DETAILED ACTION

Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .

	This office action is in response to the applicant’s filling of an Amendments/Remarks on 4/18/2022.  The claims 1-5 and 11-20 are pending.

Information Disclosure Statement
	The information disclosure statement (IDS) submitted on 3/25/2022 is in compliance with the provisions of 37 CFR 1.97.  Accordingly, the information disclosure statement is being considered by the examiner.

Response to Arguments
The previous 35 USC 101 rejection for claims 12 and 17-20 has been withdrawn due to Applicant’s amendment. 

Applicant's arguments filed 4/18/2022 have been fully considered but they are not persuasive.

Applicant also argues the collecting step of Jakobsson is performed without a timing sequence as required in the claim.
Examiner respectfully disagrees that the claims requires the collecting step to be perform sequentially after the receiving step.  The claim comprises multiple limitations and the collecting step, under the broadest reasonable interpretation, does not explicitly recite the collecting step as being performed sequentially after the receiving step but could be performed in any order.  However, Jakobsson does indeed disclose the collecting of user contextual data is with a valid implicit authentication associated with the identity authentication information (¶ 0052).

Applicant also argues on page 9 the prior art Jakobsson does not disclose the limitation “collecting behavior characteristic information related to the user in a number of dimensions when the identity authentication information is determined to be valid”.  
Examiner respectfully disagrees.  Jakobsson specifically teaches the behavior measure grader receiving of a user access request 210, with contextual data 235, and a user behavior model 245 at paragraph [0046].  The behavior measure grader collects characteristic information and also calculate behavior measure 255 based on the request 210 and contextual data 235.  Jakobsson further teaches the user access request containing login credentials (¶ 0051) and contextual data submitted with the user access request 210 also includes “recent authentication outcomes and scores” (¶ 0028), which is receive before the behavior measure grader starts collecting current session user characteristic information.  And finally, Jakobsson teaches in addition to collecting contextual data with inconsistent implicit authentication, the collecting of contextual data is also performed with a valid implicit authentication (¶ 0052).  Therefore, based on at least the above sections of Jakobsson, Examiner respectfully maintain the prior art Jakobsson teaches the limitation above.

	The Office Action below has been updated to clarify prior art’s interpretation.

Claim Rejections - 35 USC § 103
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.

Claims 1-5 and 11-20 is/are rejected under 35 U.S.C. 103 as being unpatentable over Jakobsson et al. (US Pub No 2012/0137340) in view of Giard et al. (US Pub No 2013/0054433).

With respect to claim 1, Jakobsson teaches a method for identity authentication, comprising: 
receiving an authentication request transmitted from a client, the authentication request carrying identity authentication information of a user (e.g., receiving user access request  ¶ 0045, Fig. 2 #210, & 3 #300 and user access request including login credentials for resource authentication ¶ 0051); 
collecting behavior characteristic information related to the user in a number of dimensions when the identity authentication information is determined to be valid (e.g., the behavior measure grader receiving of a user access request 210, with contextual data 235, and a user behavior model 245 at ¶ 0046.  The behavior measure grader collects characteristic information and also calculate behavior measure 255 based on the request 210 and contextual data 235.  Jakobsson further teaches the user access request containing login credentials (¶ 0051) and contextual data submitted with the user access request 210 also includes “recent authentication outcomes and scores” ¶ 0028, which is receive before the behavior measure grader starts collecting current session user characteristic information.  And finally, Jakobsson teaches in addition to collecting contextual data with inconsistent implicit authentication, the collecting of contextual data is also performed with a valid implicit authentication ¶ 0052, with the multiple contextual data, or dimensions, being grouped into three classes of data: device data, carrier data, and third-party provider data ¶ 0029-0030); and 
matching and recognizing an identity of the user by comparing the collected behavior characteristic information with original characteristic information in a respective one of the dimensions (e.g., calculates implicit authentication information based on user behavioral measure to derive a binary decision or confidence level ¶ 0051-0053).
Jakobsson discloses receiving user login credentials but does not explicitly disclose authenticating the identity authentication information.  However, Giard teaches authenticating the identity authentication information ((e.g., unknown user may be in possession of user’s password and thereby successfully log into user’s account and able to access secure resources ¶ 0026-0027).  Therefore, based on Jakobsson in view of Giard, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to utilize the teaching of Giard to the system of Jakobsson in order to teach the need for multi-factor identity fingerprinting to authenticate the user when using multiple devices and not simply rely on a password (¶ 0017-0018).
 
With respect to claim 2, Jakobsson further teaches comprising, prior to receiving the authentication request transmitted from the client: receiving login information transmitted from the client and extracting from the login information hardware device information and software description information of the user; collecting operation behavior information of the user on the client via a data collection interface of the client; and determining the hardware device information, software description information and operation behavior information of the user as the original characteristic information (e.g., prior to the authentication request, storing extracted contextual data for future comparison, teaching the original characteristic information, such as device data comprising device’s specific equipped data and software application usage data ¶ 0029-0030 and user behavior data ¶ 0032-0033).

	With respect to claim 3, Jakobsson further teaches wherein said matching and recognizing the identity of the user by comparing the collected behavior characteristic information with the original characteristic information in the respective dimensions comprises: calculating a matching degree between each piece of the collected behavior characteristic information and the original characteristic information in the corresponding dimension; determining the identity of the user to be invalid when the matching degree corresponding to at least one piece of the behavior characteristic information exceeds a specified threshold; and determining the identity of the user to be valid when the matching degree corresponding to none of the behavior characteristic information exceeds the specified threshold (e.g., calculating a user behavior model describing a user’s behavior pattern associating different data types together ¶ 0034 and using degree of identity confidence to determine if the identity of the user is valid or not based on certain threshold ¶ 0033-0035).

With respect to claim 4, Jakobsson further teaches comprising, subsequent to matching and recognizing the identity of the user by comparing the collected behavior characteristic information with the original characteristic information in the respective dimensions: updating the stored original characteristic information and the corresponding specified threshold based on the collected behavior characteristic information and a corresponding result of the matching and recognizing of the identity (e.g., a rule is usually triggered to adjust the user behavior measure either upwards or downwards based on whether the observed event is consistent with the user’s ownership of the device ¶ 0036-0037).

With respect to claim 5, Jakobsson further teaches comprising: receiving a characteristic information modification request transmitted from the client; re-collecting the hardware device information and software description information of the user in response to the characteristic information modification request; and updating the original characteristic information with the re-collected hardware device information and software description information (e.g., triggered event associated with the user device forces a re-collecting and adjusting the contextual data ¶ 0036-0040 and contextual data is taken in a snapshot form or is a continuous trace from the recent past for different types of contextual data including phone number, call type, duration of phone call, location of the phone call, movement of the phone, and identity confidence ¶ 0032-0033).

The limitations of claim 11 and 12 are substantially similar to claim 1 above, and therefore these claims are likewise rejected.

The limitations of claim 13 and 17 are substantially similar to claim 2 above, and therefore these claims are likewise rejected.

The limitations of claim 14 and 18 are substantially similar to claim 3 above, and therefore these claims are likewise rejected.

The limitations of claim 15 and 19 are substantially similar to claim 4 above, and therefore these claims are likewise rejected.

The limitations of claim 16 and 20 are substantially similar to claim 5 above, and therefore these claims are likewise rejected.

Conclusion
THIS ACTION IS MADE FINAL.  Applicant is reminded of the extension of time policy as set forth in 37 CFR 1.136(a).  
A shortened statutory period for reply to this final action is set to expire THREE MONTHS from the mailing date of this action.  In the event a first reply is filed within TWO MONTHS of the mailing date of this final action and the advisory action is not mailed until after the end of the THREE-MONTH shortened statutory period, then the shortened statutory period will expire on the date the advisory action is mailed, and any extension fee pursuant to 37 CFR 1.136(a) will be calculated from the mailing date of the advisory action.  In no event, however, will the statutory period for reply expire later than SIX MONTHS from the mailing date of this final action. 

Any inquiry concerning this communication or earlier communications from the examiner should be directed to CHAU LE whose telephone number is (571)270-7217. The examiner can normally be reached M-F 8:00-5:00.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, CARL COLIN can be reached on (571) 272-3862. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. Visit https://www.uspto.gov/patents/apply/patent-center for more information about Patent Center and https://www.uspto.gov/patents/docx for information about filing in DOCX format. For additional questions, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.




/CHAU LE/Primary Examiner, Art Unit 2493