DETAILED ACTION
Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .
Claims 1-20 have been examined. 

Continued Examination Under 37 CFR 1.114
A request for continued examination under 37 CFR 1.114, including the fee set forth in 37 CFR 1.17(e), was filed in this application after final rejection.  Since this application is eligible for continued examination under 37 CFR 1.114, and the fee set forth in 37 CFR 1.17(e) has been timely paid, the finality of the previous Office action has been withdrawn pursuant to 37 CFR 1.114.  Applicant's submission filed on 04/19/2022 has been entered.

Response to Amendment
Claims 1, 8 and 15 have been amended.
Applicant’s arguments with respect to claims 1, 8 and 15 regarding the new limitations: “monitoring, by one or more processors, a computing device to identify a pattern of keys pressed on the computing device by the primary user; determining, by one or more processors, a protected mode within a database which corresponds with the pattern of keys on the computing device by the primary user; and activating, by one or more processors, the protected mode on the computing device determined by the pattern of keys pressed, and which is in response to the primary user being equal to or greater than the predetermined distance from the computing device”, have been considered but are moot because the new ground of rejection does not rely on any reference applied in the prior rejection of record for any teaching or matter specifically challenged in the argument.

Specification
The disclosure is objected to because of the following informalities: Paragraph [0019] of the specification of the instant application recites: “In response to detecting authorized activity by the secondary user on computing device 120, authentication program 132 activates protected mode on the computing device” instead of “In response to detecting unauthorized activity…”.  Appropriate correction is required.

Claim Objections
Claim 15 is objected to because of the following informalities:  Claim 15 recites: “execution by at least on of the one or more processors” instead of “execution by at least one of the one or more processors”.  Appropriate correction is required.

Claim Rejections - 35 USC § 101
35 U.S.C. 101 reads as follows:
Whoever invents or discovers any new and useful process, machine, manufacture, or composition of matter, or any new and useful improvement thereof, may obtain a patent therefor, subject to the conditions and requirements of this title.


Claim 8 is rejected under 35 U.S.C. 101 because the claimed invention is directed to non-statutory subject matter.  The claim(s) does/do not fall within at least one of the four categories of patent eligible subject matter. Claim 8 is directed to “A computer program” which is software per se and non-statutory.

Claim Rejections - 35 USC § 112
The following is a quotation of 35 U.S.C. 112(b):
(b)  CONCLUSION.—The specification shall conclude with one or more claims particularly pointing out and distinctly claiming the subject matter which the inventor or a joint inventor regards as the invention.


The following is a quotation of 35 U.S.C. 112 (pre-AIA ), second paragraph:
The specification shall conclude with one or more claims particularly pointing out and distinctly claiming the subject matter which the applicant regards as his invention.


Claim 8 is rejected under 35 U.S.C. 112(b) or 35 U.S.C. 112 (pre-AIA ), second paragraph, as being indefinite for failing to particularly point out and distinctly claim the subject matter which the inventor or a joint inventor (or for applications subject to pre-AIA  35 U.S.C. 112, the applicant), regards as the invention. Claim 8 recites the limitation "A computer program, the computer program product…" in the preamble.  There is insufficient antecedent basis for “the computer program product” limitation in the claim. Examiner suggests the following amendment: “"A computer program product, the computer program product…"
Claims 1, 8 and 15 are rejected under 35 U.S.C. 112(b) or 35 U.S.C. 112 (pre-AIA ), second paragraph, as being indefinite for failing to particularly point out and distinctly claim the subject matter which the inventor or a joint inventor (or for applications subject to pre-AIA  35 U.S.C. 112, the applicant), regards as the invention. Claims 1, 8 and 15 recite: “monitoring, by one or more processors, a computing device to identify a pattern of keys pressed on the computing device by the primary user; activating, by one or more processors, the protected mode on the computing device determined by the pattern of keys pressed, and which is in response to the primary user being equal to or greater than the predetermined distance from the computing device”. It is unclear how it is possible for the primary user to press a pattern of keys on the computing device and be at a distance equal to or greater than the predetermined distance from the computing device since pressing a pattern of keys requires the primary user to be very close to the computing device which conflicts with being at a distance equal to or greater than the predetermined distance from the computing device.

Claim Rejections - 35 USC § 112
The following is a quotation of the first paragraph of 35 U.S.C. 112(a):
(a) IN GENERAL.—The specification shall contain a written description of the invention, and of the manner and process of making and using it, in such full, clear, concise, and exact terms as to enable any person skilled in the art to which it pertains, or with which it is most nearly connected, to make and use the same, and shall set forth the best mode contemplated by the inventor or joint inventor of carrying out the invention.

The following is a quotation of the first paragraph of pre-AIA  35 U.S.C. 112:
The specification shall contain a written description of the invention, and of the manner and process of making and using it, in such full, clear, concise, and exact terms as to enable any person skilled in the art to which it pertains, or with which it is most nearly connected, to make and use the same, and shall set forth the best mode contemplated by the inventor of carrying out his invention.

Claims 1, 8 and 15 are rejected under 35 U.S.C. 112(a) or 35 U.S.C. 112 (pre-AIA ), first paragraph, as failing to comply with the written description requirement. The claim(s) contains subject matter which was not described in the specification in such a way as to reasonably convey to one skilled in the relevant art that the inventor or a joint inventor, or for applications subject to pre-AIA  35 U.S.C. 112, the inventor(s), at the time the application was filed, had possession of the claimed invention. Claims 1, 8 and 15 recite: “monitoring, by one or more processors, a computing device to identify a pattern of keys pressed on the computing device by the primary user; activating, by one or more processors, the protected mode on the computing device determined by the pattern of keys pressed, and which is in response to the primary user being equal to or greater than the predetermined distance from the computing device”. Paragraph [0052] of the specification of the instant application recites: “In various embodiments, if the primary user utilizing a second computing device reaches a threshold level distance from computing device 120, client application 122 activates protected mode and locks computing device 120.” Paragraph [0053] explains this concept in more detail. Paragraphs [0059]-[0060] recite: “[0059]: In some embodiments, client application 122 identifies a key combination associated with user activity. In some embodiments, the key combination includes, but is not limited to, a pattern of keys-pressed on device (e.g., a keyboard, dial numbers, etc.), a pattern on a touch-based screen, pressing the various functional buttons on the device a plurality of times, etc. In various embodiments, client application 122 generates a key combination request and communicates the key combination request to authentication program 132. [0060]: In various embodiments, authentication program 132 determines that the key combination request matches one or more policy decision and authentication program 132 generates an approval request and communicates the approval request client application 122. Additionally, in various embodiments, authentication program 132 includes a set of program instructions with the approval request, instructing client application 122 to activate protected mode on computing device 120 associated with (i) the key combination request and (ii) the one or more policy decisions. In an alternative embodiment, client application 122 activates protected mode on computing device 120 and continues to monitor computing device 120 for unauthorized activity.” The specification recites activating protected mode when the primary user reaches a threshold distance from the computing device and the specification recites activating a protected mode when a pattern of keys is pressed on the computing device but the specification does not explicitly recite that the protected mode is activated in response to the pattern of keys pressed on the computing device and the primary user being at a predetermined distance from the computing device, i.e., the specification does not recite activating the protected mode to the combination of pattern of keys pressed and a predetermined distance. 

Claim Rejections - 35 USC § 103
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.

The text of those sections of Title 35, U.S. Code not included in this action can be found in a prior Office action.
Claims 1-6, 8-13 and 15-19 are rejected under 35 U.S.C. 103 as being unpatentable over prior art of record US 20200125704 to Chavez et al (hereinafter Chavez), EP 1246434 to Winkler (hereinafter Winkler) and prior art of record US 20190347431 to Nair (hereinafter Nair).
As per claim 1, Chavez teaches:
A computer-implemented method, the method comprising: 
receiving, by one or more processors, one or more policy decisions from a primary user (Chavez: [0093] The primary permissions field 332 may be used to store information related to device use permissions created by the primary user and/or that are to be imposed on the primary user. In some embodiments, the primary permissions field 332 may be used to store permissions defined by a primary user for application to a borrowing user); 
monitoring, by one or more processors, activity associated with one or more applications by a secondary user on the computing device (Chavez: [0068]: In some embodiments, the second borrowing user 120c may not be able to access certain types of content (e.g., particular content servers 116 or web addresses) using a browser of the user device 104 even though the second borrowing user 120c has the ability to access the browser of the user device 104 (monitoring second borrowing user’s activity associated with the browser application). [0079]: The activity monitoring instructions 240 may also receive usage information associated with an application 232 or O/S 224 (e.g., particular commands received at the application 232 or O/S 224 or usage statistics associated with operation of a particular application 232 or O/S 224). As a non-limiting example, the activity monitoring instructions 240 may be configured to determine whether a particular user is inputting data (e.g., typing) with a particular frequency or speed, determine whether a particular user is actively using particular applications, receive biometric information from the user, request the user to input an access code or password, determine that certain functions are being performed within an application, determine that certain features (e.g., text features, calling features, social media features, etc.) are being utilized by an application, and so on. [0112]: The method 700 begins by detecting user activity on the device (step 704) and then monitoring the user behavior (step 708). Also, [0106], [0122]); 
detecting, by one or more processors, the activity being unauthorized activity by the secondary user on the computing device (Chavez: [0081]: In some embodiments, such a notification may also be sent to an application host to terminate an application connection and ensure an application is no longer accessible since the binding is broken, such as the case when a borrowing user may be accessing the primary user's mobile banking application on the device (detecting unauthorized activity). [0122] The method 900 will then continue with the compliance instructions 264 determining whether the current behavior of the borrowing user is within alignment of the policies defined for the borrowing user (step 920). If the current behavior (e.g., use behaviors of the borrowing user) violate the compliance instructions 264, then the method will optionally lock the device, limit functionality of the device); and 
in response to detecting the unauthorized activity by the secondary user on the computing device, activating, by one or more processors, the determined protected mode on the computing device (Chavez: [0081]: In some embodiments, such a notification may also be sent to an application host to terminate an application connection and ensure an application is no longer accessible since the binding is broken, such as the case when a borrowing user may be accessing the primary user's mobile banking application on the device. [0107] When a binding is broken, such as, in the scenario when no borrowing user is enrolled with the device, and as soon as an unenrolled borrowing user gets possession of the device, the pairing/binding between the primary user and device is broken. In this case, the method 500 may further include disabling one or more features or functions of the device 104 (step 540). For instance, the device 104 may be turned off or locked, thereby restricting the borrowing user from using any functions or features of the device 104. In other embodiments, the borrowing user permissions 244 may be referenced to determine if some features or functions of the device 104 are still allowed to remain active whereas other features or functions of the device 104 are disabled or hidden from view of the borrowing user. [0122]: If the current behavior (e.g., use behaviors of the borrowing user) violate the compliance instructions 264, then the method will optionally lock the device, limit functionality of the device).
Chavez does not teach: monitoring, by one or more processors, a computing device to identify a pattern of keys pressed on the computing device by the primary user; determining, by one or more processors, a protected mode within a database which corresponds with the pattern of keys on the computing device by the primary user; determining, by one or more processors, whether the primary user is equal to or greater than a predetermined distance from the computing device; activating, by one or more processors, the protected mode on the computing device determined by the pattern of keys pressed, and which is in response to the primary user being equal to or greater than the predetermined distance from the computing device; in the determined protected mode, populating, by one or more processors, the computing device with a passcode screen in response to the primary user being equal to or greater than the predetermined distance from the computing device. However, 
monitoring, by one or more processors, a computing device to identify a pattern of keys pressed on the computing device by the primary user; determining, by one or more processors, a protected mode within a database which corresponds with the pattern of keys on the computing device by the primary user; activating, by one or more processors, the protected mode on the computing device determined by the pattern of keys pressed (Winkler: [0021]: To be sure that the phone operates in protected mode, a user can advantageously activate the protection mechanism at his own by pressing a predefined key or key-sequence. [0037]: By pressing a pre-defined sequence of keys, like e.g. the sequence used to block the key pad, the protection mechanism provided by the access control 300 can be activated and/or deactivated manually by the user. [0038]: The detection means 304 further checks if keys have been pressed in a certain sequence like described above, or if a key-lock has been activated. The detection means 304 will also activate the access control 300 upon the occasion that a user selects a special menu point. [0039]).
Therefore, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to employ the teachings of Winkler in the invention of Chavez to include the above limitations. The motivation to do so would be to provide a protection against unauthorised use of one or more functions of the mobile terminal  (Winkler: [0011]). 
Chavez in view of Winkler does not teach the rest of the limitations. However, Nair teaches:
determining, by one or more processors, whether the primary user is equal to or greater than a predetermined distance from the computing device (Nair:[0046]. [0058]: Communication device 110 may detect a distance that owner 102 is from communication device 110, for example, using RSSI, triangulation, or other distance detection process through short range wireless communications or distance tracking. [0066]: Additionally, a user distance configuration 2314 has a slider 2312 that sets a maximum distance between the user and the user device at less than 20 meters. Interface 2302 of control panel 2300 may further allow for device stolen alarm settings 2316 to be established, which may be executed when a stolen device condition is satisfied, such as if the device exceeds the 20 meter limit for user distance configuration 2314); 
activating, by one or more processors, the protected mode on the computing device which is in response to the primary user being equal to or greater than the predetermined distance from the computing device (Nair: [0058]: Communication device 110 may detect a distance that owner 102 is from communication device 110, for example, using RSSI, triangulation, or other distance detection process through short range wireless communications or distance tracking. Based on the distance, communication device 110 may determine whether any limitations should be implemented on communication device 110 to secure communication device 110 from unauthorized use or misappropriation of data. [0064] An event 2100 may occur, which may cause a limitation to be imposed on the communication device displaying application interface A 2000 and application interface B 2200. For example, the event may cause a setting's requirements for the limitation to be met or exceeded. Application interface B 2200 may therefore be restricted from access to data or limitations based on the limitation imposed on the communication device. For example, in application interface B 2200, digital wallet A 2202 may be restricted or altered from digital wallet A 2002, for example, by restricting payment process B 2204 from the processes accessible to payment process B 2004 in application interface A 2000. Application interface B 2200 includes a restricted limitation 2206 for payment process B 2204); 
in the determined protected mode, populating, by one or more processors, the computing device with a passcode screen in response to the primary user being equal to or greater than the predetermined distance from the computing device (Nair: Fig. 2B, [0058]: Based on the distance, communication device 110 may determine whether any limitations should be implemented on communication device 110 to secure communication device 110 from unauthorized use or misappropriation of data. [0064]: Application interface B 2200 includes a restricted limitation 2206 for payment process B 2204. Moreover, an authentication process 2208 may allow entry of authentication credentials that may include an unlock process 2210 for restricted limitation 2206 to remove restricted limitation 2206. [0025]).
Therefore, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to employ the teachings of Nair in the invention of Chavez in view of Winkler to include the above limitations. The motivation to do so would be to limit device functionality based on device vulnerabilities and risk and more specifically to processing device data and/or location data to limit application processes, data availability, and/or application usage (Nair: [0001]).

As per claim 8, Chavez teaches:
A computer program, the computer program product comprising: one or more computer-readable storage media and program instructions stored on the one or more computer-readable storage media, the program instructions comprising: 
program instructions to receive one or more policy decisions from a primary user (Chavez: [0093] The primary permissions field 332 may be used to store information related to device use permissions created by the primary user and/or that are to be imposed on the primary user. In some embodiments, the primary permissions field 332 may be used to store permissions defined by a primary user for application to a borrowing user); 
program instructions to monitor activity associated with one or more applications by a secondary user on the computing device (Chavez: [0068]: In some embodiments, the second borrowing user 120c may not be able to access certain types of content (e.g., particular content servers 116 or web addresses) using a browser of the user device 104 even though the second borrowing user 120c has the ability to access the browser of the user device 104 (monitoring second borrowing user’s activity associated with the browser application). [0079]: The activity monitoring instructions 240 may also receive usage information associated with an application 232 or O/S 224 (e.g., particular commands received at the application 232 or O/S 224 or usage statistics associated with operation of a particular application 232 or O/S 224). As a non-limiting example, the activity monitoring instructions 240 may be configured to determine whether a particular user is inputting data (e.g., typing) with a particular frequency or speed, determine whether a particular user is actively using particular applications, receive biometric information from the user, request the user to input an access code or password, determine that certain functions are being performed within an application, determine that certain features (e.g., text features, calling features, social media features, etc.) are being utilized by an application, and so on. [0112]: The method 700 begins by detecting user activity on the device (step 704) and then monitoring the user behavior (step 708). Also, [0106], [0122]); 
program instructions to detect the activity being unauthorized activity by the secondary user on the computing device (Chavez: [0081]: In some embodiments, such a notification may also be sent to an application host to terminate an application connection and ensure an application is no longer accessible since the binding is broken, such as the case when a borrowing user may be accessing the primary user's mobile banking application on the device (detecting unauthorized activity). [0122] The method 900 will then continue with the compliance instructions 264 determining whether the current behavior of the borrowing user is within alignment of the policies defined for the borrowing user (step 920). If the current behavior (e.g., use behaviors of the borrowing user) violate the compliance instructions 264, then the method will optionally lock the device, limit functionality of the device); and 
in response to detecting the unauthorized activity by the secondary user on the computing device, program instructions to activate the determined protected mode on the computing device (Chavez: [0081]: In some embodiments, such a notification may also be sent to an application host to terminate an application connection and ensure an application is no longer accessible since the binding is broken, such as the case when a borrowing user may be accessing the primary user's mobile banking application on the device. [0107] When a binding is broken, such as, in the scenario when no borrowing user is enrolled with the device, and as soon as an unenrolled borrowing user gets possession of the device, the pairing/binding between the primary user and device is broken. In this case, the method 500 may further include disabling one or more features or functions of the device 104 (step 540). For instance, the device 104 may be turned off or locked, thereby restricting the borrowing user from using any functions or features of the device 104. In other embodiments, the borrowing user permissions 244 may be referenced to determine if some features or functions of the device 104 are still allowed to remain active whereas other features or functions of the device 104 are disabled or hidden from view of the borrowing user. [0122]: If the current behavior (e.g., use behaviors of the borrowing user) violate the compliance instructions 264, then the method will optionally lock the device, limit functionality of the device), 
wherein the unauthorized activity comprises navigating away from application software on another screen of the computing device (Chavez: [0106]: In one embodiment, such input to grant permission to allow borrowing user to utilize the device, may be time bound or event bound, that is, the primary user allows the borrowing user to utilize the device for a limited amount of time or until a preconfigured event occurs such as the borrowing user trying to access an application the borrowing user is not supposed to do (navigating away from allowed application software)).
Chavez does not teach: program instructions to monitor a computing device to identify a pattern of keys pressed on the computing device by the primary user; program instructions to determine a protected mode within a database which corresponds with the pattern of keys on the computing device by the primary user; program instructions to determine whether the primary user is equal to or greater than a predetermined distance from the computing device; program instructions to activate the protected mode on the computing device 6302-40038--4--Appl. No.: 16/735,817P201904602US01determined by the pattern of keys pressed, and which is in response to the primary user being equal to or greater than the predetermined distance from the computing device; in the determined protected mode, program instructions to populate the computing device with a passcode screen in response to the primary user being equal to or greater than the predetermined distance from the computing device. However, Winkler teaches:
program instructions to monitor a computing device to identify a pattern of keys pressed on the computing device by the primary user; program instructions to determine a protected mode within a database which corresponds with the pattern of keys on the computing device by the primary user; program instructions to activate the protected mode on the computing device 6302-40038--4--Appl. No.: 16/735,817P201904602US01determined by the pattern of keys pressed (Winkler: [0021]: To be sure that the phone operates in protected mode, a user can advantageously activate the protection mechanism at his own by pressing a predefined key or key-sequence. [0037]: By pressing a pre-defined sequence of keys, like e.g. the sequence used to block the key pad, the protection mechanism provided by the access control 300 can be activated and/or deactivated manually by the user. [0038]: The detection means 304 further checks if keys have been pressed in a certain sequence like described above, or if a key-lock has been activated. The detection means 304 will also activate the access control 300 upon the occasion that a user selects a special menu point. [0039]).
Therefore, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to employ the teachings of Winkler in the invention of Chavez to include the above limitations. The motivation to do so would be to provide a protection against unauthorised use of one or more functions of the mobile terminal  (Winkler: [0011]). 
Chavez in view of Winkler does not teach the rest of the limitations. However, Nair teaches:
program instructions to determine whether the primary user is equal to or greater than a predetermined distance from the computing device (Nair:[0046]. [0058]: Communication device 110 may detect a distance that owner 102 is from communication device 110, for example, using RSSI, triangulation, or other distance detection process through short range wireless communications or distance tracking. [0066]: Additionally, a user distance configuration 2314 has a slider 2312 that sets a maximum distance between the user and the user device at less than 20 meters. Interface 2302 of control panel 2300 may further allow for device stolen alarm settings 2316 to be established, which may be executed when a stolen device condition is satisfied, such as if the device exceeds the 20 meter limit for user distance configuration 2314); 
program instructions to activate the protected mode on the computing device 6302-40038--4--Appl. No.: 16/735,817P201904602US01 which is in response to the primary user being equal to or greater than the predetermined distance from the computing device (Nair: [0058]: Communication device 110 may detect a distance that owner 102 is from communication device 110, for example, using RSSI, triangulation, or other distance detection process through short range wireless communications or distance tracking. Based on the distance, communication device 110 may determine whether any limitations should be implemented on communication device 110 to secure communication device 110 from unauthorized use or misappropriation of data. [0064] An event 2100 may occur, which may cause a limitation to be imposed on the communication device displaying application interface A 2000 and application interface B 2200. For example, the event may cause a setting's requirements for the limitation to be met or exceeded. Application interface B 2200 may therefore be restricted from access to data or limitations based on the limitation imposed on the communication device. For example, in application interface B 2200, digital wallet A 2202 may be restricted or altered from digital wallet A 2002, for example, by restricting payment process B 2204 from the processes accessible to payment process B 2004 in application interface A 2000. Application interface B 2200 includes a restricted limitation 2206 for payment process B 2204); 
in the determined protected mode, program instructions to populate the computing device with a passcode screen in response to the primary user being equal to or greater than the predetermined distance from the computing device (Nair: Fig. 2B, [0058]: Based on the distance, communication device 110 may determine whether any limitations should be implemented on communication device 110 to secure communication device 110 from unauthorized use or misappropriation of data. [0064]: Application interface B 2200 includes a restricted limitation 2206 for payment process B 2204. Moreover, an authentication process 2208 may allow entry of authentication credentials that may include an unlock process 2210 for restricted limitation 2206 to remove restricted limitation 2206. [0025]).
Therefore, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to employ the teachings of Nair in the invention of Chavez in view of Winkler to include the above limitations. The motivation to do so would be to limit device functionality based on device vulnerabilities and risk and more specifically to processing device data and/or location data to limit application processes, data availability, and/or application usage (Nair: [0001]).

As per claim 15, Chavez teaches:
A computer system, the computer system comprising: one or more computer processors; one or more computer readable storage medium; and program instructions stored on the computer readable storage medium for execution by at least on of the one or more processors, the program instructions comprising: 
program instructions to receive one or more policy decisions from a primary user (Chavez: [0093] The primary permissions field 332 may be used to store information related to device use permissions created by the primary user and/or that are to be imposed on the primary user. In some embodiments, the primary permissions field 332 may be used to store permissions defined by a primary user for application to a borrowing user); 
program instructions to monitor activity associated with one or more applications by a secondary user on the computing device (Chavez: [0068]: In some embodiments, the second borrowing user 120c may not be able to access certain types of content (e.g., particular content servers 116 or web addresses) using a browser of the user device 104 even though the second borrowing user 120c has the ability to access the browser of the user device 104 (monitoring second borrowing user’s activity associated with the browser application). [0079]: The activity monitoring instructions 240 may also receive usage information associated with an application 232 or O/S 224 (e.g., particular commands received at the application 232 or O/S 224 or usage statistics associated with operation of a particular application 232 or O/S 224). As a non-limiting example, the activity monitoring instructions 240 may be configured to determine whether a particular user is inputting data (e.g., typing) with a particular frequency or speed, determine whether a particular user is actively using particular applications, receive biometric information from the user, request the user to input an access code or password, determine that certain functions are being performed within an application, determine that certain features (e.g., text features, calling features, social media features, etc.) are being utilized by an application, and so on. [0112]: The method 700 begins by detecting user activity on the device (step 704) and then monitoring the user behavior (step 708). Also, [0106], [0122]); 
program instructions to detect the activity being unauthorized activity by the secondary user on the computing device (Chavez: [0081]: In some embodiments, such a notification may also be sent to an application host to terminate an application connection and ensure an application is no longer accessible since the binding is broken, such as the case when a borrowing user may be accessing the primary user's mobile banking application on the device (detecting unauthorized activity). [0122] The method 900 will then continue with the compliance instructions 264 determining whether the current behavior of the borrowing user is within alignment of the policies defined for the borrowing user (step 920). If the current behavior (e.g., use behaviors of the borrowing user) violate the compliance instructions 264, then the method will optionally lock the device, limit functionality of the device); and 
in response to detecting the unauthorized activity by the secondary user on the computing device, program instructions to activate the determined protected mode on the computing device (Chavez: [0081]: In some embodiments, such a notification may also be sent to an application host to terminate an application connection and ensure an application is no longer accessible since the binding is broken, such as the case when a borrowing user may be accessing the primary user's mobile banking application on the device. [0107] When a binding is broken, such as, in the scenario when no borrowing user is enrolled with the device, and as soon as an unenrolled borrowing user gets possession of the device, the pairing/binding between the primary user and device is broken. In this case, the method 500 may further include disabling one or more features or functions of the device 104 (step 540). For instance, the device 104 may be turned off or locked, thereby restricting the borrowing user from using any functions or features of the device 104. In other embodiments, the borrowing user permissions 244 may be referenced to determine if some features or functions of the device 104 are still allowed to remain active whereas other features or functions of the device 104 are disabled or hidden from view of the borrowing user. [0122]: If the current behavior (e.g., use behaviors of the borrowing user) violate the compliance instructions 264, then the method will optionally lock the device, limit functionality of the device), 6302-40038--7--Appl. No.: 16/735,817P201904602US01 
wherein the determined protected mode allows the second user access to predetermined application software specified by the primary user (Chavez: [0017]: the different types of policies may include a definition of types of applications that are made accessible to borrowing users (e.g., educational applications, music applications, child entertainment applications, etc.) and some applications that are not made accessible to borrowing users (e.g., primary user's social media applications, personal email and/or work email application). [0106]: In one embodiment, such input to grant permission to allow borrowing user to utilize the device, may be time bound or event bound, that is, the primary user allows the borrowing user to utilize the device for a limited amount of time or until a preconfigured event occurs such as the borrowing user trying to access an application the borrowing user is not supposed to do. [0081]: The primary user 120a may also use the notification instructions 252 to specify when a notification is generated and transmitted indicating that an unknown borrowing user is utilizing the device 104, 108 as compared to a known and enrolled borrowing user. In some embodiments, such a notification may also be sent to an application host to terminate an application connection and ensure an application is no longer accessible since the binding is broken, such as the case when a borrowing user may be accessing the primary user's mobile banking application on the device. [0122] The method 900 will then continue with the compliance instructions 264 determining whether the current behavior of the borrowing user is within alignment of the policies defined for the borrowing user (step 920). If the current behavior (e.g., use behaviors of the borrowing user) violate the compliance instructions 264, then the method will optionally lock the device, limit functionality of the device, i.e., the borrowing user is allowed to access certain applications based on primary user’s policies)).
Chavez does not teach: program instructions to monitor a computing device to identify a pattern of keys pressed on the computing device by the primary user; program instructions to determine a protected mode within a database which corresponds with the pattern of keys on the computing device by the primary user; program instructions to determine whether the primary user is equal to or greater than a predetermined distance from the computing device; program instructions to activate the protected mode on the computing device determined by the pattern of keys pressed, and which is in response to the primary user being equal to or greater than the predetermined distance from the computing device; in the determined protected mode, populate the computing device with a passcode screen in response to the primary user being equal to or greater than the predetermined distance from the computing device. However, Winkler teaches:
program instructions to monitor a computing device to identify a pattern of keys pressed on the computing device by the primary user; program instructions to determine a protected mode within a database which corresponds with the pattern of keys on the computing device by the primary user; program instructions to activate the protected mode on the computing device determined by the pattern of keys pressed (Winkler: [0021]: To be sure that the phone operates in protected mode, a user can advantageously activate the protection mechanism at his own by pressing a predefined key or key-sequence. [0037]: By pressing a pre-defined sequence of keys, like e.g. the sequence used to block the key pad, the protection mechanism provided by the access control 300 can be activated and/or deactivated manually by the user. [0038]: The detection means 304 further checks if keys have been pressed in a certain sequence like described above, or if a key-lock has been activated. The detection means 304 will also activate the access control 300 upon the occasion that a user selects a special menu point. [0039]).
Therefore, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to employ the teachings of Winkler in the invention of Chavez to include the above limitations. The motivation to do so would be to provide a protection against unauthorised use of one or more functions of the mobile terminal  (Winkler: [0011]).
Chavez in view of Winkler does not teach the rest of the limitations. However, Nair teaches:
program instructions to determine whether the primary user is equal to or greater than a predetermined distance from the computing device (Nair:[0046]. [0058]: Communication device 110 may detect a distance that owner 102 is from communication device 110, for example, using RSSI, triangulation, or other distance detection process through short range wireless communications or distance tracking. [0066]: Additionally, a user distance configuration 2314 has a slider 2312 that sets a maximum distance between the user and the user device at less than 20 meters. Interface 2302 of control panel 2300 may further allow for device stolen alarm settings 2316 to be established, which may be executed when a stolen device condition is satisfied, such as if the device exceeds the 20 meter limit for user distance configuration 2314); 
program instructions to activate the protected mode on the computing device which is in response to the primary user being equal to or greater than the predetermined distance from the computing device (Nair: [0058]: Communication device 110 may detect a distance that owner 102 is from communication device 110, for example, using RSSI, triangulation, or other distance detection process through short range wireless communications or distance tracking. Based on the distance, communication device 110 may determine whether any limitations should be implemented on communication device 110 to secure communication device 110 from unauthorized use or misappropriation of data. [0064] An event 2100 may occur, which may cause a limitation to be imposed on the communication device displaying application interface A 2000 and application interface B 2200. For example, the event may cause a setting's requirements for the limitation to be met or exceeded. Application interface B 2200 may therefore be restricted from access to data or limitations based on the limitation imposed on the communication device. For example, in application interface B 2200, digital wallet A 2202 may be restricted or altered from digital wallet A 2002, for example, by restricting payment process B 2204 from the processes accessible to payment process B 2004 in application interface A 2000. Application interface B 2200 includes a restricted limitation 2206 for payment process B 2204); 
in the determined protected mode, populate the computing device with a passcode screen in response to the primary user being equal to or greater than the predetermined distance from the computing device (Nair: Fig. 2B, [0058]: Based on the distance, communication device 110 may determine whether any limitations should be implemented on communication device 110 to secure communication device 110 from unauthorized use or misappropriation of data. [0064]: Application interface B 2200 includes a restricted limitation 2206 for payment process B 2204. Moreover, an authentication process 2208 may allow entry of authentication credentials that may include an unlock process 2210 for restricted limitation 2206 to remove restricted limitation 2206. [0025]).
Therefore, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to employ the teachings of Nair in the invention of Chavez in view of Winkler to include the above limitations. The motivation to do so would be to limit device functionality based on device vulnerabilities and risk and more specifically to processing device data and/or location data to limit application processes, data availability, and/or application usage (Nair: [0001]).

As per claims 2 and 9, Chavez in view of Winkler and Nair teaches:
The computer-implemented method of claim 1, the method further comprising: 
receiving, by the one or more processors, the one or more policy decisions from the primary user (Chavez: [0093] The primary permissions field 332 may be used to store information related to device use permissions created by the primary user and/or that are to be imposed on the primary user. In some embodiments, the primary permissions field 332 may be used to store permissions defined by a primary user for application to a borrowing user); 
analyzing, by the one or more processors, the one or more policy decisions from the primary user (Chavez: [0021]: The policy compliance instructions may be configured to load all of the policies configured by the primary user and possibly other policies provided by a borrowing user. When a user first attempts to access a new website, game, or application, the policy compliance instructions may further check if any of the configured policies allow/disallow such an action and take appropriate recourse (e.g., block the access or redirect the user to another website/application), thereby preventing the borrowing user from violating the policies); and 
storing, by the one or more processors, (i) the one or more policy decisions (Chavez: [0093] The primary permissions field 332 may be used to store information related to device use permissions created by the primary user and/or that are to be imposed on the primary user. In some embodiments, the primary permissions field 332 may be used to store permissions defined by a primary user for application to a borrowing user) and (ii) one or more identified data requests on a database (Chavez: [0021]: When a user first attempts to access a new website, game, or application, the policy compliance instructions may further check if any of the configured policies allow/disallow such an action and take appropriate recourse. [0024]: In some embodiments, the activity monitoring instructions may be configured to record inappropriate activity of the borrowing user in its local database).

As per claims 3, 10 and 16, Chavez in view of Winkler and Nair teaches:
The computer-implemented method of claim 1, the method further comprising: 
receiving, by the one or more processors, one or more data request from the primary user (Chavez: [0075]: A user may be considered to be utilizing the device 104, 108 when the O/S 224 is operational/functional and/or when one or more applications 232 are being actively executed by the processor 204 and/or when the user is interacting with the device through user interface 220 either by physical touch or voice commands. Active execution of an O/S 224 and/or application 232 may result in certain types of data being rendered via the user interface 220 and/or transmitted via the communications interface 212. [0077]: Reference to the user permissions 236 may be done at each instance of the primary user 120a inputting an instruction to the device 104, 108 or at least instance of the primary user 120a attempting to access a new application or function of the device 104, 108); 
analyzing, by the one or more processors, the one or more data requests from the primary user (Chavez: [0077]: The device functionality may be controlled with the O/S 224 referencing whether or not a primary user 120a is currently bound to the device 104, 108 and then referencing the associated primary user permissions 236 for the primary user 120a. Reference to the user permissions 236 may be done at each instance of the primary user 120a inputting an instruction to the device 104, 108 or at least instance of the primary user 120a attempting to access a new application or function of the device 104, 108); and 
determining, by the one or more processors, that the one or more data requests match the one or more policy decisions stored on a database (Chavez: [0077]: In some embodiments, the primary user permissions 236 correspond to a set of rules, policies or parameters that are applied to utilization of the device 104, 108 when a binding exists between the primary user 120a and the device 104 (e.g., as shown in FIG. 1B). In some embodiments, the primary user 120a may be enabled to fully access all functions, applications, and hardware of the device 104, 108. [0110]: the primary user is allowed to access functionality and features of the device 104 based on the primary user permissions 236 (step 620)).

As per claims 4, 11 and 17, Chavez in view of Winkler and Nair teaches:
The computer-implemented method of claim 3, the method further comprising: 
in response to determining that the one or more data requests match the one or more policy decisions stored on the database, identifying, by the one or more processors, a threshold level of security based on (i) the one or more data requests and (ii) the one or more policy decisions (Chavez: [0077]: In some embodiments, the primary user permissions 236 correspond to a set of rules, policies or parameters that are applied to utilization of the device 104, 108 when a binding exists between the primary user 120a and the device 104 (e.g., as shown in FIG. 1B). In some embodiments, the primary user 120a may be enabled to fully access all functions, applications, and hardware of the device 104, 108. [0110]: the primary user is allowed to access functionality and features of the device 104 based on the primary user permissions 236 (step 620). [0104]: the policy compliance instructions 264 may start monitoring the user behavior to determine if such behavior is compliant with the policies for the borrowing user and if the borrowing user violates any such policy, whether or not the primary user is to be notified of the violation. [0017]: the different types of policies may include a definition of types of applications that are made accessible to borrowing users (e.g., educational applications, music applications, child entertainment applications, etc.) and some applications that are not made accessible to borrowing users (e.g., primary user's social media applications, personal email and/or work email application) (protected mode)); 
determining, by the one or more processors, to activate protected mode on a computing device (Chavez: [0019]: if the system determines that the user has changed from the primary user to a borrowing user, then the pairing/binding between the primary user and communication device may be broken and permissions associated with the borrowing user rather than the primary user may be referenced for functionality of the communication device); and 
generating, by the one or more processors, one or more policy responses associated with the one or more data requests that match the one or more policy decisions stored on the database, and includes, but is not limited to, a command to activate protected mode associated with threshold level of security (Chavez: [0019]: if the system determines that the user has changed from the primary user to a borrowing user, then the pairing/binding between the primary user and communication device may be broken and permissions associated with the borrowing user rather than the primary user may be referenced for functionality of the communication device (activating protected mode). [0021]: When a user first attempts to access a new website, game, or application, the policy compliance instructions may further check if any of the configured policies allow/disallow such an action and take appropriate recourse (e.g., block the access or redirect the user to another website/application), thereby preventing the borrowing user from violating the policies. [0122] The method 900 will then continue with the compliance instructions 264 determining whether the current behavior of the borrowing user is within alignment of the policies defined for the borrowing user (step 920). If the current behavior (e.g., use behaviors of the borrowing user) violate the compliance instructions 264, then the method will optionally lock the device, limit functionality of the device, and/or notify the primary user of the violations (step 928)).

As per claims 5, 12 and 18, Chavez in view of Winkler and Nair teaches:
The computer-implemented method of claim 4, the method further comprising: 
communicating, by the one or more processors, the one or more policy responses; activating, by the one or more processors, protected mode on the computing device associated with a threshold level of security (Chavez: [0017]: the different types of policies may include a definition of types of applications that are made accessible to borrowing users (e.g., educational applications, music applications, child entertainment applications, etc.) and some applications that are not made accessible to borrowing users (e.g., primary user's social media applications, personal email and/or work email application) (protected mode). [0019]: if the system determines that the user has changed from the primary user to a borrowing user, then the pairing/binding between the primary user and communication device may be broken and permissions associated with the borrowing user rather than the primary user may be referenced for functionality of the communication device (activating protected mode)); 
monitoring, by the one or more processors, user activity on the computing device (Chavez: [0021]: When a user first attempts to access a new website, game, or application, the policy compliance instructions may further check if any of the configured policies allow/disallow such an action and take appropriate recourse (e.g., block the access or redirect the user to another website/application), thereby preventing the borrowing user from violating the policies); 
identifying, by the one or more processors, unauthorized user activity on the computing device; and executing, by the one or more processors, a lock screen function on the computing device in response to identifying the unauthorized user activity (Chavez: [0122] The method 900 will then continue with the compliance instructions 264 determining whether the current behavior of the borrowing user is within alignment of the policies defined for the borrowing user (step 920). If the current behavior (e.g., use behaviors of the borrowing user) violate the compliance instructions 264, then the method will optionally lock the device, limit functionality of the device, and/or notify the primary user of the violations (step 928)).

As per claims 6, 13 and 19, Chavez in view of Winkler and Nair teaches: 
The computer-implemented method of claim 5, the method further comprising: 
populating, by the one or more processors, the computing device with a login prompt (Nair: Fig. 2B: Enter Authentication 2208); 
receiving, by the one or more processors, one or more login attempts; analyzing, by the one or more processors, the one or more login attempts; authorizing, by the one or more processors, a user associated with a correct login attempt; and deactivating, by the one or more processors, the protected mode in response to authorizing a user associated with a correct login attempt (Nair: [0064]: Moreover, an authentication process 2208 may allow entry of authentication credentials that may include an unlock process 2210 for restricted limitation 2206 to remove restricted limitation 2206. [0025]: the user device may then allow access to the data/processes previously restricted, and may remove any such limitations, such as through user authentication by biometrics or passcode. [0036]: Moreover, digital wallet application 120 may also remove the limits once the data is no longer detected, a user authenticates themselves and requests removal of the limitation. Analyzing a user’s credentials (biometrics, passcode) and authorizing the user based on the correct login attempt was well known to one of ordinary skill in the art before the effective filing date of the claimed invention).
The examiner provides the same rationale to combine prior arts Chavez and Nair as in claims 1, 8 and 15 above.

Claims 7, 14 and 20 are rejected under 35 U.S.C. 103 as being unpatentable over Chavez in view of Winkler and Nair as applied to claims 6, 13 and 19 above, and further in view of prior art of record US 20120215907 to Chung (hereinafter Chung).
As per claims 7, 14 and 20, Chavez in view of Winkler and Nair does not teach: generating, by the one or more processors, a protection report that includes, but is not limited to, (i) the one or more login attempts to authorize a user and (ii) a time and date in which a user was authorized. However, Chung teaches:
the method further comprising: generating, by the one or more processors, a protection report that includes, but is not limited to, (i) the one or more login attempts to authorize a user and (ii) a time and date in which a user was authorized (Chung: [0002]: [0002] Computer and computer systems, such as servers, personal computers, web servers, mainframe computers, workstations and the like, and the software applications running on such systems typically generate log messages of the activity performed by them. For instance, the log messages may include information regarding log-in attempts, user identity, user log-in information, date and time, data accessed, data requested, applications accessed, etc. The log messages are logged (maintained and stored) in a log file which generally includes numerous log messages from the computer).
Therefore, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to employ the teachings of Chung in the invention of Chavez in view of Winkler and Nair to include the above limitations. The motivation to do so would be to use the log messages for security purposes, such as identifying and preventing potential security attacks, unauthorized intrusions and security breaches. For example, a brute force attack attempting to log-in using trial and error usernames and/or passwords may be identified and blocked by managing the log messages from the targeted computer system (Chung: [0003]).

Conclusion
The prior art made of record and not relied upon is considered pertinent to applicant's disclosure: 
US 20160371504 to Huang et al: A computing device is described herein that automatically enters a data protection mode in response to determining that a certain number of persons are located proximate to the computing device, that an owner or authorized user is not located proximate to the computing device, or that a certain user gesture has or has not been recognized. When the device enters the data protection mode, sensitive data stored on the device is automatically rendered invisible and/or inaccessible to a user thereof. The sensitive data may be rendered invisible and/or inaccessible in a manner that is not likely to be apparent to the user of the computing device.

Any inquiry concerning this communication or earlier communications from the examiner should be directed to MADHURI R HERZOG whose telephone number is (571)270-3359. The examiner can normally be reached 8:30AM-5:00PM.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Taghi Arani can be reached on (571)272-3787. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. Visit https://www.uspto.gov/patents/apply/patent-center for more information about Patent Center and https://www.uspto.gov/patents/docx for information about filing in DOCX format. For additional questions, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.

MADHURI R. HERZOG
Primary Examiner
Art Unit 2438



/MADHURI R HERZOG/           Primary Examiner, Art Unit 2438