Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .



DETAILED ACTION
Continuation
	A request for continued examination under 37 CFR 1.114, including the fee set forth in 37 CFR 1.17(e), was filed in this application after final rejection.  Since this application is eligible for continued examination under 37 CFR 1.114, and the fee set forth in 37 CFR 1.17(e) has been timely paid, the finality of the previous Office action has been withdrawn pursuant to 37 CFR 1.114.  Applicant's submission filed on 02/22/2022 has been entered.

Response to Arguments
Applicant’s arguments filed February 22, 2022 have been fully considered. After further consideration the prior art of record still reads on Applicant’s amended claim language. 

Applicant asserts the prior art of record fails to disclose environment specific attributes or orthogonal factors including patterns in the user's eye movement that vary from previously learned eye movements; or metadata from sensors that vary from previously learned metadata indicating the user's gender, age, or medical condition. 
In response, The Examiner respectfully disagrees and relies upon the combination of applied art to suggest environment specific attributes or orthogonal factors (reads on the collected relevant biometric and environmental data for user authentication, see Briceno para 0097, 0396 and 0399 – 0400) including patterns in the user's eye movement that vary from previously learned eye movements  (reads on comparing the expected motion of the user’s eyes with the actual motion where the expected motion comprises recorded eye movements of the actual user of the device, see Briceno para 0304, 0308, 0309, 0326 and claim 6); or metadata from sensors that vary from previously learned metadata indicating the user's gender, age, or medical condition (The Examiner asserts a stress level is an exemplary medical condition, as a result, the limitation reads on any other data specific to the user and useful to determine a user’s current stress levels, see Anand para 0029 and 0057 – 0058).


Claim Rejections - 35 USC § 103

The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.

In the event the determination of the status of the application as subject to AIA  35 U.S.C. 102 and 103 (or as subject to pre-AIA  35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status.  

Claims 1 – 20 are rejected under 35 U.S.C. 103 as being unpatentable over Briceno (US Pub. No. 2014/0289833 A1) in view of British (EP2107757 A1) in view of Anand (US Pub. No. 2019/0052661) in view of Jung (US Pub. No. 2015/0381617 A1).

Per claim 11, Briceno suggests a method comprising: authenticating (see Briceno Figure 4 blocks 404 and 405 and para 0096 – 0116), via an authentication server (see Briceno para 0092), a user using an authentication process (reads on authenticating a user, see Briceno Figure 4 blocks 404 and 405 and para 0096 – 0116); collecting (reads on collecting relevant biometric and environmental data to user authentication, see Briceno para 0396 and 0399 – 0400), via the authentication server (see Briceno para 0092), orthogonal factors/environment specific attributes about the user during the authentication process (reads on user authentication via a combination of fingerprint authentication, facial recognition, voice recognition, retinal scanning and/or various other types of explicit user authentication techniques, see Briceno para 0396 and 0399); computing (reads on calculating assurance level based on collected data, see Briceno Figure 4 block 409 and para 0097, 0396 and 0398), via the authentication server (see Briceno para 0092), an assurance score based on (reads on calculating assurance level based on collected data, see Briceno Figure 4 block 409 and para 0396 and 0398) the collected orthogonal factors (reads on the collected relevant biometric and environmental data for user authentication, see Briceno para 0097, 0396 and 0399 – 0400); generating (reads on transmitting the authentication response comprising the calculated/measured assurance level to the relying party after successful authentication, see Briceno para 0096, 0097, 0099 and Figure 4 blocks 405 and 420), an authentication assertion including the assurance score upon a successful user authentication (reads on transmitting the authentication response comprising the calculated/measured assurance level to the relying party after successful authentication, see Briceno para 0096, 0097, 0099 and Figure 4 blocks 405 and 420); providing the authentication assertion including the assurance score (reads on transmitting the authentication response comprising the calculated/measured assurance level to the relying party after successful authentication, see Briceno para 0096, 0097, 0099 and Figure 4 blocks 405 and 420) to a first authentication consumer (reads on a relying party with secure transaction services, see Briceno para 0008, 0093 and Figure 4 block 420); and making (reads on the relying party specifies the level of assurance required for a given transaction where a higher assurance level is required for transferring a significant amount of money and a lower assurance level is required for accessing an email account, see Briceno para 0338), via the first authentication consumer (reads on a relying party with secure transaction services, see Briceno para 0008, 0093 and Figure 4 block 420), a first local entitlement decision based on (reads on the relying party specifies the level of assurance required for a given transaction where a higher assurance level is required for transferring a significant amount of money and a lower assurance level is required for accessing an email account, see Briceno para 0338) the assurance score (reads on the calculated/measured assurance level to the relying party after successful authentication, see Briceno para 0096, 0097, 0099 and Figure 4 blocks 405 and 420), wherein the orthogonal factors/environment specific attributes comprise (reads on the collected relevant biometric and environmental data for user authentication, see Briceno para 0097, 0396 and 0399 – 0400) patterns in the user’s eye movement that vary from previously learned eye movements (reads on comparing the expected motion of the user’s eyes with the actual motion where the expected motion comprises recorded eye movements of the actual user of the device, see Briceno para 0304, 0308, 0309, 0326 and claim 6).


    PNG
    media_image1.png
    558
    867
    media_image1.png
    Greyscale




[0304] One embodiment of the invention performs eye-tracking as part of an authentication process to measure the response to varying regions of interest randomly arranged and displayed on the screen. For example, a sequence of random screen layouts mixing text, empty regions, images and video clips may be presented to the user to non-intrusively induce user's eye-movement. Concurrently, eye-tracking techniques are used to verify that the eyes are reacting to the screen layout in an expected manner. This information may then be combined with face recognition techniques to verify that the expected face is still present. Moreover, as discussed above, the eye tracking and facial recognition techniques may be combined with other techniques (e.g., location-based authentication, non-intrusive user presence detection, fingerprint scanning, etc) to arrive at a sufficient level of assurance that the legitimate user is in possession of the device. 

[0308] To perform eye tracking analysis, the eye tracking module 2605 relies on eye tracking templates stored within a secure eye tracking database 2645. Although illustrated as a separate database, the eye tracking database and facial recognition database may actually be the same secure database. In one embodiment, an eye tracking template specifies the text, graphics, pictures, videos and/or blank regions which are to be displayed for the user on the client device's display 2601 (some examples of which are shown in FIGS. 28A-B below) and potentially the order in which the content is to be displayed. In addition, the eye tracking template includes data specifying the expected motion characteristic of a user's eyes in response to the content displayed to the user (e.g. in form of a heatmap, see below). Matching logic within the eye tracking module 2605 compares the expected motion of the user's eyes with the actual motion (captured from the video images) to arrive at a "score" based on the similarity between the expected motion and the actual motion. As mentioned, the score may then be combined with scores from other authentication modules (e.g., such as facial recognition module 2604) to form an assurance level 2606. The eye tracking template data stored in the database 2646 may be compiled using recorded eye movements of other users and/or of the actual user of the device in response to each displayed Web page or other displayed image. For example, as with the facial recognition template, the eye tracking template may be generated as part of an enrollment process in which the user enrolls his/her eye motion with the device 2600.

[0309] In one embodiment, the eye tracking module 2605 determines the correlation between the images being displayed (which may include text, graphics, video, pictures, and/or blank regions) and the user's eye movement. For example, if a motion video is displayed in the lower right corner of the display, the vast majority of users will direct their attention to this region. Thus, if the eye tracking module 2605 detects that the user's eyes have moved to this region within a designated period of time (e.g., 2 seconds), then it will detect a high correlation between the user's eyes and the template, resulting in a relatively high score. In contrast, if the user's eyes do not move to this region (or do not move at all), then the eye tracking module 2605 will detect a low correlation and corresponding low score.

[0326] At 2907, a determination is made as to whether the combined results of the facial authentication and eye tracking is sufficient to allow the current transaction to proceed. If so, then the transaction is permitted at 2909. If not, then at 2908, the transaction is disallowed or additional authentication techniques are requested to raise the level of assurance. For example, at this stage, the user may be asked to swipe a finger on a fingerprint sensor or to enter a PIN associated with the user's account. If the additional authentication techniques are sufficient, determined at 2910, then the transaction is permitted at 2909.

[0389] In one embodiment, after the a user provides valid authentication (e.g., swipes a finger on the fingerprint sensor), the client device identifies the user and generates a token (cryptographic signature) with the transaction details (e.g., the displayed text) and a random challenge provided from the relying party (e.g., the token may be a signature over the transaction details and a nonce). This allows the relying party 3650 ensure that the transaction details have not been modified between the server and the client. In one embodiment, the application 3704 sends the generated token and username to the relying party, which then identifies the user with the username and verifies the token. If verification succeeds, a confirmation message is sent to the client and the transaction is processed.


[0391] Returning to FIG. 37, in one embodiment, authentication may be performed via an authentication engine 3710 on the client devices 3600-3602 designed to perform a series of transactions with the relying party 3650 to remotely authenticate each user. For example, as described in the co-pending applications an authentication framework and associated authentication techniques may be employed in which a user enrolls with biometric devices 3720-3721 of a client to generate biometric template data (e.g., by swiping a finger, snapping a picture, recording a voice, etc); registers the biometric devices with one or more relying parties 3650 over a network (e.g., Websites or other relying parties equipped with secure transaction services); and subsequently authenticates with those relying parties 3650 using data exchanged during the registration process (e.g., encryption keys provisioned into the biometric devices). In one embodiment, "registration" with relying parties includes exchanging symmetric or asymmetric keys with the relying party for each user authentication device 3720-3721 and storing the keys within a secure storage 3725 associated with each authentication devices 3720-3721. A secure key provisioning protocol such as the Dynamic Symmetric Key Provisioning Protocol (DSKPP) may be used to share keys with the client over a secure communication channel (see, e.g., Request for Comments (RFC) 6063). However, the underlying principles of the invention are not limited to any particular key provisioning protocol.

[0392] During the authentication phase, the keys are used, for example, to generate signatures, verify signatures, and/or encrypt communication between the clients 3600-3602 and the relying party 3650. Once authenticated, the user is permitted to perform one or more online transactions. In addition, in one embodiment, sensitive information such as fingerprint data and other data which may uniquely identify the user may be retained locally on the user's client device (e.g., smartphone, notebook computer, etc) to protect the user's privacy.

[0393] In one embodiment, the authentication engine 110 includes an assurance level calculation module 3706 for calculating an assurance level corresponding to a likelihood that the legitimate user is in possession of the client device 100. It may then use this assurance level to determine whether the relying party 3650 should authorize a current transaction. In one embodiment, the relying party 3650 may specify the level of assurance required for a given transaction. For example, for a financial transaction involving the transfer of a significant amount of money, the relying party 3650 may require a relatively higher assurance level than, for example, a transaction involving no exchange of money or mere access to a user information.

[0394] In one embodiment, the assurance level calculation module 106 transmits the assurance level (e.g., specified as a value, percentage, code, etc) to the relying party 3650, without disclosing any confidential user information, thereby protecting the user's privacy. In another embodiment, the assurance level calculation module 3706 knows the assurance level required for the current transaction, determines whether the assurance level is sufficiently high, and transmits an indication of whether the transaction is permitted or denied to the relying party 3650 (without disclosing the user's private information to the relying party 3650).

[0395] In one embodiment, the communication between the client devices 3600-3602 and relying party 3650 is secured via a secure communication module 3713, which may encrypt outgoing communication using a first key and decrypt incoming communication using a second key. In a symmetric key encryption scheme the first and second keys are the same. In an asymmetric key encryption scheme, the keys are different. However, the underlying principles of the invention are not limited to any particular type of encryption.

[0396] In one embodiment, the assurance level calculation module 3706 determines the assurance level based, at least in part, on current user authentication results 3705 which may include the results of a current or recent explicit user authentication via one or more explicit user authentication devices 3720-3721. This may include, for example, fingerprint authentication via a fingerprint device, facial recognition authentication via a camera and facial recognition hardware/software, voice recognition via a microphone and voice recognition hardware/software, retinal scanning using a camera and associated hardware/software, a password/PIN entry by the end user via a keypad, and/or various other types of explicit user authentication devices and/or techniques.

[0397] In one embodiment, the secure storage 3725 cryptographically protects the biometric reference data records for each user authentication device 3720-3721 (e.g., wrapping the data using a symmetric key to make the storage 3725 secure). While the secure storage 3725 is illustrated outside of the secure perimeter of the authentication device(s) 3720-3721, in one embodiment, each authentication device 3720-3721 may have its own integrated secure storage to cryptographically protect the biometric reference data records.

[0398] In addition to explicit user authentication, one embodiment of the authentication engine 3710 performs non-intrusive authentication by collecting data from sensors 3743 to be used by the assurance calculation module 3706 to generate the assurance level. By way of example, the sensors 3743 may include location sensors such as GPS sensors to indicate a current location of the user. If the client devices 3600-3602 are in an expected location such as the known vicinity (e.g., a "home" or "office" location), then this increases the likelihood that the user is the legitimate user. By contrast, if the GPS reading indicates that the user is not at an expected location, then this indicates that the user initiating the transaction is not the legitimate user. Thus, in one embodiment, the assurance calculation module 3706 will increase the assurance level if the user is in an expected location and decrease the assurance level if the user is in an unexpected location.

[0399] Various additional sensors 3743 such as temperature sensors, humidity sensors and accelerometers may be used to collect data relevant to user authentication. For example, the temperature/humidity sensors may provide a current temperature/humidity which may be compared against the known temperature/humidity for the location specified by the location sensor. If the values are significantly different, then this may indicate that the client devices 3600-3602 are being spoofed. The comparison of the asserted location and the temperature/humidity may be done at a remote server such as the secure transaction server(s) used by the relying party 3650. In another embodiment, accelerometers on the device may be used to measure the gait of the user and compare these measurements against the known gait of the user. If the gaits match (within a specified threshold), then this increases the likelihood that the legitimate user is in possession of the client device 3600-3602.

[0400] Another non-intrusive authentication technique comprises measuring an amount of time which has elapsed since the last successful user authentication. For example, if the user has very recently performed an explicit user authentication (e.g., swiping a finger on a fingerprint reader just a few minutes earlier), then this will tend to indicate that the legitimate user is still in possession of the client device (thereby resulting in a high baseline assurance level). By contrast, if the last explicit authentication has been several hours or several days earlier, then a new explicit user authentication may be required to reach an acceptable assurance level.

The prior art of record is silent on explicitly stating generating, via the authentication server, an authentication assertion including the assurance score upon a successful user authentication; wherein the orthogonal factors comprise stress patterns in the user's iris. 
British suggests 
generating (reads on the identity provider issues an authentication assertion that includes a level of assurance indication which the user can present to service provider computers in order to authenticate, see British para 0015 and 0032), via the authentication server (reads on an identity provider, see British para 0015 and 0032), an authentication assertion including the assurance score upon a successful user authentication  (reads on the identity provider issues an authentication assertion that includes a level of assurance indication which the user can present to service provider computers in order to authenticate, see British para 0015 and 0032). 
Before the effective filing date of the invention it would have been obvious to one of ordinary skill in the art to modify the assertion and entitlement decision teachings of the prior art of record by integrating the ability to have the identity provider generate the assertion and sending the assertion to a plurality of different service providers each providing different access to web content provided by that particular service provider to realize the instant limitations. One or more of the underpinning rational(s), as discussed in KSR international Co, v, Teleflex inc,s etai,s 550 U,S. 398 (2007) U.S.P.Q.2d 1385, also see MPEP § 2141 {IN), are used to support this conclusion of obviousness. Accordingly, it would have been obvious to one of ordinary skill in the art to include in the assertion and decision teachings of Briceno the ability to have the assertion generated by the identity/authentication provider and send that assertion to a plurality of different service providers as taught by British since the claimed invention is merely a combination of old elements, and in the combination each element merely would have performed the same function as it did separately. As a result, since each individual element and its function are shown in the prior art, albeit shown in separate references, the difference between the claimed subject matter and the prior art rests not on any individual element or function but in the very combination itself- that is in the substitution of the identity provider generating the assertion of the secondary reference for the authentication elements (see Briceno Figure 2 block 210) generating the assertion of the primary reference. Thus, the simple substitution of one known element for another producing a predictable result renders the claim obvious. The motivation to combine the references is applied to all dependent claims under this heading.
Anand suggests 
collecting (reads on as the user provides authentication information the monitor may actively or passively collect information via an apparatus, see Anand para 0033 – 0034) orthogonal factors about the user (reads on data corresponding to voice stress, pulse rate, blood pressure, facial stress or a specific look, see Anand para 0029 and 0036) during the authentication process (reads on as the user provides authentication information the monitor may actively or passively collect information via an apparatus, see Anand para 0033 – 0034); wherein the orthogonal factors comprise (reads on data corresponding to facial stress or a specific look, see Anand para 0029 and 0036) stress patterns in the user’s iris (reads on data corresponding to facial stress or a specific look, see Anand para 0029 and 0036).

[0029] The user data module 110 may include a user profile 118 that may include criteria used for determining whether a user associated with the user data module 110 is under sufficient duress to block or limit access to a particular account, or take some other contingent action. For example, the user profile 118 may include one or more standard and alternative authentication keys for the user, or threshold levels for pulse rate, skin moisture, blood pressure (when suitable sensors are available). The user profile 118 may include facial recognition patterns associated with normal activity as well as voice stress data used to analyze a stress level of the user by monitoring a speech pattern of an utterance made by the user. In one embodiment, the utterance may be predetermined word or phrase, such as “don't hurt me.” The user profile 118 may include information that is not strictly related to biometrics, such as speech recognition patterns for comparison to a trigger word or phrase such as “Emergency!” used to trigger contingency actions. 

[0033] FIG. 3 is a simplified block diagram illustrating another embodiment for fraud detection and monitoring for an account and, more specifically, for a payment or financial account. In this embodiment, a payment platform 200, such as a smartphone, may host a wallet application 202 that is utilized to perform a transaction via a wallet service 212. The wallet application 202 may have a monitor 203 used in conjunction with fraud detection and monitoring. For example, in some embodiments, as a person (user) engages providing authentication information for the account, or engages in a purchase or a cash transfer using the wallet application 202, the monitor 203 may collect information via an apparatus 204. The apparatus 204 may be or include a biometric sensor, such as a fingerprint sensor or a pulse monitor, may be a camera that takes a photograph of a user's face, may be a keyboard or computer mouse for receiving user inputs, etc.

[0034] In various embodiments, collecting data from the apparatus 204 may be active or passive. That is, in one embodiment, the user may be prompted to use the apparatus 204 by placing a finger on a sensor or posing for a photograph, or to enter user authentication information such as a username and/or password key. In another embodiment, collecting the data may be performed passively, such as taking a photograph with a front-facing camera without indicating that the camera is active, or by listening for certain words or speech patterns.

[0036] As discussed above, the user input may be data corresponding to pulse rate, blood pressure, facial stress, or a specific look, such as crossing the eyes. In other embodiments, the data collected may not be strictly biometric data but may include other explicit signals such as shaking the payment platform 200 or pressing a combination of buttons. In an alternate embodiment, the apparatus 204 may not be part of the payment platform 200 but instead may be an external apparatus 206 that communicates with the payment platform 200 via a network connection 208, such as Bluetooth®. For example, the external apparatus 206 may be a fitness tracker or smart watch capable of monitoring body conditions or even taking a photograph. [0038] In another embodiment, the payment platform 200 or the external apparatus 206 may be shaken, rotated repeatedly, or taken through some other physical maneuver or pattern to set a flag that is read by the monitor 203 to indicate that the user is under duress. The monitor 203 may be preprogrammed with one or more motions that, if performed within a certain time period of an attempted transaction, will send an override message either explicitly, or by substituting a biometric reading that is known to cause a failed condition. For example, the monitor 203 may send a pulse reading of 150 when the known threshold is 100. In other embodiments, the user may have a plurality of preset authentication key entries, each of which provides a different signal to the wallet service 212 or third party entity 218 depending on a level of duress the user is experiencing. These authentication keys and possible contingency actions will be described in more detail below.

[0057] FIG. 7 illustrates a method 600 the system may implement to detect fraud by monitoring risk factors that may indicate the user is under duress or that the recipient of a transaction is attempting fraud. At block 602, the method may include receiving a user identification that may correspond to a user profile of the user. At block 604, the method may include receiving a standard authentication key that may be received by the system to authenticate the user's access. Similar to embodiments described above, the user identification and the authentication key may be the same, such as when using facial recognition. At block 606, the method may include receiving baseline biometric data for the user through an apparatus 122 communicating with a user device 55 or account platform 102. For example, the method may include receiving baseline data of a user's heart rate, facial expressions, skin moisture levels, voice signature, or any other data specific to the user and useful to determine a user's current stress levels, etc. Each piece of biometric data may be a risk factor considered by the system to determine whether the user is under duress. In some embodiments, sensors 123 may also indicate other environmental conditions at the time a user is providing inputs, such as room temperature, humidity, etc.

[0058] In some embodiments, each factor may be converted into a risk index level, and combined with risk index levels from other risk factors. For example, a user's baseline heart rate may be 65 beats per minute, which may be set to a risk index level of zero. If, when subsequently providing authentication inputs the user's heart rate is higher, such as 85, the system may apply an elevated risk index level to that factor. The system may then combine the risk index levels for each risk factor to determine an overall risk index level. In some embodiments, other environmental factors may influence the risk index level interpretation as well, such as room temperature, time of day, etc.

Before the effective filing date of the invention it would have been obvious to one of ordinary skill in the art to modify the authentication data collection teachings of the prior art of record (reads on user authentication via a combination of fingerprint authentication, facial recognition, voice recognition, retinal scanning and/or various other types of explicit user authentication techniques, see Briceno para 0396 and 0399) by integrating the ability to have stress patterns in the user’s face/retina be a component of authenticating the user (reads on as the user provides authentication information the monitor may actively or passively collect facial stress data via an apparatus, see Anand para 0033 – 0034) to realize the instant limitations. One or more of the underpinning rational(s), as discussed in KSR international Co, v, Teleflex inc,s etai,s 550 U,S. 398 (2007) U.S.P.Q.2d 1385, also see MPEP § 2141 {IN), are used to support this conclusion of obviousness. Accordingly, it would have been obvious to one of ordinary skill in the art to include in the authentication teachings of the prior art of record the ability to have the authentication consider stress data as taught by Anand since the claimed invention is merely a combination of old elements, and in the combination each element merely would have performed the same function as it did separately. As a result, since each individual element and its function are shown in the prior art, albeit shown in separate references, the difference between the claimed subject matter and the prior art rests not on any individual element or function but in the very combination itself- that is in the substitution of the active/passive monitoring of the user’s stress of the secondary reference for the various other types of explicit user authentication techniques teaching of Briceno (see Briceno para 0396 and 0399). Thus, the simple substitution of one known element for another producing a predictable result renders the claim obvious. The motivation to combine the references is applied to all dependent claims under this heading.
Jung suggests 
stress patterns in the user's iris (reads on performing an identification and authentication algorithm based on detecting a stress index based on a color or health state of the eyeball based on iris recognition of an iris detection element, see Jung para 0044, 0054 and 0055).

[0044] The camera activation element 321 activates the camera 130 provided in the mobile communication terminal 100. According to the activation of the camera 130, a video currently captured by the camera 130 is displayed on the display unit 110. If an eye or face of the user is imaged by the camera 130, the eyeball detection element 322 performs a function of recognizing and extracting an eyeball of the user. A general eyeball detection algorithm can be used for eyeball detection. The health information acquisition element 323 acquires various health information through the eyeball detected through the eyeball detection element 322. It is possible to recognize a stress index, a diabetes index, or retinal diseases of the user through a color or health state of the eyeball. A well-known algorithm in the related art can be used as an algorithm for detecting health information from characteristics of the detected eyeball.

[0054] The camera activation element 421 activates the camera 130 provided in the mobile communication terminal 100. According to the activation of the camera 130, a video currently captured by the camera 130 is displayed on the display unit 110. If an eye or face of the user is imaged by the camera 130, the iris detection element 422 performs a function of recognizing and extracting an iris from an eyeball of the user. A general iris detection algorithm can be used for iris recognition. The user identification element 423 performs a function of comparing the iris detected by the iris detection element 422 to pre-stored iris information of the user, and authenticating the current user as a true user if the two match. For this, the user identification element 423 can use iris information of the user pre-stored in a database (not illustrated). The iris information of the user can be stored by registering information regarding the iris detected by the iris detection element 422 using a video of the true user first captured by the camera 130. Predetermined identification information (for example, an identifier (ID), a password, a social security number, or the like) should be input to change the registered iris information of the true user. If the user identification element 423 authenticates the current user as the true user, the lock state of the mobile communication terminal 100 is released and all functions are available. If the current user is not authenticated as the true user, the lock state continues along with a display of an alarm message.

[0055] The above-described operations, that is, the iris detection function, the user identification function, and the user authentication function, can be performed by installing a predetermined application. That is, the application includes the iris detection algorithm and the authentication algorithm based on an iris comparison, so that the operations as described above can be performed by installing the application in the mobile communication terminal 100. The user can download this application and install the downloaded application in the mobile communication terminal 100. The user can use the functions as described above by setting the application to be operated immediately when the activation button 120 is pressed through the setting menu in the inactive state of the mobile communication terminal 100.


Before the effective filing date of the invention it would have been obvious to one of ordinary skill in the art to modify the authentication data collection teachings of the prior art of record (reads on user authentication via a combination of fingerprint authentication, facial recognition, voice recognition, retinal scanning and/or various other types of explicit user authentication techniques, see Briceno para 0396 and 0399) by explicitly integrating the ability to have stress patterns in the user’s face/retina, via a recognized stress index, be a component of authenticating the user (reads on as the user provides authentication information the monitor may determine a stress index via an apparatus from the color or health state of the eyeball, see Jung para 0044, 0054 and 0055) to realize the instant limitations. One or more of the underpinning rational(s), as discussed in KSR international Co, v, Teleflex inc,s etai,s 550 U,S. 398 (2007) U.S.P.Q.2d 1385, also see MPEP § 2141 {IN), are used to support this conclusion of obviousness. Accordingly, it would have been obvious to one of ordinary skill in the art to include in the authentication teachings of the prior art of record the ability to have the authentication consider stress data as taught by Jung since the claimed invention is merely a combination of old elements, and in the combination each element merely would have performed the same function as it did separately. As a result, since each individual element and its function are shown in the prior art, albeit shown in separate references, the difference between the claimed subject matter and the prior art rests not on any individual element or function but in the very combination itself- that is in the incorporation of the active/passive monitoring of the user’s stress as determined by the color or health state of the eyeball of the secondary reference with the various other types of explicit user authentication techniques teaching of Briceno (see Briceno para 0396 and 0399). The motivation to combine the references is applied to all dependent claims under this heading.




Per claim 12, the prior art of record further suggests providing the authentication assertion including the assurance score (reads on transmitting the authentication response comprising the calculated/measured assurance level to the relying party after successful authentication, see Briceno para 0096, 0097, 0099 and Figure 4 blocks 405 and 420) to a second (reads on the user providing the same authentication assertion and assurance score to any of a plurality of different service provider computers, see British para 0009, 001 and 0032) authentication consumer (reads on a relying party with secure transaction services, see Briceno para 0008, 0093 and Figure 4 block 420), and making (reads on the relying party specifies the level of assurance required for a given transaction where a higher assurance level is required for transferring a significant amount of money and a lower assurance level is required for accessing an email account, see Briceno para 0338), via the second (reads on the user providing the same authentication assertion and assurance score to any of a plurality of different service provider computers, see British para 0009, 001 and 0032) authentication consumer (reads on a relying party with secure transaction services, see Briceno para 0008, 0093 and Figure 4 block 420), a local entitlement decision different from the first local entitlement decision based on (reads on the relying party specifies the level of assurance required for a given transaction where a higher assurance level is required for transferring a significant amount of money and a lower assurance level is required for accessing an email account, see Briceno para 0338) the assurance score (reads on the calculated/measured assurance level to the relying party after successful authentication, see Briceno para 0096, 0097, 0099 and Figure 4 blocks 405 and 420). 
Per claim 13, the prior art of record further suggests enabling (reads on the relying party enabling the accessing of an email account but not the transferring of a significant amount of money, see Briceno para 0338), via the first authentication consumer (reads on a relying party with secure transaction services, see Briceno para 0008, 0093 and Figure 4 block 420), a first process (reads on the accessing of an email account but not the transferring of a significant amount of money, see Briceno para 0338) based on the first local entitlement decision (reads on the relying party specifies the level of assurance required for a given transaction where a higher assurance level is required for transferring a significant amount of money and a lower assurance level is required for accessing an email account, see Briceno para 0338); and disabling (reads on the relying party enabling the accessing of an email account but not the transferring of a significant amount of money, see Briceno para 0338), via the first authentication consumer (reads on a relying party with secure transaction services, see Briceno para 0008, 0093 and Figure 4 block 420), a second process (reads on the transferring of a significant amount of money but not the accessing of an email account, see Briceno para 0338) based on the first local entitlement decision (reads on the relying party specifies the level of assurance required for a given transaction where a higher assurance level is required for transferring a significant amount of money and a lower assurance level is required for accessing an email account, see Briceno para 0338).
Per claim 14, the prior art of record further suggests wherein authenticating the user comprises authenticating the user using a pass or fail authentication process (reads on transmitting an indication of whether the transaction is permitted or denied, see Briceno para 0393-0394).
Per claim 15, the prior art of record further suggests wherein collecting orthogonal factors about the user during the authentication process comprises collecting patterns in the user’s body movement that vary from previously learned body movements (reads on using sensors to measure the gait of the user and compare the measurements against the known gait of the user, see Briceno para 0399).
Per claim 16, the prior art of record further suggests wherein the orthogonal factors comprise as least one of: stress patterns in the user's voice (reads on data corresponding to voice stress, see Anand para 0029 and 0036); and stress patterns based on the user's galvanic skin response and heart rate (reads on monitoring data corresponding to threshold stress levels for pulse rate and skin moisture, see Anand para 0029 and 0057 – 0058).
Claim 17 is analyzed with respect to claim 16.
Claim 18 is analyzed with respect to claim 15.
Claim 19 is analyzed with respect to claim 16.
Claim 20 is analyzed with respect to claim 18.
Claim 1 the system comprising an authentication server (see British Figure 1 block 20); and an authentication consumer (see British Figure 1 block 12) is analyzed with respect to claim 11 (The Examiner asserts the environment specific attributes of claim 1 are the same as the orthogonal factors of claim 11 and are similarly rejected).
Claim 2 is analyzed with respect to claim 13.
Per claim 3, the prior art of record further suggests wherein the authentication server (reads on an identity provider, see British para 0015 and 0032) stores the authentication assertion including the assurance score (reads on the identity provider issues the assertion and assurance indication, see British para 0015 and 0032), and wherein the authentication consumer (reads on a relying party with secure transaction services, see Briceno para 0008, 0093 and Figure 4 block 420) retrieves (reads on the relying party/service provider asks for the assertion and assurance indication which The Examiner construes to be obvious based on the prior art’s teaching of the assertion and assurance being transmitted to the relying party. One of ordinary skill in the art would consider it obvious for the transmission to either be a push or a pull transaction because those are the conventional ways in which data is transmitted, see British para 0015 and 0032 and Briceno para 0100, 0378) the authentication assertion including the assurance score (reads on an authentication assertion that includes a level of assurance indication which the user can present to service provider computers in order to authenticate, see British para 0015 and 0032) from the authentication server (reads on an identity provider, see British para 0015 and 0032) in response to receiving a request from the user (reads in response to the user requesting authentication through the identity provider, see British para 0015).
Per claim 4, the prior art of record further suggests wherein the authentication server (reads on an identity provider, see British para 0015 and 0032) provides the authentication assertion including the assurance score to the user (reads on an authentication assertion that includes a level of assurance indication which the user can present to service provider computers in order to authenticate, see British para 0015 and 0032), and wherein the user provides the authentication assertion including the assurance score to the authentication consumer (reads on an authentication assertion that includes a level of assurance indication which the user can present to service provider computers in order to authenticate, see British para 0015 and 0032).
Claim 5 is analyzed with respect to claim 15.
Claim 6 the system comprising a machine-readable storage medium storing instructions (see Briceno para 0565) and patterns (see Briceno para 0399); and a processor (see Briceno para 0565 – 0568) is analyzed with respect to claim 11. 
Claim 7 is analyzed with respect to claim 11.
Claim 8 is analyzed with respect to claim 11.
Claim 9 is analyzed with respect to claim 15.
Claim 10 is analyzed with respect to claim 15.

Conclusion
Applicant's amendment necessitated the new ground(s) of rejection presented in this Office action.  Accordingly, THIS ACTION IS MADE FINAL.  See MPEP § 706.07(a).  Applicant is reminded of the extension of time policy as set forth in 37 CFR 1.136(a).  
A shortened statutory period for reply to this final action is set to expire THREE MONTHS from the mailing date of this action.  In the event a first reply is filed within TWO MONTHS of the mailing date of this final action and the advisory action is not mailed until after the end of the THREE-MONTH shortened statutory period, then the shortened statutory period will expire on the date the advisory action is mailed, and any extension fee pursuant to 37 CFR 1.136(a) will be calculated from the mailing date of the advisory action.  In no event, however, will the statutory period for reply expire later than SIX MONTHS from the date of this final action.

Contact

Any inquiry concerning this communication or earlier communications from the examiner should be directed to Brian Shaw whose telephone number is (571)270-5191.  The examiner can normally be reached on Mon-Thurs from 6:00 AM-3:30 PM.
If attempts to reach the examiner by telephone are unsuccessful, the examiner's Supervisor, Jorge L. Ortiz Criado can be reached on (571) 272-7624.  The fax phone number for the organization where this application or proceeding is assigned is 703-872-9306.  Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system.  Status information for published applications may be obtained from either Private PAIR or Public PAIR.  Status information for unpublished applications is available through Private PAIR only.  For more information about the PAIR system, see http://pair-direct.uspto.gov. Should you have questions on access to the Private PAIR system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free).
/BRIAN F SHAW/Primary Examiner, Art Unit 2496