DETAILED ACTION
	This Office Action is in response to the First Action Interview- Enrollment Request dated 05/11/2020.

Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .

Double Patenting
The nonstatutory double patenting rejection is based on a judicially created doctrine grounded in public policy (a policy reflected in the statute) so as to prevent the unjustified or improper timewise extension of the “right to exclude” granted by a patent and to prevent possible harassment by multiple assignees. A nonstatutory double patenting rejection is appropriate where the conflicting claims are not identical, but at least one examined application claim is not patentably distinct from the reference claim(s) because the examined application claim is either anticipated by, or would have been obvious over, the reference claim(s). See, e.g., In re Berg, 140 F.3d 1428, 46 USPQ2d 1226 (Fed. Cir. 1998); In re Goodman, 11 F.3d 1046, 29 USPQ2d 2010 (Fed. Cir. 1993); In re Longi, 759 F.2d 887, 225 USPQ 645 (Fed. Cir. 1985); In re Van Ornum, 686 F.2d 937, 214 USPQ 761 (CCPA 1982); In re Vogel, 422 F.2d 438, 164 USPQ 619 (CCPA 1970); In re Thorington, 418 F.2d 528, 163 USPQ 644 (CCPA 1969).
A timely filed terminal disclaimer in compliance with 37 CFR 1.321(c) or 1.321(d) may be used to overcome an actual or provisional rejection based on nonstatutory et seq. for applications not subject to examination under the first inventor to file provisions of the AIA . A terminal disclaimer must be signed in compliance with 37 CFR 1.321(b). 
The USPTO Internet website contains terminal disclaimer forms which may be used. Please visit www.uspto.gov/patent/patents-forms. The filing date of the application in which the form is filed determines what form (e.g., PTO/SB/25, PTO/SB/26, PTO/AIA /25, or PTO/AIA /26) should be used. A web-based eTerminal Disclaimer may be filled out completely online using web-screens. An eTerminal Disclaimer that meets all requirements is auto-processed and approved immediately upon submission. For more information about eTerminal Disclaimers, refer to www.uspto.gov/patents/process/file/efs/guidance/eTD-info-I.jsp.

Claims 1-2, 10, 13, 15-16 and 20 are rejected on the ground of nonstatutory double patenting as being unpatentable over claims 1, 2, 5, 14-15 18 and 20 of U.S. Patent No.10,652,238. Although the claims at issue are not identical, they are not patentably distinct from each other because the scopes of the claims are the same as exemplified below.
                 Instant Application 
Claim 1:
     A method comprising: 

     determining, based on the authentication credentials, one or more user models personalized to a user associated with the user device; 
     associating each of the one or more user models with a use-pose of the user during entry of the authentication credentials; 
     receiving, from the user device, a current submission comprising (i) current authentication data indicative of a current entry of the authentication credentials and (ii) current scenario data comprising current device elevation data and current device orientation data; 
     for each of the one or more user models: 



          comparing the current authentication data to a corresponding user model of the one or more user models; and 

    

     responsive to determining that the level of similarity is above a predetermined threshold, determining that the current submission meets a secondary authentication requirement.














































                Patent 10,652,238
Claim 1: 
     A system comprising: 

     memory storing instructions, that when executed by the one or more processors, cause the system to: 
          










          receive, from a user device, first behavioral biometric data indicative of a first current entry of primary authentication credentials on the user device, the primary authentication credentials being a username and password and the first behavioral biometric data comprising current typing time data indicative of a period of time taken for input of the first current entry of the primary authentication credentials into the user device; 
          compare the received first behavioral biometric data to a first user model, the first user model comprising first model time data, the first 
          responsive to determining, based on the comparison, that a level of similarity between the received first behavioral biometric data and the stored behavioral biometric data of the first user model is at or above a first predetermined threshold corresponding to secondary authentication of entries of primary authentication credentials, determine that the first current entry of primary authentication credentials meets a secondary authentication requirement; 
          responsive to determining that the level of similarity is below the first predetermined threshold, initiate a secondary authentication method with the user of the user device; 
          responsive to (i) the secondary authentication method being validated and (ii) determining that the level of similarity is below a second predetermined threshold that is less than the first predetermined threshold and indicates that the primary authentication credentials were entered via a second credential entry method different from the first credential entry method, associate the received first behavioral biometric 
          associate the first user model and the second user model with the user device; 
          subsequent to receiving the first current entry of the primary authentication credentials, receive second behavioral biometric data indicative of a second current entry of the primary authentication credentials; 
          determine a first level of similarity based on a comparison of the received second behavioral biometric data to the first user model and a second level of similarity based on a comparison of the received second behavioral biometric data to the second user model; and 
          responsive to determining that the first and second levels of similarity are both below the second predetermined threshold, associate the received second behavioral biometric data with a third user model, the third user model being associated with a third credential entry method.


Claim Rejections - 35 USC § 103
In the event the determination of the status of the application as subject to AIA  35 U.S.C. 102 and 103 (or as subject to pre-AIA  35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status.  
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.

Claims 1-4, 6-14 and 17-20 are rejected under 35 U.S.C. 103 as being unpatentable over Moritz (US Patent 9,185,095 B1-hereinafter Moritz) and in view of Yeom (US 2015/0113633 A1-hereinafter Yeom.)

receiving, from a user device, one or more submissions comprising (i) authentication credentials (at least figure 5, step 510, column 7, lines 27-48; column 21, 46; column 9, lines 32-34, user name and password are received); 
determining, based on the authentication credentials, one or more user models personalized to a user associated with the user device (at least column 7, lines 14-26; column 9, line 58-column 12, line 37; column 11, lines 42-53; column 12, lines 49-67, user profile is determined based on the user name and password associated with a device); 
receiving, from the user device, a current submission comprising current authentication data indicative of a current entry of the authentication credentials (at least figure 5, step 510, column 7, lines 27-48; column 21, lines 25-46, user name and password for a current session are received)
for each of the one or more user models: 
comparing the current authentication data to a corresponding user model of the one or more user models (at least column 4, line 60-column 5, line 17; column 10, line 45-column 11, line 34; column 19, lines 12-26, comparing information collected from current session to information stored from previous sessions); and 
determining a level of similarity between the current authentication data and the corresponding user model of the one or more user models (at least column 19, lines 12-26; column 22, lines 11-23, variation level is determined); and 
(column 5, lines 18-28; column 19, line 62-column 20, line 6; column 22, lines 11-23, if variation identified is small, user is allowed to proceed without having to provide additional information.)
Moritz does not disclose receiving scenario data comprising device elevation data and device orientation data, the scenario data being contemporaneously detected by one or more sensors of the user device along with a corresponding entry of the authentication credentials, associating each of the one or more user models with a use-pose of the user during entry of the authentication credentials; and current scenario data comprising current device elevation data and current device orientation data; 
However, Yeom discloses receiving scenario data comprising device elevation data and device orientation data, the scenario data being contemporaneously detected by one or more sensors of user device along with a corresponding entry of authentication credentials (at least [0040][0069], movement (elevation data) and rotation (orientation) data of electronic device are received at the time password is inputted), associating one or more user models with a use-pose of the user during entry of the authentication credentials (at least figure 4; [0079]-[0080], an input condition of user is associated with password input); and current scenario data comprising current device elevation data and current device orientation data (at least figures 5A & 5B, [0040][0069][0085], input condition of current session includes movement and rotation data);


Regarding claim 2, Moritz and Yeom disclose the method of claim 1. Moritz also discloses responsive to determining that at least one of each level of similarity is not above the predetermined threshold, transmitting, to the user device, a request for secondary authentication credentials (column 5, lines 18-28; column 9, line 58-column 10, line 3; column 19, line 51-column 20, line 28, if variation is high, request additional information from user;)  

Regarding claim 3, Moritz and Yeom disclose the method of claim 1. Moritz and Yeom also disclose receiving, from the user device and for each of the one or more submissions, time data indicating a time associated with an entry of the corresponding entry of the authentication credentials (Moritz-at least column 7, line 35-37, i.e.: time of day user logs to  in); and  
for each user model of the one or more user models, determining a time range during which the use-pose associated with the corresponding user model is likely to be used (Moritz-column 7, line 35-40, i.e.: times associated with activities; Yeom-i.e.: [0079][0080], input condition when password is input.)  

Regarding claim 4, Moritz and Yeom disclose the method of claim 1. Moritz and Yeom also disclose the scenario data for each of the one or more submissions further (Moritz- column 7, lines 40-46; column 10, lines 26-29, i.e.: location/where device was used to carry out transaction; Yeom-at least figure 1, element 134, location information section), the method further comprising, for each of the one or more user models, determining a geographic area within which the use-pose associated with the corresponding user model is likely to be used (Moritz- column 7, lines 40-46; column 10, lines 26-29, i.e.: location/where device was used to carry out transaction; Yeom-at least figure 1, element 134, location information section.)  

Regarding claim 6, Moritz and Yeom disclose the method of claim 1. Moritz and Yeom also disclose the user device is a user device of a plurality of user devices (Moritz-at least column 7, lines 40-46; column 9, lines 5-40, i.e.: mobile device smf s computer), the method further comprising: 
receiving, from each of the plurality of user devices, one or more submissions comprising (i) authentication credentials and (ii) scenario data comprising device elevation data and device orientation data, the scenario data being detected, by one or more sensors of the user device, contemporaneously with a corresponding entry of the authentication credentials (Moritz- at least figure 5, step 510, column 7, lines 27-48; column 21, 46; column 9, lines 32-34, user name and password are received; Yeom-(at least [0040][0069], movement (elevation data) and rotation (orientation) data of electronic device are received at the time password is input); 
(Moritz-at least column 7, lines 14-26; column 9, line 58-column 12, line 37; column 11, lines 42-53; column 12, lines 49-67, user profile is determined based on the user name and password associated with each device (i.e.: computer or mobile device); and 
associating each of the one or more device-specific user models with a use-pose of the user using a corresponding user device of the plurality of user devices during one or more entries of the authentication credentials (Moritz-column 7, lines 14-26; column 9, line 58-column 12, line 37; column 11, lines 42-53; column 12, lines 49-67, user profile is generated with each device;  Yeom-at least figure 4; [0079]-[0080], an input condition of user is associated with password input.)

Regarding claim 7, Moritz and Yeom disclose the method of claim 1. Moritz also discloses the user device is a handheld mobile device (at least column 9, lines 5-20, smartphone.)

Regarding claim 8, Moritz and Yeom disclose the method of claim 1. Yeom also discloses the user device comprises all of the one or more sensors within a single housing (at least figures 1 & 2, sensor unit, camera unit, audio unit are all located within the user’s electronic device.)


for each of the one or more user models: 
responsive to determining that the level of similarity between the current authentication data and the corresponding user model of the one or more user models is below the first predetermined threshold and a second predetermined threshold (column 5, lines 18-28; column 9, line 58-column 10, line 3; column 19, line 51-column 20, line 28, if variations identified is high, and activity is below a reliable level/high risk): 
initiate a secondary authentication method (at least column 19, line 51-column 20, line 28, additional information is required from user); and 
update the one or more user models with a new user model that is associated with the user device and the current scenario data (column 7, lines 14-26; column 20, lines 24-35, information stored is updated with newly information received.)

Claim 10 is rejected for the same rationale as claim 1 above.
Claim 11 is rejected for the same rationale as claim 4 above.
Claim 12 is rejected for the same rationale as claim 3 above.

Regarding claim 13, Moritz discloses a system comprising: 
(figure 7, element 710, column 23, lines 47-56, processor(s); and 
memory having instructions stored thereon that, when executed by the one or more processors (figure 7, elements 720, 730 and 735, memory), cause the system to: 
receive behavioral biometric data from a user device, the behavioral biometric data being associated with a current entry of primary authentication credentials on the user device (figure 5, step 10, column 7, lines 27-48, column , lines 25-46, i.e.: information of a particular device and place in which a user to log in to a current session is received); 
compare the behavioral biometric data to a first user model associated with the user device and being based at least in part on stored behavioral biometric data personalized to a user of the user device (at least column 4, line 60-column 5, line 17; column 10, line 45-column 11, line 34; column 19, lines 12-26, comparing information collected from current session to information stored from previous sessions);  36 of 39 41999226Attorney Docket No.: COF0053CON (029424.2514) 
responsive to determining that a level of similarity between the behavioral biometric data and the stored behavioral biometric data of the first user model is at or above a first predetermined threshold, determine that the current entry of primary authentication credentials meets a secondary authentication requirement (column 5, lines 18-28; column 19, line 62-column 20, line 6; column 22, lines 11-23, if variation identified is small, user is allowed to proceed without having to provide additional information);
(at least column 19, line 51-column 20, line 28, if variations identified is high, additional information is required from user); and 
responsive to determining that the level of similarity is below the first predetermined threshold and a second predetermined threshold (column 5, lines 18-28; column 9, line 58-column 10, line 3; column 19, line 51-column 20, line 28, if variations identified is high, and activity is below a reliable level/high risk): 
initiate the secondary authentication method (column 5, lines 18-28; column 9, line 58-column 10, line 3; column 19, line 51-column 20, line 28, additional information is needed from user),;and 
in response to the secondary authentication method being validated, associate the behavioral biometric data with a second user model (column 7, lines 14-26; column 20, lines 24-35, information stored is updated with newly information received.)
Moritz does not explicitly disclose receiving a credential entry method on the user device.
However, Yoem discloses receiving a credential entry method on a user device (at least [0040][0069], password input condition is received.) 
Therefore, it would have been obvious to one of ordinary-skilled in the art before the effective filing date of the claimed invention to include the teaching of Yeom into the method of Moritz to enhance the security level of the method.
(Moritz-column 9, lines 37-40, mobile device,) 
the credential entry method is a first credential entry method (Yeom-[0040] [0069], i.e.: password input condition such as movement and rotation,) and the instructions, when executed by the one or more processors, further cause the system to identify the second user model as being associated with at least one from among: (i) the first user device and a second credential entry method that is different from the second credential entry method, (ii) the first credential entry method and a second user device that is different from the first user device, or (iii) the second user device and the second credential entry method (Moritz-column 9, lines 5-20, i.e: tablet; Yeom-[0069], i.e.: grip state.)

Regarding claim 17, Moritz and Yeom disclose the system of claim 13. Moritz and Yeom also disclose comparing the behavioral biometric data to the first user model comprises comparing scenario data of the behavioral biometric data to model scenario data of the first user model, the scenario data (i) comprising device elevation data and device orientation data and (ii) being contemporaneously detected by one or more sensors of the user device along with the current entry of primary authentication credentials (Moritz-at least column 4, line 60-column 5, line 17; column 10, line 45-column 11, line 34; column 19, lines 12-26, comparing information collected from current session to information stored from previous sessions; Yeom-at least [0040][0069], movement (elevation data) and rotation (orientation) data of electronic device are received at the time password is inputted.)
Regarding claim 18, Moritz and Yeom disclose the system of claim 13. Moritz also discloses the instructions, when executed by the one or more processors, further cause the system to: 
receive, from the user device, the primary authentication credentials (at least figure 5, step 510, column 7, lines 27-48; column 21, lines 25-46, user name and password for a current session are received from user’s mobile device); 
responsive to matching the primary authentication credentials to stored primary authentication credentials, determine that the user meets a primary authentication requirement (column 5, lines 18-28; column 19, line 62-column 20, line 6; column 22, lines 11-23, if variation identified is small, user is allowed to proceed without having to provide additional information); and 
responsive to determining that the current entry of primary authentication credentials meets the primary authentication requirement and the secondary authentication requirement, provide access to user-accessible system resources (column 5, lines 18-28; column 19, line 62-column 20, line 6; column 22, lines 11-23, if variation identified is small, user is allowed to proceed without having to provide additional information.) 

(column 7, lines 14-26; column 20, lines 24-35, information stored is updated with newly information received.)
Regarding claim 20, Moritz and Yeom disclose the system of claim 13. Moritz also discloses the behavioral biometric data comprises device identification data, and the instructions, when executed by the one or more processors, further cause the system to, identify, based on the behavioral biometric data, the user device from a plurality of user devices associated with the user (at least column 10, lines 4-9, i.e.: identify user device based on device identification or phone number.)

Claim 5 is rejected under 35 U.S.C. 103 as being unpatentable over Moritz, Yeom and further in view of Boissy (US 2012/0232430 A1-hereinafter Boissy.)
Regarding claim 5, Moritz and Yeom disclose the method of claim 1. Moritz and Yeom do not explicitly disclose wherein the use-pose comprises at least one of a prone position, a supine position, a Fowler's position, a standing position, a seated position, a squatting position, and a hunched position.
However, Boissy discloses a use-pose comprises at least one of a prone position, a supine position, a Fowler's position, a standing position, a seated position, a squatting position, and a hunched position ([0046], sitting, standing or laying down.)
.

Claim 15 is rejected under 35 U.S.C. 103 as being unpatentable over Moritz, Yeom and further in view of Lurey et al. (US 2014/0157390 A1-hereinafter Lurey.)
Regarding claim 15, Moritz and Yeom disclose the system of claim 14.  Moritz and Yeom also disclose one of the first and second credential entry methods is a manual credential entry method (Moritz-column 9, lines 32-36, user name and password are entered manually; Yeom-[0085], password is manually inputted.) 
Moritz and Yeom do not explicitly disclose the other of the first and second credential entry methods is an automatic entry method utilizing a password manager service.
However, Lurey discloses a credential entry method is an auto-fill to fill in password (figure 23D, [0148].)
Therefore, it would have been obvious to one of ordinary-skilled in the art before the effective filing date of the claimed invention to include the feature discloses by Lurey into the system of Moritz and Yeom to add another criteria of biometric behavioral of users to the system.

Claim 16 is rejected under 35 U.S.C. 103 as being unpatentable over Moritz, Yeom and further in view of Qian et al. (US 2016/0021090 A1-hereinafter Qian.)
(at least column 4, line 60-column 5, line 17; column 10, line 45-column 11, line 34; column 19, lines 12-26, comparing information collected from current session to information stored from previous sessions.) Moritz and Yeom do not explicitly disclose the behavioral biometric data comprises typing time data.
However, Qian discloses input duration of password ([0034], input duration information.)
Therefore, it would have been obvious to one of ordinary-skilled in the art before the effective filing date of the claimed invention to include the feature discloses by Qian into the system of Moritz and Yeom to add another authentication criteria to the system.
Conclusion
Any inquiry concerning this communication or earlier communications from the examiner should be directed to PHY ANH TRAN VU whose telephone number is (571)270-7317.  The examiner can normally be reached on Monday-Friday 7 am-1 pm.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Taghi T Arani can be reached on (571) 272-3787.  The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.







/PHY ANH T VU/           Primary Examiner, Art Unit 2438