DETAILED ACTION

Notice of AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .

The present office action is responsive to communications received on 8/1/2019. Claims 1-20 are pending.

Information Disclosure Statement
The information disclosure statement (IDS) submitted on 8/1/2019 is in compliance with the provisions of 37 CFR 1.97. Accordingly, the information disclosure statement is being considered by the examiner.

Examiner’s Notes
Analysis under 35 U.S.C. 101, Double Patenting, and 35 U.S.C. 112 have been conducted, but no issues are found.

Claim Objections
Claims 11-13 and 15 are objected to because of the following informalities: 
Claim 11 recites “determining if the first physiological measurement is anomalous with respect to the one or more baseline values comprises determining if the physiological measurement is higher than a first baseline value, and determining if the physiological measurement is higher than a second baseline value, wherein the second baseline value is higher than the first baseline value; and executing access control on the first device comprises: executing a first set of access controls if the computing platform determines that the first physiological measurement is higher than the first baseline value and not higher than the second baseline value, and executing a second set of access controls if the computing platform determines that the physiological measurement is higher than the second baseline value.” There is insufficient antecedent basis for “the physiological measurement” in the claim.
Claim 12 recites “determine the one or more baseline values based on the plurality of physiological measurements;” There is insufficient antecedent basis for “the plurality of physiological measurements” in the claim.
Claim 13 recites “The computing platform of claim 1, wherein the physiological sensor is one of:” There is insufficient antecedent basis for “the physiological sensor” in the claim.
Claim 15 recites “when the first physiological measurement is determined to be anomalous with respect to one or more baseline values, executing access control on a first device,” in the claim. The expression “one or more baseline values” has already been defined previously in the claims and should therefore be referred to using a definite article.
Claim 15 should clearly point out that the steps in the method are performed by the computing platform for clarity and consistency. See claims 1 and 20.
Appropriate correction is required.

Claim Rejections - 35 USC § 103
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.

Claims 1-11 and 13-20 are rejected under 35 U.S.C. 103 as being unpatentable over Kobres (US 20160063227 A1) in view of Sambamurthy (US 20140282965 A1).

Regarding claim 1, Kobres teaches a computing platform, comprising:
at least one processor; ([0079] one or more processors)
a communication interface communicatively coupled to the at least one processor; and ([0160] The automated authentication confidence system 500 communicates over one or more networks, which can be wired, wireless, or a combination of wired and wireless.)
memory storing computer-readable instructions that, when executed by the at least one processor, cause the computing platform to: ([0079] memory, and non-transitory computer-readable storage media)
determine, using a first physiological sensor, a first physiological measurement; ([0115-0117] At 310, the authentication confidence calculator obtains data from one or more input streams. At 311, the authentication confidence calculator receives the data from a sensor of the device. For example: a sensor of a different device that is in network communication with the device.) Here Kobres discloses that the input streams include one or more of: audio samples gathered from a microphone of the device 210, images and/or video samples gathered from a camera of the device 210, geographical positioning information gathered from a GPS system of the device 210, biometric samples gathered from biometric sensors of the device 210, usage metrics for resources on the device 210 and gathers from logs resident on the device 210 or remotely accessible over a network connection from the device 210, and others. (¶94)
determine if the first physiological measurement is anomalous with respect to one or more baseline values; ([0147, 0153, 0155] At 410, the authenticator receives a passively-acquired and calculated authentication value from an authentication calculator. At 420, the authenticator compares the authentication value to a policy. At 430, the authenticator determines whether to grant access to one of: a device and a resource of the device based on the comparison performed at 420. This can be a binary determination such that access is either granted or denied.)

Kobres teaches denying access when the measurement gathered from biometric sensors is determined to be anomalous with respect to the policy/predetermined value, but does not explicitly teach when the first physiological measurement is determined to be anomalous with respect to the one or more baseline values, execute access control on a first device, wherein executing the access control on the first device comprises transmitting, via the communication interface, data to execute the access control on the first device. This aspect of the claim is identified as a difference.
However, Sambamurthy in an analogous art explicitly teaches
when the first physiological measurement is determined to be anomalous with respect to the one or more baseline values, execute access control on a first device, wherein executing the access control on the first device comprises transmitting, via the communication interface, data to execute the access control on the first device. ([0101-0102, 0105] “continuous monitoring” refers to the testing and checking the authentication of the user repeatedly. For example, continuous monitoring may refer to taking periodic samples of the image of the user, or may refer to actually taking continuous measurements such as the heart rate of the user. FIG. 8B illustrates an architecture for accessing secure resources with the network access device 808. A user wishing to get access via computing device 802 to servers 822 in a company's intranet 824, connects the SCED 430 to the computing device 802 and then performs an authentication/login to security server 804. As previously discussed, the security system, including the SCED 430, provides continuous authentication and monitoring of the user activity. If authentication fails at any point in time (e.g., user walks away from the terminal) then the network access device 808 is notified by the security server 804, or by the SCED 430, that access is not allowed anymore. In this case, the network access device will shut off all access to the intranet 824 from computing device 802.) Here Sambamurthy discloses using physiological measurement, such as heart rate or image of the user, to determine authentication failure (analogous to claim limitation “anomalous”). If authentication fails, the network access device 808 (after notified by the security server 804) will shut off all access to the intranet 824 from computing device 802 (analogous to claim limitation “execute access control on a first device”). In addition, FIG. 8B discloses claim limitation “transmitting data to execute the access control on the first device” by depicting security server 804, via network access device 808, transmitting “net access deny” data to computing device 802 (analogous to claim limitation “first device”).
It would have been prima facie obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to combine the “automated authentication confidence” concept of Kobres, and the “ongoing authentication and access control” approach of Sambamurthy. One of ordinary skill in the art would have been motivated to perform such a modification for improving (Sambamurthy [0004, 0098]).

Regarding claim 2, Kobres in view of Sambamurthy teaches all the features with respect to claim 1, as outlined above. The combination further teaches wherein the memory stores additional computer-readable instructions that, when executed by the at least one processor, cause the computing platform to: 
determine, using a second physiological sensor, a second physiological measurement; and ([Kobres 0032-0033] FIG. 1C is a table illustrating two input types for a confidence calculator. In this example, the confidence calculator receives two inputs, the first is a snapshot of the user's face from the device's front facing camera, and the second is the audio stream originating from the device's microphone.) In summary, Kobres discloses “biometric samples gathered from biometric sensors” (¶94).
determine, using the first physiological measurement and the second physiological measurement, a physiological score, ([Kobres 0028] Each individual first stage function is also configured to decide how to transform (aggregate, weight, and compute) its input stream into a single component stream aggregated value. The component input stream-specific values are provided to a second stage function to calculate a single outputted value for a given instance of a confidence calculator (as an authentication confidence value).)
wherein determining if the first physiological measurement is anomalous with respect to the one or more baseline values comprises determining if the physiological score is anomalous with respect to the one or more baseline values. ([Kobres 0024] the authentication confidence (scalar value), compared with a predetermined value to determine whether authentication was achievable or not achievable.)

Regarding claim 3, Kobres in view of Sambamurthy teaches all the features with respect to claim 2, as outlined above. The combination further teaches wherein the first physiological sensor measures a first physiological parameter, and the second physiological sensor measures a second physiological parameter different from the first physiological parameter. ([Kobres 0032-0033] FIG. 1C is a table illustrating two input types for a confidence calculator. In this example, the confidence calculator receives two inputs, the first is a snapshot of the user's face from the device's front facing camera, and the second is the audio stream originating from the device's microphone.)

Regarding claim 4, Kobres in view of Sambamurthy teaches all the features with respect to claim 1, as outlined above. The combination further teaches wherein the one or more baseline values are one or more first baseline values, and wherein the memory stores additional computer-readable instructions that, when executed by the at least one processor, cause the computing platform to:
determine, using a second physiological sensor, a second physiological measurement; and ([Kobres 0032-0033] FIG. 1C is a table illustrating two input types for a confidence calculator. In this example, the confidence calculator receives two inputs, the first is a snapshot of the user's face from the device's front facing camera, and the second is the audio stream originating from the device's microphone.) In summary, Kobres discloses “biometric samples gathered from biometric sensors” (¶94).
determine if the second physiological measurement is anomalous with respect to one or more second baseline values, ([Kobres 0153] At 420, the authenticator compares the authentication value to a policy.)
wherein executing the access control on the first device comprises executing the access control when the second physiological measurement is determined to be anomalous with respect to the one or more second baseline values. ([Kobres 0155] At 430, the authenticator determines whether to grant access to one of: a device and a resource of the device based on the comparison performed at 420. This can be a binary determination such that access is either granted or denied.) Here second measurement (e.g. audio stream from microphone in FIG. 1C) can be used instead of first measurement (e.g. snapshot of the user's face from camera in FIG. 1C) or combination to determine anomaly. Indeed, it would be obvious to rearrange these parts if it is desired; See MPEP 2144.04(VI)(C).

Regarding claim 5, Kobres in view of Sambamurthy teaches all the features with respect to claim 1, as outlined above. The combination further teaches wherein the data further comprises: 
an identification of the first device; and ([Sambamurthy 0105] If authentication fails at any point in time (e.g., user walks away from the terminal) then the network access device 808 is notified by the security server 804, or by the SCED 430, that access is not allowed anymore. In this case, the network access device will shut off all access to the intranet 824 from computing device 802.) Here FIG. 8B depicts network access device 808 transmitting “net access deny” data to computing device 802 (after notified by the security server 804). It is obvious that identification of computing device 802 (analogous to claim limitation “first device”) is part of the data because it identifies the destination of the transmission.
an indication of an access control restriction to be executed on the first device. ([Sambamurthy FIG. 8B] depicts network access device 808 transmitting “net access deny” data to computing device 802.)

Regarding claim 6, Kobres in view of Sambamurthy teaches all the features with respect to claim wherein the data to execute the access control is transmitted to the first device. ([Sambamurthy FIG. 8B] depicts network access device 808 transmitting “net access grant/deny” data to computing device 802.)

Regarding claim 7, Kobres in view of Sambamurthy teaches all the features with respect to claim 6, as outlined above. The combination further teaches wherein executing the access control comprises one or more of:
restricting operations of a software operating on the first device; 
restricting access, of the first device, to a communication network; ([Sambamurthy 0105] If authentication fails at any point in time (e.g., user walks away from the terminal) then the network access device 808 is notified by the security server 804, or by the SCED 430, that access is not allowed anymore. In this case, the network access device will shut off all access to the intranet 824 from computing device 802.)
restricting access, of the first device, to a database; 
restricting access, of the first device, to a peripheral device; and 
implementing additional controls on at least one of: data outbound from the first device, and data inbound to the first device.

Regarding claim 8, Kobres in view of Sambamurthy teaches all the features with respect to claim 1, as outlined above. The combination further teaches wherein the data to execute access control is transmitted to a second device that is different from the first device. ([Sambamurthy 0105] If authentication fails at any point in time (e.g., user walks away from the terminal) then the network access device 808 is notified by the security server 804, or by the SCED 430, that access is not allowed anymore. In this case, the network access device will shut off all access to the intranet 824 from computing device 802.) Here “net access deny” data is transmitted to network access device 808 (analogous to claim limitation “second device”) directly and then transmitted to computing device 802 (analogous to claim limitation “first device”) via network access device 808, see [Sambamurthy FIG. 8B].

Regarding claim 9, Kobres in view of Sambamurthy teaches all the features with respect to claim 8, as outlined above. The combination further teaches wherein executing the access control comprises one or more of: 
restricting access of the first device to transmit data to and/or receive data from the second device; 
restricting access to a software application, operating on the second device, by the first device; and 
restricting access to a database communicatively coupled to the second device, from the first device. ([Sambamurthy 0102, 0105] FIG. 8B illustrates an architecture for accessing secure resources with the network access device 808. A user wishing to get access via computing device 802 to servers 822 in a company's intranet 824, connects the SCED 430 to the computing device 802 and then performs an authentication/login to security server 804. As previously discussed, the security system, including the SCED 430, provides continuous authentication and monitoring of the user activity. If authentication fails at any point in time (e.g., user walks away from the terminal) then the network access device 808 is notified by the security server 804, or by the SCED 430, that access is not allowed anymore. In this case, the network access device will shut off all access to the intranet 824 from computing device 802.) Here Sambamurthy discloses restricting access to servers 822 (analogous to claim limitation “database”) 

Regarding claim 10, Kobres in view of Sambamurthy teaches all the features with respect to claim 1, as outlined above. The combination further teaches wherein determining if the first physiological measurement is anomalous with respect to one or more baseline values and executing the access control on the first device comprises one of:
when the first physiological measurement is anomalous with respect to a first predetermined criteria, executing a first access control; ([Kobres 0065] the decision does not have to be a binary decisions meaning that different levels of authenticated access can be granted based on the confidence value when that confidence value is compared to predefined values, thresholds, or ranges of values that the authentication service uses to make decisions about authentication.)
when the first physiological measurement is anomalous with respect to a second predetermined criteria, executing a second access control; or 
when the first physiological measurement is anomalous with respect to a third predetermined criteria, executing a third access control. 

Regarding claim 11, Kobres in view of Sambamurthy teaches all the features with respect to claim 1, as outlined above. The combination further teaches wherein:
determining if the first physiological measurement is anomalous with respect to the one or more baseline values comprises determining if the physiological measurement is higher than a first baseline value, and determining if the physiological measurement is higher than a second baseline value, wherein the second baseline value is higher than the first baseline value; and ([Kobres 0065] the different levels of authenticated access can be granted based on the confidence value when that confidence value is compared to predefined values, thresholds, or ranges of values that the authentication service uses to make decisions about authentication.) Here Kobres discloses confidence value (analogous to claim limitation “first physiological measurement”) compared to predefined values, thresholds, or ranges of values (analogous to claim limitation “first/second baseline value”)
executing access control on the first device comprises: executing a first set of access controls if the computing platform determines that the first physiological measurement is higher than the first baseline value and not higher than the second baseline value, and executing a second set of access controls if the computing platform determines that the physiological measurement is higher than the second baseline value. ([Kobres 0025] It is noted that based on the comparison between any computed confidence and any predetermined value; authentication does not have to be a binary exercise. That is, a user may be granted different levels of access (to resources of a device) based on a computed difference between the confidence value (at any given point in time) and a predetermined value. For example, when the different between the computed confidence and a predetermined value is within a predefined range, then the user is granted access to limited resources and not all available resources on a device. This is but one example; the point is that confidence with respect to user/device authentication can result in: a failed authentication having no access to any resources, a successful authentication having access to all resources, or a limited authentication having varying levels of access to some resources.) Here Kobres discloses an example that computed confidence higher than the first baseline value and not higher than the second baseline value, results in “granted access to limited resources” (analogous to claim limitation “a first set of access controls”). Computed confidence higher than the second baseline value results in “no access to any resources” (analogous to claim limitation “a second set of access controls”).

Regarding claim 13, Kobres in view of Sambamurthy teaches all the features with respect to claim 1, as outlined above. The combination further teaches wherein the physiological sensor is one of: a heart rate monitor, a blood pressure monitor, a skin conductance sensor, or an image sensor. ([Kobres 0094] The input streams include one or more of: audio samples gathered from a microphone of the device 210, images and/or video samples gathered from a camera of the device 210, geographical positioning information gathered from a GPS system of the device 210, biometric samples gathered from biometric sensors of the device 210.)

Regarding claim 14, Kobres in view of Sambamurthy teaches all the features with respect to claim 1, as outlined above. The combination further teaches wherein the memory stores additional computer-readable instructions that, when executed by the at least one processor, cause the computing platform to:
generate an access control notification, wherein the access control notification comprises one or more of: an indication of the first device, a physiological parameter corresponding to the first physiological measurement, and the access control executed on the first device; and transmit the access control notification to a second device. ([Sambamurthy 0105] If authentication fails at any point in time (e.g., user walks away from the terminal) then the network access device 808 is notified by the security server 804, or by the SCED 430, that access is not allowed anymore. In this case, the network access device will shut off all access to the intranet 824 from computing device 802.) As shown in FIG. 8B, “net access deny for computing device 802” is the “access control executed on the first device”, 

Regarding claims 15-20, the scope of the claims are similar to that of claims 1, 2, 4, 11 and 14 respectively. Accordingly, the claims are rejected using a similar rationale.

Claim 12 is rejected under 35 U.S.C. 103 as being unpatentable over Kobres (US 20160063227 A1) in view of Sambamurthy (US 20140282965 A1) and Jöhnssen (WO 2020259818 A1).

Regarding claim 12, Kobres in view of Sambamurthy teaches all the features with respect to claim 1, as outlined above. But the combination does not teach wherein the memory stores additional computer-readable instructions that, when executed by the at least one processor, cause the computing platform to: determine, using one or more physiological sensors, a plurality of baseline physiological measurements; determine the one or more baseline values based on the plurality of physiological measurements; and store the one or more baseline values in the memory. This aspect of the claim is identified as a difference.
However, Jöhnssen in an analogous art explicitly teaches wherein the memory stores additional computer-readable instructions that, when executed by the at least one processor, cause the computing platform to:
determine, using one or more physiological sensors, a plurality of baseline physiological measurements; ([p. 4, para 2] The biometric information is recorded by means of appropriate sensors in the device or by means of sensors that are coupled or connected to the device. The authenticity of the user corresponds, for example, to the agreement between the actual user of the electronic device and a predetermined individual. The confidence value for the authenticity corresponds to a confidence or 
determine the one or more baseline values based on the plurality of physiological measurements; and ([p. 4, para 3-4] the confidence value can take place by means of the computer system based on one or more comparisons of the biometric information with biometric reference information or reference data. The reference data can correspond to biometric information for which the authenticity of the user can be assumed on the basis of independent information with sufficient security, that is to say with a probability above a predetermined limit. For example, the reference data can be generated or verified by combining the acquisition of the biometric information with conventional methods of authentication, for example password input or fingerprint recognition or other authentication methods based on knowledge and/or property.)
store the one or more baseline values in the memory. ([p. 4, para 2] The biometric information is in particular collected, that is to say recorded and stored, by the electronic device during the recording period.)
It would have been prima facie obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to combine the “automated authentication confidence” concept of Kobres, and the “user authentication” approach of Jöhnssen. One of ordinary skill in the art would have been motivated to perform such a modification to provide an improved concept for user authentication which increases user comfort and reduces time lost during the authentication process. In this case, the process could be particularly easily integrated into existing systems (Jöhnssen [p. 3, para 6 in Description]).

Conclusion
The prior art made of record and not relied upon is considered pertinent to applicant's disclosure.
US 20190220583 A1, "Biometric identification platform", by Douglas, teaches an improved authentication, identification, and/or verification system. The system is provided for use in relation to provisioning access or establishing identity in relation to one or more human users, and may be used in a single site/scenario/system, or across multiple sites/scenarios/systems. A combination of biometric modalities and authentication mechanisms having diverse characteristics are utilized to establish identity, the diverse characteristics being utilized to modify aspects of identity management and access provisioning.
US 20150028996 A1, "Preauthorized wearable biometric device, system and method for use thereof", by Agrafioti, teaches authenticating users using biometric devices. The biometric device may be arranged to capture one or more biometric feature of a user that may be wearing the biometric device such as biometric features that correspond to an electrocardiogram of the user. The user of the biometric device may be authenticated based on one or more biometric features, or a combination thereof. Authenticating the user of the biometric device, may include communicating information that includes biometric features to an authorized authentication device (AAD). When the user is authenticated, the biometric device may be preauthorized for the user. When the preauthorized biometric device senses at least one access point, an authorization signal may be provided to the access point. If the preauthorized biometric device is removed from the user, the biometric device is deauthorized, disabling access to access points by the user.
US 20160330217 A1, "Security breach prediction based on emotional analysis", by Gates, teaches detecting and protecting against a security breach on a computing system carried out by insiders. In certain embodiments, protection is provided by a security system that monitors and analyzes user activity, estimates emotional states of users, and determines the likelihood of an attack. Based on the analysis an appropriate security response is initiated.

Any inquiry concerning this communication or earlier communications from the examiner should be directed to HAN YANG whose telephone number is (408)918-7638.  The examiner can normally be reached on Monday to Friday, 9:00-5:00.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Carl Colin can be reached on 571-272-3862.  The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system.  Status information for published applications may be obtained from either Private PAIR or Public PAIR.  Status information for unpublished applications is available through Private PAIR only.  For more information about the PAIR system, see http://pair-direct.uspto.gov. Should you have questions on access to the Private PAIR system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative or access to the automated information system, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.

/HAN YANG/Examiner, Art Unit 2493