DETAILED ACTION
Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .
This Office Action is in response to the Amendment filed on 01/10/2022.
In the instant Amendment claims 1, 9 and 17 are independent claims.  Claims 1-20 have been examined and are pending.  This Action is made FINAL.

Response to Argument
Applicants’ arguments in the instant Amendment, filed on 01/10/2022, with respect to limitations listed below, have been fully considered.
Applicant’s arguments: “Du and De Atley, taken singularly or in combination, do not teach or suggest launching a continuous authentication launched at boot time of a first device, as recited in claims 1, 8 and 15 (see REM, filed 01/10/2022, pg. 11)”.
The Examiner disagrees with the Applicants. The Examiner respectfully submits that Du discloses launching a continuous authentication service at a first device (Du: ¶0038 FIG. 2, a continuous authentication system 200 is shown that may be implemented by mobile device 100 to perform authentication with an authenticating entity 250; ¶0026 the system may be a computing device (e.g., a mobile device 100), which may include one or more processors 101, a memory 105, [...] a number of sensors). More specifically, Du discloses the processor may be configured to receive sensor data from the set of sensors, form authentication information from the received sensor data, and continuously update the authentication information [i.e., the receipt of data, including the authentication information could encompass the authentication time.] However, De Atley discloses an authentication service at a boot time (De Atley: ¶0033 computing device 100 can include hardware support for providing the boot-time authentication of the kernel space used by operating system 202 [...] the boot loader of computing device 100 may authenticate a signature of the kernel software prior to loading and booting the kernel using, for example, suitable public key signature verification). More specifically, De Atley discloses the trusted space may be established on startup of the device by a bootloader of device 100 that cryptographically verifies operating system 202 prior to loading [0063].  Therefore as the metes and bounds of the limitation of been met as noted above; the examiner finds this argument not persuasive.
Applicant’s arguments: “Du and De Atley, taken singularly or in combination, also do not teach or suggest sending, via a communication interface, the current value of the security state to a second device; and controlling access to a resource of the second device based on the current value of the security state as recited in Claim 6 (see REM, filed 01/10/2022, pg. 12)”.
The Examiner disagrees with the Applicants. The Examiner respectfully submits that Du discloses sending, via the communication interface, the current value of the security state to a second device (Du: ¶0078 local trust broker (TB) 902 of mobile device 100 may be configured to exchange one or more privacy vectors (PVs) and trust vectors (TVs) with authenticating entity 250 for authentication purposes); and controlling access to a resource of the second device based on the current value of the security state (Du: ¶0067 as shown in graph 612, various access controls may be continuously collected and updated, and, as shown in graph 614, based upon this continuous updating for continuous authentication (e.g. first a fingerprint scan, next a facial scan from a camera, next a GPS update, etc.), access control can reach 100% and access will be authenticated). More specifically, Du discloses with reference to trust broker interaction 1110, each device (e.g., Device A-mobile and Device B-authenticating entity such as another mobile device, e.g., peer-to-peer) may include a trust broker that interacts with a continuous authentication manager (CAM) and a continuous authentication engine (CAE) on each device [...] a trust-broker interaction 1020 conveys an interaction between a user device and a remote (cloud-based) service or application. Both sides include a trust broker; the continuous authentication manager function and the continuous authentication engine function are enabled on the user device side, but are optional on the service/application device side [¶0077] and by utilizing continuous authentication data (graph 712), inputs may be continuously collected (e.g. GPS location, touch screen finger scan, etc.), and even through access control is met (graph 714) and access is granted, an intruder may still be detected. For example, an intruder designation may be detected (e.g., an unknown GPS location), access control will drop and access will be denied, until a stronger authentication input is requested and received by the mobile device, such as a fingerprint scan [¶0068]. Therefore as the metes and bounds of the limitation of been met as noted above; the examiner finds this argument not persuasive.
The Examiner respectfully suggests that the claims be further amended and details in the specification be incorporated to distinguish the claimed invention over prior art of record.  Should the Applicant desire an interview to further clarify the claim interpretation/rejections, please contact the Examiner at (571) 270 7857 to schedule an interview.   
A substantially similar rejection to the previous non-final rejection follows below.

Claim Rejections - 35 USC § 103
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102 of this title, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person.


This application currently names joint inventors. In considering patentability of the claims the examiner presumes that the subject matter of the various claims was commonly owned as of the effective filing date of the claimed invention(s) absent any evidence to the contrary.  Applicant is advised of the obligation under 37 CFR 1.56 to point out the inventor and effective filing dates of each claim that was not commonly owned as of the effective filing date of the later invention in order for the examiner to consider the applicability of 35 U.S.C. 102(b)(2)(C) for any potential 35 U.S.C. 102(a)(2) prior art against the later invention.

Claims 1, 5-9, and 13-17 are rejected under 35 U.S.C. 103 as being unpatentable over Du et al. (“Du,” US 2015/0242605), published on August 27, 2015, in view of De Atley et al. (“De Atley,” US 2009/0254753), published on October 8, 2009.

Regarding claim 1: Du discloses a method of providing continuous user authentication for resource access control, the method comprising:
Du: ¶0038 FIG. 2, a continuous authentication system 200 is shown that may be implemented by mobile device 100 to perform authentication with an authenticating entity 250; ¶0026 the system may be a computing device (e.g., a mobile device 100), which may include one or more processors 101, a memory 105, [...] a number of sensors);
receiving authentication information comprising one or more of explicit authentication information or implicit authentication information (Du: ¶0039 authentication strength function block 220 may [...] receive biometric sensor information from biometric sensors, [...] non-biometric sensor data from non-biometric sensors; [...] user data input, or other authentication information);
receiving a request for access to a resource of the first device (Du: ¶0045 preference setting function block 210 may receive as inputs one or more specified preferences of the user, specified preferences from one or more applications or services from the authenticating entity that the user may wish to interact with);
determining, by the continuous authentication service, a current value of a security state, the current value of the security state based in part on a time interval between a receipt time of the authentication information and a current time (Du: ¶0055 the dynamic nature of trust coefficients and continuous authentication with reference FIG. 3. FIG. 3 illustrates the dynamic nature of the trust coefficient in the continuous authentication methodology. For example, the y-axis illustrates a dynamic trust coefficient with various levels (e.g., level 4-complete trust; level 3-high trust; level 2-medium trust; level 1-low trust; level 0-mistrust; and level -1-high mistrust) and the x-axis represents time; ¶0056 At this point b'), a completely trusted status has been acquired (e.g. level 4 complete trust). However, as shown at point c), the trust level begins to decline as time progresses; ¶0057 Again, at point e), as time proceeds, the trust level again decays. Then, at point f), re-authentication is needed to bring the trust coefficient back to level 4 complete trust); and
controlling access to the resource based on the current value of the security state (Du: ¶0067 as shown in graph 612, various access controls may be continuously collected and updated, and, as shown in graph 614, based upon this continuous updating for continuous authentication (e.g. first a fingerprint scan, next a facial scan from a camera, next a GPS update, etc.), access control can reach 100% and access will be authenticated).
Du does disclose a continuous authentication system but does not explicitly disclose an authentication service at a boot time.
However, De Atley discloses an authentication service at a boot time (De Atley: ¶0033 computing device 100 can include hardware support for providing the boot-time authentication of the kernel space used by operating system 202 [...] the boot loader of computing device 100 may authenticate a signature of the kernel software prior to loading and booting the kernel using, for example, suitable public key signature verification). 
Therefore, it would have been obvious to a person of ordinary skill in the art, before the effective filing date of the claimed invention to combine the teachings of De Atley with the system/method of Du to include an authentication service at a boot time.
One would have been motivated to provide systems and methods for authorizing software code to be executed or access capabilities in secure operating environments (De Atley: Abstract).
Regarding claim 5: Du in view of De Atley discloses the method of claim 1.
Du further discloses receiving, via a communication interface, interaction status information from a second device (Du: ¶0077 with reference to trust broker interaction 1110, each device (e.g., Device A-mobile and Device B-authenticating entity such as another mobile device, e.g., peer-to-peer) may include a trust broker that interacts with a continuous authentication manager (CAM) and a continuous authentication engine (CAE) on each device [...] the trust-broker interaction with the continuous authentication manager and/or continuous authentication engine of the user device may be maintained over a secure interface); and
determining the current value of the security state based, at least in part, on the interaction status information (Du: ¶0068 by utilizing continuous authentication data (graph 712), inputs may be continuously collected ( e.g. GPS location, touch screen finger scan, etc.), and even through access control is met (graph 714) and access is granted, an intruder may still be detected. For example, an intruder designation may be detected (e.g., an unknown GPS location), access control will drop and access will be denied, until a stronger authentication input is requested and received by the mobile device, such as a fingerprint scan).

Regarding claim 6: Du in view of De Atley discloses the method of claim 1.
Du further discloses sending, via the communication interface, the current value of the security state to a second device (Du: ¶0078 local trust broker (TB) 902 of mobile device 100 may be configured to exchange one or more privacy vectors (PVs) and trust vectors (TVs) with authenticating entity 250 for authentication purposes); and
Du: ¶0067 as shown in graph 612, various access controls may be continuously collected and updated, and, as shown in graph 614, based upon this continuous updating for continuous authentication (e.g. first a fingerprint scan, next a facial scan from a camera, next a GPS update, etc.), access control can reach 100% and access will be authenticated).

Regarding claim 7: Du in view of De Atley discloses the method of claim 1.
Du further discloses wherein explicit authentication information comprises information received by the first device in response to a user prompt to provide authentication information at a sensor of the one or more sensors of the first device (Du: ¶0061 requesting a high level of authentication, such as a fingerprint scan via a fingerprint sensor).

Regarding claim 8: Du in view of De Atley discloses the method of claim 7.
Du further discloses wherein explicit authentication information comprises one or more of a personal identification number (PIN), a password, a traced pattern on a screen, a result of a fingerprint scan, or a result of a voice recognition operation (Du: ¶0033, second column lines 13-15 data input may refer to user-inputted data for authentication (e.g., names, IDs, passwords, PINs, etc.) or any other data of interest for authentication).

Regarding claim 9: Du discloses a first electronic device providing continuous user authentication for resource access control, the first electronic device comprising:
Du: fig. 1 item 101);
one or more sensors configured to collect authentication information (Du: fig. 1 items 167, 137 etc.); and
a memory comprising instructions (Du: fig. 1 item 105), which when executed by the processor, cause the first electronic device to:
launch a continuous authentication service at the first electronic device (Du: ¶0038 FIG. 2, a continuous authentication system 200 is shown that may be implemented by mobile device 100 to perform authentication with an authenticating entity 250),
receive authentication information comprising one or more of explicit authentication information or implicit authentication information (Du: ¶0039 authentication strength function block 220 may [...] receive biometric sensor information from biometric sensors, [...] non-biometric sensor data from non-biometric sensors; [...] user data input, or other authentication information),
receive a request for access to a resource of the first electronic device (Du: ¶0045 preference setting function block 210 may receive as inputs one or more specified preferences of the user, specified preferences from one or more applications or services from the authenticating entity that the user may wish to interact with),
determine, by the continuous authentication service, a current value of a security state, the current value of the security state based on in part on a time interval between a receipt time of the authentication information and a current time (Du: ¶0055 the dynamic nature of trust coefficients and continuous authentication with reference FIG. 3. FIG. 3 illustrates the dynamic nature of the trust coefficient in the continuous authentication methodology. For example, the y-axis illustrates a dynamic trust coefficient with various levels (e.g., level 4-complete trust; level 3-high trust; level 2-medium trust; level 1-low trust; level 0-mistrust; and level -1-high mistrust) and the x-axis represents time; ¶0056 At this point b'), a completely trusted status has been acquired (e.g. level 4 complete trust). However, as shown at point c), the trust level begins to decline as time progresses; ¶0057 Again, at point e), as time proceeds, the trust level again decays. Then, at point f), re-authentication is needed to bring the trust coefficient back to level 4 complete trust), and 
control access to the resource based on the current value of the security state (Du: ¶0067 as shown in graph 612, various access controls may be continuously collected and updated, and, as shown in graph 614, based upon this continuous updating for continuous authentication (e.g. first a fingerprint scan, next a facial scan from a camera, next a GPS update, etc.), access control can reach 100% and access will be authenticated).
Du does disclose a continuous authentication system but does not explicitly disclose an authentication service at a boot time.
However, De Atley discloses an authentication service at a boot time (De Atley: ¶0033 computing device 100 can include hardware support for providing the boot-time authentication of the kernel space used by operating system 202 [...] the boot loader of computing device 100 may authenticate a signature of the kernel software prior to loading and booting the kernel using, for example, suitable public key signature verification). 
Therefore, it would have been obvious to a person of ordinary skill in the art, before the effective filing date of the claimed invention to combine the teachings of De Atley with the system/method of Du to include an authentication service at a boot time.
De Atley: Abstract).

Regarding claim 13: Du in view of De Atley discloses the first electronic device of claim 9.
Du further discloses receive, via a communication interface, interaction status information from a second device (Du: ¶0077 with reference to trust broker interaction 1110, each device (e.g., Device A-mobile and Device B-authenticating entity such as another mobile device, e.g., peer-to-peer) may include a trust broker that interacts with a continuous authentication manager (CAM) and a continuous authentication engine (CAE) on each device [...] the trust-broker interaction with the continuous authentication manager and/or continuous authentication engine of the user device may be maintained over a secure interface); and
determinie the current value of the security state based, at least in part, on the interaction status information (Du: ¶0068 by utilizing continuous authentication data (graph 712), inputs may be continuously collected ( e.g. GPS location, touch screen finger scan, etc.), and even through access control is met (graph 714) and access is granted, an intruder may still be detected. For example, an intruder designation may be detected (e.g., an unknown GPS location), access control will drop and access will be denied, until a stronger authentication input is requested and received by the mobile device, such as a fingerprint scan).

Regarding claim 14: Du in view of De Atley discloses the first electronic device of claim 9.
Du further discloses send, via the communication interface, the current value of the security state to a second device (Du: ¶0078 local trust broker (TB) 902 of mobile device 100 [first device] may be configured to exchange one or more privacy vectors (PVs) and trust vectors (TVs) with authenticating entity 250 [second device] for authentication purposes); and
control access to a resource of the second device based on the current value of the security state (Du: ¶0067 as shown in graph 612, various access controls may be continuously collected and updated, and, as shown in graph 614, based upon this continuous updating for continuous authentication (e.g. first a fingerprint scan, next a facial scan from a camera, next a GPS update, etc.), access control can reach 100% and access will be authenticated).

Regarding claim 15: Du in view of De Atley discloses the first electronic device of claim 9.
Du further discloses wherein the explicit authentication information comprises information received by the first device in response to a user prompt to provide the authentication information at a sensor of the one or more sensors of the first device (Du: ¶0061 requesting a high level of authentication, such as a fingerprint scan via a fingerprint sensor).

Regarding claim 16: Du in view of De Atley discloses the first electronic device of claim 15.
Du further discloses wherein the explicit authentication information comprises one or more of a personal identification number (PIN), a password, a traced pattern on a screen, a result of a fingerprint scan, or a result of a voice recognition operation (Du: ¶0033, second column lines 13-15 data input may refer to user-inputted data for authentication (e.g., names, IDs, passwords, PINs, etc.) or any other data of interest for authentication).

Regarding claim 17: Du discloses a non-transitory computer-readable medium comprising instructions, which when executed by a processor, causes a first device to:
launch a continuous authentication service at the first device, the first device comprising the processor, a memory, and one or more sensors configured to collect authentication information (Du: ¶0038 FIG. 2, a continuous authentication system 200 is shown that may be implemented by mobile device 100 to perform authentication with an authenticating entity 250; ¶0026 the system may be a computing device (e.g., a mobile device 100), which may include one or more processors 101, a memory 105, [...] a number of sensors),
receive authentication information comprising one or more of explicit authentication information or implicit authentication information (Du: ¶0039 authentication strength function block 220 may [...] receive biometric sensor information from biometric sensors, [...] non-biometric sensor data from non-biometric sensors; [...] user data input, or other authentication information),
Du: ¶0045 preference setting function block 210 may receive as inputs one or more specified preferences of the user, specified preferences from one or more applications or services from the authenticating entity that the user may wish to interact with),
determine, by the continuous authentication service, a current value of a security state, the current value of the security state based in part on a time interval between a receipt time of the authentication information a current time (Du: ¶0055 the dynamic nature of trust coefficients and continuous authentication with reference FIG. 3. FIG. 3 illustrates the dynamic nature of the trust coefficient in the continuous authentication methodology. For example, the y-axis illustrates a dynamic trust coefficient with various levels (e.g., level 4-complete trust; level 3-high trust; level 2-medium trust; level 1-low trust; level 0-mistrust; and level -1-high mistrust) and the x-axis represents time; ¶0056 At this point b'), a completely trusted status has been acquired (e.g. level 4 complete trust). However, as shown at point c), the trust level begins to decline as time progresses; ¶0057 Again, at point e), as time proceeds, the trust level again decays. Then, at point f), re-authentication is needed to bring the trust coefficient back to level 4 complete trust), and
control access to the resource based on the current value of the security state (Du: ¶0067 as shown in graph 612, various access controls may be continuously collected and updated, and, as shown in graph 614, based upon this continuous updating for continuous authentication (e.g. first a fingerprint scan, next a facial scan from a camera, next a GPS update, etc.), access control can reach 100% and access will be authenticated).
Du does disclose a continuous authentication system but does not explicitly disclose an authentication service at a boot time.
De Atley: ¶0033 computing device 100 can include hardware support for providing the boot-time authentication of the kernel space used by operating system 202 [...] the boot loader of computing device 100 may authenticate a signature of the kernel software prior to loading and booting the kernel using, for example, suitable public key signature verification). 
Therefore, it would have been obvious to a person of ordinary skill in the art, before the effective filing date of the claimed invention to combine the teachings of De Atley with the system/method of Du to include an authentication service at a boot time.
One would have been motivated to provide systems and methods for authorizing software code to be executed or access capabilities in secure operating environments (De Atley: Abstract).

Claims 2-4, 10-12 and 18-20 are rejected under 35 U.S.C. 103 as being unpatentable over Du et al. (“Du,” US 2015/0242605), published on August 27, 2015, in view of De Atley et al. (“De Atley,” US 2009/0254753), published on October 8, 2009 and Sheller et al. (“Sheller,” US 2014/0366111), published on December 11, 2014.

Regarding claim 2: Du in view of De Atley discloses the method of claim 1.
Du further discloses requesting, by the continuous authentication service, authentication information, at a time scheduled by the continuous authentication service (Du: ¶0056 at point d), re-authentication of the trust coefficient is needed as the trust level has decreased down to level 3 trust. At this point, another input may be needed such as an eye scan via a camera);
Du: ¶0056 another input may be needed such as an eye scan via a camera. Based upon this, at point d'), the completely trusted status has been re-acquired).
Du in view of De Atley does not explicitly disclose storing the updated current value of the security state in the memory.
However, Sheller discloses storing the updated current value of the security state in the memory (Sheller: ¶0093 the operations of flowchart 300 are configured to update the confidence score based, at least in part, on a selected confidence factor and associated presence data acquired during the session).
Therefore, it would have been obvious to a person of ordinary skill in the art, before the effective filing date of the claimed invention to combine the teachings of Sheller with the system/method of Du and De Atley to include storing the updated current value of the security state in the memory.
One would have been motivated to provide continuous authentication from initial authentication to session closure (Sheller: ¶0013).

Regarding claim 3: Du in view of De Atley and Sheller discloses the method of claim 2.
Du further discloses wherein the response to requesting for authentication information comprises a report of a failure to obtain implicit authentication information (Du: ¶0068 as time increases, the level of the dynamic trust coefficient begins to decline to point x), a low level trust, however, the decline may be stopped at point x') (at a baseline low-level trusted status); ¶0061 the process may begin again with requesting a high level of authentication, such as a fingerprint scan via a fingerprint sensor or a username and password, such that, at point y')).

Regarding claim 4: Du in view of De Atley and Sheller discloses the method of claim 2.
Sheller further discloses wherein the time of requesting for authentication information is scheduled to minimize a number of requests for explicit authentication information (Sheller: ¶0085 the CACM 108 is further configured to select the presence data to minimize power consumption when the confidence score is sufficiently high and to avoid selecting active factors that require user participation unless the confidence score decreases so that session closure is possible. Security may thus be enhanced by evaluating human and/or specific user presence (including both positive and negative data) during a session. User experience may be enhanced by maintaining the confidence score above the close session threshold when possible without requesting user participation).
The motivation is the same that of claim 2 above.

Regarding claim 10: Du in view of De Atley discloses the first electronic device of claim 9.
Du further discloses request, by the continuous authentication service, the authentication information, at a time scheduled by the continuous authentication service (Du: ¶0056 at point d), re-authentication of the trust coefficient is needed as the trust level has decreased down to level 3 trust. At this point, another input may be needed such as an eye scan via a camera);
updat the current value of the security state based on a response to the request for the authentication information (Du: ¶0056 another input may be needed such as an eye scan via a camera. Based upon this, at point d'), the completely trusted status has been re-acquired).
Du in view of De Atley does not explicitly disclose storing the updated current value of the security state in the memory.
However, Sheller discloses store the updated current value of the security state in the memory (Sheller: ¶0093 the operations of flowchart 300 are configured to update the confidence score based, at least in part, on a selected confidence factor and associated presence data acquired during the session).
Therefore, it would have been obvious to a person of ordinary skill in the art, before the effective filing date of the claimed invention to combine the teachings of Sheller with the system/method of Du and De Atley to include storing the updated current value of the security state in the memory.
One would have been motivated to provide continuous authentication from initial authentication to session closure (Sheller: ¶0013).

Regarding claim 11: Du in view of De Atley and Sheller discloses the first electronic device of claim 10.
Du further discloses wherein the response to requesting for the authentication information comprises a report of a failure to obtain the implicit authentication information Du: ¶0068 as time increases, the level of the dynamic trust coefficient begins to decline to point x), a low level trust, however, the decline may be stopped at point x') (at a baseline low-level trusted status); ¶0061 the process may begin again with requesting a high level of authentication, such as a fingerprint scan via a fingerprint sensor or a username and password, such that, at point y')).

Regarding claim 12: Du in view of De Atley and Sheller discloses the first electronic device of claim 10.
Sheller further discloses wherein the time of request for the authentication information is scheduled to minimize a number of requests for the explicit authentication information (Sheller: ¶0085 the CACM 108 is further configured to select the presence data to minimize power consumption when the confidence score is sufficiently high and to avoid selecting active factors that require user participation unless the confidence score decreases so that session closure is possible. Security may thus be enhanced by evaluating human and/or specific user presence (including both positive and negative data) during a session. User experience may be enhanced by maintaining the confidence score above the close session threshold when possible without requesting user participation).
The motivation is the same that of claim 10 above.

Regarding claim 18: Du in view of De Atley discloses the non-transitory computer-readable medium of claim 17.
Du further discloses request, by the continuous authentication service, the authentication information, at a time scheduled by the continuous authentication service Du: ¶0056 at point d), re-authentication of the trust coefficient is needed as the trust level has decreased down to level 3 trust. At this point, another input may be needed such as an eye scan via a camera);
updat the current value of the security state based on a response to the request for the authentication information (Du: ¶0056 another input may be needed such as an eye scan via a camera. Based upon this, at point d'), the completely trusted status has been re-acquired).
Du in view of De Atley does not explicitly disclose storing the updated current value of the security state in the memory.
However, Sheller discloses store the updated current value of the security state in the memory (Sheller: ¶0093 the operations of flowchart 300 are configured to update the confidence score based, at least in part, on a selected confidence factor and associated presence data acquired during the session).
Therefore, it would have been obvious to a person of ordinary skill in the art, before the effective filing date of the claimed invention to combine the teachings of Sheller with the system/method of Du and De Atley to include storing the updated current value of the security state in the memory.
One would have been motivated to provide continuous authentication from initial authentication to session closure (Sheller: ¶0013).

Regarding claim 19: Du in view of De Atley and Sheller discloses the non-transitory computer-readable medium of claim 18.
Du: ¶0068 as time increases, the level of the dynamic trust coefficient begins to decline to point x), a low level trust, however, the decline may be stopped at point x') (at a baseline low-level trusted status); ¶0061 the process may begin again with requesting a high level of authentication, such as a fingerprint scan via a fingerprint sensor or a username and password, such that, at point y')).

Regarding claim 20: Du in view of De Atley and Sheller discloses the non-transitory computer-readable medium of claim 18.
Sheller further discloses wherein the time of request for the authentication information is scheduled to minimize a number of requests for the explicit authentication information (Sheller: ¶0085 the CACM 108 is further configured to select the presence data to minimize power consumption when the confidence score is sufficiently high and to avoid selecting active factors that require user participation unless the confidence score decreases so that session closure is possible. Security may thus be enhanced by evaluating human and/or specific user presence (including both positive and negative data) during a session. User experience may be enhanced by maintaining the confidence score above the close session threshold when possible without requesting user participation).
The motivation is the same that of claim 18 above.

Conclusion

THIS ACTION IS MADE FINAL.  Applicant is reminded of the extension of time policy as set forth in 37 CFR 1.136(a).  
A shortened statutory period for reply to this final action is set to expire THREE MONTHS from the mailing date of this action.  In the event a first reply is filed within TWO MONTHS of the mailing date of this final action and the advisory action is not mailed until after the end of the THREE-MONTH shortened statutory period, then the shortened statutory period will expire on the date the advisory action is mailed, and any extension fee pursuant to 37 CFR 1.136(a) will be calculated from the mailing date of the advisory action.  In no event, however, will the statutory period for reply expire later than SIX MONTHS from the mailing date of this final action. 
Any inquiry concerning this communication or earlier communications from the examiner should be directed to Fahimeh Mohammadi whose telephone number is (571)270-7857. The examiner can normally be reached Monday - Friday 9:00 - 5:00.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Luu Pham can be reached on 5712705002. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.






/FAHIMEH MOHAMMADI/ Examiner, Art Unit 2439  



/LUU T PHAM/Supervisory Patent Examiner, Art Unit 2439