Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .

Detail Action
This office action is response to the application 17/228,591 filed on 04/12/2021. Claims 1-20 has been canceled and claims 21-40 are pending in this communication.

Priority
This application claims priority from This application is a CON of 15/897,429 02/15/2018 PAT 10,977,345 15/897,429 has PRO 62/460,450 02/17/2017. Priority date has been accepted. 

Examiner’s Note
The examiner is requesting the applicant’s representative to provide direct phone number and email address in next communication, which will be very helpful to advance the prosecution.
The Examiner used figures, paragraph and line numbers from the instant application’s pre-grant publication or pdf copy of allowance. In the event the determination of the status of the application as subject to AIA  35 U.S.C. 102 and 103 (or as subject to pre-AIA  35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status.
Generally the text that are italicized are claims; the text that are in bold are reference citations (with some obvious exception); the text is neither italicized nor bolded are by the examiner.

Claim Rejections - 35 USC § 112
The following is a quotation of 35 U.S.C. 112(b):

(b)  CONCLUSION.—The specification shall conclude with one or more claims particularly pointing out and distinctly claiming the subject matter which the inventor or a joint inventor regards as the invention.

Claims 21-40 are rejected under 35 U.S.C. 112(b) or 35 U.S.C. 112 (pre-AIA ), second paragraph, as being indefinite for failing to particularly point out and distinctly claim the subject matter which the inventor or a joint inventor regards as the invention.
Claim 21 recites the limitation in part "… whether the session is authentic during an authentication … " in line 8. Same issue with independent claim 31 in line 7. There is insufficient antecedent basis for this limitation in the claim. 
Dependent claims are rejected for the same reasons as set forth in the rejection of claims 21 & 31.

Claim Rejections - 35 USC § 102
In the event the determination of the status of the application as subject to AIA  35 U.S.C. 102 and 103 (or as subject to pre-AIA  35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status.  
The following is a quotation of the appropriate paragraphs of 35 U.S.C. 102 that form the basis for the rejections under this section made in this Office action:
A person shall be entitled to a patent unless –

(a)(1) the claimed invention was patented, described in a printed publication, or in public use, on sale or otherwise available to the public before the effective filing date of the claimed invention. OR
(a)(2) the claimed invention was described in a patent issued under section 151, or in an application for patent published or deemed published under section 122(b), in which the patent or application, as the case may be, names another inventor and was effectively filed before the effective filing date of the claimed invention.


Claims 21-40 are rejected under 35 U.S.C. 102(a)(2) as being anticipated by LORD; Christopher Charles et al., Pat. No.: US 11,184,766 B1.

Regarding Claims 1-20, canceled.

Regarding Claim 21, LORD anticipated an apparatus comprising:
an application for enabling a user to accomplish a task on an electronic device {Fig. 2B element C – ‘desktop or laptop’, ‘user’ -& col. 10 lines 24-26, “point of presence (e.g., a mobile device) 200B can be configured to include a client application that runs on the mobile device 200B in the background”};
at least one hardware device that collects biometric information unique to a physical body of the user {Fig. 2A element 200B (B) & col. 10 lines27-30, “The client application can be configured to compute device and ambient fingerprints. Additionally, the client application can be configured to process sensor, biometric, and behavioral features’};
a sensor {col. 12 line 47-50, “Various embodiments target new behavioral biometric information, for example, gait as measured through the accelerometer, step counter/sensor, and through gravity and gyroscope sensors in mobile devices to authenticate and/or identify a user”} observation engine for converting the biometric information into behavior raw data {Fig. 2A element 200C (C) & associated text, “Agent Runs on Desktop/Laptop to Handle Authentication, Compute Fingerprints, and Communicate with Authentication Service to Verify a User's Identity and Access”};
a validity detection engine for processing behavior raw data into behavior validity data {Fig. 2A element 205 & associated text, “Verifies User is Conforming (is and has Been In Possession of Mobile Device) so Possession and lnherence (Behavioral and Biometric Profile) Factors Assure Identity”}; and an authentication engine for processing the behavior validity data to determine whether the session is authentic during an authentication session {Fig. 2B element 204 & associated text, “The Agent Computes Device and Ambient Fingerprints that Represents the location and Environment of that System and Forwards with Challenge to Authentication Service” … col. 3 lines 8-10, “continuously confirm identity of the end user during an authentication session between the end user and the point of service”};
wherein the authentication session may be extended and may be terminated based on the behavior validity data {Fig. 2B element 208, “Verification State and Challenge Response Sent to Relying Party, which Grants or Denies Access. Agent Continues to Verify and Breaks Authentication on Failure”}.

Regarding Claim 22, LORD anticipated all the features of claim 21 and further anticipates
wherein biometric information includes a shape of the user's electric heart rate {col. 12 lines 51-53, “The system can also capture environment or biometric data from secondary devices attached to a mobile (e.g., heart rate monitor, step counter, etc.)}.

Regarding Claim 23, LORD anticipated all the features of claim 21 and further anticipates
wherein biometric information includes the user's fingerprint {Fig. 2A element 200B (B) & col. 10 lines27-30, “The client application can be configured to compute device and ambient fingerprints. Additionally, the client application can be configured to process sensor, biometric, and behavioral features’}.

Regarding Claim 24, LORD anticipated all the features of claim 21 and further anticipates
wherein biometric information includes how the user walks {col. 12 lines 41-44, “behavioral features are based on style, habit, or preference such as how someone speaks, walks, or reacts under specific circumstances”}.

Regarding Claim 25, LORD anticipated all the features of claim 21 and further anticipates
wherein biometric information includes the user's gesture {col. 12 lines 41-44, “behavioral features are based on style, habit, or preference such as how someone speaks, walks, or reacts under specific circumstances”}.

Regarding Claim 26, LORD anticipated all the features of claim 21 and further anticipates
wherein biometric information includes imaging of the user {col. 1 line 38, “facial image scanned”}.

Regarding Claim 27, LORD anticipated all the features of claim 26 and further anticipates
wherein the imaging of the user includes monitoring and evaluation of facial expressions {col. 12 lines 40-41, “Physiological features are tied to natural anatomic features such as facial structure”}.

Regarding Claim 28, LORD anticipated all the features of claim 21 and further anticipates
wherein the authentication engine comprises a software user interface {col. 28 lines 16-18, “system and user interfaces that allow external entities to modify the parameters and thereby configure the behavior of the components”} connected to a database containing confidential information that is known to the database and the user {col. 11 lines 45-51, “Concurrently, the client (i.e., the mobile device 200B and the point of access device 200C) continuously record and communicate, to the ambient authentication service 200A, user movement (e.g., location and motion), activity in an application (e.g., network and screen usage information), and ambient fingerprints”} … col. 28 lines 11-15, “the parameters may be logically stored in a propriety data structure (such as a database or file defined by a user space application) or in a commonly shared data structure (such as an application registry that is defined by an operating system)”}.

Regarding Claim 29, LORD anticipated all the features of claim 28 and further anticipates
wherein the user is prompted to enter user information, and is authenticated if the user information matches the confidential information {Fig. 2B element 207 & associated text – “If Fingerprints are Sufficiently Similar, Authentication is Verified. If Different, User Confirms on Mobile that Future Verification Associate with Point of Presence Fingerprint”}.

Regarding Claim 30, LORD anticipated all the features of claim 21 and further anticipates
wherein authentication session may have a preset expiration time for the authentication session to be valid {Fig. 5 & col. 20 lines 1-9, “At step 518, the authentication service 558 transmits the new session token and an expiration time to the mobile device 552. At step 520, the mobile device 552 stores the token. In some embodiments, the mobile device 552 can be configured to automatically update the token before expiration based on the received expiration time. At step 522, the agent on the mobile device 552 transmits an API request with the new token to the authentication service 558”}.

Regarding claim 31, claim 31 is claim to an apparatus using the apparatus of claim 21. Therefore, claim 31 is rejected for the reasons set forth for claim 21.


Regarding Claim 32, LORD anticipated all the features of claim 31 and further anticipates
wherein the authentication engine terminates the authentication session prior to a preset time when processing the behavior validity data after the beginning of the authentication session {Fig. 2B element 208, “Verification State and Challenge Response Sent to Relying Party, which … Denies Access. Agent Continues to Verify and Breaks Authentication on Failure”}.

Regarding Claim 33, LORD anticipated all the features of claim 31 and further anticipates
wherein authentication engine is located remotely from the electronic device {col. 14 lines 21-26, “can also integrate with other authentication systems such as Remote Authentication Dial in User Service (RADIUS) and OpenID Connect, and can complement Federated Identity Management (FIM) frameworks, such as OpenID and SAML, as well as web authorization protocols, such as OAuth”}.

Regarding Claim 34, LORD anticipated all the features of claim 31 and further anticipates
at least one sensor reporting data to the observation engine that is worn by the user {col. 23 lines 28-31, “the increasing use of wearables such as fitness monitors and watches extend sensors to other biometrics (e.g. heart, muscle, and even brainwave signals) and/or other ambient information capture capability. All of these sensor readings can be captured”}.

Regarding Claim 35, LORD anticipated all the features of claim 31 and further anticipates 
wherein the validity detection engine further comprises an extractor for analyzing an abstraction of the behavior raw data {col. 13 lines 24-30, “the system is configured to process the data (e.g., clean, filter, normalize) and generate features.  … the system is configured to build a feature set that most accurately classifies a user. For example, the system can use feature extraction and reduction techniques (e.g., principle component analysis) to generate a set of features that best indicates legitimacy of a user”}.


Regarding Claim 36, LORD anticipated all the features of claim 31 and further anticipates 
wherein the extractor is built using machine learning {col. 12 lines 54-56, “the system includes machine learning approaches for delivering augmented authentication services”}.

Regarding Claim 37, LORD anticipated all the features of claim 31 and further anticipates 
wherein extractor is built by analyzing data from at least two states {col. 12 line 47-50, “Various embodiments target new behavioral biometric information, for example, gait as measured through the accelerometer, step counter/sensor, and through gravity and gyroscope sensors in mobile devices to authenticate and/or identify a user”. Examiner’s note: biometric behavioral data is taken from two sources, such as gait, i.e. manners of moving and from gravity/gyroscope, i.e. measuring or maintaining orientation and angular velocity}.

Regarding Claim 38, LORD anticipated all the features of claim 31 and further anticipates 
wherein the authentication session has a preset expiration time and wherein the authentication session is terminated before the preset expiration time based on the behavior validity data {Fig. 5 & col. 20 lines 1-9, “At step 518, the authentication service 558 transmits the new session token and an expiration time to the mobile device 552. At step 520, the mobile device 552 stores the token. In some embodiments, the mobile device 552 can be configured to automatically update the token before expiration based on the received expiration time. At step 522, the agent on the mobile device 552 transmits an API request with the new token to the authentication service 558”}.

Regarding Claim 39, LORD anticipated all the features of claim 31 and further anticipates 
wherein the authentication session does not have a preset expiration time and wherein the authentication session is extended based on the behavior validity data {claim 1, “responsive to verification and valid comparison permit the access request for the remote application or service to continue; and … continued access session to one or more authorized locations associated with one or more stored ambient fingerprints, such that valid remote authentication occurs at respective authorized user locations for the authenticating entity”}.

Regarding Claim 40, LORD anticipated all the features of claim 31 and further anticipates 
wherein the authentication session has a preset expiration time and wherein the authentication session is extended before the preset expiration time based on the behavior validity data {Fig. 5 & col. 20 lines 1-9, “At step 518, the authentication service 558 transmits the new session token and an expiration time to the mobile device 552. At step 520, the mobile device 552 stores the token. In some embodiments, the mobile device 552 can be configured to automatically update the token before expiration based on the received expiration time. At step 522, the agent on the mobile device 552 transmits an API request with the new token to the authentication service 558”}.

Conclusion
Any inquiry concerning this communication or earlier communications from the examiner should be directed to QUAZI FAROOQUI whose telephone number is (571) 270-1034. The examiner can normally be reached on M-F 8:30AM-5:00PM. If attempts to reach the examiner by telephone are unsuccessful, the examiner's supervisor, Ashok B. Patel can be reached on 571-272-3972. The fax phone number for Examiner Farooqui assigned is 571-270-2034.
Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system. Status information for published applications may be obtained from either Private PAIR or Public PAIR. Status information for unpublished applications is available through Private PAIR only. For more information about the PAIR system, see http://pair-direct.uspto.gov. Should you have questions on access to the Private PAIR system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-flee). If you would like assistance from a USPTO Customer Service Representative or access to the automated information system, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.

/QUAZI FAROOQUI/
Primary Examiner, Art Unit 2491