Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .

Double Patenting
The nonstatutory double patenting rejection is based on a judicially created doctrine grounded in public policy (a policy reflected in the statute) so as to prevent the unjustified or improper timewise extension of the “right to exclude” granted by a patent and to prevent possible harassment by multiple assignees. A nonstatutory double patenting rejection is appropriate where the conflicting claims are not identical, but at least one examined application claim is not patentably distinct from the reference claim(s) because the examined application claim is either anticipated by, or would have been obvious over, the reference claim(s). See, e.g., In re Berg, 140 F.3d 1428, 46 USPQ2d 1226 (Fed. Cir. 1998); In re Goodman, 11 F.3d 1046, 29 USPQ2d 2010 (Fed. Cir. 1993); In re Longi, 759 F.2d 887, 225 USPQ 645 (Fed. Cir. 1985); In re Van Ornum, 686 F.2d 937, 214 USPQ 761 (CCPA 1982); In re Vogel, 422 F.2d 438, 164 USPQ 619 (CCPA 1970); In re Thorington, 418 F.2d 528, 163 USPQ 644 (CCPA 1969).
A timely filed terminal disclaimer in compliance with 37 CFR 1.321(c) or 1.321(d) may be used to overcome an actual or provisional rejection based on nonstatutory double patenting provided the reference application or patent either is shown to be commonly owned with the examined application, or claims an invention made as a result of activities undertaken within the scope of a joint research agreement. See MPEP § 717.02 for applications subject to examination under the first inventor to file provisions of the AIA  as explained in MPEP § 2159. See MPEP § 2146 et seq. for applications not subject to examination under the first inventor to file provisions of the AIA . A terminal disclaimer must be signed in compliance with 37 CFR 1.321(b). 
The USPTO Internet website contains terminal disclaimer forms which may be used. Please visit www.uspto.gov/patent/patents-forms. The filing date of the application in which the form is filed determines what form (e.g., PTO/SB/25, PTO/SB/26, PTO/AIA /25, or PTO/AIA /26) should be used. A web-based eTerminal Disclaimer may be filled out completely online using web-screens. An eTerminal Disclaimer that meets all requirements is auto-processed and approved immediately upon submission. For more information about eTerminal Disclaimers, refer to www.uspto.gov/patents/process/file/efs/guidance/eTD-info-I.jsp.
Claims 1-20 are rejected on the ground of nonstatutory double patenting as being unpatentable over claims 1-20 of U.S. Patent No. 10,708,776. Although the claims at issue are not identical, they are not patentably distinct from each other because the instant application comprises fewer limitations than the parent case and it would have been obvious to one of ordinary skill in the art before the effective filing date of the invention to remove limitations and the results would be predictable.


Claim Rejections - 35 USC § 103
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.

Claims 1-12, 15-19 is/are rejected under 35 U.S.C. 103 as being unpatentable over Agrafioti (US 2015/0028996) in view of Smith (US 2014/0282945) further in view of Johnson (US 2014/0298421)


Regarding Claim 1,

Agrafioti (US 2015/0028996) teaches a system for authentication using implicit authentication data, the system comprising: 
an authentication platform that includes a remote server comprising one or more computing processors and one or more non-transitory storage media storing computer instructions that, when executed by the one or more computing processors perform: 
obtaining, via one or more communication networks, an authentication request that initiates an implicit authentication process for a transaction involving authentication (Paragraph [0162] teaches transactions requiring authentication, e.g. purchase coffee, transit payments), and wherein the implicit authentication process includes passively authenticating a user based on whether implicit authentication data obtained from a possession factor indicates a calculated likelihood that the user has possession of the possession factor, wherein the possession factor comprises one or more user authentication credentials (Paragraph [0161-0162] teaches a wearable biometric device that passively authenticates the user); 
, via the one or more communication networks, implicit authentication data based on the possession factor, wherein the implicit authentication data includes data relating to one or more activities involving the possession factor and/or a present state of the possession factor indicative of whether the possession factor is currently, or was recently, in possession of the user (Figure 10, 10002, determines whether possession factor is in possession of the user); 

Agrafioti does not explicitly teach using the implicit authentication data from the possession factor to determine a likelihood of possession of the possession factor by the user based on a possession factor continuum of a plurality of authentication requirements for authenticating the user; and implicitly authenticating the user if the likelihood of possession satisfies a possession confidence threshold that enables implicit authentication of the user.
Smith (US 2014/0282945) teaches the user based on a possession factor continuum of a plurality of authentication requirements for authenticating the user; and implicitly authenticating the user if the likelihood of possession satisfies a possession confidence threshold that enables implicit authentication of the user (Paragraph [0076] teaches a continuous authentication confidence module)(Paragraph [0080-0082] teaches the CACM may apply contextual and/or presence evidence supporting that the human authenticated by the device)
It would have been obvious to one of ordinary skill in the art before the effective filing date of the invention do modify Agrafioti with the analysis of Smith

The motivation is to maintain a degree of confidence that the authenticated user is present (Paragraph [0068] of Smith)

Agrafioti and Smith do not explicitly teach 
wherein the authentication request is generated by a service provider, separate from the authentication platform, in response to receipt of an access request from an unauthorized device

Johnson (US 2014/0298421) teaches wherein the authentication request is generated by a service provider, separate from the authentication platform, in response to receipt of an access request from an unauthorized device (Figure 2, primary service 202, separate from authentication platform, generates authentication request)
It would have been obvious to one of ordinary skill in the art before the effective filing date of the invention to modify Agrafioti and Smith with the service provider sending the request as taught by Johnson
The motivation is to protect high value web service providers such as banks (Paragraph [0003])


Regarding Claim 2,

Agrafioti, Smith and Johnson teaches the system of claim 1. Smith teaches further at the authentication platform: if it is determined that the user is not currently or was not recently in possession of the possession factor (Figure 10, 1002), selectively changing from implicit authentication to an express authentication involving user-interactive authentication at the possession factor in which user authentication input interaction with the possession factor is performed to obtain an explicit authentication response from the user (Figure 10, 10006, reset wearable biometric to return to unauthenticated state)(Paragraph [0189] teaches requiring user to authenticate biometric again)

Regarding Claim 3,


Agrafioti, Smith and Johnson teaches the system of claim 1. Smith teaches the system of claim 1, further at the authentication platform: generating a likelihood of possession of the possession factor by the user, wherein the likelihood of possession comprises a probability value or a confidence level indicating a probability or confidence that the possession factor is possessed by the user (Paragraph [0078] teaches generating a likelihood of possession factor), wherein the generating the likelihood of possession includes: (i) selectively parsing, by the authentication platform, determinative data from the implicit authentication data that indicates a likely possession or that indicates a potential lack of possession of the possession factor by the user from the implicit authentication data thereby generating a subset of the implicit authentication data (Paragraph [0078]), (ii) applying one or more analysis techniques or transformation techniques to the subset of the implicit authentication data to determine possession insights relating to the likely possession or the lack of possession of the possession factor (Paragraph [0079-0080]), and (iii) calculating the probability value or the confidence level for the likelihood of possession using the subset of the implicit authentication data and the possession insights (Paragraph [0079-0080] teaches initial confidence level).

Regarding Claim 4,

Agrafioti, Smith and Johnson teaches the system of claim 1. Johnson teaches further at the authentication platform: receiving the authentication request is initialized by a transmission provided midstream of a primary authentication, the transmission indicating that the primary authentication is being performed at a service provider for authenticating the transaction; wherein the primary authentication is: (i) performed independent of the secondary authentication process using the secondary authentication data, and (ii) performed by the service provider (Figure 2, primary authentication is done by service provider 202, 203, which is performed separate from the secondary authentication data 205, 206). Agrafioti teaches secondary authentication may be implicit authentication.

Regarding Claim 5,

Claim 5 is similar in scope to Claim 1 and is rejected for a similar rationale.

Regarding Claims 6-7,

Agrafioti, Smith and Johnson teaches the system of claim 5 . Johnson teaches further comprising: receiving a possession-factor authentication request that triggers an initialization of the secondary authentication based on the possession factor (Figure 2, 310, 215, 230), wherein the possession-factor authentication request comprises an indication that a primary authentication separate from the secondary authentication was performed successfully or is being performed on a basis of authentication data provided expressly by the user (Figure 2, 240, 250, 260) Agrafioti teaches secondary authentication may be implicit authentication.

Regarding Claim 8,

Claim 8 is similar in scope to Claim 3 and is rejected for a similar rationale.

Regarding Claim 9,

Agrafioti, Smith and Johnson teaches the system of claim 5 . Agrafioti teaches further comprising: querying the possession factor for the implicit authentication data and analysis of the implicit authentication data, wherein the analysis provides one or more indications to determine if the possession factor is possessed by the user (Figure 12, 1202, 1204, .

Regarding Claim 10,

Agrafioti, Smith and Johnson teaches the system of claim 9 . Agrafioti teaches wherein: the possession factor comprises a smartphone or a mobile electronic device that includes a mechanism native to an operating system thereof that generates the analysis of the implicit authentication data captured or generated by one or more of device sensors and computing resources of the smartphone or the mobile electronic device (Paragraph [0057] teaches authorized authentication device is a possession factor)(Paragraph [0093] teaches generating analysis of biometric data).

Regarding Claim 11,

Agrafioti, Smith and Johnson teaches the system of claim 5 . Agrafioti teaches wherein the implicit authentication data comprises biometric data, wherein the biometric data comprises: (1) an analysis of or data related to a gait of a user having, at some historical time, possession of the possession factor (Paragraph [0028, 0091] teaches biometric data may be gait), or (2) an analysis of or data related to a fingerprint of a user, wherein the analysis of or the data related to the fingerprint was generated or collected in a historical authentication event that is separate from the implicit authentication.

Regarding Claim 12,

Agrafioti, Smith and Johnson teaches the system of claim 5 . Agrafioti teaches further comprising: identifying, among a plurality of varying authentication requirements, an authentication requirement for a transaction based on a likelihood of possession, the authentication requirement defining (i) a process or one or more actions to prove authority to perform the transaction or (ii) a process or one or more actions to prove an identity of a user attempting to perform a transaction (Paragraph [0155] teaches one ore more actions (i.e. gestural or postural) to prove the identity of the user);
 and identifying authentication requirements based on predetermined possession factor authentication policy set at the possession factor, wherein the predetermined possession factor authentication policy defines the plurality of varying authentication requirements permissible via an attempt to implicitly authenticate the user and dictates one or more conditions for performing each of the plurality of varying authentication requirements (Paragraph [0193-0194] teaches security policy and authentication requirements)

Regarding Claim 15,

Agrafioti, Smith and Johnson teaches the system of claim 5 . Smith teaches further comprising: generating a likelihood of possession of the possession factor by the user, wherein the likelihood of possession comprises a probability value indicating a probability that the possession factor is possessed by the user (Paragraph [0079] teaches a confidence level that the possession factor is possessed by the user), wherein generating a possession confidence level includes: (i) comparing the probability value of the likelihood of possession to a possession factor continuum, the possession factor continuum being defined by a plurality of possession confidence levels provided in an increasing manner or a decreasing manner along the possession factor continuum, and (ii) determining the possession confidence level based on the comparing (Paragraph [0080-0081] teaches providing a decay rate to the data and generate a confidence level based on the decay rate)

Regarding Claims 16-19,

Claims 16-18 are similar in scope to Claims 1-3, 9 and are rejected for a similar rationale.

Claims 13-14, 20  is/are rejected under 35 U.S.C. 103 as being unpatentable over Agrafioti (US 2015/0028996) in view of Smith (US 2014/0282945) further in view of Johnson (US 2014/0298421) further in view of Kursun (US 2015/0035643)


Regarding Claim 13,

Agrafioti, Smith and Johnson teaches the system of claim 5 but do not explicitly teach the remaining limitations
Kursun teaches further comprising: generating a likelihood of possession comprising generating a possession confidence score using the implicit authentication data and transaction request data provided with the authentication request, wherein the transaction request data comprises data exchanged as part of a transaction request initiating the transaction requiring authentication (Paragraph [0090, 0101, 0120] teaches a confidence level)(Paragraph [0110] teaches transaction request data), 
and wherein the data exchanged comprises one or more of an originating service provider, an originating Internet Protocol (IP) address of the transaction request, a time of the transaction request, and details of a primary authentication for the transaction (Paragraph [0110] teaches transaction request data including originating source provider); and using the implicit authentication data and the possession confidence score to determine whether to automatically authenticate the user (Paragraph [0024] teaches automatically authenticating user)
It would have been obvious to one of ordinary skill in the art before the effective filing date of the invention to modify Agrafioti, Smith and Johnson with the method of using  confidence score in transactions as taught in Kursun
The motivation is to protect user privacy in transactions (Paragraph [0036])

Regarding Claim 14,

Agrafioti, Smitha and Johnson teaches the method of claim 13, wherein, based on the implicit authentication data, the authentication requirement comprises one of.

(1) performing automatic authentication of the transaction without intervention at the possession factor by the user (Kursun, Paragraph [0024])), (2) performing user-interactive authentication based on transmitting a push notification to the possession factor, wherein the user-interactive authentication comprises a binary prompt for approval or denial of the transaction by the user, (3) performing additional authentication to verify an identity or authorization of the user attempting to perform the transaction, and (4) automatically denying authentication of the transaction.



Regarding Claim 20,

Claim 20 is similar in scope to Claim 13 and is rejected for a similar rationale.

Conclusion
Any inquiry concerning this communication or earlier communications from the examiner should be directed to HARRIS C WANG whose telephone number is (571)270-1462. The examiner can normally be reached M-F 9:00-5:30.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, LUU PHAM can be reached on 571-270-5002. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. Visit https://www.uspto.gov/patents/apply/patent-center for more information about Patent Center and https://www.uspto.gov/patents/docx for information about filing in DOCX format. For additional questions, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.





/HARRIS C WANG/Primary Examiner, Art Unit 2439