Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .

DETAILED ACTION
	- Claims 1-3 and 5-21 are allowed.
- Claim 4 is cancelled.

Allowable Subject Matter
 	The following is an Examiner's statement of reasons for allowance:
- Following a telephonic interview held on 2/24/2021, Applicant’s representative Mr. Paul Durdik authorized the Examiner’s amendment presented below in order to differentiate the current invention from the prior art of record and to correct 112 and 101 issues.
- In view of the Examiner’s amendment presented below, the closest identified prior art of record Hagen, Tagawa, Miu, Larson, Tussy and Mahaffey, alone or in combination, do not teach or suggest all the features of independent claim 1 as amended. 
-Hagen et al (Patent No.9,740,826), submitted in Applicant’s IDS, teaches methods and systems for identity verification using biometric data.  The system for identity verification using biometric data may comprise a processor and a database communicatively coupled to the processor. The processor may be configured to receive an image of an identification 
document associated with a user (e.g., a passport, a driver's license, and so forth).  The image may be captured by a camera of a client device associated by the user or selected 
number of frames in the video (for example, the processor may randomly select four frames).  The frames are analyzed to identify minor moves of the user's head, lips, eyes, and so forth.  If the moves are identified, the processor may determine that the video depicts a live person.  In such a way, fraud attempts using a still photo of the identification document holder may be eliminated.  Additionally, the system for identity verification using biometric data may compare the face from one of the video frames to the photo from the 
identification document image.  The system for identity verification using biometric data may measure a distance between face parts and perform other analysis to check whether the video frame and the photo show the same person.  Based on the determining whether the video depicts a live person and the faces comparison, the identity of the user may be verified and the system may confirm that the user is a true holder of the identification document.  Alternatively, the system for identity verification using biometric data may determine that the user is not the true holder of the identification document [col.1-2]. However, Hagen does not teach: triggering display by the user device of a live video image of the user, the live video image displayed comprising a close up presentation of the user’s head and having a narrower field of view than the camera of the user device, wherein the camera of the user device captures imagery of at least one of background and periphery including any objects and actions therein, and wherein the user is not aware that the camera of the user device is capturing the imagery of the at least one of background and periphery; providing, via a portal accessible by an authorized representative of a client of the security service system, the sequence of images captured by the security service system for review and approval or rejection; and marking the authentication request as approved or rejected, respectively, based on the approval or the rejection by the authorized representative.
- Tagawa et al (US Pub. No.2020) discloses a comparison request unit that requests the management server 50 to perform face recognition of the user who uses the kiosk terminal 10 to perform customs declaration.  The CPU 102 as the comparison request unit requests a comparison between a captured face image of the user and a passport face image of the user U as face recognition of the user. The captured face image is a face image of the user U captured by the camera 116 during the use of the kiosk terminal 10.  A passport face image is a face image acquired from the passport of the user U by the passport reading device 112. To request comparison, the CPU 102 transmits a captured face image and a passport face image or a face feature amount extracted 
therefrom to the management server 50 together with a comparison request.  Once 
the CPU 102 reads at least one of a passport and a declaration code and acquires a captured face image of the user U and, on the other hand, reads the other of the passport and the declaration code the CPU 102, the CPU 102 can request the management server 50 for face recognition of the user ……….further, the CPU 102 functions as a comparison information acquisition unit that receives and acquires, from the management server 50, comparison information that is information indicating a result of the face recognition 
camera 116 captures a face image of the user who operates the passport reading device 112 to read a passport [0111]. Note that the kiosk terminal 10 may be configured such that a captured face image captured by the camera 116 is not displayed on the display 110 or the like.  In such a case, the user U is unaware that his/her face is captured 
on the kiosk terminal………………. The CPU 102 can determine, based on the 
three-dimensional information acquired by the depth camera 118, whether a captured face image of the user U captured by the camera 116 is an image acquired from an actual human or an image acquired from a two-dimensional image such as a photograph.  This can prevent a fraud such as impersonation………………….. camera for detecting suspicious behavior be provided  [0114-0117]. Capturing of the user by the first camera 410 is performed without causing the user to be aware thereof.  On the other hand, capturing of the user by the second camera 412 is performed on the user who is notified by the display on the display 408 or the like that capturing is performed, for example [00153,0203-0204]. However Tagawa does not teach: triggering display by the user device of a live video image of the user, the live video image displayed comprising a close up presentation of the user’s head and having a narrower field of view than the camera of the user device, wherein the camera of the user device captures imagery of at least one of background and periphery including any objects and actions therein, and wherein the user is not aware that the camera of the user device is capturing the imagery of the at least one of background and periphery; providing, via a portal accessible by an authorized representative of a client of the security service system, the sequence of images captured by the security service system for review and approval or rejection; and marking the authentication request as approved or rejected, respectively, based on the approval or the rejection by the authorized representative.
- Miu et al (US Pub. No.2019/01183750) describes a method an system to protect the security of the driver's license renewal process when the user 102 is not in the physical presence of an agent, the mobile device 104 may capture a video of the user 102 during the enrollment process.  The mobile device 104 may capture the video of the user 102 without the user knowing.  For example, mobile device 102 may not provide an indication for the user 102 to face the mobile device 104 at any particular time.  If the mobile device 104 provided a notification to the user 102, then the security of the process may be compromised as a nefarious user would be able to take additional actions to be able to spoof the system.  In this instance, the typical approach that a nefarious user would employ would be to place a photo of the actual user 102 in front of the mobile device 104 to trick the mobile device 104 into determining that the user 102 is present in front of the mobile device.  The system 100 is configured to protect against this type of attack [0021]. While the user 102 is using the driver's license renewal application, the mobile device 104 
identification document to be installed on user device.  Notably, in some implementations, analyzing the video frame may be performed at the server [0031]. However, Miu does not teach: triggering display by the user device of a live video image of the user, the live video image displayed comprising a close up presentation of the user’s head and having a narrower field of view than the camera of the user device, wherein the camera of the user device captures imagery of at least one of background and periphery including any objects and actions therein, and wherein the user is not aware that the camera of the user device is capturing the imagery of the at least one of background and periphery; providing, via a portal accessible by an authorized representative of a client of the security service system, the sequence of images captured by the security service system for review and approval or rejection; and marking the authentication request as approved or rejected, respectively, based on the approval or the rejection by the authorized representative.
- Larson et al (Patent No.10,693,872) teaches embodiments related to identity verification and information security technologies.  Identity verification services may utilize 
triggering display by the user device of a live video image of the user, the live video image displayed comprising a close up presentation of the user’s head and having a narrower field of view than the camera of the user device, wherein the camera of the user device captures imagery of at least one of background and periphery including any objects and actions therein, and wherein the user is not aware that the camera of the user device is capturing the imagery of the at least one of background and periphery; providing, via a portal accessible by an authorized representative of a client of the security service system, the sequence of images captured by the security service system for review and approval or rejection; and marking the authentication request as approved or rejected, respectively, based on the approval or the rejection by the authorized representative.
-Tussy et al (US Pub.No.2019/0213316) teaches an authentication system that may utilize an autofocus feature when the mobile device camera is equipped with such.  For example, when an actual, three-dimensional person is being imaged, the system checks to ensure that the sharpness of the image changes throughout as the camera perform auto-focusing.  In another embodiment, the system may control the autofocus so that the camera focuses on a first location or distance to check for sharpness (in focus) of a 
portion of the image containing a face.  The system then controls the camera to focus at a second location or distance where the presence of a face is not detected and check for sharpness (in focus) of a portion of the image.  If a three dimensional person in a real environment is being imaged, it is expected that the focal length settings should be different at the first and second locations, which suggests a real person is presently being imaged.  However, if the focal lengths of both locations are the same, this indicates that a two dimensional photograph or screen is being imaged, indicating a fraudulent login 
attempt. The system may also control the auto-focus of the device to check for different focal lengths of different particular features in the image [0186-0187]. And further teaches 
images at certain intervals [0136]. However, Tussy does not teach: receiving at a security server implementing a security service system, a request from a user device of a user seeking to authenticate with the security server; initiating the user device to prompt the user seeking to authenticate with the security server to present one or more identification documents to a camera of the user device and to present their face and to select a control to trigger capture of images of the one or more identification documents and face of the user by the user device; initiating the user device to capture a sequence of images of the user to be authenticated commencing when the camera is operational and prior to receiving from the user a selection of the control that triggers capture of images continuing until detecting that the user has selected the control to trigger capture of images, thereby enabling capture of activity performed by the user prior to and contemporaneous with selecting the control, including any attempted fraudulent activity of the user to be authenticated; providing, via a portal accessible by an authorized representative of a client of the security service system, the sequence of images captured by the security service system for review and approval or rejection; and marking the authentication request as approved or rejected, respectively, based on the approval or the rejection by the authorized representative.
Mahaffey et al (US Pub.No.2018/0206124) teaches security module security module at, for example, the direction of the device owner can instruct the missing device to take pictures, photographs, record video, record sound, enter a lockdown mode, collect audio data (e.g., surrounding, local, or ambient audio at the portable electronic device), collect location data indicating a position of the portable electronic device (e.g., GPS coordinates such as latitude, longitude and elevation), collect device state data (e.g., battery data, whether or not the device is locked), collect device usage data (e.g., calls placed by the device, calls received by the device, websites visited, or apps installed), collect physical information associated with the device such as device orientation, capture screenshots or screen recording (e.g., capture an image or record the visible items being displayed 
on an electronic screen of the device), collect other information available on the device, or combinations of these [0214]. Mahaffey furthe teaches a local software component on the device automatically takes a picture using the device's camera periodically.  Alternatively, when in lost/stolen mode, the local software component on the device automatically records audio and/or video from the device.  In each case, the device sends data resulting from the automatically performed action(s) to the server.  The data is displayed on the remote access web page for view by the user [0170].  However, Mahaffey does not teach all the features of the independent claims as recited.

	Each of the closest prior art references discussed above does not teach all the elements in the independent claims and it would not have been obvious to a person having ordinary skill in the art before the effective filing date of the invention to combine all the above references in such a manner to obtain the current invention.
.
 	Any comments considered necessary by applicant must be submitted no later than the payment of the issue fee and, to avoid processing delays, should preferably accompany the issue fee. Such submissions should be clearly labeled “Comments on Statement of Reasons for Allowance”.

Examiner’s Amendment
 	The Examiner’s amendment presented below was authorized by Mr. Paul Durdik following a telephonic interview held on 1/24/2021.

Please amend the abstract as follows:



Please amend the claims as follows:

receiving at a security server implementing a security service system, a request from a user device of a user seeking to authenticate with the security server;
initiating the user device to prompt the user seeking to authenticate with the security server to present one or more identification documents to a camera of the user device and to present their face and to select a control to trigger capture of images of the one or more identification documents and face of the user by the user device;
initiating the user device to capture a sequence of images of the user to be authenticated commencing when the camera is operational and prior to receiving from the user a selection of the control that triggers capture of images continuing until detecting that the user has selected the control to trigger capture of images, thereby enabling capture of activity performed by the user prior to and contemporaneous with selecting the control, including any attempted fraudulent activity of the user to be authenticated;
 triggering display by the user device of a live video image of the user, the live video image displayed comprising a close up presentation of the user’s head and having a narrower field of view than the camera of the user device, wherein the camera of the user device captures imagery of at least one of background and periphery including any objects and actions therein, and wherein the user is not aware that the camera of the user device is capturing the imagery of the at least one of background and periphery; 
providing, ; and 
marking the authentication request as approved or rejected, respectively, based on the approval or the rejection by the authorized representative.
2. (Original) The method of claim 1, wherein initiating the user device to capture a sequence of images further includes initiating capturing live video images of the user as the user is interacting with the device and initiating capture of at least one still image. 
3. (Original) The method of claim 2, further including initiating capturing of live audio of the 
4. (Cancelled) 
5. (Currently amended) The method of claim [[4]]1, further including commanding the camera of the device to adjust focus to capture activity in the background and periphery. 
6. (Currently amended) The method of claim [[4]]1, wherein initiating the user device to capture a sequence of images of the user to be authenticated includes capturing a temporal sequence of 10 to 20 frames of the user, including the background and the periphery commencing prior to the user activating the control of the camera; and 
capturing at least one snapshot including a close up presentation of a user’s head and having a narrower field of view than the camera of the user device. 
7. (Original) The method of claim 1, further including revealing to an authorized representative a chain of evidence indicating that a crime is being committed by:
storing in an activity database an activity data structure for each of a plurality of authentication attempts, including legitimate authentication attempts and fraudulent authentication attempts, the activity data structure including an activity attribute selected from a geolocation, a machine identifier and a network based identifier;
receiving from the authorized representative a selection indicating interest in a particular activity data structure representing one of the plurality of authentication attempts;
searching the activity database for additional activity data structures having one or more activity attributes related to the particular activity data structure selected; and
providing results of the search to the authorized representative; thereby revealing to the authorized representative a set of authentication attempts related by the one or more activity attribute and indicating criminal activity. 
8. (Original) The method of claim 7, wherein searching the activity database includes detecting patterns of behavior of users being authenticated that indicate criminal activity. 
9. (Original) The method of claim 8, wherein detecting patterns of behavior of users being authenticated that indicate criminal activity includes detecting at least one selected from a common picture, a common background and a common ID used in different authentication 
10. (Original) The method of claim 7, wherein searching the activity database includes performing a search of data entries for activity occurring in the security service system logged in a non-relational format in an activity database. 
11. (Original) The method of claim 7, further including storing in the activity database a time when an authentication is submitted, a time when an authentication request is created. 
12. (Original) The method of claim 7, further including responsive to receiving an indication from the authorized representative that a particular activity is fraudulent:
marking the particular activity as fraudulent;
searching the database for related activities; and 
presenting to the authorized representative for review any related activities uncovered by searching. 
13. (Original) The method of claim 7, further including using the activity database, tracking events performed by the authorized representative of a client of the security service. 
14. (Original) The method of claim 7, further including storing in the activity database a time when an authentication is submitted, a time when an authentication request is created. 
15. (Original) The method of claim 1, further including sending the user device a link prompting the user to authenticate with the security server. 
16. (Original) The method of claim 15, further including receiving from the user device a request to perform an action requires the user to authenticate with the security service. 
17. (Original) The method of claim 15, further including receiving from the authorized representative of the client of the security service system, a configurable set of criteria required for the user to authenticate with the client. 
18. (Original) The method of claim 1, further including: 
creating an encryption key; 
using the encryption key, encrypting the sequence of images as a string base 64; and
storing the string base 64 on a server inaccessible to the user being authenticated. 

20. (Currently amended) A non-transitory computer readable memory storing program instructions for detecting fraudulent activity during authenticating users and user identifications, which instructions when executed by one or more processors perform a method including:
receiving at a security server implementing a security service system, a request from a user device of a user seeking to authenticate with the security server;
initiating the user device to prompt the user seeking to authenticate with the security server to present one or more identification documents to a camera of the user device and to present their face and to select a control to trigger capture of images of the one or more identification documents and face of the user by the user device;
initiating the user device to capture a sequence of images of the user to be authenticated commencing when the camera is operational and prior to receiving from the user a selection of the control that triggers capture of images continuing until detecting that the user has selected the control to trigger capture of images, thereby enabling capture of activity performed by the user prior to and contemporaneous with selecting the control, including any attempted fraudulent activity of the user to be authenticated; 
triggering display by the user device of a live video image of the user, the live video image displayed comprising a close up presentation of the user’s head and having a narrower field of view than the camera of the user device, wherein the camera of the user device captures imagery of at least one of background and periphery including any objects and actions therein, and wherein the user is not aware that the camera of the user device is capturing the imagery of the at least one of background and periphery; 
providing, ; and 
marking the authentication request as approved or rejected, respectively, based on the approval or the rejection by the authorized representative.


a network interface that receives requests to authenticate from user devices equipped with cameras; and
a security server including one or more processors coupled to memory storing instructions implementing a security service, which instructions when executed by the one or more processors:
receive via the network interface requests from user devices of users seeking to authenticate;
initiate the user device to prompt a user seeking to authenticate with the security server to present to a camera of their user device one or more identification documents and to present their face and to select a control to trigger capture of images of the one or more identification documents and face of the user by the user device;
initiate the user device to capture a sequence of images of the user to be authenticated commencing when the camera is operational and prior to receiving from the user a selection of the control that triggers capture of images and continuing until detecting that the user has selected the control to trigger capture of images, thereby enabling capture of activity performed by the user prior to and contemporaneous with selecting the control, including any attempted fraudulent activity of the user to be authenticated; 
trigger display by the user device of a live video image of the user, the live video image displayed comprising a close up presentation of the user’s head and having a narrower field of view than the camera of the user device, wherein the camera of the user device captures imagery of at least one of background and periphery including any objects and actions therein, and wherein the user is not aware that the camera of the user device is capturing the imagery of the at least one of background and periphery; 
provide, ; and 
mark the authentication request as approved or rejected, respectively, based on the approval or the rejection by the authorized representative.

Conclusion
Any inquiry concerning this communication or earlier communications from the examiner should be directed to NOURA ZOUBAIR whose telephone number is (571)270-7285.  The examiner can normally be reached on Monday - Friday.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Kambiz Zand can be reached on 571-272-3811.  The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system.  Status information for published applications may be obtained from either Private PAIR or Public PAIR.  Status information for unpublished applications is available through Private PAIR only.  For more information about the PAIR system, see http://pair-direct.uspto.gov. Should you have questions on access to the Private PAIR system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative or access to the automated information system, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.



/NOURA ZOUBAIR/Primary Examiner, Art Unit 2434