Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .



DETAILED ACTION
Claim Rejections - 35 USC § 103

The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.

In the event the determination of the status of the application as subject to AIA  35 U.S.C. 102 and 103 (or as subject to pre-AIA  35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status.  

Claims 1 – 15 are rejected under 35 U.S.C. 103 as being unpatentable over Briceno (US Pub. No. 2014/0289833 A1) in view of British (EP2107757 A1).

Per claim 1, Briceno suggests a method comprising: authenticating (see Briceno Figure 4 blocks 404 and 405 and para 0096 – 0116), via an authentication server (see Briceno para 0092), a user using an authentication process (reads on authenticating a user, see Briceno Figure 4 blocks 404 and 405 and para 0096 – 0116); collecting (reads on collecting relevant biometric and environmental data to user authentication, see Briceno para 0396 and 0399 – 0400), via the authentication server (see Briceno para 0092), orthogonal factors about the user during the authentication process (reads on user authentication via a combination of fingerprint authentication, facial recognition, voice recognition, retinal scanning and/or various other types of explicit user authentication techniques, see Briceno para 0396 and 0399); computing (reads on calculating assurance level based on collected data, see Briceno Figure 4 block 409 and para 0097, 0396 and 0398), via the authentication server (see Briceno para 0092), an assurance score based on (reads on calculating assurance level based on collected data, see Briceno Figure 4 block 409 and para 0396 and 0398) the collected orthogonal factors (reads on the collected relevant biometric and environmental data to user authentication, see Briceno para 0097, 0396 and 0399 – 0400); generating (reads on transmitting the authentication response comprising the calculated/measured assurance level to the relying party after successful authentication, see Briceno para 0096, 0097, 0099 and Figure 4 blocks 405 and 420), an authentication assertion including the assurance score upon a successful user authentication (reads on transmitting the authentication response comprising the calculated/measured assurance level to the relying party after successful authentication, see Briceno para 0096, 0097, 0099 and Figure 4 blocks 405 and 420); providing the authentication assertion including the assurance score (reads on transmitting the 


    PNG
    media_image1.png
    558
    867
    media_image1.png
    Greyscale




[0389] In one embodiment, after the a user provides valid authentication (e.g., swipes a finger on the fingerprint sensor), the client device identifies the user and generates a token (cryptographic signature) with the transaction details (e.g., the displayed text) and a random challenge provided from the relying party (e.g., the token may be a signature over the transaction details and a nonce). This allows the relying party 3650 ensure that the transaction details have not been modified between the server and the client. In one embodiment, the application 3704 sends the generated token and username to the relying party, which then identifies the user with the username and verifies the token. If verification succeeds, a confirmation message is sent to the client and the transaction is processed.


[0391] Returning to FIG. 37, in one embodiment, authentication may be performed via an authentication engine 3710 on the client devices 3600-3602 designed to perform a series of transactions with the relying party 3650 to remotely authenticate each user. For example, as described in the co-pending applications an authentication framework and associated authentication techniques may be employed in which a user enrolls with biometric devices 3720-3721 of a client to generate biometric template data (e.g., by swiping a finger, snapping a picture, recording a voice, etc); registers the biometric devices with one or more relying parties 3650 over a network (e.g., Websites or other relying parties equipped with secure transaction services); and subsequently authenticates with those relying parties 3650 using data exchanged during the registration process (e.g., encryption keys provisioned into the biometric devices). In one embodiment, "registration" with relying parties includes exchanging symmetric or asymmetric keys with the relying party for each user authentication device 3720-3721 and storing the keys within a secure storage 3725 associated with each authentication devices 3720-3721. A secure key provisioning protocol such as the Dynamic Symmetric Key Provisioning Protocol (DSKPP) may be used to share keys with the client over a secure communication channel (see, e.g., Request for Comments (RFC) 6063). However, the underlying principles of the invention are not limited to any particular key provisioning protocol.

[0392] During the authentication phase, the keys are used, for example, to generate signatures, verify signatures, and/or encrypt communication between the clients 3600-3602 and the relying party 3650. Once authenticated, the user is permitted to perform one or more online transactions. In addition, in one embodiment, sensitive information such as fingerprint data and other data which may uniquely identify the user may be retained locally on the user's client device (e.g., smartphone, notebook computer, etc) to protect the user's privacy.

[0393] In one embodiment, the authentication engine 110 includes an assurance level calculation module 3706 for calculating an assurance level corresponding to a likelihood that the legitimate user is in possession of the client device 100. It may then use this assurance level to determine whether the relying party 3650 should authorize a current transaction. In one embodiment, the relying party 3650 may specify the level of assurance required for a given transaction. For example, for a financial transaction involving the transfer of a significant amount of money, the relying party 3650 may require a relatively higher assurance level than, for example, a transaction involving no exchange of money or mere access to a user information.

[0394] In one embodiment, the assurance level calculation module 106 transmits the assurance level (e.g., specified as a value, percentage, code, etc) to the relying party 3650, without disclosing any confidential user information, thereby protecting the user's privacy. In another embodiment, the assurance level calculation module 3706 knows the assurance level required for the current transaction, determines whether the assurance level is sufficiently high, and transmits an indication of whether the transaction is permitted or denied to the relying party 3650 (without disclosing the user's private information to the relying party 3650).

[0395] In one embodiment, the communication between the client devices 3600-3602 and relying party 3650 is secured via a secure communication module 3713, which may encrypt outgoing communication using a first key and decrypt incoming communication using a second key. In a symmetric key encryption scheme the first and second keys are the 

[0396] In one embodiment, the assurance level calculation module 3706 determines the assurance level based, at least in part, on current user authentication results 3705 which may include the results of a current or recent explicit user authentication via one or more explicit user authentication devices 3720-3721. This may include, for example, fingerprint authentication via a fingerprint device, facial recognition authentication via a camera and facial recognition hardware/software, voice recognition via a microphone and voice recognition hardware/software, retinal scanning using a camera and associated hardware/software, a password/PIN entry by the end user via a keypad, and/or various other types of explicit user authentication devices and/or techniques.

[0397] In one embodiment, the secure storage 3725 cryptographically protects the biometric reference data records for each user authentication device 3720-3721 (e.g., wrapping the data using a symmetric key to make the storage 3725 secure). While the secure storage 3725 is illustrated outside of the secure perimeter of the authentication device(s) 3720-3721, in one embodiment, each authentication device 3720-3721 may have its own integrated secure storage to cryptographically protect the biometric reference data records.

[0398] In addition to explicit user authentication, one embodiment of the authentication engine 3710 performs non-intrusive authentication by collecting data from sensors 3743 to be used by the assurance calculation module 3706 to generate the assurance level. By way of example, the sensors 3743 may include location sensors such as GPS sensors to indicate a current location of the user. If the client devices 3600-3602 are in an expected location such as the known vicinity (e.g., a "home" or "office" location), then this increases the likelihood that the user is the legitimate user. By contrast, if the GPS reading indicates that the user is not at an expected location, then this indicates that the user initiating the transaction is not the legitimate user. Thus, in one embodiment, the assurance calculation module 3706 will increase the assurance level if the user is in an expected location and decrease the assurance level if the user is in an unexpected location.

[0399] Various additional sensors 3743 such as temperature sensors, humidity sensors and accelerometers may be used to collect data relevant to user authentication. For example, the temperature/humidity sensors may provide a current temperature/humidity which may be compared against the known temperature/humidity for the location specified by the location sensor. If the values are significantly different, then this may indicate that the client devices 3600-3602 are being spoofed. The comparison of the asserted location and the temperature/humidity may be done at a remote server such as the secure transaction server(s) used by the relying party 3650. In another embodiment, accelerometers on the device may be used to measure the gait of the user and compare these measurements against the known gait of the user. If the gaits match (within a specified threshold), then this increases the likelihood that the legitimate user is in possession of the client device 3600-3602.

[0400] Another non-intrusive authentication technique comprises measuring an amount of time which has elapsed since the last successful user authentication. For example, if the user has very recently performed an explicit user authentication (e.g., swiping a finger on a fingerprint reader just a few minutes earlier), then this will tend to indicate that the legitimate user is still in possession of the client device (thereby resulting in a high baseline assurance level). By contrast, if the last explicit authentication has been several hours or several days earlier, then a new explicit user authentication may be required to reach an acceptable assurance level.

The prior art of record is silent on explicitly stating generating, via the authentication server, an authentication assertion including the assurance score upon a successful user authentication. 
British suggests 
generating (reads on the identity provider issues an authentication assertion that includes a level of assurance indication which the user can present to service provider computers in order to authenticate, see British para 0015 and 0032), via the authentication server (reads on an identity provider, see British para 0015 and 0032), an authentication assertion including the assurance score upon a successful user authentication  (reads on the identity provider issues an authentication assertion that includes a level of assurance indication which the user can present to service provider computers in order to authenticate, see British para 0015 and 0032). 
Before the effective filing date of the invention it would have been obvious to one of ordinary skill in the art to modify the assertion and entitlement decision teachings of the prior art of record by integrating the ability to have the identity provider generate the 

Per claim 12, the prior art of record further suggests providing the authentication assertion including the assurance score (reads on transmitting the authentication response comprising the calculated/measured assurance level to the relying party after successful 
Per claim 13, the prior art of record further suggests enabling (reads on the relying party enabling the accessing of an email account but not the transferring of a significant amount of money, see Briceno para 0338), via the first authentication consumer (reads on a relying party with secure transaction services, see Briceno para 
Per claim 14, the prior art of record further suggests wherein authenticating the user comprises authenticating the user using a pass or fail authentication process (reads on transmitting an indication of whether the transaction is permitted or denied, see Briceno para 0393-0394).
Per claim 15, the prior art of record further suggests wherein collecting orthogonal factors about the user during the authentication process comprises collecting patterns in the user’s body movement that vary from previously learned body movements 
Claim 1 the system comprising an authentication server (see British Figure 1 block 20); and an authentication consumer (see British Figure 1 block 12) is analyzed with respect to claim 11.
Claim 2 is analyzed with respect to claim 13.
Per claim 3, the prior art of record further suggests wherein the authentication server (reads on an identity provider, see British para 0015 and 0032) stores the authentication assertion including the assurance score (reads on the identity provider issues the assertion and assurance indication, see British para 0015 and 0032), and wherein the authentication consumer (reads on a relying party with secure transaction services, see Briceno para 0008, 0093 and Figure 4 block 420) retrieves (reads on the relying party/service provider asks for the assertion and assurance indication which The Examiner construes to be obvious based on the prior art’s teaching of the assertion and assurance being transmitted to the relying party. One of ordinary skill in the art would consider it obvious for the transmission to either be a push or a pull transaction because those are the conventional ways in which data is transmitted, see British para 0015 and 0032 and Briceno para 0100, 0378) the authentication assertion including the assurance score (reads on an authentication assertion that includes a level of assurance indication which the user can present to service provider computers in order to authenticate, see British para 0015 and 0032) from the authentication server (reads on an identity provider, see British para 0015 and 0032) in response to receiving a request from the user (reads in 
Per claim 4, the prior art of record further suggests wherein the authentication server (reads on an identity provider, see British para 0015 and 0032) provides the authentication assertion including the assurance score to the user (reads on an authentication assertion that includes a level of assurance indication which the user can present to service provider computers in order to authenticate, see British para 0015 and 0032), and wherein the user provides the authentication assertion including the assurance score to the authentication consumer (reads on an authentication assertion that includes a level of assurance indication which the user can present to service provider computers in order to authenticate, see British para 0015 and 0032).
Claim 5 is analyzed with respect to claim 15.
Claim 6 the system comprising a machine-readable storage medium storing instructions (see Briceno para 0565) and patterns (see Briceno para 0399); and a processor (see Briceno para 0565 – 0568) is analyzed with respect to claim 11. Claim 7 is analyzed with respect to claim 11.
Claim 8 is analyzed with respect to claim 11.
Claim 9 is analyzed with respect to claim 15.
Claim 10 is analyzed with respect to claim 15.

Conclusion

If attempts to reach the examiner by telephone are unsuccessful, the examiner's Supervisor, Ashok Patel can be reached on (571) 272-3972.  The fax phone number for the organization where this application or proceeding is assigned is 703-872-9306.  Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system.  Status information for published applications may be obtained from either Private PAIR or Public PAIR.  Status information for unpublished applications is available through Private PAIR only.  For more information about the PAIR system, see http://pair-direct.uspto.gov. Should you have questions on access to the Private PAIR system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free).
/BRIAN F SHAW/Primary Examiner, Art Unit 2491