Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .

Continued Examination Under 37 CFR 1.114
A request for continued examination under 37 CFR 1.114, including the fee set forth in 37 CFR 1.17(e), was filed in this application after final rejection.  Since this application is eligible for continued examination under 37 CFR 1.114, and the fee set forth in 37 CFR 1.17(e) has been timely paid, the finality of the previous Office action has been withdrawn pursuant to 37 CFR 1.114.  Applicant's submission filed on 5/27/2022 has been entered.

Response to Amendment
This is in response to the amendments filed on 5/27/2022. Claims 1, 14, and 18 have been amended. Claims 8-13, 17, and 20 are withdrawn. Claims 1-7, 14-16, 18, and 19 are currently pending and have been considered below. 

Response to Arguments
Applicant’s arguments with respect to claim(s) 1, 14, and 18 have been considered but are moot because the new ground of rejection does not rely on any reference applied in the prior rejection of record for any teaching or matter specifically challenged in the argument.

Claim Rejections - 35 USC § 103
In the event the determination of the status of the application as subject to AIA  35 U.S.C. 102 and 103 (or as subject to pre-AIA  35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status.  
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.

Claim 1-3, 5, 6, 14, 15, 18, and 19 is/are rejected under 35 U.S.C. 103 as being unpatentable over “Cheng” (US 2016/0182503) in view of “Blake” (US 9392460) in view of “Jones” (US 9589566) in further view of “Shelton” (US 10019561).

Regarding Claim 1:
Cheng teaches:
A system for continuous and competitive authentication (Fig. 1; Abstract, “Technology for performing continuous authentication of a mobile device utilizes user activity context data and biometric signature data related to the user”), comprising:
a processor (Fig. 11, element 1112); 
a communication interface (Fig. 11, element 1130); and 
a memory having executable code stored therein (Fig. 11, element 1120 & element 110A), wherein the executable code, when executed by the processor, causes the processor to:
	…
receive active authentication data from a user (Fig. 2 details elements 128 and 130 being received from element(s) 126; Fig. 3, step 310) …;
detect, based on detecting one or more inconsistencies between the active authentication data from the user with the reference data associated with the user (Fig. 3, step 320; ¶0033, “If a user model is found, the method moves to block 320 and generates a confidence score by comparing the found user model biometric key to the biometric signature 134. At block 322, the method 300 determines a level of access by the access control module based on the confidence score 136”), that a confidence level associated with the user has dropped below a specified threshold (Fig. 10; ¶0039, “Turning back to the example of FIG. 10, where the plot of the score drops dramatically below the threshold, this represents an exemplary security event where a perpetrator may have picked up the user's phone. In this instance the perpetrator's gait would not match a verified signature in enrolled user model 170 and the device would deny the perpetrator access and the device would be "locked."”) …; and 
based on detecting the confidence level associated with the user has dropped below the specified threshold (¶0039, “… and when the score dips below this threshold, no access is given… Turning back to the example of FIG. 10, where the plot of the score drops dramatically below the threshold, this represents an exemplary security event where a perpetrator may have picked up the user's phone. In this instance the perpetrator's gait would not match a verified signature in enrolled user model 170 and the device would deny the perpetrator access and the device would be "locked””), trigger (¶0021, “In general, the interaction or activity context by the participants with the computing system indicated by the dashed lines between, for example, user 120 and sensing device 126, prompt the user authentication subsystem to perform authentication steps. In the event that a user is not interacting with a device (i.e., the computing system 100 is resting on a table or riding in a car), the sensors 126 would detect this and authentication steps would not be performed”; i.e., when the device is being interacted with (whether by an unauthorized or authorized user, trigger the continuous authentication steps to be carried out by receiving elements 128 and 130 from sensing elements 126) and continuously execute (¶0019, “A user authentication subsystem 110 embodied in the computing system 100 analyzes and interprets the inputs 128, 130, and identifies therefrom the activity context 132 and biometric signature 134 expressed by one or more of the participants 120, 122 over time and in a substantially continuous fashion”; ¶0024, “In any event, the data signals produced by the sensing device(s) 126 provide the activity context inputs 128 and/or the biometric inputs 130 that are analyzed by the user authentication subsystem 110”; i.e., receive two continuous authentication threads - activity context information and biometric inputs in parallel) a first authentication thread (Fig. 1, element 128 - “Activity Context Inputs”) in parallel to a second authentication thread (Fig. 1, element 130 - “Biometric Inputs”), wherein the first authentication thread is a competitive authentication thread (Fig. 1 details how the received Activity Context Inputs are fed into module 112 and then output as Activity Context 132 which is used to select Biometric Signature 134 - ¶0020, “Using the activity context 132, the user authentication subsystem 110 selects a biometric signature 134 of the user 120 or 122, which is passed to the authentication module 116 to generate score 136”; i.e., the examiner interprets the Activity Context Input authentication thread as being “competitive” as it drives the selection to the resultant Biometric Signature 134 ultimately used for authentication of the user).
Cheng does not disclose:
continuously monitor a user by continuously receiving, from multiple channels, historical authentication data and behavior data associated with the user, wherein the multiple channels include website-based communications, app-based communications, and phone-based voice communications, wherein the historical authentication data comprises full or partial authentication data associated with the user, wherein the behavior data comprises actions taken by the user, wherein the actions taken by the user comprise accessing a specific part of a website and accessing specific menu options during a voice communication session;
continuously integrate the historical authentication data and the behavior data as reference data associated with the user, wherein the reference data associated with the user further comprises voice data associated with the user, the voice data having a first average fundamental frequency;
… wherein the active authentication data comprises a streaming voice data sample having a second average fundamental frequency;
… wherein detecting the one or more inconsistencies comprises determining, based on comparing the first average fundamental frequency of the reference data with the second average fundamental frequency of the streaming voice data sample, that the second average fundamental frequency does not fall within an expected frequency range; and
Blake teaches:
continuously monitor a user (Fig. 5) by continuously receiving, from multiple channels (Fig. 5, element 510, 520, 530, and 540), historical authentication data (Fig. 5, element 510) and behavior data (Fig. 5, elements 530 and 540) associated with the user, wherein the multiple channels include … app-based communications (Col. 10, lines 7-13, “If no change is detected that would be uncharacteristic of the trusted user … then the current User A of mobile device 110A is authenticated as the trusted user associated with the mobile device 110 and messaging application 268 running on mobile device 110A allows the electronic communication session to proceed”)… wherein the historical authentication data comprises full or partial authentication data associated with the user (Col. 9, lines 13-18, “Some or all of the data (measurements) collected by the keypad cadence and pressure monitor 272 over time with respect to the trusted user of mobile device 110 is used to identify keypad cadence and pressure characteristics of the trusted user”), wherein the behavior data comprises actions taken by the user (Fig. 5, element 530 - “Collect Data of When Trusted User’s Mobile Device Is Stationary or Moving During Messaging Sessions” & element 540 - “Collect GPS Coordinates of Trusted User’s Mobile Device over Time”);
continuously integrate the historical authentication data and the behavior data as reference data associated with the user (Fig. 5, element 550; Col. 9, lines 48-57, “In Step 550, the data form one or more of Steps 511-516, 521, 522, 531, and 541 are used to create the trusted user profile 276 associated with the trusted user … which profile 276 is preferably stored in system memory 260 … It is understood that the data form Steps 510-541 may be collected over time to increase the accuracy of the trusted user profile 276”) …;
Before the effective filing date of the claimed invention, it would have been obvious to one with ordinary skill in the art to modify Cheng’s continuous authentication system by enhancing Cheng’s enrolled user model database to be continuously updated over time by utilizing historical authentication data and behavioral data associated with a user model, as taught by Blake, in order to increase the accuracy of the user model. 
	The motivation is to continuously collect authentication data associated with a user and continuously update a user model using the authentication data in order to increase the accuracy of the user model itself (Blake, Col. 9, lines 52-54) when used as reference data for authentication processes.
Cheng in view of Blake does not disclose:
… wherein the multiple channels include website-based communications, app-based communications, and phone-based voice communications, … wherein the actions taken by the user comprise accessing a specific part of a website and accessing specific menu options during a voice communication session;
… wherein the reference data associated with the user further comprises voice data associated with the user, the voice data having a first average fundamental frequency;
… wherein the active authentication data comprises a streaming voice data sample having a second average fundamental frequency;
… wherein detecting the one or more inconsistencies comprises determining, based on comparing the first average fundamental frequency of the reference data with the second average fundamental frequency of the streaming voice data sample, that the second average fundamental frequency does not fall within an expected frequency range; and
Jones teaches:
… wherein the reference data associated with the user further comprises voice data associated with the user (Col. 2, lines 63-67 & Col. 3, lines 1-6, “One or more database libraries … may be updated when disparities occur between different comparisons. For example, when VSA is implemented and it is determined that an individual may be conducting a fraudulent transaction based on a frequency response … the voice library may be updated with one or more voice signals …”; i.e., continuously generate voice reference data based on different comparisons), the voice data having a first average fundamental frequency (Col. 12, lines 33-44, “Because voice quality or frequency may change or be affected when an individual is under stress or pressure … the analysis component 250 may detect tensing of vocal cords of an individual by measuring the … frequency response associated with different portions or segments of a conversation or a communication. The analysis component 250 may determine one or more frequency responses for one or more corresponding segments of a communication (e.g., provide an average frequency response…) or for one or more voice signals of the communications”; i.e., provide an average frequency response of voice samples recorded when making a determination whether an individual is conducting a fraudulent transaction);
… wherein the active authentication data comprises a streaming voice data sample (Col. 8, lines 3-10, “Regardless, the monitoring component 230 may receive, record, or categorize a communication, … one or more voice signals associated therewith … made by an individual …”) having a second average fundamental frequency (Col. 8, lines 34-47, “The monitoring component 230 may tag one or more segments of a communication … with an expected frequency response based on … a length of time associated with a continuous voice signal …”; Col. 12, lines 33-44, “Because voice quality or frequency may change or be affected when an individual is under stress or pressure … the analysis component 250 may detect tensing of vocal cords of an individual by measuring the … frequency response associated with different portions or segments of a conversation or a communication. The analysis component 250 may determine one or more frequency responses for one or more corresponding segments of a communication (e.g., provide an average frequency response…) or for one or more voice signals of the communications”; i.e., record a continuous voice signal and determine the average frequency response of the signal);
… wherein detecting the one or more inconsistencies comprises determining (Col. 11, lines 13-33, “The detection component 240 may compare one or more characteristics associated with the communication with one or more sets of characteristics in a pathway library (e.g. of the database component 220). In other words, the detection component 240 may scan a pathway library of the database component 220 to determine if a communication is associated with a fraud pathway or a known fraud pathway matched to the pathway library. To this end, the detection component 240 may generate a pathway match determination. The pathway match determination may be generated based on a match between one or more of the characteristics of the communication and one or more of the sets of characteristics deemed to be indicative of a fraudulent pathway”), based on comparing the first average fundamental frequency of the reference data with the second average fundamental frequency of the streaming voice data sample, that the second average fundamental frequency does not fall within an expected frequency range (Col. 12, lines 45-59, “The analysis component 250 may facilitate determining whether a response from an individual … falls within an acceptable range of frequencies (e.g., exceeds a frequency threshold or within frequency range)…”; Claim 1 - “an analysis component that determines if a difference between a first frequency of a first segment of the communication and a second frequency of a second segment of the communication is outside a frequency range provided by a frequency library”; i.e., utilize the voice library as a reference to determine whether a monitored voice communication is within an expected frequency threshold or not); and
Before the effective filing date of the claimed invention, it would have been obvious to one with ordinary skill in the art to modify Cheng in view of Blake’s continuous authentication system by enhancing Cheng in view of Blake’s authentication module to provide voice authentication services based on average frequency ranges of collected communications, as taught by Jones, in order to prevent fraudulent transactions based on voice communications. 
The motivation is to impede fraudulent transactions which arise from a fraudulent user impersonating an authentic user via a voice communications system, where the fraudulent transactions can be detected via frequency ranges of the voice communications which allows for heightened scrutiny of an individual requesting activity that could potentially be fraudulent (Jones, Col. 11, lines 33-38).
Cheng in view of Blake in further view of Jones does not disclose:
… wherein the multiple channels include website-based communications, app-based communications, and phone-based voice communications, … wherein the actions taken by the user comprise accessing a specific part of a website and accessing specific menu options during a voice communication session;
Shelton teaches:
… wherein the multiple channels include website-based communications (Col. 2, lines 57-63, “One or more activities may take place during a single session. for example, a mobile application account session…”), app-based communications (Col. 2, lines 57-63, “One or more activities may take place during a single session. for example, a mobile application account session…”), and phone-based voice communications (Col. 3, lines 18-21, “… the user may call into the organization using a registered device”), … wherein the actions taken by the user comprise accessing a specific part of a website (Col. 2, lines 57-63, “One or more activities may take place during a single session. for example, a mobile application account session may begin with the user logging in using a username/password, completing several activities, such as checking an account balance, ordering a new credit card, and transferring funds, and ending the session by logging out”) and accessing specific menu options during a voice communication session (Col. 3, lines 28-44, “If voice biometrics are used to verify the identity of the user, an analysis of the user’s speech while interacting with an interactive voice response system (IVR) … may be analyzed … For example, the user may state a command such as “check account balance” … As the user continues to interact with the IVR  … during the session, more data from the natural course of interaction may be collected and analyzed”);
Before the effective filing date of the claimed invention, it would have been obvious to one with ordinary skill in the art to modify Cheng in view of Blake in further view of Jones’ continuous authentication system by enhancing Cheng in view of Blake in further view of Jones’ authentication module to monitor multiple channels including web-based, app-based, and phone-based voice communications along with receiving actions taken by a user such as accessing specific parts of a website and specific menu options during a voice communication sessions while providing authentication of the user’s device, as taught by Shelton, in order to provide enhanced authentication of the user without overly inconveniencing the user. 
The motivation is to provide continuous authentication of a user but with an increased amount of authentication vectors, such as those derived from web-based, app-based, and voice-based communications, where the vectors are collected in a passive manner via the standard usage of the user’s device (Shelton, Col. 2, lines 41-49). This not only enhances the continuous authentication of the user, but reduces the likelihood the user becomes annoyed at having to maintain additional authentication vectors of data (Shelton, Col. 2, lines 34-37).

Regarding Claim 2:
The system according to claim 1, wherein Cheng in view of Blake in view of Jones in further view of Shelton further teaches the executable code, when executed by the processor, causes the processor to: 
continuously maintain a profile associated with the user (Cheng, Fig. 1, element 170; ¶0026, “… generates a confidence score by comparing biometric signature 134 to a stored key in enrolled user model 170”); 
strategically decide on actions to authenticate the user or collect evidence of unauthorized access by the user (Cheng, ¶0039, “Turning back to the example of FIG. 10, where the plot of the score drops dramatically below the threshold, this represents an exemplary security event where a perpetrator may have picked up the user's phone. In this instance the perpetrator's gait would not match a verified signature in enrolled user model 170 and the device would deny the perpetrator access and the device would be "locked."”), wherein the actions comprises acquiring data from each interaction with the user (Fig. 1, element 134; ¶0025, “Biometric signature extractor module includes sub-modules gait 160, arm length 161, blood pressure 162, height 163, breathing rate 164, and pulse 165. These sub-modules process the stream of biometric inputs to then determine a biometric signature 134 of the user”); and 
integrate the data acquired from each interaction with the user (Cheng, ¶0027, “The objective of the authentication module 118 is to decrypt and integrate the signature information, compare it with the user model 170, and generate a confidence value for authentication”).

Regarding Claim 3:
The system according to claim 2, wherein Cheng in view of Blake in view of Jones in further view of Shelton further teaches acquiring data from each interaction with the user is accomplished using a data acquisition pattern (Cheng, Figs. 4A, 4B, and 5 detail different data acquisition patterns), wherein the data acquisition pattern is continuously updated based on the confidence level associated with the user (Cheng, Fig. 3, step 324 - “Continue User Authentication?”; i.e., continuously capture activity context and biometric signatures of a user to update the respective data pattern plots shown in Figs. 4A, 4B, and 5).

Regarding Claim 5:
The system according to claim 3, wherein Cheng in view of Blake in view of Jones in further view of Shelton further teaches the actions to authenticate the user further comprises prompting the user to take one or more user actions (Cheng, ¶0021, “In general, the interaction or activity context by the participants with the computing system indicated by the dashed lines between, for example, user 120 and sensing device 126, prompt the user authentication subsystem to perform authentication steps”).

Regarding Claim 6:
The system according to claim 5, wherein Cheng in view of Blake in view of Jones in further view of Shelton further teaches the prompting the user to take one or more user actions comprises one of prompting the user to provide biometric data, answer a question, provide additional authentication information, and provide device or location data (Cheng, ¶0021, “prompt the user authentication subsystem to perform authentication steps”).

Regarding Claims 14, 15, 18, and 19:
Controller claims 14 and 15 and computer-implemented method claims 18 and 19 correspond to respective system claims 1 and 2 above, and contain no further limitations. Thus claims 14, 15, 18, and 19 are each rejected by applying the same rationale used to reject claims 1 and 2 above, respectively.

Claims 4 and 16 is/are rejected under 35 U.S.C. 103 as being unpatentable over “Cheng” (US 2016/0182503) in view of “Blake” (US 9392460) in view of “Jones” (US 9589566) in view of “Shelton” (US 10019561) in further view of “DeLean” (US 2003/0190076).

Regarding Claim 4:
Cheng in view of Blake in view of Jones in further view of Shelton teaches:
The system according to claim 2, …
Cheng in view of Blake in view of Jones in further view of Shelton does not disclose:
… wherein the executable code, when executed by the processor, causes the processor to: 
calculate a mismatch vector associated with a mismatch by comparing the data acquired from each interaction with the user with reference profile data; and 
use the mismatch vector to confirm or eliminate the mismatch. 
DeLean teaches:
… wherein the executable code, when executed by the processor, causes the processor to: 
calculate a mismatch vector associated with a mismatch by comparing the data acquired from each interaction with the user with reference profile data (Fig. 18, step 1814; ¶0070, “at a step 1814 the system applies one or more algorithms, discussed in greater detail below, to determine differences between the captured image and a reference image”; Fig. 22 further discloses detecting potential mismatch vectors between different pixel groups in an image and a reference image); and 
use the mismatch vector to confirm or eliminate the mismatch (Fig. 18, step 1818). 
	Before the effective filing date of the claimed invention, it would have been obvious to one with ordinary skill in the art to modify Cheng in view of Blake in view of Jones in further view of Shelton’s continuous authentication system by enhancing Cheng in view of Blake in view of Jones in further view of Shelton’s authentication module to implement a mismatch verification process between an user image model and a reference user image model, as taught by DeLean, in order to eliminate potential false-positive matches from occurring. 
	The motivation is to limit instances of false-positive matches from occurring within an authentication system, thereby increasing the security of the system by eliminating the potential of any unauthorized users being authenticated by the system (DeLean, ¶0002, “… can limit the instance of false positive matches to an arbitrarily low level, so that a user who wants to be recognized can attempt to be recognized as many times as he or she wishes, without fear that an unauthorized user will be permitted entry”)

Regarding Claim 16:
Controller claim 16 corresponds to system claim 4 and does not contain any further limitations. Therefore claim 16 is rejected by applying the same rationale used to reject claim 4 above.

Claim 7 is/are rejected under 35 U.S.C. 103 as being unpatentable over “Cheng” (US 2016/0182503) in view of “Blake” (US 9392460) in view of “Jones” (US 9589566) in view of “Shelton” (US 10019561) in further view of “Wang” (US10505959).

Regarding Claim 7:
Cheng in view of Blake in view of Jones in further view of Shelton teaches:
The system according to claim 2, …
Cheng in view of Blake in view of Jones in further view of Shelton does not disclose:
… wherein integrating the data acquired from each interaction with the user comprises creating an unauthorized user profile, wherein the executable code, when executed by the processor, causes the processor to cross check data acquired from each interaction with the user with one or more known unauthorized user profiles.
Wang teaches:
… wherein integrating the data acquired from each interaction with the user comprises creating an unauthorized user profile (Abstract, “The reference profile represents historical behavior of the particular entity that is monitored over a prescribed period of time”; Col. 11, lines 4-7, “The reference profile is used as a profile baseline by the behavior profiling and reporting logic 440 to determine if any monitored activities by the profile entity, alone or collectively, denote anomalous behavior”), wherein the executable code, when executed by the processor, causes the processor to cross check data acquired from each interaction with the user with one or more known unauthorized user profiles (Col. 11, lines 7-21, “As an illustrative example, an employee in an engineering group accesses a Human Relations (HR) server that she normally does not access. In behavior profiling by the behavior profiling service logic 380, this activity may represent anomalous behavior, but a single access may not cause the behavior profiling and reporting logic 440 to determine that the access constitutes a "suspicious" behavior by the employee. However, where the employee accesses the HR server repeatedly, perhaps coupled with such accesses occurring after normal business hours, the anomalous behavior may denote suspicious behavior by the employee”; i.e., cross check multiple instances of interactions to the reference profile to determine whether anomalous behavior has occurred). 
	Before the effective filing date of the claimed invention, it would have been obvious to one with ordinary skill in the art to modify Cheng in view of Blake in view of Jones in further view of Shelton’s continuous authentication system by enhancing Cheng in view of Blake in view of Jones in further view of Shelton’s enrolled user model database to include a reference model to be used as a baseline for detecting unauthorized behaviors via a cross-checking method, as taught by Wang, in order to accurately detect particular behavior indicating that a malicious attack may be occurring and generating an alert to determine whether the behavior is part of an attack. 
	The motivation is to detect whether activity inputs received in a continuous authentication system not only correspond to an authenticated user, but also correspond to a potential malicious attack being carried out against system by usage of a baseline profile to detect such attack. This enables the system to alert an administrator of suspicious activity, thus providing the administrator with necessary information to thwart any potential attack.

Contact Information
Any inquiry concerning this communication or earlier communications from the examiner should be directed to DANIEL B POTRATZ whose telephone number is (571)270-5329.  The examiner can normally be reached on M-F 10 A.M. - 6 P.M. CST.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.  
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Ashok Patel can be reached on 571-272-3972.  The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system.  Status information for published applications may be obtained from either Private PAIR or Public PAIR.  Status information for unpublished applications is available through Private PAIR only.  For more information about the PAIR system, see http://pair-direct.uspto.gov. Should you have questions on access to the Private PAIR system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative or access to the automated information system, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.




/DANIEL B POTRATZ/Primary Examiner, Art Unit 2491