DETAILED ACTION
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA . 

Continued Examination Under 37 CFR 1.114
A request for continued examination under 37 CFR 1.114, including the fee set forth in 37 CFR 1.17(e), was filed in this application after final rejection.  Since this application is eligible for continued examination under 37 CFR 1.114, and the fee set forth in 37 CFR 1.17(e) has been timely paid, the finality of the previous Office action has been withdrawn pursuant to 37 CFR 1.114.  Applicant's submission filed on 12/02/2020 has been entered.

3.	Claims 1, 4, 7, 11, 18, 19, 20 have been amended.
 

4.	Claims 1-20 are pending. 

Response to Arguments and Amendments
5.	Applicant’s arguments, see (page 1-3 on remarks), filed 11/02/2020, with respect to the rejection(s) of claim(s) 1-20 under 103 rejection have been fully considered and are persuasive.  Therefore, the rejection has been withdrawn.  However, upon further consideration, a new ground(s) of rejection is made in view of John Hopkins (US 8371501); and Stephane Blondeau (US 9391987).

Claim Rejections - 35 USC § 103
In the event the determination of the status of the application as subject to AIA  35 U.S.C. 102 and 103 (or as subject to pre-AIA  35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status.  
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102 of this title, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole 

4.	Claims 1-10 are rejected under 35U.S.C 103 as being unpatentable over Mare Briceno (US 20140289833), in view of Rich Hamilton II (US 20110010675), and further in view of John Hopkins (US 8371501), hereinafter Hopkins.

Regarding claim 1:
	Briceno discloses generating at least one user biometric predictive model; passively collecting current biometric data for a user from at least one non behavioral biometric sensor; receiving, from an authentication requesting device, a request for authentication of a reference user, generating predicted biometric data; determining a match level for the current biometric data based at least on a distance between the current biometric data and the predicted biometric data generated by the at least one user biometric predictive model; granting the authentication when the match level satisfies a match threshold associated with an environment in which the user is located at 401, an explicit authentication event occurs such as a swipe on a fingerprint sensor or the entry of a PIN to unlock the device. A timer may also be started to measure the time which has elapsed from the explicit authentication event. At 402, the legitimate user state is entered and at 403, various aspects of user behavior may be measured and stored for later reference (e.g., locations, user gait, etc… at 406, the system exits the legitimate user state (e.g., because the timer indicates that a specified amount of time has elapsed). At 407, the system periodically measures the user behavior by comparing data from sensors against internal reference data stored in operation 403. By way of example, measurements associated with the gait of the user (collected when in the legitimate user state) may be compared with current gait measurements (collected at 407) and a correlation between the two may be calculated (referred to as the “distance” to the reference data). If an authentication request is received when outside of the legitimate user state, determined at 408, then at 409 the current assurance level is calculated based on the distance to the internal reference data and potentially the time from the explicit authentication event. The assurance level is then transmitted to the relying party at 420 (paragraph 115 & 116).Briceno further discloses granting the authentication  if the last explicit authentication has been several hours or several days earlier, then a new explicit user authentication may be required to reach an acceptable assurance level (Briceno, paragraph 400), and further a location-centric policy may be used by a relying party to provide a user with additional access to location-specific information. By way of example, and not limitation, a user located in a Walmart may be granted access to special offers from Amazon.com when the user logs into their Amazon.com account on their mobile phone (Briceno, paragraph 209). However, Briceno fails to disclose, but Hamilton discloses the request for authentication including a tags in response to the request, determined based on the tag included in the received request for authentication; and wherein the tag is a level of security configured by the user for a transaction associated with the authentication.
Hamilton II teaches the request for authentication including a tag in response to the request, determined based on the tag included in the received request for authentication location module 310 receives data from one or both of RFID module 306 and GPS module 308, depending upon the particular configuration, and calculates the physical location in the real world of the RFID tag and/or GPS device (Hamilton II, paragraph 32), and further rule set module 418 stores and calculates information relating to allowable locations, both real world and V locations, and whether or not a particular action within particular VU location is permitted by a particular-avatar o user. Location control module 420 correlates avatar 202 with both RW location module 414, VU location module 416 an based upon the information stored and calculated by rule se data 418 and stored in user directory 410 determines appropriate actions and locations and limits the same of avatar 202 (Hamilton II, paragraph 39). It would have been obvious to someone skilled in the art before the effective filling date of claimed invention to combine the teaching of Briceno with that of Hamilton II in order to authenticate and verification of a user in a virtual world (Hamilton II, paragraph 12).
Hopkins teaches wherein the tag is a level of security configured by the user for a transaction associated with the authentication a user 202 of a wearable user authentication factor approaches a multi-factor terminal 204 for authentication. The multi-factor authentication terminal uses an electronic tag reader 214. Such as an RFID tag reader, to determine whether an electronic tag embedded within a wearable article 210, 212 is detected. Once the electronic tag is detected, the electronic tag reader 214 reads its associated unique tag identifier, a list is generated of the authentication action associated with individual tag identifiers and the resulting list is then presented to the user 202 within a display of the multi-factor authentication terminal 204. In one embodiment, the list comprises a unique tag identifier associated with authenticating the user 202 for access to a restricted physical facility 224 (Hopkins, column 7, [lines 1-12]). It would have been obvious to someone skilled in the art before the effective filling date of claimed invention to combine the teaching of Briceno with that of Hopkins in order to providing multi-factor authentication of a user of a wearable user authentication factor (Hopkins, column 2, [lines 15-18]).

Regarding claim 2:
	Briceno and Hamilton II disclose wherein generating the at least one user biometric predictive model is for the reference user and is generated based at least on historical biometric data passively collected from at least one biometric sensor and environmental attributes associated with the reference user when the historical biometric data was passively collected the user behavior authentication module 232 relies on one or more user behavior sensors 242 to determine the extent to which the current user behavior is consistent with historical user behavior (stored in user & location data storage 245). For example, the user behavior sensors 242 may provide accelerometer measurements that the user behavior authentication module may use to determine the gait of the user currently in possession of the device 200. It may then compare these measurements with the known gait of the user (collected following prior explicit user authentications and stored in storage device 245) to arrive at a level of confidence that the legitimate user is in possession of the device (Briceno, paragraph 103).

	Regarding claim 3:
	Briceno and Hamilton II disclose requesting an additional authentication measure from the user when the match level fails to satisfy the match threshold, wherein the additional authentication measure comprises requesting actively collected biometric data from the user if the assurance level transmitted to the relying party is acceptable for the current transaction with the user, determined at 501, then the relying party may send a response to the client device indicating a successful authentication. If not, then at 503, the relying party may send a response to the client indicating that additional authentication is needed (e.g., potentially explicit user authentication if non-intrusive authentication is insufficient (Briceno, paragraph 17).

	Regarding claim 4:
	Briceno and Hamilton II disclose wherein the historical biometric data and the current biometric data comprises time-varying biometric data, and wherein the environment in which the user is located is determinable from a location information or time information that is associated with, or determinable from, at least one sensor at 401, an explicit authentication event occurs such as a swipe on a fingerprint sensor or the entry of a PIN to unlock the device. A timer may also be started to measure the time which has elapsed from the explicit authentication event. At 402, the legitimate user state is entered and at 403, various aspects of user behavior may be measured and stored for later reference (e.g., locations, user gait, etc) (Briceno, paragraph 115), 

	Regarding claim 5:
	Briceno and Hamilton II disclose generating a codebook that indicates a plurality of match thresholds for a plurality of different environments; and determining the match threshold for the environment in which the user is located based at least on the codebook instead of writing code to codify an authentication policy, rules can be configured through a simple graphical user interface. All the relying party needs to do to integrate is define a policy for a class of interactions (for example: “Large Money Transfers”) and have the integration code use that policy identifier when interacting with the policy engine to determine the correct authentication mechanism to leverage (Briceno, paragraph 253).

	Regarding claim 6:
	Briceno and Hamilton II disclose enhancing an authentication rating by using user interactions including entering a personal identification number (PIN), moving closer to a camera for better identification, or interacting with speech recognition requirements, and wherein enhancing the authentication rating further includes inactive to active commissioning for bio- data or environmental capture, modifications to current bio-data or environmental-data sampling parameters, and sampling updates the user may be asked to swipe a finger on a fingerprint sensor or to enter a PIN associated with the user's account (Briceno, paragraph 326), and a fingerprint sensor may implement the capture and storage of fingerprint templates in a secure storage on the fingerprint sensor itself, and perform all validation against those templates within the fingerprint sensor hardware itself, resulting in a highly secure environment (Briceno, paragraph 233).

	Regarding claim 7:
Claim 7 is rejected under the same reason set forth in rejection of claim 1.

Regarding claim 8:
Claim 8 is rejected under the same reason set forth in rejection of claim 2.

Regarding claim 9:
Claim 9 is rejected under the same reason set forth in rejection of claim 3.

Regarding claim 10:
Claim 10 is rejected under the same reason set forth in rejection of claim 5.


s 11-20 are rejected under 35U.S.C 103 as being unpatentable over Mare Briceno (US 20140289833), in view of Stephane Blondeau (US 9391987), hereinafter Blondeau.

Regarding claim 11:
Briceno discloses a device comprising: processing circuitry that is configured to: gather bio-data, wherein at least one of the bio-data, wherein the at least one of bio- data and the environmental data is received from another device; and the environmental data is cause to evaluated by the another device to identify a first authentication rating compare the first authentication rating with an authentication challenge requirement; and identify a second authentication rating that meets the authentication challenge requirement  the authentication policy engine 1710 may use the correlation results provided by the device proximity detection logic 2001 to determine the level of authentication required by the user for each relying party 1750. For example, if a high correlation exists (i.e., above a specified threshold), then the authentication policy engine may not require explicit authentication by the end user. By contrast, if there is a low correlation between the user's current location and the historical device proximity data 2004 (i.e., below a specified threshold), then the authentication policy engine 1710 may require more rigorous authentication (e.g., a biometric authentication such as a fingerprint Scan and/or requesting PIN entry) (Briceno, paragraph 214), but fails to disclose and wherein a one-time threshold check is provided to a user being authenticated at a same time as when the bio-data is gathered from the user and wherein the bio-data comprises at least one of a brain signal pattern, sweat or heart rate data. 
Blondeau teaches a wherein a one-time threshold check is provided to a user being authenticated at a same time as when the bio-data is gathered from the user and wherein the bio-data comprises at least one of a brain signal pattern, sweat or heart rate data the person authenticated by his/her biometric data, the authentication being permitted by the wireless communications circuit(s) of forming the wireless communications means, is indeed the one who wears module 10 biometric data may be a fingerprint and the presence validation a heart rate measurement by the module and the base simultaneously for comparison purposes, so that the heart rate is measured by the base at the finger presented for measurement of the fingerprint by the base (Blondeau, column 14, 

Regarding claim 12:
Briceno discloses wherein the processing circuitry is further configured to interact, in response to the comparison, to bolster a contribution to the first authentication rating at transaction 5307, the secure transaction service 4701 compares the server policy with the capabilities of the client (and potentially other information such as device priority scheme and/or user preferences as described above) to arrive at a filtered list of authentication capabilities (Briceno, paragraph 52).

Regarding claim 13:
Briceno discloses a trusted element configured to manage at least one of a confidence of an identity of a user being authenticated or a security level the server 4730 may increase the duration of the timeout period to reduce data traffic with the client or decrease the duration to increase the level of security provided by the random challenge. At 5606, the new random challenge and timeout indication is transmitted to the secure transaction service 4701 (Briceno, paragraph 542). 

Regarding claim 14:
Briceno discloses wherein the processing circuitry is configured to aggregate multiple biometric identifiers to increase a match rating including confidence of the identity of the user being authenticated authentication module on the relying party 810 or the client device 800 determines a set of one or more authentication modules 222, 230 with the potential of increasing the overall assurance level to the required level for an intended transaction (i.e., when combined with the preliminary assurance level/implicit risk score) (Briceno, paragraph 129).

Regarding claim 15:
Briceno discloses wherein the processing circuitry is configured to enable the device to be used as a card replacement for an automated teller machines (ATM) the local transaction may be a withdrawal, transfer, or other user-initiated operation and the secure transaction device may be an ATM or other local device capable of executing financial transactions (Briceno, paragraph 355).

Regarding claim 16:
Briceno and Blondeau disclose wherein the processing circuitry is further configured to gather the bio-data by collecting a biometric capture of the user including at least one of a capture of a skin, a tissue, an implant interaction, an electrocardiogram, a moisture or a blood pressure the module is launched and detects if needed the physiological parameters corresponding to the user's wrist (temperature, heart rate, skin conductivity) and enters into initialization mode, the comparison between the transmitted and measured signals, when it results in a match between the signals, triggers the reading of his/her fingerprint or of his/her the venous network, and the corresponding digital image is transmitted to the module via the wireless communication circuits for being stored therein (Blondeau, column 12, [lines 50-56]). It would have been obvious to someone skilled in the art before the effective filling date of claimed invention to combine the teaching of Briceno with that of Blondeau in order to highly secure identification and authentication while offering great flexibility and ease of use (Blondeau, column 1, [lines 40-41]).

Regarding claim 17:
Briceno discloses wherein the processing circuitry is further configured to: receive a series of bio-data samples over time from another device; analyze each sample of the series of bio-data samples to produce a corresponding series of authentication contributions; and apply a series of authentication contributions to maintain the second authentication rating the biometric reference data 110 is typically the result of an enrollment process in which the user enrolls a fingerprint, voice sample, image or other biometric data with the device 100. An application 105 may then use the score 135 to determine whether the authentication was successful (e.g., if the score is above a certain specified threshold) (Briceno, paragraph 5).

Regarding claim 18:
Briceno discloses wherein the processing circuitry is further configured to adjust the second authentication rating to reflect that receipt of the series of bio-data samples has ended if the user is connecting to a relying party from a location known to be the user's home or office, then the assurance level may be set to a relatively high value, whereas if the device is connecting from an unknown or distant location, then the assurance level may be adjusted to a lower level (Briceno, paragraph 97).

Regarding claim 19:
Briceno discloses wherein the processing circuitry is further configured to: compare each sample of the series of bio-data samples with historical data as each sample is received; and respond to the comparison of each sample by producing an authentication contribution of the series of authentication contributions that corresponds to each sample device proximity detection logic 2001 on the client device 1700 may capture data related to visible devices and compare the results against historical device proximity data 2004. The historical device proximity data 2004 may be generated over time and/or through a training process. For example, in one embodiment, the user may specify when he/she is at work, at home, or at other locations (either manually, or when prompted to do so by the client 1700). In response, the device proximity detection logic 2001 may detect the devices in the vicinity and persistently store the results as historical device proximity data 2004 (Briceno, paragraph 213).

Regarding claim 20:
Briceno discloses wherein the processing circuitry is further configured to: establish a plurality of devices that participate in a group authentication, the plurality of devices including the another device;  - 54 -Attorney Docket No. 122293-7015 store authentication contribution data for each of the plurality of devices, a portion of the authentication contribution data constructed at least from the bio-data produce the second authentication rating based on the authentication contribution data; and modify the second authentication rating over time as further authentication contribution data is received multiple classes of privacy protection may be predefined, selected and/or modified by the end user. The privacy classes may be defined based on the probability with which a client can be identified using the divulged information. At privacy classes having relatively higher privacy levels, relatively less information about the client device is divulged to perform the authentication techniques described herein. In one embodiment, the user may choose to disclose the least amount of information possible when communicating with different servers (i.e., may choose transactions having the lowest allowable privacy impact for each website or network service) (Briceno, paragraph 548).

Conclusion
Any inquiry concerning this communication or earlier communications from the examiner should be directed to Thanh Le whose telephone number is 571-272-8556.  The examiner can normally be reached on Monday-Friday 8:00a.m to 5p.m. EST.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Nickerson Jeffrey L can be reached on (469) 295-9235.  The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300. Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system.  Status information for published applications may be obtained from either Private PAIR or Public PAIR.  Status information for unpublished applications is available through Private PAIR 

/THANH H LE/             Examiner, Art Unit 2432                                                                                                                                                                                           

/Kevin Bechtel/Primary Examiner, Art Unit 2491