Notice of Pre-AIA  or AIA  Status
The present application, filed on or after September 19, 2016, is being examined under the first inventor to file provisions of the AIA .

Detail Action 
Claims 1-5, 7-8, 10, 12-14, 16, 18-19 and 23-25 are pending and are being considered.
Claims 1, 14 and 19 have been amended.
Response to 103
Applicants arguments filled on 03/09/2021 have been fully considered, and are moot in view of new grounds of rejection. The arguments do not apply to the art being used currently. 
	
Information Disclosure Statement
The information disclosure statement (IDS) submitted on 02/03/2021 was filed after the mailing date of the application 15269512 on 09/19/2016.  The submission is in compliance with the provisions of 37 CFR 1.97.  Accordingly, the information disclosure statement is being considered by the examiner.

Claim Objections 
Claim 13 recites “the one-time password is generated using a one-time password scheme” and Claim 1 recites “a one-time password generated by the client device from a one-time password algorithm”. The examiner suggest to clarify that the “one time password scheme” is same as “one time password algorithm”
Claim 25 recites “the one-time password is generated using a one-time password scheme” and Claim 19 recites “a one-time password generated by the client device from a one-time password algorithm”. The examiner suggest to clarify that the “one time password scheme” is same as “one time password algorithm”

                                               Claim Rejections - 35 USC § 103
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.

Claims 1, 3-4, 7, 12-14, 16, 18-19 and 23-25 are rejected under 35 U.S.C. 103 as being unpatentable over Koutenaie et al (hereinafter Koutenaie) (US 20160269403) in view of Chang et al (hereinafter Chang) (US 20180019994) and further in view of Dietrich (US 20150270971).

Regarding claim 1 Koutenaie teaches a method comprising (Koutenaie on [0002] teaches system and method for user authentication): 
receiving, at a server, a message encrypted by a client device using a public key of a key pair, the message including a one-time password generated by the client device from a one-time password algorithm (Kautenaei on [0044-0045] teaches authentication device 20 creates two message that includes LTOTP (i.e. location based onetime password) is transmitted to the server 30. See on [0079] teaches messages intended for the authentication server will be encrypted by the authentication server's public key, so only the authentication server's private key can be used to decrypt the message. See on [0078-0081 and 0145] teaches sending two messages to the browsing device 10 is that the authentication device 20 sends the message that includes LTOTP (i.e. location and time based one-time password) directly to the authentication server 30, the second message is signed with the browsing devices public key, so only the browsing device's private key may decrypt the message. See on [0081-0082] teaches an algorithm running on server to create one time password based on location of device);
identifying the one-time password by decrypting the message using a private key of the key pair (Koutenai on [0078-0081 and 0145] teaches sending two messages to the browsing device 10 is that the authentication device 20 sends the message that includes LTOTP (i.e. location and time based one-time password) directly to the authentication server 30, the second message is signed with the browsing devices public key, so only the browsing device's private key may decrypt the message. See on [0042] teaches the first and/or second encrypted message may also include a Time and Location based One Time Password (LTOTP). The LTOTP is a one-time password randomly generated based on location information that is received from the authentication device. See also on [0005] teaches decrypting the message containing one time password);
and initiating one or more network session environments pre-configured for the user using the user identifier (Koutenaei on [0149-0150] user is granted access to desired website, account, application cloud server etc. (i.e. network session) after identifying user. see on [0023 and 0094] teaches if the user's biometric information matches the record, as stored, for example, in the authentication device, the authentication device 20 communicates with the server (e.g. the authentication server 30) to inform server 30 of the match. Thereafter, the user is authenticated and access to the user is granted on the browsing device 10. See also on [0004, 0049, 0083 and 00118] teaches authenticating user based on biometric data and granting access to his account).
Although Koutenaie teaches generating one time password from one time password algorithm, but fails to explicitly teach one time password generated using user identifier as seed, determining the user identifier from the one-time password using the one-time password algorithm, authenticating a user based on the user identifier determined from the one- time password. However, Chang from (Chang on [0047] teaches generate the OTP based on the user authentication information. For example, the electronic device 101 may generate the OTP based on bio-information (e.g., fingerprint information, iris information, face information, heart rate information, voice information, and blood vessel information). See on [0078] teaches the security processing module 190 may generate an OTP using the biometric ID (a user identifier ID as seed in view of para 0029 of instant application) corresponding to the user authentication information, the security processing module 190 may process the biometric ID corresponding to the user information and the seed value in a specified algorithm. See on [0114] teaches the electronic device may transmit at least one of the biometric ID used for the generation of the OTP);
authenticating a user based on the user identifier determined from the one- time password (Chang on [0073] teaches The security processing module 190 may authenticate the user by using the collected bio-information such as fingerprint information, iris information, face information, heart rate information, voice information, or blood vessel information. See on [0083] teaches the creation of a biometric ID corresponding to the bio-information, or the transmission of the authentication information necessary for authenticating a user. See on [0110] teaches the electronic device may determine, by using the acquired user authentication information (e.g., bio-information), whether the user is an authenticated user. See Fig 9A-9B and text on [0155] teaches authenticating a user using biometric information (i.e. fingerprint and Iris)). 
Thus, it would have been obvious to one ordinary skill in the art before the effective filing date to implement the teaching of Chang into the teaching of Koutenaei by generating OTP based on user ID and authenticating user based on user ID. One would be motivated to do so in order to secure sensitive information from unauthorized access (Chang on [0003-0005]).

	The combination of Koutenaie and Chang fails to explicitly teach determining the user identifier from the one-time password using the one-time password algorithm, However Dietrich from analogous art teaches determining the user identifier from the one-time password using the one-time password algorithm (Dietrich on [0035 and 0075] teaches the user computer system derives an identifier from the one-time password according to a predefined algorithm).
Thus, it would have been obvious to one ordinary skill in the art before the effective filing date to implement the teaching of Dietrich into the combined teaching of Koutenaei and Chang by determining user ID from one time password. One would be motivated to do so in order to ensure maximum security of sensitive information from unauthorized access (Dietrich on [0016-0017]).

Regarding claim 3 the combination of Koutenaei , Chang and Dietrich teaches all the limitation of claim 1 above, Koutenaei further teaches wherein the one or more network session environments are environments for one or more of the following a network phone system, a computing environment instantiated on a physical computer, an air conditioning system, or a lighting system (Koutenaei on [0149-0150] user is granted access to desired website, account, application cloud server etc. (i.e. network session) after identifying user. see on [0023 and 0094] teaches if the user's biometric information matches the record, as stored, for example, in the authentication device, the authentication device 20 communicates with the server (e.g. the authentication server 30) to inform server 30 of the match. Thereafter, the user is authenticated and access to the user is granted on the browsing device 10. See also on [0004, 0049, 0083 and 00118] teaches authenticating user based on biometric data and granting access to his account).
Regarding claim 4 the combination of Koutenaei , Chang and Dietrich teaches all the limitation of claim 1 above, Koutenaei further teaches terminating the one or more network session environments Koutenaei on [0055 and 0090] teaches auto-logout from session based on time. on [0050-0051] teaches Using the Location and Time Based One Time Password (LTOTP) first enables the system to generate a password that changes every time based on the location and time of the session).
Regarding claim 7 the combination of Koutenaei , Chang and Dietrich teaches all the limitation of claim 1 above, Koutenaei further teaches wherein the authenticating the user further comprises using a time-based one-time password scheme (Koutenaei on [0042-0045, 0050, 0077-0078] teaches time based onetime password TOTP scheme).

Regarding claim 12 the combination of Koutenaei , Chang and Dietrich teaches all the limitation of claim 1 above, Koutenaei  further teaches the public key is stored on non- transitory memory on the client device (Koutenaei on [0030, 0064] teaches storing the private key on the authentication device 20 and the public key on the browsing device 10);
the private key is stored on non-transitory memory accessible to the server (Koutenaei on [0030, 0064] teaches storing the private key on the authentication device 20 and the public key on the browsing device 10. See on [0030] teaches In addition to public/private key encryption methods, other cryptography techniques such as Pretty Good Privacy (PGP) may be used for secure communication between devices and the authentication server).
Regarding claim 13 the combination of Koutenaei , Chang and Dietrich teaches all the limitation of claim 1 above, Chang further teaches wherein the one-time password is generated using a one-time password scheme on the user identifier (Chang on [0078] teaches the security processing module 190 may generate an OTP using the biometric ID (a user identifier ID as seed in view of para 0029 of instant application) corresponding to the user authentication information, the security processing module 190 may process the biometric ID corresponding to the user information and the seed value in a specified algorithm. See on [0114] teaches the electronic device may transmit at least one of the biometric ID used for the generation of the OTP).
Thus, it would have been obvious to one ordinary skill in the art before the effective filing date to implement the teaching of Chang into the teaching of Koutenaei by generating OTP based on user ID and authenticating user based on user ID. One would be motivated to do so in order to secure sensitive information from unauthorized access (Chang on [0003-0005]).

Regarding claim 14 Koutenaei teaches a system comprising (Koutenaie on [0002] teaches system and method for user authentication):
 one or more hardware processors of a machine (Koutenaie Fig 12 block 1202 and text on [0153] teaches system having processor 1202);
 a memory comprising instructions that, when executed by the one or more hardware processors, cause the machine to perform operations comprising (Koutenaie Fig 12 block 1204 and text on [0153-0154] teaches system having memory for storing instruction executed by processor);
receiving, a message encrypted by a client device using a public key of a key pair, the message including a one-time password generated by the client device from a one-time password algorithm (Kautenaei on [0044-0045] teaches authentication device 20 creates two message that includes LTOTP (i.e. location based onetime password) is transmitted to the server 30. See on [0079] teaches messages intended for the authentication server will be encrypted by the authentication server's public key, so only the authentication server's private key can be used to decrypt the message. See on [0078-0081 and 0145] teaches sending two messages to the browsing device 10 is that the authentication device 20 sends the message that includes LTOTP (i.e. location and time based one-time password) directly to the authentication server 30, the second message is signed with the browsing devices public key, so only the browsing device's private key may decrypt the message. See on [0081-0082] teaches an algorithm running on server to create one time password based on location of device);
identifying the one-time password by decrypting the message using a private key of the key pair (Koutenai on [0078-0081 and 0145] teaches sending two messages to the browsing device 10 is that the authentication device 20 sends the message that includes LTOTP (i.e. location and time based one-time password) directly to the authentication server 30, the second message is signed with the browsing devices public key, so only the browsing device's private key may decrypt the message. See on [0042] teaches the first and/or second encrypted message may also include a Time and Location based One Time Password (LTOTP). The LTOTP is a one-time password randomly generated based on location information that is received from the authentication device. See also on [0005] teaches decrypting the message containing one time password);
and initiating one or more network session environments pre-configured for the user using the user identifier (Koutenaei on [0149-0150] user is granted access to desired website, account, application cloud server etc. (i.e. network session) after identifying user. see on [0023 and 0094] teaches if the user's biometric information matches the record, as stored, for example, in the authentication device, the authentication device 20 communicates with the server (e.g. the authentication server 30) to inform server 30 of the match. Thereafter, the user is authenticated and access to the user is granted on the browsing device 10. See also on [0004, 0049, 0083 and 00118] teaches authenticating user based on biometric data and granting access to his account).
Although Koutenaie teaches generating one time password from one time password algorithm, but fails to explicitly teach one time password generated using user identifier as seed, determining the user identifier from the one-time password using the one-time password algorithm, authenticating a user based on the user identifier determined from the one- time password, However Chang from analogous art teaches a one-time password generated (Chang on [0078] teaches the security processing module 190 may generate an OTP using the biometric ID (a user identifier ID as seed in view of para 0029 of instant application) corresponding to the user authentication information, the security processing module 190 may process the biometric ID corresponding to the user information and the seed value in a specified algorithm. See on [0114] teaches the electronic device may transmit at least one of the biometric ID used for the generation of the OTP);
authenticating a user based on the user identifier determined from the one- time password (Chang on [0083] teaches the creation of a biometric ID corresponding to the bio-information, or the transmission of the authentication information necessary for authenticating a user. See on [0110] teaches the electronic device may determine, by using the acquired user authentication information (e.g., bio-information), whether the user is an authenticated user. See Fig 9A-9B and text on [0155] teaches authenticating a user using biometric information (i.e. fingerprint and Iris)). 
Thus, it would have been obvious to one ordinary skill in the art before the effective filing date to implement the teaching of Chang into the teaching of Koutenaei by generating OTP based on user ID and authenticating user based on user ID. One would be motivated to do so in order to secure sensitive information from unauthorized access (Chang on [0003-0005]).
	The combination of Koutenaie and Chang fails to explicitly teach determining the user identifier from the one-time password using the one-time password algorithm, However Dietrich from analogous art teaches determining the user identifier from the one-time password using the one-time password algorithm (Dietrich on [0035 and 0075] teaches the user computer system derives an identifier from the one-time password according to a predefined algorithm).
Thus, it would have been obvious to one ordinary skill in the art before the effective filing date to implement the teaching of Dietrich into the combined teaching of Koutenaei and Chang by (Dietrich on [0016-0017]).
Regarding claim 16 the combination of Koutenaei , Chang and Dietrich teaches all the limitation of claim 14 above, Koutenaei further teaches wherein the one or more network session environments are environments for one or more of the following: a physical access control system. a network phone system, a computing environment instantiated on a physical computer, an air conditioning system, and a lighting system (Koutenaei on [0149-0150] user is granted access to desired website, account, application cloud server etc. (i.e. network session) after identifying user. see on [0023 and 0094] teaches if the user's biometric information matches the record, as stored, for example, in the authentication device, the authentication device 20 communicates with the server (e.g. the authentication server 30) to inform server 30 of the match. Thereafter, the user is authenticated and access to the user is granted on the browsing device 10. See also on [0004, 0049, 0083 and 00118] teaches authenticating user based on biometric data and granting access to his account).
Regarding claim 18 the combination of Koutenaei , Chang and Dietrich teaches all the limitation of claim 14 above, Koutenaei further teaches wherein the authenticating the user further comprises authenticating the one-time password using a time-based one-time password scheme (Koutenaei on [0042-0044, 0077 and 0050] teaches authenticating using time based  on- time password generation scheme).
Regarding claim 19 Koutenaei teaches a non-transitory machine-readable storage medium embodying instructions that, when executed by a machine, cause the machine to perform operations comprising (Koutenaei Fig 12 block 1204 and text on [0153-0154] teaches system having non-transitory memory for storing instruction executed by processor);
receiving, a message encrypted by a client device using a public key of a key pair, the message including a one-time password generated by the client device from a one-time password algorithm (Kautenaei on [0044-0045] teaches authentication device 20 creates two message that includes LTOTP (i.e. location based onetime password) is transmitted to the server 30. See on [0079] teaches messages intended for the authentication server will be encrypted by the authentication server's public key, so only the authentication server's private key can be used to decrypt the message. See on [0078-0081 and 0145] teaches sending two messages to the browsing device 10 is that the authentication device 20 sends the message that includes LTOTP (i.e. location and time based one-time password) directly to the authentication server 30, the second message is signed with the browsing devices public key, so only the browsing device's private key may decrypt the message. See on [0081-0082] teaches an algorithm running on server to create one time password based on location of device);
identifying the one-time password by decrypting the message using a private key of the key pair (Koutenai on [0078-0081 and 0145] teaches sending two messages to the browsing device 10 is that the authentication device 20 sends the message that includes LTOTP (i.e. location and time based one-time password) directly to the authentication server 30, the second message is signed with the browsing devices public key, so only the browsing device's private key may decrypt the message. See on [0042] teaches the first and/or second encrypted message may also include a Time and Location based One Time Password (LTOTP). The LTOTP is a one-time password randomly generated based on location information that is received from the authentication device. See also on [0005] teaches decrypting the message containing one time password);
and initiating one or more network session environments pre-configured for the user using the user identifier (Koutenaei on [0149-0150] user is granted access to desired website, account, application cloud server etc. (i.e. network session) after identifying user. see on [0023 and 0094] teaches if the user's biometric information matches the record, as stored, for example, in the authentication device, the authentication device 20 communicates with the server (e.g. the authentication server 30) to inform server 30 of the match. Thereafter, the user is authenticated and access to the user is granted on the browsing device 10. See also on [0004, 0049, 0083 and 00118] teaches authenticating user based on biometric data and granting access to his account).
Although Koutenaie teaches generating one time password from one time password algorithm, but fails to explicitly teach one time password generated using user identifier as seed, determining the user identifier from the one-time password using the one-time password algorithm, authenticating a user based on the user identifier determined from the one- time password, However Chang from analogous art teaches a one-time password generated (Chang on [0078] teaches the security processing module 190 may generate an OTP using the biometric ID (a user identifier ID as seed in view of para 0029 of instant application) corresponding to the user authentication information, the security processing module 190 may process the biometric ID corresponding to the user information and the seed value in a specified algorithm. See on [0114] teaches the electronic device may transmit at least one of the biometric ID used for the generation of the OTP);
authenticating a user based on the user identifier determined from the one- time password (Chang on [0083] teaches the creation of a biometric ID corresponding to the bio-information, or the transmission of the authentication information necessary for authenticating a user. See on [0110] teaches the electronic device may determine, by using the acquired user authentication information (e.g., bio-information), whether the user is an authenticated user. See Fig 9A-9B and text on [0155] teaches authenticating a user using biometric information (i.e. fingerprint and Iris)). 
Thus, it would have been obvious to one ordinary skill in the art before the effective filing date to implement the teaching of Chang into the teaching of Koutenaei by generating OTP based on user ID (Chang on [0003-0005]).
	The combination of Koutenaie and Chang fails to explicitly teach determining the user identifier from the one-time password using the one-time password algorithm, However Dietrich from analogous art teaches determining the user identifier from the one-time password using the one-time password algorithm (Dietrich on [0035 and 0075] teaches the user computer system derives an identifier from the one-time password according to a predefined algorithm).
Thus, it would have been obvious to one ordinary skill in the art before the effective filing date to implement the teaching of Dietrich into the combined teaching of Koutenaei and Chang by determining user ID from one time password. One would be motivated to do so in order to ensure maximum security of sensitive information from unauthorized access (Dietrich on [0016-0017]).
Regarding claim 23 the combination of Koutenaei , Chang and Dietrich teaches all the limitation of claim 1 above, Koutenaei further teaches further comprising initiating air conditioning, workspace lighting, or a session on a computer having network connectivity in response to the authenticating (Koutenaei on [0149-0150] user is granted access to desired website, account, application cloud server etc. (i.e. network session) after identifying user. see on [0023 and 0094] teaches if the user's biometric information matches the record, as stored, for example, in the authentication device, the authentication device 20 communicates with the server (e.g. the authentication server 30) to inform server 30 of the match. Thereafter, the user is authenticated and access to the user is granted on the browsing device 10. See also on [0004, 0049, 0083 and 00118] teaches authenticating user based on biometric data and granting access to his account).
Regarding claim 24 the combination of Koutenaei , Chang and Dietrich teaches all the limitation of claim 1 above, Koutenaei further teaches wherein the client device comprises a mobile device (Koutenaei on [0163] teaches client device is mobile device);
Koutenaei on [0029, 0042 and 0142] teaches if the user local authentication process via checking biometric information is successfully completed. At 1119, the authentication device 20 generates first a Location and Time based One Time Password (LTOTP).
Regarding claim 25 the combination of Koutenaei , Chang and Dietrich teaches all the limitation of claim 24 above, Chang further teaches wherein the one-time password was generated via the mobile device by using a one-time password scheme on the user identifier Chang on [0078] teaches the security processing module 190 may generate an OTP using the biometric ID (a user identifier ID as seed in view of para 0029 of instant application) corresponding to the user authentication information, the security processing module 190 may process the biometric ID corresponding to the user information and the seed value in a specified algorithm. See on [0114] teaches the electronic device may transmit at least one of the biometric ID used for the generation of the OTP).
Thus, it would have been obvious to one ordinary skill in the art before the effective filing date to implement the teaching of Chang into the teaching of Koutenaei by generating OTP based on user ID and authenticating user based on user ID. One would be motivated to do so in order to secure sensitive information from unauthorized access (Chang on [0003-0005]).

Claims 2, 8 and 10 are rejected under 35 U.S.C. 103 as being unpatentable over Koutenaie et al (hereinafter Koutenaie) (US 20160269403) in view of Chang et al (hereinafter Chang) (US 20180019994) in view of Dietrich (US 20150270971) and further in view of Ting et al (hereinafter Ting) (US 20070186106).

Regarding claim 2 the combination of Koutenaei , Chang and Dietrich teaches all the limitation of claim 1 above, Although Koutenaei teaches initiating one or more network session environment but (Ting on [0054-0055] teaches The global access server also provides a generic framework for inclusion of one or more custom authenticators 315 responsible for translating and badge ID requests to the PACS via one or more authentication interfaces using, for example, APIs or XML (e.g., using web services). Conventional PACS include proprietary interfaces (API or XML), and therefore the invention provides an authentication interface on the RADIUS server 310 that includes instructions for servicing the requests from the RADIUS server 310 to the PACS, using APIs and/or messages native to the PACS).
Thus, it would have been obvious to one ordinary skill in the art before the effective filing date to implement the teaching of Ting into the combine teaching of Koutenaei , Chang and Dietrich by having API for initiating a session environment. One would be motivated to enhance authentication process of access control by facilitating multi-factor authentication (Ting [0008]).

Regarding claim 8 the combination of Koutenaei , Chang and Dietrich teaches all the limitation of claim 1 above, the combination fails to explicitly teach wherein the message is received from an access point including a sensor interface and the access point comprises an electronic lock for a building entrance, but Ting teaches wherein the access point comprises an electronic lock for a building entrance (Ting on [0004] building door lock operated by card reader placed in close proximity to generate electric signal to operate door);
a wireless network sensor (Ting  on [0004-0005] Wiegand control signals (i.e. wireless network sensor));
and a control box (Ting on [0004] a control panel (i.e. control box));
Ting on Fig 3 block 200 and associated text on [0048] message can be exchanged between global server and Wiegand control signal);
the control box configured to drive current to the electronic lock of the building entrance (Ting [0004] control panel (i.e. control box) that determines whether to grant access based on the policies to controls the door lock).
Thus, it would have been obvious to one ordinary skill in the art before the effective filing date to implement the teaching of Ting into the combine teaching of Koutenaei , Chang and Dietrich by operating door of a building based on encrypted message received wirelessly. One would be motivated to enhance authentication process of access control by facilitating multi-factor authentication (Ting [0008]).
Regarding claim 10 the combination of Koutenaei , Chang, Dietrich and Ting teaches all the limitation of claim 8 above, Koutenaei further teaches wherein the message is received via a network address (Koutenaei on [0045, 0077 and 0144]teaches the authentication server 30 receives both encrypted messages).
The combination of Koutenaei , Chang, Dietrich and the cited section of Ting fails to explicitly teach  wherein the control box is natively configured to transmit a validation message to a native network address different from the network address, However Ting on different section teaches wherein the control box is natively configured to transmit a validation message to a native network address different from the network address (Ting Fig 3 block [100, 200 and 305] and associated text on [0048] control panel (200) (i.e. control box) is configured with global server (305) and authentication server (108) and if desired can also be connected with other control system as shown in Fig 5 to transmit messages).
 to exchanging the message between different servers. One would be motivated to enhance authentication process of access control by facilitating multi-factor authentication (Ting [0008]).

Claims 5 is rejected under 35 U.S.C. 103 as being unpatentable over Koutenaie et al (hereinafter Koutenaie) (US 20160269403) in view of Chang et al (hereinafter Chang) (US 20180019994) in view of Dietrich (US 20150270971) and further in view of Loughlin-McHugh et al (hereinafter Loughlin-McHugh) (US 9794260).
Regarding claim 5 the combination of Koutenaei , Chang and Dietrich teaches all the limitation of claim 1 above, the combination fail to explicitly teach transmitting a liveness challenge to the user, the liveness challenge configured to detect whether the user is using the one or more network session environments by asking the user to generate input data and terminating the one or more network session environments based on not receiving the input data in response to the liveness challenge  but Loughlin-McHugh from analogues art teaches transmitting a liveness challenge to the user (Loughlin-McHugh [col 2 line 30-44] first parameter is transmitted to user to perform first liveness test);
the liveness challenge configured to detect whether the user is using the one or more network session environments by asking the user to generate input data (Loughlin-McHugh [col 4 line 59-67 and col 5 line 1-19] Set of one or more parameters are selected and transmitted to user to perform liveness test, and the response from user is compared with the expected output to verify the user as living being using the device);
and terminating the one or more network session environments based on not receiving the input data in response to the liveness challenge (Loughlin-McHugh [col 4 line 31-36] refusing access to remote computer system if the timeout condition occurs, the timeout condition occurs when not receiving input from user).
Thus, it would have been obvious to one ordinary skill in the art before the effective filing date to implement the teaching Loughlin-McHugh into the combine teaching of Koutenaei , Chang and Dietrich by transmitting liveness challenge to user to verify if user is still using the device. One would be motivated to do so in order to detect liveness of user and match the biometric data of user with the biometric data of authorized user (Loughlin-McHugh [col 1 line 60 -67 and col 2 line 1-4]).

Conclusion
Applicant's amendment necessitated the new ground(s) of rejection presented in this Office action.  Accordingly, THIS ACTION IS MADE FINAL.  See MPEP § 706.07(a).  Applicant is reminded of the extension of time policy as set forth in 37 CFR 1.136(a).  
A shortened statutory period for reply to this final action is set to expire THREE MONTHS from the mailing date of this action.  In the event a first reply is filed within TWO MONTHS of the mailing date of this final action and the advisory action is not mailed until after the end of the THREE-MONTH shortened statutory period, then the shortened statutory period will expire on the date the advisory action is mailed, and any extension fee pursuant to 37 CFR 1.136(a) will be calculated from the mailing date of the advisory action.  In no event, however, will the statutory period for reply expire later than SIX MONTHS from the date of this final action. 

Any inquiry concerning this communication or earlier communications from the examiner should be directed to MOEEN KHAN whose telephone number is (571)272-3522.  The examiner can normally be reached on 7AM-5PM EST M-TH Alternate Fridays.

If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Shewaye Gelagay can be reached on (571)272-4219.  The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system.  Status information for published applications may be obtained from either Private PAIR or Public PAIR.  Status information for unpublished applications is available through Private PAIR only.  For more information about the PAIR system, see https://ppair-my.uspto.gov/pair/PrivatePair. Should you have questions on access to the Private PAIR system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative or access to the automated information system, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.






/MOEEN KHAN/Examiner, Art Unit 2436                                                                                                                                                                                                        

/SHEWAYE GELAGAY/Supervisory Patent Examiner, Art Unit 2436