Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .

Status of the Application
Claims 1-2, 4-10, 13-16, and 18-24 have been examined in this application.
The filling date of this application number recited above is 10 December, 2018. Domestic Benefit / National Stage has been claimed for Provisional Application Number 62/597274 in the Application Data Sheet, therefore the examination will be undertaken in 11 December, 2017 as the priority date for applicable claims.
No additional information disclosure statement (IDS) has been submitted to date.

Claim Rejections - 35 USC § 103
In the event the determination of the status of the application as subject to AIA  35 U.S.C. 102 and 103 (or as subject to pre-AIA  35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status.  
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.

The factual inquiries set forth in Graham v. John Deere Co., 383 U.S. 1, 148 USPQ 459 (1966), that are applied for establishing a background for determining obviousness under 35 U.S.C. 103 are summarized as follows:
1. Determining the scope and contents of the prior art.
2. Ascertaining the differences between the prior art and the claims at issue.
3. Resolving the level of ordinary skill in the pertinent art.
4. Considering objective evidence present in the application indicating obviousness or nonobviousness.

Claims 1-2, 6-10, 13-16, and 18-24 are rejected under 35 U.S.C. 103 as being unpatentable over Briceno et al. (U.S. 2014/0289833), in view of Zhai (U.S. 2016/0021111), and in view of Binns et al. (U.S. 2018/0308099) in further view of Shamai et al. (U.S. 2020/0034807).

As per claims 1, 19, and 20, Briceno teaches a method for approving a first transaction, the first transaction being related to identification information of an individual, the identification information being stored in a memory (See Figure 9 - step 901 "Client device connects to relying party to perform transaction" which is the first transaction as the data analyzed in step 902 is related to the identification information of an individual to authenticate the user. Also see Figure 60 and Figure 61 disclosing components such as memory, processors, etc. comprised in devices to perform the method, and also [0566] disclosing non-transitory computer-readable medium), the method comprising:
receiving a second transaction to provide approval of the first transaction related to the identification information, the second transaction being received after the first transaction related to the identification information is authenticated (See Figure 9 - step 907 as disclosed [0136] "at 907, one or more explicit authentication modalities are implemented");
obtaining secondary identification information of the individual in response to the second transaction being received, … (See Figure 9 - step 907 as disclosed [0136] "at 907, one or more explicit authentication modalities are implemented" wherein examples of explicit authentications as disclosed in the art are: [0014-0016] passwords and biometric methods, [0096-0097] finger swipe or entering PIN to unlock SIM, etc.); 
determining, by a processor, a predetermined process for approving the first transaction related to the identification information (See Figure 9 - step 906 as disclosed [0099] "The end result is that an assurance level that the legitimate user still is in the possession of the device may be sent to the relying party in the authentication response ... In one embodiment, the assurance level is normalized to a value between -100 and 100, where -100 means "almost certain it is not the legitimate user," 0 means "don't know," and 100 means "almost certain that it is the legitimate user."");
initiating communication with the electronic device according to the identifier and the predetermined process (See Figure 5, as disclosed [0117] "Turning to FIG. 5, if the assurance level transmitted to the relying party is acceptable for the current transaction with the user, determined at 501, then the relying party may send a response to the client device indicating a successful authentication" wherein [0107] "Once the assurance calculation module 212 has arrived at a current assurance measurement, it may communicate the measurement to a relying party (a cloud service in one embodiment) established via a secure communication module 213"); and
providing the approval in response to a first predetermined process, that is selected as the predetermined process, being completed, the approval approving execution of the first transaction related to the identification information (Figure 5 - step 502 discloses of sending a response indicating successful authentication, wherein Figure 9 - step 906 discloses of authenticating user, which is obvious that the first transaction (step 901) would be executed by the approval of the authentication from the second transaction (step 907) by the steps disclosed in Figure 9).

Briceno may not explicitly disclose, but Zhai discloses the following:
the secondary identification information being stored in a second memory different than the memory in which the identification information is stored, the secondary identification information including an identifier for an electronic device; and identifying, based on the secondary identification information of the individual, the electronic device (See Figure 7 – “Second Memory 73”, as disclosed [0098] “The second memory 73 is further configured to store security information reported by a terminal device” and [0099] “The security information may include a key, an identity, a preset encryption algorithm, and identification information of one or more applications on the terminal device, where the identity of the terminal device includes an IMEI and/or an IMSI of the terminal device”, which is a different memory from the “First memory 63” shown in Figure 6, to store secondary identification information of the individual, including an International Mobile Equipment Identity (IMEI) or International Mobile Subscriber Identity (IMSI) of the terminal device).
It would have been obvious to one of ordinary skill in the art at the time of the invention to utilize a second memory to store device identifier as in Zhai in the system executing the method of Briceno with the motivation of offering to [0003-0007] protect individual privacy of the user and improve information security as taught by Zhai over that of Briceno.

Briceno may not explicitly disclose, but Binns discloses the following:
wherein, in the determining, the first predetermined process is selected from a plurality of predetermined processes as the predetermined process in response to the secondary identification information of the individual being changed within a predetermined time period (See Figure 3 – step 310 which compares the transaction with a fraud marker, wherein the fraud markers are determined in step 304, by which the fraud marker includes determining a change in information (e.g. intended payee account information) within a defined time frame as disclosed in [0050] “As an example, a fraud marker is based on payee data that includes intended payee information, wherein the fraud marker identifies an activity including performing a transaction benefiting a payee account, wherein multiple payor accounts have, within a defined time frame (e.g., a set amount of time--any suitable amount of time can be defined), changed their intended payee information to include the payee account”, and monitoring the activity in step 308, as disclosed [0061] “Step 308 includes monitoring activity of a payee account and/or a payor account.  For example, such activity can include modifying payee account information, monitoring payors modifying recipient/beneficiary/payee information to contain certain payee information (e.g., many payors add or change a recipient to be a particular payor within a certain time frame)”, by which if the activity does match a fraud marker in step 310 (decision path “Yes”), the process moves onto a first predetermined process of further analysis as disclosed in step 314 and onward), and
in the determining, a second predetermined process is selected from the plurality of predetermined process as the predetermined process in response to the secondary identification information of the individual not being changed within the predetermined time period, the second predetermined process being different than the first predetermined process (See Figure 3 – step 310, by which if the activity does not match a fraud marker (e.g. information was not changed within the predetermined time period), the decision path “No” leads to a second predetermined process, which is to allow the activity in step 312).
It would have been obvious to one of ordinary skill in the art at the time of the invention to utilize transaction being allowed or moved for further analysis based on the information being changed or not within a defined time frame as in Binns in the system executing the method of Briceno with the motivation of offering to [0007] and [0015] “improve the underlying computer network security technology” as taught by Binns over that of Briceno.

Binns may not explicitly disclose, but Shamai discloses the following:
the method further comprises, in response to the first predetermined process being selected and during the communication with the electronic device ([0067] “In some embodiments, the need to use such an additional authentication method may be determine by server 160 according to a fraud expectancy rule that may determine if there is a high probability (e.g., higher than a threshold value) that a fraud act has been performed”):
accessing a camera of the electronic device; and identifying the individual with the camera of the electronic device using a facial recognition process, the first predetermined process including a recognition condition that the individual is identified with the camera using the facial recognition process ([0067] “In such a case a message may be send to the mobile device associate with the user that requires from the user to verify the purchase and further to enter a code known only to the user or additional biometric data” as further disclosed [0041] “In some embodiments, system 100 (e.g., server 160) may further receive from mobile device 20 the biometric data of the customer. For example, the customer can take his/her own picture “a selfie” and/or his/her fingerprint using the mobile device camera or fingerprint reader and send it to at least one server 160” wherein the face recognition process is further disclosed [0044] “For example, if the captured biometric data is a photo of the face of the customer, processing unit 110 or server 160 may perform a face recognition process by extracting landmarks, or features from the photo. A face recognition algorithm may analyze the relative position, size, and/or shape of the eyes, nose, cheekbones, and jaw” and see also [0062] regarding identity score for the biometric data. For additional clarification, see also [0032] “For example, sensor 140 may be any camera at any resolution and any pixel density (e.g., camera, video camera, IR camera or the like) that is configured to take a picture of a person (e.g., the face (for face recognition), half body or full body) or a stream of images (e.g., a video)” and [0045] “In another example, biometric sensor 140 may capture a video recording of the person (e.g., customer) ... For example, the biometric data may include data received from a camera and a microphone”).
It would have been obvious to one of ordinary skill in the art at the time of the invention to utilize the additional biometric data requirement, e.g. requesting facial recognition, based on the fraud expectancy rule, e.g. score above a threshold, as in Shamai in the system executing the method of Binns, wherein Binns discloses of determining a fraud marker, e.g. fraud expectancy rule, to select the first predetermined process, with the motivation of offering to [0001-0004] provide secure and reliable method of additional security element that cannot be stolen, which helps against fraud and theft as taught by Shamai over that of Binns.

As per Claim 2, Briceno discloses the method according to claim 1, wherein the predetermined process includes a timeout period ([0115] "At 401, an explicit authentication event occurs such as a swipe on a fingerprint sensor or the entry of a PIN to unlock the device. A timer may also be started to measure the time which has elapsed from the explicit authentication event" See Figure 4 - step 401), and
the approval that approves execution of the first transaction related to the identification information is provided in response to the predetermined process being completed before expiration of the timeout period (See Figure 4 - step 406 as disclosed [0116] "At 406, the system exits the legitimate user state (e.g., because the timer indicates that a specified amount of time has elapsed)" wherein if the authentication was within the time period, it moves to step 405 indicating authentication was successful).

As per Claim 6, Briceno discloses the method according to claim 1, wherein the secondary identification information is obtained from the identification information to which the first transaction relates (See Figure 9 - step 907 as disclosed [0136] "at 907, one or more explicit authentication modalities are implemented, potentially in combination with one or more non-intrusive authentication modalities" wherein examples of explicit authentications as disclosed in the art are: [0014-0016] passwords and biometric methods such as fingerprint or face recognition, [0096 and 0101] finger swipe or entering PIN to unlock SIM, etc. and additionally the non-intrusive authentication as disclosed [0097] "For example, the biometric gait of the user may be measured using an accelerometer or other type of sensor in combination with software and/or hardware designed to generate a gait "fingerprint" from the user's normal walking pattern").

As per Claim 7, Briceno discloses the method according to claim 6, further comprising:
retrieving the identification information from the memory after the first transaction related to the identification information is authenticated (See Figure 9 - step 903 as disclosed [0136] "At 903, an indication of the needed assurance level gain is received. If non-intrusive authentication techniques are sufficient to meet the assurance level gain, determined at 904, then they are used at 905 to authenticate the user"); and
executing the first transaction related to the identification information, on the identification information stored in the memory (As anticipated by the steps disclosed in Figure 9 the transaction is executed after authentication, wherein as disclosed from [0136] if the determination in step 904 from the first transaction is accepted, then the transaction would be executed).

As per Claim 8, Briceno discloses the method according to claim 1, wherein the electronic device includes a processor and a memory, and the predetermined process includes (Figure 60 discloses of the client device including a processor and memory):
transmitting a message to the electronic device during the communication with the electronic device ([0107] discloses of communication established between the client device and a relaying party (cloud service) as shown in Figure 2, wherein [0107] "The assurance level returned in the authentication operation may be part of a message signed/encrypted by the relying-party-specific authentication key. In addition, as discussed below, the message may also include nonce (e.g., a random challenge) generated by the relying party"); and
receiving an affirmative reply from the electronic device in response to the message ([0389] "the client device identifies the user and generates a token (cryptographic signature) with the transaction details (e.g., the displayed text) and a random challenge provided from the relying party (e.g., the token may be a signature over the transaction details and a nonce) ... In one embodiment, the application 3704 sends the generated token and username to the relying party, which then identifies the user with the username and verifies the token").

As per Claim 9, Briceno discloses the method according to claim 1, wherein the predetermined process includes a location condition that the first transaction related to the identification information of the individual is not initiated from at least one predetermined region ([0180] "In particular, this embodiment includes a location class determination module 1740 for using the current location of the client device 1700, provided by location sensors 1741 (e.g., a GPS device), to identify a current location "class." As discussed in detail below, different location "classes" may be defined comprising known geographical points and/or regions" wherein [0191-0192] "Class 3" is defined as "the client is outside a specified boundary").

As per Claim 10, Briceno discloses the method according to claim 1, wherein the predetermined process includes an identity condition that the individual of the first transaction related to the identification information is not identified in a data breach (As disclosed in [0180 lines 4-10] the location "class" are identified to ensure that the data is not breached, wherein [0187-0188] "Class 1" and/or [0189-0190] "Class 2" would anticipate that the data is not breached since the client is within "a given radius" and/or "specified boundary region", as the prior art discloses [0026] "To try to prevent damage caused by the breach of a user's password, sites that deal with financial transactions employ risk assessment in which various metrics are used to determine if the person initiating the transaction is actually the user that owns the account ... Likewise, if the user lives in the United States but the transaction is initiated in Korea, that location difference would be a warning sign").

As per Claim 13, Briceno discloses the method according to claim 1, wherein a third predetermined process is selected from the plurality of predetermined processes in response to the first transaction being initiated from at least one predetermined region or the individual being identified in a data breach, and the second predetermined process is selected from the plurality of predetermined processes in response to the first transaction not being initiated from the at least one predetermined region and the individual not being identified in the data breach, the second predetermined process being different than the third predetermined process (See Figure 19 - step 1903 as disclosed [0206] "At 1902, one or more location classes (and potentially Boolean combinations of classes) are identified for the current location based on an existing set of policy rules. At 1903, one or more authentication techniques are identified according to the location class(es). For example, if the client device is currently at a location known to be the user's home or office or within a defined radius of another trusted location, then minimal (or no) authentication may be required. By contrast, if the client device is currently at an unknown location and/or a location known to be untrusted, then more rigorous authentication may be required (e.g., biometric authentication such as a fingerprint scan, PIN entry, etc.)" by which the decision block at step 1905 provides different predetermined processes with “Yes” decision leading to permitting the transaction as in step 1906 and “No” decision leading to blocking the transaction as in step 1907).

As per Claim 14, Briceno discloses the method according to claim 1, wherein a third predetermined process is selected from the plurality of predetermined processes in response to a first piece of the secondary identification information of the individual corresponding to a second piece of the secondary identification information of the individual, and the second predetermined process is selected from the plurality of predetermined processes in response to the first piece of the secondary identification information of the individual not g corresponding to the second piece of the secondary identification information of the individual, the second predetermined process being different than the third predetermined process (See Figure 4 - step 404 and step 408, wherein [0116] "By way of example, measurements associated with the gait of the user (collected when in the legitimate user state) may be compared with current gait measurements (collected at 407) and a correlation between the two may be calculated (referred to as the "distance" to the reference data). If an authentication request is received when outside of the legitimate user state, determined at 408, then at 409 the current assurance level is calculated based on the distance to the internal reference data and potentially the time from the explicit authentication event").

As per Claim 15, Briceno discloses the method according to claim 14, wherein the first piece of the secondary identification information of the individual includes the identifier for the electronic device, the second piece of the secondary identification information of the individual includes an address of the individual, and the first piece of the secondary identification information is determined to correspond to the second piece of the secondary identification information in response to a location of the electronic device being within a predetermined distance of the address of the individual ([0343] "By way of example, the sensors 3043 may include location sensors such as GPS sensors to indicate a current location of the user. If the client device 3000 is in an expected location such as the user's work or home, then this increases the likelihood that the user is the legitimate user" wherein the device determining the expected location, such as the user's work or home, can only be determined if the user provided the address as "home" or "work" to be identified, therefore it is obvious that the address information is included).

As per Claim 16, Briceno discloses the method according to claim 1, wherein the secondary identification information of the individual includes the identifier for the electronic device and an address of the individual, the communication with the electronic device includes determining a location of the electronic device, and the predetermined process includes a location condition that the location of the electronic device is within a predetermined distance of the address of the individual ([0097] "In addition, the distance to frequently visited destinations of the legitimate user may be tracked, stored and subsequently used to determine the assurance level. For example, if the user is connecting to a relying party from a location known to be the user's home or office, then the assurance level may be set to a relatively high value, whereas if the device is connecting from an unknown or distant location, then the assurance level may be adjusted to a lower level").

As per Claim 18, Briceno discloses the method according to claim 1, wherein the communication with the electronic device includes obtaining biometric data stored by the electronic device, and the predetermined process includes a biometric condition that the biometric data stored by the electronic device matches data in the secondary identification information of the individual ([0183] "Once the authentication policy engine 1710 selects a set of authentication techniques 1712, the authentication policy engine 1710 may implement the techniques using one or more explicit user authentication devices 1720-1721 and/or non-intrusive authentication techniques 1742-1743 to authenticate the user with a relying party 1750. By way of example, and not limitation, the explicit user authentication 1720-1721 may include ... fingerprint authentication, voice or facial recognition, and retinal scanning").

As per claim 21, Briceno teaches the method according to claim 1, wherein the first predetermined process is automatically rejected without intervention of the individual in response to the communication which is initiated with the electronic device being initiated to a predetermined region ([0229] “In addition, the embodiments of the invention may block a transaction from an unauthorized location, reducing unauthorized access by limiting the location from which users can even attempt authentication” by which the process is automatically rejected by blocking a transaction from an unauthorized location). 

As per claim 22, Briceno teaches the method according to claim 1, wherein the second predetermined process is automatically completed in response to the electronic device, with which the communication is initiated, being within a predetermined distance of a location, the location being determined from the secondary identification information of the individual ([0206] “For example, if the client device is currently at a location known to be the user's home or office or within a defined radius of another trusted location, then minimal (or no) authentication may be required” by which if the location is within a defined radius, then no authentication is required, meaning the process is automatically completed). 

As per claim 23, Briceno with Binns teaches the method according to claim 1, wherein in response to the second predetermined process being selected, the communication is initiated with the electronic device without intervention of the individual (See Figure 3 – step 310, by which if the activity does not match a fraud marker (e.g. information was not changed within the predetermined time period), the decision path “No” leads to a second predetermined process, which is to allow the activity in step 312 which is performed without intervention from the user, and communication would be initiated to allow the activity).
It would have been obvious to one of ordinary skill in the art at the time of the invention to utilize second predetermined process as in Binns in the system executing the method of Briceno, with the motivation of offering to [0007] and [0015] “improve the underlying computer network security technology” as taught by Binns over that of Briceno.

As per claim 24, Briceno teaches the method according to claim 1, wherein the secondary identification information further includes an address of the individual ([0142] “The user picks and specifies one or more locations where he/she usually performs authentication with websites. This may be a region within a predefined miles or specific locations (like office, home, transportation route, etc). These selected locations may be stored locally on the client device” and also [0102] “user-specified location data stored within a user/location data storage device 245”), and in response to the first predetermined process being selected (e.g. authentication process as in Figure 9), the method further comprises, during the communication with the electronic device:
accessing positioning information of the electronic device ([0206] “At 1901 the client's location is identified using one or more available techniques (e.g., GPS, triangulation, peer/network device detection, etc)” and also [0102] “By way of example and not limitation the location sensor 241 may include a GPS device and/or a module for detecting a current access point or cell tower to which the client 200 is connected (which can be used to estimate the device's current location)”); and
determining whether the positioning information of the electronic device is within a predetermined distance of the address of the individual, the first predetermined process further including a location condition that the positioning information is within the predetermined distance of the address ([0206] “At 1902, one or more location classes (and potentially Boolean combinations of classes) are identified for the current location based on an existing set of policy rules. At 1903, one or more authentication techniques are identified according to the location class(es). For example, if the client device is currently at a location known to be the user's home or office or within a defined radius of another trusted location, then minimal (or no) authentication may be required. By contrast, if the client device is currently at an unknown location and/or a location known to be untrusted, then more rigorous authentication may be required” and see also Figure 6, as disclosed [0119] “As mentioned above, one embodiment of the invention calculates a distance from a set of known user locations to determine the assurance level. Referring to FIG. 6, location-based measurements (e.g., such as GPS) may be used to calculate the "distance" function as follows” which further teaches the “regions” and “distance” of the known location and current user location to determine assurance levels accordingly in [0120-0121]).

Claims 4 and 5 are rejected under 35 U.S.C. 103 as being unpatentable over Briceno in view of Zhai in view of Binns in further view of Shamai, and in further view of Bulleit et al. (U.S. 2018/0060496).

As per Claim 4, Briceno may not explicitly disclose, but Bulleit discloses the method according to claim 1, wherein the memory, in which the identification information is stored, comprises a block storage, the second transaction to provide the approval of the first transaction related to the identification information is received from an entity that manages the block storage, the approval is provided to the entity, and the entity executes the first transaction related to the identification information in response to the approval (Figure 2 - step 202 the client system requests access to the blockchain in which the identification information is stored, and the second transaction to provide approval of the request is processed by "value-added certificate authorization system(s) 160" which is the entity that manages the "blockchain system(s) 180" as disclosed in [0079] and step 222, performs verification of received identification information in steps 216 and 218, and executes the transaction (provide access) in response to the verification in step 224).
It would have been obvious to one of ordinary skill in the art at the time of the invention to utilize block storage as in Bulleit in the system executing the method of Briceno with the motivation of offering to [0042] "reduce the cost of managing health information resource (HIR), improve the efficiency of computing resources used in the maintenance and disbursement of medical records, and/or improve the transparency of healthcare records by maintaining immutable records" as taught by Bulleit over that of Briceno.

As per Claim 5, Briceno may not explicitly disclose, but Bulleit discloses the method according to claim 4, wherein the identification information of the individual is stored in a record of the block storage and includes static identification information, and the secondary identification information of the individual includes dynamic identification information (Static information of the identification information disclosed [0067] "Regardless of the mechanism of generating the request, the request may include information such as information about the user (e.g., name, DOB, etc.) of the user" and dynamic information of the secondary identification information disclosed [0071] "This personal identification information of the user 102, as requested, may include, but is not limited to, ... present address, old address(es), e-mail address(es), mobile phone number(s), wireline phone number(s), ... combinations thereof, or the like").
It would have been obvious to one of ordinary skill in the art at the time of the invention to utilize static and dynamic identification information as in Bulleit in the system executing the method of Briceno with the motivation of offering to [0042] "reduce the cost of managing health information resource (HIR), improve the efficiency of computing resources used in the maintenance and disbursement of medical records, and/or improve the transparency of healthcare records by maintaining immutable records" as taught by Bulleit over that of Briceno.

Response to Arguments
Applicant's arguments, see pages 12 to 17, filed 24 March 2022, with respect to 35 U.S.C. 103 rejection have been fully considered but they are not persuasive.
Applicant contends, see page 14, that the referenced prior art BRICENO does not teach the limitation regarding “initiating communication with the electronic device according to the identifier and the predetermined process”. Examiner respectfully disagrees. The Applicant asserts that the limitation is read as “initiated according to a first predetermined process in response to identification information of the individual being changed within a predetermined time period”. This interpretation is much narrower than how the claim limitation is currently presented, as the method recited by the claims are simply “initiating communication … according to the predetermined process”, and does not specifically recite that it is in response to the “first predetermined process” or the “information being changed within a predetermined time period”. The latter steps as recited by the claims merely state that the approval is provided in response to the first predetermined process, which is selected as the predetermined process. Therefore, as recited above under 35 U.S.C. 103 rejection, BRICENO teaches the limitation, as disclosed by Figure 5 and paragraphs [0117] and [0107] which initiates communication with the client device.
Applicant contends, see pages 14 to 15, that it is unclear as to why it would have been obvious to one of ordinary skilled in the art to combine the references BINNS with BRICENO. Examiner respectfully disagrees. The indication of successful authentication is recited to teach the claim limitation “providing the approval in response to a first predetermined process being completed”, which is a response of the authentication process (e.g. predetermined process) as taught by BRICENO. The first predetermined process is the authentication process itself (e.g. see Figure 9), and the “successful authentication indication” is just a response of the authentication process. BINNS teaches further details regarding the authentication process, such as comparing the fraud markers to determine whether further analysis is required for the authentication process, and since the two prior arts are within the same technological field which teaches the steps of authentication, it would have been obvious to one of ordinary skilled in the art to combine the references with the motivation of offering to [0007] and [0015] “improve the underlying computer network security technology” as taught by BINNS over that of BRICENO.
Applicant contends, see pages 15 to 16, that it is unclear as to why it would have been obvious to one of ordinary skilled in the art to combine the references SHAMAI with BINNS. As disclosed above, BINNS discloses of determining a fraud marker, e.g. fraud expectancy rule, to select the first predetermined process, and SHAMAI teaches the additional biometric data requirement, e.g. requesting facial recognition, based on the fraud expectancy rule, e.g. score above a threshold, by which the two prior arts are within the same technological field which teaches the steps of authentication, therefore it would have been obvious to one of ordinary skilled in the art to combine the references with the motivation of offering to[0001-0004] provide secure and reliable method of additional security element that cannot be stolen, which helps against fraud and theft as taught by SHAMAI over that of BINNS.
Applicant contends, see page 16, that the teachings from referenced prior art SHAMAI regarding taking a “selfie” is “fundamentally different than accessing a camera of an electronic device and identifying the individual with the camera of the electronic device using a facial recognition process”. Examiner respectfully disagrees. As disclosed above under 35 U.S.C. 103 rejection, SHAMAI teaches in [0041] and [0044] for the user to take his/her own picture “a selfie” by which the captured biometric data is used for face recognition process. In order for the user to take a selfie, it would be required to access a camera of the device. For further clarification, additional paragraphs have been recited from SHAMAI:
[0032] “For example, sensor 140 may be any camera at any resolution and any pixel density (e.g., camera, video camera, IR camera or the like) that is configured to take a picture of a person (e.g., the face (for face recognition), half body or full body) or a stream of images (e.g., a video)”; and
[0045] “In another example, biometric sensor 140 may capture a video recording of the person (e.g., customer) ... For example, the biometric data may include data received from a camera and a microphone”
which discloses that the prior art already teaches that the device comprises a camera that is accessible to take a picture of the person for face recognition. Additionally, it is noted that from the Applicant’s Specification, there is no further details regarding the limitation “accessing a camera of the electronic device” other than mere recitation of the limitation itself.
	Therefore, the 35 U.S.C. 103 rejection is maintained.

Conclusion
The prior art made of record and not relied upon is considered pertinent to applicant's disclosure:
Larvol (U.S. 2018/0260542) discloses of [0015] requiring a photograph for facial recognition when the risk score exceeds a predetermined threshold.
Avital (U.S. 9,547,763) discloses of requesting face-based authentication if the risk score exceeds a predetermined threshold.
THIS ACTION IS MADE FINAL.  Applicant is reminded of the extension of time policy as set forth in 37 CFR 1.136(a).  
A shortened statutory period for reply to this final action is set to expire THREE MONTHS from the mailing date of this action.  In the event a first reply is filed within TWO MONTHS of the mailing date of this final action and the advisory action is not mailed until after the end of the THREE-MONTH shortened statutory period, then the shortened statutory period will expire on the date the advisory action is mailed, and any extension fee pursuant to 37 CFR 1.136(a) will be calculated from the mailing date of the advisory action.  In no event, however, will the statutory period for reply expire later than SIX MONTHS from the mailing date of this final action. 
Any inquiry concerning this communication or earlier communications from the examiner should be directed to HENRY H JUNG whose telephone number is (571)270-5018.  The examiner can normally be reached on Mon - Fri 8:30 - 4:30.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Christine M Behncke can be reached on 571-272-8103.  The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system.  Status information for published applications may be obtained from either Private PAIR or Public PAIR.  Status information for unpublished applications is available through Private PAIR only.  For more information about the PAIR system, see https://ppair-my.uspto.gov/pair/PrivatePair. Should you have questions on access to the Private PAIR system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative or access to the automated information system, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.






/H.H.J./           Examiner, Art Unit 3697                                                                                                                                                                                            
	
	/CHRISTINE M BEHNCKE/           Supervisory Patent Examiner, Art Unit 3697