DETAILED ACTION
Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .
1.  This is in response to the communications filed on 17 May 2019.
2.  Claims 1-20 are pending in the application.
3.  Claims 1-20 have been rejected.
Claim Rejections - 35 USC § 103
In the event the determination of the status of the application as subject to AIA  35 U.S.C. 102 and 103 (or as subject to pre-AIA  35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status.  
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.

The factual inquiries for establishing a background for determining obviousness under 35 U.S.C. 103 are summarized as follows:
1. Determining the scope and contents of the prior art.
2. Ascertaining the differences between the prior art and the claims at issue.
3. Resolving the level of ordinary skill in the pertinent art.
4. Considering objective evidence present in the application indicating obviousness or nonobviousness.
4.  Claims 1-3, 6, 9, 11-13 and 19 is/are rejected under 35 U.S.C. 103 as being unpatentable over Narusawa et al US 2008/0052778 A1 (hereinafter Narusawa) in view of Clark US 2012/0089732 A1.
As to claim 1, Narusawa discloses a method of operating a secured device requiring user authentication, the method comprising: 
receiving a request from a user for operating the device without prior authentication (i.e. a guest user by using a predefined user ID provided for guest users or new authentication information that is temporarily registered by a system administrator) [0006]; 
granting the user temporary access to the device in accordance with a security policy, the security policy specifying at least one of a predetermined time interval or a predetermined number of device operations within which authentication must occur to continue at least some operations of the device (i.e. authentication includes a registration time and date and an expiration time and date) [0036]; 
upon determining that authentication has not been provided within the predetermined time interval or number of device operations, preventing at least some operations of the device and updating the audit trail to specify expiration of the temporary access (i.e. access is only permitted during a given access valid time period) [0017]. 
Narusawa does not teach computationally storing an audit trail identifying the temporary access and actions performed during the temporary access.
Clark teaches computationally storing an audit trail identifying the temporary access and actions performed during the temporary access (i.e. log the activities and transactions of users that is logged into a user database) [0041].
Therefore, it would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains to have modified Narusawa so that an audit trail would have been computationally stored identifying the temporary access and actions performed during the temporary access.
It would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains to have modified Narusawa by the teaching of Clark because it helps maintain and enforce permissions of a user [0040].
As to claim 2, Narusawa teaches the method of claim 1, further comprising updating the audit trail to include a time of authentication upon authentication of the user within the predetermined time interval or number of device operations (i.e. the “registration time and date” indicates time and date oat which a new user fingerprint data is stored after it has been authenticated) [0037]. 
As to claim 3, Narusawa teaches the method of claim 1, wherein the temporary access allows the user to perform only some operations of the device (i.e. limiting the range of guest-user accessibility) [0063]. 
As to claim 6, Narusawa teaches the method of claim 1, further comprising receiving provisional authentication, including user identification, from the user prior to granting the temporary access (i.e. by using a guest ID) [0006]. 
As to claim 9, Narusawa teaches the method of claim 1, wherein the predetermined time interval and/or predetermined number of device operations is set dynamically (i.e. time interval is set dynamically by user using an interface) [0051]. 
As to claim 11, Narusawa discloses a system for operating a secured device requiring user authentication, the system comprising: 
a user interface for receiving a request from a user for operating the device (i.e. key manipulation) [0033]; 
memory storing a security policy specifying at least one of a predetermined time interval or a predetermined number of device operations within which authentication must occur to continue at least some operations of the device (i.e. access control list stored in memory) [0041]; and 
a controller configured to: 
grant, without prior authentication, the user temporary access to the device in accordance with the security policy (i.e. a guest user by using a predefined user ID provided for guest users or new authentication information that is temporarily registered by a system administrator) [0006]; 
upon determining that authentication has not been provided within the predetermined time interval or number of device operations, prevent at least some operations of the device (i.e. access is only permitted during a given access valid time period) [0017] and update the audit trail to specify expiration of the temporary access (i.e. expiration time is updated after registration) [0038]. 
Narusawa does not teach computationally storing an audit trail identifying the temporary access and actions performed during the temporary access.
Clark teaches computationally storing an audit trail identifying the temporary access and actions performed during the temporary access (i.e. log the activities and transactions of users that is logged into a user database) [0041].
Therefore, it would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains to have modified Narusawa so that an audit trail would have been computationally stored identifying the temporary access and actions performed during the temporary access.
It would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains to have modified Narusawa by the teaching of Clark because it helps maintain and enforce permissions of a user [0040].
As to claim 12, Narusawa teaches the system of claim 11, wherein the controller is further configured to update the audit trail to include a time of authentication upon authentication of the user within the predetermined time interval or number of device operations (i.e. the “registration time and date” indicates time and date oat which a new user fingerprint data is stored after it has been authenticated) [0037]. 
As to claim 13, Narusawa teaches the system of claim 11, wherein the temporary access allows the user to perform only some operations of the device (i.e. only a certain range) [0012]. 
As to claim 19, Narusawa teaches the system of claim 11, wherein the controller is further configured to dynamically set the predetermined time interval and/or predetermined number of device operations (i.e. expiration time is updated after registration) [0038].
5.  Claims 4, 10, 14 and 20 is/are rejected under 35 U.S.C. 103 as being unpatentable over Narusawa et al US 2008/0052778 A1 (hereinafter Narusawa) and Clark US 2012/0089732 A1 as applied to claims 1 and 11 above, and further in view of DiFalco et al US 2007/0043786 A1 (hereinafter DiFalco).
As to claim 4, the Narusawa-Clark combination does not teach the method of claim 1, further comprising, upon determining that the user has failed to provide authentication within the predetermined time interval or number of device operations, causing at least one of (i) generation of an alert to the user or supervisory personnel or (ii) reversal of any adjustments to the device made by the user. 
DiFalco teaches reversal of any adjustments to the device made by the user (i.e. reverting of changes) [0031]. 
Therefore, it would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains to have modified the Narusawa-Clark combination so that upon determining that the user had failed to provide authentication within the predetermined time interval or number of device operations, causing reversal of any adjustments to the device made by the user. 
It would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains to have modified the Narusawa-Clark combination by the teaching of DiFalco because it helps manage changes made to data processing devices by using compliance [0002].
As to claim 10, the Narusawa-Clark combination does not teach the method of claim 1, further comprising, upon determining that the user has failed to provide authentication within the predetermined time interval or number of device operations and receiving a request from a second user for operating the device, causing at least one of (i) generation of a message to the second user or supervisory personnel or (ii) reversal of any adjustments to the device made by the user. 
DiFalco teaches reversal of any adjustments to the device made by the user (i.e. reverting of changes) [0031]. 
Therefore, it would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains to have modified the Narusawa-Clark combination so that upon determining that the user had failed to provide authentication within the predetermined time interval or number of device operations and receiving a request from a second user for operating the device, causing reversal of any adjustments to the device made by the user. 
It would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains to have modified the Narusawa-Clark combination by the teaching of DiFalco because it helps manage changes made to data processing devices by using compliance [0002].
As to claim 14, the Narusawa-Clark combination does not teach the system of claim 11, wherein the controller is further configured to: 
upon determining that the user has failed to provide authentication within the predetermined time interval or number of device operations, cause at least one of (i) generation of an alert to the user or supervisory personnel or (ii) reversal of any adjustments to the device made by the user.
DiFalco teaches reversal of any adjustments to the device made by the user (i.e. reverting of changes) [0031]. 
Therefore, it would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains to have modified the Narusawa-Clark combination so that upon determining that the user had failed to provide authentication within the predetermined time interval or number of device operations, causing reversal of any adjustments to the device made by the user. 
It would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains to have modified the Narusawa-Clark combination by the teaching of DiFalco because it helps manage changes made to data processing devices by using compliance [0002].
As to claim 20, the Narusawa-Clark combination does not teach the system of claim 11, wherein the controller is further configured to cause, upon determining that the user has failed to provide authentication within the predetermined time interval or number of device operations and receiving a request from a second user for operating the device, at least one of (i) generation of a message to the second user or supervisory personnel or (ii) reversal of any adjustments to the device made by the user.
DiFalco teaches reversal of any adjustments to the device made by the user (i.e. reverting of changes) [0031]. 
Therefore, it would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains to have modified the Narusawa-Clark combination so that upon determining that the user had failed to provide authentication within the predetermined time interval or number of device operations and receiving a request from a second user for operating the device, causing reversal of any adjustments to the device made by the user. 
It would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains to have modified the Narusawa-Clark combination by the teaching of DiFalco because it helps manage changes made to data processing devices by using compliance [0002].
6.  Claims 5 and 15 is/are rejected under 35 U.S.C. 103 as being unpatentable over Narusawa et al US 2008/0052778 A1 (hereinafter Narusawa), Clark US 2012/0089732 A1 and DiFalco et al US 2007/0043786 A1 (hereinafter DiFalco) as applied to claims 4 and 14 above, and further in view of Susco et al US 2019/0147667 A1 (hereinafter Susco).
As to claim 5, the Narusawa-Clark-DiFalco combination does not teach the method of claim 4, further comprising accepting, as authentication, a permission remotely provided by previously authenticated personnel in accordance with an institutional security policy. 
Susco teaches accepting, as authentication, a permission remotely provided by previously authenticated personnel (i.e. administrator being authorized) [0021] in accordance with an institutional security policy (i.e. receiving permission from the administrator) [0027].
Therefore, it would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains to have modified the Narusawa-Clark-DiFalco combination so that permission would have been accepted, as authentication, remotely provided by previously authenticated personnel in accordance with an institutional security policy.
It would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains to have modified the Narusawa-Clark-DiFalco combination by the teaching of Susco because it helps to prevent unauthorized access [0021].
As to claim 15, the Narusawa-Clark-DiFalco combination does not teach the system of claim 14, wherein the memory further stores an institutional security policy, the controller being further configured to accept, as authentication, a permission remotely provided by previously authenticated personnel in accordance with the institutional security policy. 
Susco teaches accepting, as authentication, a permission remotely provided by previously authenticated personnel (i.e. administrator being authorized) [0021] in accordance with an institutional security policy (i.e. receiving permission from the administrator) [0027].
Therefore, it would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains to have modified the Narusawa-Clark-DiFalco combination so that permission would have been accepted, as authentication, remotely provided by previously authenticated personnel in accordance with an institutional security policy.
It would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains to have modified the Narusawa-Clark-DiFalco combination by the teaching of Susco because it helps to prevent unauthorized access [0021].
7.  Claim 7 is/are rejected under 35 U.S.C. 103 as being unpatentable over Narusawa et al US 2008/0052778 A1 (hereinafter Narusawa) and Clark US 2012/0089732 A1 as applied to claim 6 above, and further in view of Sircana US 2018/0241736 A1.
As to claim 7, the Narusawa-Clark combination does not teach the method of claim 6, wherein the provisional authentication is based on the user's proximity to the device without user action. 
Sircana teaches that the provisional authentication is based on the user's proximity to the device without user action (i.e. proximity to the service and holding temporary status) [0020]. 
Therefore, it would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains to have modified the Narusawa-Clark combination so that the provisional authentication would have been based on the user's proximity to the device without user action. 
It would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains to have modified the Narusawa-Clark combination by the teaching of Sircana because it decreases or eliminates the involvement and facilitation between the user and the service of interest to the user [0004].
8.  Claims 8 and 18 is/are rejected under 35 U.S.C. 103 as being unpatentable over Narusawa et al US 2008/0052778 A1 (hereinafter Narusawa) and Clark US 2012/0089732 A1 as applied to claims 1 and 11 above, and further in view of Ono US 2019/0050422 A1.
As to claim 8, the Narusawa-Clark combination does not teach the method of claim 1, wherein the audit trail includes an identification of the user, an identification of the device and a time stamp associated with each of the user's operations of the device. 
Ono teaches that the audit trail includes an identification of the user (i.e. user ID) [abstract], an identification of the device (i.e. device ID) [abstract] and a time stamp associated with each of the user's operations of the device (i.e. user activity) [figure 4].
Therefore, it would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains to have modified the Narusawa-Clark combination so that the audit trail would have included an identification of the user, an identification of the device and a time stamp associated with each of the user's operations of the device.
It would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains to have modified the Narusawa-Clark combination by the teaching of Ono because the audit trail guarantees the integrity of a data file [0006].
As to claim 18, the Narusawa-Clark combination does not teach the system of claim 11, wherein the audit trail includes an identification of the user, an identification of the device and a time stamp associated with each of the user's operations of the device.
Ono teaches that the audit trail includes an identification of the user (i.e. user ID) [abstract], an identification of the device (i.e. device ID) [abstract] and a time stamp associated with each of the user's operations of the device (i.e. user activity) [figure 4].
Therefore, it would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains to have modified the Narusawa-Clark combination so that the audit trail would have included an identification of the user, an identification of the device and a time stamp associated with each of the user's operations of the device.
It would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains to have modified the Narusawa-Clark combination by the teaching of Ono because the audit trail guarantees the integrity of a data file [0006].
9.  Claim 16 is/are rejected under 35 U.S.C. 103 as being unpatentable over Narusawa et al US 2008/0052778 A1 (hereinafter Narusawa) and Clark US 2012/0089732 A1 as applied to claim 11 above, and further in view of Ting et al US 2019/0313252 A1 (hereinafter Ting).
As to claim 16, the Narusawa-Clark combination does not teach the system of claim 11, further comprising at least one of a hands-free authentication system or a real-time location system (RTLS) for receiving provisional authentication, including user identification, from the user prior to granting the temporary access. 
Ting teaches at least one of a hands-free authentication system or a real-time location system (RTLS) (i.e. RTLS) [abstract] for receiving provisional authentication, including user identification, from the user prior to granting the temporary access [0037].
Therefore, it would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains to have modified the Narusawa-Clark combination so that there would have been a real-time location system (RTLS) for receiving provisional authentication, including user identification, from the user prior to granting the temporary access. 
It would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains to have modified the Narusawa-Clark combination by the teaching of Ting because it provides a probabilistic determination that an even has occurred [abstract].
10.  Claim 17 is/are rejected under 35 U.S.C. 103 as being unpatentable over Narusawa et al US 2008/0052778 A1 (hereinafter Narusawa), Clark US 2012/0089732 A1 and Ting et al US 2019/0313252 A1 (hereinafter Ting) as applied to claim 16 above, and further in view of Sircana US 2018/0241736 A1.
As to claim 17, the Narusawa-Clark-Ting combination does not teach the system of claim 16, wherein the provisional authentication is based on the user's proximity to the device without user action. 
Sircana teaches that the provisional authentication is based on the user's proximity to the device without user action (i.e. proximity to the service and holding temporary status) [0020]. 
Therefore, it would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains to have modified the Narusawa-Clark-Ting combination so that the provisional authentication would have been based on the user's proximity to the device without user action. 
It would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains to have modified the Narusawa-Clark-Ting combination by the teaching of Sircana because it decreases or eliminates the involvement and facilitation between the user and the service of interest to the user [0004].
Relevant Prior Art
11.  The following references have been considered relevant by the examiner:
A.  Shankar US 2020/0412741 A1 directed to providing resource policy management based on a pre-commit verification engine [abstract].
B.  Nambisan et al US 2018/0183806 A1 directed to a policy management system that may receive, from a scheduling application, a request to provision access for a guest [abstract].
C.  Allen US 2018/0211005 A1 directed to a mechanism for implementing localized device specific limitations on access to patient medical information [0001].
Conclusion
12.	Any inquiry concerning this communication or earlier communications from the examiner should be directed to ARAVIND K MOORTHY whose telephone number is (571)272-3793.  The examiner can normally be reached on M-F 7:30-7:30.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Saleh Najjar can be reached on 571-272-4006.  The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system.  Status information for published applications may be obtained from either Private PAIR or Public PAIR.  Status information for unpublished applications is available through Private PAIR only.  For more information about the PAIR system, see https://ppair-my.uspto.gov/pair/PrivatePair. Should you have questions on access to the Private PAIR system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative or access to the automated information system, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.






/ARAVIND K MOORTHY/            Primary Examiner, Art Unit 2492