Notice of Pre-AIA  or AIA  Status
Claims 1-20 are presented for examination.

Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .

Double Patenting
The nonstatutory double patenting rejection is based on a judicially created doctrine grounded in public policy (a policy reflected in the statute) so as to prevent the unjustified or improper timewise extension of the “right to exclude” granted by a patent and to prevent possible harassment by multiple assignees. A nonstatutory double patenting rejection is appropriate where the conflicting claims are not identical, but at least one examined application claim is not patentably distinct from the reference claim(s) because the examined application claim is either anticipated by, or would have been obvious over, the reference claim(s). See, e.g., In re Berg, 140 F.3d 1428, 46 USPQ2d 1226 (Fed. Cir. 1998); In re Goodman, 11 F.3d 1046, 29 USPQ2d 2010 (Fed. Cir. 1993); In re Longi, 759 F.2d 887, 225 USPQ 645 (Fed. Cir. 1985); In re Van Ornum, 686 F.2d 937, 214 USPQ 761 (CCPA 1982); In re Vogel, 422 F.2d 438, 164 USPQ 619 (CCPA 1970); In re Thorington, 418 F.2d 528, 163 USPQ 644 (CCPA 1969).
A timely filed terminal disclaimer in compliance with 37 CFR 1.321(c) or 1.321(d) may be used to overcome an actual or provisional rejection based on nonstatutory double patenting provided the reference application or patent either is shown to be et seq. for applications not subject to examination under the first inventor to file provisions of the AIA . A terminal disclaimer must be signed in compliance with 37 CFR 1.321(b). 
The USPTO Internet website contains terminal disclaimer forms which may be used. Please visit www.uspto.gov/patent/patents-forms. The filing date of the application in which the form is filed determines what form (e.g., PTO/SB/25, PTO/SB/26, PTO/AIA /25, or PTO/AIA /26) should be used. A web-based eTerminal Disclaimer may be filled out completely online using web-screens. An eTerminal Disclaimer that meets all requirements is auto-processed and approved immediately upon submission. For more information about eTerminal Disclaimers, refer to www.uspto.gov/patents/process/file/efs/guidance/eTD-info-I.jsp.
Claims 1-20 are rejected on the ground of nonstatutory double patenting as being unpatentable over claims 1-21 of U.S. Patent No. 10,839,064. Although the claims at issue are not identical, they are not patentably distinct from each other because the claims in the issued patent anticipate the claims of the current application.

Claim Rejections - 35 USC § 103
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole 

Claims 1, 2, 5-7, 10, 11 and 16-18 are rejected under 35 U.S.C. 103 as being unpatentable over Gordon et al (US Publication No.2017/0318019), hereinafter Gordon, in view of Gordon et al (US Publication No.2017/0346817), hereinafter Gordon817.

Re Claim 1. Gordon discloses a method comprising: selecting, based on capabilities of a head-mounted device (i.e. FIG. 12 illustrates details of an example computing device 1200 that can be used to implement the gaze-based password techniques described herein. The computing device 1200 may be representative of any of the computing devices 108 in FIG. 12. The computing device 1200 in this example includes processor(s) 1202, computer-readable media 1204, sensor(s) 1206, input interface(s) 1208, and output interfaces(s) 1210 …………………………………………… In at least one example, the sensor(s) 1206 can be any device or combination of devices configured to sense conditions of a user or surroundings of the user. The sensor(s) 1206 include one or more user facing cameras 1206A or other sensors for tracking eye movement or gaze, facial expressions, pupil dilation and/or contraction, gestures, and/or other characteristics of the user. In some examples, the sensor(s) 1206 also include one or more outwardly facing or environmental cameras 1206B for capturing images of real-world objects and surroundings of the user. The sensor(s) 1206 may additionally or alternatively include one or more biometric sensors (e.g., a galvanic skin response sensor for measuring galvanic skin response, a heart rate monitor, a skin temperature sensor for measuring the temperature on the surface of the skin, an electroencephalography (EEG) device for measuring electrical activity of the brain, an electrocardiography (ECG or EKG) device for measuring electrical activity of the heart), one or more other cameras (e.g., web cameras, infrared cameras, depth cameras, etc.), microphones or other sound sensors for measuring a volume of speech, a rate of speech, etc., light sensors, optical scanners, or the like. Individual sensor(s) 1206 can output sensor data to corresponding sensor data collection module(s) 1214 for suitable processing. For instance, a user facing camera 1206A can capture gaze tracking data which may be processed by a corresponding sensor data collection module 1214 to determine one or more gaze targets and/or a gaze path of the user. The sensor data collection module 1214 may then output the gaze targets and/or gaze path to the gaze-based password module 1216 for use in establishing a gaze-based password for the user, or for authenticating the user) [Gordon, para.0106, 0111, Fig.12], a first type of graphical user interface (GUI) elements and a second type of GUI elements (i.e. In this example, the scene 400 comprises a multiple static photographs or other two-dimensional computer generated images 404. However, in other examples, the scene 400 may be dynamic (i.e., one or more objects or portions of the scene may be changing or animated as in the case of video)) [Gordon, para.0068, i.e. teaches selecting static type images and dynamic type images]; displaying, on a display of the head-mounted device [Gordon, para.0115, Fig.12, output interface 1210], the first type of GUI elements (i.e. FIG. 5 illustrates an example process of authenticating a user to access a computing resource using a gaze-based password with the scene 400. Continuing the example from FIG. 4, when the user next attempts to access the resource, as shown at 502A, the user may be presented with an authentication interface 500 including an authentication scene 504. In some examples, the authentication scene 504 may be the same as the scene 400 used to establish the gaze-based password. However, in the illustrated example, the authentication scene 504 is different than the scene 400 used to establish the gaze-based password. In this example, the authentication scene 502 includes the images 404(1)-404(12) from scene 400, but they are rearranged (e.g., randomly) into different rows and columns) [Gordon, para.0076]; receiving, by the head-mounted device, a first user selection of a first GUI element of the first type of GUI elements (i.e. As shown at 502B, the user's gaze may be tracked while the user is viewing the authentication scene 502 to obtain login gaze tracking data. The login gaze tracking data is represented in FIG. 5 by login path 508) [Gordon, para.0077]; 
 	Gordon does not explicitly disclose whereas Gordon817 does: displaying, on the display of the head-mounted device, the second type of GUI elements; receiving, by the head-mounted device, a second user selection of a second GUI element of the second type of GUI elements (i.e.  The stimuli may include photographs or other images, video, audio, text, and/or other stimuli. Where multiple stimuli are used, the stimuli may be of the same type (e.g., multiple images, or multiple audio clips, or multiple video clips) or different types (e.g., multiple stimuli including some images, some audio clips, and some videos)……………………………… If the computing device determines that additional stimuli are to be presented via the authentication interface, operations 1622-1628 may be repeated until no additional stimuli are to be presented via the authentication interface) [Gordon817, para.0189-0199]; and determining, based on the first user selection and the second user selection, whether to grant user access to a resource (i.e. At block 1630, the computing device compares the login data, including the user's gaze tracking data and the physiological data at the time(s) that the user is viewing the image(s) or other stimul(us/i) via the authentication interface, with the model. At block 1632, the computing device determines, based at least in part on the comparison at block 1630, whether the login data (e.g., login gaze tracking data and the measurement of the physiological condition of the user at the time that the user is viewing the image via the authentication interface) correlate with the model. If the login data is found to correlate with the model, at block 1634, the computing device authenticates the user to access the resource) [Gordon817, para.0200].  
	It would have been obvious to a person having ordinary skill in the art before the effective filing date of the invention to modify Gordon with Gordon817 in order to further increase security of the authentication by preventing a malicious user from learning an order of the stimuli [Gordon817, para.0060].

Re Claims 10 and 16. In a manner similar to the rejection of claim 1, Gordon in view of Gordon817 discloses the features of claims 10 and 16.
 
Re Claims 2 and 11. Gordon in view of Gordon817 discloses the features of claims 1 and 10, Gordon further discloses: wherein the first user selection is based on a first actuation of a physical button associated with the head-mounted device (i.e. For instance, the gaze-based password may be established using touch inputs (e.g., touch inputs on a touch screen) or gestures (e.g., gestures performed to point to or "touch" a virtual object) to set the gaze targets, in other examples either the password establishing phase or the authentication phase may be performed using other techniques) [Gordon, para.0046] and further discloses other embodiments physical control buttons: the input interface(s) 1208 can include a keyboard, keypad, mouse, microphone, touch sensor, touch screen, joystick, control buttons [Gordon, para.0114], 
Gordon in view of Gordon817 does not explicitly disclose: and the second user selection is based on a second actuation of the physical button associated with the head-mounted device. However, it would have been obvious to a person having ordinary skill in the art before the effective filing date of the invention to further modify Gordon to reach “the second user selection is based on a second actuation of the physical button associated with the head-mounted device” because actuating the physical button used to make the first selection yields the expected result of making a second selection.

Re Claims 5 and 17. Gordon in view of Gordon817 discloses the features of claims 1 and 16, Gordon further discloses: wherein the head-mounted device comprises a virtual reality headset or an augmented reality headset (i.e. the scene 700 is partially composed of the user's real-world surroundings 702. The computer generated scene 704 that is used to augment the user's real-world surroundings 702 may be selected to use for the gaze-based authentication) [Gordon, para.0086, 0030]. 

Re Claims 6 and 18. Gordon in view of Gordon817 discloses the features of claims 1 and 16, Gordon further discloses: wherein the resource comprises an application running on the head-mounted device (i.e. instead of being provided by the service provider 102, the resource to be accessed by the user 106 may be the computing device 108 itself or one of the applications 126 stored locally on the computing device) [Gordon, para.0054]. 

Re Claim 7. Gordon in view of Gordon817 discloses the features of claim 1, Gordon further discloses: wherein the resource comprises a device wirelessly connected to the head-mounted device (i.e. the computing devices 108 can communicatively couple to the network(s) 104 in any manner, such as by a wired or wireless connection (e.g., Ethernet, WiFi, Bluetooth, cellular data connection, etc.). The network(s) 104 can facilitate communication between the service provider 102 and the computing devices 108) [Gordon, para.0050-0051].   

Claims 3-4 and 12-13 are rejected under 35 U.S.C. 103 as being unpatentable over Gordon in view of Gordon817, as applied to claims 1 and 10, and in view of Reichlen (US Patent No. 6,396,497).

Re Claims 3 and 12. Gordon in view of Gordon817 discloses the features of claims 1 and 10, Gordon in view of Gordon817 does not explicitly disclose whereas Reichlen does: wherein the first user selection is based on a first eye blink captured by a camera associated with the head-mounted device, and the second user selection is based on a second eye blink captured by the camera associated with the head-mounted device (i.e.  If the eye detectors 135 detect a blink of the left eye by itself, step 268 generates the equivalent of a left mouse button click ………………………..If they detect a blink of the right eye by itself, step 272 generates a right mouse button) [Reichlen, col.20], [Gordon, para.0072 also discloses cameras to capture user’s eyes]. 
 	It would have been obvious to a person having ordinary skill in the art before the effective filing date of the invention to modify Gordon in view of Gordon817 with Reichlen because it enables a user of a see-through head mounted display …………….. to move and click the mouse cursor, all without the use of his or her hands, by head and eye movements [Reichlen, col.20].

Re Claims 4 and 13. Gordon in view of Gordon817 discloses the features of claims 1 and 10, Gordon further discloses: wherein the first user selection is based on a first [head] movement measured by one or more sensors associated with the head-mounted device, and the second user selection is based on a second [head] movement measured by the one or more sensors associated with the head-mounted device (i.e. in other examples either the password establishing phase or the authentication phase may be performed using other techniques. For instance, the gaze-based password may be established using touch inputs (e.g., touch inputs on a touch screen) or gestures) [Gordon, para.0046]. 
 	Gordon in view of Gordon817 does not explicitly disclose that the movement is specifically a head movement whereas Reichlen does: (i.e. The command interpreter shown in FIG. 16 used to control a head-mounted, see-through display could use input other than eye closings to control its operations. For example, in other embodiments eye ball direction, speech, head nods, or other body gestures could be used) [Reichlen, col.32]. 
	It would have been obvious to a person having ordinary skill in the art before the effective filing date of the invention to modify Gordon in view of Gordon817 with Reichlen because it enables a user of a see-through head mounted display …………….. to move and click the mouse cursor, all without the use of his or her hands, by head and eye movements [Reichlen, col.20].
 
Claims 8-9, 14-15 and 19-20 are rejected under 35 U.S.C. 103 as being unpatentable over Gordon in view of Gordon817, as applied to claims 1, 10 and 16, and in view of Norris et al (US Patent No. 10,540,492).

Re Claims 8, 14 and 19. Gordon in view of Gordon817 discloses the features of claims 1, 10 and 16, Gordon in view of Gordon817 does not explicitly disclose whereas Norris does: wherein the displaying the first type of GUI elements comprises displaying the first type of GUI elements in a first arrangement of a first shape (i.e. a visually distorted digital image of each pfragment (or just "pfragment-img"), is dynamically generated by use of irregular and visually challenging graphical patterns and properties, including font type, size, orientation, shape, border, colors, etc, which are also applicable to individual pfragment member elements. Additionally pfragment-imgs may be displayed in any combination of 2D or 3D angles of rotation, perspective, curvature, shape, and topological distortions such as pretzel like twists. Pfragment-imgs may also be displayed mapped on to the surfaces of 2D and 3D objects, seen in FIG. 7………….For example FIGS. 5A, 5B shows Latin1-group1 in various combinations of 3D rotation angles, still easily recognizable to humans, but difficult for robotic software to recognize. FIG. 5C illustrates a similar Latin1-group1 layout using 3D letters) [Norris, col.10, ll.32-54, Fig. 5A-5D, Fig. 7-8], and wherein the displaying the second type of GUI elements comprises displaying the second type of GUI elements in a second arrangement of a second shape different from the first shape (i.e. each time the password authorization process is presented, the exact pfragments can change, making the system much more difficult to spoof) [Norris, col.14], (i.e.  In an embodiment, optionally any or all discrete visual elements, including password elements or segments, and visual noise, decoys, etc. can animate in 2D or 3D orientations. The entire challenge visual display group can move, change shape) [Norris, col.12]. 
It would have been obvious to a person having ordinary skill in the art before the effective filing date of the invention to modify Gordon in view of Gordon817 with Norris because it permits far more variable, hidden, and complex set of verification data to be transmitted, making the basic password far more secure. So instead of just a simple password, complex password derived data is generated and transmitted, adding a layer of indirection which cloaks the password authentication process with additional significant security [Norris, col.6].

Re Claims 9, 15 and 20. Gordon in view of Gordon817 discloses the features of claims 1, 10 and 16, Gordon in view of Gordon817 does not explicitly disclose whereas Norris does: wherein the displaying the first type of GUI elements comprises displaying the first type of GUI elements at a first virtual depth (i.e. a visually distorted digital image of each pfragment (or just "pfragment-img"), is dynamically generated by use of irregular and visually challenging graphical patterns and properties, including font type, size, orientation, shape, border, colors, etc, which are also applicable to individual pfragment member elements. Additionally pfragment-imgs may be displayed in any combination of 2D or 3D angles of rotation, perspective, curvature, shape, and topological distortions such as pretzel like twists. Pfragment-imgs may also be displayed mapped on to the surfaces of 2D and 3D objects, seen in FIG. 7………….For example FIGS. 5A, 5B shows Latin1-group1 in various combinations of 3D rotation angles, still easily recognizable to humans, but difficult for robotic software to recognize. FIG. 5C illustrates a similar Latin1-group1 layout using 3D letters) [Norris, col.10, ll.32-54, Fig. 5A-5D, Fig. 7-8], and wherein the displaying the second type of GUI elements comprises displaying the second type of GUI elements at a second virtual depth (i.e. any or all discrete visual elements, including password elements or segments, and visual noise, decoys, etc. can animate in 2D or 3D orientations. The entire challenge visual display group can move, change shape, and animate for example in a 2D rotation. All the elements in the display area can also animate; thus for example password segments can move in snake like fashion, while changing position) [Norris, col.12],
It would have been obvious to a person having ordinary skill in the art before the effective filing date of the invention to modify Gordon in view of Gordon817 with Norris because it permits far more variable, hidden, and complex set of verification data to be transmitted, making the basic password far more secure. So instead of just a simple password, complex password derived data is generated and transmitted, adding a layer of indirection which cloaks the password authentication process with additional significant security [Norris, col.6].
 	Norris does not explicitly disclose specifically: the second virtual depth different from the first virtual depth, however it would have been obvious to a person having ordinary skill in the art before the effective filing date of the invention to modify Gordon in view of Norris to includes “the second virtual depth different from the first virtual depth” because Norris, as seen above, does teach different depths/3D perspectives and further teaches random screen location placements:  the invention dynamically obfuscates passwords by first generating random pfragments, then creating visually distorted pfragment images, which are further camouflaged by random screen location placement  [Norris, col.10]. Therefore randomly placing objects in a display that offers different 3D perspectives yields an expected result of the second virtual depth being different from the first virtual depth.

Prior art not relied upon includes:
Tungare (US Publication No.2015/0278492) teaches a method for user authentication in a device comprising a touch screen is provided. In operation, the device stores a user authentication code corresponding to a user. When a trigger for user authentication is detected, the device randomly selects one or more character positions in the sequence of characters. The device further requests the user to enter a character corresponding to each of the selected one or more character positions in the sequence of characters. When the device detects a user entry made using a keypad on the touch screen, the device determines whether the user entry matches a character corresponding to each of the selected one or more character positions. When the user entry matches a character corresponding to each of the selected one or more character positions in the sequence of characters, then the user is successfully authenticated to the device.

Sanft et al (US Publication No. 2013/0167225) describes A method for secure authentication is provided which includes having a user who wishes to gain access to a computer or computer network select from among a plurality of randomly displayed images, having different background colors, the correct image and background color which correspond to the user's computer account. In one advantageous form, in addition to selecting the correct image, the user must first enter a username and password. In an alternative form, if a user is seeking access to a computer network by using a preapproved access point or computer having an approved IP address, a user is allowed to gain access to the computer network without being prompted to select a correct image.

Conclusion
Any inquiry concerning this communication or earlier communications from the examiner should be directed to NOURA ZOUBAIR whose telephone number is (571)270-7285. The examiner can normally be reached Monday - Friday.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Kambiz Zand can be reached on 571-272-3811. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. Visit https://www.uspto.gov/patents/apply/patent-center for more information about Patent Center and https://www.uspto.gov/patents/docx for information about filing in DOCX format. For additional questions, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.





/NOURA ZOUBAIR/Primary Examiner, Art Unit 2434