Notice of Pre-AIA  or AIA  Status
The present application is being examined under the pre-AIA  first to invent provisions. 

Response to Amendment
This is in response to the amendments filed on 5/24/2022 Claims 47 and 101 have been amended. Claims 47-65, 68-78, and 101 are currently pending and have been considered below. Amendments to claim 101 have addressed and rectified the Examiner’s objections made in the previous office action. 

Response to Arguments
Applicant's arguments filed 5/24/2022 have been fully considered but they are not persuasive. On page 10 of Remarks, Applicant contends that, “none of the prior art appears to utilize a security server that includes two or more output devices”. The examiner respectfully disagrees.
In rejecting the previously recited “security management server”, the examiner referred to element 200 of Figure 6 of Farino. This element discloses a “Unified Access Control Server” which, by virtue of being a server device connected to at least one remote device, comprised of “at least one input and output device”. By virtue of Applicant’s amendment, the “security management server” now requires “at least one input device and at lest two output devices”, which is not specifically disclosed by element 200 of Figure 6. Instead, the examiner refers to element 800 of Figure 8, which is a separate embodiment that incorporates the previous element 200 of Figure 6 with “Frame / Packet Network Infrastructure Device” as an “Integrated UACS / NID 300”. Col. 15, lines 34-38 further disclose that, “… the unified access control server is integrated and consolidated with one or several network infrastructure devices (i.e., routers, switches, wireless access points) as depicted by block 300”, which discloses that element 300 contains at least two or more “output devices” (i.e., routers, switches, wireless access points). 
Thus, the examiner asserts that Farino discloses the present amendment, and therefore the rejection is sustained in view of the above citations and updated further below. 

Double Patenting
The nonstatutory double patenting rejection is based on a judicially created doctrine grounded in public policy (a policy reflected in the statute) so as to prevent the unjustified or improper timewise extension of the “right to exclude” granted by a patent and to prevent possible harassment by multiple assignees. A nonstatutory double patenting rejection is appropriate where the conflicting claims are not identical, but at least one examined application claim is not patentably distinct from the reference claim(s) because the examined application claim is either anticipated by, or would have been obvious over, the reference claim(s). See, e.g., In re Berg, 140 F.3d 1428, 46 USPQ2d 1226 (Fed. Cir. 1998); In re Goodman, 11 F.3d 1046, 29 USPQ2d 2010 (Fed. Cir. 1993); In re Longi, 759 F.2d 887, 225 USPQ 645 (Fed. Cir. 1985); In re Van Ornum, 686 F.2d 937, 214 USPQ 761 (CCPA 1982); In re Vogel, 422 F.2d 438, 164 USPQ 619 (CCPA 1970); In re Thorington, 418 F.2d 528, 163 USPQ 644 (CCPA 1969).
A timely filed terminal disclaimer in compliance with 37 CFR 1.321(c) or 1.321(d) may be used to overcome an actual or provisional rejection based on nonstatutory double patenting provided the reference application or patent either is shown to be commonly owned with the examined application, or claims an invention made as a result of activities undertaken within the scope of a joint research agreement. See MPEP § 717.02 for applications subject to examination under the first inventor to file provisions of the AIA  as explained in MPEP § 2159. See MPEP § 2146 et seq. for applications not subject to examination under the first inventor to file provisions of the AIA . A terminal disclaimer must be signed in compliance with 37 CFR 1.321(b). 
The USPTO Internet website contains terminal disclaimer forms which may be used. Please visit www.uspto.gov/patent/patents-forms. The filing date of the application in which the form is filed determines what form (e.g., PTO/SB/25, PTO/SB/26, PTO/AIA /25, or PTO/AIA /26) should be used. A web-based eTerminal Disclaimer may be filled out completely online using web-screens. An eTerminal Disclaimer that meets all requirements is auto-processed and approved immediately upon submission. For more information about eTerminal Disclaimers, refer to www.uspto.gov/patents/process/file/efs/guidance/eTD-info-I.jsp.
Claims 47-50, 53, 55, 68, 70, and 71 are rejected on the ground of nonstatutory double patenting as being unpatentable over respective claims 1, 4, 9, 10, 13, 17, and 18 of U.S. Patent No. 9,400,881. Although the claims at issue are not identical, they are not patentably distinct from each other because the instant claims overlap in scope of the respective claims of the ‘881 patent.
Claim 101 is rejected on the ground of nonstatutory double patenting as being unpatentable over claim 1 of U.S. Patent No. 9,400,881 in view of “Niida” (US 5402521). Claim 1 of the ‘881 discloses all aspects of claim 101 of the instant application besides for the recitations, “wherein the security management server is configured to perform artificial intelligence (AI) processes that attempt to emulate the decision making abilities of a human expect using knowledge (facts) and inference procedures (rules), said AI processes comprising one or more of neural networking, data clumping, and associative discovery; and
wherein and security management server is further configured to perform a trending/prediction reporting process in cooperation with said AI processes to generate trending and/or prediction reporting”. However, in an analogous art, Niida discloses, “wherein the security management server is configured to perform artificial intelligence (AI) processes (Abstract - “… The method of the present invention particularly can be applied to a control system requiring the recognition of abnormal conditions such as a control system for the operation of a … security apparatus…”); Fig. 14) that attempt to emulate the decision making abilities of a human expect using knowledge (facts) (Claim 1 - “inputting a plurality of sets of dynamic input trend data indicating normal operating conditions of said object system …” & “inputting a plurality of sets of output data indicating normal output results of said object system …”) and inference procedures (rules) (Col. 2, lines 47-57, “The neural network in this specification means a multi-layered artificial neural network technique … Then, this technique exists in a process system where non-linear multi-dimensional parameter turning can be processed while every set of data always satisfies the predetermined relation of the causes and effects”; Claim 1 - “determining if the difference is output said deviation range indicating an abnormal real-time condition”), said AI processes comprising one or more of neural networking (Col. 2, lines 15-17, “… a method for recognition of normal and abnormal conditions can be performed with at least one neural network”), data clumping, and associative discovery; and
	wherein and security management server is further configured to perform a trending/prediction reporting process in cooperation with said AI processes to generate trending and/or prediction reporting (Col. 2, lines 41-46, “That is, unknown patterns in the output data, which are different from the trend patterns of the normal conditions, are recognized in the present invention as an abnormal condition while trend patterns that follow the normal condition are recognized as a normal condition”)”.
	At the time of the invention it would have been obvious to one with ordinary skill in the art to modify the unified physical and network access control system disclosed by claim 1 of the ‘881 patent by enhancing the patent’s security management server to perform artificial intelligence processes in order to generate trending reporting, as taught by Niida, in order to recognize normal and abnormal operating conditions within the access control system.
	The motivation is to offer flexible methods of real time recognition of normal and abnormal operating conditions of a security apparatus by implementing neural network based processes that output trend data patterns that follow normal and abnormal conditions.

Claim Rejections - 35 USC § 102
The following is a quotation of the appropriate paragraphs of pre-AIA  35 U.S.C. 102 that form the basis for the rejections under this section made in this Office action:
A person shall be entitled to a patent unless –

(e) the invention was described in (1) an application for patent, published under section 122(b), by another filed in the United States before the invention by the applicant for patent or (2) a patent granted on an application for patent by another filed in the United States before the invention by the applicant for patent, except that an international application filed under the treaty defined in section 351(a) shall have the effects for purposes of this subsection of an application filed in the United States only if the international application designated the United States and was published under Article 21(2) of such treaty in the English language.

Claims 47-61, 68, and 70-76 are rejected under pre-AIA  35 U.S.C. 102(e) as being anticipated by “Farino” (US 7437755).

Regarding Claim 47:
A converged physical and logical security management system (Figure 6) comprising: 
a security management server (Figure 8, element 300) including at least one microprocessor and at least one input device and at least two output devices (Figure 8, element 300 integrates element 200 and a Frame / Packet Network Infrastructure Device; Col. 15, lines 34-38, “… the unified access control server is integrated and consolidated with … several network infrastructure devices (i.e., routers, switches, wireless access points) as depicted by block 300”); 
the security management server capable of storing data in a data store and retrieving data from said data store (Col. 10, lines 51-52, "... maintaining the valid credential list and access policies in a table"); 
the security management server capable of two-way communication with one or more security management devices (Col. 11, lines 27-40, “Note that the unified access control server 200 also communicate with both network security server 159 and physical security server 121 over a frame-/packet based network 28, such as … the Internet”); 
the security management server configured to store a unique identifier having associated therewith authentication and authorization information (Col. 10, lines 49-52, "The unified access control server 200... maintaining the valid credential list... in a table"), with that information to be used to control at least one access decision (Col. 10, lines 38-41, “Advantageously, server 200 unifies credential verification and associated policies and policy enforcement for physical facilities and network-enabled devices") for a physical area and at least one access decision for one or more of a computer, computer network or network resource (Col. 11, lines 10-16, “In general, unified access control server 200 validates credentials and enforces access policies…” & Col. 11, lines 50-52, “An access control event may be a user... requesting network access or a user requesting access to a facility door or to a room such as an office, storeroom or laboratory"), the authentication and authorization information including at least two configuration options (Col. 10, lines 41-47, “This unification facilities implementation of new security policies that strengthens both physical and network security”; i.e., implement at least two security policies (configuration options) pertaining to physical and logical security); 
the security management server designed to be connected to one or more access controllers, the controllers being capable of communicating in a standard protocol and the security management server being capable of communicating with the one or more access controllers in the standard protocol (Col. 10, lines 33-36, “Server 200 interfaces with both the legacy physical security system 202 and the frame/packet network 204..."; Col. 10, lines 61-67 & Col. 11, lines 1-10, “The present invention assumes that one or more access control devices (ACD) 110… are part of a facility and its network, respectively. Common access control devices include card readers, biometric sensors, cameras, alarms, motion sensors and electromechanical door locks... Access control gateway 125 allows legacy ACDs and DCPs… to be used with the present invention… Access control gateway 125 simply enables legacy DCP communications to be transmitted over frame-or packet-based networks 155. The DCP access request messages are received and responded to by the unified access control server 200”); 
wherein the security management server also includes a directory service associated with said data store and configurable to make the at least one access decision for an access request to the physical area (Col. 10, lines 49-53, “… while maintaining the… access policies in a table… Server 200 also enforces all access policies”; Col. 16, lines 16-26, “The unified access control server... can be implemented... with certain standards such as: Lightweight Directory Access Protocol (LDCP) and Open Database Connectivity (ODBC); user authentication support…”), utilizing a first authentication and authorization information to select one of the at least two configuration options within said data store of the security management server (Col. 11, lines 53-64, “… when a unified access control server 200 receives an access request from … a DCP 119 … the unified access control server 200 responds to the request message by verified the validity of the credential, the location of the requesting device or requestor, and executing a specific policy based on the information provided”; i.e., upon receiving a request for physical access via a DCP, utilizing a specific policy for physical access (i.e., a “first” configuration option)) for a physical access decision (Col. 11, lines 50-52, “An access control event can be … a user requesting accessing to a facility door or to a room…”), and for logical access (Col. 11, lines 50-52, “An access control event can be a user or computer requesting network access …”), a second, separate access decision, utilizing a second authentication and authorization information of the at least two configuration options within the directory service of the security management server for a logical access decision (Col. 11, lines 53-64, “… when a unified access control server 200 receives an access request from a computer 151 … the unified access control server 200 responds to the request message by verified the validity of the credential, the location of the requesting device or requestor, and executing a specific policy based on the information provided”; i.e., upon receiving a request for network access, utilizing a specific policy for network access (i.e., a “second” configuration option)).

Regarding Claim 48:
The system of claim 47, further comprising a credential issuance system (Col. 11, lines 38-41) that can associate additional information with the unique identifier (Col. 15, lines 2-5, “It is common for physical security badges to include additional information on the entity that issued a user’s badge, i.e. the organization associated with the user and the badge”).

Regarding Claim 49:
The system of claim 48, wherein the additional information pertains to one or more of personnel (Col. 1, lines 61-64, “Many organizations provide personnel with credentials in the form of an organization ID or electronic key card with unique information encoded in the form an electronic identifier or Personal Identification Number”) and equipment.

Regarding Claim 50:
The system of claim 49, wherein additional information about the personnel comprises one or more of fingerprint information, name, credentials (Col. 1, lines 61-64, “Many organizations provide personnel with credentials in the form of an organization ID or electronic key card with unique information encoded in the form an electronic identifier or Personal Identification Number”), certifications, biometric information, access information, a picture, background information and medical information.

Regarding Claim 51:
The system of claim 47, wherein the unique identifier is associated with at least one of a contact or contactless chip, a bar code, printed data, a proximity chip, a magnetic stripe, a token and computer readable information (Col. 1, lines 61-64, “Many organizations provide personnel with credentials in the form of an organization ID or electronic key card with unique information encoded in the form an electronic identifier or Personal Identification Number”).

Regarding Claim 52:
The system of claim 47, wherein the configuration options include one or more of a card ID, card certificate, username (Col. 11, lines 56-60, “… the unified access control server 200 response to the request message by verifying the validity of the credential … and executing a specific policy based on the information provided”; Col. 4, lines 57-50, “Credentials used for network access control can vary with one of the simplest forms being the combination of a user’s name and a password”) and AccessID, and an incident management perimeter access control and tracking system manages one or more of personnel, tasks, equipment and access for a secure area (Figure 6, element 202 - “Physical Security System”).

Regarding Claim 53:
The system of claim 47, wherein a credential issuance system interfaces with one or more of a fingerprint capture system, a camera (Fig. 7A, element 121 is interfaced with elements 110; Col. 11, lines 38-41, “From a physical access control system perspective, physical security server 121 controls enrollment of new physical system users when added as well as continuing to manage new and expired user credentials” & Col. 10, lines 65-67), a PIN capture system, a signature capture system, a document scanner, a card reader/writer, a card printer and a report printer.

Regarding Claim 54:
The system of claim 47, wherein the unique identifier is stored on a smart card, smart chip, embedded chip, mobile device (Col. 1, lines 58-65) or implanted chip.

Regarding Claim 55:
The system of claim 47, wherein the information associated with the unique identifier is verified through a government entity (Col. 15, lines 2-5, “It is common for physical security badges to include additional information on the entity that issued a user’s badge, i.e. the organization associated with the user and the badge”; Col. 15, lines 64-67 & Col. 16, lines 1-2, “For example, a global policy may be established to comply with a government directive such as: only authorized users who have government security clearance can access certain network resources”).

Regarding Claim 56:
The system of claim 55, wherein status information related to the verification of the information is maintained by the security management server (Col. 15, lines 60-63, “With the look-up results for both or all tables, the engines may use the arbitration logic to validate and determine the appropriate physical or network access response”).

Regarding Claim 57:
The system of claim 47, wherein the security management server can receive information from one or more external data sources (Col, 11, lines 11-20, “Computer 151, and/or other network infrastructure devices and/or DCP 119 are responsible for implementing the unified access control server's returned instructions (at a facility, for example, by either setting off the alarm or opening the door.)”; i.e., receive event information from external data sources, such as an alarm).

Regarding Claim 58:
The system of claim 57, wherein the external data sources include one or more of map information, terrorist activity information, incident information, global positioning system information, audio information, video information, perimeter breach information, alarms (Col, 11, lines 11-20, “Computer 151, and/or other network infrastructure devices and/or DCP 119 are responsible for implementing the unified access control server's returned instructions (at a facility, for example, by either setting off the alarm or opening the door.)”; i.e., receive event information from external data sources, such as an alarm), enterprise security system status information, local emergency response information, local, state, federal or international governmental information and information obtained from one or more other security management systems.

Regarding Claim 59:
The system of claim 47, further comprising a rules toolkit, the toolkit allowing a user to construct one or more rules including metrics that govern the handling and action to be taken based on received information (Col. 18, lines 25-43, “Server 400 with policy engine 410 further includes the capability for ingesting, maintaining and distributing access control policies (e.g., the list) for access to physical and/or network facilities/resources via connection to and communication over a frame and/or packet-based network … Authorized personnel may create credentials and policies, configure access control system devices and manage access control systems at a secure management station and these capabilities may be programmed in appropriate computer software code, tables and lists and executed at the server 400”).

Regarding Claim 60:
The system of claim 47, further comprising an interface configured to communicate with the one or more of an existing enterprise physical security system and an existing enterprise computer system (Col. 1, lines 7-13, “More specifically, the present invention relates to a unified apparatus and method for providing physical access control and/or network access control to resources such as buildings, homes, physical infrastructure or information and network systems; where legacy physical security devices and/or network-enabled devices are involved in the access control system”).

Regarding Claim 61:
The system of claim 47, wherein the system includes one or more of satellite communications capabilities, VOIP capabilities, networking capabilities (Figure 6, element 155), switch-based network communication capabilities and packet-based network capabilities.

Regarding Claim 68:
The system of claim 47, wherein the system provides security for one or more of chemical, drinking water and wastewater treatment systems, energy facilities, dams, commercial nuclear reactors, water sectors, process manufacturing, emergency services, public health and healthcare, continuity of government, government facilities (Col. 15, lines 14-15, "... regulates user access to multiple facilities"; Col. 16, line 1, “a government security clearance”), defense facilities, defense industrial base, information technology, telecommunications, converged facilities, national monuments and icons, postal and shipping, banking and finance, commercial facilities, materials and waste facilities, transportation systems, port security, aviation security, cargo, cruise ships, trains, mass transit, Intermodal, food and agriculture facilities, military facilities, first responders, police, fire control access to a machine and OSHA Compliance.

Regarding Claim 70:
The system of claim 47, wherein the data store is located within the server (Col. 14, lines 37-42).

Regarding Claim 71:
The system of claim 47, wherein the data store is separate from the server (Col. 14, lines 54-62).

Regarding Claim 72:
The system of claim 47, wherein the at least two configuration options relate to networks, systems and/or physical access control to include one or more of hours of access, security zones (Col. 15, lines 64-67 & Col. 16, lines 1-2, “For example, a global policy may be established to comply with a government directive such as: only authorized users who have government security clearance can access certain network resources”), and accessible domains.

Regarding Claim 73:
The system of claim 47, wherein the security management server is physically connected to one or more access controllers (Col. 4, line 33-35, “All network devices are commonly connected via wired/fiber optic … media that communicate using frame/packet-based network protocols…”).  

Regarding Claim 74:
The system of claim 47, wherein the security management server is logically connected to one or more access controllers (Col. 10, lines 61-67 & Col. 11, lines 1-10, “The present invention assumes that one or more access control devices (ACD) 110… are part of a facility and its network, respectively. Common access control devices include card readers, biometric sensors, cameras, alarms, motion sensors and electromechanical door locks... Access control gateway 125 allows legacy ACDs and DCPs… to be used with the present invention… Access control gateway 125 simply enables legacy DCP communications to be transmitted over frame-or packet-based networks 155. The DCP access request messages are received and responded to by the unified access control server 200”).

Regarding Claim 75:
The system of claim 47, wherein the security management server is wirelessly connected to one or more access controllers (Col. 4, line 33-35, “All network devices are commonly connected via … wireless media that communicate using frame/packet-based network protocols…”). 

Regarding Claim 76:
The system of claim 47, wherein the security management server is connected to one or more access controllers via one or more intermediary components (Col. 4, line 33-35, “All network devices are commonly connected via wired/fiber optic … media that communicate using frame/packet-based network protocols…”; i.e., connected via element 155 shown in Figure 6).

Claim Rejections - 35 USC § 103
The following is a quotation of pre-AIA  35 U.S.C. 103(a) which forms the basis for all obviousness rejections set forth in this Office action:
(a) A patent may not be obtained though the invention is not identically disclosed or described as set forth in section 102, if the differences between the subject matter sought to be patented and the prior art are such that the subject matter as a whole would have been obvious at the time the invention was made to a person having ordinary skill in the art to which said subject matter pertains. Patentability shall not be negatived by the manner in which the invention was made.

Claim 62-65 is/are rejected under pre-AIA  35 U.S.C. 103(a) as being unpatentable over “Farino” (US 7437755) in view of “Laird” (US 2005/0075116).

Regarding Claim 62:
Farino teaches:
The system of claim 47, 
Farino does not disclose:
… wherein the system can be booted into a plurality of modes.
Laird teaches:
… wherein the system can be booted into a plurality of modes (¶0046, “The campus security management server 114 obtains the WAAS and GPS almanacs … the server downloads these almanacs to the handset 100 … providing WAAS and GPS data sets and almanacs to the handsets enables the GPS receivers … to operate in the more rapid starting modes … receivers must receive these datasets before they can begin operating”; ¶0074, “There are three possible starting modes”).
	At the time of the invention it would have been obvious to one with ordinary skill in the art to modify Farino’s unified physical and network access control system by enhancing Farino’s system to implement multiple, rapid modes of startup, as taught by Laird, in order to quickly assimilate to an existing environment.
	The motivation is to enable an access control system to quickly and efficiently assimilate to multiple different environments by enabling the system to startup into a plurality of different modes of operation.

Regarding Claim 63:
The system of claim 62, wherein Farino in view of Laird further teaches the modes are one or more of an EMS mode, a national disaster mode, an incident mode, a local disaster mode, a state 5Application Serial No. 16/740,204disaster mode, a terrorist activity mode and an international disaster mode (Laird, ¶0177, “emergency transit mode…”).  
The motivation to reject claim 63 is derived from the same motivation applied in the rejection of claim 62 above.

Regarding Claim 64:
The system of claim 63, wherein Farino in view of Laird further teaches additional modes can be dynamically added in real-time (Laird, ¶0067, “If the handset does not receive WAAS correction data directly from a satellite at the expiration of this time, the handset sends a network request (pull) message to the campus security management server 114 to request updated GPS and WAAS correction data from the server”).
The motivation to reject claim 64 is derived from the same motivation applied in the rejection of claim 62 above.

Regarding Claim 65:
The system of claim 63, wherein Farino in view of Laird further teaches each mode has an associated set of templates related to management of information associated with the security management system (Laird, ¶0142, “The rules loaded into the handset 100 are constructed to detect situations … The rules can embody heuristics… the rules can define permitted and prohibited locations…”).
The motivation to reject claim 65 is derived from the same motivation applied in the rejection of claim 62 above.

Claim 69 is/are rejected under pre-AIA  35 U.S.C. 103(a) as being unpatentable over “Farino” (US 7437755) in view of “Colby” (US 7719425).

Regarding Claim 69:
Farino teaches:
The system of claim 47,
Farino does not disclose:
… wherein the unique identifier is stored on a media in a Radio Frequency Identification (RFID) shielded pouch.
Colby teaches:
… wherein the unique identifier is stored on a media in a Radio Frequency Identification (RFID) shielded pouch (Fig. 1; Col. 1, lines 65-67 & Col. 2, line 1-3; Col. 2, lines 10-13).
	At the time of the invention it would have been obvious to one with ordinary skill in the art to modify Farino’s unified physical and network access control system by enhancing Farino’s badge credential to employ a RFID shield pouch, as taught by Colby, in order to protect the credential from being wirelessly stolen.
	The motivation is to protect credentials stored within a badge, such as a smart card, to be protected by outside RFID interference or signals which may lead to the credential being leaked or stolen.

Claims 77 and 78 is/are rejected under pre-AIA  35 U.S.C. 103(a) as being unpatentable over “Farino” (US 7437755) in view of “Johnson” (US 7748046).

Regarding Claim 77:
Farino teaches:
The system of claim 47,
Farino does not disclose:
… wherein the data store is coded in the SQL language.
Johnson teaches:
… wherein the data store is coded in the SQL language (Claim 10 - “wherein the account stores include at least one of: Active Directory (AD), Active Directory Application Mode (ADAM), or Structured Query Language (SQL) systems”).
	At the time of the invention it would have been obvious to one with ordinary skill in the art to modify Farino’s unified physical and network access control system by enhancing Farino’s data store to implement a Structured Query Language (SQL) system, as taught by Johnson, in order to incorporate a well-established and maintained database language.
	The motivation is to implement a database system that is widely supported, adopted, and maintained in order to ensure the database system remains updated and sustainable.

Regarding Claim 78:
Farino teaches:
The system of claim 47,
Farino does not disclose:
… wherein the directory service is active directory.
Johnson teaches:
… wherein the directory service is active directory (Claim 10 - “wherein the account stores include at least one of: Active Directory (AD), Active Directory Application Mode (ADAM), or Structured Query Language (SQL) systems”).
	At the time of the invention it would have been obvious to one with ordinary skill in the art to modify Farino’s unified physical and network access control system by enhancing Farino’s data store to implement an active directory system, as taught by Johnson, in order to incorporate a centralized directory.
	The motivation is to reducing data inconsistency and redundancy, while simplifying datastore maintenance, by implementing a centralized directory system.

Claim 101 is/are rejected under pre-AIA  35 U.S.C. 103(a) as being unpatentable over “Farino” (US 7437755) in view of “Niida” (US 5402521).

Regarding Claim 101:
Farino teaches:
A converged physical and logical security management system (Figure 6) comprising: 
a security management server (Figure 8, element 300) including at least one microprocessor and at least one input device and at least two output devices (Figure 8, element 300 integrates element 200 and a Frame / Packet Network Infrastructure Device; Col. 15, lines 34-38, “… the unified access control server is integrated and consolidated with … several network infrastructure devices (i.e., routers, switches, wireless access points) as depicted by block 300”); 
the security management server capable of storing data in a data store and retrieving data from said data store (Col. 10, lines 51-52, "... maintaining the valid credential list and access policies in a table"); 
the security management server capable of two-way communication with one or more security management devices (Col. 11, lines 27-40, “Note that the unified access control server 200 also communicate with both network security server 159 and physical security server 121 over a frame-/packet based network 28, such as … the Internet”); 
the security management server configured to store a unique identifier having associated therewith authentication and authorization information (Col. 10, lines 49-52, "The unified access control server 200... maintaining the valid credential list... in a table") that controls access decisions (Col. 10, lines 38-41, “Advantageously, server 200 unifies credential verification and associated policies and policy enforcement for physical facilities and network-enabled devices") for a physical area and logical access to one or more of a computer, computer network or network resource (Col. 11, lines 10-16, “In general, unified access control server 200 validates credentials and enforces access policies…” & Col. 11, lines 50-52, “An access control event may be a user... requesting network access or a user requesting access to a facility door or to a room such as an office, storeroom or laboratory"), the authentication and authorization information including at least two configuration options (Col. 10, lines 41-47, “This unification facilities implementation of new security policies that strengthens both physical and network security”; i.e., implement at least two security policies (configuration options) pertaining to physical and logical security); 
the security management server further configured to determine at least one access decision for the physical area and at least one logical access decision for the one or more of the computer, the computer network and the network resource (Figure 9, steps 381 & 384/385; Col. 16, lines 27-35, “The following example assumes that a physical access control event will preceded a network access event (i.e. the user will badge-in to a give facility or location and will then proceed to his work area and log-in to the corporate network"; i.e., receive a physical access request prior to a logical access request); 
the security management server connected to one or more access controllers that are capable of communicating in a standard protocol and capable of communicating with the one or more access controllers in the standard protocol (Col. 10, lines 33-36, “Server 200 interfaces with both the legacy physical security system 202 and the frame/packet network 204..."; Col. 10, lines 61-67 & Col. 11, lines 1-10, “The present invention assumes that one or more access control devices (ACD) 110… are part of a facility and its network, respectively. Common access control devices include card readers, biometric sensors, cameras, alarms, motion sensors and electromechanical door locks... Access control gateway 125 allows legacy ACDs and DCPs… to be used with the present invention… Access control gateway 125 simply enables legacy DCP communications to be transmitted over frame-or packet-based networks 155. The DCP access request messages are received and responded to by the unified access control server 200”); 
wherein the security management server also includes a directory service associated with said data store and configurable to make the at least one access decision for an access request to the physical area (Col. 10, lines 49-53, “… while maintaining the… access policies in a table… Server 200 also enforces all access policies”; Col. 16, lines 16-26, “The unified access control server... can be implemented... with certain standards such as: Lightweight Directory Access Protocol (LDCP) and Open Database Connectivity (ODBC); user authentication support…”), utilizing a first authentication and authorization information to select one of the at least two configuration options within said data store of the security management server (Col. 11, lines 53-64, “… when a unified access control server 200 receives an access request from … a DCP 119 … the unified access control server 200 responds to the request message by verified the validity of the credential, the location of the requesting device or requestor, and executing a specific policy based on the information provided”; i.e., upon receiving a request for physical access via a DCP, utilizing a specific policy for physical access (i.e., a “first” configuration option)) for a physical access decision (Col. 11, lines 50-52, “An access control event can be … a user requesting accessing to a facility door or to a room…”), and for logical access (Col. 11, lines 50-52, “An access control event can be a user or computer requesting network access …”), a second, separate access decision, utilizing a second authentication and authorization information of the at least two configuration options within the directory service of the security management server for a logical access decision (Col. 11, lines 53-64, “… when a unified access control server 200 receives an access request from a computer 151 … the unified access control server 200 responds to the request message by verified the validity of the credential, the location of the requesting device or requestor, and executing a specific policy based on the information provided”; i.e., upon receiving a request for network access, utilizing a specific policy for network access (i.e., a “second” configuration option));
Farino does not disclose:
	wherein the security management server is configured to perform artificial intelligence (AI) processes that attempt to emulate the decision making abilities of a human expect using knowledge (facts) and inference procedures (rules), said AI processes comprising one or more of neural networking, data clumping, and associative discovery; and
	wherein the security management server is further configured to perform a trending/prediction reporting process in cooperation with said AI processes to generate trending and/or prediction reporting.
Niida teaches:
wherein the security management server is configured to perform artificial intelligence (AI) processes (Abstract - “… The method of the present invention particularly can be applied to a control system requiring the recognition of abnormal conditions such as a control system for the operation of a … security apparatus…”); Fig. 14) that attempt to emulate the decision making abilities of a human expect using knowledge (facts) (Claim 1 - “inputting a plurality of sets of dynamic input trend data indicating normal operating conditions of said object system …” & “inputting a plurality of sets of output data indicating normal output results of said object system …”) and inference procedures (rules) (Col. 2, lines 47-57, “The neural network in this specification means a multi-layered artificial neural network technique … Then, this technique exists in a process system where non-linear multi-dimensional parameter turning can be processed while every set of data always satisfies the predetermined relation of the causes and effects”; Claim 1 - “determining if the difference is output said deviation range indicating an abnormal real-time condition”), said AI processes comprising one or more of neural networking (Col. 2, lines 15-17, “… a method for recognition of normal and abnormal conditions can be performed with at least one neural network”), data clumping, and associative discovery; and
	wherein the security management server is further configured to perform a trending/prediction reporting process in cooperation with said AI processes to generate trending and/or prediction reporting (Col. 2, lines 41-46, “That is, unknown patterns in the output data, which are different from the trend patterns of the normal conditions, are recognized in the present invention as an abnormal condition while trend patterns that follow the normal condition are recognized as a normal condition”).
	At the time of the invention it would have been obvious to one with ordinary skill in the art to modify Farino’s unified physical and network access control system by enhancing Farino’s security management server to perform artificial intelligence processes in order to generate trending reporting, as taught by Niida, in order to recognize normal and abnormal operating conditions within the access control system.
	The motivation is to offer flexible methods of real time recognition of normal and abnormal operating conditions of a security apparatus by implementing neural network based processes that output trend data patterns that follow normal and abnormal conditions.

Conclusion
Applicant's amendment necessitated the new ground(s) of rejection presented in this Office action.  Accordingly, THIS ACTION IS MADE FINAL.  See MPEP § 706.07(a).  Applicant is reminded of the extension of time policy as set forth in 37 CFR 1.136(a).  
A shortened statutory period for reply to this final action is set to expire THREE MONTHS from the mailing date of this action.  In the event a first reply is filed within TWO MONTHS of the mailing date of this final action and the advisory action is not mailed until after the end of the THREE-MONTH shortened statutory period, then the shortened statutory period will expire on the date the advisory action is mailed, and any extension fee pursuant to 37 CFR 1.136(a) will be calculated from the mailing date of the advisory action.  In no event, however, will the statutory period for reply expire later than SIX MONTHS from the date of this final action. 

Contact Information
Any inquiry concerning this communication or earlier communications from the examiner should be directed to DANIEL B POTRATZ whose telephone number is (571)270-5329.  The examiner can normally be reached on M-F 10 A.M. - 6 P.M. CST.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.  
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Ashok Patel can be reached on 571-272-3972.  The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system.  Status information for published applications may be obtained from either Private PAIR or Public PAIR.  Status information for unpublished applications is available through Private PAIR only.  For more information about the PAIR system, see http://pair-direct.uspto.gov. Should you have questions on access to the Private PAIR system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative or access to the automated information system, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.




/DANIEL B POTRATZ/Primary Examiner, Art Unit 2491