DETAILED ACTION
Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .
Response to Amendments
	This office action responds to the amendments filed on March 23, 2021 for application 15/928,513.  Claims 1, 5, 9, 11, and 15 were amended, claims 4, 14, and 21-22 were cancelled, and claims 1-2, 5-12, and 15-20 remain pending in the application.
Response to Arguments
	The Applicant’s arguments filed on March 23, 2021 have been fully considered, and the Examiner responds as provided below.
	Regarding the Applicant’s response at page 9 of the Remarks that concerns the § 112(a) rejection of claims 4 and 14, the cancellation of claims 4 and 14 resolves the issue and the rejection is withdrawn.
Regarding the Applicant’s response at pages 9-13 of the Remarks that concerns the § 103, the Applicant’s arguments in conjunction with the claim amendments are persuasive, and consequently the Examiner conducted a new prior art search. The Applicant’s arguments are now moot with respect to the pending claims because the arguments do not apply to some of the references currently used in the rejection of the aforementioned claims as detailed below.  More specifically, the Applicant argues at page 11 of the Remarks that “In other words, Shelton uses the confidence to determine the identity of the user, whereas the claimed limitations use the confidence to determine 
Claim Rejections - 35 USC § 103
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.

(NOTE: within the Examiner’s parenthetical explanations below, material within quotation marks is language quoted from the prior art reference, underlined material is language quoted from the claims, and material within brackets is material altered from either a prior art reference or a claim.  Regarding the reconstruction of the claims, a numbered footnote indicates a primary phrase to be first moved upwards to the first cited reference, while a lettered footnote indicates a secondary phrase to be moved after the movement of the primary phrase from which it was lifted.  Or more succinctly, move numbered material first, lettered material last.)
A.	Claims 1, 4-11 and 14-22 are rejected under 35 U.S.C. 103 as being unpatentable over Shelton et al. (US 10,019,561, “Shelton”) in view of Ben-Dor et al. (US 2019/0279615, “Ben-Dor”), and further in view of Gaeta et al. (US 10,972,458, “Gaeta”).
Regarding Claim 1
Shelton discloses
A method (abstract, Fig. 5), comprising: 
receiving, at an information handling device (Fig. 1, Col. 5:12-27, i.e., any of devices 110A-M), an audible command from a user (Fig. 5, Col. 14:49-15:17, “Receiving operation 505 receives a voice interaction [as an audible command] from the user. The voice interaction could be received from a mobile device, a landline, etc.”); 
determining, using a processor (Figs. 2 & 5, Col. 14:49-67, “The operations illustrated in FIG. 5 may be performed by one or more components, devices, or modules such as, … processor 210,”), whether a … 1 level associated with the audible command corresponds to one of a first …1 level and a higher …1 level (Col. 15:18-45, “Determining activity access level operation 535 determines an access level required for a requested activity. Decision operation 540 determines whether the user access level meets or exceeds the access level required for an activity.”), 
wherein the determining comprises accessing a list of stored keywords (Col. 4:16-38, “The previously recorded [and stored] samples of the person saying these words [that act as keywords] may be used to create a voice profile that can be used to determine a confidence level in the verification of the user's identity;” see also Ben-Dor ¶ [0049], i.e., “For example, the digital assistant service may determine that a high privacy level or a low privacy level is associated with verbal command 128 based on analysis of one or more of the following: one or more words or phrases in verbal command 128,”), 
2 …; 
3 … and 
responsive to determining that the …1 level corresponds to the higher …1 level based upon the audible command comprising the at least one word (Figs. 2 & 5, Col. 14:49-15:45; and Ben-Dor ¶ [0049]), 
authenticating the user prior to performing a function associated with the audible command (Fig. 5, Col. 15:29-45, “Upon determining that the user access level meets or exceeds the access level required for the activity [or a function], authenticating operation 545 authenticates the user and performs the activity.”), 
4 …,
wherein the authenticating comprises identifying a confidence that the user providing the audible command is an authorized provider of the audible command (Fig. 5, Col. 15:18-45, e.g., “Determining user access level operation 530 determines the access level of the user based on [identifying] the confidence level of the verification [of the audible command].”) and, 
responsive to identifying the confidence is lower than a predetermined threshold, prompting a user to provide user authentication input (Fig. 5, Col. 15:18-45, “Upon determining that the user access level fails to meet or exceed the access level required for the activity, receiving/prompting operation 550 receives or prompts for additional interactions. Additional interactions [that serve as user authentication input] may include receiving additional voice biometrics from the user, eye movement, or other information that can be used to identify the user.”),
5 ….
Shelton doesn’t disclose
	1 …privacy level…
	2 each of the stored keywords being associated with the first privacy level or the higher privacy level and identifying at least one word within the audible command corresponds to one of the stored keywords associated with the higher privacy level (¶ [0049], );
	3 wherein commands within the higher privacy level are ranked based upon privacy level within the higher privacy level, wherein commands having a higher ranking correspond to a higher confidence level of user authentication;
	4 wherein the authenticating comprises determining a ranking of the commands within the higher privacy level,
	5 wherein the predetermined-2-Atty. Docket No. RPS920180003USNP (710.578)threshold varies based upon the ranking of the commands within the higher privacy level, and wherein requirements of the user authentication input vary based upon a confidence level corresponding to the predetermined threshold selected based upon the ranking.
Ben-Dor, however, disclose
	1 …privacy level… (¶ [0049], “For example, the digital assistant service may determine that a high privacy level or a low privacy level is associated with verbal command 128 based on analysis of one or more of the following: one or more words or phrases in verbal command 128,”)
	2 each of the stored keywords being associated with the first privacy level or the higher privacy level and identifying at least one word within the audible command corresponds to one of the stored keywords associated with the higher privacy level (¶ [0049], “For example, the digital assistant service may determine that a high privacy level or a low privacy level is associated with verbal command 128 based on analysis of at least one word is used to determine an “access level” to within a degree of confidence);
Gaeta, however, discloses
	3 wherein commands within the higher privacy level are ranked based upon privacy level within the higher privacy level (Col. 7:1-43, “At step 204, the authentication server may determine an authentication level associated with the request [that acts as a command]. The user may request services that involve different levels of risk [or privacy level[s]]. The authentication server may categorize [and therefore rank] the requests into different authentication levels. If the request is in higher risk, the authentication server may conduct a higher level of authentication,” and “The authentication server may have an authentication database that stores a list of known keywords of the commands and the corresponding authentication level. To identify the operations associated with the commands, the authentication server may parse the words of the computer readable request, and compare the parsed words to the list of keywords in the database.”), 
wherein commands having a higher ranking correspond to a higher confidence level of user authentication (Col. 7:12-43, “For example, the keywords may include ‘transfer,’ if the authentication server finds there is a match for the word ‘transfer,’ the authentication server may determine this command is a write operation that changes the balance of the account. Furthermore, the operation of making a transfer may be in different amounts. The authentication server may determine the amount by identifying the character ‘$’ and the number following the character ‘$.’ The identified commands may be of different risk levels. For example, the command of read operation is in lower a higher confidence level of user authentication] the user for the second request. Specifically, the authentication server may query the authentication database for one or more security challenges corresponding to the more restricted authentication level of the second request.”);
	4 wherein the authenticating comprises determining a ranking of the commands within the higher privacy level (Col. 7:44-58, “For example, for one user, a transfer over $5000 may have the highest authentication level; for another user, a transfer over $500 may have the highest authentication level. The user may set up different thresholds [that act as different higher privacy level[s] and are accordingly rank[ed]] or parameters for different operations based on the user's personal preferences.”),
	5 wherein the predetermined-2-Atty. Docket No. RPS920180003USNP (710.578)threshold varies based upon the ranking of the commands within the higher privacy level (Col. 7:44-58, “The identified commands may be of different risk levels. For example, the command of read operation is in lower risk [and thus has a lower predetermined threshold that varies based upon the different higher privacy level[s]] than the command of write operation.”), and wherein requirements of the user authentication input vary based upon a confidence level corresponding to the predetermined threshold selected based upon the ranking (Col. 7:59-8:5, “For example, the authentication server may study the user's request patterns 
Regarding the combination of Shelton and Ben-Dor, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to modify the authentication system of Shelton to arrive at the claimed invention.  KSR establishes that a rationale for obviousness is proven by showing a “simple substitution of one known element for another to obtain predictable results.” See MPEP § 2143(I)(B).
To substantiate the conclusion of obviousness under this KSR rationale, the Examiner finds pursuant to MPEP § 2143(I)(B):
1) the prior art contained a system that differed from the claimed system by the substitution of some component, and more specifically, Shelton discloses an authentication system with an access level feature that differs from the claimed invention that possesses a privacy level feature, where the privacy level feature substitutes for the access level feature of Shelton;
2) the substituted component of the privacy level feature was known in the art, as demonstrated by Ben-Dor; and
3) one of ordinary skill in the art could have substituted one known element (the privacy level feature of Ben-Dor) for another (the access level feature of Shelton) and the results would have been predictable to one of ordinary skill in the art.  

	Regarding the combination of Shelton-Ben-Dor and Gaeta, it would have been obvious for one of ordinary skill in the art before the effective filing date of the claimed invention to have modified the authentication system of Shelton-Ben-Dor to have included the privacy level feature of Gaeta. One of ordinary skill in the art would have been motivated to incorporate the privacy level feature of Gaeta because Gaeta discusses the problem of multi-tier authentications as being too restrictive and overly burdensome, see Gaeta Col. 1:56-64, and Gaeta provides a solution involving “a more efficient and secure anti-fraud system and method that would allow an authentication server to determine the authentication level based on the command of the user's request and require the user to provide an appropriate amount of credentials corresponding to the request's authentication level.”  See Gaeta Col. 2:3-8.
Regarding Claim 5
Shelton-Ben-Dor-Gaeta discloses the method of claim 4, and Shelton further discloses 
wherein the user authentication input is at least one input selected from the group consisting of biometric input, password input, and additional voice input (Fig. 5, Col. 15:18-45, “Upon determining that the user access level fails to meet or exceed the access level required for the activity, receiving/prompting operation 550 receives or prompts for additional interactions. Additional interactions [that serve as user authentication input] may include receiving additional voice biometrics from the user, eye movement, or other information that can be used to identify the user.”).
Regarding Claim 6
Shelton-Ben-Dor-Gaeta discloses the method of claim 5, and Shelton further discloses 
further comprising notifying the user that the function cannot be performed responsive to determining that the received user authentication input does not match stored user authentication data (Fig. 5, Col. 15:18-45, “Upon determining that the user access level fails to meet or exceed the access level required for the activity, receiving/prompting operation 550 receives or prompts [or notif[ies] the user] for additional interactions.”).
Regarding Claim 7
Shelton-Ben-Dor-Gaeta discloses the method of claim 1, and Shelton further discloses 
wherein the higher …1 level comprises at least two higher …1 levels, each of the at least two higher privacy levels being associated with a confidence level different from any other of the at least two higher privacy levels (Col. 7:59:-8:10, “A confidence in the verification may be calculated, which can be used to determine an access level of the user;” and Fig. 6, Col. 15:65-16:55, “If the access level of the user does not meet or exceed the access level required for the activity [which suggests the existence of higher levels],” and “Based on the confidence level, an access level of the user may be determined in determining access level operation 620. If the confidence level is high, the access level for the user may high, allowing the user to partake in higher risk activities,” noting that the “loop” of Fig. 6 in itself indicates the existence of various .
Ben-Dor further discloses
	1 …privacy levels… (¶ [0049])
	Regarding the rationale to combine Shelton and Ben-Dor, the rationale to combine is the same as provided for claim 1 due to the overlapping subject matter between claims 1 and 7.
Regarding Claim 8
Shelton-Ben-Dor-Gaeta discloses the method of claim 7, and Shelton further discloses 
wherein the authenticating comprises an authentication requirement and further comprises adjusting the authentication requirement based on the confidence level (Fig. 6, Col. 15:65-16:55, “If the access level of the user does not meet or exceed the access level required for the activity, determining operation 640 determines additional information needed and how to collect the information. Additional information [as an authentication requirement] may include a fingerprint, retinal scan, eye movements, device fingerprint, browsing history, etc.,” i.e., the “additional information” as an authentication requirement was based on the confidence level of the user not being met at step 630).
Regarding Claim 9
Shelton-Ben-Dor-Gaeta discloses the method of claim 8, and Shelton further discloses
wherein the authentication requirement comprises at least two authentication types (Fig. 6, Col. 15:65-16:55, “Additional information [as an authentication requirement] may include a fingerprint, retinal scan, eye movements, device fingerprint, browsing history [as at least two authentication types]”).
Regarding Independent Claims 11 and 20
With respect to independent claims 11 and 20, a corresponding reasoning as given earlier for independent claim 1 applies, mutatis mutandis, to the subject matter of claims 11 and 20. Therefore, claims 11 and 20 are rejected, for similar reasons, under the grounds set forth for claim 1. 
Regarding Dependent Claims 15-19
With respect to dependent claims 15 and 16-19, a corresponding reasoning as given earlier for dependent claims 5 and 7-10 applies, mutatis mutandis, to the subject matter of claims 15-19. Therefore, claims 15-19 are rejected, for similar reasons, under the grounds set forth for claims 5 and 7-10.
B.	Claims 2 and 12 are rejected under 35 U.S.C. 103 as being unpatentable over Shelton in view of Ben-Dor and Gaeta, and further in view of Kumar et al. (US 10,097,499, “Kumar”).
Regarding Claim 2
Shelton-Ben-Dor-Gaeta discloses the method of claim 1, and Shelton further discloses 
wherein the determining comprises…1 (Figs. 2 & 5, Col. 14:49-15:45; and Ben-Dor ¶ [0049]) 
Shelton-Ben-Dor-Gaeta doesn’t disclose
1 …accessing a list of stored domains, each of the stored domains being associated with a first privacy level or a higher privacy level.
Kumar, however, discloses
1 …accessing a list of stored domains, each of the stored domains being associated with a first privacy level or a higher privacy level (Col. 8:46-67, “At 502 the device may determine whether the message is a private message. For example, the device can analyze the words of a text message to determine whether the text message includes private words, such as “medication,” “test results,” “sex,” etc. [where these words form a domain having a higher privacy level]. In various embodiments, the device can determine information about the sender of the message, and the privacy level of the message can be based on the sender information,” i.e., Shelton and Ben-Dor disclose the use of words to determine an access/privacy level, and Kumar extends the list of words to create a set of associate words, or a domain, where a particular type of domain leads to a different privacy level).
	Regarding the combination of Shelton-Ben-Dor-Gaeta and Kumar, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to modify Shelton-Ben-Dor-Gaeta to arrive at the claimed invention.  KSR establishes that a rationale for obviousness is proven by showing a “use of [a] known technique to improve similar devices in the same way.”  See MPEP § 2143(I)(C).
To substantiate the conclusion of obviousness under this KSR rationale, the Examiner finds pursuant to MPEP § 2143(I)(C):
1) the prior art contained a base system, namely the word-based (i.e., word, clause, phrase, etc.) authentication system of Shelton-Ben-Dor, upon which the claimed invention can be seen as an “improvement” through the use of associated word sets (i.e., domains);

3) one of ordinary skill in the art could have applied the known improvement technique of applying the associated word sets as domains to the base system, or word-based authentication system of Shelton-Ben-Dor, and the results would have been predictable to one of ordinary skill in the art.
Regarding Claims 12 
With respect to claim 12, a corresponding reasoning as given earlier for claim 2 applies, mutatis mutandis, to the subject matter of claim 12. Therefore, claim 12 is rejected, for similar reasons, under the grounds set forth for claims 2. 
C.	Claim 10 is rejected under 35 U.S.C. 103 as being unpatentable over Shelton in view of Ben-Dor and Gaeta, and further in view of Kumar et al. (US 10,097,499, “Kumar”).
Regarding Claim 10
Shelton-Ben-Dor-Gaeta discloses the method of claim 1, and Ben-Dor further discloses 
further comprising performing, responsive to determining that the privacy level corresponds to the first privacy level (¶ [0049], i.e., the lower privacy level is determin[ed] based upon a spoken “word”), …1.
Shelton-Ben-Dor-Gaeta doesn’t disclose
	1 … a function associated with the audible command without authenticating the user.
Aissi, however, discloses
1 … a function associated with the audible command without authenticating the user (Fig. 3, at least ¶¶ [0055]-[0057], “for a contextual value between 50 and 70, a low level restricted access to an application in the set 302 may be authorized,” with a low “contextual value” not requiring additional authentication to achieve a higher privacy level, and at this “low” first privacy level, a function, such as “Play music,” is performed, where it would be obvious to one skilled in the art to not authenticate the user for function with a low to no privacy level, as this is an inefficient use of the user’s time and computing resources, see Aissi ¶ [0003].  See MPEP § 2141(III), stating “Prior art is not limited just to the references being applied, but includes the understanding of one of ordinary skill in the art. The prior art reference (or references when combined) need not teach or suggest all the claim limitations, however, Office personnel must explain why the difference(s) between the prior art and the claimed invention would have been obvious to one of ordinary skill in the art.” ).
Regarding the rationale to combine Shelton and Ben-Dor, the rationale to combine is the same as provided for claim 1 due to the overlapping subject matter between claims 1 and 7.
	Regarding the combination of Shelton-Ben-Dor-Gaeta and Aissi, it would have been obvious for one of ordinary skill in the art before the effective filing date of the claimed invention to have modified the authentication system of Shelton-Ben-Dor-Gaeta to have included the no-authentication feature as suggested by Aissi. One of ordinary skill in the art would have been motivated to incorporate because no-authentication feature of Aissi because Aissi teaches “different authentication checks to allow access to various resources on the mobile device may cause unnecessary burden on the user 
Conclusion
Applicant's amendment necessitated the new ground(s) of rejection presented in this Office action.  Accordingly, THIS ACTION IS MADE FINAL.  See MPEP § 706.07(a).  Applicant is reminded of the extension of time policy as set forth in 37 CFR 1.136(a).  
A shortened statutory period for reply to this final action is set to expire THREE MONTHS from the mailing date of this action.  In the event a first reply is filed within TWO MONTHS of the mailing date of this final action and the advisory action is not mailed until after the end of the THREE-MONTH shortened statutory period, then the shortened statutory period will expire on the date the advisory action is mailed, and any extension fee pursuant to 37 CFR 1.136(a) will be calculated from the mailing date of the advisory action.  In no event, however, will the statutory period for reply expire later than SIX MONTHS from the date of this final action. 
Any inquiry concerning this communication or earlier communications from the examiner should be directed to D'ARCY WINSTON STRAUB whose telephone number is (303)297-4405.  The examiner can normally be reached on Monday-Friday 9:00-5:00 Mountain Time.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.

Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system.  Status information for published applications may be obtained from either Private PAIR or Public PAIR.  Status information for unpublished applications is available through Private PAIR only.  For more information about the PAIR system, see https://ppair-my.uspto.gov/pair/PrivatePair. Should you have questions on access to the Private PAIR system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative or access to the automated information system, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.



/D'Arcy Winston Straub/Examiner, Art Unit 2491                                                                                                                                                                                                        

/ASHOKKUMAR B PATEL/Supervisory Patent Examiner, Art Unit 2491