DETAILED ACTION

Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .

                                      EXAMINER’S AMENDMENT
An examiner’s amendment to the record appears below. Should the changes and/or
additions be unacceptable to Applicant, an amendment may be filed as provided by 37 CFR 1.312.  To ensure consideration of such an amendment, it MUST be submitted no later than the payment of the issue fee.
Authorization for this Examiner’s Amendment was given in a telephone interview with
Applicant’s representative, Jia Zhong (Reg. No.: 71,826) on 3/8/2022.  Jia Zhong has agreed and 
authorized the Examiner to amend claims 2, 5, 10, 13, 18, and 21; cancel claims 23-25.
The application has been amended as follows:

                                                   Claims

2.	(Currently Amended) A method comprising:
storing, by a security chip that is integrated with a computing device,
multiple unique combinations of inputs that are each associated with one of multiple different authorized users of the computing device in the security chip, wherein the security chip 
receiving, by the security chip that is integrated with the computing device, a first input that indicates of a selection of a first physical structure that is integrated with the computing device or that is provided as a peripheral of the computing device;
receiving, by the security chip that is integrated with the computing device, a second input that indicates a proximity of a particular authorized user to a second physical structure that is integrated with the computing device or that is provided as a peripheral of the computing device; and
determining, by the security chip that is integrated with the computing device, and based in part on a combination of the first input and the second input matching a particular combination of inputs that is associated with the particular authorized user, that the particular authorized user is in the proximity to the security chip and the computing device; and
in response to determining the combination of the first input and the second input
matches a particular combination of inputs associated with the particular authorized user and stored in the security chip, granting, by the security chip, access to a resource of the computing device by the particular authorized user,
wherein the security chip authenticates the particular authorized user by using the first input, the second input, and the multiple unique combinations of inputs stored in the security chip; and 
storing each of the multiple unique combination in association with a corresponding cryptographically secure key, wherein each unique combination comprises a plurality of inputs and a particular manner of entering the plurality of inputs; and
allowing an authenticating device to authenticate the particular authorized user using the corresponding cryptographically secure key prior to granting, by the security chip, access to the resource of the computing device by the particular authorized user.

5. (Currently Amended) The method of claim 2, wherein the indication of a proximity to the second physical structure includes detecting motion by a proximity sensor.

10. (Currently Amended) A system comprising:
one or more computers; and
one or more storage devices storing instructions that, when executed by the one or more
computers, cause the one or more computers to perform operations comprising:
storing, by a security chip that is integrated with a computing device,
multiple unique combinations of inputs that are each associated with one of multiple different
authorized users of the computing device in the security chip, wherein the security chip
comprises a silicon chip integral with an integrated circuit, motherboard, central processing unit
(CPU), or other hardware of the computing device;
receiving, by the security chip that is integrated with the computing device, a first input
that indicates of a selection of a first physical structure that is integrated with the computing 
device or that is provided as a peripheral of the computing device;
receiving, by the security chip that is integrated with the computing device, a second
input that indicates a proximity of a particular authorized user to a second physical structure that
is integrated with the computing device or that is provided as a peripheral of the computing
device; and
determining, by the security chip that is integrated with the computing device, and based
in part on a combination of the first input and the second input matching a particular combination

user is in the proximity to the security chip and the computing device; and
in response to determining the combination of the first input and the second input
matches a particular combination of inputs associated with the particular authorized user and
stored in the security chip, granting, by the security chip, access to a resource of the computing
device by the particular authorized user,
wherein the security chip authenticates the particular authorized user by using the first
input, the second input, and the multiple unique combinations of inputs stored in the security
chip; and 
storing each of the multiple unique combination in association with a corresponding cryptographically secure key, wherein each unique combination comprises a plurality of inputs and a particular manner of entering the plurality of inputs; and
allowing an authenticating device to authenticate the particular authorized user using the corresponding cryptographically secure key prior to granting, by the security chip, access to the resource of the computing device by the particular authorized user.

13. (Currently Amended) The system of claim 10, wherein the indication of a proximity to the second physical structure includes detecting motion by a proximity sensor.

18. (Currently Amended) A non-transitory computer-readable storage device encoded with
computer program instructions that, when executed by one or more computers, cause the one or
more computers to perform operations comprising:
storing, by a security chip that is integrated with a computing device, multiple unique 
combinations of inputs that are each associated with one of multiple different authorized users of 
the computing device in the security chip, wherein the security chip comprises a silicon chip 

of the computing device;
receiving, by the security chip that is integrated with the computing device, a first input
that indicates of a selection of a first physical structure that is integrated with the computing
device or that is provided as a peripheral of the computing device;
receiving, by the security chip that is integrated with the computing device, a second
input that indicates a proximity of a particular authorized user to a second physical structure that
is integrated with the computing device or that is provided as a peripheral of the computing
device; and
determining, by the security chip that is integrated with the computing device, and based
in part on a combination of the first input and the second input matching a particular combination
of inputs that is associated with the particular authorized user, that the particular authorized user 
is in the proximity to the security chip and the computing device; and
in response to determining the combination of the first input and the second input
matches a particular combination of inputs associated with the particular authorized user and
stored in the security chip, granting, by the security chip, access to a resource of the computing
device by the particular authorized user,
wherein the security chip authenticates the particular authorized user by using the first
input, the second input, and the multiple unique combinations of inputs stored in the security
chip; and 
storing each of the multiple unique combination in association with a corresponding cryptographically secure key, wherein each unique combination comprises a plurality of inputs and a particular manner of entering the plurality of inputs; and
allowing an authenticating device to authenticate the particular authorized user using the corresponding cryptographically secure key prior to granting, by the security chip, access to the resource of the computing device by the particular authorized user.

21. (Currently Amended) The device of claim 18, wherein the indication of a proximity to the second physical structure includes detecting motion by a proximity sensor.

23. (Canceled)
24. (Canceled)
25. (Canceled)


         Examiner’s Statement of Reasons for Allowance

Claims 2-5, 10-13, 16-17, and 18-21 are allowable.
The following is an Examiner’s statement of reasons for allowance:
A system and method that enable integrated second factor authentication. These techniques and apparatuses enable the improved security of something you have without the accompanying inconvenience or chance of loss. To do so, a secure physical entity is integrated within a computing device. While this provides the something you have without a need to carry a separate object with you, the something you have also must not be able to be accessed remotely. To prevent remote access physical wires are connected from the secure physical entity to physical structures on the computing device. In this way, a hacker or cyber thief cannot convince an authentication system that the cyber attacker does indeed have the something you have because to do so the attacker must be in physical possession of the computing device. 
The closest prior art is Karam et al. (2011/0070864).  Karam discloses multimodal input sequence is used as a unique passkey to gain access to a secure resource. To achieve this functionality, a desired combination of input sequences is defined and stored as a multimodal input sequence corresponding to the security feature or secure resource. When this multimodal input sequence is defined by the manufacturer or provider of the device, it is termed a preset multimodal input sequence. Alternatively, a user may define their own passkey, termed a custom multimodal input sequence. Either the user or the provider/manufacturer may define the passkey in different ways. For instance, one may define the passkey by actually recording a series of inputs via the handheld device, and store the passkey as a recorded multimodal input sequence. Alternatively, one may define the passkey by programming a series of inputs via a user interface, and store the programmed passkey as a programmed multimodal input sequence. In other words, when recording a passkey the user is required to perform the same inputs, i.e. make the same motions, touch the screen correctly, etc., and when programming a passkey the user, for example, simply types a line of computer readable code.  
The prior art of Karam et al. (2011/0070864) does not disclose or suggest, “determining, by the security chip that is integrated with the computing device, and based in part on a combination of the first input and the second input matching a particular combination of inputs that is associated with the particular authorized user, that the particular authorized user is in the proximity to the security chip and the computing device; and in response to determining the combination of the first input and the second input matches a particular combination of inputs associated with the particular authorized user and stored in the security chip, granting, by the security chip, access to a resource of the computing device by the particular authorized user,
wherein the security chip authenticates the particular authorized user by using the first input, the second input, and the multiple unique combinations of inputs stored in the security chip; and allowing an authenticating device to authenticate the particular authorized user using the corresponding cryptographically secure key prior to granting, by the security chip, access to the resource of the computing device by the particular authorized user”.
The closest prior art of Davis et al. (2014/0123253) discloses an operation may be directed at least partially to wherein the incorporating the at least one indication of personal relation into at least one behavioral fingerprint that is associated with the at least one authorized user, the at least one behavioral fingerprint including one or more indicators of utilization of one or more user devices by the at least one authorized user, includes incorporating the at least one indication of personal relation into at least one behavioral fingerprint that is associated with the at least one authorized user, the at least one behavioral fingerprint including one or more indicators of communicating via one or more user devices by the at least one authorized user.
The prior art of Davis et al. (2014/0123253) does not disclose or suggest, “determining, by the security chip that is integrated with the computing device, and based in part on a combination of the first input and the second input matching a particular combination of inputs that is associated with the particular authorized user, that the particular authorized user is in the proximity to the security chip and the computing device; and in response to determining the combination of the first input and the second input matches a particular combination of inputs associated with the particular authorized user and stored in the security chip, granting, by the security chip, access to a resource of the computing device by the particular authorized user,
wherein the security chip authenticates the particular authorized user by using the first input, the second input, and the multiple unique combinations of inputs stored in the security chip; and allowing an authenticating device to authenticate the particular authorized user using the corresponding cryptographically secure key prior to granting, by the security chip, access to the resource of the computing device by the particular authorized user”.
The Non-patent literature of Huang et al. (Title: IC Activation and User Authentication for Security-Sensitive Systems) teaches it is therefore desirable to have such ICs require activation upon use and have that activation be performed by a trusted party. In deployment scenarios with one-time activation (as opposed to every-powerup re-activation), an additional layer of security in the form of user authentication may be required. Both activation and authentication are usually achieved using passwords that are checked against values embedded inside the IC, and those passwords must be device specific to prevent an of ICs than the IP owner has requested. This is a common channel through which illegal copies of an IC enter the market, usually sold at a much lower price.
The Non-patent literature of Huang et al. does not teach or suggest, “determining, by the security chip that is integrated with the computing device, and based in part on a combination of the first input and the second input matching a particular combination of inputs that is associated with the particular authorized user, that the particular authorized user is in the proximity to the security chip and the computing device; and in response to determining the combination of the first input and the second input matches a particular combination of inputs associated with the particular authorized user and stored in the security chip, granting, by the security chip, access to a resource of the computing device by the particular authorized user, wherein the security chip authenticates the particular authorized user by using the first input, the second input, and the multiple unique combinations of inputs stored in the security chip; and allowing an authenticating device to authenticate the particular authorized user using the corresponding cryptographically secure key prior to granting, by the security chip, access to the resource of the computing device by the particular authorized user”.

Any comments considered necessary by applicant must be submitted no later than the payment of the issue fee and, to avoid processing delays, should preferably accompany the issue fee. Such submissions should be clearly labeled "Comments on Statement of Reasons for Allowance."


Conclusion

Any inquiry concerning this communication or earlier communications from the examiner should be directed to JENISE E JACKSON whose telephone number is (571)272-3791. The examiner can normally be reached M-F 8:00am-4:30pm.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Luu T Pham can be reached on (571)270-5002. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: 


  3/9/2020
/J.E.J/Examiner, Art Unit 2439                



/LUU T PHAM/Supervisory Patent Examiner, Art Unit 2439