DETAILED ACTION
Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .
This in response to the remarks and amendments dated 12/17/2020. Claims 13-20, as amended, are currently pending and have been fully considered below.

Claim Rejections - 35 USC § 102
The following is a quotation of the appropriate paragraphs of 35 U.S.C. 102 that form the basis for the rejections under this section made in this Office action:
A person shall be entitled to a patent unless –

(a)(1) the claimed invention was patented, described in a printed publication, or in public use, on sale, or otherwise available to the public before the effective filing date of the claimed invention.

Claims 13-15 and 17-18 are rejected under 35 U.S.C. 102(a)(1) as being anticipated by Harmon (U.S. Patent Publication No. 2015/0310444).
As per claim 13, Harmon discloses a method, comprising:
activating a monitor operation on a device based on actions of a user with respect to at least one resource associated with the device 
(see fig. 9 and [0071] The method 10 includes receiving, at a host device (e.g., from a client device or an identity provider), a signal indicative of an authentication request to access a resource from a set of resources, at 11 (e.g., authentication information, an authentication mode vector, etc.).);
gathering data as output from the monitor operation, and wherein the data is relevant to the actions 
([0037]In other instances, an authentication mode can be passive, where a user is not actively performing an authentication action such as, for example, collecting and/or  and
maintaining a user attribute profile for the user in response to the data, and providing a current version of the user attribute profile on demand and passively authenticating the user based on the user attribute profile by computing a confidence value from the user attribute profile to one of a plurality of different levels of access for access of the user to the device, the at least one resource, or other resources of the device 
([0071] the authentication request can include data representing one or more authentication modes and/or methods, a user profile, an resource identifier, and/or the like. As described in detail above, the one or more authentication modes can be, for example, an active authentication mode, a passive authentication mode, and/or a combination thereof.
[0073] As described above, the host device and/or a policy application module (e.g., the policy application module 114) can calculate the resource confidence value associated with the authentication request based on the authentication data included in the authentication request and the authentication policy (i.e., the risk mitigation table, the resource vulnerability table, and the resource confidence threshold vector).).

As per claim 14, Harmon discloses wherein activating further includes detecting at least one action based on an event raised on the device when the user accesses the resource 
([0082] Where methods and/or events described above indicate certain events and/or procedures occurring in certain order, the ordering of certain events and/or procedures may be modified. Additionally, certain events and/or procedures may be performed concurrently in a parallel process when possible, as well as performed sequentially as described above.).

As per claim 15, Harmon discloses wherein activating receiving further includes detecting at least one action when a communication associated with the resource is detected on a monitored communication port associated with the device 
(([0082] Where methods and/or events described above indicate certain events and/or procedures occurring in certain order, the ordering of certain events and/or procedures may be modified. Additionally, certain events and/or procedures may be performed concurrently in a parallel process when possible, as well as performed sequentially as described above.).

As per claim 17, Harmon discloses wherein maintaining further includes gathering the output from the monitor operation based on multiple actions of the user with respect to multiple resources 
(([0037]In other instances, an authentication mode can be passive, where a user is not actively performing an authentication action such as, for example, collecting and/or sampling data from a geolocation identifier (e.g., a global positioning system (GPS) identifier), an internet protocol (IP) address, a hard token, a session cookie, a software version, a proximity sensor, a transaction, a biometric scan, or historical data of a user.), 

As per claim 18, Harmon discloses wherein maintaining further includes managing the user attribute profile based at least in part on one or more of: a sequence with which the user performs the multiple actions with respect to each of the multiple resources and a time spent by the user in accessing each of the multiple resources 
([0043] In some instances, the policy definition module 113 can be configured to define and store in the database 120 a set of user profiles for each user and/or person associated with the resource 140 and/or the set of resources. In some instances, the user profile can include identifying information such as, for example, name, address, telephone number, picture, associated devices (e.g., a media access control (MAC) address for each device), biometric data, knowledge-based questions and answers, access privileges, authentication history data, etc.).

Claim Rejections - 35 USC § 103
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.

Claims 19-20 are rejected under 35 U.S.C. 103 as being unpatentable over Harmon in view of Smith (U.S. Patent Publication No. 2016/0182502).
As per claim 19, Harmon discloses a system, comprising: 
a device 
(([0003] For example, a user can be authenticated using a "what you have" method via an electronic device, a magnetic device, or combination thereof such as, a mobile electronic device (e.g., a smartphone, tablet, ultrabook, laptop, personal digital assistant (PDA), etc.), a key fob, a card or the like including a magnetic and/or electromagnetic component, etc.;).);

a resource profiler configured to: i) execute on the device 
([0043] In some instances, the policy definition module 113 can be configured to define and store in the database 120 a set of user profiles for each user and/or person associated with the resource 140 and/or the set of resources. In some instances, the user profile can include identifying information such as, for example, name, address, telephone number, picture, associated devices (e.g., a media access control (MAC) address for each device), biometric data, knowledge-based questions and answers, access privileges, authentication history data, etc.), 

ii) gather data relevant to a manner in which a user operates a resource, and
([0037]In other instances, an authentication mode can be passive, where a user is not actively performing an authentication action such as, for example, collecting and/or sampling data from a geolocation identifier (e.g., a global positioning system (GPS)  

by maintaining a user-attribute profile for the user based on the data and continuously computing a confidence value from the user attribute profile to one of a plurality of different levels of access for access of the user to the device, the resource, or other resources of the device 
([0071] the authentication request can include data representing one or more authentication modes and/or methods, a user profile, an resource identifier, and/or the like. As described in detail above, the one or more authentication modes can be, for example, an active authentication mode, a passive authentication mode, and/or a combination thereof.
[0073] As described above, the host device and/or a policy application module (e.g., the policy application module 114) can calculate the resource confidence value associated with the authentication request based on the authentication data included in the authentication request and the authentication policy (i.e., the risk mitigation table, the resource vulnerability table, and the resource confidence threshold vector).).

However, Harmon does not appear to explicitly disclose iii) continuously provide the data to passively authenticate the user.
Smith teaches user profile selection using contextual authentication with the feature of iii) continuously provide the data to passively authenticate the user ([0020] In embodiments, a continuous passively authenticated context may be maintained for each of the plurality of users.).
From this teaching of Smith, it would have been obvious to a person of ordinary skill in the art at the time the invention was filed to modify the system and method of Harmon to include the continuous passive authentication, taught by Smith in order to multi-user functionality.

As per claim 20, Harmon discloses wherein the device is one of: a mobile phone, a wearable processing device, a tablet, a laptop, a computer desktop, a Point-Of-Sale (POS) terminal, a Self-Service Terminal (SST), an Automated Teller Machine (ATM), an appliance, an attachable device attached to an apparatus operated by the user, and a vehicle 
([0003] For example, a user can be authenticated using a "what you have" method via an electronic device, a magnetic device, or combination thereof such as, a mobile electronic device (e.g., a smartphone, tablet, ultrabook, laptop, personal digital assistant (PDA), etc.), a key fob, a card or the like including a magnetic and/or electromagnetic component, etc.;).

Claims 16 are rejected under 35 U.S.C. 103 as being unpatentable over Harmon in view of Kobres (U.S. Patent Publication No. 2016/0063492).
As per claim 16, Harmon discloses the claimed invention but does not explicitly disclose wherein gathering further includes obtaining metadata from an operating system of the device and updating the data to include the metadata .
Kobres teaches methods and systems for passive authentication thorugh user attributes wherein gathering further includes obtaining metadata from an operating system of the device and updating the data to include the metadata 
([0137] According to an embodiment, at 321, the resource profiler obtains metadata from an operating system of the device and updates the data to include the metadata. In an embodiment, the metadata includes: time of day, day of week, calendar day, resource identifier for the resource, device identifier for the device, and the like.).
.

Conclusion
The prior art made of record and not relied upon is considered pertinent to applicant's disclosure. See Notice of References Cited Form attached.

Applicant's amendment necessitated the new ground(s) of rejection presented in this Office action.  Accordingly, THIS ACTION IS MADE FINAL.  See MPEP § 706.07(a).  Applicant is reminded of the extension of time policy as set forth in 37 CFR 1.136(a).  
A shortened statutory period for reply to this final action is set to expire THREE MONTHS from the mailing date of this action.  In the event a first reply is filed within TWO MONTHS of the mailing date of this final action and the advisory action is not mailed until after the end of the THREE-MONTH shortened statutory period, then the shortened statutory period will expire on the date the advisory action is mailed, and any extension fee pursuant to 37 CFR 1.136(a) will be calculated from the mailing date of the advisory action.  In no event, however, will the statutory period for reply expire later than SIX MONTHS from the date of this final action. 
Any inquiry concerning this communication or earlier communications from the examiner should be directed to SEYE IWARERE whose telephone number is (571)270-5112.  The examiner can normally be reached on M-F 8:00 - 16:30.

If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Fahd Obeid can be reached on (571) 270-3324.  The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system.  Status information for published applications may be obtained from either Private PAIR or Public PAIR.  Status information for unpublished applications is available through Private PAIR only.  For more information about the PAIR system, see https://ppair-my.uspto.gov/pair/PrivatePair. Should you have questions on access to the Private PAIR system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative or access to the automated information system, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.






/OLUSEYE IWARERE/Primary Examiner, Art Unit 3687