (e.g., a retailer that is registered to participate in the transaction confirmation service), the merchant's computer system sends details of the requested transaction to a Transaction Confirmation Server 10 associated with the transaction confirmation service. The Transaction Confirmation Server 10 then executes a Transaction Confirmation Module 300, such as the Transaction Confirmation Module 300 shown in FIGS. 5A and 5B): 
receiving, via a first communication channel, from a service provider transaction data relating to an attempt by a user to perform a ... transaction with the service provider (FIG. 5A and col. 8, lines 56-col. 9, lines 4 - ...the system begins at Step 310 where it receives transaction information from a merchant with whom a request has been made to pay for a transaction using a particular account that has been registered with the transaction confirmation service.);;
identifying the authentication account associated with the mobile communication device based on the transaction data (FIG. 5A - col. 8, lines 56-col. 9, lines 4 - ...the system begins at Step 310 where it receives transaction information from a merchant with whom a request has been made to pay for a transaction using a particular account that has been registered with the transaction confirmation service and col. 9, lines 5-15 - Next, the system advances to Step 320 where it transmits a message to the account holder (or other individual who has been designated to confirm transactions associated with the particular account) requesting confirmation that the account holder or other designated individual approves the requested transaction. In various embodiments of the invention, this message is sent to an electronic device (e.g., a cellular phone) associated with the account holder (or other designated individual) in the form of an SMS message that is generated automatically (or substantially automatically) by the Transaction Confirmation Server 10); 
responsive to identifying the authentication account, transmitting to the mobile communication device, via a second communication channel, an authentication message (FIG. 5A and col. 5, lines 5-15 - In various embodiments of the invention, this message is sent to an electronic device (e.g., a cellular phone) associated with the account holder (or other designated individual) in the form of an SMS message that is generated automatically (or substantially automatically) by the Transaction Confirmation Server 10. The system preferably uses the mobile electronic device contact information that the system received at Step 120 to facilitate transmission of the "confirmation request" message to the appropriate individual. An exemplary SMS "confirmation request" message is shown in FIG. 6);
receiving, via the second communication channel, a response to the authentication message from the mobile communication device (FIG. 5A and col. 5, lines 5-15 - In various embodiments of the invention, this message is sent to an electronic device (e.g., a cellular phone) associated with the account holder (or other designated individual) in the form of an SMS message that is generated automatically (or substantially automatically) by the Transaction Confirmation Server 10. The system preferably uses the mobile electronic device contact information that the system received at Step 120 to facilitate transmission of the "confirmation request" message to the appropriate individual. An exemplary SMS "confirmation request" message is shown in FIG. 6);
Page 14 of 22DUOS-Poi-US4 transmitting, to the service provider, via the first communication channel, a confirmation of the digital transaction or a denial of the ... transaction based on the response to the authentication message from the mobile communication device (FIG. 5A-5B and FIG. 6 and col. 10, lines 3-8 – message... confirmed and lines 14-20 – message ... not been confirmed).
	Rable fails to explicitly disclose: 
A method of authenticating a digital transaction, the method comprising:
at the authentication platform...:
receiving, via a first communication channel, from a service provider transaction data relating to an attempt by a user to perform a digital transaction with the service provider;
transmitting to the service provider, via the first communication channel, a confirmation of the digital transaction or a denial of the digital transaction based on the response to the authentication message from the mobile communication device.
However, in an analogous, art Williams teaches similar features of a method of authenticating a web-based application ([0014] and [0019]), the method comprising:
at the authentication platform ... ([0019] – authentication server):
receiving, via a first communication channel, from a service provider transaction data relating to an attempt by a user to perform a digital transaction with the service provider ([0014] and [0019] and [0022])
[... transmitting to the mobile communication device, via a second communication channel, an authentication message ([0019] - ... the authentication server conducts an out-of-band (OOB) transaction with the user’s device to verify that the user is in possession of the device and [0023]);
receiving, via the second communication channel, a response to the authentication message from the mobile communication device (FIG. 3 and [0023] - This ANM informs the user that a transaction is being conducted and prompts him to enter a secret personal knowledge Token 170 (different from the password entered previously) (e.g. a memorized number or phrase), confirming that he has possession of the device (150 or 160). That personal knowledge token is returned to the Authentication and Key Server 131 as a response using the same channel from which the prompt to enter in was received (e.g. SMS reply, voice response, dual-tone multi frequency (DTMF) entry));]
transmitting to the service provider, via the first communication channel, a confirmation of the digital transaction or a denial of the digital transaction based on the response to the authentication message from the mobile communication device ([0026]).
Therefore, it would have been obvious at the time the invention was made to combine the teachings of Williams to the method of Rable to include a method of authenticating a digital transaction, the method comprising: at the authentication platform...: receiving, via a first communication channel, from a service provider transaction data relating to an attempt by a user to perform a digital transaction with the service provider; transmitting to the service provider, via the first communication channel, a confirmation of the digital transaction or a denial of the digital transaction based on the response to the authentication message from the mobile communication device. 
One would have been motivated to combine the teachings of Williams to Rable to do so as it provides/allows users with a means for authenticating an electronic identity assertion, with a very high confidence that the asserted electronic identity belongs to the person who is asserting it, as opposed to someone who is attempting to pose as another (Williams, [0003]).



Regarding Claim 10;
Rable and Williams disclose the method to Claim 7.
Rable discloses wherein the ... transaction is initiated in an online environment over one or more communication networks (FIG. 1 and col. 10, lines 30-48).
Williams teaches wherein the digital transaction is initiated in an online environment over one or more communication networks ([0014] and [0019] – authentication server):

Regarding Claim 13;
Rable and Williams disclose the method to Claim 7.
Rable discloses the transaction data comprises a request to access [an] ... account maintained by the service provider (FIG. 1 and col. 10, lines 30-48).
Williams teaches the transaction data comprises a request to access a digital account maintained by the service provider ([0004]-[0005] and [0014] – any sensitive online transaction  and [0019] – authentication server).

Regarding Claim 14;
Rable and Williams disclose the method to Claim 7.
Rable discloses the transaction data comprises a request to access [an] ... account through a website (FIG. 1 and col. 10, lines 30-48 – On-line).
Williams teaches the transaction data comprises a request to access a digital account through a website ([0004]-[0005] and [0014] – any sensitive online transaction and [0019] – authentication server).

Regarding Claim 15;
Rable and Williams disclose the method to Claim 7.
Rable discloses the transaction data comprises a request to perform an action on a
computer system (FIG. ] and col. 10, lines 30-48— purchases... opening of a new account...transfer of funds).
Williams teaches the transaction data comprises a request to perform an action on a computer system ([0004 ]-[0005] — access the content and [0014] — any sensitive online transaction and [0019] — authentication server):

Regarding Claim(s) 17 and 18; claim(s) 17 and 18 is/are directed to a/an system associated with the method claimed in claim(s) 1 and 2. Claim(s) 17 and 18 is/are similar in scope to claim(s) 1 and 2 and is/are therefore rejected under similar rationale.

Claim 3, 8, and 19 is/are rejected under pre-AIA  35 U.S.C. 103(a) as being unpatentable over Rable (US 7,331,518 B2) in view of Williams et al. (US 2009/0259848 A1) and further in view of Upp et al. (US 2005/0237962 A1).

Regarding Claim 3;
Rable and Williams disclose the method to Claim 1.
Rable discloses messaging between the mobile communication device and the remote authentication platform using [a] connection (FIG. 1 and FIG. 5A-5B).
Rable and Williams fails to explicitly disclose initiating a second persistent connection different from a first persistent connection of the first communication channel between the remote authentication platform and the mobile communication device; and messaging between the mobile communication device and the remote authentication platform using the second persistent connection.
However, in an analogous art, Upp teaches initiating a second persistent connection different from a first persistent connection of the first communication channel between the remote authentication platform and the mobile communication device (Upp, [0022] and [0035] and [0040] – request... a new or second WLAN IP address... the home agent now associates the second WLAN IP address and MNIP address); and messaging between the mobile communication device and the remote authentication platform using the second persistent connection ([0003] - Additionally, many applications, such as Microsoft Outlook, instant messaging and mounted file servers, while not time sensitive, require persistent TCP connections in order to operate properly and [0040] – request... a new or second WLAN IP address... the home agent now associates the second WLAN IP address and MNIP address).
Therefore, it would have been obvious at the time the invention was made to combine the teachings of Upp to the method of Rable and Williams to include initiating a second persistent connection different from a first persistent connection of the first communication channel between the remote authentication platform and the mobile communication device; and messaging between the mobile communication device and the remote authentication platform using the second persistent connection.
 One would have been motivated to combine the teachings of Upp to Rable and Williams to do so as it provide/allows users with a means for mobility of mobile stations in a wireless local area network (Upp, [0001]).

Regarding Claim(s) 8; claim(s) 8 is/are directed to a/an method associated with the method claimed in claim(s) 3. Claim(s) 8 is/are similar in scope to claim(s) 3, and is/are therefore rejected under similar rationale.

Regarding Claim(s) 19; claim(s) 19 is/are directed to a/an system associated with the method claimed in claim(s) 3. Claim(s) 19 is/are similar in scope to claim(s) 3, and is/are therefore rejected under similar rationale.

Claim 4 and 20 is/are rejected under pre-AIA  35 U.S.C. 103(a) as being unpatentable over Rable (US 7,331,518 B2) in view of Williams et al. (US 2009/0259848 A1) and further in view of Coulter et al. (US 2010/0121767 A1).

Regarding Claim 4;
Rable and Williams disclose the method to Claim 7.
Rable discloses ...the mobile communication device and at least one other communication device for the ... account... (col. 6, lines 54-62 - Next, the system advances to Step 120, where it receives mobile electronic device contact information from the account holder (e.g., information that may be used to facilitate communication with one or more portable electronic devices));
Rable and Williams fails to explicitly disclose   further comprising: setting one or more authorization rules that identify the mobile communication device and at least one other communication device for the authentication account and priority of each of the mobile communication device and the at least one other communication device; and selecting the mobile communication device as a destination for the authentication message based on the one or more authorization rules.
However, in an analogous art, Coulter teaches further comprising: setting one or more authorization rules that identify the mobile communication device and at least one other communication device for the authentication account and priority of each of the mobile communication device and the at least one other communication device ([0018] – fallback... primary and [0032] - The intermediary service may maintain a prioritized list of fallback methods to use, and may proceed through the list until the transaction notification message is delivered to the customer or until a certain period has elapsed and the service declares a delivery failure); and selecting the mobile communication device as a destination for the authentication message based on the one or more authorization rules ([0018] – fallback... primary and [0032] - The intermediary service may maintain a prioritized list of fallback methods to use, and may proceed through the list until the transaction notification message is delivered to the customer or until a certain period has elapsed and the service declares a delivery failure).  As constructed primary and fallback method on a prioritized list represents a form of a rule(s) for authentication.
Therefore, it would have been obvious at the time the invention was made to combine the teachings of Coulter to the method of Rable and Williams to include further comprising: setting one or more authorization rules that identify the mobile communication device and at least one other communication device for the authentication account and priority of each of the mobile communication device and the at least one other communication device
One would have been motivated to combine the teachings of Coulter to Rable and Williams to do so as it provides/allows users with a means supporting fallback methods for transmitting the transaction notification message to the customer in the event that the primary method of sending the message to the customer is not available (Coulter, [0018]).

Regarding Claim(s) 20; claim(s) 20 is/are directed to a/an system associated with the method claimed in claim(s) 4. Claim(s) 20 is/are similar in scope to claim(s) 4, and is/are therefore rejected under similar rationale.

Claim 9 is/are rejected under pre-AIA  35 U.S.C. 103(a) as being unpatentable over Rable (US 7,331,518 B2) in view of Williams et al. (US 2009/0259848 A1) and further in view of Asher (US 8,824,455 B1).

Regarding Claim 9;
Rable and Williams disclose the method to Claim 7.
Rable discloses if a user of the mobile communication device provides a denial input denying the digital transaction, ...receiving at the remote authentication platform (FIG. 5A-5B and FIG. 6 and col. 10, lines 14-20 – message ... not been confirmed).
Rable and Williams fails to explicitly disclose ... additionally receiving ...a selection input of one of a plurality of available denial responses identifying a reason for the denial input.
However, in an analogous art, Asher teaches additionally receiving ...a selection input of one of a plurality of available denial responses identifying a reason for the denial input (Asher, col. 7, lines 51-63 - receiving a response message from the user endpoint device of the called party responding to the user metadata from the originating party, wherein the response message comprises user metadata from the called party embedded in a second session initiation protocol signaling message, wherein the user metadata from the called party comprises denial response data when the user endpoint device of the called party determined to deny the call based upon the user authentication data of the originating party, wherein the denial response data is selected from a plurality of possible denial response data based upon the user authentication data of the originating party; and displaying the user metadata from the called party.)
Therefore, it would have been obvious at the time the invention was made to combine the teachings of Asher to the method of Rable and Williams to include ... additionally receiving ...a selection input of one of a plurality of available denial responses identifying a reason for the denial input. 
One would have been motivated to combine the teachings of Asher to Rable and Williams to do so as it provides/allows users with a means for providing metadata exchange during a [transaction] (Asher, col. 1, lines 25-27).
	
Claim 11 is/are rejected under pre-AIA  35 U.S.C. 103(a) as being unpatentable over Rable (US 7,331,518 B2) in view of Williams et al. (US 2009/0259848 A1) and further in view of Varghese (US 2006/0282660 A1).

Regarding Claim 11;
Rable and Williams disclose the method to Claim 7.
Rable discloses if the service provider denies the digital transaction based on the response to the authentication message (FIG. 5A-5B and FIG. 6 and col. 10, lines 3-8 – message... confirmed and lines 14-20 – message ... not been confirmed).
Rable and Williams fails to explicitly disclose ...denies the... transaction..., dynamically altering dynamically altering by the authentication platform authentication requirements for future digital transactions involving the authentication account.
However, in an analogous art, Varghese teaches ...denies the... transaction... (Varghese, FIG. 15B – Consecutive failures for a device, Consecutive Failures for an User), dynamically altering dynamically altering by the authentication platform authentication requirements for future digital transactions involving the authentication account (Varghese, [0038] – It evaluates the pre, post and in-session characteristics of each transaction to ensure fraud detection and transactional integrity. The methods then provide a service provider with scores, actions, and alerts. For example, if a transaction has a high risk score and is thus potentially fraudulent, one preferred action is to hold the transaction and to then seek secondary authentication or secondary challenge. [0149] - For example, the service provider or the user/subscriber to the service provider may request a heightened security login interface for certain types of transactions perceived to have heightened risk of fraud). 
Therefore, it would have been obvious at the time the invention was made to combine the teachings of Varghese to the method of Rable and Williams to include ...denies the... transaction..., dynamically altering dynamically altering by the authentication platform authentication requirements for future digital transactions involving the authentication account.
One would have been motivated to combine the teachings of Varghese to Rable and Williams to do so as it provides/allows users with a means for providing protection against identity theft over a computer network (Varghese, [0002]).

Claim 12 is/are rejected under pre-AIA  35 U.S.C. 103(a) as being unpatentable over Rable (US 7,331,518 B2) in view of Williams et al. (US 2009/0259848 A1) and further in view of Marcellino (US 2009/0305732).

Regarding Claim 12;
Rable and Williams disclose the method to Claim 7.
Rable discloses the second communication channel (FIG. 5A and col. 5, lines 5-15 - In various embodiments of the invention, this message is sent to an electronic device (e.g., a cellular phone) associated with the account holder (or other designated individual) in the form of an SMS message that is generated automatically (or substantially automatically) by the Transaction Confirmation Server 10. The system preferably uses the mobile electronic device contact information that the system received at Step 120 to facilitate transmission of the "confirmation request" message to the appropriate individual. An exemplary SMS "confirmation request" message is shown in FIG. 6);
Rable and Williams fails to explicitly disclose the ... communication channel comprises persistent connection provide via a push notification services associated with the mobile communication device.  
However, in an analogous art, Marcellino teaches the ... communication channel comprises persistent connection provide via a push notification services associated with the mobile communication device (Marcellino, [0007] - Thus, a push notification service is a persistent notification service. In order to maintain a push notification service, the mobile device periodically refreshes the connection to the push notification service (e.g., by transmitting a ping message to the push server)).  
Therefore, it would have been obvious at the time the invention was made to combine the teachings of Marcellino to the method of Rable and Williams to include teaches the ... communication channel comprises persistent connection provide via a push notification services associated with the mobile communication device. 
One would have been motivated to combine the teachings of Marcellino to Rable and Williams to do so as it provides/allows users with a means for managing notification service connections of mobile devices (Marcellino, [0004]).

Claims 16 is/are rejected under pre-AIA  35 U.S.C. 103(a) as being unpatentable over Rable (US 7,331,518 B2) in view of Williams et al. (US 2009/0259848 A1) and further in view of Hardt (US 2010/0180001 A1).

Regarding Claim 16;
Rable and Williams disclose the method to Claim 7.
Rable discloses the authentication message (FIG. 6).
Rable and Williams fails to explicitly disclose the ... message comprises a size-limited message to the mobile communication device including a unique identifier of a full message that is larger than the size-limited message.
However, in an analogous art, Hardt teaches the ... message comprises a size-limited message to the mobile communication device including a unique identifier of a full message that is larger than the size-limited message (Hardt, FIG. 4 and [0046] - One skilled in the art will appreciate that in another embodiment, when a user activates alert 128 on mobile device 122, the mobile device 122 itself responds to the alert by showing the related content. The differing embodiments allow for different mobile devices with differing capabilities to be used to the fullest extent of their capacity as desired by the user. The messaging system can determine whether to follow through on the action associated with alert 1 128 on mobile device 122 or on computer 126 based on the context of the interaction).
Therefore, it would have been obvious at the time the invention was made to combine the teachings of Hardt to the method of Rable and Williams to include communicating to the user a confirmation of the digital transaction. 
One would have been motivated to combine the teachings of Hardt to Rable and Williams to do so as it provides/allows users with a means for mobile devices with differing capabilities to be used to the fullest extent of their capacity as desired by the user (Hardt, [0046]).

Conclusion
The prior art made of record and not relied upon is considered pertinent to applicant's disclosure. See PTO-892 attached.
Any inquiry concerning this communication or earlier communications from the examiner should be directed to KARI L SCHMIDT whose telephone number is (571)270-1385. The examiner can normally be reached Monday-Friday 10am - 6pm (MDT).
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Luu Pham can be reached on (571)270-5002. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. Visit https://www.uspto.gov/patents/apply/patent-center for more information about Patent Center and https://www.uspto.gov/patents/docx for information about filing in DOCX format. For additional questions, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.





/KARI L SCHMIDT/Primary Examiner, Art Unit 2439