DETAILED ACTION
Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .
Information Disclosure Statement
The Information Disclosure Statement (IDS) submitted on 01/30/2019 is in compliance with the provisions of 37 CFR 1.97. Accordingly, the IDS statement has been considered by the Examiner.
Claim Rejections - 35 USC § 101
35 U.S.C. 101 reads as follows:
Whoever invents or discovers any new and useful process, machine, manufacture, or composition of matter, or any new and useful improvement thereof, may obtain a patent therefor, subject to the conditions and requirements of this title.


Claim 16 is rejected under 35 U.S.C. 101 because the claimed invention is directed to non-statutory subject matter.  The claim(s) does/do not fall within at least one of the four categories of patent eligible subject matter because: 
Claim 16 defines  “a tangible machine-readable medium” The broadest reasonable interpretation of a claim drawn to a tangible machine-readable medium typically covers forms of non-transitory tangible media and transitory propagating signals per se in view of the ordinary and customary meaning of machine-readable media, particular when the specification is silent.  In this case, the specification does not provide any special meaning to the term.  Hence, claim 16 is drawn to a program embodied on a “signal per se.”  A signal per se is not one of the 4 statutory categories of invention and as such fails to fall into a statutory category of invention.  See In re 
Dependent claims 17-20 are rejected for the same reasons as presented above with respect to independent claim 16.
Claim Rejections - 35 USC § 103
In the event the determination of the status of the application as subject to AIA  35 U.S.C. 102 and 103 (or as subject to pre-AIA  35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status.  
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.

Claims 1, 4-6, 8, 11, 14-16, 19 and 20 are rejected under 35 U.S.C. 103 as being unpatentable over Hao Wu US 20190104409 (hereinafter Wu) in view of Salil Kumar Jain US 20170373861 A1 (hereinafter Jain).
As per claim 1, Wu teaches: A method, comprising:
initiating a challenge to the client in connection with an authentication request by the client from a given location to access a protected resource (Wu: para.40 and fig. 2B), 
wherein the challenge comprises a location indicator selected by an authentication server for the given location (Wu: para. 37);
processing, using at least one processing device, a response submitted by the client in response to the challenge (“The authentication server 160 then authenticates 270 the request and returns authentication result 290 to the client device 120.” Wu: para. 39), 
wherein the response comprises the location indicator for the given location (“The client device 120 return the requested location evidence” Wu: para.40 and fig. 2B), and wherein the processing comprises evaluating the response submitted by the client relative to the location indicator selected by the authentication server (“The client device 120 return the requested location evidence 260 and the authentication server 160 then authenticates 280 the authentication request and returns authentication result 290 to the client device 120.  For example, the authentication server 160 may notify the client device 120 that the authentication request 210 has been accepted or rejected.  FIG. 3B, described in more detail below, is a flowchart for an example method 320 of authenticating a request based on a location with at least one request for location data, e.g., as in the data exchange 220.” Wu: para.40 and fig. 2B); 
resolving, using the at least one processing device, the authentication request based on the evaluating (Wu: para.40).
obtaining a shared secret associated with a client (“a shared key is obtained based on a feature of the input, and the shared key is tested at stage 317 based on the stored challenges and response(s) (e.g., by applying the shared key to each challenge to determine whether the key can decrypt a challenge so as to obtain a response that matches a stored response; or by applying the key to the response(s) to determine whether the key can encrypt the response(s) so as to obtain a challenge that matches a stored challenge).  If a shared key successfully decrypts a challenge or successfully encrypts a response so as to obtain a matching stored response or stored challenge, respectively, the shared key is determined to be a shared key that may be used in stage 219 to derive the secret key.” Jain: para. 66);
modified by the client with the shared secret (Jain: para. 66).
Therefore, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to combine the teachings of Wu with the methods of Jain to meet the preceding limitations. One of ordinary skill in the art would have been motivated to make such modification since such techniques were known at the time of the instant invention and would have been applied in a predictable manner to enhance the security of communication using a shared secret key.
As per claim 4, the rejection of claim 1, the combination of Wu and Jain teaches: the modification by the client of the location indicator for the given location with the shared secret comprises one or more of decrypting an encrypted version of the location indicator with the shared secret, filtering the location indicator with the shared secret, and altering the location indicator with the shared secret (see Wu: para. 37 for location indicator and Jain: para. 66 for altering with shared secret);
As per claim 5, the rejection of claim 1 is incorporated herein. Wu does not teach; however, Jain discloses: the evaluating comprises determining if the client modified the location indicator for the given location with the shared secret in an expected manner based on the shared secret stored by the authentication server (Jain: para. 66-68).
Therefore, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to combine the teachings of Wu with the methods of Jain to meet the preceding limitations. One of ordinary skill in the art would have been motivated to make such modification since such techniques were known at the time of the instant invention and would have been applied to enhance the security of communication using a shared secret key.
As per claim 6, the rejection of claim 1 is incorporated herein. Wu teaches: the location indicator is derived from one or more of a set of global positioning system coordinates of client at the given location, an Internet Protocol address associated with a device of the client at the given location, and an identifier of a predefined location of the client (GPS and IP address associated with user device is used in determining user device location. Wu: para, 37). 
As per claim 8, the rejection of claim 1 is incorporated herein. Wu teaches; the authentication server one or more of: obtains the location indicator from a record based on the given location of the client at a time of the challenge, and dynamically generates the location indicator based, at least in part, on the given location client at the time of the challenge (“the authentication server 160 receives location data from the device via the network.  The location data may be, for example, included in the authentication request received at stage 310.  In some embodiments, the initial authentication request includes location data.” Wu: para.45).
As per claim 11, this claim defines a system that corresponds to the method of claim 1 and does not define beyond limitations of claim 1. Therefore, claim 11 is rejected with the same rational as in the rejection of claim 1.
As per claim 14, this claim defines a system that corresponds to the method of claim 4 and does not define beyond limitations of claim 4. Therefore, claim 14 is rejected with the same rational as in the rejection of claim 4.
As per claim 15, this claim defines a system that corresponds to the method of claim 5 and does not define beyond limitations of claim 5. Therefore, claim 15 is rejected with the same rational as in the rejection of claim 5.
As per claim 16, this claim defines a computer program product, comprising a tangible machine-readable storage medium having encoded therein executable code of one or more software programs that corresponds to the method of claim 1 and does not define beyond limitations of claim 1. Therefore, claim 16 is rejected with the same rational as in the rejection of claim 1.
As per claim 19, this claim defines a computer program product, comprising a tangible machine-readable storage medium having encoded therein executable code of one or more software programs that corresponds to the method of claim 4 and does not define beyond limitations of claim 4. Therefore, claim 19 is rejected with the same rational as in the rejection of claim 4.
As per claim 20, this claim defines a computer program product, comprising a tangible machine-readable storage medium having encoded therein executable code of one or more software programs that corresponds to the method of claim 4 and does not define beyond limitations of claim 5. Therefore, claim 20 is rejected with the same rational as in the rejection of claim 5.

Claims 2, 3, 12, 13, 17 and 18 are rejected under 35 U.S.C. 103 as being unpatentable over Wu in view of Jain and further in view of Philip Moyer et al. US 20180232937 (hereinafter Moyer).
As per claim 2, the rejection of claim 1 is incorporated herein. Wu does not teach, however, Jain discloses: cryptographic communication of data (encrypting and decrypting server selected challenge and the corresponding response using a shared key (Jain: para. 7 and 8).
Therefore, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to combine the teachings of Wu with the methods of Jain to meet the preceding limitations. One of ordinary skill in the art would have been motivated to make such modification since such techniques were known at the time of the instant invention and would have been applied in a predictable manner to enhance the security of communication using a shared secret key.
The combination of Wu and Jain does not teach; however, Moyer discloses: a plurality of virtual object images for the given location (“The application 212 can use spatial mapping data 220 as well as GPS location to place or position holographic or virtual objects or assets in the real world.  Utilizing GPS location allows an augmented 
Therefore, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to modify the combination of Wu and Jain with the teachings of Moyer to meet the preceding limitations. One of ordinary skill in the art would have been motivated to make such modification since such techniques were known at the time of the instant invention and would have been applied to enhance the security of communication using additional factor in authentication process.
As per claim 3, the rejection of claim 1 is incorporated herein. Wu does not teach, however, Jain discloses: cryptographic communication of data (encrypting and/or decrypting server selected challenge and the corresponding response) using a shared key (Jain: para. 7 and 8).
Therefore, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to combine the teachings of Wu with the methods of Jain to meet the preceding limitations. One of ordinary skill in the art would have been motivated to make such modification since such techniques were known at 
The combination of Wu and Jain does not teach; however, Moyer discloses: a plurality of virtual object images for the given location (“The application 212 can use spatial mapping data 220 as well as GPS location to place or position holographic or virtual objects or assets in the real world.  Utilizing GPS location allows an augmented reality unit to track location against spatial map to place holographic or virtual objects in a logical manner to enable all users to see the holographic or virtual objects or assets in the same location.  Some or all of the foregoing contents and/or data can be encrypted, depending upon embodiments.  In this regard, the security and auditing management 120 can implement various definable authentications such as a PKI-based authentication protocol, Authentication and Key Agreement (AKA) scheme, and/or other authentication protocol such as multi-factor authentication and SAS certification for data encryption and decryption.” Moyer: para. 47).
Therefore, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to modify the combination of Wu and Jain with the teachings of Moyer to meet the preceding limitations. One of ordinary skill in the art would have been motivated to make such modification since such techniques were known at the time of the instant invention and would have been applied to enhance the security of communication using additional factor in authentication process.
As per claim 12, this claim defines a system that corresponds to the method of claim 2 and does not define beyond limitations of claim 2. Therefore, claim 12 is rejected with the same rational as in the rejection of claim 2.
As per claim 13, this claim defines a system that corresponds to the method of claim 3 and does not define beyond limitations of claim 3. Therefore, claim 13 is rejected with the same rational as in the rejection of claim 3.
As per claim 17, this claim defines a computer program product, comprising a tangible machine-readable storage medium having encoded therein executable code of one or more software programs that corresponds to the method of claim 2 and does not define beyond limitations of claim 2. Therefore, claim 17 is rejected with the same rational as in the rejection of claim 2.
As per claim 18, this claim defines a computer program product, comprising a tangible machine-readable storage medium having encoded therein executable code of one or more software programs that corresponds to the method of claim 3 and does not define beyond limitations of claim 3. Therefore, claim 18 is rejected with the same rational as in the rejection of claim 3.

Claim 7 is rejected under 35 U.S.C. 103 as being unpatentable over Wu in view of Jain and further in view of Samuel Finding et al. US 20180053352 (hereinafter Finding).
As per claim 7, the rejection of claim 1 is incorporated herein. The combination of Wu and Jain does not teach; however, Finding discloses: the client queries the authentication server, at a time of the authentication request by the client to access the protected resource, with the given location of the client to obtain the location indicator from the authentication server (Finding: para.54).
.

Claims 9 and 10 are rejected under 35 U.S.C. 103 as being unpatentable over Wu in view of Jain and further in view of Martti Pitkanen et al. US 20180068103 (hereinafter Pitkanen).
As per claim 9, the rejection of claim 1 is incorporated herein. The combination of Wu and Jain does not teach; however, Pitkanen discloses: a confidence level of the evaluating required for the client to access the protected resource is configurable based on security requirements of a given protected resource (“The system 106 receives and optionally processes such as decodes the data.  Subsequently, the system 106 may verify the current location of the user 102, as indicated by the obtained location data, against predetermined data indicative of e.g. allowed location(s).  The resolution of the obtained data and/or related measurement error estimate may be utilized to adapt the decision-making.  For example, in the case of a larger error/worse positioning accuracy, more tolerance may be allowed in verification process, and vice versa.” Pitkanen: para. 175).
Therefore, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to modify the combination of Wu and Jain 
As per claim 10, the rejection of claim 1 is incorporated herein. The combination of Wu and Jain does not teach; however, Pitkanen discloses: the shared secret is negotiated between the client and the authentication server using one or more of a biometric assurance, a device assurance and a client-specific cryptographic key assurance (the system utilizes user voiceprint and speech features for voice-based authentication. Pitkanen: para. 180). 
Therefore, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to modify the combination of Wu and Jain with the teachings of Pitkanen to meet the preceding limitations. One of ordinary skill in the art would have been motivated to make such modification since such techniques were known at the time of the instant invention and would have been applied to enhance the flexibility of the system.

Conclusion
Any inquiry concerning this communication or earlier communications from the examiner should be directed to GHODRAT JAMSHIDI whose telephone number is (571)270-1956.  The examiner can normally be reached on 10:00-5:00.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an 
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Carl Colin can be reached on 5712723862.  The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system.  Status information for published applications may be obtained from either Private PAIR or Public PAIR.  Status information for unpublished applications is available through Private PAIR only.  For more information about the PAIR system, see https://ppair-my.uspto.gov/pair/PrivatePair. Should you have questions on access to the Private PAIR system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative or access to the automated information system, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.






/GHODRAT JAMSHIDI/           Primary Examiner, Art Unit 2493