DETAILED ACTION
Notice of Pre-AIA  or AIA  Status
The present application is being examined under the pre-AIA  first to invent provisions. 
This initial written action is responding to the communication dated on 07/12/2019.
Claims 1-10 and 13 are submitted for examination.
Claims 1-10 and 13 are pending.
In the event the determination of the status of the application as subject to AIA  35 U.S.C. 102 and 103 (or as subject to pre-AIA  35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status.  

Priority
This application filed on July 12, 2019 claims priority of application 14/385,742 filed on September 16, 2014, which claims priority of PCT/371 application PCT/US13/32040 filed on March 15, 2013 which claims priority of provisional application 61/612,023 filed on March 16, 2012.

Examiner’s Note
Claim 11 and Claim 12 are missing from the Claim list. Examiner suggest renumbering of Claim 13 to Claim 11.
Double Patenting
The nonstatutory double patenting rejection is based on a judicially created doctrine grounded in public policy (a policy reflected in the statute) so as to prevent the unjustified or improper timewise extension of the “right to exclude” granted by a patent and to prevent possible harassment by multiple assignees. A nonstatutory double patenting rejection is appropriate where the conflicting claims are not identical, but at least one examined application claim is not patentably distinct from the reference claim(s) because the examined application claim is either anticipated by, or would have been obvious over, the reference claim(s). See, e.g., In re Berg, 140 F.3d 1428, 46 USPQ2d 1226 (Fed. Cir. 1998); In re Goodman, 11 F.3d 1046, 29 USPQ2d 2010 (Fed. Cir. 1993); In re Longi, 759 F.2d 887, 225 USPQ 645 (Fed. Cir. 1985); In re Van Ornum, 686 F.2d 937, 214 USPQ 761 (CCPA 1982); In re Vogel, 422 F.2d 438, 164 USPQ 619 (CCPA 1970); In re Thorington, 418 F.2d 528, 163 USPQ 644 (CCPA 1969).
A timely filed terminal disclaimer in compliance with 37 CFR 1.321(c) or 1.321(d) may be used to overcome an actual or provisional rejection based on nonstatutory double patenting provided the reference application or patent either is shown to be commonly owned with the examined application, or claims an invention made as a result of activities undertaken within the scope of a joint research agreement. See MPEP § 717.02 for applications subject to examination under the first inventor to file provisions of the AIA  as explained in MPEP § 2159. See MPEP § 2146 et seq. for applications not subject to examination under the first inventor to file provisions of the AIA . A terminal disclaimer must be signed in compliance with 37 CFR 1.321(b). 

Claims 1-5, 7-9 and 13 are rejected on the ground of nonstatutory double patenting as being unpatentable over claims 5-8 of U.S. Patent No.10,503,888. 

 
Instant Application 16/510,338
 
US PAT. # US 10,503,888 (App. # 14/385,742) 
 
 
AUTHENTICATION SYSTEM
 
AUTHENTICATION SYSTEM
 
 
 
 
 
 
1
A system for allowing an authorized transaction, comprising one or more processors, and one or more memory, wherein the one or more memories have stored thereon machine readable instructions that when executed by the one or more processors is configured to perform the functions of: receive user information about a user of a device; receive a device personality, the device personality comprising user generated data stored on the device; combine the user information and the device personality as a combined electronic identification; store the combined electronic identification on an authentication server; prior to the transaction, receive an updated user information and an updated device personality comprising user generated data stored on the device; compare an updated combined electronic identification from the updated user information and the updated device personality against the combined electronic identification; generate a confidence score using the updated combined electronic identification and the combined electronic identification; and allow the transaction to proceed when the confidence score is within a first set tolerance; wherein the first set tolerance is based on: collecting multiple user device personalities, creating statistical distributions to create statistical probabilities to determine how much an individual device personality associated with one user differs from another individual device personality associate with another user, and using the statistical probabilities to determine the set tolerance where a device to which a user has been assigned is statistically different form an other device from another user. 
5
A system for allowing a transaction, comprising one or more processors, and one or more memory, wherein the one or more memories have stored thereon machine readable instructions that when executed by the one or more processors is configured to perform the functions of: receive user information about a user of a device; receive a device personality, the device personality comprising user generated data stored on the device including a color of a pixel from a background screen; combine the user information and the device personality as a combined electronic identification; store the combined electronic identification on an authentication server; subsequently to storing the combined electronic identification on the authentication server and prior to the transaction, receive an updated user information and an updated device personality comprising user generated data stored on the device including a color of a pixel from a background screen; compare an updated combined electronic identification from the updated user information and the updated device personality against the combined electronic identification; generate a confidence score using the updated combined electronic identification and the combined electronic identification; replacing the combined electronic identification on the server with the updated combined electronic identification only when the confidence score is within a first set tolerance; 
 
 

5
and allow the transaction to proceed after the replacement of the combined electronic identification on the server with the updated combined electronic identification when the updated device personality and the device personality match within a second set tolerance; wherein the second set tolerance is determined by: collecting multiple user device personalities; creating statistical distributions to create statistical probabilities to determine how much an individual device personality associated with one user differs from another individual device personality associated with another user; and using the statistical probabilities to determine the set tolerance where a device to which a user has been assigned is statistically different from an other device from another user. 
 
2
A method comprising the steps of: obtaining a device personality, the device personality comprising user generated data stored on the device; obtaining user information about a user of a device; authenticating the user from the user information, wherein authentication is positive when the user information meets an accepted tolerance; prior to the transaction and after authenticating the user, receiving an updated device personality comprising updated user generated data stored on the device; comparing the updated device personality against the device personality; and allowing the transaction to proceed only after comparing the device personality and the updated device personality and when the device personality and the updated device personality match within a set tolerance, wherein the set tolerance between the device personality and the updated device personality is determined by: collecting multiple user device personalities, creating statistical distributions to create statistical probabilities to determine how much an individual device personality associated with one user differs from another individual device personality associated with another user, and using the statistical probabilities to determine the second set tolerance where a device to which a user has been assigned is statistically different from an other device from another user. 
6
A method comprising the steps of: a) receiving user information about a user on a device, b) sending data related to the user information from the device to a server; c) sending a device personality from the device to the server, the device personality related to user generated data stored on the device including pixel color of a background screen; d) creating a combined electronic identification from the data related to the user information and the device personality and storing the combined electronic identification on the server; e) subsequently to storing the combined electronic identification on the server and prior to a transaction, sending updated data related to user information and an updated device personality related to user generated data stored on the device to the server; f) comparing an updated combined electronic identification based on the data related to the user information and the updated device personality against the combined electronic identification; g) generating a confidence score using the updated combined electronic identification and the combined electronic identification; h) replacing the combined electronic identification previously stored on the server with the updated combined identification only when the confidence score is within a first set tolerance; and i) subsequent to the replacing, allowing the transaction to proceed only after comparing the device personality and the updated device personality and when the device personality and the updated device personality match within a second set tolerance,
 
 

6
wherein the second set tolerance between the device personality and the updated device personality is determined by: collecting multiple user device personalities; creating statistical distributions to create statistical probabilities to determine how much an individual device personality associated with one user differs from another individual device personality associated with another user; and using the statistical probabilities to determine the second set tolerance where a device to which a user has been assigned is statistically different from an other device from another user. 
 
3
The method of claim 2, wherein the comparing the device personality and the updated device personality comprises determining a percent difference between the device personality and the updated device personality. 
7
The method of claim 6, wherein the comparing the device personality and the updated device personality comprises determining a percent difference between the device personality and the updated device personality using a Levenshtein Distance equation. 
 
4
The method of claim 3, wherein allowing the transaction to proceed occurs when a percentage difference between the device personality and the updated device personality is between 0.02% and 76%. 
8
The method of claim 6, wherein allowing the transaction to proceed occurs when a percentage difference between the device personality and the updated device personality is between 0.02% and 76%. 
 
5
A system for allowing an authorized transaction, comprising one or more processors, one or more memories, an input interface, and a transmitter, wherein the one or more memories have stored thereon machine readable instructions that when executed by the one or more processors is configured to perform the functions of: receive user information about a user; send data related to the user information to a server; send a device personality, from a device to the server, the device personality relating to user generated data stored on the device including user contacts, song names, photo names, pixel color of a background screen, or combinations thereof; send data related to an updated device personality comprising updated user generated data stored on the device to the server; compare the updated device personality against the device personality; allow the transaction to proceed only after comparing the device personality and the updated device personality and when the device personality and the updated device personality match within a set tolerance, wherein the set tolerance between the device personality and the updated device personality is determined by: collecting multiple user device personalities; creating statistical distributions to create statistical probabilities to determine how much an individual device personality associated with one user differs from another individual device personality associated with another user; and using the statistical probabilities to determine the set tolerance where a device to which a user has been assigned is statistically different from an other device from another user. 
5
A system for allowing a transaction, comprising one or more processors, and one or more memory, wherein the one or more memories have stored thereon machine readable instructions that when executed by the one or more processors is configured to perform the functions of: receive user information about a user of a device; receive a device personality, the device personality comprising user generated data stored on the device including a color of a pixel from a background screen; combine the user information and the device personality as a combined electronic identification; store the combined electronic identification on an authentication server; subsequently to storing the combined electronic identification on the authentication server and prior to the transaction, receive an updated user information and an updated device personality comprising user generated data stored on the device including a color of a pixel from a background screen; compare an updated combined electronic identification from the updated user information and the updated device personality against the combined electronic identification; generate a confidence score using the updated combined electronic identification and the combined electronic identification; replacing the combined electronic identification on the server with the updated combined electronic identification only when the confidence score is within a first set tolerance; 
 
 

5
and allow the transaction to proceed after the replacement of the combined electronic identification on the server with the updated combined electronic identification when the updated device personality and the device personality match within a second set tolerance; wherein the second set tolerance is determined by: collecting multiple user device personalities; creating statistical distributions to create statistical probabilities to determine how much an individual device personality associated with one user differs from another individual device personality associated with another user; and using the statistical probabilities to determine the set tolerance where a device to which a user has been assigned is statistically different from an other device from another user. 
 
7
A method for a user to perform a transaction using a first electronic communication device comprising the steps of: connecting with a transaction receiver from the first electronic communication device; receiving at a server a device personality for a second electronic communication device different from the first electronic communication device, the device personality relating to user generated data stored on the second electronic communication device including user contacts, song names, photo names, pixel color of a background screen, or combinations thereof; sending data received from the user on the first electronic communication device to the server; receiving at the server an updated device personality from the second electronic communication device; and comparing the updated device personality and the device personality; performing the transaction only when the updated device personality and the device personality match within a set tolerance, wherein the set tolerance between the device personality and the updated device personality to allow the transaction to proceed is determined by:
6
A method comprising the steps of: a) receiving user information about a user on a device, b) sending data related to the user information from the device to a server; c) sending a device personality from the device to the server, the device personality related to user generated data stored on the device including pixel color of a background screen; d) creating a combined electronic identification from the data related to the user information and the device personality and storing the combined electronic identification on the server; e) subsequently to storing the combined electronic identification on the server and prior to a transaction, sending updated data related to user information and an updated device personality related to user generated data stored on the device to the server; f) comparing an updated combined electronic identification based on the data related to the user information and the updated device personality against the combined electronic identification; g) generating a confidence score using the updated combined electronic identification and the combined electronic identification; h) replacing the combined electronic identification previously stored on the server with the updated combined identification only when the confidence score is within a first set tolerance; and i) subsequent to the replacing, allowing the transaction to proceed only after comparing the device personality and the updated device personality and when the device personality and the updated device personality match within a second set tolerance,
 
7
collecting multiple user device personalities, creating statistical distributions to create statistical probabilities to determine how much an individual device personality associated with one user differs from another individual device personality associated with another user, and using the statistical probabilities to determine the set tolerance where a device to which a user has been assigned is statistically different from an other device from another user; storing the updated device personality on the server only when the transaction is approved by the updated device personality and the device personality matching within the set tolerance. 
6
wherein the second set tolerance between the device personality and the updated device personality is determined by: collecting multiple user device personalities; creating statistical distributions to create statistical probabilities to determine how much an individual device personality associated with one user differs from another individual device personality associated with another user; and using the statistical probabilities to determine the second set tolerance where a device to which a user has been assigned is statistically different from an other device from another user. 
 
8
The method of claim 7, wherein a comparison of the device personality and the updated device personality is a percent difference. 
7
The method of claim 6, wherein the comparing the device personality and the updated device personality comprises determining a percent difference between the device personality and the updated device personality using a Levenshtein Distance equation. 
 
9
The method of claim 8, wherein the set tolerance is between 0.02% and 76% difference. 
8
The method of claim 6, wherein allowing the transaction to proceed occurs when a percentage difference between the device personality and the updated device personality is between 0.02% and 76%. 
 
13
A system for allowing an authorized transaction, comprising one or more processors, one or more memories, and a communication connection, the one or more memories storing electronic data and instructions, the one or more processors configured to execute the stored instructions and perform the following steps: receive through the communication connection information from a first electronic communication device; receive through the connection from a second electronic communication device, a device personality related to user generated data stored on the second electronic communication device including user contacts, song names, photo names, pixel color of a background screen, or combinations thereof; and permitting the authorized transaction with the first electronic communication device only when a comparison of the device personality and a stored device personality match within a set tolerance; replace the stored device personality with the device personality only when the comparison is within the set tolerance to allow the transaction to proceed, 
5
A system for allowing a transaction, comprising one or more processors, and one or more memory, wherein the one or more memories have stored thereon machine readable instructions that when executed by the one or more processors is configured to perform the functions of: receive user information about a user of a device; receive a device personality, the device personality comprising user generated data stored on the device including a color of a pixel from a background screen; combine the user information and the device personality as a combined electronic identification; store the combined electronic identification on an authentication server; subsequently to storing the combined electronic identification on the authentication server and prior to the transaction, receive an updated user information and an updated device personality comprising user generated data stored on the device including a color of a pixel from a background screen; compare an updated combined electronic identification from the updated user information and the updated device personality against the combined electronic identification; generate a confidence score using the updated combined electronic identification and the combined electronic identification; replacing the combined electronic identification on the server with the updated combined electronic identification only when the confidence score is within a first set tolerance; 
 
 
wherein the set tolerance is determined by: collecting multiple user device personalities, creating statistical distributions to create statistical probabilities to determine how much an individual device personality associated with one user differs from another individual device personality associated with another user, and using the statistical probabilities to determine the set tolerance where a device to which a user has been assigned is statistically different from an other device from another user. 
 
and allow the transaction to proceed after the replacement of the combined electronic identification on the server with the updated combined electronic identification when the updated device personality and the device personality match within a second set tolerance; wherein the second set tolerance is determined by: collecting multiple user device personalities; creating statistical distributions to create statistical probabilities to determine how much an individual device personality associated with one user differs from another individual device personality associated with another user; and using the statistical probabilities to determine the set tolerance where a device to which a user has been assigned is statistically different from an other device from another user. 
 



Claim Rejections - 35 USC § 112

The following is a quotation of 35 U.S.C. 112(b):
(b)  CONCLUSION.—The specification shall conclude with one or more claims particularly pointing out and distinctly claiming the subject matter which the inventor or a joint inventor regards as the invention.


The following is a quotation of 35 U.S.C. 112 (pre-AIA ), second paragraph:
The specification shall conclude with one or more claims particularly pointing out and distinctly claiming the subject matter which the applicant regards as his invention.


Claim 6 is rejected under 35 U.S.C. 112(b) or 35 U.S.C. 112 (pre-AIA ), second paragraph, as failing to set forth the subject matter which the inventor or a joint inventor, or for applications subject to pre-AIA  35 U.S.C. 112, the applicant regards as the invention. Claim 6 depends upon itself. It is not clear the dependability of the Claim 6.
For the examination purpose Claim 6 will be considered as depend upon independent Claim 5.

Claim Rejections - 35 USC § 103
The following is a quotation of pre-AIA  35 U.S.C. 103(a) which forms the basis for all obviousness rejections set forth in this Office action:
(a) A patent may not be obtained though the invention is not identically disclosed or described as set forth in section 102, if the differences between the subject matter sought to be patented and the prior art are such that the subject matter as a whole would have been obvious at the time the invention was made to a person having ordinary skill in the art to which said subject matter pertains. Patentability shall not be negatived by the manner in which the invention was made.

Claims 1-2 are rejected under pre-AIA  35 U.S.C. 103(a) as being unpatentable over Shakkarwar (US PAT. # US 8,661,520, hereinafter “Shakkarwar”), and further in view of Miller et al. (US PGPUB. # US 2012/0201381, hereinafter “Miller”), and further in view of Moyle et al. (US PGPUB. # US 2013/0097701, hereinafter “Moyle”).
Regarding Claim 1, Shakkarwar teaches,
A system for allowing an authorized transaction, comprising one or more processors, and one or more memory, wherein the one or more memories have stored thereon machine readable instructions that when executed by the one or more processors is configured to perform the functions of: 
receive user information about a user of a device (Fig. 2(210), CL(5), LN(33-44), i.e. user information like birth date, social security number, address is obtained by asking user questions); 
receive a device personality, the device personality comprising user generated data stored on the device (Fig. 2(210, 215). CL(3), LN(60-67), CL(4), LN(1-14), i.e. dynamic information about the user machine (i.e. generated data on the user machine), Fig. 2(235), CL(6), LN(4-27), information like IMEI or IMSI related to mobile device, geolocation of the user machine, a Device ID, a Vendor ID, BIOS, MAC address, a hard drive serial number, a list of application installed (application names) are obtained, directory structure (arrangement of applications)); 
combine the user information and the device personality as a combined electronic identification (Fig. 2(215), CL(5), LN(44-47), Fig. 2 (235), CL(6), LN(4-27)); store the combined electronic identification on an authentication server (Fig. 2(250), CL(6), LN(52-53)); 
prior to the transaction (CL(7), LN(12-15), i.e. prior to user accessing his/her account from the institution server), receive an updated user information and an updated device personality comprising user generated data stored on the device (Fig. 3(320),CL(7), LN(56-63)); 
compare an updated combined electronic identification from the updated user information and the updated device personality against the combined electronic identification (Fig. 3(330), CL(8), LN(7-10)); and 
allow the transaction to proceed when the confidence score is within a first set tolerance (Fig. 4A(420, 430,445), CL(10), LN(20-23), CL(10),LN(40-44), i.e. user profile contains device profile so when authentication server compares user profile with stored user profile it compares device profile with stored device profile and when the device profile matches it indicates match within certain tolerance); 
[wherein the first set tolerance is based on: 
collecting multiple user device personalities, 
creating statistical distributions to create statistical probabilities to determine how much an individual device personality associated with one user differs from another individual device personality associate with another user, and using the statistical probabilities to determine the set tolerance where a device to which a user has been assigned is statistically different form an other device from another user].
Shakkarwar does not teach explicitly,
generate a confidence score using the updated combined electronic identification and the combined electronic identification;
wherein the first set tolerance is based on: 
collecting multiple user device personalities, 
creating statistical distributions to create statistical probabilities to determine how much an individual device personality associated with one user differs from another individual device personality associate with another user, and  using the statistical probabilities to determine the set tolerance where a device to which a user has been assigned is statistically different form an other device from another user.
However Miller teaches,
generate a confidence score using the updated combined electronic identification and the combined electronic identification (Fig. 2B (2030, 2040, 2050), ¶64, ¶65, ¶66, i.e. a new confidence score is calculated at step 2050, that has previously stored minutiae values and newly received industry updates for the total set of minutia);
Shakkarwar and Miller are considered to be analogous art as they all pertain to provide security and user convenience based on correlating user and device attributes. Therefore it would have been obvious to one of ordinary skill in the art, at the time the invention was made, to modify the user authentication mechanism of Shakkarwar and update the user profile/device profile data when confidence score is within set of tolerance system of Miller.
(Shakkarwar – CL(1), LN(54-56). 
Combination of Shakkarwar and Miller does not teach explicitly,
wherein the first set tolerance is based on: 
collecting multiple user device personalities, 
creating statistical distributions to create statistical probabilities to determine how much an individual device personality associated with one user differs from another individual device personality associate with another user, and using the statistical probabilities to determine the set tolerance where a device to which a user has been assigned is statistically different form an other device from another user.
However, Moyle teaches,
wherein the first set tolerance is based on: 
collecting multiple user device personalities, 
creating statistical distributions to create statistical probabilities to determine how much an individual device personality associated with one user differs from another individual device personality associate with another user, and  -24- using the statistical probabilities to determine the set tolerance where a device to which a user has been assigned is statistically different form an other device from another user (Fig. 4C (410, 471-474), ¶55-¶56, i.e. multiple user behavioral profile which includes user generated data (device personality) is collected); creating statistical distributions to create statistical probabilities to determine how much an individual device personality associated with one user differs from another individual device personality associated with another user (Fig. 6, ¶66, Fig. 7A (710, 715), ¶67, i.e. behavioral profile includes user behavior (user generated data) and device profiles. It is determined behavioral personality of a user deviate from another user); and using the statistical difference, statistical distributions, the statistical probabilities, and combinations thereof to determine the set tolerance where a device to which a user has been assigned is statistically different a device from another user (¶51, Fig. 7A(715), i.e. threshold (tolerance) is set to determine a user behavioral deviation from another users).
Shakkarwar, Miller and Moyle are considered to be analogous art as they all pertain to provide security and user convenience based on correlating user and device attributes. Therefore it would have been obvious to one of ordinary skill in the art, at the time the invention was made, to modify the user authentication mechanism of Shakkarwar and update the user profile/device profile data when confidence score is within set of tolerance system of Miller and to determine user behavioral profile deviate from another user behavioral profile based on set tolerance system of Moyle.
	The motivation/suggestion for doing so would be to verify the identities of on-line customers that is more secure than current approaches (Shakkarwar – CL(1), LN(54-56). 

Regarding Claim 2, it is a method Claim of above System Claim 1 and therefore Claim 2 is rejected with the same rationale as applied against Claim 1 above.
In addition Shakkarwar teaches, authenticating user information about a user of a device (Fig. 2(215), CL(5), LN(44-47)), i.e. user is authenticated by comparing answer given by the user with answer available from data source such as data at the institution or data held at third party databases).

Claims 3-4 are rejected under pre-AIA  35 U.S.C. 103(a) as being unpatentable over Shakkarwar (US PAT. # US 8,661,520, hereinafter “Shakkarwar”), and further in view of Miller et al. (US PGPUB. # US 2012/0201381, hereinafter “Miller”), and further in view of Moyle et al. (US PGPUB. # US 2013/0097701, hereinafter “Moyle”), and further in view of Jackson et al. (US PGPUB. # US 2011/0196932, hereinafter “Jackson”).

Regarding Claim 3, rejection of Claim 2 is included and combination of Shakkarwar, Miller and Moyle does not teach explicitly,
The method of claim 2, wherein the comparing the device personality and the updated device personality comprises determining a percent difference between the device personality and the updated device personality.
However, Jackson teaches,
The method of claim 2, wherein the comparing the device personality and the updated device personality comprises determining a percent difference between the device personality and the updated device personality (¶43, Fig. 4, ¶53, i.e. new message (updated device personality) and previous message (device personality) is compared as a percent difference using a Levenshtein Distance) . 

	The motivation/suggestion for doing so would be to verify the identities of on-line customers that is more secure than current approaches (Shakkarwar – CL(1), LN(54-56). 

Regarding Claim 4, rejection of Claim 3 is included and for the same motivation Shakkarwar teaches,
The method of claim 3, wherein allowing the transaction (Fig. 4A(420, 430,445), CL(10), LN(20-23), CL(10),LN(40-44))  [to proceed occurs when a percentage difference between the device personality and the updated device personality is between 0.02% and 76%].
Combination of Shakkarwar, Miller and Moyle does not teach explicitly,
The method of claim 3, [wherein allowing the transaction] to proceed occurs when a percentage difference between the device personality and the updated device personality is between 0.02% and 76%.
However, Jackson teaches,
The method of claim 3, [wherein allowing the transaction] to proceed occurs when a percentage difference between the device personality and the updated device personality is between 0.02% and 76% (¶53, “If the threshold is a percentage based threshold, a ratio of the edit distance to substring edit length (e.g., the number of characters in the shorter message) is compared to the threshold value to determine if the ratio is greater than, less than, or equal to the threshold. Exemplary values for a percentage based threshold can be from about 10% of the total number of characters to about 30% of the total number of character (e.g., from about 10% of the total number of characters to about 30% of the total number of characters, from about 15% of the total number of characters to about 25% of the total number of characters, about 20% of the total number of characters), i.e. threshold can be between 0.02% and 76%).



Claims 5-6 are rejected under pre-AIA  35 U.S.C. 103(a) as being unpatentable over Shakkarwar (US PAT. # US 8,661,520, hereinafter “Shakkarwar”), and further in view of Rao et al. (US PGPUB. # US 2006/0217113, hereinafter “Rao”), and further in view of Moyle et al. (US PGPUB. # US 2013/0097701, hereinafter “Moyle”). 

Regarding Claim 5, Shakkarwar teaches,
A system for allowing an authorized transaction, comprising one or more processors, one or more memories, an input interface, and a transmitter, wherein the one or more memories have stored thereon machine readable instructions that when executed by the one or more processors is configured to perform the functions of:
receive user information about a user (Fig. 2(210), CL(5), LN(33-44), i.e. user information like birth date, social security number, address is obtained by asking user questions) of a device (Fig. 1(105)); 
send data related to the user information to a server (Fig. 1(125, 130), CL(4), LN(40-48), Fig. 2(215), CL(5), LN(44-47)), i.e. user information is sent to the authentication server for authentication); 
send a device personality, from a device to the server (Fig. 3(320, 330), CL(7), LN(56-63), CL(8), LN(7-10), i.e. Examiner submits that in order verity the device personality information by an authentication server, the device personality is send to the server), [the device personality relating to user generated data stored on the device including user contacts, song names, photo names, pixel color of a background screen, or combinations thereof], 
send data related to an updated device personality comprising updated user generated data stored on the device to the server (Fig. 3(305),CL(7), LN(37-39)) and an updated device personality related to user generated data stored on the device to a server (Fig. 3(320),CL(7), LN(56-63)); 
compare the updated device personality against the device personality (Fig. 3(330), CL(8), LN(7-10)); 
allow the transaction to proceed only after comparing the device personality and the updated device personality and when the device personality and the updated device personality match within a set tolerance (Fig. 4A(420, 430,445), CL(10), LN(20-23), CL(10),LN(40-44), i.e. user profile contains device profile so when authentication server compares user profile with stored user profile it compares device profile with stored device profile and when the device profile matches it indicates match within certain tolerance), [wherein the set tolerance between the device personality and the updated device personality is determined by: 
collecting multiple user device personalities; creating statistical distributions to create statistical probabilities to determine how much an individual device personality associated with one user differs from another individual device personality associated with another user; and 
using the statistical probabilities to determine the set tolerance where a device to which a user has been assigned is statistically different from another device from another user].
Shakkarwar does not teach explicitly,
[send a device personality, from a device to the server], the device personality relating to user generated data stored on the device including user contacts, song names, photo names, pixel color of a background screen, or combinations thereof, 
wherein the set tolerance between the device personality and the updated device personality is determined by: 
collecting multiple user device personalities; creating statistical distributions to create statistical probabilities to determine how much an individual device personality associated with one user differs from another individual device personality associated with another user; and 
using the statistical probabilities to determine the set tolerance where a device to which a user has been assigned is statistically different from another device from another user.
However, Rao teaches,
send a device personality, from a device to the server], the device personality relating to user generated data stored on the device including user contacts, song names, photo names, pixel color of a background screen, or combinations thereof (Table 1 - Software Profile, Picture Application, f38, “Picture Application UID 0x101F84EB”, Table 3 - Hardware Profile, Horizontal Resolution, 240 pixels, Vertical Resolution 160 pixels, ^42,” Horizontal Resolution 240 pixels Vertical Resolution 160 pixels”, Table-4, Hardware Profile, Backlight Enabled, Horizontal Resolution, 208 lines, Vertical Resolution 320 lines, ^44,” Backlight Enabled Yes Backlight State Off Horizontal Resolution 208 lines Vertical Resolution 320 lines”, i.e. indicates that device profile(personality) consist of a picture application having pictures (photo) name, background pixel color resolution), 
Shakkarwar and Rao are considered to be analogous art as they both pertain to providing security based on correlating user and device attributes. Therefore it would have been obvious to one of ordinary skill in the art, at the time the invention was made, to modify the user authentication mechanism of Shakkarwar to have a device profile (personality) independent of hardware of device system of Rao.
The motivation/suggestion for doing so would be to verify the identities of on-line customers that is more secure than current approaches (Shakkarwar – CL(1), LN(54-56). 
Combination of Shakkarwar and Rao does not teach explicitly,
wherein the set tolerance between the device personality and the updated device personality is determined by: 
collecting multiple user device personalities; creating statistical distributions to create statistical probabilities to determine how much an individual device personality associated with one user differs from another individual device personality associated with another user; and 
using the statistical probabilities to determine the set tolerance where a device to which a user has been assigned is statistically different from another device from another user.
However Moyle teaches,
wherein the set tolerance between the device personality and the updated device personality is determined by: 
collecting multiple user device personalities; creating statistical distributions to create statistical probabilities to determine how much an individual device personality associated with one user differs from another individual device personality associated with another user; and 
using the statistical probabilities to determine the set tolerance where a device to which a user has been assigned is statistically different from another device from another user (Fig. 4C (410, 471-474), ¶55-¶56, i.e. multiple user behavioral profile which includes user generated data (device personality) is collected); creating statistical distributions to create statistical probabilities to determine how much an individual device personality associated with one user differs from another individual device personality associated with another user (Fig. 6, ¶66, Fig. 7A (710, 715), ¶67, i.e. behavioral profile includes user behavior (user generated data) and device profiles. It is determined behavioral personality of a user deviate from another user); and using the statistical difference, statistical distributions, the statistical probabilities, and combinations thereof to determine the set tolerance where a device to which a user has been assigned is statistically different a device from another user (¶51, Fig. 7A(715), i.e. threshold (tolerance) is set to determine a user behavioral deviation from another users).
Shakkarwar, Rao and Moyle are considered to be analogous art as they all pertain to provide security and user convenience based on correlating user and device attributes. Therefore it would have been obvious to one of ordinary skill in the art, at the time the invention was made, to modify the user authentication mechanism of Shakkarwar to have a device profile (personality) independent of hardware of device system of Rao and to determine user behavioral profile deviate from another user behavioral profile based on set tolerance system of Moyle.
	The motivation/suggestion for doing so would be to verify the identities of on-line customers that is more secure than current approaches (Shakkarwar – CL(1), LN(54-56). 

Regarding Claim 6, rejection of Claim [6]5 is included and for the same motivation Shakkarwar teaches,
The system of claim [6]5, where the server comprises two servers (Fig. 1(125, 140), CL(4), LN(40-45)).

Claims 7, 10 and 13 are rejected under pre-AIA  35 U.S.C. 103(a) as being unpatentable over Richard H. Harris (WIPO /PCT PUB. # WO 2012/069845, hereinafter “Harris”), and further in view of Rosenbloom et al. (US PGPUB. # US 2006/0294209, hereinafter “Rosenbloom”), and further in view of Rajesh G. Shakkarwar (US PAT. # US 8,661,520, hereinafter “Shakkarwar”), and further in view of Moyle et al. (US PGPUB. # US 2013/0097701, hereinafter “Moyle”), and further in view of Miller et al. (US PGPUB. # US 2012/0201381, hereinafter "Miller").

Regarding Claim 7, Harris teaches,
A method for a user to perform a transaction using a first electronic communication device comprising the steps of: 
connecting with a transaction receiver from the first electronic communication device (Fig. 1(106), Page (8), LN(5-7), i.e. computing apparatus 10 is connected to second server via a transceiver 106); 
receiving at a server a device personality for a second electronic communication device different from the first electronic communication device (Fig. 2(S2-5), Page (12), LN(03-16) , i.e. userid information and device id information are received at the server 14 from the mobile device, Fig. 1(12), Page (6), LN(1), mobile device 12 is a second communication device different then first computing device 10), [the device personality relating to user generated data stored on the second electronic communication device including user contacts, song names, photo names, pixel color of a background screen, or combinations thereof], 
sending data received from the user on the first electronic communication device to the server (Fig. 2 (S2-3),(S2-5), Page 11, LN(16-18), PG 12, LN(12-14), i.e. user information is sent to the server via second device); 
receiving at the server an updated device personality from the second electronic communication device (Fig. 2(214), Page (12), LN(17-32) i.e. first message containing GO (graphical object) address information is sent from mobile device 12 to server 14,Page(12), LN(29-30), Page (12), LN(3-7), i.e. first message 214 contains device identification information like a telephone number of the device, an IP address of the device or a device ID code such as a serial number.  This device ID information is considered as device personality); and 
comparing the updated device personality and the device personality (Page (13), LN(30-33), Page (14), LN(1-4), i.e. authentication server verifies verification item like address of GO (graphical object - sent electronic data)); 
Harris does not teach explicitly,
[receiving at a server a device personality for a second electronic communication device different from the first electronic communication device], the device personality relating to user generated data stored on the second electronic communication device including user contacts, song names, photo names, pixel color of a background screen, or combinations thereof,
performing the transaction only when the updated device personality and the device personality match within a set tolerance, wherein the set tolerance between the device personality and the updated device personality to allow the transaction to proceed is determined by: 
collecting multiple user device personalities, 
creating statistical distributions to create statistical probabilities to determine how much an individual device personality associated with one user differs from another individual device personality associated with another user, and  -27- using the statistical probabilities to determine the set tolerance where a device to which a user has been assigned is statistically different from an other device from another user, 
storing the updated device personality on the server only when the transaction is approved by the updated device personality and the device personality matching within the set tolerance.
However, Rosenbloom teaches,
[receiving at a server a device personality for a second electronic communication device different from the first electronic communication device], the device personality relating to user generated data stored on the second electronic communication device including user contacts, song names, photo names, pixel color of a background screen (Fig. 1(112, 150), ¶12, “cell phones”, i.e. media device is a cell phone indicate that it has user contacts), song names (Fig. 1(112, 150), ¶12, “portable media players”, i.e. media device is a portable media player indicate that it has song names), photo names (Fig. 1(112, 150), ¶12, “digital still camera”, i.e. media device is a digital still camera indicate that it has photo names), pixel color of a background screen (¶24, “the media device can tell the host unit the media device's properties and capabilities such as being able to change font size, color schemes, and wallpaper background, the different settings the media device contains, and which settings the media device can modify”, i.e. color schemes, wallpaper background are user generated data which contains pixel color of a background screen. These data are stored in configuration file which is considered as device personality. ¶27), or combinations thereof (Fig. 1(112, 150), ¶12, i.e. cell phone has user contacts, song name for audio files, phot names for the pictures taken by user, ¶24, ¶27),
Harris and Rosenbloom are considered to be analogous art as they both pertain to provide security and user convenience based on correlating user and device attributes. Therefore it would have been obvious to one of ordinary skill in the art, at the time the invention was made, to modify the user authentication mechanism of Harris to include device personality having pixel color of background screen system of Rosenbloom.
	The motivation/suggestion for doing so would be to verify the identities of on-line customers based on user profiles and device profiles.
	Combination of Harris and Rosenbloom does not teach explicitly,
performing the transaction only when the updated device personality and the device personality match within a set tolerance, wherein the set tolerance between the device personality and the updated device personality to allow the transaction to proceed is determined by: 
collecting multiple user device personalities, 
creating statistical distributions to create statistical probabilities to determine how much an individual device personality associated with one user differs from another individual device personality associated with another user, and  using the statistical probabilities to determine the set tolerance where a device to which a user has been assigned is statistically different from an other device from another user, 
storing the updated device personality on the server only when the transaction is approved by the updated device personality and the device personality matching within the set tolerance.
However, Shakkarwar teaches,
performing the transaction only when the updated device personality and the device personality match within a set tolerance (Fig. 4A(420, 430,445), CL(10), LN(20-23), CL(10),LN(40-44), i.e. user profile contains device profile so when authentication server compares user profile with stored user profile it compares device profile with stored device profile and when the device profile matches it indicates match within certain tolerance),
Harris, Rosenbloom and Shakkarwar are all considered to be analogous art because they all pertain to provide security and user convenience based on correlating user and device attributes. Therefore it would have been obvious to one of ordinary skill in the art, at the time the invention was made, to modify the user authentication mechanism of Harris to include device personality having pixel color of background screen system of Rosenbloom and allowing transaction when device personality is matched with stored device personality system of Shakkarwar.

	Combination of Harris, Rosenbloom and Shakkarwar does not teach explicitly,
[performing the transaction only when the updated device personality and the device personality match within a set tolerance], wherein the set tolerance between the device personality and the updated device personality to allow the transaction to proceed is determined by: 
collecting multiple user device personalities, 
creating statistical distributions to create statistical probabilities to determine how much an individual device personality associated with one user differs from another individual device personality associated with another user, and  using the statistical probabilities to determine the set tolerance where a device to which a user has been assigned is statistically different from an other device from another user, 
storing the updated device personality on the server only when the transaction is approved by the updated device personality and the device personality matching within the set tolerance.
However, Moyle teaches,
[performing the transaction only when the updated device personality and the device personality match within a set tolerance], wherein the set tolerance between the device personality and the updated device personality to allow the transaction to proceed is determined by: 
collecting multiple user device personalities (Fig. 4C (410, 471-474), ¶55-¶56, i.e. multiple user behavioral profile which includes user generated data (device personality) is collected), 
creating statistical distributions to create statistical probabilities to determine how much an individual device personality associated with one user differs from another individual device personality associated with another user, and  using the statistical probabilities to determine the set tolerance where a device to which a user has been assigned is statistically different from an other device from another user (Fig. 6, ¶66, Fig. 7A (710, 715), ¶67, i.e. behavioral profile includes user behavior (user generated data) and device profiles. It is determined behavioral personality of a user deviate from another user) and using the statistical difference, statistical distributions, the statistical probabilities, and combinations thereof to determine the set tolerance where a device to which a user has been assigned is statistically different a device from another user (¶51, Fig. 7A(715), i.e. threshold (tolerance) is set to determine a user behavioral deviation from another users), 
Harris, Rosenbloom, Shakkarwar and Moyle are all considered to be analogous art because they all pertain to provide security and user convenience based on correlating user and device attributes. Therefore it would have been obvious to one of ordinary skill in the art, at the time the invention was made, to modify the user authentication mechanism of Harris to include device personality having pixel color of background screen system of Rosenbloom and allowing transaction when device personality is matched with stored device personality system of Shakkarwar to 
The motivation/suggestion is to provide a way to verify the identities of on-line customers that is more secure than current approaches (Shakkarwar – CL(1), LN(54-56).
Combination of Harris, Rosenbloom, Shakkarwar and Moyle does not teach explicitly,
storing the updated device personality on the server only when the transaction is approved by the updated device personality and the device personality matching within the set tolerance.
However, Miller teaches,
storing the updated device personality on the server only when the transaction is approved by the updated device personality and the device personality matching within the set tolerance (Fig. 2B(2050, 2060), ¶70, i.e. on a match between the actual response and one of the pre-processed responses indicates that confidence score is within a set of tolerance.  Once the confidence score is within a set of tolerance, previously stored values are updated in the minutia database).
Harris, Rosenbloom, Shakkarwar, Moyle and Miller are all considered to be analogous art because they all pertain to provide security and user convenience based on correlating user and device attributes. Therefore it would have been obvious to one of ordinary skill in the art, at the time the invention was made, to modify the user authentication mechanism of Harris to include device personality having pixel color of background screen system of Rosenbloom and allowing transaction when device 
The motivation/suggestion is to provide a way to verify the identities of on-line customers that is more secure than current approaches (Shakkarwar – CL(1), LN(54-56).

Regarding Claim 13, it is a system claim of above method Claim 7, and therefore Claim13 is rejected with the same rationale as applied against Claim 7 above.

Regarding Claim 10, rejection of Claim 7 is included and for the same motivation Harris, Rosenbloom and  Shakkarwar does not teach explicitly,
The method of claim 7, wherein the set tolerance is based on an elapsed time between the receiving of the device personality and the updated device personality of the second electronic communication device at the server.
However, Moyle teaches,
The method of claim 7, wherein the set tolerance is based on an elapsed time between the receiving of the device personality and the updated device personality of the second electronic communication device at the server (¶50, “For instance, in FIG. 4A, aggregate behavior 405 can be identified for a particular user 410 identified within a particular system, for instance, through a plurality of data and events identified and collected by security tools monitoring devices, transactions, and other aspects of the system that relate to the user's 410 use of the system over a period of time”. ¶51, "Accordingly, some degree of deviations from the expected behavioral profile 415 can be tolerated so as to permit organic fluctuations in a human user's behavior. Thresholds can be defined for determining whether user behavior diverges in a meaningful or potentially threatening way from the behavioral profile 415 of the user 410. For instance, user actions 420 within the system can be identified and processed to detect that the character of the actions 420 statistically vary or deviate from the expected norm beyond a certain tolerated threshold (such as a number of standard deviations or percentage deviations from the behavioral profile 415)”, i.e. threshold (tolerance) is determined based on user behavior profile over the time).


Claims 8-9 are rejected under pre-AIA  35 U.S.C. 103(a) as being unpatentable over Richard H. Harris (WIPO /PCT PUB. # WO 2012/069845, hereinafter “Harris”), and further in view of Rosenbloom et al. (US PGPUB. # US 2006/0294209, hereinafter “Rosenbloom”), and further in view of Rajesh G. Shakkarwar (US PAT. # US 8,661,520, hereinafter “Shakkarwar”), and further in view of Moyle et al. (US PGPUB. # US 2013/0097701, hereinafter “Moyle”), and further in view of Miller et al. (US PGPUB. # US 2012/0201381, hereinafter "Miller"), and further in view of Jackson et al. (US PGPUB. # US 2011/0196932, hereinafter “Jackson”).

Regarding Claim 8, rejection of Claim 7 is included and combination of Harris, Rosenbloom, Shakkarwar, Moyle and Miller does not teach explicitly,
The method of claim 7, wherein a comparison of the device personality and the updated device personality is a percent difference.
However, Jackson teaches,
The method of claim 7, wherein a comparison of the device personality and the updated device personality is a percent difference (¶43, Fig. 4, ¶53, i.e. new message (updated device personality) and previous message (device personality) is compared as a percent difference using a Levenshtein Distance).
Harris, Rosenbloom, Shakkarwar, Moyle, Miller and Jackson are all considered to be analogous art because they all pertain to provide security and user convenience based on correlating user and device attributes. Therefore it would have been obvious to one of ordinary skill in the art, at the time the invention was made, to modify the user authentication mechanism of Harris to include device personality having pixel color of background screen system of Rosenbloom and allowing transaction when device personality is matched with stored device personality system of Shakkarwar to determine user behavioral profile deviate from another user behavioral profile based on set tolerance system of Moyle and update the user profile/device profile data when confidence score is within set of tolerance system of Miller and use Levenshtein Distance to compare device personality system of Jackson.
The motivation/suggestion is to provide a way to verify the identities of on-line customers that is more secure than current approaches (Shakkarwar – CL(1), LN(54-56).
Regarding Claim 9, rejection of Claim 8 is included and for the same motivation combination of Harris, Rosenbloom, Shakkarwar, Moyle and Miller does not teach explicitly,
The method of claim 8, wherein the set tolerance is between 0.02% and 76% difference.
However, Jackson teaches,
The method of claim 8, wherein the set tolerance is between 0.02% and 76% difference (¶53, “If the threshold is a percentage based threshold, a ratio of the edit distance to substring edit length (e.g., the number of characters in the shorter message) is compared to the threshold value to determine if the ratio is greater than, less than, or equal to the threshold. Exemplary values for a percentage based threshold can be from about 10% of the total number of characters to about 30% of the total number of character (e.g., from about 10% of the total number of characters to about 30% of the total number of characters, from about 15% of the total number of characters to about 25% of the total number of characters, about 20% of the total number of characters), i.e. threshold can be between 0.02% and 76%).

Conclusion

The prior art made of record and not relied upon is considered pertinent to applicant's disclosure.  Refer to PTO-892, Notice of References Cited for a listing of analogous art.
White et al. (US PGPUB. # US 2011/0035788) discloses, determining a state of a communications device when the inputted information is known, and transmitting a biometric authentication request from a server to an authentication system when the state of the communications device is enrolled. Additionally, the method includes obtaining biometric authentication data in accordance with a biometric authentication data capture request with the communications device, biometrically authenticating the user, generating a one-time pass-phrase and storing the one-time pass-phrase on the authentication system when the user is authenticated, comparing the transmitted one-time pass-phrase against the stored one-time pass-phrase, and conducting the transaction when the transmitted and stored one-time pass-phrases match.
Hillburn et al. (US PGPUB. # US 2013/0159476) discloses, A profile platform receives, at a cloud-based service platform, a request for a device profile from a mobile device, wherein the device profile specifies information relating to configuration of a graphical user interface and one or more applications associated with the mobile device, determines context data for the mobile device, selects one of a plurality of device profiles based on the determined context data, and generates a control message specifying the selected device profile for configuring the mobile device.
Cohen et al. (US PGPUB. # US 2012/0091202) discloses, Applicant's Smartphone application provides ticket-holding patrons an alternative, digital means of verifying personal identification at entry to a venue or event. The Smartphone application periodically generates a unique QR code (barcode) that contains a unique identifier (i.e., mobile device ID) which prompts the venue/event entry system to recognize the patron. No barcode (serving as a ticket, or authentication/verification, or 

Any inquiry concerning this communication or earlier communications from the examiner should be directed to DARSHAN I DHRUV whose telephone number is (571)272-4316.  The examiner can normally be reached on M-F 9:00 AM-5:00 PM.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Yin-Chen Shaw can be reached on 571-272-8878.  The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system.  Status information for published applications may be obtained from either Private PAIR or Public PAIR.  Status information for unpublished applications is available through Private PAIR only.  For more information about the PAIR system, see https://ppair-my.uspto.gov/pair/PrivatePair. Should you have questions on access to the Private PAIR system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative or access to the automated information system, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.






/DARSHAN I DHRUV/Examiner, Art Unit 2498