DETAILED ACTION

Status of the Claims
The following is a Final Office Action in response to amendments and remarks filed 23 March 2022.
Claims 1, 7, 10, 13, and 16 have been amended.
Claims 1-20 are pending and have been examined.
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .

Response to Arguments
Applicants’ argue that the Sampas reference does not acquire the image by photographing; however the Examiner respectfully disagrees.  Here, Sampas discusses the use of camera(s) “Inputs for the computation and other instructions to the application are provided via a touch input panel 32 that may be overlaid on the screen 30. In some implementations, the screen 30 and the touch input panel 32 are integrated, however. Besides the touch input panel 32, there may be alternative input modalities such as a keypad. The arrangement of the keys may be different to fit within the dimensions of the mobile device 14. Along these lines, other input/output devices such as a microphone 34 for receiving audio or voice signals is included, as well as a speaker 36 for outputting audio. For providing visual data to the mobile device 14, there may be an integrated camera 38 comprised of a lens, an imaging sensor, and a dedicated image processor connected to the general purpose data processor 26. The camera 38 may be utilized to capture still images as well as a video stream, the data for which is stored on the memory 28. Additional uses for the camera 38 are contemplated in accordance with various embodiments of the present disclosure, the details of which will be described more fully below (Sampas ¶31)” which are clearly the capturing of not only images/photographs but even live video.  Next, Sampas discusses the ability to also capture images/video from the surroundings “the mobile device can capture a wide variety of data from the surrounding environment, including images, video, audio, GPS coordinates, key presses, function/software interactions, and so forth. The captured images need not be limited to the unauthorized user of the device 14, but other individuals who may be nearby and different environmental visual cues. To the extent the original unauthorized user transfers possession (either intentionally or unintentionally), the mobile device 14 can continue tracking, so long as power is available and no disabling actions are taken (Sampas ¶55).”  Contrary to Applicants’ assertions, the ability to track and receive real-time feedback is, when broadly interpreted, a learned model of security procedures (Sampas ¶16 and ¶59-¶62) which can also be used to ascertain whether a user is potentially under duress.  The Examiner notes that it is the Daly reference that teaches the learned model specifically be artificial intelligence.  In response to applicant's arguments against the references individually, one cannot show nonobviousness by attacking references individually where the rejections are based on combinations of references.  See In re Keller, 642 F.2d 413, 208 USPQ 871 (CCPA 1981); In re Merck & Co., 800 F.2d 1091, 231 USPQ 375 (Fed. Cir. 1986).  The Examiner refers Applicants to the updated rejection below addressing the remaining amendments.  As such the rejection was not withdrawn.  
In response to Applicants’ argument that the Sampas reference is nonanalogous art, it has been held that a prior art reference must either be in the field of applicant’s endeavor or, if not, then be reasonably pertinent to the particular problem with which the applicant was concerned, in order to be relied upon as a basis for rejection of the claimed invention.  See In re Oetiker, 977 F.2d 1443, 24 USPQ2d 1443 (Fed. Cir. 1992).  In this case, Sampas expressly discloses how the site resource for which the user is authenticated for as being an automated teller machine (i.e. a financial service and machine thereof) (Sampas ¶33).  Thus this argument is not persuasive, as Sampas is not only analogous but also in the same field of endeavor.  As such the rejection was not withdrawn.  
In response to Applicants’ argument that the Daly reference is nonanalogous art, it has been held that a prior art reference must either be in the field of applicant’s endeavor or, if not, then be reasonably pertinent to the particular problem with which the applicant was concerned, in order to be relied upon as a basis for rejection of the claimed invention.  See In re Oetiker, 977 F.2d 1443, 24 USPQ2d 1443 (Fed. Cir. 1992).  In this case, Daly expressly discloses how the model is able to learn risks of danger or persons that are a threat, not only authentication as Applicants’ attempt to argue (Daly Col. 12 lines 19-22; Col. 14 lines 15-25 and Col. 19 lines 40-58).  Thus this argument is not persuasive, as Daly is analogous.  As such the rejection was not withdrawn.
In response to arguments in reference to any depending claims that have not been individually addressed, all rejections made towards these dependent claims are maintained due to a lack of reply by the Applicants in regards to distinctly and specifically pointing out the supposed errors in the Examiner's prior office action (37 CFR 1.111). The Examiner asserts that the Applicants only argue that the dependent claims should be allowable because the independent claims are unobvious and patentable over the prior art.

	
Claim Rejections - 35 USC § 103
In the event the determination of the status of the application as subject to AIA  35 U.S.C. 102 and 103 (or as subject to pre-AIA  35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status.  
This application currently names joint inventors. In considering patentability of the claims the examiner presumes that the subject matter of the various claims was commonly owned as of the effective filing date of the claimed invention(s) absent any evidence to the contrary.  Applicant is advised of the obligation under 37 CFR 1.56 to point out the inventor and effective filing dates of each claim that was not commonly owned as of the effective filing date of the later invention in order for the examiner to consider the applicability of 35 U.S.C. 102(b)(2)(C) for any potential 35 U.S.C. 102(a)(2) prior art against the later invention.
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.

The factual inquiries set forth in Graham v. John Deere Co., 383 U.S. 1, 148 USPQ 459 (1966), that are applied for establishing a background for determining obviousness under 35 U.S.C. 103 are summarized as follows:
1. Determining the scope and contents of the prior art.
2. Ascertaining the differences between the prior art and the claims at issue.
3. Resolving the level of ordinary skill in the pertinent art.
4. Considering objective evidence present in the application indicating obviousness or nonobviousness.


Claim(s) 1-8, 10-17, and 19 is/are rejected under 35 U.S.C. 103 as being unpatentable over Sampas (US PG Pub. 2014/0201537) further in view of Daly et al. (US Patent No. 10,089,809).

As per claims 1 and 10, Sampas discloses an electronic device, and method comprising (mobile device, method, authentication server, Sampas ¶16 and Fig. 4): 
a camera (mobile device with front facing camera, Sampas Fig. 4 and ¶24); 
a memory configured to store a learned model to determine whether a user performing authentication for a financial service is in a threat situation (mobile device, smartphone apparatus, Sampas ¶28; memory of mobile device, ¶30; see also deriving pertinent points, ¶41; security procedure and real-time feedback, ¶16); and 
a processor configured to (general purpose data processor 26 executes programmed instructions that are stored in a memory 28, Sampas ¶30): 
perform authentication for the financial service based on biometrics information of the user performing authentication for the financial service (biometrics, sensors, security procedure for authentication Sampas ¶16-¶18 and ¶36-¶39), 
while performing authentication for the financial service, acquire an image by photographing the user performing authentication and a background around the user through the camera (Implementation of other types of biometrics and corresponding biometric readers in the mobile device 14 are also expressly contemplated.  For instance, facial recognition and iris pattern recognition using a forward-facing camera 38 on the front face 56 of the case 50 may be possible.  Additionally, the voice of the user 12 as recorded by the microphone 34 may also be utilized as the first biometric input.  Although the features of the mobile device-based authentication will be described in the context of scanning fingerprints, it will be understood that any such other biometrics may be substituted.  Thus, the user 12 who may not necessarily have intact fingers or clear fingerprints may also utilize the disclosed mobile device-based authentication, Sampas ¶37; The captured images need not be limited to the unauthorized user of the device 14, but other individuals who may be nearby and different environmental visual cues.  To the extent the original unauthorized user transfers possession (either intentionally or unintentionally), the mobile device 14 can continue tracking, so long as power is available and no disabling actions are taken, ¶55; accessing funds from an ATM, ¶8), 
perform authentication for the financial service according to the acquired information (In accordance with step 212, the method continues with transmitting the second set of biometric data to the remote authentication server 68 from the site resource 40.  Now, with both the first set and the second set of biometric data as provided to the mobile device 14 and the site resource 40, respectively, per step 214, the user 12 is authenticated for access to the site resource 40.  More particularly, the first set and second set of biometric data is validated against a pre-enrolled set of biometric data for the user 12.  If the validation fails, rather than step 214, the method includes a step 216 of rejecting the user 12 for access to the site resource, and continues with a step 218 which may include one or more sub-procedures for additional security measures, the details of which will be considered more fully below, Sampas ¶47),
Both the Sampas and the Daly references are analogous in that both are directed towards/concerned with inferring situations and relationships of users.  Sampas discloses the ability to monitor and track user authentication, including image analysis, but does not expressly disclose an artificial intelligent algorithm learned; determine whether the user performing authentication is in a threat situation based on information on an estimated relationship between the user and other users in the background around the user and information on a facial expression of the other users acquired from the image, and perform authentication for the financial service according to the acquired information; wherein the processor applies the learned model comprising the artificial intelligent algorithm to obtain the information on an estimated relationship and the information on a facial expression of the other users, and wherein the learned model is trained to identify a plurality of relationships related to the user using a plurality of pre-stored images related to the user, and based on the other users included in the image being identified, obtain the estimated relationship between the user and the other users from among the plurality of relationships.
However, Daly teaches 
an artificial intelligent algorithm learned; determine whether the user performing authentication is in a threat situation based on information on an estimated relationship between the user and other users in the background around the user and information on a facial expression of the other users acquired from the image (This trust network list may be configurable and may be mined/learned from images on a user's computing devices, social media accounts, and/or visitors' images. Additional data sources such as, for example law enforcement databases (e.g., wanted persons, amber alert systems, persons of interest, etc.) open and available to the public, may also be used to manage the trust network list. The public information may include a list of untrusted people. Trust information that may be provided by the trust network may be portable to one or more various types of devices (e.g., devices of the premise occupant that also may be registered with the trusted network). In one aspect, the contextual information such as, for example, a time of day, location(s), visiting hours at a premise (e.g., assisted living center or hospital), user behavior such as tone of voice, speech analysis, facial expression analysis, or fingerprint data may be used to determine if a visitor is within the acceptable realms of safe behavior and have an assigned level of trust in the trust network. In one aspect, one or more computing devices of each trusted person/source registered with the trust network may also be registered and used as an additional level of authentication, Daly Col. 3 line 63-Col. 4 line 18; artificial intelligence logic, intelligent search algorithms, Col. 4 line 59-Col. 5 line 2), and 
perform authentication for the financial service according to the acquired information; wherein the processor applies the learned model comprising the artificial intelligent algorithm to obtain the information on an estimated relationship and the information on a facial expression of the other users, and wherein the learned model is trained to identify a plurality of relationships related to the user using a plurality of pre-stored images related to the user, and based on the other users included in the image being identified, obtain the estimated relationship between the user and the other users from among the plurality of relationships (Deduce various language specific or agnostic attributes from natural language; 12) High degree of relevant recollection from data points (images, text, voice) (memorization and recall); and/or 13) Predict and sense with situational awareness operations that mimic human cognition based on experiences, Col. 5 lines 18-23; machine learning component includes trust network, social media data, Daly Col. 11 line 56-Col. 12 line 24; determine if visitor is a threat, Col. 12 lines 19-22; Col. 14 lines 15-25; Col. 15 lines 43-53, and Col. 18 lines 47-56, Col. 19 lines 40-58) (Examiner interprets the ability to perform the intelligence logic for a threat determination for an individual as also the capability to determine for a plurality of individuals such as in the background). 
At the time of the effective filing date of the invention, it would have been obvious to a person of ordinary skill in the art to use Daly’s method of artificial intelligence logic in Sampas’ authentication system to improve the system and method with reasonable expectation that this would result in an authentication management system that not only can determine or detect duress, but also capture the images for an emergency situation based upon the inferred relationship.  
The motivation being that there is a need for intelligent security access management (Daly Col. 1 lines 5-24).

As per claims 2 and 11, Sampas and Daly disclose as shown above with respect to claims 1 and 11.  Sampas further discloses wherein the learned model is further configured to determine whether the user is in a threat situation using information on at least one of a movement of the user's eyes, pulse rate, facial color change, facial expression, a place where the user is present (While a failed authentication in response to attempted use by a person other than the rightful user is the most typical use case, there may be some instances where an otherwise authorized user may desire to activate the aforementioned tracking and feedback modalities.  For instance, the authorized user may, under duress, be coerced into providing access to the site resource 40.  Various embodiments of the present disclosure thus contemplate an emergency mode that can surreptitiously activated by an alternative biometric.  An emergency mode may prove useful in hostage situations, blackmail, and so forth.  In the case of a fingerprint reader, inputting the index finger may correspond to normal access, while inputting the ring finger may correspond to emergency mode access.  This emergency biometric data set 116 may also be pre-enrolled with the biometrics enrollment database 80 and associated with the user identifier 84.  In conjunction with or independently of inputting the emergency biometric, it may be possible for the user 12 to follow a surreptitious emergency alarm protocol that utilizes code words that can be spoken or keyed in. This can also be combined with facial recognition.  The distress code may be inputted at the site resource 40.  Utilizing the same fingerprint reader, certain detectable activities such as rotating the finger during scanning, tapping the finger slightly (which may or may not correspond to Morse code), and so on could likewise trigger the emergency mode.  These types of alternative inputs that would otherwise be unknown by an attacker are also contemplated for different biometric reader devices.  For example, in the case of retinal scans, the user may cross eyes for a set period of time such as five seconds, Sampas ¶59-¶60; thermal imaging for surrounding persons, ¶62; see also ¶46).

As per claims 3 and 12, Sampas and Daly disclose as shown above with respect to claims 2 and 12.  Sampas further discloses wherein the learned model is further configured to: receive input of personalized information of the user and common information of a plurality of arbitrary users in relation to the pulse rate, eye movement, facial color change, and facial expression, and determine whether the user is in a threat situation based on the personalized information, the common information, and the information acquired from the image (While a failed authentication in response to attempted use by a person other than the rightful user is the most typical use case, there may be some instances where an otherwise authorized user may desire to activate the aforementioned tracking and feedback modalities.  For instance, the authorized user may, under duress, be coerced into providing access to the site resource 40.  Various embodiments of the present disclosure thus contemplate an emergency mode that can surreptitiously activated by an alternative biometric.  An emergency mode may prove useful in hostage situations, blackmail, and so forth.  In the case of a fingerprint reader, inputting the index finger may correspond to normal access, while inputting the ring finger may correspond to emergency mode access.  This emergency biometric data set 116 may also be pre-enrolled with the biometrics enrollment database 80 and associated with the user identifier 84.  In conjunction with or independently of inputting the emergency biometric, it may be possible for the user 12 to follow a surreptitious emergency alarm protocol that utilizes code words that can be spoken or keyed in. This can also be combined with facial recognition.  The distress code may be inputted at the site resource 40.  Utilizing the same fingerprint reader, certain detectable activities such as rotating the finger during scanning, tapping the finger slightly (which may or may not correspond to Morse code), and so on could likewise trigger the emergency mode.  These types of alternative inputs that would otherwise be unknown by an attacker are also contemplated for different biometric reader devices.  For example, in the case of retinal scans, the user may cross eyes for a set period of time such as five seconds, Sampas ¶59-¶60 thermal imaging for surrounding persons, ¶62; see also ¶46).

As per claims 4 and 13, Sampas and Daly disclose as shown above with respect to claims 1 and 11.  Sampas further discloses wherein the biometrics information comprises at least one of a voice, a face, or a fingerprint of the user (voice of user, facial recognition, Sampas ¶37; fingerprint, ¶36, ¶45-¶46).

As per claims 5 and 14, Sampas and Daly disclose as shown above with respect to claims 1 and 11.  Sampas further discloses wherein the processor is further configured to perform authentication for the financial service using predetermined specific biometrics information  (More particularly, the first set and second set of biometric data is validated against a pre-enrolled set of biometric data for the user 12.  If the validation fails, rather than step 214, the method includes a step 216 of rejecting the user 12 for access to the site resource, and continues with a step 218 which may include one or more sub-procedures for additional security measures, the details of which will be considered more fully below, Sampas ¶47).

As per claims 6 and 15, Sampas and Daly disclose as shown above with respect to claims 5 and 14.  Sampas further discloses wherein the predetermined specific biometrics information comprises biometrics information of a voice of the user, and wherein the learned model is further configured to determine that the user performing the authentication is in a threat situation, based on the authentication for the financial service being performed through the voice of the user (a surreptitious emergency alarm protocol that utilizes code words that can be spoken or keyed in, Sampas ¶59).

As per claims 7 and 16, Sampas and Daly disclose as shown above with respect to claims 5 and 14.  Sampas further discloses wherein the predetermined specific biometrics information comprises biometrics information of a face or a fingerprint of the user, and wherein the learned model is further configured to determine that the user performing the authentication is in a threat situation, based on the user making a specific gesture through the face or making a specific gesture through the finger during recognition of the fingerprint (While a failed authentication in response to attempted use by a person other than the rightful user is the most typical use case, there may be some instances where an otherwise authorized user may desire to activate the aforementioned tracking and feedback modalities.  For instance, the authorized user may, under duress, be coerced into providing access to the site resource 40.  Various embodiments of the present disclosure thus contemplate an emergency mode that can surreptitiously activated by an alternative biometric.  An emergency mode may prove useful in hostage situations, blackmail, and so forth.  In the case of a fingerprint reader, inputting the index finger may correspond to normal access, while inputting the ring finger may correspond to emergency mode access.  This emergency biometric data set 116 may also be pre-enrolled with the biometrics enrollment database 80 and associated with the user identifier 84.  In conjunction with or independently of inputting the emergency biometric, it may be possible for the user 12 to follow a surreptitious emergency alarm protocol that utilizes code words that can be spoken or keyed in. This can also be combined with facial recognition.  The distress code may be inputted at the site resource 40.  Utilizing the same fingerprint reader, certain detectable activities such as rotating the finger during scanning, tapping the finger slightly (which may or may not correspond to Morse code), and so on could likewise trigger the emergency mode.  These types of alternative inputs that would otherwise be unknown by an attacker are also contemplated for different biometric reader devices.  For example, in the case of retinal scans, the user may cross eyes for a set period of time such as five seconds, Sampas ¶59-¶60; thermal imaging for surrounding persons, ¶62; see also ¶46).

As per claims 8 and 17, Sampas and Daly disclose as shown above with respect to claims 1 and 11.  Sampas further discloses wherein the processor is further configured to: based on information indicating that the user is not in a threat situation being acquired from the learned model, perform authentication for the financial service based on the biometrics information, and based on information indicating that the user is in a threat situation being acquired from the learned model, reject the authentication for the financial service or perform fake authentication (reject user access, Sampas ¶17; emergency mode, ¶59-¶61; Various response protocols to user as well as third party duress as indicated through the protection service will be recognized by those having ordinary skill in the art, including denying access, allowing limited access, directing the user to a false access site or false information, and continuing to monitor the user 12, ¶62).

As per claim 19, Sampas and Daly disclose as shown above with respect to claim 10.  Sampas further discloses acquiring information from an external electronic device connected to the electronic device, wherein the acquiring of the information on whether the user performing the authentication is in a threat situation comprises acquiring information on whether the user performing the authentication is in a threat situation from the learned model with the information acquired from the image and the information acquired from the external electronic device as input of the learned model (As an alternative to the integrated biometric reader 48, it is also possible to attach an external variant via an external data communication port 62 typically included with the mobile device 14, Sampas ¶35).


Claims 9, 18, and 20 is/are rejected under 35 U.S.C. 103 as being unpatentable over Sampas (US PG Pub. 2014/0201537) and Daly et al. (US Patent No. 10,089,809), further in view of Rotter et al. (US PG Pub. 2016/0277439).

As per claims 9 and 18, Sampas and Daly disclose as shown above with respect to claims 8 and 17.
The Sampas, Daly, and the Rotter references are analogous in that both are directed towards/concerned with personal security, identity and safety regarding user authentication.  Sampas discloses the ability to monitor and track user authentication, but does not expressly disclose wherein the processor is further configured to: when the fake authentication is performed, provide a user interface (UI) indicating that the financial service is performed normally, and transmit, to a financial company server, a request to lock a transaction account in which the financial service is made.
However, Rotter teaches wherein the processor is further configured to: based on the fake authentication being performed, provide a user interface (UI) indicating that the financial service is performed normally, and transmit, to a financial company server, a request to lock a transaction account in which the financial service is made (automatically lock paired accounts, Rotter Abstract and ¶5; see also ¶118).
At the time of the effective filing date of the invention, it would have been obvious to a person of ordinary skill in the art to use Rotter’s ability to lock accounts from unauthorized access in Daly and Sampas’ authentication system to improve the system and method with reasonable expectation that this would result in an authentication management system that not only can restrict or reject access, but lock accounts as well.  
The motivation being that there is a need to implement measures in order to monitor and defend against unauthorized access of accounts (Rotter ¶2). 

As per claim 20, Sampas and Daly disclose as shown above with respect to claim 10.
The Sampas. Daly, and the Rotter references are analogous in that both are directed towards/concerned with personal security, identity and safety regarding user authentication.  Sampas discloses the ability to monitor and track user authentication, but does not expressly disclose acquiring information from a social network service (SNS), wherein the acquiring information on whether the user performing the authentication is in a threat situation comprises acquiring information on whether the user performing the authentication is in a threat situation from the learned model with the information acquired from the image and the information acquired from the SNS as input of the learned model.
However, Rotter teaches acquiring information from a social network service (SNS), wherein the acquiring information on whether the user performing the authentication is in a threat situation comprises acquiring information on whether the user performing the authentication is in a threat situation from the learned model with the information acquired from the image and the information acquired from the SNS as input of the learned model (social networking accounts, Rotter ¶5, ¶59, and ¶72; see also ¶118). 
At the time of the effective filing date of the invention, it would have been obvious to a person of ordinary skill in the art to use Rotter’s ability to lock accounts from unauthorized access in Daly and Sampas’ authentication system to improve the system and method with reasonable expectation that this would result in an authentication management system that not only can restrict or reject access, but lock accounts as well.  
The motivation being that there is a need to implement measures in order to monitor and defend against unauthorized access of accounts (Rotter ¶2).

Conclusion

THIS ACTION IS MADE FINAL.  Applicant is reminded of the extension of time policy as set forth in 37 CFR 1.136(a).  
A shortened statutory period for reply to this final action is set to expire THREE MONTHS from the mailing date of this action.  In the event a first reply is filed within TWO MONTHS of the mailing date of this final action and the advisory action is not mailed until after the end of the THREE-MONTH shortened statutory period, then the shortened statutory period will expire on the date the advisory action is mailed, and any extension fee pursuant to 37 CFR 1.136(a) will be calculated from the mailing date of the advisory action.  In no event, however, will the statutory period for reply expire later than SIX MONTHS from the mailing date of this final action. 
Any inquiry concerning this communication or earlier communications from the examiner should be directed to ANDREW B WHITAKER whose telephone number is (571)270-7563.  The examiner can normally be reached on M-F, 8am-5pm, EST.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Lynda Jasmin can be reached on (571) 272-6782.  The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system.  Status information for published applications may be obtained from either Private PAIR or Public PAIR.  Status information for unpublished applications is available through Private PAIR only.  For more information about the PAIR system, see http://pair-direct.uspto.gov. Should you have questions on access to the Private PAIR system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative or access to the automated information system, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.


/ANDREW B WHITAKER/Primary Examiner, Art Unit 3629