DETAILED ACTION
Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .
Continued Examination Under 37 CFR 1.114
A request for continued examination under 37 CFR 1.114, including the fee set forth in 37 CFR 1.17(e), was filed in this application after final rejection.  Since this application is eligible for continued examination under 37 CFR 1.114, and the fee set forth in 37 CFR 1.17(e) has been timely paid, the finality of the previous Office action has been withdrawn pursuant to 37 CFR 1.114.  Applicant's submission filed on 15 September 2022 has been entered.
 Response to Amendment
Applicant’s amendment filed 15 September 2022 amends claims 1, 5, 10, 29, and 30. Applicant’s amendment has been fully considered and entered.
Response to Arguments
Applicant argues on pages 11-12 of the response, “Indeed, the disclosure of Vendervenn makes no mention of a user logging into a verification service client application running on device 206, nor any mention of using such log-in as a basis for determining whether the user’s identity is verified.” This argument has been fully considered and is persuasive. Therefore, the rejection has been withdrawn.  However, upon further consideration, a new grounds of rejection is made in view of Wetter, U.S. Publication No. 2013/0024919.
Double Patenting
The nonstatutory double patenting rejection is based on a judicially created doctrine grounded in public policy (a policy reflected in the statute) so as to prevent the unjustified or improper timewise extension of the “right to exclude” granted by a patent and to prevent possible harassment by multiple assignees. A nonstatutory double patenting rejection is appropriate where the conflicting claims are not identical, but at least one examined application claim is not patentably distinct from the reference claim(s) because the examined application claim is either anticipated by, or would have been obvious over, the reference claim(s). See, e.g., In re Berg, 140 F.3d 1428, 46 USPQ2d 1226 (Fed. Cir. 1998); In re Goodman, 11 F.3d 1046, 29 USPQ2d 2010 (Fed. Cir. 1993); In re Longi, 759 F.2d 887, 225 USPQ 645 (Fed. Cir. 1985); In re Van Ornum, 686 F.2d 937, 214 USPQ 761 (CCPA 1982); In re Vogel, 422 F.2d 438, 164 USPQ 619 (CCPA 1970); In re Thorington, 418 F.2d 528, 163 USPQ 644 (CCPA 1969).
A timely filed terminal disclaimer in compliance with 37 CFR 1.321(c) or 1.321(d) may be used to overcome an actual or provisional rejection based on nonstatutory double patenting provided the reference application or patent either is shown to be commonly owned with the examined application, or claims an invention made as a result of activities undertaken within the scope of a joint research agreement. See MPEP § 717.02 for applications subject to examination under the first inventor to file provisions of the AIA  as explained in MPEP § 2159. See MPEP § 2146 et seq. for applications not subject to examination under the first inventor to file provisions of the AIA . A terminal disclaimer must be signed in compliance with 37 CFR 1.321(b). 
The USPTO Internet website contains terminal disclaimer forms which may be used. Please visit www.uspto.gov/patent/patents-forms. The filing date of the application in which the form is filed determines what form (e.g., PTO/SB/25, PTO/SB/26, PTO/AIA /25, or PTO/AIA /26) should be used. A web-based eTerminal Disclaimer may be filled out completely online using web-screens. An eTerminal Disclaimer that meets all requirements is auto-processed and approved immediately upon submission. For more information about eTerminal Disclaimers, refer to www.uspto.gov/patents/process/file/efs/guidance/eTD-info-I.jsp.
Claims 1-30 are provisionally rejected on the ground of nonstatutory double patenting as being unpatentable over claims 1-37 are of copending Application No. 16/861,663 (reference application). Although the claims at issue are not identical, they are not patentably distinct from each other because the claims of the ‘663 application include all the limitations of the instant claims.
This is a provisional nonstatutory double patenting rejection because the patentably indistinct claims have not in fact been patented.
Instant Application 
US Application No. 16/861,663
receiving, at a receiving device, a communication from an initiating device on a communication channel; (Claim 1)
initiating, from an initiating device, a communication to a receiving device on a communication channel; (Claim 1)
determining, by the receiving device over a verification channel with a verification service associated with the initiating device, whether an identity of a user using the initiating device is verified by the verification service based on whether or not the user has logged into a verification service client application on the initiating device; (Claim 1)
determining, by the initiating device over a verification channel with a verification service associated with the initiating device, whether an identity of a user using the receiving device is verified by the verification service based on whether or not the user has logged into a verification service client application on the receiving device; (Claim 1)
managing, by the receiving device in response to the identity of the user using the initiating device being verified, the communication from the initiating device according to the identity being verified; (Claim 1)
managing, by the initiating device in response to the identity of the user using the receiving device being verified, the communication to the receiving device according to the identity being verified; (Claim 1)
and managing, by the receiving device in response to the identity of the user using the initiating device being unverified, the communication from the initiating device according to the identity being unverified. (Claim 1)
and managing, by the initiating device in response to the identity of the user using the receiving device being unverified, the communication to the receiving device according to the identity being unverified. (Claim 1)


Claim Rejections - 35 USC § 103
In the event the determination of the status of the application as subject to AIA  35 U.S.C. 102 and 103 (or as subject to pre-AIA  35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status.  
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.

The factual inquiries for establishing a background for determining obviousness under 35 U.S.C. 103 are summarized as follows:
1. Determining the scope and contents of the prior art.
2. Ascertaining the differences between the prior art and the claims at issue.
3. Resolving the level of ordinary skill in the pertinent art.
4. Considering objective evidence present in the application indicating obviousness or nonobviousness.
Claims 1-5, 8-21, 24, 25, 27-30 are rejected under 35 U.S.C. 103 as being unpatentable over Vanderveen, U.S. Publication No. 2014/0310782, in view of Wetter, U.S. Publication No. 2013/0024919. 
Referring to claims 1, 30, Vanderveen discloses a ticket-based authorization system wherein a first device 206 transmits a connection request message to a second device 208 ([0073]-[0074]: second device 208 reads on the claimed receiving device; first device 206 reads on the initiating device) over communication link 210 ([0054]), which meets the limitation of receiving, at a receiving device, a communication from an initiating device on a communication channel. The second device 208 verifies the authorization ticket in the connection request message ([0073]-[0074]) such that the second device 208 provides a connection response message to the first device 206 that includes the authorization ticket of the second device 208 for validation by the first device ([0074]-[0077]: authorization tickets are generated by a third party device after the devices have been authenticated [0052]. Therefore, third party device provides a verification channel by issuing verifiable tickets to each device.), determining, by the receiving device over a verification channel with a verification service associated with the initiating device, whether an identity of a user using the initiating device is verified by the verification service [based on whether or not the user has logged into a verification service client application on the initiating device]. Devices 206 and 208 validate the authorization ticket of the other prior to activating the wireless communication link between the devices ([0058] & [0088]), which meets the limitation of managing, by the receiving device in response to the identity of the user using the initiating device being verified, the communication from the initiating device according to the identity being verified. If the devices are not able to validate the authorization ticket of the other device, a validated communication link is not established between the devices ([0058]), which meets the limitation of managing, by the receiving device in response to the identity of the user using the initiating device being unverified, the communication from the initiating device according to the identity being unverified.  
Vanderveen does not specify that the ticket is received by the user device responsive to the user logging into to a service application on the user device. Wetter discloses a cloud service access system wherein a user logs into a service application on the user device ([0020]) and transmits a token request to an identity provider ([0022]: token request includes application ID, cloud service ID, and user login credentials) such that the identity provider transmits the requested token to the user device ([0023]) and the user device provides the token to a service provider such that the service provider validates the received token prior to providing the requested access ([0029], which meets the limitation of determining, by the receiving device over a verification channel with a verification service associated with the initiating device, whether an identity of a user using the initiating device is verified by the verification service based on whether or not the user has logged into a verification service client application on the initiating device. It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention for the ticket of Vanderveen to have been received by the user device responsive to the user logging into a service application on the user device in order to provide the user with access to a plurality of services without having to input individual credentials for each service as suggested by Wetter ([0007] & [0019]).
Referring to claim 2, Vanderveen discloses a ticket-based authorization system wherein a first device 206 transmits a connection request message to a second device 208 ([0073]-[0074]: second device 208 reads on the claimed receiving device; first device 206 reads on the initiating device) over communication link 210 ([0054]).
Vanderveen does not specify that the ticket is received by the user device responsive to the user logging into to a service application on the user device. Wetter discloses a cloud service access system wherein a user logs into a service application on the user device ([0020]) and transmits a token request to an identity provider ([0022]: token request includes application ID, cloud service ID, and user login credentials) such that the identity provider transmits the requested token to the user device ([0023]). Identity provider performs user authentication prior to token generation ([0018]), which meets the limitation of in response to the identity of the user using the initiating device being unverified, initiating verification of the identity during the communication. It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention for the ticket of Vanderveen to have been received by the user device responsive to the user logging into a service application on the user device in order to provide the user with access to a plurality of services without having to input individual credentials for each service as suggested by Wetter ([0007] & [0019]).
Referring to claim 3, Vanderveen discloses a ticket-based authorization system wherein a first device 206 transmits a connection request message to a second device 208 ([0073]-[0074]: second device 208 reads on the claimed receiving device; first device 206 reads on the initiating device) over communication link 210 ([0054]). Devices 206 and 208 validate the authorization ticket of the other prior to activating the wireless communication link between the devices ([0058] & [0088]), which meets the limitation of [in response, to the identity of the user using the initiating device becoming verified during communication], managing the communication from the initiating device according to the identity being verified.
Vanderveen does not specify that the ticket is received by the user device responsive to the user logging into to a service application on the user device. Wetter discloses a cloud service access system wherein a user logs into a service application on the user device ([0020]) and transmits a token request to an identity provider ([0022]: token request includes application ID, cloud service ID, and user login credentials) such that the identity provider transmits the requested token to the user device ([0023]). Identity provider performs user authentication prior to token generation ([0018]), which meets the limitation of in response to the identity of the user using the initiating device becoming verified during the communication. It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention for the ticket of Vanderveen to have been received by the user device responsive to the user logging into a service application on the user device in order to provide the user with access to a plurality of services without having to input individual credentials for each service as suggested by Wetter ([0007] & [0019]).
Referring to claim 4, Vanderveen discloses a ticket-based authorization system wherein a first device 206 transmits a connection request message to a second device 208 ([0073]-[0074]: second device 208 reads on the claimed receiving device; first device 206 reads on the initiating device) over communication link 210 ([0054]). If the devices are not able to validate the authorization ticket of the other device, a validated communication link is not established between the devices ([0058]: preventing establishment of a communication connection would be a commensurate response to a potential attack), which meets the limitation of [in response to the identity of the user using the initiating device remaining unverified during the communication, managing the communication from the initiating device as a potential attack.
Vanderveen does not specify that the ticket is received by the user device responsive to the user logging into to a service application on the user device. Wetter discloses a cloud service access system wherein a user logs into a service application on the user device ([0020]) and transmits a token request to an identity provider ([0022]: token request includes application ID, cloud service ID, and user login credentials) such that the identity provider transmits the requested token to the user device ([0023]). Identity provider performs user authentication prior to token generation ([0018]), which meets the limitation of in response to the identity of the user using the initiating device remaining unverified during the communication. It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention for the ticket of Vanderveen to have been received by the user device responsive to the user logging into a service application on the user device in order to provide the user with access to a plurality of services without having to input individual credentials for each service as suggested by Wetter ([0007] & [0019]).
Referring to claim 5, Vanderveen does not specify that the ticket is received by the user device responsive to the user logging into to a service application on the user device. Wetter discloses a cloud service access system wherein a user logs into a service application on the user device ([0020]) and transmits a token request to an identity provider ([0022]: token request includes application ID, cloud service ID, and user login credentials) such that the identity provider transmits the requested token to the user device ([0023]), which meets the limitation of wherein initiating verification of the identity during the communication comprises invoking the verification service client application on the initiating device to obtain verification. It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention for the ticket of Vanderveen to have been received by the user device responsive to the user logging into a service application on the user device in order to provide the user with access to a plurality of services without having to input individual credentials for each service as suggested by Wetter ([0007] & [0019]).
Referring to claim 8, Vanderveen discloses a ticket-based authorization system wherein a first device 206 transmits a connection request message to a second device 208 ([0073]-[0074]: second device 208 reads on the claimed receiving device; first device 206 reads on the initiating device) over communication link 210 ([0054]). Devices 206 and 208 validate the authorization ticket of the other prior to activating the wireless communication link between the devices ([0058] & [0088]), which meets the limitation of wherein determining that the identity of the [user using the] initiating device is verified by the verification service is based on a verification service client application on the initiating device verifying the [identity] and initiating the communication.
Vanderveen does not specify that the ticket is received by the user device responsive to the user logging into to a service application on the user device. Wetter discloses a cloud service access system wherein a user logs into a service application on the user device ([0020]) and transmits a token request to an identity provider ([0022]: token request includes application ID, cloud service ID, and user login credentials) such that the identity provider transmits the requested token to the user device ([0023]). Identity provider performs user authentication prior to token generation ([0018]), which meets the limitation of wherein determining that the identity of the user using the initiating device is verified by the verification service is based on a verification service client application on the initiating device verifying the identity. It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention for the ticket of Vanderveen to have been received by the user device responsive to the user logging into a service application on the user device in order to provide the user with access to a plurality of services without having to input individual credentials for each service as suggested by Wetter ([0007] & [0019]).
Referring to claim 9, Vanderveen discloses that the each device utilizes the authorization ticket received from the other device to establish communication with the other device ([0151]-[0152]), which meets the limitation of prompting, by the receiving device, the verification service client application on the initiating device to initiate the communication, wherein the verification service client application on the initiating device initiates the communication in response to the prompting.
Referring to claim 10, Vanderveen does not specify that the ticket is received by the user device responsive to the user logging into to a service application on the user device. Wetter discloses a cloud service access system wherein a user logs into a service application on the user device ([0020]) and transmits a token request to an identity provider ([0022]: token request includes application ID, cloud service ID, and user login credentials) such that the identity provider transmits the requested token to the user device ([0023]). Identity provider performs user authentication prior to token generation ([0018]: user must be logged into user device using cloud login ID in order to access cloud services. Therefore, if the request originates from a user that has not been logged into their cloud service account, that user will be considered to be unverified and the request would be considered to “apart” from cloud service applications on the user device.), which meets the limitation of wherein determining that the identity of the user using the initiating device is unverified by the verification service is based on the communication being initiated apart from the verification service client application on the initiating device. It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention for the ticket of Vanderveen to have been received by the user device responsive to the user logging into a service application on the user device in order to provide the user with access to a plurality of services without having to input individual credentials for each service as suggested by Wetter ([0007] & [0019]).
Referring to claim 11, Vanderveen discloses the established communication links can be utilized to transmit user data ([0885]), which meets the limitation of wherein the managing the communication from the initiating device according to the identity being verified comprises one or more of sharing secure information over the communication, and continuing the communication.
Referring to claim 12, Vanderveen does not specify that the ticket is received by the user device responsive to the user logging into to a service application on the user device. Wetter discloses a cloud service access system wherein a user logs into a service application on the user device ([0020]) and transmits a token request to an identity provider ([0022]: token request includes application ID, cloud service ID, and user login credentials) such that the identity provider transmits the requested token to the user device ([0023]). Identity provider performs user authentication, based on the user login information that includes a cloud login ID, prior to token generation ([0018]: login ID can be considered a name), which meets the limitation of wherein managing the communication from the initiating device according to the identity being verified comprises receiving one or more identity attribuates associated with the identity consisting of a name. It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention for the ticket of Vanderveen to have been received by the user device responsive to the user logging into a service application on the user device in order to provide the user with access to a plurality of services without having to input individual credentials for each service as suggested by Wetter ([0007] & [0019]).
Referring to claim 13, Vanderveen discloses a ticket-based authorization system wherein a first device 206 transmits a connection request message to a second device 208 ([0073]-[0074]: second device 208 reads on the claimed receiving device; first device 206 reads on the initiating device) over communication link 210 ([0054]). If the devices are not able to validate the authorization ticket of the other device, a validated communication link is not established between the devices ([0058]: preventing establishment of a communication connection would be a commensurate response to a potential attack), which meets the limitation of wherein managing the communication from the initiating device according to [the identity being unverified] comprises one or more of preventing sharing secure information over the communication, preventing sharing of information associated with the unverified identity, preventing requests for modification of information associated with the unverified identity, and discontinuing the communication.
Vanderveen does not specify that the ticket is received by the user device responsive to the user logging into to a service application on the user device. Wetter discloses a cloud service access system wherein a user logs into a service application on the user device ([0020]) and transmits a token request to an identity provider ([0022]: token request includes application ID, cloud service ID, and user login credentials) such that the identity provider transmits the requested token to the user device ([0023]). Identity provider performs user authentication prior to token generation ([0018]), which meets the limitation of according to the identity being unverified. It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention for the ticket of Vanderveen to have been received by the user device responsive to the user logging into a service application on the user device in order to provide the user with access to a plurality of services without having to input individual credentials for each service as suggested by Wetter ([0007] & [0019]).
Referring to claim 14, Vanderveen discloses that the established communication is a peer-to-peer communication ([0050] & [0058]), which meets the limitation of wherein the communication is a user-to-user communication.
Referring to claim 15, Vanderveen does not specify that the ticket is received by the user device responsive to the user logging into to a service application on the user device. Wetter discloses a cloud service access system wherein a user logs into a service application on the user device ([0020]: login of the user at the user device reads on the claimed attestation of a user identity at the initiating device) and transmits a token request to an identity provider ([0022]), which meets the limitation of wherein the identity of the user using the initiating device is verified in response to attestation of a user identity at the initiating device. It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention for the ticket of Vanderveen to have been received by the user device responsive to the user logging into a service application on the user device in order to provide the user with access to a plurality of services without having to input individual credentials for each service as suggested by Wetter ([0007] & [0019]).
Referring to claim 16, Vanderveen does not specify that the ticket is received by the user device responsive to the user logging into to a service application on the user device. Wetter discloses a cloud service access system wherein a user logs into a service application on the user device ([0020]: login of the user at the user device does not require user login information to be received by a separate device) and transmits a token request to an identity provider ([0022]), which meets the limitation of wherein the identity of the user using the initiating device is verified without the receiving device accessing personally identifying information (PII) associated with the identity. It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention for the ticket of Vanderveen to have been received by the user device responsive to the user logging into a service application on the user device in order to provide the user with access to a plurality of services without having to input individual credentials for each service as suggested by Wetter ([0007] & [0019]).
Referring to claim 17, Vanderveen discloses that communications include voice or video calls and data exchange ([0071]), which meets the limitation of wherein the communication is selected from a group consisting of voice communication, video communication, and data communication.
Referring to claim 18, Vanderveen does not specify that the ticket is received by the user device responsive to the user logging into to a service application on the user device. Wetter discloses a cloud service access system wherein a user logs into a service application on the user device ([0020]) and transmits a token request to an identity provider ([0022]) such that the identity provider transmits the requested token to the user device ([0023]). Identity provider performs user authentication prior to token generation using passwords or biometrics ([0018]), which meets the limitation of wherein the identity of the user using the initiating device is verified based on one or more authentication factors selected from a group consisting of password input. It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention for the ticket of Vanderveen to have been received by the user device responsive to the user logging into a service application on the user device in order to provide the user with access to a plurality of services without having to input individual credentials for each service as suggested by Wetter ([0007] & [0019]).
Referring to claim 19, Vanderveen discloses a ticket-based authorization system wherein a first device 206 transmits a connection request message to a second device 208 ([0073]-[0074]: second device 208 reads on the claimed receiving device; first device 206 reads on the initiating device) over communication link 210 ([0054]). Devices 206 and 208 validate the authorization ticket of the other prior to activating the wireless communication link between the devices ([0058] & [0088]).
Vanderveen does not specify that the ticket is received by the user device responsive to the user logging into to a service application on the user device. Wetter discloses a cloud service access system wherein a user logs into a service application on the user device ([0020]: user login requires entry of user authentication factors at the user device) and transmits a token request to an identity provider ([0022]) such that the identity provider transmits the requested token to the user device ([0023]), which meets the limitation of wherein verifying the identity of the user using the initiating device is based on one or more authentication factors input at the initiating device. Cloud service applications on the user device submit the token in requests for access to cloud services, such that the service provider validates the token and provides access to the requested services ([0032]: access is granted based on the token and not the user authentication factors input at the user device), which meets the limitation of wherein determining whether the identity of the user using the initiating device is verified by the verification service occurs without access to any authentication factors input at the initiating device. It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention for the ticket of Vanderveen to have been received by the user device responsive to the user logging into a service application on the user device in order to provide the user with access to a plurality of services without having to input individual credentials for each service as suggested by Wetter ([0007] & [0019]).
Referring to claim 20, Vanderveen discloses a ticket-based authorization system wherein a first device 206 transmits a connection request message to a second device 208 ([0073]-[0074]: second device 208 reads on the claimed receiving device; first device 206 reads on the initiating device) over communication link 210 ([0054]). The second device 208 responds by sending a connection response message to the first device 206 ([0074]: connection response message reads on the claimed identity verification request because “identity verification” is simply the claimed name of the request and does not define the structure of the request nor does the name require steps to be performed), which meets the limitation of sending an identity verification request to the initiating device during the communication.
Referring to claim 21, Vanderveen discloses that the connection response message includes the authorization ticket of the second device 208 such that the first device 206 verifies the authorization ticket received from the second device 208 ([0074]: verification of the identity is performed based on the ticket and not input at the first device 206). Devices 206 and 208 validate the authorization ticket of the other prior to activating the wireless communication link between the devices ([0058] & [0088]) such that the activation of the communication link can include the communication of key derivation and configuration information 512 ([0084]), which meets the limitation of receiving a verification of identity in response to the identity verification request without access to any verification response input at the initiating device.
Referring to claim 24, Vanderveen discloses a ticket-based authorization system wherein a first device 206 transmits a connection request message to a second device 208 ([0073]-[0074]: second device 208 reads on the claimed receiving device; first device 206 reads on the initiating device) over communication link 210 ([0054]), which meets the limitation of receiving an identity verification request from the initiating device during the communication. The second device 208 responds by sending a connection response message to the first device 206 ([0074]), which meets the limitation of responding to the identity verification request to the initiating device.
Referring to claim 25, Vanderveen does not specify that the ticket is received by the user device responsive to the user logging into to a service application on the user device. Wetter discloses a cloud service access system wherein a user logs into a service application on the user device ([0020]) and transmits a token request to an identity provider ([0022]) such that the identity provider transmits the requested token to the user device ([0023]) and the user device provides the token to a service provider such that the service provider validates the received token prior to providing the requested access ([0029], which meets the limitation of wherein receiving the identity verification request and responding to the identity verification request occurs via the verification channel. It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention for the ticket of Vanderveen to have been received by the user device responsive to the user logging into a service application on the user device in order to provide the user with access to a plurality of services without having to input individual credentials for each service as suggested by Wetter ([0007] & [0019]).
Referring to claim 27, Vanderveen does not specify that the ticket is received by the user device responsive to the user logging into to a service application on the user device. Wetter discloses a cloud service access system wherein a user logs into a service application on the user device ([0020]) and transmits a token request to an identity provider ([0022]) such that the identity provider transmits the requested token to the user device ([0023]) and the user device provides the token to a service provider such that the service provider validates the received token prior to providing the requested access ([0029], which meets the limitation of determining that the identity of the user using the initiating device is verified based on receiving a verification token, passing the verification token from the receiving device to a second device to cause the second device to determine that the identity of the user using the initiating device is verified based on receiving the verification token. It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention for the ticket of Vanderveen to have been received by the user device responsive to the user logging into a service application on the user device in order to provide the user with access to a plurality of services without having to input individual credentials for each service as suggested by Wetter ([0007] & [0019]).
Referring to claim 28, Vanderveen does not specify that the ticket is received by the user device responsive to the user logging into to a service application on the user device. Wetter discloses a cloud service access system wherein a user logs into a service application on the user device ([0020]) and transmits a token request to an identity provider ([0022]) such that the identity provider transmits the requested token to the user device ([0023]) and the user device provides the token to a service provider such that the service provider validates the received token prior to providing the requested access ([0029], which meets the limitation of determining that the identity of the user using the initiating device is verified based on receiving an unexchangeable verification token. It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention for the ticket of Vanderveen to have been received by the user device responsive to the user logging into a service application on the user device in order to provide the user with access to a plurality of services without having to input individual credentials for each service as suggested by Wetter ([0007] & [0019]).
Referring to claim 29, Vanderveen discloses a ticket-based authorization system that includes a cellular interface to communicate between devices ([0098]), which meets the limitation of one or more network interfaces to communicate on a communication channel. The system includes a wireless interface to communicate between devices and an authorization server ([0099]), which meets the limitation of one or more network interfaces to communicate on a verification channel. The system includes a processor and a memory (Figure 6, elements 616 & 614), which meets the limitation of a processor adapted to execute one or more processes, and a memory configured to stored a process executed by the processor, the process when executed. The system wherein a first device 206 transmits a connection request message to a second device 208 ([0073]-[0074]: second device 208 reads on the claimed receiving device; first device 206 reads on the initiating device) over communication link 210 ([0054]), which meets the limitation of receiving, at a receiving device, a communication from an initiating device on a communication channel. The second device 208 verifies the authorization ticket in the connection request message ([0073]-[0074]) such that the second device 208 provides a connection response message to the first device 206 that includes the authorization ticket of the second device 208 for validation by the first device ([0074]-[0077]: authorization tickets are generated by a third party device after the devices have been authenticated [0052]. Therefore, third party device provides a verification channel by issuing verifiable tickets to each device.), determining, by the receiving device over a verification channel with a verification service associated with the initiating device, whether an identity of a user using the initiating device is verified by the verification service [based on whether or not the user has logged into a verification service client application on the initiating device]. Devices 206 and 208 validate the authorization ticket of the other prior to activating the wireless communication link between the devices ([0058] & [0088]), which meets the limitation of managing, by the receiving device in response to the identity of the user using the initiating device being verified, the communication from the initiating device according to the identity being verified. If the devices are not able to validate the authorization ticket of the other device, a validated communication link is not established between the devices ([0058]), which meets the limitation of managing, by the receiving device in response to the identity of the user using the initiating device being unverified, the communication from the initiating device according to the identity being unverified.  
Vanderveen does not specify that the ticket is received by the user device responsive to the user logging into to a service application on the user device. Wetter discloses a cloud service access system wherein a user logs into a service application on the user device ([0020]) and transmits a token request to an identity provider ([0022]: token request includes application ID, cloud service ID, and user login credentials) such that the identity provider transmits the requested token to the user device ([0023]) and the user device provides the token to a service provider such that the service provider validates the received token prior to providing the requested access ([0029], which meets the limitation of determining, by the receiving device over a verification channel with a verification service associated with the initiating device, whether an identity of a user using the initiating device is verified by the verification service based on whether or not the user has logged into a verification service client application on the initiating device. It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention for the ticket of Vanderveen to have been received by the user device responsive to the user logging into a service application on the user device in order to provide the user with access to a plurality of services without having to input individual credentials for each service as suggested by Wetter ([0007] & [0019]).
Claim 6 is rejected under 35 U.S.C. 103 as being unpatentable over Vanderveen, U.S. Publication No. 2014/0310782, in view of Wetter, U.S. Publication No. 2013/0024919, and further in view of Singh, U.S. Publication No. 2013/0139231. Referring to claim 6, Vanderveen does not specify that the ticket is received by the user device responsive to the user logging into to a service application on the user device. Wetter discloses a cloud service access system wherein a user logs into a service application on the user device ([0020]) and transmits a token request to an identity provider ([0022]: token request includes application ID, cloud service ID, and user login credentials) such that the identity provider transmits the requested token to the user device ([0023]). It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention for the ticket of Vanderveen to have been received by the user device responsive to the user logging into a service application on the user device in order to provide the user with access to a plurality of services without having to input individual credentials for each service as suggested by Wetter ([0007] & [0019]).
Wetter does not disclose prompting the user device to install the service application. Singh discloses a user device user being prompted to select a verification application for install on the user device ([0021]), which meets the limitation of prompting the initiating device to install the verification service client application in response to the initiating device not having previously installed the verification service client application. It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention for the service application, in the ticket-based authorization system of the modified Vanderveen in view of Wetter, to have been selected for installation by the user of the user device in order to allow the user to select the application of their choosing as suggested by Singh ([0021]). 
Vanderveen discloses a ticket-based authorization system wherein a first device 206 transmits a connection request message to a second device 208 ([0073]-[0074]: second device 208 reads on the claimed receiving device; first device 206 reads on the initiating device) over communication link 210 ([0054]). If the devices are not able to validate the authorization ticket of the other device, a validated communication link is not established between the devices ([0058]: preventing establishment of a communication connection would be a commensurate response to a potential attack), which meets the limitation of managing the communication from the initiating device according to the identity of the user using the initiating device remaining unverified by an installed verification service client application.
Claims 7, 22, 23, 26 are rejected under 35 U.S.C. 103 as being unpatentable over Vanderveen, U.S. Publication No. 2014/0310782, in view of Wetter, U.S. Publication No. 2013/0024919, and further in view of Shahidzadeh, U.S. Patent No. 10,325,259. Referring to claim 7, Vanderveen does not specify that the ticket is received by the user device responsive to the user logging into to a service application on the user device. Wetter discloses a cloud service access system wherein a user logs into a service application on the user device ([0020]) and transmits a token request to an identity provider ([0022]: token request includes application ID, cloud service ID, and user login credentials) such that the identity provider transmits the requested token to the user device ([0023]), which meets the limitation of requesting the user using the initiating device to comply with one or more [multi-factor] authentication queries over the verification channel. It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention for the ticket of Vanderveen to have been received by the user device responsive to the user logging into a service application on the user device in order to provide the user with access to a plurality of services without having to input individual credentials for each service as suggested by Wetter ([0007] & [0019]).
Wetter does not disclose that the user is authenticated using multi-factor authentication. Shahidzadeh discloses the use of multi-factor authentication to authenticate users (Abstract & Col. 9, lines 23-60), which meets the limitation of requesting the user using the initiating device to comply with one or more multi-factor authentication (MFA) queries over the verification channel. It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to have utilized multi-factor authentication to authenticate the user of Vanderveen in order to provide an authentication mechanism that mitigates threats while providing a higher level of trust as suggested by Shahidzadeh (Col. 10, lines 19-26).
Referring to claim 22, Vanderveen does not specify that the ticket is received by the user device responsive to the user logging into to a service application on the user device. Wetter discloses a cloud service access system wherein a user logs into a service application on the user device ([0020]) and transmits a token request to an identity provider ([0022]: token request includes application ID, cloud service ID, and user login credentials) such that the identity provider transmits the requested token to the user device ([0023]), which meets the limitation of in response to the identity being verified. It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention for the ticket of Vanderveen to have been received by the user device responsive to the user logging into a service application on the user device in order to provide the user with access to a plurality of services without having to input individual credentials for each service as suggested by Wetter ([0007] & [0019]).
Wetter does not disclose that the user is authenticated using multi-factor authentication. Shahidzadeh discloses the use of multi-factor authentication to authenticate users (Abstract & Col. 9, lines 23-60) such certain transactions may require additional credential submissions to provide increase level of assurance (Col. 9, lines 23-60), which meets the limitation of requesting an increase assurance of verification of the identity by the initiating device during the communication, and managing the communication from the initiating device according to whether an increased assurance is conveyed. It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to have utilized multi-factor authentication to authenticate the user of Vanderveen in order to provide an authentication mechanism that mitigates threats while providing a higher level of trust as suggested by Shahidzadeh (Col. 10, lines 19-26).
Referring to claim 23, Vanderveen does not specify that the ticket is received by the user device responsive to the user logging into to a service application on the user device. Wetter discloses a cloud service access system wherein a user logs into a service application on the user device ([0020]) and transmits a token request to an identity provider ([0022]: token request includes application ID, cloud service ID, and user login credentials) such that the identity provider transmits the requested token to the user device ([0023]), which meets the limitation of in response to the identity being verified. It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention for the ticket of Vanderveen to have been received by the user device responsive to the user logging into a service application on the user device in order to provide the user with access to a plurality of services without having to input individual credentials for each service as suggested by Wetter ([0007] & [0019]).
Wetter does not disclose that the user is authenticated using multi-factor authentication. Shahidzadeh discloses the use of multi-factor authentication to authenticate users (Abstract & Col. 9, lines 23-60) such certain transactions may trigger the required submission of additional credentials to provide increase level of assurance (Col. 9, lines 23-60 & Col. 10, lines 47-65), which meets the limitation of wherein requesting the increased assurance of verification of the identity occurs [automatically] in response to one or more triggers during the communication. It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to have utilized multi-factor authentication to authenticate the user of Vanderveen in order to provide an authentication mechanism that mitigates threats while providing a higher level of trust as suggested by Shahidzadeh (Col. 10, lines 19-26).
Shahidzadeh does not specify that the request for additional credentials is provided automatically. However, broadly providing an automatic or mechanical means to replace a manual activity which accomplished the same result is not sufficient to distinguish over the prior art (See In re Venner, 262 F.2d 91, 95, 120 USPQ 193, 194 (CCPA 1958)). Therefore, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention for the request for additional credentials to have been provided automatically because providing an automatic or mechanical means to replace a manual activity which accomplishes the same result is not sufficient to distinguish over the prior art. 
Referring to claim 26, Wetter does not disclose that the user is authenticated using multi-factor authentication. Shahidzadeh discloses the use of multi-factor authentication to authenticate users (Abstract & Col. 9, lines 23-60) such that the authentication level of a user is displayed after the user logs into the system (Col. 14, lines 1-5), which meets the limitation of displaying a verification level of the initiating device. It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to have utilized multi-factor authentication to authenticate the user of Vanderveen in order to provide an authentication mechanism that mitigates threats while providing a higher level of trust as suggested by Shahidzadeh (Col. 10, lines 19-26).
Conclusion
Any inquiry concerning this communication or earlier communications from the examiner should be directed to BENJAMIN E LANIER whose telephone number is (571)272-3805. The examiner can normally be reached M-Th: 6:20-4:50.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Kristine Kincaid can be reached on 5712724063. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. Visit https://www.uspto.gov/patents/apply/patent-center for more information about Patent Center and https://www.uspto.gov/patents/docx for information about filing in DOCX format. For additional questions, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.





/BENJAMIN E LANIER/          Primary Examiner, Art Unit 2437