DETAILED ACTION
Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .
This Office Action is in response to the Amendment filed on 9/9/2021.
In the instant Amendment, claims 1, 4, 5, 9, 12, 13 and 17 have been amended; claims 1, 9 and 17 are independent claims. Claims 1-20 have been examined and are pending. This Action is made Final. 
The examiner notes the IDS filed on 11/2/2021 has been considered. 

Response to Arguments
Applicant arguments filed on 9/9/2021 with respect to 35 U.S.C. 103, have been fully considered but they are not persuasive.
Applicant Argues: The amendments to claims 1, 9 and 17 generally recite that the trusted device is separate from the networked device (i.e., the networked device can be a server whereas the trusted device can be a portable computer or a smartphone) and communicative with the control device and the networked device. As such, the present versions of the claims are distinguished from any proper combination of the cited references as explained below.
Examiner’s Response: The examiner respectfully disagrees.  The examiner notes that Kyllonen discloses that the trusted device is separate from the networked device (i.e., the networked device can be a server whereas the trusted device can be a portable computer or a smartphone) and communicative with the control device and the networked device.  More specifically, in [0017] Kyllonen, describes that a mobile electronic device and a locking 
Applicant Argues: The rejections of the claims are based on several points which are inconsistent with the present versions of the claims. For example, in Kyllonen, the locking mechanism 132 is awakened by the application on the mobile electronic device being opened. By contrast, in the claimed invention, the control device is “awakened” by the presentation of credentials by the user to the control device.
Examiner’s Response: The examiner respectfully disagrees.  The examiner notes that the combination of Kyllonen in view of Kwak teach the aforementioned limitation.  More specifically: Kyllonen agrees that that the locking mechanism 132 is awakened by the application on the mobile electronic device being opened as noted by Applicant.  However the examiner sought to combine Kwak to teach the concept of [authentication] ... responsive to a presentation of credentials by the user to the control device in a request for access to the secured resource ([0061] - The lock controller 520 may selectively release the door lock 500 according to a relief command transmitted from the video phone 400 and the home network server and when the visitor is authorized by successful authentication using the visitor's smart communicator 700.... The authentication sensor 540 can communicate with the visitor's smart communicator 700 through a wireless local area communication when the visitor approaches the door lock 500, or the authentication sensor 540 can recognize a communication module such as an Identification (IC) chip or a Radio Frequency identification (RFID) tag, when the smart communicator contacts the authentication sensor 540, so as to receive the information for authentication from the visitor's smart communication).  Based on such a teaching the examiner concluded that one of ordinary skill in the art would have been motivated to combine the teachings of Kwak to Kyllonen to have the teachings Kwak (i.e., presentation of credentials by the user to the control device) to be included as part of the awakening routing of Kyllonen; thus producing a combination that teaches the aforementioned amended features; therefore the examiner finds this argument not persuasive.  
Applicant Argues: As another example, while the application on the mobile electronic device can be used to take a photograph of the user, the authentication of the user happens at the server. Again, this stands in contrast to the claimed invention in which authentication is executed by the trusted device of the user and an indication of authentication is then sent from the trusted device to the networked device.
Examiner’s Response: The examiner notes this argument is moot as the claims have been amended to recite such a similar teaching, see Claim 17; thus requiring new grounds of rejection (i.e., affirmative indication).   The examiner further notes Claim 1, at best, recites the network device is receptive of the authentication and   Claim 9, at best, and recites the networked device is receptive of a positive or negative indication of the authentication of the user from the trusted device.  The examiner notes receptive of authentication and a positive indication of authentication can broadly read on the transmission of the facial recognition picture using the mobile electronic device.   The examiner suggests for better clarify to positively recite receptive to authentication and positive and/or negative indication are signals generated by the “mobile application” executing on the mobile device (i.e., see Claim 4/5) and as argued by Applicant.

As to the rejections of claims 4, 5, 12 and 13, it is noted that these claims have been amended to recite that the trusted device includes a portable computing device or a smartphone of the user which is communicative with the control device and the networked device and which is configured to execute an authentication application to authenticate the user and to send an affirmative identification signal to the networked device upon the user being authenticated. These features clearly find support in the as-filed specification and are missing from any combination of the cited references... That is, while Chao mentions the use of a smartphone as a badge or the like, Chao alone or in combination with Kyllonen/Kwak is entirely silent as to a smartphone being communicative with a control device and a networked device and/or a smartphone executing an authentication application and sending an affirmative identification signal as claimed.an affirmative identification signal to the networked device upon the user being authenticated. These features clearly find support in the as-filed specification and are missing from any combination of the cited references.
Examiner’s Response: The examiner notes this argument is moot as the claims have been amended to recite such a teaching; thus requiring new grounds of rejection.








Claim Interpretation
The following is a quotation of 35 U.S.C. 112(f):
(f) Element in Claim for a Combination. – An element in a claim for a combination may be expressed as a means or step for performing a specified function without the recital of structure, material, or acts in support thereof, and such claim shall be construed to cover the corresponding structure, material, or acts described in the specification and equivalents thereof. 

The following is a quotation of pre-AIA  35 U.S.C. 112, sixth paragraph:
An element in a claim for a combination may be expressed as a means or step for performing a specified function without the recital of structure, material, or acts in support thereof, and such claim shall be construed to cover the corresponding structure, material, or acts described in the specification and equivalents thereof.

The claims in this application are given their broadest reasonable interpretation using the plain meaning of the claim language in light of the specification as it would be understood by one of ordinary skill in the art.  The broadest reasonable interpretation of a claim element (also commonly referred to as a claim limitation) is limited by the description in the specification when 35 U.S.C. 112(f) or pre-AIA  35 U.S.C. 112, sixth paragraph, is invoked. 
As explained in MPEP § 2181, subsection I, claim limitations that meet the following three-prong test will be interpreted under 35 U.S.C. 112(f) or pre-AIA  35 U.S.C. 112, sixth paragraph:
(A)	the claim limitation uses the term “means” or “step” or a term used as a substitute for “means” that is a generic placeholder (also called a nonce term or a non-structural term having no specific structural meaning) for performing the claimed function; 
(B)	the term “means” or “step” or the generic placeholder is modified by functional language, typically, but not always linked by the transition word “for” (e.g., “means for”) or another linking word or phrase, such as “configured to” or “so that”; and 

Use of the word “means” (or “step”) in a claim with functional language creates a rebuttable presumption that the claim limitation is to be treated in accordance with 35 U.S.C. 112(f) or pre-AIA  35 U.S.C. 112, sixth paragraph. The presumption that the claim limitation is interpreted under 35 U.S.C. 112(f) or pre-AIA  35 U.S.C. 112, sixth paragraph, is rebutted when the claim limitation recites sufficient structure, material, or acts to entirely perform the recited function. 
Absence of the word “means” (or “step”) in a claim creates a rebuttable presumption that the claim limitation is not to be treated in accordance with 35 U.S.C. 112(f) or pre-AIA  35 U.S.C. 112, sixth paragraph. The presumption that the claim limitation is not interpreted under 35 U.S.C. 112(f) or pre-AIA  35 U.S.C. 112, sixth paragraph, is rebutted when the claim limitation recites function without reciting sufficient structure, material or acts to entirely perform the recited function. 
Claim limitations in this application that use the word “means” (or “step”) are being interpreted under 35 U.S.C. 112(f) or pre-AIA  35 U.S.C. 112, sixth paragraph, except as otherwise indicated in an Office action. Conversely, claim limitations in this application that do not use the word “means” (or “step”) are not being interpreted under 35 U.S.C. 112(f) or pre-AIA  35 U.S.C. 112, sixth paragraph, except as otherwise indicated in an Office action.
This application includes one or more claim limitations that do not use the word “means,” but are nonetheless being interpreted under 35 U.S.C. 112(f) or pre-AIA  35 U.S.C. 112, sixth paragraph, because the claim limitation(s) uses a generic placeholder that is coupled with functional language without reciting sufficient structure to perform the recited function and the a control device” and “a networked device” in claim 1 and 9.
Because this/these claim limitation(s) is/are being interpreted under 35 U.S.C. 112(f) or pre-AIA  35 U.S.C. 112, sixth paragraph, it/they is/are being interpreted to cover the corresponding structure described in the specification as performing the claimed function, and equivalents thereof.
If applicant does not intend to have this/these limitation(s) interpreted under 35 U.S.C. 112(f) or pre-AIA  35 U.S.C. 112, sixth paragraph, applicant may:  (1) amend the claim limitation(s) to avoid it/them being interpreted under 35 U.S.C. 112(f) or pre-AIA  35 U.S.C. 112, sixth paragraph (e.g., by reciting sufficient structure to perform the claimed function); or (2) present a sufficient showing that the claim limitation(s) recite(s) sufficient structure to perform the claimed function so as to avoid it/them being interpreted under 35 U.S.C. 112(f) or pre-AIA  35 U.S.C. 112, sixth paragraph.










Claim Rejections - 35 USC § 103
In the event the determination of the status of the application as subject to AIA  35 U.S.C. 102 and 103 (or as subject to pre-AIA  35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status.  
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.

This application currently names joint inventors. In considering patentability of the claims the examiner presumes that the subject matter of the various claims was commonly owned as of the effective filing date of the claimed invention(s) absent any evidence to the contrary.  Applicant is advised of the obligation under 37 CFR 1.56 to point out the inventor and effective filing dates of each claim that was not commonly owned as of the effective filing date of the later invention in order for the examiner to consider the applicability of 35 U.S.C. 102(b)(2)(C) for any potential 35 U.S.C. 102(a)(2) prior art against the later invention.
Claims 1-3, 7-11, and 15-16 is/are rejected under 35 U.S.C. 103 as being unpatentable over Kyllonen (US 2017/0289147 A1) in view of Kwak (US 2007/0216764 A1).

Regarding Claim 1;
Kyllonen teaches an access control system, comprising:
a control device disposed to restrict access to a secured resource (FIG. 2 and [0017] – locking mechanism); and 
FIG. 2 and server and [0018] – server... transmitted to the locking mechanism... ), 
wherein: 
the networked device requests authentication of a user from a trusted device of the user responsive to [waking up of] the control device in a request for access to the secured resource ([0017] - FIG. 2 illustrates a method 200 for performing access authentication. Prior to attempting to gain access and/or entry to a restricted space, a user, e.g., user 114, opens an application on a mobile electronic device, e.g., mobile electronic device 110. A locking mechanism, e.g., locking mechanism 132, is awakened and communicates with the mobile device. With the application on the mobile electronic device on, server, e.g., server 104, requests a picture of the user attempting to gain access. As shown in box 202, the user takes a facial recognition picture, e.g., facial recognition picture 112, using the mobile electronic device), the credentials are associated with access rights of the user ([0017]-[0018] – facial recognition... personal identification number (i.e., credentials associated with access rights)) the trusted device being separate from the networked device ([0017] – mobile electronic device... server), communicative with the control device and the network device and configured to execute an authentication application to authenticate the user ([0017] – With the application on the mobile electronic device on, server, e.g., server 104, requests a picture of the user attempting to gain access.),
the networked device is receptive of the authentication ([0018] - The server receives the transmitted facial recognition picture, as shown in box 206. With reference to boxes 108, 210 and 212, respectively, a processor, e.g, processor 106, of the authentication server then compares the facial recognition picture to a plurality of stored facial recognition pictures. In addition, the processor compares the facial recognition picture to an identifier of the mobile electronic device. Further, the processor compares the transmitted facial recognition picture to an identifier of the restricted space. As shown in boxes 214 and 216, respectively, if comparisons return positive identification, authorization is transmitted to the locking mechanism of the restricted space and in turn the user gains access to the restricted space. If comparisons made by the processor return an invalid verification, then the user receives a notice that the user authentication has failed, as shown in box 220. In this manner the system and method for access authentication verifies in real time not only the user attempting to gain access but also matches the user with the mobile electronic device to provide additional security to the restricted space), and 
the control device permits a level of access to the secured resource in accordance with the access rights upon the reception of the authentication ([0018] - As shown in boxes 214 and 216, respectively, if comparisons return positive identification, authorization is transmitted to the locking mechanism of the restricted space and in turn the user gains access to the restricted space).
Kyllonen fails to explicitly disclose ... responsive to a presentation of credentials by the user to the control device in a request for access to the secured resource.
However, in an analogous art, Kwak teaches [authentication] ... responsive to a presentation of credentials by the user to the control device in a request for access to the secured resource ([0061] - The lock controller 520 may selectively release the door lock 500 according to a relief command transmitted from the video phone 400 and the home network server and when the visitor is authorized by successful authentication using the visitor's smart communicator 700.... The authentication sensor 540 can communicate with the visitor's smart communicator 700 through a wireless local area communication when the visitor approaches the door lock 500, or the authentication sensor 540 can recognize a communication module such as an Identification (IC) chip or a Radio Frequency identification (RFID) tag, when the smart communicator contacts the authentication sensor 540, so as to receive the information for authentication from the visitor's smart communication).
Therefore, it would have been obvious before the effective filing date of the claimed invention to combine the teachings of Kwak to the waking up of Kyllonen to include responsive to a presentation of credentials by the user to the control device in a request for access to the secured resource [as part of the waking up].
One would have been motivated to combine the teachings of Kwak to Kyllonen to do so as it provides / allows an intelligent authentication system/method by monitoring and remotely controlling (Kwak, [0016]-[0017]).

Regarding Claim 2;
Kyllonen and Kwak discloses the system to Claim 1.
Kyllonen further discloses wherein the control device comprises a door lock ([0017] – Locking Mechanism and [0018]).

Regarding Claim 3;
Kyllonen and Kwak discloses the system to Claim 1.
Kyllonen further discloses wherein the networked device comprises a server ([0017] – Server).
Regarding Claim 7;
Kyllonen and Kwak discloses the system to Claim 1.
Kyllonen further discloses wherein the authentication is alphanumeric or biometric ([0017]-[0018] – facial recognition... personal identification number (i.e., credentials associated with access rights)).

Regarding Claim 8;
Kyllonen and Kwak discloses the system to Claim 1.
Kyllonen further discloses wherein data relating to authentication of the user is stored remotely from the control and networked devices (FIG. 1 and FIG. 2 and [0015] - In addition, a social media account database 122, e.g., Facebook, can be searched to verify user identification. The social medial account database 122 can be used the first time the user attempts to gain access ... user and [0027]).  

Regarding Claim 9;
Kyllonen teaches an access control system, comprising:
a control device, which is disposed to restrict access to a secured resource (FIG. 2 and [0017] – A Locking mechanism);; and 
a networked device, which is disposed in signal communication with the control device and configured to distribute an authentication application to a trusted device of a user to whom credentials for access rights are granted ([0017] - FIG. 2 illustrates a method 200 for performing access authentication. Prior to attempting to gain access and/or entry to a restricted space, a user, e.g., user 114, opens an application on a mobile electronic device, e.g., mobile electronic device 110. A locking mechanism, e.g., locking mechanism 132, is awakened and communicates with the mobile device. With the application on the mobile electronic device on, server, e.g., server 104, requests a picture of the user attempting to gain access. As shown in box 202, the user takes a facial recognition picture, e.g., facial recognition picture 112, using the mobile electronic device and [0022]-[0023] - The program code may execute entirely on the user's computer, partly on the user's computer, as a stand-alone software package, partly on the user's computer and partly on a remote computer or entirely on the remote computer or server. In the latter scenario, the remote computer may be connected to the user's computer through any type of network, including a local area network (LAN) or a wide area network (WAN), or the connection may be made to an external computer (for example, through the Internet using an Internet Service Provider).);
wherein: 
the trusted device being separate from the networked device and is communicative qwith the control device and the networked device ([0017] – With the application on the mobile electronic device on, server, e.g., server 104, requests a picture of the user attempting to gain access.),
the networked device requests that the trusted device authenticate the user by executing the authentication application in response to [awakening] the control device in a request for access to the secured resource ([0017] - FIG. 2 illustrates a method 200 for performing access authentication. Prior to attempting to gain access and/or entry to a restricted space, a user, e.g., user 114, opens an application on a mobile electronic device, e.g., mobile electronic device 110. A locking mechanism, e.g., locking mechanism 132, is awakened and communicates with the mobile device. With the application on the mobile electronic device on, server, e.g., server 104, requests a picture of the user attempting to gain access. As shown in box 202, the user takes a facial recognition picture, e.g., facial recognition picture 112, using the mobile electronic device);, 
the networked device is receptive of a positive or negative indication of the authentication of the user from the trusted device ([0018] - The server receives the transmitted facial recognition picture, as shown in box 206. With reference to boxes 108, 210 and 212, respectively, a processor, e.g, processor 106, of the authentication server then compares the facial recognition picture to a plurality of stored facial recognition pictures. In addition, the processor compares the facial recognition picture to an identifier of the mobile electronic device. Further, the processor compares the transmitted facial recognition picture to an identifier of the restricted space. As shown in boxes 214 and 216, respectively, if comparisons return positive identification, authorization is transmitted to the locking mechanism of the restricted space and in turn the user gains access to the restricted space. If comparisons made by the processor return an invalid verification, then the user receives a notice that the user authentication has failed, as shown in box 220. In this manner the system and method for access authentication verifies in real time not only the user attempting to gain access but also matches the user with the mobile electronic device to provide additional security to the restricted space), and 
the control device permits a level of access to the secured resource in accordance with the access rights upon the reception of the positive indication of the authentication by the networked device ([0061] - The lock controller 520 may selectively release the door lock 500 according to a relief command transmitted from the video phone 400 and the home network server and when the visitor is authorized by successful authentication using the visitor's smart communicator 700.... The authentication sensor 540 can communicate with the visitor's smart communicator 700 through a wireless local area communication when the visitor approaches the door lock 500, or the authentication sensor 540 can recognize a communication module such as an Identification (IC) chip or a Radio Frequency identification (RFID) tag, when the smart communicator contacts the authentication sensor 540, so as to receive the information for authentication from the visitor's smart communication).
Kyllonen fails to explicitly disclose ... response to a presentation of the credentials to the control device in a request for access to the secured resource
However, in an analogous art, Kwak teaches [authentication] ... response to a presentation of the credentials to the control device in a request for access to the secured resource ([0061] - The lock controller 520 may selectively release the door lock 500 according to a relief command transmitted from the video phone 400 and the home network server and when the visitor is authorized by successful authentication using the visitor's smart communicator 700.... The authentication sensor 540 can communicate with the visitor's smart communicator 700 through a wireless local area communication when the visitor approaches the door lock 500, or the authentication sensor 540 can recognize a communication module such as an Identification (IC) chip or a Radio Frequency identification (RFID) tag, when the smart communicator contacts the authentication sensor 540, so as to receive the information for authentication from the visitor's smart communication).
Therefore, it would have been obvious before the effective filing date of the claimed invention to combine the teachings of Kwak to the waking up of Kyllonen to include response to a presentation of the credentials to the control device in a request for access to the secured resource [as part of the waking up].
 (Kwak, [0016]-[0017]).

Regarding Claim 10;
Kyllonen and Kwak discloses the system to Claim 9.
Kyllonen further discloses wherein the control device comprises a door lock ([0017] – Locking Mechanism and [0018])

Regarding Claim 11;
Kyllonen and Kwak discloses the system to Claim 9.
Kyllonen further discloses wherein the networked device comprises a server ([0017] – Server).

Regarding Claim 15;
Kyllonen and Kwak discloses the system to Claim 9.
Kyllonen further discloses wherein the authentication is alphanumeric or biometric ([0017]-[0018] – facial recognition... personal identification number (i.e., credentials associated with access rights)).




Regarding Claim 16;
Kyllonen and Kwak discloses the system to Claim 15.
Kyllonen further discloses wherein data relating to authentication of the user is stored remotely from the control and networked devices (FIG. 1 and FIG. 2 and [0015] - In addition, a social media account database 122, e.g., Facebook, can be searched to verify user identification. The social medial account database 122 can be used the first time the user attempts to gain access ... user and [0027]).  


Claims 4, 5, 12, 13, 17, 19, and 20 is/are rejected under 35 U.S.C. 103 as being unpatentable over Kyllonen (US 2017/0289147 A1) in view of Kwak (US 2007/0216764 A1) and further in view of Fukami (US 2018/0174076 A1).

Regarding Claim 4;
Kyllonen and Kwak discloses the system to Claim 1.
Kyllonen further discloses wherein the trusted device comprises a portable computing device ([0017] – mobile electronic device)
	Kyllonen and Kwak fail to explicit disclose ... a portable computing device configured to execute the authentication application to authenticate the user and to send an affirmative identification signal to the networked device upon the user being authenticated as the authentication. 
	However, in an analogous art, Fukami teaches [comprises] ... a portable computing device configured to execute the authentication application to authenticate the user and to send (Fukami, [0007]-[0008] and [0020] - The present invention consists of a mobile device application (10) or “app” configured to run on the mobile device of a user wishing to use the shared workspace. The app (10) is configured to connect to a server (35) via conventional wireless means, such as WiFi and/or Bluetooth™. The app (10) also facilitates the creation of a user profile for the user, which is preferably linked to the ID of the mobile device of the user, such as the IMEI, MAC address, or SIM number of the mobile device of the user. This serves as a first form of authentication of access to the shared work space, which verifies that the mobile device is in the hands of the owner or authorized user of the mobile device via biometric fingerprint identification and [0045] - During the unlocking procedure for the lock (20), the mobile device of the user conveys an unlock/authentication signal to the server (35) via to a control panel, which relays the unlock signal to the lock (20)).
Therefore, it would have been obvious before the effective filing date of the claimed invention to combine the teachings of Fukami to the trusted device of Kyllonen and Kwak to include [comprises] ... a portable computing device configured to execute the authentication application to authenticate the user and to send an affirmative identification signal to the networked device upon the user being authenticated as the authentication
One would have been motivated to combine the teachings of Fukami to Kyllonen and Kwak to do so as it provides conveying information to be authenticated to bring about a result. (Fukami, [0001]).



Regarding Claim 5;
Kyllonen and Kwak discloses the system to Claim 1.
Kyllonen further discloses wherein the trusted device comprises a portable computing device ([0017] – mobile electronic device)
	Kyllonen and Kwak fail to explicit disclose [comprises] ...a smart phone configured to execute the authentication application to authenticate the user and to send an affirmative identification signal to the networked device upon the user being authenticated as the authentication. 
	However, in an analogous art, Fukami teaches [comprises] a smart phone configured to execute the authentication application to authenticate the user and to send an affirmative identification signal to the networked device upon the user being authenticated as the authentication (Fukami, Abstract – smartphone and [0007]-[0008] and [0020] - The present invention consists of a mobile device application (10) or “app” configured to run on the mobile device of a user wishing to use the shared workspace. The app (10) is configured to connect to a server (35) via conventional wireless means, such as WiFi and/or Bluetooth™. The app (10) also facilitates the creation of a user profile for the user, which is preferably linked to the ID of the mobile device of the user, such as the IMEI, MAC address, or SIM number of the mobile device of the user. This serves as a first form of authentication of access to the shared work space, which verifies that the mobile device is in the hands of the owner or authorized user of the mobile device via biometric fingerprint identification and [0045] - During the unlocking procedure for the lock (20), the mobile device of the user conveys an unlock/authentication signal to the server (35) via to a control panel, which relays the unlock signal to the lock (20)).

One would have been motivated to combine the teachings of Fukami to Kyllonen and Kwak to do so as it provides conveying information to be authenticated to bring about a result. (Fukami, [0001]).

Regarding Claim 12-13; claim(s) 12-13 is/are directed to a/an system associated with the a similar system claimed in claim(s) 4-5. Claim(s) 12-13 is/are similar in scope to claim(s) 4-5, and is/are therefore rejected under similar rationale.

Regarding Claim 17;
Kyllonen discloses a method of operating an access control system, the method comprising:
 [awakening], at a control device disposed to restrict access to a secured resource (FIG. 2 and [0017] – prior to attempting to gain access and/or entry to a restricted space... locking mechanism); 
recognizing ... a user ([0017] - FIG. 2 illustrates a method 200 for performing access authentication. Prior to attempting to gain access and/or entry to a restricted space, a user, e.g., user 114, opens an application on a mobile electronic device, e.g., mobile electronic device 110. A locking mechanism, e.g., locking mechanism 132, is awakened and communicates with the mobile device. With the application on the mobile electronic device on, server, e.g., server 104, requests a picture of the user attempting to gain access. As shown in box 202, the user takes a facial recognition picture, e.g., facial recognition picture 112, using the mobile electronic device), the credentials are associated with access rights of the user ([0017]-[0018] – facial recognition... personal identification number (i.e., credentials associated with access rights)). 
requesting, by a networked device, an authentication of the user from a trusted device which is separate from the networked device and communicative with the control device and the networked device ([0017] - FIG. 2 illustrates a method 200 for performing access authentication. Prior to attempting to gain access and/or entry to a restricted space, a user, e.g., user 114, opens an application on a mobile electronic device, e.g., mobile electronic device 110. A locking mechanism, e.g., locking mechanism 132, is awakened and communicates with the mobile device. With the application on the mobile electronic device on, server, e.g., server 104, requests a picture of the user attempting to gain access. As shown in box 202, the user takes a facial recognition picture, e.g., facial recognition picture 112, using the mobile electronic device), the credentials are associated with access rights of the user ([0017]-[0018] – facial recognition... personal identification number (i.e., credentials associated with access rights)); and 
permitting a level of access to the secured resource in accordance with the access rights upon reception of the authentication ([0018] - The server receives the transmitted facial recognition picture, as shown in box 206. With reference to boxes 108, 210 and 212, respectively, a processor, e.g, processor 106, of the authentication server then compares the facial recognition picture to a plurality of stored facial recognition pictures. In addition, the processor compares the facial recognition picture to an identifier of the mobile electronic device. Further, the processor compares the transmitted facial recognition picture to an identifier of the restricted space. As shown in boxes 214 and 216, respectively, if comparisons return positive identification, authorization is transmitted to the locking mechanism of the restricted space and in turn the user gains access to the restricted space. If comparisons made by the processor return an invalid verification, then the user receives a notice that the user authentication has failed, as shown in box 220. In this manner the system and method for access authentication verifies in real time not only the user attempting to gain access but also matches the user with the mobile electronic device to provide additional security to the restricted space
Kyllonen fails to explicitly disclose receiving... a presentation of credentials in a request for access to the secured resource and recognizing that the credentials are associated with access rights of a user and permitting a level of access to the secured resource ... upon reception of an affirmative indication of the authentication from the trusted device by the networked device.
However, in an analogous art, Kwak teaches receiving... a presentation of credentials in a request for access to the secured resource and recognizing that the credentials are associated with access rights of a user. ([0061] - The lock controller 520 may selectively release the door lock 500 according to a relief command transmitted from the video phone 400 and the home network server and when the visitor is authorized by successful authentication using the visitor's smart communicator 700.... The authentication sensor 540 can communicate with the visitor's smart communicator 700 through a wireless local area communication when the visitor approaches the door lock 500, or the authentication sensor 540 can recognize a communication module such as an Identification (IC) chip or a Radio Frequency identification (RFID) tag, when the smart communicator contacts the authentication sensor 540, so as to receive the information for authentication from the visitor's smart communication).

One would have been motivated to combine the teachings of Kwak to Kyllonen to do so as it provides / allows an intelligent authentication system/method by monitoring and remotely controlling (Kwak, [0016]-[0017]).
However, in an analogous art, Fukami teaches 
permitting a level of access to the secured resource ... upon reception of an affirmative indication of the authentication from the trusted device by the networked device(Fukami, [0007]-[0008] and [0020] - The present invention consists of a mobile device application (10) or “app” configured to run on the mobile device of a user wishing to use the shared workspace. The app (10) is configured to connect to a server (35) via conventional wireless means, such as WiFi and/or Bluetooth™. The app (10) also facilitates the creation of a user profile for the user, which is preferably linked to the ID of the mobile device of the user, such as the IMEI, MAC address, or SIM number of the mobile device of the user. This serves as a first form of authentication of access to the shared work space, which verifies that the mobile device is in the hands of the owner or authorized user of the mobile device via biometric fingerprint identification and [0045] - During the unlocking procedure for the lock (20), the mobile device of the user conveys an unlock/authentication signal to the server (35) via to a control panel, which relays the unlock signal to the lock (20)).
Therefore, it would have been obvious before the effective filing date of the claimed invention to combine the teachings of Fukami to the trusted device of Kyllonen and Kwak to 
One would have been motivated to combine the teachings of Fukami to Kyllonen and Kwak to do so as it provides conveying information to be authenticated to bring about a result. (Fukami, [0001]).

Regarding Claim 19;
Kyllonen and Kwak Fukami and discloses the method of Claim 17
Kyllonen further discloses further comprising distributing an authentication application to the trusted device ([0017] - FIG. 2 illustrates a method 200 for performing access authentication. Prior to attempting to gain access and/or entry to a restricted space, a user, e.g., user 114, opens an application on a mobile electronic device, e.g., mobile electronic device 110. A locking mechanism, e.g., locking mechanism 132, is awakened and communicates with the mobile device. With the application on the mobile electronic device on, server, e.g., server 104, requests a picture of the user attempting to gain access. As shown in box 202, the user takes a facial recognition picture, e.g., facial recognition picture 112, using the mobile electronic device and [0022]-[0023] - The program code may execute entirely on the user's computer, partly on the user's computer, as a stand-alone software package, partly on the user's computer and partly on a remote computer or entirely on the remote computer or server. In the latter scenario, the remote computer may be connected to the user's computer through any type of network, including a local area network (LAN) or a wide area network (WAN), or the connection may be made to an external computer (for example, through the Internet using an Internet Service Provider).).
Regarding Claim 20
Kyllonen and Kwak and Fukami discloses the method to Claim 19.
Kyllonen further discloses wherein: the authentication application requires alphanumeric or biometric authentication ([0017]-[0018] – facial recognition... personal identification number (i.e., credentials associated with access rights)), and data relating to the alphanumeric or biometric authentication is stored remotely from the access control system (FIG. 1 and FIG. 2 and [0015] - In addition, a social media account database 122, e.g., Facebook, can be searched to verify user identification. The social medial account database 122 can be used the first time the user attempts to gain access ... user and [0027]).  

Claims 6 and 14 is/are rejected under 35 U.S.C. 103 as being unpatentable over Kyllonen (US 2017/0289147 A1) in view of Kwak (US 2007/0216764 A1) and further in view of Chao et al. (US 9,058,702 B2).

Regarding Claim 6;
Kyllonen and Kwak discloses the system to Claim 1.
Kyllonen and Kwak fail to explicitly disclose wherein the credentials are presentable as a card or badge.
However, in an analogous art, Chao teaches wherein the credentials are presentable as a card or badge. (Chao, col. 1, lines 13-20 - Many locations are protected by location access systems. Such systems often use key cards or badges with near field communication module to provide secure access to the secure location. Integration of near field communication modules as part of a smart phone may enable a phone to function as a badge to allow access to a secure location, and to provide secure location assistance and maps only while the user is within the secure location.) 
Therefore, it would have been obvious before the effective filing date of the claimed invention to combine the teachings of Chao to credentials of Kyllonen and Kwak to include wherein the credentials are presentable as a card or badge.
One would have been motivated to combine the teachings of Chao to Kyllonen and Kwak to do so as it provides secured access to a secure locations (Chao, col. 1, lines 13-20).

Regarding Claim 14; claim(s) 14 is/are directed to a/an system associated with the a similar system claimed in claim(s) 6. Claim(s) 14 is/are similar in scope to claim(s) 6, and is/are therefore rejected under similar rationale.

Claims 18 is/are rejected under 35 U.S.C. 103 as being unpatentable over Kyllonen (US 2017/0289147 A1) in view of Kwak (US 2007/0216764 A1) and Fukami (US 2018/0174076 A1) and further in view of Chao et al. (US 9,058,702 B2).

Regarding Claim 18;
	Kyllonen and Kwak and Fukami discloses the method to Claim 17.
Kyllonen and Kwak and Fukami fail to explicitly disclose further comprising issuing the credentials to the user.
However, in an analogous art, Chao teaches further comprising issuing the credentials to the user . (Chao, col. 1, lines 13-20 - Many locations are protected by location access systems. Such systems often use key cards or badges with near field communication module to provide secure access to the secure location. Integration of near field communication modules as part of a smart phone may enable a phone to function as a badge to allow access to a secure location, and to provide secure location assistance and maps only while the user is within the secure location.)  As reasonably constructed a key card or badge is a form of an issued credential to a user. 
Therefore, it would have been obvious before the effective filing date of the claimed invention to combine the teachings of Chao to credentials of Kyllonen and Kwak and Fukami to include further comprising issuing the credentials to the user.
One would have been motivated to combine the teachings of Chao to Kyllonen and Kwak and Fukami to do so as it provides secured access to a secure locations (Chao, col. 1, lines 13-20).

Conclusion
THIS ACTION IS MADE FINAL.  Applicant is reminded of the extension of time policy as set forth in 37 CFR 1.136(a).  
A shortened statutory period for reply to this final action is set to expire THREE MONTHS from the mailing date of this action.  In the event a first reply is filed within TWO MONTHS of the mailing date of this final action and the advisory action is not mailed until after the end of the THREE-MONTH shortened statutory period, then the shortened statutory period will expire on the date the advisory action is mailed, and any extension fee pursuant to 37 CFR 1.136(a) will be calculated from the mailing date of the advisory action.  In no event, 
Any inquiry concerning this communication or earlier communications from the examiner should be directed to KARI L SCHMIDT whose telephone number is (571)270-1385. The examiner can normally be reached Monday-Friday 10am - 6pm (MDT).
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Luu Pham can be reached on (571)270-5002. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. Visit https://www.uspto.gov/patents/apply/patent-center for more information about Patent Center and https://www.uspto.gov/patents/docx for information about filing in DOCX format. For additional questions, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.





/KARI L SCHMIDT/Primary Examiner, Art Unit 2439