Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .



DETAILED ACTION

Continued Examination Under 37 CFR 1.114
A request for continued examination under 37 CFR 1.114, including the fee set forth in 37 CFR 1.17(e), was filed in this application after final rejection.  Since this application is eligible for continued examination under 37 CFR 1.114, and the fee set forth in 37 CFR 1.17(e) has been timely paid, the finality of the previous Office action has been withdrawn pursuant to 37 CFR 1.114.  Applicant's submission filed on 01/15/2021 has been entered.
Claims 1-6, 8-16, 18-22, 29 and 31 are under examination.



Claim Rejections - 35 USC § 112
The following is a quotation of the first paragraph of 35 U.S.C. 112(a):
(a) IN GENERAL.—The specification shall contain a written description of the invention, and of the manner and process of making and using it, in such full, clear, concise, and exact terms as to enable any person skilled in the art to which it pertains, or with which it is most nearly connected, to make and use the same, and shall set forth the best mode contemplated by the inventor or joint inventor of carrying out the invention.

The following is a quotation of the first paragraph of pre-AIA  35 U.S.C. 112:


Claims 1, 11 and 21 are rejected under 35 U.S.C. 112(a) or 35 U.S.C. 112 (pre-AIA ), first paragraph, as failing to comply with the written description requirement. The claim(s) contains subject matter which was not described in the specification in such a way as to reasonably convey to one skilled in the relevant art that the inventor or a joint inventor, or for applications subject to pre-AIA  35 U.S.C. 112, the inventor(s), at the time the application was filed, had possession of the claimed invention. Independent claims 1, 11 and 21 have been amended to recite “the semantic information comprises mistaken operations performed by the user while using the service, and not physical movement of the electronic device”. However, the specification fails to disclose the semantic information comprises… not physical movement of the electronic device.


Claim Rejections - 35 USC § 103
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.

Claims 1, 4-5, 9-11, 14-15, 19-21 and 31 are rejected under 35 U.S.C. 103 as being unpatentable over Bar et al. (US 2017/0289168 A1) and Turgeman et al. (US 2015/0205957 A1).

Regarding claim 1, Bar et al. discloses A method for authenticating and/or identifying a user of 2an electronic device [abs, “A current user may be authenticated and access to secure computing resources permitted based on a determined probability that the current user is a legitimate user associated with the secure computing resource”], comprising:  3in response to detecting a trigger event [par. 0015, “…when the current user attempts to access sensitive data, applications, or services”], collecting sensor data from one or 4more sensors in the electronic device [par. 0040, “user data received via user-data collection component 210 may be determined via one or more sensors, which may be on or associated with one or more user devices (such as user device 102a)”], wherein the sensor data comprises semantic information related to the usage of a service accessed via the electronic device;  5extracting a feature vector from the sensor data and the semantic information; and forwarding the feature vector to a server [par. 0062, “persona models generator 260 may run on a server, as a distributed application across multiple devices, or in the cloud. At a high level, persona models generator 260 receives information related to a legitimate, which may include user user-activity-related information and/or contextual (or other related) information for the legitimate user, which may be provided from user-related activity monitor 280, user-data collection component 210, or user-activity logs from client-side applications or services associated with user-related activity monitor 280”, par. 0114], wherein the server analyzes 6the feature vector [abs, “A current user may be authenticated and access to secure computing resources permitted based on a determined probability that the current user is a legitimate user associated with the secure computing resource. Legitimacy of the current user may be inferred based on a comparison of user-related activity of the current user to a persona model”, par. 0057, “information detected by sensor(s) on user devices associated with the user that is concurrent or substantially concurrent to the user activity”, par. 0058, “contextual information extractor 284 may receive user data from user-data collection component 210, parse the data, in some instances, and identify and extract context features or variables”, par. 0068, “a semantic analysis may be performed on the user-related activity information, which may include the contextual information, to characterize aspects of the user action or activity event. For example, in some embodiments, activity features associated with an activity event may be classified or categorized (such as by type, timeframe or location, work-related, home-related, themes, related entities, other user(s) (such as communication to or from another user) and/or relation of the other user to the user (e.g. family member, close friend, work acquaintance, boss, or the like), or other categories), or related features may be identified for use in determining a similarity or relational proximity to other user activity events, which may indicate a pattern. In some embodiments, semantic information analyzer 262 may utilize a semantic knowledge representation, such as a relational knowledge graph. Semantic information analyzer 262 may also utilize semantic analysis logic, including rules, conditions, or associations to determine semantic information related to the user activity. For example, a user activity event comprising an email sent to someone who works with the user may be characterized as a work-related activity. Thus where the user emails some person she works with every Sunday night, but not necessarily the same person, a pattern may be determined (using activity pattern determiner 266) that the user performs work-related activities every Sunday night. Accordingly, a persona model associated with the legitimate user may be determined to indicate this pattern”, pars 0069-0070, par. 0074, “an activity event may have many corresponding activity features (variables), which may be represented as a feature vector associated with a particular activity event. Accordingly, the analysis carried out by persona models determiner 266 or one or more pattern determiners 267 may involve comparing the activity features from features vectors of plurality of activity events”] using a model trained with sensor data 8previously obtained from the electronic device while the user was operating the 9electronic device [par. 0051, “the user-related activity event logic could be training data used to train a neural network that is used to evaluate user data to determine when an activity event has occurred. The activity event logic may comprise fuzzy logic, neural network, finite state machine, support vector machine, logistic regression, clustering, or machine learning techniques, similar statistical classification processes or, combinations of these to identify activity events from user data. For example, activity event logic may specify types of user device interaction(s) information that are associated with an activity event, such as a navigating to a website, composing an email, or launching an app”, par. 0074, “the analysis carried out by persona models determiner 266 or one or more pattern determiners 267 may involve comparing the activity features from features vectors of plurality of activity events”, par. 0015, “a statistical probability is calculated based, at least in part, on a comparison of current user-related activity information to one or more user persona models associated with the legitimate user. The statistical probability may be expressed or reflected as an authenticity confidence score (authenticity score) that represents the likelihood that the current user is the legitimate user”, par. 0016, “if the authenticity score indicates that the current user is likely legitimate, then access to sensitive information, secure applications, services, or computing resources may be provided”].
Bar et al. does not explicitly disclose the semantic information comprises mistaken operations performed by the user while using the service, and not physical movement of the electronic device.
However, Turgeman et al. in the field relates to systems and methods of detecting user identity, differentiating between users of a computerized service teaches the semantic information comprises mistaken operations performed by the user while using the service, and not physical movement of the electronic device [par. 0118, “monitoring user interactions of said user with the computerized service, and detecting that said user deleted one or more characters when entering a data-item into a particular field in a form of said computerized service; determining that said particular field is a field that most authorized users are highly familiar with, and that said particular field is a field that most authorized users do not make mistakes when entering data therein; based on said, determining that said user is an attacker posing as the authorized user”, par. 0084].
Before the effective filing date of the claimed invention, it would have been obvious to a person having ordinary skill in the art to incorporate the teaching of Turgeman et al. into the teaching of Bar et al. with the motivation determine whether the user is a legitimate human user, or a cyber-attacker posing as the legitimate human user as taught by Turgeman et al. [Turgeman et al.: abs.].
Regarding claim 4, the rejection of claim 1 is incorporated.
[par. 0015, “a statistical probability is calculated based, at least in part, on a comparison of current user-related activity information to one or more user persona models associated with the legitimate user. The statistical probability may be expressed or reflected as an authenticity confidence score (authenticity score) that represents the likelihood that the current user is the legitimate user”].
Regarding claim 5, the rejection of claim 4 is incorporated.
Bar et al. further discloses if the security score 2does not exceed a minimum value, the method further comprises:  3causing a challenge to be issued to the user [par. 0024, “when the score falls below a certain threshold, the user may be presented with a dynamic security challenge to validate legitimacy of the user”]; and 4if the user successfully responds to the challenge, authenticating and/or 5identifying the user [par. 0092, “a correct response may increase the score to satisfy a certain threshold in order to access particular secure computing resources requiring an authenticity score at or above that certain threshold in order to be accessed”].
Regarding claim 9, the rejection of claim 1 is incorporated.
Bar et al. further discloses the trigger event 2comprises one of the following:  3a detected activity of the user; 4a state change associated with the electronic device; 5a timer-based trigger; and 6a broadcast trigger received by the electronic device [par. 0015, “…when the current user attempts to access sensitive data, applications, or services”].  
Regarding claim 10, the rejection of claim 1 is incorporated.
[par. 0041, “user data may be provided in user-data streams or signals. Thus, a "user signal" can be considered a feed or stream of user data from a corresponding data source. For example, a user signal could be from a smartphone, a home-sensor device, a GPS device (e.g., for location coordinates), a vehicle-sensor device, a wearable device, a user device, a gyroscope sensor, an accelerometer sensor, a calendar service, an email account, a credit card account, or other data sources”].  
Regarding claim 11, it recites limitations similar to claim 1. The reason for the rejection of claim 1 is incorporated herein.
Regarding claim 14, it recites limitations similar to claim 4. The reason for the rejection of claim 4 is incorporated herein.
Regarding claim 15, it recites limitations similar to claim 5. The reason for the rejection of claim 5 is incorporated herein.
Regarding claim 19, it recites limitations similar to claim 9. The reason for the rejection of claim 9 is incorporated herein.
Regarding claim 20, it recites limitations similar to claim 10. The reason for the rejection of claim 10 is incorporated herein.
Regarding claim 21, it recites limitations similar to claim 1. The reason for the rejection of claim 1 is incorporated herein.
Regarding claim 31, the rejection of claim 1 is incorporated.
Bar et al. further discloses the semantic information.
Bar et al. does not explicitly disclose the user uses one of multiple ways to accomplish a task with the service; 3and 4the semantic information comprises a particular flow through the service 5associated with the one way of accomplishing the task.
However, Turgeman et al. teaches the user uses one of multiple ways to accomplish a task with the service; 3and 4the semantic information comprises a particular flow through the service 5associated with the one way of accomplishing the task [par. 0084, “determine a user-specific trait that may assist in authenticating the user and/or in detecting an attacker, based on, for example: (a) the way in which the user typically switches between browser tabs (e.g., by clicking with the mouse on the tabs bar, or by using a keyboard shortcut such as CTRL+SHIFT); (b) the way in which the user types or enters an upper case letter or word (e.g., by clicking on CAPS lock and then typing the letter or the word, or, by holding down the SHIFT key and concurrently typing the letter);”];4
Before the effective filing date of the claimed invention, it would have been obvious to a person having ordinary skill in the art to incorporate the teaching of Turgeman et al. into the teaching of Bar et al. with the motivation determine whether the user is a legitimate human user, or a cyber-attacker posing as the legitimate human user as taught by Turgeman et al. [Turgeman et al.: abs.].

Claims 2-3, 12-13 and 22 are rejected under 35 U.S.C. 103 as being unpatentable over Bar et al. (US 2017/0289168 A1) and Turgeman et al. (US 2015/0205957 A1) as applied to claims 1, 4-5, 9-11, 14-15, 19-21 and 31 above, and further in view of Briceno et al. (US 2014/0289833 A1).
Regarding claim 2, the rejection of claim 1 is incorporated.
Bar et al. further discloses the electronic device is a portable electronic device [par. 0043, “a user device may be embodied as a personal computer (PC), a laptop computer, a mobile or mobile device, a smartphone, a tablet computer…”].
Bar et al. and Turgeman et al. do not explicitly disclose the sensor data includes movement-related sensor data caused by 4movement of the portable electronic device while the portable electronic device is 5in control of the user.
However Briceno et al. in the field related to advanced user authentication techniques and associated applications teaches the sensor data includes movement-related sensor data caused by 4movement of the portable electronic device while the portable electronic device is 5in control of the user [par. 0097, “the assurance level may be measured based on a combination of the elapsed time since explicit user authentication and other variables which indicate that the authorized user is in possession of the device (e.g., based on non-intrusive input detected from device sensors). For example, the biometric gait of the user may be measured using an accelerometer or other type of sensor in combination with software and/or hardware designed to generate a gait "fingerprint" from the user's normal walking pattern”].
Before the effective filing date of the claimed invention, it would have been obvious to a person having ordinary skill in the art to incorporate the teaching of Briceno et al. into the teaching of Bar et al. and Turgeman et al. with the motivation to indicate that the authorized [Briceno et al.: par. 0097].
Regarding claim 3, the rejection of claim 2 is incorporated.
Briceno et al. further teaches the movement-related sensor data includes accelerometer data 3gathered while the user is walking; and  4wherein the accelerometer data reflects a characteristic gait of the user 5while walking [par. 0097, “the assurance level may be measured based on a combination of the elapsed time since explicit user authentication and other variables which indicate that the authorized user is in possession of the device (e.g., based on non-intrusive input detected from device sensors). For example, the biometric gait of the user may be measured using an accelerometer or other type of sensor in combination with software and/or hardware designed to generate a gait "fingerprint" from the user's normal walking pattern”].
Before the effective filing date of the claimed invention, it would have been obvious to a person having ordinary skill in the art to incorporate the teaching of Briceno et al. into the teaching of Bar et al. with the motivation to indicate that the authorized user is in possession of the device based on non-intrusive input detected from device sensors as taught by Briceno et al. [Briceno et al.: par. 0097].
Regarding claim 12, it recites limitations similar to claim 2. The reason for the rejection of claim 2 is incorporated herein.
Regarding claim 13, it recites limitations similar to claim 3. The reason for the rejection of claim 3 is incorporated herein.
Regarding claim 22, it recites limitations similar to claim 2. The reason for the rejection of claim 2 is incorporated herein.

Claims 6 and 16 are rejected under 35 U.S.C. 103 as being unpatentable over Bar et al. (US 2017/0289168 A1) and Turgeman et al. (US 2015/0205957 A1) as applied to claims 1, 4-5, 9-11, 14-15, 19-21 and 31 above, and further in view of Chaudhari et al. (US 2005/0022034 A1).
Regarding claim 6, the rejection of claim 1 is incorporated.
Bar et al. discloses extracting the features 2for the collected data [par. 0058, “contextual information extractor 284 may receive user data from user-data collection component 210, parse the data, in some instances, and identify and extract context features or variables”].
Bar et al. and Turgeman et al. do not explicitly disclose extracting the features 2for the collected data involves using signal-processing techniques to extract the 3features.
However Chaudhari et al. teaches extracting the features 2for the collected data involves using signal-processing techniques to extract the 3features [par. 0018, “These response signals 75 are input to signal processing algorithms, for example, executing in an interpreter device 60, that process these low level behavioral responses. It is understood however, that other types of user responses may be measured. For example, other types of higher level features may be extracted such as, for example, user responses 12, 20 in the form of answers 80, to questions or tests. For example, a psychological test may be administered to the user and those higher level answers processed in interpreter 60 using, for example, the "big five" personality clustering criterion to generate a five element feature vector”].
[Chaudhari et al.: par. 0009].
Regarding claim 16, it recites limitations similar to claim 6. The reason for the rejection of claim 6 is incorporated herein.

Claims 8 and 18 are rejected under 35 U.S.C. 103 as being unpatentable over Bar et al. (US 2017/0289168 A1) and Turgeman et al. (US 2015/0205957 A1) as applied to claims 1, 4-5, 9-11, 14-15, 19-21 and 31 above, and further in view of Flautner et al. (US 2014/0372762 A1).
Regarding claim 8, the rejection of claim 1 is incorporated.
Bar et al. discloses authenticate and/or identify user.
Bar et al. and Turgeman et al. do not explicitly discloses if the user is 2successfully authenticated and/or identified, the method further comprises 3automatically communicating a username and password to a website or 4application, which the user is attempting to access.
However Flautner et al. teaches if the user is 2successfully authenticated and/or identified, the method further comprises 3automatically communicating a username and password to a website or 4application, which the user is attempting to access [par. 0018, “A user may, for example, authenticate the wearable trusted device once when it is put on at the beginning of the day and thereafter the trusted device may supply any necessary passwords or other credential information to target devices during the remainder of the day providing the wearable trusted device remains within the physical possession of the user”, par. 0023, user name and a password, par. 0091, “…all the websites the user visits automatically use the credentials in the trusted wrist watch to log in, and then some of these web sites may automatically use credentials in the wrist watch to gain further access to resources on other websites”].
Before the effective filing date of the claimed invention, it would have been obvious to a person having ordinary skill in the art to incorporate the teaching of Flautner et al. into the teaching of Bar et al. and Turgeman et al. with the motivation to provide a secure way of establishing communication with a target device and yet requires a reduced level of on-going user action to establish those communications as taught by Flautner et al. [Flautner et al.: par. 0011].
Regarding claim 18, it recites limitations similar to claim 8. The reason for the rejection of claim 8 is incorporated herein.

Claim 29 is rejected under 35 U.S.C. 103 as being unpatentable over Bar et al. (US 2017/0289168 A1) and Turgeman et al. (US 2015/0205957 A1) as applied to claims 1, 4-5, 9-11, 14-15, 19-21 and 31 above, and further in view of Pant et al. (US 2016/0278664 A1) and Lee et al. (US 2010/0042835 A1).
Regarding claim 29, the rejection of claim 21 is incorporated.
Bar et al. further discloses the one or more sensors include  36an infrared sensor 7[par. 0135, “An NUI may implement any combination of speech recognition, touch and stylus recognition, facial recognition, biometric recognition, gesture recognition both on screen and adjacent to the screen, air gestures, head and eye tracking, and touch recognition associated with displays on the computing device 600. The computing device 600 may be equipped with depth cameras, such as stereoscopic camera systems, infrared camera systems, RGB camera systems, and combinations of these, for gesture detection and recognition”].
Bar et al. and Turgeman et al. do not explicitly disclose an odor sensor;  4a near-field communication (NFC) sensor; 5a network-proximity sensor;  6an infrared sensor;  7a magnetometer;  8a force-touch measurement sensor;  9a multi-touch measurement sensor; and  10a keyboard-timing sensor.
Pant et al. teaches an odor sensor [par. 0015, “clinical diagnostics based on breath odors”]; 4a near-field communication (NFC) sensor [par. 0050, “Near Field Communication (NFC)”]; 5a network-proximity sensor [par. 0050, “proximity networks, such as Bluetooth, Bluetooth low energy (BLE), Bluetooth Smart, Wi-Fi proximity”]; 7a magnetometer [par. 0085, magnetometer];  8a force-touch measurement sensor [par. 0050, force sensors, haptic, par. 0077, forces on the appropriate screen or screens];  9a multi-touch measurement sensor [par. 0021, touchscreens, touch panels, touch pads, par. 0079]; and  10a keyboard-timing sensor.
Before the effective filing date of the claimed invention, it would have been obvious to a person having ordinary skill in the art to incorporate the teaching of Pant et al. into the teaching of Bar et al. and Turgeman et al. with the motivation such that user may be identified and the user's breath is detected and used for analysis as taught by Pant et al. [Pant et al.: par. 0028].
They do not explicitly disclose 10a keyboard-timing sensor.
[par. 0016, “such as how someone types on a keyboard (as in timing and key pressure), or the gait of their walk or other data unique to an individual provided by sensor systems incorporated in the UBD”].
Before the effective filing date of the claimed invention, it would have been obvious to a person having ordinary skill in the art to incorporate the teaching of Lee et al. into the teaching of Bar et al., Turgeman et al. and Pant et al. with the motivation to use a uniquely identified user biometric device (UBD) for permission confirmation as taught by Lee et al. [Lee et al.: par. 0007].




Response to Arguments
Applicant’s arguments, filed on 01/15/2021, with respect to rejection under 35 USC § 102 have been fully considered but the arguments are directed towards the newly added limitations. New reference has been provided to address those limitations, and the rejection is incorporated herein.



Conclusion
The prior art made of record and not relied upon is considered pertinent to Applicant’s disclosure:
US 9706406 B1	Security measures for an electronic device
US 10078743 B1	Cross identification of users in cyber space and physical world
US 20160180068 A1	TECHNOLOGIES FOR LOGIN PATTERN BASED MULTI-FACTOR AUTHENTICATION
US 20180078179 A1	GAIT AUTHENTICATION SYSTEM AND METHOD THEREOF
US 20160057623 A1	System And Method For Implicit Authentication
US 20160110528 A1	Methods and Systems for Using Behavioral Analysis Towards Efficient Continuous Authentication
US 20150332031 A1	SERVICES ASSOCIATED WITH WEARABLE ELECTRONIC DEVICE
US 20160103996 A1	Methods and Systems for Behavioral Analysis of Mobile Device Behaviors Based on User Persona Information
US 9275345 B1	System level user behavior biometrics using feature extraction and modeling
US 20140317734 A1	Adaptive Observation of Behavioral Features on a Mobile Device

Any inquiry concerning this communication or earlier communications from the examiner should be directed to JASON CHIANG whose telephone number is (571)270-3393.  The examiner can normally be reached on 9AM to 6 PM.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Lynn Feild can be reached on (571) 272-2092.  The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system.  Status information for published applications may be obtained from either Private PAIR or Public PAIR.  Status information for unpublished applications is available through Private PAIR only.  For more information about the PAIR system, see http://pair-direct.uspto.gov. Should you have questions on access to the Private PAIR system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative or access to the automated information system, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.




/JASON CHIANG/Primary Examiner, Art Unit 2431