DETAILED ACTION
Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .

Response to Amendment
This is in response to the amendments filed on 11/05/2021. Claims 1, 2, and 6 have been amended. Claims 4 and 5 are canceled, and claims 8-11 are newly added. Claims 1-3, and 6-11 are currently pending and have been considered below. However, newly submitted claims 8-11 are directed to an invention that is independent or distinct from the invention originally claimed for the reasons as will be discussed below. Accordingly, claims 8-11 are withdrawn from consideration as being directed to a non-elected invention. 

Response to Arguments
Applicant’s arguments, see pages 5-6, filed 11/05/2021, with respect to the rejections of claims 5 and 6 under 35 U.S.C. 112(b) have been fully considered and are persuasive.  The rejection has been withdrawn. 
Applicant’s arguments, see pages 6-7, filed 11/05/2021, with respect to the rejections of claims 1 and 3-7 under 35 U.S.C. 101 have been fully considered and are persuasive.  The rejection has been withdrawn. 
Applicant’s arguments, see pages 7-10, filed 11/05/2021, with respect to the rejections of claims 1-7 under 35 U.S.C. 103, have been considered but are moot because the arguments do not apply to a reference being used in the current rejection.
Applicant’s arguments, see pages 10-11, filed 11/05/2021, with respect to the rejections of claims 8-11 under 35 U.S.C. 103, have been considered but are moot because claims 8-11 

Election/Restrictions
Newly submitted claims 8-11 are directed to an invention that is independent or distinct from the invention originally claimed for the following reasons: 
Invention I. Claims 1-3, and 6-7 (previously claimed claims), drawn to an authentication device configured to select and restrict authentication methods and display a notification when a security level is lowered, classified in H04N 1/4406; 
Invention II. Claims 8-11 (newly added claims), drawn to an authentication device configured to limit (add or remove) function of a device according to authentication methods, classified in H04N 1/4433.
The inventions are independent or distinct, each from the other because:
Inventions I and II are directed to related an apparatus. The related inventions are distinct if: (1) the inventions as claimed are either not capable of use together or can have a materially different design, mode of operation, function, or effect; (2) the inventions do not overlap in scope, i.e., are mutually exclusive; and (3) the inventions as claimed are not obvious variants.  See MPEP § 806.05(j). In the instant case, the inventions as claimed have a different mode of operation, function, or effect because Invention I discloses an authentication device of which processes are configured to select and restrict authentication methods and display a notification when a security level is lowered, while Invention II
Restriction for examination purposes as indicated is proper because all the inventions listed in this action are independent or distinct for the reasons given above and there would be a serious search and/or examination burden if restriction were not required because one or more of the following reasons apply:
The inventions require a different field of search (e.g., searching different classes/subclasses and electronic resources along with employing difference search strategies and search queries).
Since applicant has received an action on the merits for the originally presented invention, this invention has been constructively elected by original presentation for prosecution on the merits.  Accordingly, claims 8-11 are withdrawn from consideration as being directed to a non-elected invention.  See 37 CFR 1.142(b) and MPEP § 821.03.
Should applicant traverse on the ground that the inventions are not patentably distinct, applicant should submit evidence or identify such evidence now of record showing the inventions to be obvious variants or clearly admit on the record that this is the case. In either instance, if the examiner finds one of the inventions unpatentable over the prior art, the evidence or admission may be used in a rejection under 35 U.S.C. 103 or pre-AIA  35 U.S.C. 103(a) of the other invention.

Claim Rejections - 35 USC § 103
In the event the determination of the status of the application as subject to AIA  35 U.S.C. 102 and 103 (or as subject to pre-AIA  35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status.  
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:



Claims 1-3, 6, and 7 are rejected under 35 U.S.C. 103 as being unpatentable over Oguma (US 2011/0228311 A1; hereinafter, “Oguma”) in view of Meister (US 2006/0242691 A1; hereinafter, “Meister”), and further in view of Shimoda et al. (US2005/0259976 A1; hereinafter, “Shimoda”).

Regarding claim 1:
Oguma teaches:
A user authentication device (FIG. 1 & para. [0011]: The present disclosure relates to an image forming system and an image forming method that may collectively support readers having a plurality of output data formats and also collectively set the authentication methods on a large number of image forming apparatuses. --- It is noted that an image forming system in FIG. 1 teaches a user authentication device) comprising: 
a user authentication setter that enables or disables a predetermined plurality of authentication methods (para. [0072]: The MFP 1A according to the second embodiment further includes a storage device 28 that stores authentication setting data 28 a. … The authentication setting data 28a is data that specifies the authentication method permitted on the MFP 1A. For example, the authentication setting data 28 a specifies one or more methods from among a plurality of authentication methods including a first authentication method based on the text inputs of the user ID and the password, a second authentication method based on the ID card, and a third authentication method based on the ID card and the text input of the password; para. [0078]: The user-manager server device 3 according to the second embodiment further includes an authentication setting unit 64 and a master data editing unit 65; para. [0097]: As illustrated in FIG. 10, current setting values of the master authentication setting data are displayed on the edit screen. … Pairs of radio buttons for selecting “enable/disable” in the edit operation are displayed as the operation section.--- It is noted that an authentication setting unit 64 and a master data editing unit 65 teaches a user authentication setter; Fig. 10 teaches enables or disables a predetermined plurality of authentication methods; User ID+Password, Card ID, Card ID+password teaches a predetermined plurality of authentication methods); 
a user authenticator that accepts user authentication by the authentication method that the user authentication setter enables (para. [0050]: The user authentication processing unit 62 performs authentication of the logged-in users to the MFPs 1A and 1B by using the local user data 52 and/or the local group data 53. It should be noted that the user authentication processing unit 62 may cause an authentication server device 4 in FIG. 4 to perform the authentication of the logged-in users to the MFPs 1A and/or 1B by using the user data 91 a and/or the group data 91 b in a directory database 91 via the network interface 42; para. [0087]: If the input data is (b) the read data (card ID) of the ID card, when the authentication based on the ID card is permitted by the master authentication setting data 54, the user authentication processing unit 62 references a conversion table (not illustrated) stored in the storage device 41 to convert the card ID into the user ID and the password (Step S40). --- It is noted that the user authentication processing unit 62 teaches a user authenticator; when the authentication based on the ID card is permitted, the user authentication processing unit 62 references a conversion table, which teaches accepts user authentication by the authentication method that the user authentication setter enables); 
a display that displays various information to the user (Fig. 2 & para. [0030]: a display device 21 a that displays various kinds of information);
(Fig. 3 & para. [0042]: a processor 43; Fig. 4 & para. [0056]: processor 73); and 
a computer-readable medium storing instructions that, when executed by the processor (para. [0056]: implements various processing units by loading a program stored in the ROM or the storage device 71 into the RAM and causing the CPU to execute the program), cause the processor to control the user authentication setter, the user authenticator, and the display (para. [0037]: The control device 26 is a device that controls respective units in the MFP 1A and performs data processing; para. [0040]: Further, when a login operation occurs, the control unit 33 receives the read data from the reader 27, uses the network communication unit 32 to transmit the received read data without converting a format, and requests a user authentication, the authorization information, and the like from the user-manager server device 3. In the first embodiment, data type information that indicates a data format of the read data is transmitted with the read data; para. [0041]: The determination unit 34 is a processing unit that specifies, based on the authorization information corresponding to the logged-in user received from the user-manager server device 3 via the network interface 23 and the network communication unit 32, which function or functions the logged-in user is permitted to use or is prohibited from using from among the functions that the MFP 1A provides. The determination unit 34 stores data indicating permitted functions in a location such as the RAM; para. [0048]: The processor 43 implements a network communication unit 61, a user authentication processing unit 62, and an authorization processing unit 63; para. [0084]: the control unit 33 displays the login screen. --- It is noted that the control device 26 and processor 43 teaches a controller; the control device 26 and processor 43 controls user authentication and authentication setting as illustrated in Figs. 6 and 7, which teaches controls the user authentication setter and the user authenticator; the control unit 33 displays the login screen teaches control the display), 
(para. [0097]: FIG. 10 is a diagram illustrating an example of the edit screen for the master authentication setting data displayed on the terminal device 5 illustrated in FIG. 1. As illustrated in FIG. 10, current setting values of the master authentication setting data are displayed on the edit screen. Further, an operation section displayed on the edit screen causes an edit operation to be performed on the setting values to specify whether or not the respective authentication methods can be used. When there is a user operation (that is, edit operation) performed via the operation section, the user operation is detected by an input device (not illustrated) (Step S24). Pairs of radio buttons for selecting “enable/disable” in the edit operation are displayed as the operation section. --- It is noted that Fig. 10 show that an authentication method can be enabled by selecting it among the plurality of authentication methods, that is, User ID+Password, Card ID, Card ID+password, which teaches the user authentication setter accepts a setting that enables a … authentication method among the plurality of authentication methods), the processor controls the user authentication setter to disable … authentication methods … (para. [0097]: FIG. 10 is a diagram illustrating an example of the edit screen for the master authentication setting data displayed on the terminal device 5 illustrated in FIG. 1. As illustrated in FIG. 10, current setting values of the master authentication setting data are displayed on the edit screen. Further, an operation section displayed on the edit screen causes an edit operation to be performed on the setting values to specify whether or not the respective authentication methods can be used. When there is a user operation (that is, edit operation) performed via the operation section, the user operation is detected by an input device (not illustrated) (Step S24). Pairs of radio buttons for selecting “enable/disable” in the edit operation are displayed as the operation section. --- It is noted that Fig. 10 show that an authentication method can be disabled by selecting it among the plurality of authentication methods, which teaches the processor controls the user authentication setter to disable authentication methods), and the user authenticator accepts only user authentication by the … authentication method (para. [0074]: Further, in the second embodiment, by using the network communication unit 32, the control unit 33 transmits an authentication setting request to the user-manager server device 3 at an initialization processing, receives master authentication setting data from the user-manager server device 3, and permits only the authentication method specified by the master authentication setting data as a user authentication method to be performed upon login; para. [0079]: Further, when receiving the authentication setting request from the MFPs 1A and/or 1B, the authentication setting unit 64 identifies the authentication method that can be used on the MFPs 1A and/or 1B at that time; para. [0087]: If the input data is (b) the read data (card ID) of the ID card, when the authentication based on the ID card is permitted by the master authentication setting data 54, the user authentication processing unit 62 references a conversion table (not illustrated) stored in the storage device 41 to convert the card ID into the user ID and the password (Step S40) --- It is noted that permits only the authentication method specified by the master authentication setting data as a user authentication method to be performed upon login, which teaches the user authenticator accepts only user authentication by the authentication method); and 
...
Oguma is silent about:
wherein, when … a setting … enables a single authentication method among the plurality of authentication methods, … controls … to disable all authentication methods other than the single authentication method, and … accepts only … the single authentication method; and
wherein a degree of a security level of each of the plurality of authentication methods is predetermined, and when an input portion accepts an input to enable an authentication method with a security level lower than a security level of a currently enabled authentication method, the 
Meister, in the same field of endeavor, teaches:
wherein, when … a setting … enables a single authentication method among the plurality of authentication methods, … controls … to disable all authentication methods other than the single authentication method, and … accepts only … the single authentication method (para. [0024]: Further, it will hereinafter be assumed that the chip card 20 supports two authentication methods, namely a PIN check as a knowledge-based, low-quality method, and a fingerprint check as a biometric, higher-quality method; para. [0028]: If authentication of the user 30 is to be knowledge-based, i.e. effected by input of a PIN, the chip card 20 disables the further possible authentication methods, i.e. the fingerprint check, step 112, and asks the user 30 via the display device 16 to enter his PIN via the input means 18; para. [0033]: If the check in step 110 shows that authentication of the user 30 is not to be knowledge-based but biometric, the terminal 14 initiates authentication against presentation of a biometric feature and makes a corresponding report to the chip card 20, step 130. The chip card 20 thereupon disables the further authentication methods not used, i.e. the knowledge-based PIN check, step 132. --- It is noted that two authentication methods, namely a PIN check as a knowledge-based, low-quality method, and a fingerprint check as a biometric, higher-quality method corresponds the plurality of authentication methods; if authentication of the user 30 is to be knowledge-based teaches when … a setting … enables a single authentication method (i.e., knowledge-based); disables the further authentication methods not used, i.e. the knowledge-based PIN check teaches controls … to disable all authentication methods other than the single authentication method; If authentication of the user 30 is biometric, the terminal 14 initiates authentication against presentation of a biometric feature and makes a corresponding report, which teaches accepts only … the single authentication method); and
(para. [0024]: Further, it will hereinafter be assumed that the chip card 20 supports two authentication methods, namely a PIN check as a knowledge-based, low-quality method, and a fingerprint check as a biometric, higher-quality method. --- It is noted that a PIN check is predetermined as a low-quality method, and a fingerprint check is predetermined as a higher-quality method, which teaches a degree of a security level of each of the plurality of authentication methods is predetermined), and when an input portion accepts an input to enable an authentication method with a security level lower than a security level of a … authentication method (para. [0027]: First the terminal 14 checks how authentication is to be effected—knowledge-based, i.e. by input of a PIN, or biometrically, i.e. by presentation of a fingerprint, step 110. Specification of an authentication method can be effected automatically by the terminal 14 on the basis of information transmitted with the electronic document 40, but it can also be presented to the user 30 as a decision request via the display device 16. In the latter case the user 30 makes a decision by means of the input means 18; para. [0028]: If authentication of the user 30 is to be knowledge-based, i.e. effected by input of a PIN, the chip card 20 disables the further possible authentication methods, i.e. the fingerprint check, step 112, and asks the user 30 via the display device 16 to enter his PIN via the input means 18. --- It is noted that an authentication method can be effected and the user 30 makes a decision by means of the input means 18, which teaches when an input portion accepts an input to enable an authentication method; If authentication of the user 30 is to be knowledge-based, i.e. effected by input of a PIN, which teaches when enable an authentication method with a security level lower than a security level of an authentication method).
Thus, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to modify Oguma’s system by enhancing Oguma’s system to disable the further authentication methods not used, as taught by Meister, so that the 
The motivation is to make it impossible to tamper with an authentication even when an unauthorized user has a low-order authentication information together with higher-order authentication information.
Oguma in view of Meister is silent about:
when … enable an … method with a security level lower than a currently enabled … method, the processor controls the display to display a notification that a switch is made to an authentication method with a low security level.
Shimoda, in the same field of endeavor, teaches:
when … enable an … method with a security level lower than a security level of a currently enabled … method, the processor controls the display to display a notification that a switch is made to an authentication method with a low security level (para. [0088]: to enable every user to increase the security level with simple operations and to reduce the risk of virus infection; para. [0089]: when changing the security level setting, or when decreasing the security level in particular, a warning on virus infection is issued to the user. For example, as shown in FIG. 11, issuance of a warning in which the security level and virus infection are associated with each other will bring about an effect to make users aware that connection to a network carries a risk and bolster the image that excessively decreasing the security level is dangerous. In addition, as an alternative method of obtaining a similar effect, a message to recommend increasing the security level may be displayed. --- It is noted that when decreasing the security level teaches enable a method with a security level lower than a security level of a currently enabled method; a warning is issued to the user, and issuance of a warning which bolster the image that excessively decreasing the security level is dangerous, which teaches display a notification that a switch is made to an authentication method with a low security level).
 as taught by Shimoda, in order to make users aware that decreasing the security level is dangerous.
The motivation is to protect a device from being used by an unauthorized person or protect information stored in the device from leakage or exposure to other parties by changing the security levels of the mobile communication terminal.

Regarding claim 2:
Oguma in view of Meister and Shimoda teaches:
The user authentication device according to claim 1, further comprising 
Oguma further teaches:
wherein the display switchably displays between user authentication screens relating to the plurality of authentication methods (para. [0097]: FIG. 10 is a diagram illustrating an example of the edit screen for the master authentication setting data displayed on the terminal device 5 illustrated in FIG. 1. --- It is noted that screen teaches a display; Fig. 10 teaches a display that switchably displays between user authentication screens relating to the plurality of authentication methods)… 
Oguma is silent about:
… wherein the processor controls to not display authentication screens relating to the authentication methods other than the single authentication method on the display.
Meister teaches:
… wherein the processor controls to not display authentication screens relating to the authentication methods other than the single authentication method on the display (para. [0033]: If the check in step 110 shows that authentication of the user 30 is not to be knowledge-based but biometric, the terminal 14 initiates authentication against presentation of a biometric feature and makes a corresponding report to the chip card 20, step 130. The chip card 20 thereupon disables the further authentication methods not used, i.e. the knowledge-based PIN check, step 132; para. [0034]: Subsequently the user 30 presents to the terminal 14 a biometric feature according to the authentication method used, i.e. a fingerprint, step 134. The request to present the fingerprint is preferably effected by a corresponding display on the display device 16 of the terminal 14. --- It is noted that if authentication of the user 30 is biometric, the terminal 14 initiates authentication against presentation of a biometric feature, which teaches the controller does not display authentication screens relating to the authentication methods other than the single authentication method on the display).
The motivation for claim 1 is applicable for claim 2.

Regarding claim 3:
Oguma in view of Meister and Shimoda teaches:
The user authentication device according to claim 1.
Oguma further teaches:
wherein the plurality of authentication methods include an optional combination of inputs from among an input relating to selecting an icon image, an input of a login name, an input of a password, and an input of an IC card (para. [0097]: FIG. 10 is a diagram illustrating an example of the edit screen for the master authentication setting data displayed on the terminal device 5 illustrated in FIG. 1. --- It is noted that Fig. 10 show plurality of authentication methods, that is, User ID+Password, Card ID, Card ID+password, which teaches the plurality of authentication methods including an input of a login name, an input of a password, and an input of an IC card).

Regarding claim 6:
Oguma in view of Meister and Shimoda teaches:
The user authentication device according to claim 1. 
Oguma further teaches:
wherein when, after the display displays the notification (para. [0097]: FIG. 10 is a diagram illustrating an example of the edit screen for the master authentication setting data displayed on the terminal device 5 illustrated in FIG. 1. … Pairs of radio buttons for selecting “enable/disable” in the edit operation are displayed as the operation section. Only one of a pair of radio buttons regarding each of the authentication methods is selected, and the edit operation is confirmed by depression of an edit button. --- It is noted that Fig. 10 show that when selecting “enable/disable”, the radio button shows “enable” or “disable”, which teaches the controller displays, on the display, a notification), the input portion accepts an input to approve the switching of the authentication method, the processor controls the user authentication setter to enable the authentication method (para. [0074]: Further, in the second embodiment, by using the network communication unit 32, the control unit 33 transmits an authentication setting request to the user-manager server device 3 at an initialization processing, receives master authentication setting data from the user-manager server device 3, and permits only the authentication method specified by the master authentication setting data as a user authentication method to be performed upon login; para. [0079]: Further, when receiving the authentication setting request from the MFPs 1A and/or 1B, the authentication setting unit 64 identifies the authentication method that can be used on the MFPs 1A and/or 1B at that time; para. [0087]: If the input data is (b) the read data (card ID) of the ID card, when the authentication based on the ID card is permitted by the master authentication setting data 54, the user authentication processing unit 62 references a conversion table (not illustrated) stored in the storage device 41 to convert the card ID into the user ID and the password (Step S40). --- It is noted that permits only the authentication method specified by the master authentication setting data as a user authentication method to be performed upon login teaches the input portion accepts an input to approve the switching of the authentication method, the processor controls the user authentication setter to enable the authentication method).

Regarding claim 7:
Oguma teaches:
An image forming device (para. [0027]: FIG. 1 is a block diagram illustrating a configuration of an image forming system according to a first embodiment or a second embodiment of the present disclosure) comprising: the user authentication device according to claim 1 (Oguma in view of Meister and Shimoda teaches the user authentication device according to claim 1, as stated in the rejection of claim 1 above).
Oguma further teaches:
an image processor that processes image data (para. [0040]: The control unit 33 is a processing unit that receives a job request in response to a user operation via the operation panel 21 or a job request received from the host device (not illustrated) by the network interface 23 and the network communication unit 32, and controls the respective units in the MFP 1A to execute a job corresponding to the job request); and an image former that forms an image based on the image data processed by the image processor (para. [0028]: The MFP 1A is an image forming apparatus including a printer function, a scanner function, a copy function, a facsimile function, and the like, which uses those functions to execute various kinds of jobs responsive to receiving an instruction from an operation panel on the MFP 1A or from a host device (not illustrated) connected to the network 2. --- It is noted that a printer function, a scanner function, a copy function teaches an image former that forms an image based on the image data processed by the image processor).

Conclusion
The prior art made of record and not relied upon is considered pertinent to applicant's disclosure. Moril (US 2015/0324675 A1) discloses MFPs including a function for performing user authentication. 

Applicant's amendment necessitated the new ground(s) of rejection presented in this Office action.  Accordingly, THIS ACTION IS MADE FINAL.  See MPEP § 706.07(a).  Applicant is reminded of the extension of time policy as set forth in 37 CFR 1.136(a).  
A shortened statutory period for reply to this final action is set to expire THREE MONTHS from the mailing date of this action.  In the event a first reply is filed within TWO MONTHS of the mailing date of this final action and the advisory action is not mailed until after the end of the THREE-MONTH shortened statutory period, then the shortened statutory period will expire on the date the advisory action is mailed, and any extension fee pursuant to 37 CFR 1.136(a) will be calculated from the mailing date of the advisory action.  In no event, however, will the statutory period for reply expire later than SIX MONTHS from the date of this final action. 
Contact Information
Any inquiry concerning this communication or earlier communications from the examiner should be directed to WANSIK YOU whose telephone number is (571)270-3360.  The examiner can normally be reached on 7:30-5:30 M-Th.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.

Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system.  Status information for published applications may be obtained from either Private PAIR or Public PAIR.  Status information for unpublished applications is available through Private PAIR only.  For more information about the PAIR system, see https://ppair-my.uspto.gov/pair/PrivatePair. Should you have questions on access to the Private PAIR system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative or access to the automated information system, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.

/W.Y./Examiner, Art Unit 3664                                                                                                                                                                                                        



/DANIEL B POTRATZ/Primary Examiner, Art Unit 2491