SFOR's patent is fully Out-Of-Band and not just from the security server to the clients device. The clients device has to talk back to the security server. The user can not type a code into the terminal, that breaks full out-of-band authentication.
Please show me where it says in the patent that the user sends the code back to the security server. otherwise it is different than SFORs patent.