Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .

Continued Examination Under 37 CFR 1.114
A request for continued examination under 37 CFR 1.114, including the fee set forth in 37 CFR 1.17(e), was filed in this application after final rejection.  Since this application is eligible for continued examination under 37 CFR 1.114, and the fee set forth in 37 CFR 1.17(e) has been timely paid, the finality of the previous Office action has been withdrawn pursuant to 37 CFR 1.114.  Applicant's submission filed on 4/25/2022 has been entered.

Response to Amendment
This is in response to the amendments filed on 4/25/2022. Claims 1, 10, 11, and 20 have been amended. Claims 1-20 are currently pending and have been considered below. 

Response to Arguments
Applicant's arguments filed 4/25/2022 have been fully considered but they are not persuasive. On page 8 of Remarks, Applicant contends that Bostick “… does not actually disable access to the protected resource itself, nor does Bostick disable access to all of the protected resources …”. The examiner respectfully disagrees.
As was noted in the Advisory Action mailed 4/15/2022, the examiner referred to Applicant’s Specification as providing differing definitions for what may be intended by “disabling access”. One of such definitions supported that “disabling access” may include obfuscation (see paragraph 74), and thus the examiner adopted said definition in providing the rejection under Bostick. Further, the examiner pointed out that Bostick, at Fig. 5b, step 250, clearly discloses masking confidential information (i.e., “disabling access” of a protected resource) upon an unauthorized secondary user being able to view said information. The examiner then further noted that neither a primary user, or the secondary user, would have “access” to said information during the duration of Fig. 5b, as the information remains masked unless it’s later determined that the secondary user is authorized to view the information within a bendable portion of the display (step 260). 
Applicant then appears to repeat the argument that Bostick doesn’t actually “disable” the information from being viewed by all users (i.e., the primary and secondary users) because of what’s disclosed in steps 256 and 258, however these steps only pertain to the bendable portion of the display, and not the masked information directly. Here, Bostick describes that in response to masking the confidential information in step 250, bend the display in a manner predetermined for the level of confidential information being masked, and then determine if the secondary user can view the bendable portion of the display (step 255). If the secondary user can see the bendable portion then the primary user is alerted and the method proceeds back to Fig. 5a, however none of the confidential information was unmasked during these steps. That is because the confidential information remains masked until at least step 260, where it is determined that the secondary user has authorization to view the bendable portion of the display where the confidential information can later be displayed. Thus, the examiner asserts that Bostick fully teaches “disabling access to all of the protected resources” because in Fig. 5b, the entirety of the confidential information is masked on a main portion of a display, regardless of the user viewing the display. The secondary, bendable portion of the display is then “set” in place to determine whether the confidential information could be safely unmasked there but these steps (252-258) do not ever unmask (“enable”) the information for viewing. 
Applicant’s additional arguments with respect to claim(s) 1 and 11 have been considered but are moot because the new ground of rejection does not rely on any reference applied in the prior rejection of record for any teaching or matter specifically challenged in the argument.

Claim Rejections - 35 USC § 103
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.

Claims 1, 3, 4, 6-11, 13, 14, and 16-20 is/are rejected under 35 U.S.C. 103 as being unpatentable over “Bostick” (US 2016/0132721) in view of “Yamamoto” (US 2021/0239488).

Regarding Claim 1:
Bostick teaches:
An authentication method carried out by at least one computer processor executing computer program code (Fig. 5a), the method comprising: 
providing a computer system including system authentication information that includes biometric data for one or more users (Fig. 4, step 206) and authorization data associated with each of the one or more users (Fig. 4, step 208), the authorization data indicating user rights associated with protected resources (¶0040, “… receives user preferences (step 208), which may include, but is not limited to tolerance range, allowance for other authorized viewers”; ¶0042, “A registered or authorized user may also register or authorize a plurality of secondary users to view at least a portion of confidential content, for example spouses or other family members or members of the same workgroup”); and 
during a computer session (Fig. 5a): 
receiving biometric data from one or more biometric sensors for at least one user (Fig. 5a, step 230); 
authenticating the at least one user if the received biometric data corresponds to system biometric data (Fig. 5a, step 232); 
electronically enabling access to one or more of the protected resources by the at least one authenticated user based on system authorization data associated with the at least one authenticated user (Fig. 5a, step 246 via step 242 “D” determining that a secondary user is not within view of the content), wherein access includes at least one of visual and audio access (Fig. 5a. step 246 - “Display File With Confidential Content Unmasked”); and 
if more than one user is authenticated while the at least one authenticated user has access to the protected resources (Fig. 5a, steps 240 and 242 determine if a secondary user is within range of display of the confidential content via step 246 “E”), determining if any of the authenticated users is unauthorized to access the protected resources while the at least one authenticated user has access to the protected resources (Fig. 5a, step 244) and, if so, disabling access to all of the protected resources for the at least one authenticated user based on the system authorization data associated with the any of the authenticated users unauthorized to access the protected resources (Fig. 5b, step 250 details masking confidential information that a secondary user is unauthorized to view, where the authenticated user previously had access to the confidential information in initial step 246 of Fig. 5a (via path “D”); i.e., upon an authenticated user having access to confidential information, detect the presence of a secondary user, who is within view of the content, and determine whether the secondary user is authorized to view the content. If the user is authorized, the content is continually displayed, otherwise, if unauthorized, the content is masked for all users) … 
Bostick does not disclose:
… wherein disabling access includes disabling interaction to icons associated with the protected resources.
Yamamoto teaches:
… wherein disabling access includes disabling interaction to icons associated with the protected resources (Fig. 4; ¶0036, “FIG. 4 is a view showing an exemplary screen display in a case where operations on the concealment targets are invalid. In the exemplary case shown in FIG. 4, since “Destination”, “Registered Place”, and “Recorded Spot” among the items in the navigation menu are set as the concealment targets, the icons used for operating these items are displayed in gray and any operation thereon is invalid”; ¶0038, “Thus, as to how to deal with the concealment target in the confidential mode, supposed is … (2) invalidation of any operation on the related icon or the like…”; i.e., disable interaction with icons associated with concealment targets when operating within a confidential mode).
	Before the effective filing date of the claimed invention, it would have been obvious to one with ordinary skill in the art to modify Bostick’s system to protect a displayed output by enhancing Bostick’s masking of confidential information to include disabling icons associated with the confidential information, as taught by Yamamoto, in order to prevent an unauthorized user from gleaning any useful knowledge about confidential information that has been masked.
	The motivation is to ensure that masked confidential information remains concealed by further disabling interaction with icons that may be associated with the confidential information, thus preventing an unauthorized user from potentially accessing other sources of information that may help reveal the contents of the masked information.

Regarding Claim 3:
The method of claim 1, wherein Bostick in view of Yamamoto further teaches receiving the biometric data for the at least one user includes continuous monitoring for biometric data (Bostick, Fig. 5a, step 240 is continuously looped back to via path “E” in order to monitor for secondary users; ¶0024, “The camera 104 tracks the presence of other users in a continuous fashion …”).

Regarding Claim 4:
The method of claim 1, wherein Bostick in view of Yamamoto further teaches receiving the biometric data for the at least one user includes real-time monitoring for biometric data (Bostick, Fig. 5a, step 240 is looped back to via path “E” in order to monitor for secondary users in real-time).

Regarding Claim 6:
The method of claim 1, wherein Bostick in view of Yamamoto further teaches authenticating the at least one user is responsive to an event-driven trigger (Bostick, Fig. 5a, step 232 occurs responsive to step 230).

Regarding Claim 7:
The method of claim 6, wherein Bostick in view of Yamamoto further teaches the event-driven trigger includes determining the presence of a new user based on the received biometric data (Bostick, Fig. 5a, step 230 occurs upon a “new” user attempting to authenticate with the content system, as detailed in paragraph 45. Paragraph 46 also outlines when the login of a user is not verified, which also would constitute as a “new” user attempting to access the system) and/or determining the absence of a previously authenticated user based on the received biometric data.

Regarding Claim 8:
The method of claim 1, wherein Bostick in view of Yamamoto further teaches the authenticating includes processing the received biometric data for at least one of voice recognition, face recognition (Bostick, ¶0045, “… a facial picture… of the user…”), eye movement detection, retinal scan, and/or fingerprint, thumbprint, or palm print detection.

Regarding Claim 9:
The method of claim 1, Bostick in view of Yamamoto further comprising: 
if more than one user is authenticated, determining if any of the authenticated users is a newly authenticated user (Bostick, ¶0049, “The confidential content program 67 then searches for the presence of, viewing direction and distance of secondary users (a user other than the user who has logged into the system)…” & ¶0050, “If there is a secondary user within the distance range of the display … the secondary user’s facial image is compared with the repository to determine if the secondary user is authorized or has rights to view the confidential content …”; i.e., detect and authentication a secondary user who has entered the presence of the display (e.g., a “new” user)) and, if so, modifying access to the protected resources based on the system authorization data associated with the newly authenticated user (Bostick, ¶0052, “If the secondary user … is not authorized to view the confidential content … the locations of the confidential content within the file is determined …” & ¶0053, “The determined confidential content within the file is masked based on the confidential content classification of the content (and, in some embodiments, the confidential content authorization of the … secondary user)…”).

Regarding Claim 10:
The method of claim 9, Bostick in view of Yamamoto further teaches further comprising: 
outputting content from the protected resources to at least one display (Bostick, Fig. 5a, step 246); and 
the modifying or disabling access to the protected resources further includes obfuscating or closing at least some of the displayed content on the at least one display (Bostick, ¶0053, “The determined confidential content within the file is masked based on the confidential content classification of the content (and, in some embodiments, the confidential content authorization of the … secondary user)…”).

Regarding Claims 11, 13, 14, and 16-20:
System claims 11, 13, 14, and 16-20 correspond with respective method claims 1, 3, 4, and 6-10 and contain no further limitations. Therefore claims 11, 13, 14, and 16-20 are each rejected by applying the same rationale used to reject claims 1, 3, 4, and 6-10 above, respectively.

Claims 2, 5, 12, and 15 is/are rejected under 35 U.S.C. 103 as being unpatentable over “Bostick” (US 2016/0132721) in view of “Yamamoto” (US 2021/0239488) in further view of “Larson” (US 10,693,872).

Regarding Claim 2:
Bostick in view of Yamamoto teaches:
The method of claim 1, …
Bostick in view of Yamamoto does not disclose:
	… wherein receiving the biometric data for the at least one user includes intermittent monitoring for biometric data.
Larson teaches:
… wherein receiving the biometric data for the at least one user includes intermittent monitoring for biometric data (Col. 20, lines 50-57, “To observe environmental conditions, the AI agents is/are configured to receive, or monitor for, collected data from client systems 105 … The act of monitoring may include … polling (e.g., periodic polling…) … for identity/biometric data for a specified/selected period of time”).
	Before the effective filing date of the claimed invention, it would have been obvious to one with ordinary skill in the art to modify Bostick in view of Yamamoto’s system to protect a displayed output by enhancing Bostick in view of Yamamoto’s user authentication method by implementing periodical polling in accordance with a selected time-driven trigger, as taught by Larson, in order to ensure that the determination process occurs at least on a consistent basis.
	The motivation is to prevent a system for protecting a device’s output from making determinations based on stale environment observation data if no changes have been detected within the environment itself. For example, this may happen when event-triggers are utilized which may only trigger based on specific events that may never occur (or change), and thus the system may never make an updated determination regarding who an authenticated user of a device is. Ensuring a determination is triggered at least on a regular basis ensures a bare-minimum level of security as the detected biometric data would never become stale after a prolonged period of time.


Regarding Claim 5:Bostick in view of Yamamoto teaches:
The method of claim 1, …
Bostik in view of Yamamoto does not disclose:
… wherein authenticating the at least one user is responsive to a clock-driven trigger.
Larson teaches:
… wherein authenticating the at least one user is responsive to a clock-driven trigger (Col. 20, lines 50-57, “To observe environmental conditions, the AI agents is/are configured to receive, or monitor for, collected data from client systems 105 … The act of monitoring may include … polling (e.g., periodic polling…) … for identity/biometric data for a specified/selected period of time”).	
Before the effective filing date of the claimed invention, it would have been obvious to one with ordinary skill in the art to modify Bostick in view of Yamamoto’s system to protect a displayed output by enhancing Bostick in view of Yamamoto’s user authentication method by implementing periodical polling in accordance with a selected time-driven trigger, as taught by Larson, in order to ensure that the determination process occurs at least on a consistent basis.
	The motivation is to prevent a system for protecting a device’s output from making determinations based on stale environment observation data if no changes have been detected within the environment itself. For example, this may happen when event-triggers are utilized which may only trigger based on specific events that may never occur (or change), and thus the system may never make an updated determination regarding who an authenticated user of the device is. Ensuring a determination is triggered at least on a regular basis ensures a bare-minimum level of security as the detected biometric data would never become stale after a prolonged period of time.

Regarding Claims 12 and 15:
System claims 12 and 15 correspond to their respective method claims 2 and 5 and contain no further limitations. Therefore claims 12 and 15 are each rejected by applying the same rationale used to reject claims 2 and 5 above, respectively.

Contact Information
Any inquiry concerning this communication or earlier communications from the examiner should be directed to DANIEL B POTRATZ whose telephone number is (571)270-5329.  The examiner can normally be reached on M-F 10 A.M. - 6 P.M. CST.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.  
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Ashok Patel can be reached on 571-272-3972.  The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system.  Status information for published applications may be obtained from either Private PAIR or Public PAIR.  Status information for unpublished applications is available through Private PAIR only.  For more information about the PAIR system, see http://pair-direct.uspto.gov. Should you have questions on access to the Private PAIR system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative or access to the automated information system, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.




/DANIEL B POTRATZ/Primary Examiner, Art Unit 2491