Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .

Response to Amendment
This is in response to the amendments filed on 11/24/2021. Claims 1, 14, and 18 have been amended. Claims 8-13, 17, and 20 are withdrawn. Claims 1-7, 14-16, 18, and 19 are currently pending and have been considered below. 

Response to Arguments
Applicant’s arguments with respect to claim(s) 1, 14, and 18 have been considered but are moot because the new ground of rejection does not rely on any reference applied in the prior rejection of record for any teaching or matter specifically challenged in the argument.

Claim Rejections - 35 USC § 103
In the event the determination of the status of the application as subject to AIA  35 U.S.C. 102 and 103 (or as subject to pre-AIA  35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status.  
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:


Claim 1-3, 5, 6, 14, 15, 18, and 19 is/are rejected under 35 U.S.C. 103 as being unpatentable over “Cheng” (US 2016/0182503) in view of “Blake” (US 9392460) in further view of “Shelton” (US 10019561).

Regarding Claim 1:
Cheng teaches:
A system for continuous and competitive authentication (Fig. 1; Abstract, “Technology for performing continuous authentication of a mobile device utilizes user activity context data and biometric signature data related to the user”), comprising:
a processor (Fig. 11, element 1112); 
a communication interface (Fig. 11, element 1130); and 
a memory having executable code stored therein (Fig. 11, element 1120 & element 110A), wherein the executable code, when executed by the processor, causes the processor to:
	…
receive active authentication data from a user (Fig. 2 details elements 128 and 130 being received from element(s) 126; Fig. 3, step 310);
detect, based on detecting one or more inconsistencies between the active authentication data from the user with the reference data associated with the user (Fig. 3, step 320; ¶0033, “If a user model is found, the method moves to block 320 and generates a confidence score by comparing the found user model biometric key to the biometric signature 134. At block 322, the method 300 determines a level of access by the access control module based on the confidence score 136”), that a confidence level associated with the user has dropped below a specified threshold (Fig. 10; ¶0039, “Turning back to the example of FIG. 10, where the plot of the score drops dramatically below the threshold, this represents an exemplary security event where a perpetrator may have picked up the user's phone. In this instance the perpetrator's gait would not match a verified signature in enrolled user model 170 and the device would deny the perpetrator access and the device would be "locked."”); and 
based on detecting the confidence level associated with the user has dropped below the specified threshold (¶0039, “… and when the score dips below this threshold, no access is given… Turning back to the example of FIG. 10, where the plot of the score drops dramatically below the threshold, this represents an exemplary security event where a perpetrator may have picked up the user's phone. In this instance the perpetrator's gait would not match a verified signature in enrolled user model 170 and the device would deny the perpetrator access and the device would be "locked””), trigger (¶0021, “In general, the interaction or activity context by the participants with the computing system indicated by the dashed lines between, for example, user 120 and sensing device 126, prompt the user authentication subsystem to perform authentication steps. In the event that a user is not interacting with a device (i.e., the computing system 100 is resting on a table or riding in a car), the sensors 126 would detect this and authentication steps would not be performed”; i.e., when the device is being interacted with (whether by an unauthorized or authorized user, trigger the continuous authentication steps to be carried out by receiving elements 128 and 130 from sensing elements 126) and continuously execute (¶0019, “A user authentication subsystem 110 embodied in the computing system 100 analyzes and interprets the inputs 128, 130, and identifies therefrom the activity context 132 and biometric signature 134 expressed by one or more of the participants 120, 122 over time and in a substantially continuous fashion”; ¶0024, “In any event, the data signals produced by the sensing device(s) 126 provide the activity context inputs 128 and/or the biometric inputs 130 that are analyzed by the user authentication subsystem 110”; i.e., receive two continuous authentication threads - activity context information and biometric inputs in parallel) a first authentication thread (Fig. 1, element 128 - “Activity Context Inputs”) in parallel to a second authentication thread (Fig. 1, element 130 - “Biometric Inputs”), wherein the first authentication thread is a competitive authentication thread (Fig. 1 details how the received Activity Context Inputs are fed into module 112 and then output as Activity Context 132 which is used to select Biometric Signature 134 - ¶0020, “Using the activity context 132, the user authentication subsystem 110 selects a biometric signature 134 of the user 120 or 122, which is passed to the authentication module 116 to generate score 136”; i.e., the examiner interprets the Activity Context Input authentication thread as being “competitive” as it drives the selection to the resultant Biometric Signature 134 ultimately used for authentication of the user).
Cheng does not disclose:
continuously monitor a user by continuously receiving, from multiple channels, historical authentication data and behavior data associated with the user, wherein the multiple channels include website-based communications, app-based communications, and phone-based voice communications, wherein the historical authentication data comprises full or partial authentication data associated with the user, wherein the behavior data comprises actions taken by the user, wherein the actions taken by the user comprise accessing a specific part of a website and accessing specific menu options during a voice communication session;
continuously integrate the historical authentication data and the behavior data as reference data associated with the user;
Blake teaches:
continuously monitor a user (Fig. 5) by continuously receiving, from multiple channels (Fig. 5, element 510, 520, 530, and 540), historical authentication data (Fig. 5, element 510) and behavior data (Fig. 5, elements 530 and 540) associated with the user, wherein the multiple channels include … app-based communications (Col. 10, lines 7-13, “If no change is detected that would be uncharacteristic of the trusted user … then the current User A of mobile device 110A is authenticated as the trusted user associated with the mobile device 110 and messaging application 268 running on mobile device 110A allows the electronic communication session to proceed”)… wherein the historical authentication data comprises full or partial authentication data associated with the user (Col. 9, lines 13-18, “Some or all of the data (measurements) collected by the keypad cadence and pressure monitor 272 over time with respect to the trusted user of mobile device 110 is used to identify keypad cadence and pressure characteristics of the trusted user”), wherein the behavior data comprises actions taken by the user (Fig. 5, element 530 - “Collect Data of When Trusted User’s Mobile Device Is Stationary or Moving During Messaging Sessions” & element 540 - “Collect GPS Coordinates of Trusted User’s Mobile Device over Time”);
continuously integrate the historical authentication data and the behavior data as reference data associated with the user (Fig. 5, element 550; Col. 9, lines 48-57, “In Step 550, the data form one or more of Steps 511-516, 521, 522, 531, and 541 are used to create the trusted user profile 276 associated with the trusted user … which profile 276 is preferably stored in system memory 260 … It is understood that the data form Steps 510-541 may be collected over time to increase the accuracy of the trusted user profile 276”);
Before the effective filing date of the claimed invention, it would have been obvious to one with ordinary skill in the art to modify Cheng’s continuous authentication system by enhancing Cheng’s enrolled user model database to be continuously updated over time by utilizing historical authentication data and behavioral data associated with a user model, as taught by Blake, in order to increase the accuracy of the user model. 
	The motivation is to continuously collect authentication data associated with a user and continuously update a user model using the authentication data in order to increase the accuracy of the user model itself (Blake, Col. 9, lines 52-54) when used as reference data for authentication processes.
Cheng in view of Blake does not disclose:

Shelton teaches:
… wherein the multiple channels include website-based communications (Col. 2, lines 57-63, “One or more activities may take place during a single session. for example, a mobile application account session…”), app-based communications (Col. 2, lines 57-63, “One or more activities may take place during a single session. for example, a mobile application account session…”), and phone-based voice communications (Col. 3, lines 18-21, “… the user may call into the organization using a registered device”), … wherein the actions taken by the user comprise accessing a specific part of a website (Col. 2, lines 57-63, “One or more activities may take place during a single session. for example, a mobile application account session may begin with the user logging in using a username/password, completing several activities, such as checking an account balance, ordering a new credit card, and transferring funds, and ending the session by logging out”) and accessing specific menu options during a voice communication session (Col. 3, lines 28-44, “If voice biometrics are used to verify the identity of the user, an analysis of the user’s speech while interacting with an interactive voice response system (IVR) … may be analyzed … For example, the user may state a command such as “check account balance” … As the user continues to interact with the IVR  … during the session, more data from the natural course of interaction may be collected and analyzed”);

The motivation is to provide continuous authentication of a user but with an increased amount of authentication vectors, such as those derived from web-based, app-based, and voice-based communications, where the vectors are collected in a passive manner via the standard usage of the user’s device (Shelton, Col. 2, lines 41-49). This not only enhances the continuous authentication of the user, but reduces the likelihood the user becomes annoyed at having to maintain additional authentication vectors of data (Shelton, Col. 2, lines 34-37).

Regarding Claim 2:
The system according to claim 1, wherein Cheng in view of Blake in further view of Shelton further teaches the executable code, when executed by the processor, causes the processor to: 
“… generates a confidence score by comparing biometric signature 134 to a stored key in enrolled user model 170”); 
strategically decide on actions to authenticate the user or collect evidence of unauthorized access by the user (Cheng, ¶0039, “Turning back to the example of FIG. 10, where the plot of the score drops dramatically below the threshold, this represents an exemplary security event where a perpetrator may have picked up the user's phone. In this instance the perpetrator's gait would not match a verified signature in enrolled user model 170 and the device would deny the perpetrator access and the device would be "locked."”), wherein the actions comprises acquiring data from each interaction with the user (Fig. 1, element 134; ¶0025, “Biometric signature extractor module includes sub-modules gait 160, arm length 161, blood pressure 162, height 163, breathing rate 164, and pulse 165. These sub-modules process the stream of biometric inputs to then determine a biometric signature 134 of the user”); and 
integrate the data acquired from each interaction with the user (Cheng, ¶0027, “The objective of the authentication module 118 is to decrypt and integrate the signature information, compare it with the user model 170, and generate a confidence value for authentication”).

Regarding Claim 3:
The system according to claim 2, wherein Cheng in view of Blake in further view of Shelton further teaches acquiring data from each interaction with the user is accomplished using a data acquisition pattern (Cheng, Figs. 4A, 4B, and 5 detail 

Regarding Claim 5:
The system according to claim 3, wherein Cheng in view of Blake in further view of Shelton further teaches the actions to authenticate the user further comprises prompting the user to take one or more user actions (Cheng, ¶0021, “In general, the interaction or activity context by the participants with the computing system indicated by the dashed lines between, for example, user 120 and sensing device 126, prompt the user authentication subsystem to perform authentication steps”).

Regarding Claim 6:
The system according to claim 5, wherein Cheng in view of Blake in further view of Shelton further teaches the prompting the user to take one or more user actions comprises one of prompting the user to provide biometric data, answer a question, provide additional authentication information, and provide device or location data (Cheng, ¶0021, “prompt the user authentication subsystem to perform authentication steps”).

Regarding Claims 14, 15, 18, and 19:
.

Claims 4 and 16 is/are rejected under 35 U.S.C. 103 as being unpatentable over “Cheng” (US 2016/0182503) in view of “Blake” (US 9392460) in view of “Shelton” (US 10019561) in further view of “DeLean” (US 2003/0190076).

Regarding Claim 4:
Cheng in view of Blake in further view of Shelton teaches:
The system according to claim 2, …
Cheng in view of Blake in further view of Shelton does not disclose:
… wherein the executable code, when executed by the processor, causes the processor to: 
calculate a mismatch vector associated with a mismatch by comparing the data acquired from each interaction with the user with reference profile data; and 
use the mismatch vector to confirm or eliminate the mismatch. 
DeLean teaches:
… wherein the executable code, when executed by the processor, causes the processor to: 
calculate a mismatch vector associated with a mismatch by comparing the data acquired from each interaction with the user with reference profile data (Fig. 18, step “at a step 1814 the system applies one or more algorithms, discussed in greater detail below, to determine differences between the captured image and a reference image”; Fig. 22 further discloses detecting potential mismatch vectors between different pixel groups in an image and a reference image); and 
use the mismatch vector to confirm or eliminate the mismatch (Fig. 18, step 1818). 
	Before the effective filing date of the claimed invention, it would have been obvious to one with ordinary skill in the art to modify Cheng in view of Blake in further view of Shelton’s continuous authentication system by enhancing Cheng in view of Blake in further view of Shelton’s authentication module to implement a mismatch verification process between an user image model and a reference user image model, as taught by DeLean, in order to eliminate potential false-positive matches from occurring. 
	The motivation is to limit instances of false-positive matches from occurring within an authentication system, thereby increasing the security of the system by eliminating the potential of any unauthorized users being authenticated by the system (DeLean, ¶0002, “… can limit the instance of false positive matches to an arbitrarily low level, so that a user who wants to be recognized can attempt to be recognized as many times as he or she wishes, without fear that an unauthorized user will be permitted entry”)

Regarding Claim 16:
.

Claim 7 is/are rejected under 35 U.S.C. 103 as being unpatentable over “Cheng” (US 2016/0182503) in view of “Blake” (US 9392460) in view of “Shelton” (US 10019561) in further view of “Wang” (US10,505,959).

Regarding Claim 7:
Cheng in view of Blake in further view of Shelton teaches:
The system according to claim 2, …
Cheng in view of Blake in further view of Shelton does not disclose:
… wherein integrating the data acquired from each interaction with the user comprises creating an unauthorized user profile, wherein the executable code, when executed by the processor, causes the processor to cross check data acquired from each interaction with the user with one or more known unauthorized user profiles.
Wang teaches:
… wherein integrating the data acquired from each interaction with the user comprises creating an unauthorized user profile (Abstract, “The reference profile represents historical behavior of the particular entity that is monitored over a prescribed period of time”; Col. 11, lines 4-7, “The reference profile is used as a profile baseline by the behavior profiling and reporting logic 440 to determine if any monitored activities by the profile entity, alone or collectively, denote anomalous behavior”), wherein the “As an illustrative example, an employee in an engineering group accesses a Human Relations (HR) server that she normally does not access. In behavior profiling by the behavior profiling service logic 380, this activity may represent anomalous behavior, but a single access may not cause the behavior profiling and reporting logic 440 to determine that the access constitutes a "suspicious" behavior by the employee. However, where the employee accesses the HR server repeatedly, perhaps coupled with such accesses occurring after normal business hours, the anomalous behavior may denote suspicious behavior by the employee”; i.e., cross check multiple instances of interactions to the reference profile to determine whether anomalous behavior has occurred). 
	Before the effective filing date of the claimed invention, it would have been obvious to one with ordinary skill in the art to modify Cheng in view of Blake in further view of Shelton’s continuous authentication system by enhancing Cheng in view of Blake in further view of Shelton’s enrolled user model database to include a reference model to be used as a baseline for detecting unauthorized behaviors via a cross-checking method, as taught by Wang, in order to accurately detect particular behavior indicating that a malicious attack may be occurring and generating an alert to determine whether the behavior is part of an attack. 
	The motivation is to detect whether activity inputs received in a continuous authentication system not only correspond to an authenticated user, but also correspond to a potential malicious attack being carried out against system by usage of .

Conclusion
Applicant's amendment necessitated the new ground(s) of rejection presented in this Office action.  Accordingly, THIS ACTION IS MADE FINAL.  See MPEP § 706.07(a).  Applicant is reminded of the extension of time policy as set forth in 37 CFR 1.136(a).  
A shortened statutory period for reply to this final action is set to expire THREE MONTHS from the mailing date of this action.  In the event a first reply is filed within TWO MONTHS of the mailing date of this final action and the advisory action is not mailed until after the end of the THREE-MONTH shortened statutory period, then the shortened statutory period will expire on the date the advisory action is mailed, and any extension fee pursuant to 37 CFR 1.136(a) will be calculated from the mailing date of the advisory action.  In no event, however, will the statutory period for reply expire later than SIX MONTHS from the date of this final action. 

Contact Information
Any inquiry concerning this communication or earlier communications from the examiner should be directed to DANIEL B POTRATZ whose telephone number is (571)270-5329.  The examiner can normally be reached on M-F 10 A.M. - 6 P.M. CST.

If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Ashok Patel can be reached on 571-272-3972.  The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system.  Status information for published applications may be obtained from either Private PAIR or Public PAIR.  Status information for unpublished applications is available through Private PAIR only.  For more information about the PAIR system, see http://pair-direct.uspto.gov. Should you have questions on access to the Private PAIR system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative or access to the automated information system, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.




/DANIEL B POTRATZ/Primary Examiner, Art Unit 2491