DETAILED ACTION
Notice of Pre-AIA  or AIA  Status
• The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .
• This action is responsive to the following communication: US Patent Application filed on 12/22/2021.
• Claims 1-28 are currently pending.

Claim Rejections - 35 USC § 102
In the event the determination of the status of the application as subject to AIA  35 U.S.C. 102 and 103 (or as subject to pre-AIA  35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status.  
The following is a quotation of the appropriate paragraphs of 35 U.S.C. 102 that form the basis for the rejections under this section made in this Office action:
A person shall be entitled to a patent unless –

(a)(2) the claimed invention was described in a patent issued under section 151, or in an application for patent published or deemed published under section 122(b), in which the patent or application, as the case may be, names another inventor and was effectively filed before the effective filing date of the claimed invention.

Claim(s) 1-28 are rejected under 35 U.S.C. 102(a)(2) as being anticipated by Schultz et al (US 20130227651).
	Regarding claim 1, Schultz discloses a method comprising: associating (par. 14) a mobile electronic device with a first user; retrievably storing, by a first computer system, registration data (registration data, figs. 1-3, pars 20, 51) relating to the first user and including a unique device identifier (device identifier, par. 42,53, 72) that is unique to the mobile electronic device associated with the first user and unique to an instance of a security application (application 119, fig. 1) installed thereon; causing, by the first computer system, a first push notification to be transmitted to the mobile electronic device by requesting a push notification process (push notification process, figs. 4G, 4F) in dependence upon the unique device identifier and for pushing notification content, the push notification process for transmitting the first push notification to the mobile electronic device associated with the unique device identifier (figs. 2-4), the first push notification when displayed on the mobile electronic device prompting the first user to provide a confirmation reply (confirmation reply, pars. 51-56, figs. 1-3) via a user interface of the mobile electronic device for activating the mobile electronic device as a security token (mobile device as a security device/token, par. 75); and activating the mobile electronic device as a security token (security tokens/codes, pars. 20, 39) for the first user and for an instance of the application installed on the mobile electronic device in response to receiving at the first computer system, from the mobile electronic device, data confirming the confirmation reply (confirmation reply, figs. 2-4) from the first user.
Regarding claim 2, Schultz further discloses the method of claim 1 wherein retrievably storing the registration data includes retrievably storing first authentication data (authentication data stored in remote server, fig.1) or use in authenticating the first user to the first computer system.
Regarding claim 3, Schultz further discloses the method of claim 2 wherein the push notification is for prompting the first user to provide second authentication data forming at least some of the confirmation reply (confirmation reply from users, pars. 72-78), and further comprising receiving from the mobile electronic device the second authentication data at the first computer system.
Regarding claim 4, Schultz further discloses the method of claim 2 wherein the push notification is for prompting the first user to provide second authentication data including a biometric input and forming at least some of the confirmation reply (confirmation reply from users, pars. 72-78), and further comprising receiving from the mobile electronic device the second authentication data at the first computer system.
Regarding claim 5, Shultz further discloses the method of claim 3 wherein activating the mobile electronic device as a security token for the first user is performed in dependence upon a result of comparing the second authentication data to the first authentication data and comprises assigning the security token (pars. 20, 39) to one of a plurality of different security levels (security levels, par. 20, 39) in dependence upon a result of comparing the second authentication data to the first authentication data.
Regarding claim 6, Schultz further discloses the method of claim 1 wherein the mobile electronic device is a smartphone and wherein the unique device identifier comprises a digital security certificate (security codes, pars. 20, 39) associated with at least one of the mobile electronic device and an instance of the application installed thereon.
Regarding claim 7, Schultz further discloses the method of claim 1 comprising: providing from the first user to a second computer system an electronic transaction request (figs. 3a, 3b); transmitting by the second computer system (fig.1), prior to completing a first electronic transaction based on the requested electronic transaction, as second authorization request comprising the unique device identifier associated with the instance of the application installed on the mobile electronic device from the second computer system to the first computer system; sending, by the first computer system, a second push notification to the mobile electronic device, the second push notification (figs. 1-3) prompting the first user to provide a response for authorizing the electronic transaction request; receiving, from the mobile electronic device, the response at the first computer system; in dependence upon receiving and validating the response at the first computer system, providing to the second computer system an authorization message (authorization message, pars. 22-23); and in response to receiving the authorization message at the second computer system, completing the first electronic transaction (figs. 3a, 3b).
Regarding claim 8, Schultz further discloses the method of claim 1 comprising: uniquely associating the security token with a specific authorized service, the service for being authenticated in reliance upon the security token (pars. 28-30).
Regarding claim 9, Schultz further discloses the method of claim 1 wherein the mobile electronic device comprises a smart phone and wherein the security token comprises tokenization data uniquely associated with the smart phone (par. 45) and with an application installed thereon such that copying of the tokenization data for use with at least one of another smartphone and another application other than results in a valid token.
Regarding claim 10, Schultz further discloses the method of claim 1 wherein activating the mobile electronic device as a security token comprises establishing at least one of token-based (security codes, pars. 28-30) and certificate-based trust with the first computer system.
Regarding claim 11, Schultz further discloses the method of claim 10 wherein the first computer system comprises a secure push notification server (service provider, fig. 1).
Regarding claim 12 recite limitations that are similar and in the same scope of invention as to those in claim 1 above; therefore, claim 12 is rejected for the same rejection rationale/basis as described in claim 1.

Regarding claim 13, Schultz further discloses the method of claim 12 wherein associating a mobile electronic device with the first user comprises providing a security application associated with one of a unique digital security certificate and a unique device identifier (device identifier, par. 42) on said device.

Regarding claim 14, Schultz further discloses the method of claim 12 wherein the secondary authentication response provided by the first user comprises at least one of a password and a username (username/password, par. 28, 70).
Regarding claim 15, Schultz further discloses the method of claim 12 wherein the secondary authentication response provided by the first user comprises biometric data (figs. 1-3) .
Regarding claim 16, Schultz further discloses the method of claim 12 wherein associating a unique device identifier comprises establishing at least one of token-based (security codes, pars. 28-30) and certificate-based trust with the second system.
Regarding claim 17, Schultz further discloses the method of claim 16 wherein the second system comprises a secure push notification server (service provider, fig. 1).
Regarding claim 18, Schultz further discloses a method comprising: associating a mobile electronic device with a first user; installing on the mobile electronic device a security application that supports in-application push notifications; registering, by a security computer, the mobile electronic device as a security token for use by the first user for authorizing electronic transactions by associating a unique device identifier with the mobile electronic device, the unique device identifier comprising at least one of a digital security certificate and a device token, the unique device identifier uniquely associated with the instance of the security application on the mobile electronic device and with the mobile electronic device; receiving at the security computer, from a first transaction system, a first request comprising the unique device identifier for authorization to complete a first electronic transaction; receiving at the security computer, from a second other transaction system, a second request comprising the unique device identifier for authorization to complete a second electronic transaction; sending from the security computer to the mobile electronic device a first push notification prompting the first user to provide a first response authorizing the first electronic transaction; sending from the security computer to the mobile electronic device a second push notification prompting the first user to provide a second response authorizing the second electronic transaction; and providing from the security computer: a first authorization to the first transaction system in dependence upon receiving the first response from the first user authorizing the first electronic transaction; and a second authorization to the second other transaction system in dependence upon receiving the second response from the first user authorizing the second electronic transaction.
Regarding claim 19, Schultz further discloses the method of claim 18 wherein the first response from the first user comprises first authentication information required for a first security level, and the second response from the first user comprises second authentication information required for a second security level different than the first security level (security levels, 20, 39).
Regarding claim 20, Schultz further discloses the method of claim 18 wherein the first transaction system is associated with a first entity and the second other transaction system is associated with a second entity different than the first entity (different resources/services providers, par. 52).
Regarding claim 21, Schultz further discloses the method of 18 wherein the first transaction system identifies the first user prior to the security computer providing the first authorization (fig. 4G).
Regarding claim 22, Schultz further discloses the method of claim 18 wherein the first transaction system relates to a first service and the second transaction system relates to a second different service (different services providers, par. 52).
Regarding claim 23, Schultz further discloses the method of claim 18 wherein associating a unique device identifier comprises establishing at least one of token-based (security codes/tokens, pars. 28-3) and certificate-based trust with the security computer.
Regarding claim 24, Schultz further discloses the method of claim 23 wherein the security computer comprises a secure push notification server (service provider for providing notification to mobile device, fig. 1)..
Regarding claim 25, Schultz further discloses a method comprising: associating a mobile electronic device (figs. 3a, 3b) with a first user; installing on the mobile electronic device a security application (par. 30) that supports in-application push notifications; registering, by a first computer system, the mobile electronic device as a security token (security codes, par. 28) for use by the first user for authorizing, by the security application (security application, par. 30), electronic transactions, registering comprising storing a unique device identifier (device identifier, par. 42) associated with the instance of the security application installed on the mobile electronic device and with the mobile electronic device; receiving an electronic transaction request from the first user, the electronic transaction request associated with a security level (security levels, pars. 20, 39) of a plurality of different security levels; transmitting to the mobile electronic device associated with a unique device identifier provided for identifying a destination for transmitting a push notification via at least the push notification a request for N responses (multiple communications with respect to responses from local device and remote server, fig. 4F, 4G, 4I) each including different authentication information, wherein the number N is greater than 1 and is determined based on the security level (security levels, pars. 20, 39) that is associated with the electronic transaction request; and in dependence upon receiving at the first computer system an expected response from the first user for each of the N responses (responses, pars. 30-40), via the mobile electronic device, authorizing the electronic response by the first computer system.
Regarding claim 26, Schultz further discloses the method of claim 25 wherein the different authentication information comprises multi-factor (multi-factor authentication, abstract, figs. 2-3) authentication information.
Regarding claim 27, Schultz further discloses the method of claim 25 wherein registering comprises establishing at least one of token-based (security codes, pars. 28-30) and certificate-based trust with the first computer system.
Regarding claim 28, Schultz further discloses the method of claim 27 wherein the first computer system comprises a secure push notification server (service provider, fig. 1).
Conclusion
Any inquiry concerning this communication or earlier communications from the examiner should be directed to THIERRY L PHAM whose telephone number is (571)272-7439. The examiner can normally be reached M-F, 11-6.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Benny Tieu can be reached on (571)272-7490. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. Visit https://www.uspto.gov/patents/apply/patent-center for more information about Patent Center and https://www.uspto.gov/patents/docx for information about filing in DOCX format. For additional questions, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.





/THIERRY L PHAM/Primary Examiner, Art Unit 2674