DETAILED ACTION

Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .

Claim Rejections - 35 USC § 103
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.

Claims 1-20 are rejected under 35 U.S.C. 103 as being unpatentable over Masters et al. (US Pub. 20170046892 A1) and further in view of Griffiths et al. (US Pub. 20150242601 A1).

Regarding claim 1, Masters discloses a computer-implemented method comprising:
sending, by one or more processors, a validation token to a cloud-based system and updating, by one or more processors, a record associated with the user in the cloud-based system (para. 39, 65- the authentication module 130 may compare the received credentials and/or token 128 with the physical access attribute information 132 managed by the directory service 118 of the domain controller 112 to determine if the credentials and/or token 128 are associated with a user having current access rights to the access-controlled area 104. If the credentials and/or token 128 are associated with a user having current access rights, the access control system 102 may issue one or more control signals 136 to an access control device 110 associated with an access point 108 of the access-controlled area 104.); 
in response to an attempt to access a secure area, transmitting, by one or more processors, the validation token to a second device (para. 58- To authenticate their rights to physically access an access-controlled area, a user may provide certain authentication credentials to a physical access control interface 124 associated with the access-controlled area. For example, as illustrated, a user may present an access card to a physical access control interface 124 comprising a card reader. Authentication credentials stored on the card such as a token may be read from the physical access control interface 124 and communicated to an associated access control system 102); and 
verifying the validation token by the second device with the cloud-based system. (para. 37, 39- In connection with a physical access authentication process, the authentication module 130 may compare the received credentials and/or token 128 with the physical access attribute information 132 managed by the directory service 118 of the domain controller 112 to determine if the credentials and/or token 128 are associated with a user having current access rights to the access-controlled area 104)


Regarding claim 2, Masters discloses in the method of claim 1, further comprising: registering, by one or more processors, the first device associated with the user with the cloud-based system. (para. 39- In connection with a physical access authentication process, the authentication module 130 may compare the received credentials and/or token 128 with the physical access attribute information 132 managed by the directory service 118 of the domain controller 112 to determine if the credentials and/or token 128 are associated with a user having current access rights to the access-controlled area 104)

Regarding claim 3, Griffiths discloses in the method of claim 1, wherein the specified time intervals are time intervals based on activities of the user using the first device. (para. 40- One or more components of the trust vector may be continuously updated within the mobile device to provide continuous authentication. The updated trust vector with the updated authentication information may be sent or otherwise transmitted to the authenticating entity, for example, in a continuous, quasi-continuous or periodic manner, upon request by the authenticating entity; para. 59- a use case scenario is illustrated in which a user is seeking to engage in a mobile banking transaction with an authenticating entity such as a cloud-based bank. This scenario includes the use of multiple types of authentication inputs including traditional username/password and biometric information. In this illustrated example, it is assumed that the user has a prior enrollment or a previous registration with the website. The initial transaction to check an account is followed by a request to perform the transaction between subaccounts. In this example, the website requires an upgrade to the TV to include one or more acceptable credentials (such as a username and password, or a digital certificate) that may be released upon successful fingerprint authentication of the registered user. After a certain period of time or a certain number of additional transactions, the website may require additional authentication for additional transactions.)

Regarding claim 4, Griffiths discloses in the method of claim 1, wherein verifying the identity of the user is based on a usage pattern of the first device by the user. (para. 54- It should be appreciated that a wide variety of TV components may be utilized with a wide variety of different types of sensor inputs and the TV components may include the scoring of those TV components. Additional examples may include one or more TV components associated with sensor output information for iris, retina, palm, skin features, cheek, ear, vascular structure, hairstyle, hair color, eye movement, gait, behavior, psychological responses, contextual behavior, clothing, answers to questions, signatures, PINs, keys, badge information, RFID tag information, NFC tag information, phone numbers, personal witness, and time history attributes)

Regarding claim 5, Griffiths discloses in the method of claim 4, wherein the usage pattern is selected from the group consisting of: typing rhythm, typing pressure, keyboard dynamics, text habit, walk gait, and global positioning system commute path. (para. 54- It should be appreciated that a wide variety of TV components may be utilized with a wide variety of different types of sensor inputs and the TV components may include the scoring of those TV components. Additional examples may include one or more TV components associated with sensor output information for iris, retina, palm, skin features, cheek, ear, vascular structure, hairstyle, hair color, eye movement, gait, behavior, psychological responses, contextual behavior, clothing, answers to questions, signatures, PINs, keys, badge information, RFID tag information, NFC tag information, phone numbers, personal witness, and time history attributes)

Regarding claim 6, Griffiths discloses in the method of claim 1, wherein verifying the identity of the user is based on biometric information collected from the user. (para. 28, 54- It should be appreciated that a wide variety of TV components may be utilized with a wide variety of different types of sensor inputs and the TV components may include the scoring of those TV components. Additional examples may include one or more TV components associated with sensor output information for iris, retina, palm, skin features, cheek, ear, vascular structure, hairstyle, hair color, eye movement, gait, behavior, psychological responses, contextual behavior, clothing, answers to questions, signatures, PINs, keys, badge information, RFID tag information, NFC tag information, phone numbers, personal witness, and time history attributes)


Regarding claim 7, Griffiths discloses in the method of claim 6, wherein the biometric information is selected from the group consisting of: fingerprint, signature dynamics, palm veins, face recognition, DNA, palm print, hand geometry, hand topography, iris recognition, retina, odor and scent. (para. 28, 54- It should be appreciated that a wide variety of TV components may be utilized with a wide variety of different types of sensor inputs and the TV components may include the scoring of those TV components. Additional examples may include one or more TV components associated with sensor output information for iris, retina, palm, skin features, cheek, ear, vascular structure, hairstyle, hair color, eye movement, gait, behavior, psychological responses, contextual behavior, clothing, answers to questions, signatures, PINs, keys, badge information, RFID tag information, NFC tag information, phone numbers, personal witness, and time history attributes)

Regarding claims 8-14, they merely recite a computer program that when executed, performs the functional steps of method claims 1-7, and thus, rejected for the same rationale. 

Regarding claims 15-20, they are rejected as applied to claims 1-6 because a corresponding system would have been necessitated to carry forth the method steps of claim 1-6.  The applied prior art also discloses the corresponding architecture.  

Conclusion


Any inquiry concerning this communication or earlier communications from the examiner should be directed to WILLIAM A CORUM JR whose telephone number is (303)297-4234.  The examiner can normally be reached on Mon. - Fri. 8 AM - 5 PM EST.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Jeffrey Pwu can be reached on (571)272-6798.  The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system.  Status information for published applications may be obtained from either Private PAIR or Public PAIR.  Status information for unpublished applications is available through Private PAIR only.  For more information about the PAIR system, see https://ppair-my.uspto.gov/pair/PrivatePair. Should you have questions on access to the Private PAIR system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative or access to the automated information system, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.






/WILLIAM A CORUM JR/Examiner, Art Unit 2433             

/JEFFREY C PWU/Supervisory Patent Examiner, Art Unit 2433