Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .

Drawings
The drawings are objected to as failing to comply with 37 CFR 1.84(p)(5) because they include the following reference character(s) not mentioned in the description: Fig. 7 reference number 714.  Corrected drawing sheets in compliance with 37 CFR 1.121(d), or amendment to the specification to add the reference character(s) in the description in compliance with 37 CFR 1.121(b) are required in reply to the Office action to avoid abandonment of the application. Any amended replacement drawing sheet should include all of the figures appearing on the immediate prior version of the sheet, even if only one figure is being amended. Each drawing sheet submitted after the filing date of an application must be labeled in the top margin as either “Replacement Sheet” or “New Sheet” pursuant to 37 CFR 1.121(d). If the changes are not accepted by the examiner, the applicant will be notified and informed of any required corrective action in the next Office action. The objection to the drawings will not be held in abeyance.

Claim Objections
Claims 38, and 39 objected to because of the following informalities:  There is no claim 37, claim 38 should be renumbered to claim 37 and claim 39 renumbered to claim 38.  Appropriate correction is required.
Claims 9, 11, 14, 28, 30, and 33 objected to because of the following informalities:  These claims recite acronyms without spelling out what they mean on at least the first occurrence/recitation of the acronym.  Appropriate correction is required.
Claim 20 is objected to because of the following informalities: This claim recites “A computer system for authorizing a user ……. the method comprising”. It should be corrected to recite “A computer system for authorizing a user  ……. the system comprising”. Appropriate correction is required. 

Claim Rejections - 35 USC § 112
The following is a quotation of 35 U.S.C. 112(b):
(b)  CONCLUSION.—The specification shall conclude with one or more claims particularly pointing out and distinctly claiming the subject matter which the inventor or a joint inventor regards as the invention.


The following is a quotation of 35 U.S.C. 112 (pre-AIA ), second paragraph:
The specification shall conclude with one or more claims particularly pointing out and distinctly claiming the subject matter which the applicant regards as his invention.


Claims 1, 4, 5, 20, 23, and 24 are rejected under 35 U.S.C. 112(b) or 35 U.S.C. 112 (pre-AIA ), second paragraph, as being indefinite for failing to particularly point out and distinctly claim the subject matter which the inventor or a joint inventor (or for applications subject to pre-AIA  35 U.S.C. 112, the applicant), regards as the invention. The claims recite the limitation “acceptable”. The word acceptable is a relative term and therefore it renders the claims indefinite. For the purpose of examination, this limitation is interpreted  as “above a threshold”.
Claims 1, 8, 20, and 27 rejected under 35 U.S.C. 112(b) or 35 U.S.C. 112 (pre-AIA ), second paragraph, as being indefinite for failing to particularly point out and distinctly claim the subject matter which the inventor or a joint inventor (or for applications subject to pre-AIA  35 U.S.C. 112, the applicant), regards as the invention. These claims recite the limitation “can be used to…” it is not clear whether the recited “use” is or is not part of claimed features. For the purpose of examination this limitation is interpreted as “is used to”. 
Claim 12 is rejected under 35 U.S.C. 112(b) or 35 U.S.C. 112 (pre-AIA ), second paragraph, because the claim depends on itself and It is not clear what claim it depends on. For the purpose of examination, it is interpreted to depend on claim 11, similar to how claim 31 depends on claim 30.  

Claim Rejections - 35 USC § 103
In the event the determination of the status of the application as subject to AIA  35 U.S.C. 102 and 103 (or as subject to pre-AIA  35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status.  
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.

Claims 1-6, 9-12, 16-19, 20-25, 28-32, 35, 36, 38, and 39 are rejected under 35 U.S.C. 103 as being unpatentable over BAR (US-20170289168-A1) in view of LERNER (US-20180365388-A1), hereinafter BAR-LERNER.
Regarding claim 1, BAR teaches “A method for authorizing a user for controlling access permissions to a service, the method comprising: receiving at least one of behavioral data relating to at least one user and/or contextual data relating to the service; ([BAR, ABSTRACT] “Aspects of the technology described herein provide a mechanism for controlling access to secure computing resources based on inferred user authentication. A current user may be authenticated and access to secure computing resources permitted based on a determined probability that the current user is a legitimate user associated with the secure computing resource. Legitimacy of the current user may be inferred based on a comparison of user-related activity of the current user to a persona model, which may comprise behavior patterns, rules, or other information for identifying a legitimate user. If it is determined that the current user is likely legitimate, then access to secure information may be permitted.”) ([BAR, para. 0061] “In one embodiment, the information in a persona model comprises one or more patterns of user-behavior for a legitimate user, related contextual information associated with the legitimate user”) ……… generating a likelihood value, indicating the likelihood the first digital key access request is a valid request based on at least one of current user behavioral data and current contextual data; ([BAR, para. 0004] “Based on the comparison, an authenticity confidence score for the current user may be computed based on a statistical similarity to the persona model of the legitimate user. The authenticity confidence score (authenticity score) may be monitored in an ongoing manner by an application or service, such as a personal digital assistant application or may be checked as needed, such as when the current user attempts to access secure data, applications, or services.”) authenticating the user for access when the current user likelihood value is determined to be acceptable; ([BAR, para. 0119] “At step 445, the authentication confidence score is evaluated to determine whether it indicates the current user is legitimate. Embodiments of step 445 evaluate the authentication score to determine a degree of legitimacy for the current user. In an embodiment of step 445, the authentication score is compared against a threshold corresponding to a sufficient confidence of legitimacy. If the threshold is satisfied, then the current user is determined to be legitimate, but if the threshold is not satisfied, then the current user is determined to be illegitimate. The threshold may be pre-determined and may be specified by the legitimate user, such as a in a setting or preference, or may correspond to the particular secure computing resource (from step 430) that the current user is attempting to access. In some embodiments, different thresholds may exist for different secure computing resources, enabling some such resources to be accessed with a lower confidence of legitimacy and other resources to require very high confidence of legitimacy. Some embodiments of step 445 may be carried out by an authenticity verification component or routine, such as authenticity verification 290 of system 200, described in connection to FIG. 2.”) and generating a permissions data structure, wherein the permissions data structure can be used to control access to the service. ([BAR, para. 0156] “if the determined authentication confidence score does not indicate that the current user is likely to be the legitimate user, then restricting, by the credentials manager, access to the secure computing resource”) ([BAR, para. 0016] “When it is determined that the current user likely is not the legitimate user or there is uncertainty (i.e. not enough confidence) that the current user is the legitimate user, a user-verification procedure may be initiated and/or access to the legitimate user's sensitive information, such as user passwords, accounts, configuration settings, applications, or services (which may include purchases or transactions), may be restricted or limited. For example, in an embodiment, when the authenticity score is not high enough (indicating a lack of confidence about the user's legitimacy) for the user to access a particular computing resource or carryout a particular activity, such as posting a message on social media (which could be an abuse carried out by an illegitimate user, such as posting malicious content, spam (advertising) or similar unauthorized content. On the other hand, if the authenticity score indicates that the current user is likely legitimate, then access to sensitive information, secure applications, services, or computing resources may be provided, and/or the user persona model may be updated based on monitored user-related activity of the current user. In some embodiments, a successful outcome of the user-verification procedure may be used for updating the statistical likelihood that the current user is legitimate (i.e., answering a question correctly may boost the authenticity score).”).
However, BAR does not teach “receiving, from a user, a first digital key access request; receiving at least one of current user behavioral data from the user and/or current contextual data at a time corresponding to the first digital key access request;”.
In analogous teaching, LERNER teaches “receiving, from a user, a first digital key access request; receiving at least one of current user behavioral data from the user and/or current contextual data at a time corresponding to the first digital key access request;” ([LERNER, para. 0035] “the content provider 122 may be configured to provide access or use credentials to the user device 102 which already has content 124 stored. For example, the content 124 may be pre-loaded on the user device 102 which requires a digital rights management key to access. The content provider 122 may provide this key to a trusted user device 102, allowing the user 104 to consume the content 124.”) ([LERNER, claim 6] “The method of claim 2, further comprising: receiving a digital key request for a digital key to access the first content;”) ([LERNER, para. 0019] “The trust provider may acquire context data about the user device. The context data describes the environment or setting in which the user device exists. The context data may include one or more of the geographic location, relative location, detected adjacent devices, calendar data, user input, and so forth. For example, the context data may comprise the geographic location of the user device and the presence of other user devices. Based at least in part on this context data, the trust provider may provide an invitation to the user device. Upon acceptance of the invitation, the trust server establishes a device-content provider trust relationship between the user device and the content provider. Once established, the user device or a network storage location accessible to the user device may be configured to accept content from the now trustworthy content provider.”).
Thus, given the teaching of LERNER, it would have been obvious to one of ordinary skill in the
art before the effective filling date of the claimed invention to combine the teaching of a digital key access request as taught by LERNER into the teaching of a method for authorizing a user for controlling access permissions as taught by BAR. One of ordinary skill in the art would have been motivated to do so because LERNER recognizes the need to improve user experience and access to content ([LERNER, para. 0022] “The systems and methods described herein may be configured to improve the user experience and access to content”).

Regarding claim 20, this claim recites a computer system comprising a processor and storing computer readable instructions corresponding to the features of claim 1. Therefore, claim 20 is rejected in a similar manner as in the rejection of claim 1. 

Regarding claim 2 and 21, BAR-LERNER teaches all limitations of claims 1 and 20.  BAR further teaches “further comprising calculating a threshold of the likelihood any digital key access request for the service is from an authorized user by applying an algorithm to the at least one of behavioral data and/or contextual data includes calculating a threshold and wherein the authenticating the user for access when the current user likelihood value is determined to be acceptable comprises authenticating the user for access when the current user likelihood value is above the threshold.” ([BAR, para. 0118] “At step 430, an indication is received of a request to access a secure computing resource. As described previously, a secure computing resource may comprise sensitive information about the legitimate user”) ([BAR, para. 0065] “Persona models generator 260, or its subcomponents, such as persona model determiner 266, may determine a set of likely user patterns associated with the legitimate user that may be used to identify the legitimate user. In particular, one or more inference algorithms may be applied to the legitimate user-related information to determine the set of likely user activity patterns. For example, patterns may be determined based on similar instances of observation of user activity or associated contextual information, which may be referred to as “in-common features” of legitimate user-related information.”) ([BAR, para. 0119] “At step 445, the authentication confidence score is evaluated to determine whether it indicates the current user is legitimate. Embodiments of step 445 evaluate the authentication score to determine a degree of legitimacy for the current user. In an embodiment of step 445, the authentication score is compared against a threshold corresponding to a sufficient confidence of legitimacy. If the threshold is satisfied, then the current user is determined to be legitimate, but if the threshold is not satisfied, then the current user is determined to be illegitimate. The threshold may be pre-determined and may be specified by the legitimate user, such as a in a setting or preference, or may correspond to the particular secure computing resource (from step 430) that the current user is attempting to access. In some embodiments, different thresholds may exist for different secure computing resources, enabling some such resources to be accessed with a lower confidence of legitimacy and other resources to require very high confidence of legitimacy. Some embodiments of step 445 may be carried out by an authenticity verification component or routine, such as authenticity verification 290 of system 200, described in connection to FIG. 2.”) ([BAR, para. 0005] “In one aspect, when the authenticity score indicates a current user may not be the legitimate user, such as when the authenticity score falls below a certain threshold”).
However, BAR does not teach “digital key access request”. In analogous teaching LERNER teaches “digital key access request” ([LERNER, para. 0035] “the content provider 122 may be configured to provide access or use credentials to the user device 102 which already has content 124 stored. For example, the content 124 may be pre-loaded on the user device 102 which requires a digital rights management key to access. The content provider 122 may provide this key to a trusted user device 102, allowing the user 104 to consume the content 124.”) ([LERNER, claim 6] “The method of claim 2, further comprising: receiving a digital key request for a digital key to access the first content;”)
The same motivation to modify BAR with LERNER as in the rejection of claim 1 applies.

Regarding claims 3 and 22, BAR-LERNER teaches all limitations of claims 1 and 20. BAR further teaches “wherein the permissions data structure specifies a scope of permissions for user access to the service.” ([BAR, para. 0016] “When it is determined that the current user likely is not the legitimate user or there is uncertainty (i.e. not enough confidence) that the current user is the legitimate user, a user-verification procedure may be initiated and/or access to the legitimate user's sensitive information, such as user passwords, accounts, configuration settings, applications, or services (which may include purchases or transactions), may be restricted or limited. For example, in an embodiment, when the authenticity score is not high enough (indicating a lack of confidence about the user's legitimacy) for the user to access a particular computing resource or carryout a particular activity, such as posting a message on social media (which could be an abuse carried out by an illegitimate user, such as posting malicious content, spam (advertising) or similar unauthorized content. On the other hand, if the authenticity score indicates that the current user is likely legitimate, then access to sensitive information, secure applications, services, or computing resources may be provided, and/or the user persona model may be updated based on monitored user-related activity of the current user. In some embodiments, a successful outcome of the user-verification procedure may be used for updating the statistical likelihood that the current user is legitimate (i.e., answering a question correctly may boost the authenticity score).”).

Regarding claim 4 and 23, BAR-LERNER teaches all limitations of claims 1 and 20. BAR further teaches “further comprising requesting a secondary authentication method of the user when the likelihood value is determined to be not acceptable.” ([BAR, para. 0005] “In one aspect, when the authenticity score indicates a current user may not be the legitimate user, such as when the authenticity score falls below a certain threshold, the user may be presented with a dynamic security challenge to validate legitimacy of the current user. The security challenges may be generated and evaluated using the personal digital assistant application (or other application or computer service), which may also manage access to the user's secure information. In one respect, the dynamic security challenge comprises interrogating the current user, which may include generating one or more question-answer pairs and presenting the question(s) to the user. The question-answer pairs may be based on information derived from monitored recent user activity or persona model of the legitimate user.”).


Regarding claims 5 and 24, BAR-LERNER teaches all limitations of claims 1 and 20. BAR further teaches “wherein the scope of permissions is a default scope of permissions when the likelihood value is determined to be not acceptable.” ([BAR, para. 0108] “In some embodiments, the weighting or ceiling may be pre-determined, such as a default security setting (or settings), so that access to the more sensitive information or more secure applications and service (e.g., banking/financial services, posting to social media, etc.) are restricted. Further, in some embodiments, the weighting or ceiling level(s) can be set or modified according to user settings or preferences, which may be modified only when the authenticity score is sufficiently high enough, in some embodiments (indicating high confidence that the current user is legitimate).”).


Regarding claim 6 and 25, BAR-LERNER teaches all limitations of claims 1 and 20. BAR further teaches “further comprising: receiving repeated behavior and/or contextual data over time, including when accessing the service; updating the method for generating a likelihood value using the data.” ([BAR, para. 0079] “In some instances, the pattern-confidence weighting may be reflected in the person a model and considered when evaluating legitimacy of a current user against a persona model when determining the authenticity score. For example, in some embodiments, a minimum pattern-confidence weight may be needed before using a particular activity pattern is used for evaluating against activity of a current user. Nevertheless, user-related activity still may be monitored and activity-related patterns updated based on additional activity observations, since the additional observations of may increase the pattern-confidence for a particular pattern.”) ([BAR, para. 0098] “This may prompt a legitimate user to either modify their behavior (or remind them that if they continue, they will need to satisfy a security challenge or otherwise increase their authenticity score) or consider updating their persona model, which may be updated automatically to consider the new behavior, in some embodiments, where the authenticity score is sufficiently high.”) ([BAR, para. 0060] “Continuing with system 200 of FIG. 2, persona models generator 260 is generally responsible for generating (or updating) a persona model corresponding to a legitimate user. A persona model comprises a set of information about a legitimate user (or users) that may be used to determine a confidence value about the legitimacy of a current user”) ([BAR, para. 0061] “the information in a persona model comprises one or more patterns of user-behavior for a legitimate user, related contextual information associated with the legitimate user (such as locations, communication networks, environmental features, or other contextual data described herein), for instance, a geographic location frequently associated with the legitimate user at a certain time of day, such as at night (i.e., the location of the legitimate user's home) or during the weekday (i.e., the location of the user's work); these frequented locations are sometimes referred to as hubs.”). ([BAR, para. 0051] “In some embodiments, the user activity-related features may be interpreted to determine user-related activity has occurred. For example, in some embodiments, activity detector 282 employs user-related activity event logic, which may include rules, conditions, associations, classification models, or other criteria to identify user-related activity. For example, in one embodiment, user-related activity event logic may include comparing user-related activity criteria with the user data in order to determine that an activity-related event has occurred. The activity event logic can take many different forms depending on the mechanism used to identify an activity-related event. For example, the user-related activity event logic could be training data used to train a neural network that is used to evaluate user data to determine when an activity event has occurred. The activity event logic may comprise fuzzy logic, neural network, finite state machine, support vector machine, logistic regression, clustering, or machine learning techniques, similar statistical classification processes or, combinations of these to identify activity events from user data.”)


Regarding claim 9 and 28, BAR-LERNER teaches all limitations of claims 1 and 20. BAR further teaches “wherein one or more of the following machine learning algorithms is used; decision tree, regression, neural network, time series, clustering, outlier detection, ensemble model, factor analysis, naive Bayes formulation, support vector machine, linear regression, logistic regression, kNN, k-Means, random forest, dimensionality reduction, gradient boosting, apriori, nearest neighbor, attention layers, generative adversarial networks, and teacher-student curriculum learning.” ([BAR, para. 0051] “For example, the user-related activity event logic could be training data used to train a neural network that is used to evaluate user data to determine when an activity event has occurred. The activity event logic may comprise fuzzy logic, neural network, finite state machine, support vector machine, logistic regression, clustering, or machine learning techniques, similar statistical classification processes or, combinations of these to identify activity events from user data.”).


Regarding claims 10 and 29, BAR-LERNER teaches all limitations of claims 1 and 20. BAR further teaches “wherein the user data includes, for each access to the service, one or more of: user location data, a date and/or time, a weekday, a direction of approach to a service access location, a barometer reading, an accelerometer reading, a microphone reading, wireless frequencies and communications of user device, recent physical activity levels, recent user actions on the user device, results of user gait  analysis, recent user location, orientation of the user device, a lock state of the user device, a lock time of the user device and/or a lock duration of the user device.” (BAR, para. 0021] “Accordingly, as will be further described, in one embodiment, user-related activity of a legitimate user is monitored to determine a user persona model for the legitimate user. The user-related activity may include user interactions with one or more user devices associated with the legitimate user, and other information detected by the user device(s) or in the cloud, such as user activity associated with applications, services, or online accounts of the legitimate user. By way of example and not limitation, this may include user device location-information, such as geographical location, venue, time spent at a location, frequented locations, patterns or sequences of locations visited; network connection(s), such as familiar the wireless network(s) a user device is connected to or detects”) ([BAR, para. 0139] “The computing device of embodiment 1, wherein the user-related activity information of the legitimate user used for determining the persona model comprises information detected via the computing device including one or more of a geographical location, a venue, a communication network, browsing history, application-usage history, or calling history.”).

Regarding claims 11 and 30, BAR-LERNER teaches all limitations of claims 4 and 23. BAR further teaches “wherein the secondary authentication method includes, a least one of requesting a fingerprint, requesting a password or pin, facial identification, user speech identification, requesting user location information, requesting a hardware token, requesting a response by SMS, NFC communication with a user device, requesting badge information, requesting SSO history information, retina identification, requesting EKG information of the user, user weight, user height and/or a secret knowledge challenge.” ([BAR, para. 0144] “The computing device of any of embodiments 1-6, wherein the determined authentication confidence score does not indicate that the current user is likely to be the legitimate user, and wherein the computer instructions are further configured to: generate a security challenge based on the persona model corresponding to the legitimate user”) ([BAR, para. 0145] “The computing device of any of embodiments 1-7, wherein the security challenge comprises one or a biometric challenge, requesting a password, a static security question, or two-factor authentication procedure.”).

Regarding claims 12 and 31, BAR-LERNER teaches all limitations of claims 11 and 30. BAR further teaches “wherein a combination of multiple secondary authentication methods is used to authenticate identity.” ([BAR, para. 0126] “In some embodiments, the security challenge may comprise a plurality of questions and/or challenges provided to the current user. Embodiment of step 550 may be carried out by a security challenge generator 294 or authentication verification 290, as described in system 200 in connection to FIG. 2.”) ([BAR, para. 0089] “It is also contemplated that a security challenge may request the user to provide biometric information or conventional passwords. RSA token, Captcha, multifactor authentication, a code from an internal site or admin user, Microsoft Passport or Windows Hello, or other identifying information, in some embodiments (or that security challenges may be a mix of this and temporal or dynamic challenges described above).”).


Regarding claims 16 and 35, BAR-LERNER teaches all limitations of claims 5 and 24. BAR further teaches “wherein the default scope of permissions is based on at least one of site policy, system configuration and/or operator preference.” ([BAR, para. 0024] “In embodiments, the threshold may be pre-determined by the user, application, or service, and may vary according to the sensitivity level of information or services being accessed. For instance, accessing email may require a lower threshold than accessing a mobile banking application.”) ([BAR, para. 0119] “The threshold may be pre-determined and may be specified by the legitimate user, such as a in a setting or preference, or may correspond to the particular secure computing resource (from step 430) that the current user is attempting to access. In some embodiments, different thresholds may exist for different secure computing resources, enabling some such resources to be accessed with a lower confidence of legitimacy and other resources to require very high confidence of legitimacy. Some embodiments of step 445 may be carried out by an authenticity verification component or routine, such as authenticity verification 290 of system 200, described in connection to FIG. 2.”).

Regarding claims 17 and 36, BAR-LERNER teaches all limitations of claims 1 and 20. BAR further teaches “wherein elements of the at least one of behavioral data for at least one user and/or contextual data relating to the service is selected based on at least one of site policy, system configuration and/or operator preference.” ([BAR, para. 0083] “In some embodiments, an authenticity score may be determined based on a combination or one or more of: user-related activity or behavior pattern analysis; …………. In some embodiments, the contribution or input of each of these towards determine the authenticity score may be specified in the user settings or preferences 243, in persona model logic 230”) ([BAR, para. 0101] “User settings or preferences 243 generally includes user settings or preferences associated with user-related activity monitoring; determining persona models (which may include information to be included or excluded from a persona model): determining authenticity scores (which may include settings specifying information to be considered when computing an authentication score), which may include permission for using information for designated third-party applications or services and/or weighting to be applied to this information; settings or preferences regarding generating, presenting, and/or evaluating security challenges; or other options associated with functions of the embodiments described herein. In some embodiments, user settings or preferences 243 may include user preferences about specific user-related activities (and related information) that the user desires be explicitly monitored or not monitored or categories of activities to be monitored or not monitored, crowdsourcing preferences, such as whether to use crowd sourced information, or whether the user's activity pattern information may be shared as crowdsourcing data; settings regarding thresholds; and/or notification preferences, for example. Furthermore, as described herein, user settings or preferences 243 may also specify thresholds or minimum authenticity scores (or a minimum degree of confidence about the legitimacy of a current user) for accessing certain classes of sensitive information or other secure computing resources.”).

Regarding claims 18 and 38, BAR-LERNER teaches all limitations of claims 4 and 23. BAR further teaches “wherein the secondary mode of authentication is selected based on at least one of site policy, system configuration and/or operator preference.” ([BAR, para. 0126] “In some embodiments, the security challenge may be determined (and in some instances, evaluated) using persona model logic 230, by the first secure computing resource, and/or may be specified by a system administrator.”) ([BAR, para. 0077] “Additionally, persona model logic 230 may include logic used for generating security challenges, such as specific types or categories of questions: logic specifying the criteria of legitimate user-related information to be used (e.g. the recency, type, category, such as user interactions, recent venues visited, browsing or app history, or the like); conditions for when to provide more than one security challenge or for monitoring user behavior concurrent with a security challenge (e.g., if the security challenge asks the user about recent calls and the user checks his or her call log, then a new security challenge should be provided); logic specifying how the authenticity score will be recomputed or updated based on correct or incorrect responses form the user, following a challenge, which may include whether to offer a second security challenge following an incorrect response; logic specifying types of security challenges to be presented and answered correctly in order to raise the authenticity score or in order to be granted access to various levels of sensitive information or secure applications and services;”).

Regarding claims 19 and 39, BAR-LERNER teaches all limitations of claims 1 and 20. Furthermore, this claim recites features similar to those recited in claim 17 therefore claims 19 and 39 are rejected in a similar manner as in the rejection of claim 17. 

Claims 7 and 26 are rejected under 35 U.S.C. 103 as being unpatentable over BAR-LERNER in view of JAKOBSSON (US-20110016534-A1).
Regarding claims 7 and 26, BAR-LERNER teaches all limitations of claims 1 and 20. However, BAR-LERNER does not teach “wherein the behavioral data is for a group of users that are similar demographically to the user.” 
In analogous teaching, JAKOBSSON teaches “wherein the behavioral data is for a group of users that are similar demographically to the user.” ([JAKOBSSON, para. 0007] “the system determines a user behavior score based on a user behavior model and recent contextual data, wherein the user behavior score facilitates identifying a level of consistency between one or more recent user events and a past user behavior pattern …... the system provides the user behavior score to an access controller of the controlled resource, thereby making an authentication decision derived from the user behavior score for the user to access the controlled resource based at least on the user behavior score.”) ([JAKOBSSON, para. 0027] “In some embodiments, the system derives the user behavior model from a second model of a group of users sharing similar characteristics.”).
Thus, given the teaching of JAKOBSSON, it would have been obvious to one of ordinary skill in the art before the effective filling date of the claimed invention to combine the teaching of behavioral data comprising user demographic as taught by JAKOBSSON into the teaching of a method for authorizing a user for controlling access permissions as taught by BAR-LERNER. One of ordinary skill in the art would have been motivated to do so because JAKOBSSON recognizes the need to improve user authentication ([JAKOBSSON, para. 0048] “in accordance with the present invention increase the degree of security when the level of usability remains the same as conventional systems. The systems can use the implicit authentication decision to authenticate the user to access the controlled resource.”) ([JAKOBSSON, para. 0042] “Embodiments of the present invention provide a method for implicitly authenticating a user to access a controlled resource without the need for entering passwords or answering any authentication questions.”) 

Claims 8, 13, 27 and 32 are rejected under 35 U.S.C. 103 as being unpatentable over BAR-LERNER in view of SUBRAMANYA (US-20170034152-A1), hereinafter BAR-LERNER-SUBRAMANYA.
Regarding claims 8 and 27, BAR-LERNER teaches all limitations of claim 1 and 20. However, BAR-LERNER only teaches of providing scope of permissions of applications and services. Therefore, BAR-LERNER does not teach “wherein the service is use of a machine, and the scope of permissions specifies features of the machine that can be used by the user.”
In analogous teaching SUBRAMANYA teaches “wherein the service is use of a machine, and the scope of permissions specifies features of the machine that can be used by the user.” ([SUBRAMANYA, para. 0013] “The method may include receiving scope information for configuring the access to the plurality of resources. The method may include determining, based on the scope of information, a scope of authentication for the user to access the plurality of resources. The scope of authentication may indicate a set of resources of the plurality of resources for which the user is denied access at the client device.”) ([SUBRAMANYA, para. 0014] “Yet in some embodiments, scope of information indicates a set of permitted resources for which the user is permitted access at the client device.”)
Thus, given the teaching of SUBRAMANYA, it would have been obvious to one of ordinary skill in the art before the effective filling date of the claimed invention to combine the teaching of scope of permission of the machine used by a user as taught by SUBRAMANYA into the teaching of a method for authorizing a user for controlling access permissions as taught by BAR-LERNER. One of ordinary skill in the art would have been motivated to do so because SUBRAMANYA recognizes the need to improve access security to prevent unwanted users from gaining access to sensitive resources. ([SUBRAMANYA, para. 0031] “The capability to configure access to resources when providing credential information provides greater security for access management by preventing other users from gaining access to sensitive resources and/or applications on a shared computer.”) ([SUBRAMANYA, para. 0011] “Enabling a user to restrict access to resources provides a user with greater control over access such that the user can determine at run-time the resources to restrict or permit depending on the users who may be accessing a client for the SSO session. The capability to configure access to resources when providing SSO credential information further improves access security by preventing other users from gaining access to sensitive resources and/or applications.”).

Regarding claim 13 and 32, BAR-LERNER-SUBRAMANYA teach all limitations of claim 8. BAR further teaches “wherein the contextual data includes state data of the machine relating to at least one of, usage history of the machine, work schedule of the machine, damage to the machine, safe operations rules for the machine, maintenance state and schedule of the machine, odometer data of the machine and/or current or recent location of the machine.” ([BAR, para. 0021] “Accordingly, as will be further described, in one embodiment, user-related activity of a legitimate user is monitored …… this may include user device location-information”)

Claims 14, 15, 33 and 34 are rejected under 35 U.S.C. 103 as being unpatentable over BAR-LERNER-SUBRAMANYA in view of FRENCH (US-6321339-B1), hereinafter BAR-LERNER-SUBRAMANYA-FRENCH.
Regarding claims 14 and 33, BAR-LERNER-SUBRAMANYA teach all limitations of claim 8. However, BAR-LERNER-SUBRAMANYA does not teach “contextual data includes external context data including data relating to at least one of, a SSO history for the machine, Electronic Logging Device (ELD) data for the machine, operator work schedule, operator login history, data indicating a relationship of the operator to other operators, operator checklist data, work order data, vacation schedule data, sick leave data, holiday schedule data, operator certification/licensing and/or data indicating legal limits on usage of the machine.”.
In analogous teaching, FRENCH teaches “contextual data includes external context data including data relating to at least one of, a SSO history for the machine, Electronic Logging Device (ELD) data for the machine, operator work schedule, operator login history, data indicating a relationship of the operator to other operators, operator checklist data, work order data, vacation schedule data, sick leave data, holiday schedule data, operator certification/licensing and/or data indicating legal limits on usage of the machine.” ([FRENCH, Col. 1 lines 55-59] “An important aspect of the process of issuing the digital certificate is confirming the identity of network users. Various systems exist that perform some level of user authentication. These systems generally require a user to provide certain basic identification information, such as name, date of birth, social security number, address, telephone number and sometimes driver's license information.”) ([FRENCH, Col. 18 lines 51-60] “FIG. 18 illustrates an example authentication carried out according to authentication process 10 of the invention. In general, as illustrated in that figure, the user presents name, social security number, date of birth, email and mailing address information, followed by home telephone number and driver's license data. That information is accepted and processed through preprocessing step 26 and first level authentication step 32, after which it is determined that the data are consistent and merit proceeding to second level authentication step 40.”) [Examiner’s note: operator licensing is regarded here as a driver’s license.]
Thus, given the teaching of FRENCH, it would have been obvious to one of ordinary skill in the art before the effective filling date of the claimed invention to combine the teaching of contextual data consisting of operator license as taught by FRENCH into the teaching of a method for authorizing a user for controlling access permissions as taught by BAR-LERNER-SUBRAMANYA. One of ordinary skill in the art would have been motivated to do so because FRENCH recognizes the need for an improved method of authentication. ([FRENCH, Col. 2 lines 57-65] “A greater level of security could conceivably be attained by automatically performing a thorough authentication process for every transaction. However, this approach incurs unnecessary costs or resources in cases where only a lower level of certainty is needed. The invention avoids this drawback by enabling different levels of authentication to be performed based on the level of security desired, reducing costs and unnecessary use of system resources.”).

Regarding claims 15 and 34, BAR-LERNER-SUBRAMANYA-FRENCH teaches all limitations of claims 14 and 33. FRENCH further teaches “wherein the contextual data includes operator certification/licensing data that is retrieved in real time from a registration database.” ([FRENCH, col, 12 lines 54-60] “FIG. 1 is a flowchart illustrating the overall authentication process according to the invention. Authentication process 10 starts at step 12. The authentication process 10 prompts a user for first level information at step 14. Again, the first type of information is preferably wallet-type information, that is, information such as name, address, driver's license or other information commonly carried on the person.”) ([FRENCH, Col. 13 lines 56-67] “During processing of any user-input driver's license information in the first level authentication step 32 (but preferably not in preprocessing step 26), any further checks against the driver's license database may be preferably implemented, for example, using the commercially available ChoicePoint drivers license database. Information from that external database is generally derived from official department of motor vehicle records or insurance claims information, the content of which may vary by state of issue. Step 54 assigns values and priorities to each response input by the user. Information that is of greater significance may be assigned a higher value or priority.”).
The same motivation to modify BAR-LERNER-SUBRAMANYA with FRENCH as in the rejection of claim 14 applies. 


The prior art made of record and not relied upon is considered pertinent to applicant’s
disclosure.
LEE (US-20170227995-A1) teaches of a method and system capable of implicitly authenticating users based on information gathered from one or more sensors, which may be located in one or more devices, and an authentication model trained via a machine learning technique. Data is collected, manipulated, and assessed with the authentication model in order to determine if the user is authentic.

Conclusion
Any inquiry concerning this communication or earlier communications from the examiner should be directed to AFAQ ALI whose telephone number is (571)272-1571. The examiner can normally be reached Mon - Fri 7:30am - 5:30pm EST.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Kambiz Zand can be reached on (571)272-3811. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. Visit https://www.uspto.gov/patents/apply/patent-center for more information about Patent Center and https://www.uspto.gov/patents/docx for information about filing in DOCX format. For additional questions, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.




/AFAQ ALI/Examiner, Art Unit 2434       

/NOURA ZOUBAIR/Primary Examiner, Art Unit 2434