Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .
Information Disclosure Statement
The information disclosure statement (IDS) submitted on 08/28/2020 and 02/03/2021.  The submission is in compliance with the provisions of 37 CFR 1.97.  Accordingly, the information disclosure statement is being considered by the examiner.
Drawings
The drawings were received on 03/27/2020.  These drawings are objected.
New corrected drawings in compliance with 37 CFR 1.121(d) are required in this application. In figure 6, the computer system 600 includes the Processor 610, Memory 620 and Non-Volatile Storage 620. However, the application, in paragraph 0292, states for Fig. 8 with “the computer system 800 may include one or more processors 810 and one or more articles of manufacture that comprise non-transitory computer-readable storage media (e.g., memory 820 and one or more non-volatile storage media 830).” Applicant is advised to employ the services of a competent patent draftsperson outside the Office, as the U.S. Patent and Trademark Office no longer prepares new drawings. The corrected drawings are required in reply to the Office action to avoid abandonment of the application. The requirement for corrected drawings will not be held in abeyance.
Examiner’s Note
Regarding clam 1, the examiner interprets the authentication system comprising at least one processor operatively connected to a memory and a classification component. The processor and memory appear to be hardware according to FIG. 6 and paragraph 0292. In addition, the claim would recite a judicial exception that is integrated into a practical application of the exception: authentication.
Claim Objections
Claim 2 and 13 are objected to because of the following informalities:  
Clam 2 and 13 respectively recite “a group labels”. It should be “a group of labels” (Emphasis added).  Please also consider the antecedent issue of the “labels” below.
Appropriate correction is required.
Claim Rejections - 35 USC § 112
The following is a quotation of 35 U.S.C. 112(b):
(b)  CONCLUSION.—The specification shall conclude with one or more claims particularly pointing out and distinctly claiming the subject matter which the inventor or a joint inventor regards as the invention.

Claims 1-20 are rejected under 35 U.S.C. 112(b), as failing to set forth the subject matter which the inventor or a joint inventor, or for applications subject to pre-AIA  35 U.S.C. 112, the applicant regards as the invention. 
Independent claim 1 recites the limitation "at least one label" in line 10.  There is insufficient antecedent basis for this limitation in the claim (Emphasis added).
Claim 2 recites the limitation "group labels" and "probability of match".  There is insufficient antecedent basis for this limitation in the claim (Emphasis added). The examiner believes the applicant may be referring to the label inputs. Please clarify and limiting the scope of the claim.
Claim 3 recites the limitation "distance threshold".  There is insufficient antecedent basis for this limitation in the claim.
Claim 4 recites the limitation "identification labels".  There is insufficient antecedent basis for this limitation in the claim (Emphasis added). The examiner believes the applicant may be referring to the label associated an identification of a user. Please clarify and limiting the scope of the claim.
Claim 5 recites the limitation "labels for subsequent authentication".  There is insufficient antecedent basis for this limitation in the claim (Emphasis added).
labels in an authentication database".  There is insufficient antecedent basis for this limitation in the claim (Emphasis added).
Claim 9 recites the limitation "distance threshold".  There is insufficient antecedent basis for this limitation in the claim.
Independent claim 12 recites the limitation "at least one label" in line 08.  There is insufficient antecedent basis for this limitation in the claim (Emphasis added).
Claim 13 recites the limitation "group labels" and "probability of match".  There is insufficient antecedent basis for this limitation in the claim (Emphasis added). The examiner believes the applicant may be referring to the label inputs. Please clarify and limiting the scope of the claim.
Claim 14 recites the limitation "distance threshold".  There is insufficient antecedent basis for this limitation in the claim.
Claim 15 recites the limitation "identification labels".  There is insufficient antecedent basis for this limitation in the claim (Emphasis added). The examiner believes the applicant may be referring to the label associated an identification of a user. Please clarify and limiting the scope of the claim.
Claim 16 recites the limitation "labels for subsequent authentication".  There is insufficient antecedent basis for this limitation in the claim (Emphasis added).
Claim 18 recites the limitation "identification labels" and "authentication database".  There is insufficient antecedent basis for this limitation in the claim (Emphasis added). 
The dependent claims, which are not recited above, inherit the deficiencies of respective the independent claim upon which they ultimate claim and are rejected as well.
Double Patenting
The nonstatutory double patenting rejection is based on a judicially created doctrine grounded in public policy (a policy reflected in the statute) so as to prevent the unjustified or improper timewise extension of the “right to exclude” granted by a patent and to prevent possible harassment by multiple In re Berg, 140 F.3d 1428, 46 USPQ2d 1226 (Fed. Cir. 1998); In re Goodman, 11 F.3d 1046, 29 USPQ2d 2010 (Fed. Cir. 1993); In re Longi, 759 F.2d 887, 225 USPQ 645 (Fed. Cir. 1985); In re Van Ornum, 686 F.2d 937, 214 USPQ 761 (CCPA 1982); In re Vogel, 422 F.2d 438, 164 USPQ 619 (CCPA 1970); In re Thorington, 418 F.2d 528, 163 USPQ 644 (CCPA 1969).
A timely filed terminal disclaimer in compliance with 37 CFR 1.321(c) or 1.321(d) may be used to overcome an actual or provisional rejection based on nonstatutory double patenting provided the reference application or patent either is shown to be commonly owned with the examined application, or claims an invention made as a result of activities undertaken within the scope of a joint research agreement. See MPEP § 717.02 for applications subject to examination under the first inventor to file provisions of the AIA  as explained in MPEP § 2159. See MPEP § 2146 et seq. for applications not subject to examination under the first inventor to file provisions of the AIA . A terminal disclaimer must be signed in compliance with 37 CFR 1.321(b). 
The USPTO Internet website contains terminal disclaimer forms which may be used. Please visit www.uspto.gov/patent/patents-forms. The filing date of the application in which the form is filed determines what form (e.g., PTO/SB/25, PTO/SB/26, PTO/AIA /25, or PTO/AIA /26) should be used. A web-based eTerminal Disclaimer may be filled out completely online using web-screens. An eTerminal Disclaimer that meets all requirements is auto-processed and approved immediately upon submission. For more information about eTerminal Disclaimers, refer to www.uspto.gov/patents/process/file/efs/guidance/eTD-info-I.jsp.

Instant Application 16/832,014
Co-pending App-851
1 and 12. An authentication system for privacy-enabled authentication, the system comprising: 



at least one processor operatively connected to a memory; 














accept encrypted authentication credentials, generated from a first neural network; 
classify the encrypted authentication credential during training, based on processing the encrypted authentication credentials and associated label inputs during the training;


output an array of values reflecting a probability of a match to at least one label for identification responsive to analyzing an encrypted authentication credential input; and wherein the classification component is further configured to: retrieve at least one encrypted authentication credential classified during training based on identification in the array of values;


determine a distance between the encrypted authentication credential input and the at least one encrypted authentication credential; and 

return a distance match, responsive to determining the distance between the encrypted authentication credential input and the at least one encrypted authentication credential meets a threshold.



at least one processor operatively connected to a memory; an interface, executed by the at least one processor configured to: receive a candidate set of authentication instances of at least a first data type associated with a user requesting authentication; 

a classification component executed by the at least one processor, configured to: 
analyze a liveness threshold, wherein analyzing the liveness threshold includes processing the candidate set of instances to determine that the candidate set of instances matches a behavioral model for the user;


accept encrypted feature vectors, 
generated from a first neural network; 
classify the encrypted feature vectors during training, based on the encrypted feature vectors and label inputs; 



















return a label for identification or an unknown result during prediction responsive to analyzing an encrypted feature vector input with the first DNN; and confirm authentication based at least on the label and the liveness threshold.


This is a provisional nonstatutory double patenting rejection because the patentably indistinct claims have not in fact been patented. Although the claims at issue are not identical, they are not patentably distinct from each other because claims 1 of the co-pending Application contains every elements of claim 1 and 12 of the instant application except for the bolded limitations as seen in the above table.
As per independent claim 1, Spizhevoy further discloses the authentication system for privacy-enabled authentication, wherein determine a distance between the encrypted authentication credential input and the at least one encrypted authentication credential (¶0094, If the distance between the embedding space representations of the user's iris image and the authorized user's one or more iris images is within a threshold value [“determine a distance”], for example the threshold value 132 determined by the eye authentication trainer 104, the classifier 616 of the eye authenticator 604 can indicate to the user device that the user's iris image is similar enough to the authorized user's iris image [analogous to “encrypted authentication credentials” and “authentication credential input”, see below regarding the encryption] in the embedding space such that the user should be authenticated as the authorized user; ¶0106, the transmission between the user device 808 a or 808 b [including eye authenticator “604” above, see ¶0100] and the computing system may be encrypted [“encrypted authentication credentials” and “authentication credential input” since they are the transmission b/t entities such as 804 and 808(a or b)] ). 
According to the citation above, the examiner asserts that the user's iris image and the authorized user's iris image are encrypted overall since Spizhevoy is completely silent as to decryption of the identification.
At the time of filing it would have been obvious for one of ordinary skill in the art to have modified the elements disclosed by App-851 with the teachings of Spizhevoy to determine a distance between the encrypted authentication credential input and the at least one encrypted authentication credential. One of ordinary skill in the art would have been motivated to make this modification because the user device can authenticate the user using the embedding space representation, the distance [or determine a distance], or the authentication determination received (¶0105). 
However, it does not explicitly teaches “output an array of values reflecting a probability of a match to at least one label for identification responsive to analyzing an encrypted authentication credential input.”
In a same field of endeavor, Kursun discloses the system, wherein output an array of values reflecting a probability of a match to at least one label for identification responsive to analyzing an encrypted authentication credential input (¶0067, the procedure 500 may further include deriving 520 multiple time-dependent authentication metrics based on the user-related data from the plurality of input sources, and applying 530 at least one of the derived multiple time-dependent authentication metrics [“output an array of values”] to a learning authentication engine configured to authenticate an authorized user [“analyzing an authentication credential input”] based on multiple inputs and correlations between at least some of the multiple inputs [“at least one label for identification”]).
it allows generating an authentication signal in response to a determination, by the learning authentication engine, that the derived multiple time dependent authentication metrics (and/or raw input data) [or “array of values reflecting a probability of a match”] correspond to the authorized user (¶0068).

As per independent claim 12, the scope of the claim is similar to that of claim 1 above. Accordingly, the claim is rejected using a similar rationale.
	
The dependent claims 2-11 and 13-20 inherit the deficiencies of respective the independent claim upon which they ultimate claim and are rejected as well.

Claim Rejections - 35 USC § 103
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.

Claims 1, 5, 6, 10-12, 16, 17, 19 and 20 are rejected under 35 U.S.C. 103 as being unpatentable over Spizhevoy et al. (US 20180018451 A1 hereinafter “Spizhevoy”) in view of Kursun (US 20180232508 A1).
Regarding claim 1, Spizhevoy discloses an authentication system for privacy-enabled authentication, the system comprising (FIG. 1, 6, 7 and 8, [the examiner asserts that eye authentication trainer may correspond to the eye authenticator 604 and 804 according to ¶0034, ¶0087 and 0093, ¶0100]): 
at least one processor operatively connected to a memory (FIG. 8; ¶0109, a hardware processor for executing instructions stored in a memory); 
a classification component (FIG. 6, eye authenticator 604 including the classifier 616) executed by the at least one processor, comprising at least a first deep neural network ("DNN"), the first DNN configured to (FIG. 1, 108; ¶0028, The embedding 108 can be a DNN; ¶0087, The embedding 608 can be the same as the embedding 108 [“DNN”] learned by the eye authentication trainer 104): 
accept encrypted authentication credentials, generated from a first neural network (¶0034, The eye authentication trainer 104 [including 108 or 608, see ¶0087 above] can utilize a deep neural network (DNN) 112 with a triplet network architecture [“first neural network”] to learn the embedding 108; ¶0093-0094, The eye authenticator 604 [including 108 or 608, see ¶0087 above] can implement the example process 700 for eye authentication. At block 708, a user's eye image is received. The classifier 616 of the eye authenticator 604, for example, can determine whether the user is an authorized user at block 720 [“accept authentication credentials”]; ¶0106, the transmission between the user device 808 a or 808 b [including eye authenticator “604” above, see ¶0100] and the computing system may be encrypted [“encrypted authentication credentials” since the credential is the transmission b/t entities such as 804 and 808(a or b)]); 
According to the citation above, the examiner asserts that the personal biometric identification, for example iris identification [or authentication credentials], is encrypted overall since Spizhevoy is completely silent as to decryption of the identification.
label inputs during the training (FIG. 6, eye authenticator 604; ¶0090, From the user's eye image 110 (or segmented iris image 614), the embedding 608 [“training”, see more details ¶0087-0088] can compute an embedding space representation of the user's eye image (EmbImg) 120 [“label inputs” such as EmbA 120a-EmbN 120n, See more details ¶0034-0046]. The classifier 616 can calculate a likelihood score of whether the user is an authorized user based on the embedding space representation 120 [“processing the encrypted authentication credentials and associated label inputs during the training”]; ¶0106, the transmission between the user device 808 a or 808 b [including eye authenticator “604” above, see ¶0100] and the computing system may be encrypted [“encrypted authentication credentials” since the credential is the transmission b/t entities such as 804 and 808 (a or b)]); 
wherein the classification component is further configured to (FIG. 6, 604 including 616): 
retrieve at least one encrypted authentication credential classified during training based on identification in the array of values (¶0093-0094, At block 716, the embedding 608 of the eye authenticator 604 can compute an embedding space representation of the user's iris image (or eye image). The embedding 608 can be trained using eye images [“training”]. Based on the embedding space representation of the user's iris image [analogous to “identification in the array of values”], the classifier 616 of the eye authenticator 604, for example, can determine whether the user is an authorized user at block 720 [“retrieve at least one encrypted authentication credential classified”]); 
determine a distance between the encrypted authentication credential input and the at least one encrypted authentication credential (¶0094, If the distance between the embedding space representations of the user's iris image and the authorized user's one or more iris images is within a threshold value [“determine a distance”], for example the threshold value 132 determined by the eye authentication trainer 104, the classifier 616 of the eye authenticator 604 can indicate to the user device that the user's iris image is similar enough to the authorized user's iris image in the embedding space such that the user should be authenticated as the authorized user); and 
return a distance match, responsive to determining the distance between the encrypted authentication credential input and the at least one encrypted authentication credential meets a threshold (¶0094, At block 728, the user device can grant or deny the user's access based on, for example, the classifier's determination at block 720 [“responsive to determining the distance”]. The process 700 ends at block 728).
Although Spizhevoy teaches a triplet loss layer 128 configured to compare the EmbA 120 a, the EmbP 120 p, and the EmbN 120 n (¶0041), it does not explicitly disclose “output an array of values reflecting a probability of a match to at least one label for identification responsive to analyzing an encrypted authentication credential input.”
In a same field of endeavor, Kursun discloses the system, wherein output an array of values reflecting a probability of a match to at least one label for identification responsive to analyzing an encrypted authentication credential input (¶0067, the procedure 500 may further include deriving 520 multiple time-dependent authentication metrics based on the user-related data from the plurality of input sources, and applying 530 at least one of the derived multiple time-dependent authentication metrics [“output an array of values”] to a learning authentication engine configured to authenticate an authorized user [“analyzing an authentication credential input”] based on multiple inputs and correlations between at least some of the multiple inputs [“at least one label for identification”]).
At the time of filing it would have been obvious for one of ordinary skill in the art to have modified the elements disclosed by Spizhevoy with the teachings of Kursun to output an array of values reflecting a probability of a match to at least one label for identification responsive to analyzing an encrypted authentication credential input. One of ordinary skill in the art would have been motivated to make this modification because it allows generating an authentication signal in response to a determination, by the learning authentication engine, that the derived multiple time dependent authentication metrics (and/or raw input data) [or “array of values reflecting a probability of a match”] correspond to the authorized user (¶0068).

Regarding claim 5, the combination of Spizhevoy and Kursun discloses the system of claim 1, wherein the at least one processor is configured to enroll authentication credentials and labels for subsequent authentication by the first DNN ([Spizhevoy: ¶0034] The embedding networks 124 a, 124 p, or 124 n can be deep neural networks [“DNN”]. The embedding networks 124 a, 124 p, or 124 n can map eye images from the eye image space into embedding space representations of the eye images in the embedding space. For example, the ENetworkA 124 a can map an ImgA 116 a into an EmbA 120 a. The ENetworkA 124 p can map an ImgP 116 p into an EmbP 120 p. The ENetworkN 124 n can map an ImgN 116 n into an EmbN 120 n [“authentication credentials and labels”]).

Regarding claim 6, the combination of Spizhevoy and Kursun discloses the system of claim 5, further comprising the first neural network configured to generate encrypted authentication credentials responsive to unencrypted input of authentication credentials ([Spizhevoy: ¶0106], the transmission between the user device 808 a or 808 b and the computing system may be encrypted. As another example, the transmission between the local processing module and the remote processing module may not be encrypted [“encryption authentication credentials responsive to unencrypted input” since the transmission or communication between modules within a local device is unencrypted. On the other hand, the transmission or communication between computing systems is encrypted]).

Regarding claim 10, the combination of Spizhevoy and Kursun discloses The system of claim 1, wherein the at least one processor is further configured to validate contemporaneous input of [Spizhevoy:¶0099] the user device 808 a or 808 b can include one image sensor (e.g., a digital camera) for capturing eye images of users, including eye images of authorized users [“configured to validate contemporaneous input”]; ¶0106, the transmission between the local processing module and the remote processing module may not be encrypted [“unencrypted authentication credentials” since captured eye images of users are transmitted within local modules]).

Regarding claim 11, the combination of Spizhevoy and Kursun discloses the system of claim 10, wherein the at least one processor is further configured to generate a liveness score based on a random set of candidate authentication instances ([Spizhevoy: ¶0090-0091] The embedding space representation of the user's eye image 120 can be an n-dimensional representation of the user's eye image 110 in an embedding space. The classifier 616 can calculate a likelihood score [“liveness score”] of whether the user is an authorized user based on the embedding space representation 120 [“a random set of candidate authentication instances”, see more details ¶0076-0079]. Based on the likelihood score, the classifier 616 can determine whether the user is an authorized user (e.g., based on the threshold 132 value)).

Regarding claim 12, Spizhevoy discloses a computer implemented method for privacy-enabled authentication with contemporaneous validation, the method comprising (FIG. 1, 6, 7 and 8, the examiner asserts that eye authentication trainer may correspond to the eye authenticator 604 according to ¶0034, ¶0087 and 0093, ¶0100; ¶0074, the eye authentication trainer 104 can train the DNN 112 with other biometric information at the same time or sequentially [“contemporaneous validation”]): 
accepting, by at least one processor, encrypted authentication credentials, generated from a first neural network (¶0034, The eye authentication trainer 104 [including 108 or 608, see ¶0087 below] can utilize a deep neural network (DNN) 112 with a triplet network architecture [“first neural network”] to learn the embedding 108; ¶0093-0094, The eye authenticator 604 [including 108 or 608, see ¶0087 below] can implement the example process 700 for eye authentication. At block 708, a user's eye image is received. The classifier 616 of the eye authenticator 604, for example, can determine whether the user is an authorized user at block 720 [“accept authentication credentials”]; ¶0106, the transmission between the user device 808 a or 808 b [including eye authenticator “604” above, see ¶0100] and the computing system may be encrypted [“encrypted authentication credentials” since the credential is the transmission b/t entities such as 804 and 808(a or b)]); 
According to the citation above, the examiner asserts that the personal biometric identification, for example iris identification [or authentication credentials], is encrypted overall since Spizhevoy is completely silent as to decryption of the identification.
classifying, by the at least one processor, the encrypted authentication credentials during training of a first deep neural network ("DNN") (FIG. 1, 108; ¶0028, The embedding 108 can be a DNN; ¶0087, The embedding 608 can be the same as the embedding 108 [“DNN”] learned by the eye authentication trainer 104), based on processing the encrypted authentication credentials and associated label inputs during the training (FIG. 6, eye authenticator 604; ¶0090, From the user's eye image 110 (or segmented iris image 614), the embedding 608 [“training”, see more details ¶0087-0088] can compute an embedding space representation of the user's eye image (EmbImg) 120 [“label inputs” such as EmbA 120a-EmbN 120n, See more details ¶0034-0046]. The classifier 616 can calculate a likelihood score of whether the user is an authorized user based on the embedding space representation 120 [“processing the encrypted authentication credentials and associated label inputs during the training”]; ¶0106, the transmission between the user device 808 a or 808 b [including eye authenticator “604” above, see ¶0100] and the computing system may be encrypted [“encrypted ” since the credential is the transmission b/t entities such as 804 and 808 (a or b)]); 
retrieving, by the at least one processor, at least one encrypted authentication credential classified during training based on identification in the array of values (¶0093-0094, At block 716, the embedding 608 of the eye authenticator 604 can compute an embedding space representation of the user's iris image (or eye image). The embedding 608 can be trained using eye images [“training”]. Based on the embedding space representation of the user's iris image [analogous to “identification in the array of values”], the classifier 616 of the eye authenticator 604, for example, can determine whether the user is an authorized user at block 720 [“retrieve at least one encrypted authentication credential classified”]); and 
determining, by the at least one processor, a distance between the encrypted authentication credential input and the at least one encrypted authentication credential (¶0094, If the distance between the embedding space representations of the user's iris image and the authorized user's one or more iris images is within a threshold value [“determine a distance”], for example the threshold value 132 determined by the eye authentication trainer 104, the classifier 616 of the eye authenticator 604 can indicate to the user device that the user's iris image is similar enough to the authorized user's iris image in the embedding space such that the user should be authenticated as the authorized user); and 
returning, by the at least one processor, a distance match, responsive to determining the distance between the encrypted authentication credential input and the at least one encrypted authentication credential meets a threshold (¶0094, At block 728, the user device can grant or deny the user's access based on, for example, the classifier's determination at block 720 [“responsive to determining the distance”]. The process 700 ends at block 728).

In a same field of endeavor, Kursun further discloses the method, wherein output an array of values reflecting a probability of a match to at least one label for identification responsive to analyzing the encrypted authentication credentials input (¶0067, the procedure 500 may further include deriving 520 multiple time-dependent authentication metrics based on the user-related data from the plurality of input sources, and applying 530 at least one of the derived multiple time-dependent authentication metrics [“output an array of values”] to a learning authentication engine configured to authenticate an authorized user [“analyzing an authentication credential input”] based on multiple inputs and correlations between at least some of the multiple inputs [“at least one label for identification”]).
At the time of filing it would have been obvious for one of ordinary skill in the art to have modified the elements disclosed by Spizhevoy with the teachings of Kursun to output an array of values reflecting a probability of a match to at least one label for identification responsive to analyzing the encrypted authentication credentials input. One of ordinary skill in the art would have been motivated to make this modification because it allows generating an authentication signal in response to a determination, by the learning authentication engine, that the derived multiple time dependent authentication metrics (and/or raw input data) [or “array of values reflecting a probability of a match”] correspond to the authorized user (¶0068).

Regarding claim 16, the scope of the claim is similar to that of claim 5. Accordingly, the claim is rejected using a similar rationale.

Regarding claim 17, the combination of Spizhevoy and Kursun discloses the method of claim 16, further comprising generating encrypted authentication credentials responsive to unencrypted input of authentication credentials to the first neural network ([Spizhevoy: ¶0107], The transmission of the updated embedding 108 [“input of authentication credentials to the first neural network”], the updated threshold value 128 in the updated embedding space, and/or the updated classifier 616 from the eye authentication training system 804 to the user device 808 a or 808 b may or may not be encrypted [“generating encrypted authentication credentials” and “unencrypted input of authentication credentials”]).

Regarding claim 19, the scope of the claim is similar to that of claim 10. Accordingly, the claim is rejected using a similar rationale.

Regarding claim 20, the scope of the claim is similar to that of claim 11. Accordingly, the claim is rejected using a similar rationale.


Claims 2-4, 7-9, 13-15 and 18 are rejected under 35 U.S.C. 103 as being unpatentable over Spizhevoy et al. (US 20180018451 A1 hereinafter “Spizhevoy”) in view of Kursun (US 20180232508 A1) as applied to claim 1 above, and further in view of Thampy (US 20190068627 A1 and provisional 62/551,159 hereinafter “Provisional”).
Regarding claim 2, the combination of Spizhevoy and Kursun teaches all features of the method of claim 1 except “the classification component is further configured to retrieve a group of authentication credentials classified during training based on identification of a group labels having the highest values for probability of match.”
¶0292-0293 or Provisional ¶0194-0195, At step 1806, mapping data may be generated for the activity related to one or more services. Each subset for an attribute [“a group of authentication credentials”] may be defined by an upper bound threshold value (e.g., a threshold for a highest value) for the attribute [“group labels having the highest values”], a lower bound threshold (e.g., a threshold for a lowest value) for the attribute, or a combination thereof. The subsets for mapping may be defined based on, without limitation, a user, a group of users, a service, or a provider [“a group of authentication credentials”, see ¶0290 or Provisional ¶0190, obtaining credential information for an account at step 1802]. The thresholds for each subset may be defined based on previous patterns or behavior with respect to an activity or use of a service by a user in an organization).
At the time of filing it would have been obvious for one of ordinary skill in the art to have modified the elements disclosed by Spizhevoy and Kursun with the teachings of Thampy to include the classification component that is further configured to retrieve a group of authentication credentials classified during training based on identification of a group labels having the highest values for probability of match. One of ordinary skill in the art would have been motivated to make this modification because the values of an attribute in time series data may be mapped to a value based on a subset in which the value falls. Each subset [or a group of authentication credentials] may be defined by a threshold (e.g., upper and lower thresholds) (¶0294 or Provisional ¶0196).

Regarding claim 3, the combination of Spizhevoy, Kursun and Thampy discloses the system of claim 2, wherein the classification component is further configured to determine a unknown result responsive to the distance determination not meeting the distance threshold and the probability of the [Spizhevoy] ¶0101, To authenticate a user, the eye authenticator 604 a or 604 b can determine the distance between the embedding space representation of the captured eye image in the embedding space [“determination not meeting the distance threshold”, if it fails to authenticate the user, the user is in “unknown result”] and the embedding space representations of an authorized user′ one or more eye images in the embedding space. If the distance between the embedding space representations of the user's eye image [“distance threshold”] and an authorized user's eye image is within the threshold value 128 [“meeting a threshold probability”], the eye authenticator 604 a or 604 b can consider the user's eye image to be similar enough to the authorized user's eye image such that the user should be authenticated as the authorized user [if it fails to authenticate the user, the user is in “unknown result”]).

Regarding claim 4, the combination of Spizhevoy and Kursun discloses all features of the method of claim 1 above. Although Spizhevoy teaches a biometric information such as an image of an eye of the authorized user, it does not explicitly disclose “the at least one processor is configured to build an authentication database including encrypted authentication credentials associated with identification labels.”
In a same field of endeavor, Thampy discloses the system of claim 1, wherein the at least one processor is configured to build an authentication database including encrypted authentication credentials associated with identification labels (¶0106-0108 or provisional 0067-0068, software defined security configuration data can include data describing roles that are defined for users, groups, and grouping of users; encryption keys [“database including encrypted authentication credentials”, see more details ¶0187 or provisional ¶0141 regarding “credentials can be encrypted at rest using encryption keys”]; tokens; access controls; permissions ; configurations; types of authentication policies; mobile access policies; and many other types of security controls [“labels”]. Authorization may be provided by a token (such as using the OAuth open standard for authorization) or by credentials (such as a username and password)).
At the time of filing it would have been obvious for one of ordinary skill in the art to have modified the elements disclosed by Spizhevoy and Kursun with the teachings of Thampy to build an authentication database including encrypted authentication credentials associated with identification labels. One of ordinary skill in the art would have been motivated to make this modification because a variety of encryption techniques [or database including encrypted authentication credentials], one skilled in the art will recognize that there are various other techniques, can be utilized in authorizing access to a cloud provider's system and data and securing registration information (¶0187 or provisional 0141).

Regarding claim 7, the combination of Spizhevoy and Kursun discloses all features of the method of claim 1 except “the at least one processor is configured to associate encrypted authentication credentials to labels in an authentication database.”
In a same field of endeavor, Thampy further discloses the system of claim 5, wherein the at least one processor is configured to associate encrypted authentication credentials to labels in an authentication database (¶0106-0108 or provisional 0067-0068, software defined security configuration data can include data describing roles that are defined for users, groups, and grouping of users; encryption keys [“encrypted authentication credentials”, see more details ¶0187 or provisional ¶0141 regarding “credentials can be encrypted at rest using encryption keys”]; tokens; access controls; permissions ; configurations; types of authentication policies; mobile access policies; and many other types of security controls. Authorization may be provided by a token (such as using the OAuth open standard for authorization) or by credentials (such as a username and password)).
a variety of encryption techniques [or database including encrypted authentication credentials], one skilled in the art will recognize that there are various other techniques, can be utilized in authorizing access to a cloud provider's system and data and securing registration information (¶0187 or provisional 0141).

Regarding claim 8, the combination of Spizhevoy, Kursun and Thampy discloses the system of claim 7, wherein the at least one processor is configured to validate a plurality of encrypted authentication credentials prior to use in training the first DNN ([Spizhevoy: 0093] At block 708, a user's eye image is received [“encrypted authentication credentials prior to use in training the first DNN”, the user's eye image is encrypted because  it is the transmission or communication between computing systems]. At block 716, the embedding 608 of the eye authenticator 604 can compute an embedding space representation of the user's iris image (or eye image). In some embodiments, the embedding 608 can be trained using eye images without iris segmentations (or some eye images and some iris images), while during authentication the embedding 608 computes an embedding space representation of the user's eye image).

Regarding claim 9, the combination of Spizhevoy, Kursun and Thampy discloses the system of claim 8, wherein the at least one processor is configured to reject training instances of authentication credentials that exceed a distance threshold ([Spizhevoy] ¶0050, The ability of the embedding 108 to distinguish unauthorized users [“reject training instances of authentication credentials”] and authorized users can be different in different implementations. For example, the false positive rate (FPR) of the embedding 108 can be 0.01%; and the true positive rate (TPR) of the embedding 108 can be 99.99% [“exceed a distance threshold”]).

Regarding claim 13, the scope of the claim is similar to that of claim 2. Accordingly, the claim is rejected using a similar rationale.
	
Regarding claim 14, the scope of the claim is similar to that of claim 3. Accordingly, the claim is rejected using a similar rationale.

Regarding claim 15, the combination of Spizhevoy and Kursun discloses all features of the method of claim 12 above. Although Spizhevoy teaches a biometric information such as an image of an eye of the authorized user, it does not explicitly disclose “building an authentication database including encrypted authentication credentials associated with identification labels during enrollment.”
In a same field of endeavor, Thampy discloses the method of claim 12, further comprising building an authentication database including encrypted authentication credentials associated with identification labels during enrollment (¶0090 or provisional ¶0052, the security monitoring and control system 402 may include an information handler system 438 (“info handler”) that is configured to obtain information about and/or related to usage of an application. A user can provide a list of users and their privileges when registering an application [“during enrollment”]. In some implementations, the information handler system 438 may periodically update the information; ¶0096, The system 500 may be implemented in a security monitoring and control system, such as is discussed above;¶0106-0108 or provisional 0067-0068, software defined security configuration data can include data describing roles that are defined for users, groups, and grouping of users; encryption keys [“database including encrypted authentication credentials”, see more details ¶0187 or provisional ¶0141 regarding “credentials can be encrypted at rest using encryption keys”]; tokens; access controls; permissions; configurations; types of authentication policies; mobile access policies; and many other types of security controls [“labels”]. Authorization may be provided by a token (such as using the OAuth open standard for authorization) or by credentials (such as a username and password)).
At the time of filing it would have been obvious for one of ordinary skill in the art to have modified the elements disclosed by Spizhevoy and Kursun with the teachings of Thampy to build an authentication database including encrypted authentication credentials associated with identification labels. One of ordinary skill in the art would have been motivated to make this modification because a variety of encryption techniques [or database including encrypted authentication credentials], one skilled in the art will recognize that there are various other techniques, can be utilize d in authorizing access to a cloud provider's system and data and securing registration information (¶0187 or provisional 0141).

Regarding claim 18, the scope of the claim is similar to that of claim 7. Accordingly, the claim is rejected using a similar rationale.
Conclusion
Any inquiry concerning this communication or earlier communications from the examiner should be directed to ANDREW SUH whose telephone number is (571)270-5524.  The examiner can normally be reached on campus 9:00 AM- 5:00 PM, alternate Friday.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.

Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system.  Status information for published applications may be obtained from either Private PAIR or Public PAIR.  Status information for unpublished applications is available through Private PAIR only.  For more information about the PAIR system, see https://ppair-my.uspto.gov/pair/PrivatePair. Should you have questions on access to the Private PAIR system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative or access to the automated information system, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.






/A.S./Examiner, Art Unit 2493                                                                                                                                                                                                        

/CHAU LE/Primary Examiner, Art Unit 2493