DETAILED ACTION
Responsive to the Applicant reply filed on 06/09/2022, Applicant’s amendments to claims have been entered and respective arguments carefully considered and responded in the following.  Claims 1-16 and 18-20 are presented for examination in this Office Action, with Claims 1, 9, and 15 being in independent form. Claim 17 is cancelled. 

Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .

Examiner's Instructions for filing Response to this Office Action
When the Applicant submits amendments regarding to the claims in response the Office Action, the Examiner would prefer that Applicant submit two sets of claims: 
Set #1 that includes indicators for the status of claim and all marked amendments to the claims; and 
Set #2 comprising a clean version of the claims with all the markups removed for entry, as an appendix to the Applicant Arguments/Remarks or a section following the Remarks.

Response to Arguments
The claim amendments and remarks filed by the Applicant on 06/09/2022, have been carefully considered and are responded in the following.
In response to the Applicant argument, page(s) 7, regarding objection to claim 19, the amendment of claim 19 has resolved the issues. Therefore, the objection is withdrawn.

In response to the Applicant arguments, page(s) 7, regarding the claim rejections under 35 U.S.C. 112(b), the Applicant’s argument is persuasive in view of the amendments. Therefore, the rejections are withdrawn.

In response to the Applicant arguments, page(s) 8-9, regarding the rejections of claims 1-4 under 35 U.S.C. 112(a)(1), the Applicant’s argument is persuasive in view of the amendments filed on 06/09/2022.  Therefore, the rejections are withdrawn.

Applicant’s arguments, page(s) 9-10 of the Remarks, with regards to claims 5-8, 15-16, and 18-19 being rejected under 35 U.S.C. § 103 have been considered carefully. 
Applicant basically relies on newly added limitations to independent claims 1, 9, and 15, filed on 06/09/2022, to overcome the previous rejections.  Applicant's amendment necessitated a new ground of rejection which is presented in the following in this Office action.

Claim Rejections - 35 USC § 103
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.

The factual inquiries set forth in Graham v. John Deere Co., 383 U.S. 1, 148 USPQ 459 (1966), that are applied for establishing a background for determining obviousness under 35 U.S.C. 103 are summarized as follows:
1. Determining the scope and contents of the prior art.
2. Ascertaining the differences between the prior art and the claims at issue.
3. Resolving the level of ordinary skill in the pertinent art.
4. Considering objective evidence present in the application indicating obviousness or nonobviousness.


In the event the determination of the status of the application as subject to AIA  35 U.S.C. 102 and 103 (or as subject to pre-AIA  35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status.  

Claims 1-13, 15-16, and 18-19 are rejected under 35 U.S.C. 103 as being unpatentable over Watters (US 20170236345 A1) in view of Kocher (US 11127236 B1)

As per claim 1, Watters teaches a multi-factor access control system comprising: 
an access control device, in a first community of interest, having an RFID reader for receiving RFID information (Watters, par. 0011-0013: a holder of an RFID badge positioning (holding) the RFID badge near the RFID lock. As shown in FIG. 1, the RFID lock 52 (and the RFID sensor 53) receives the RFID from the RFID badge 54).
an authorization system, in the first community of interest, for granting or denying access based on the RFID information and the authentication information (Watters, par. 0017-0018: the RFID badge 54 [plus] user record 100 …including an identification photograph; par. 0022: For instance, in a conventional RFID badge security system in a building, possession of an authorized RFID badge acts as a “key” that grants the holder access to the building without further inquiry); and 
While Watters discloses using the personal information 106 as authorization information for granting or denying access upon receiving the RFID information (par. 0017 0034) and that, in some examples, other [personal] information [may be] such as an identification photograph 108 (e.g., a facial picture) of the user that is assigned to the RFID badge 54.  Watters does not explicitly disclose using a biometric device for receiving authentication information.  This aspect of the claim is identified as a difference.
In a related art, Kocher teaches:
a biometric device, in the first community of interest, for receiving authentication information (Kocher, FIG. 1: the biometric reader 9; col. 3, lines 49-67: an individual walking to a [military] base for access authorization; The RFID number 3, along with the captured biometric are provided to the NACC 1); 
wherein the access control device and the authorization system are part of a secure environment defined by the first community of interest (Kocher, FIG. 1: the biometric reader 9; col. 3, lines 49-67: the RFID device 3 and biometric reader 9 are part of the secure base environment operated by National Access Control Center (NACC) – which is mapped to the first community of interest).
Watters and Kocher are analogous art to the claimed invention in a similar field of endeavor in improving multifactor authentication of a user for secure access to a physical area such as a building or a military base.  Thus, it would have been obvious to one of ordinary in the art, before the effective filing date of the claimed invention, to combine Watters and Kocher’s teachings, and modify Watters personal information with Kocher’s biometric information collected at the access point (e.g. a base) for improved security. For this combination, the motivation would have been to improve the level of security with enhanced capability of comparing the biometric information of the individual with the stored biometric information for access authorization.

As per claim 2, the references as combined above teach the access control system of claim 1, wherein the access control device sends the RFID information to the authorization system and the authorization system determines if the RFID information matches stored RFID information (Watters, par. 0016-0019: by a match for the unique ID of the RFID badge.  See also 0026 and 0039: The open lock request can include, for example, a unique ID for the RFID badge and a lock ID for the RFID lock).

As per claim 3, the references as combined above teach the access control system of claim 2, wherein if the authorization system determines that the RFID information matches stored RFID information, the authorization system then requests the authentication information (Watters, par. 0019-0020: if the RFID badge 54 is equal to … [lock ID], continue with verification of the holder of the RFID badge 54; See also FIG. 5, the YES path of diamond 330.  If the determination at 330 is positive (e.g., YES) the method 300 can proceed to 350, which requests the authentication information, namely, the secondary ID; par. 0041-0044).

As per claim 4, the references as combined above teach the access control system of claim 3, wherein the access control device then sends the authentication information to the authorization system and the authorization system then determines if the authentication information matches stored authentication information and if the authentication information matches stored authentication information, then communicating to the access control system to grant access (Watters, FIG. 1, receives authentication information; par. 0031-0033: In response to identifying a match of a wireless ID in the wireless device list 216 with the secondary device ID included in the user record, the identification verifier 212 can examine a verification requirement …)

As per claim 5, the references as combined above teach the access control system of claim 1, wherein the biometric device has a fingerprint scanner for capturing a fingerprint of a user and a camera for capturing a photo of the user and wherein the fingerprint and the photo are the authentication information (Kocher, col. 4, lines 44-52: a live scan biometric such as a face photo, fingerprint, or iris).

As per claim 6, the references as combined above teach the access control system of claim 1, wherein the access control device sends the fingerprint and the photo to the authorization system for authentication (Kocher, col. 4, lines 8-10: the captured biometrics, which include a face photo and fingerprint, are provided to the NACC 1).

As per claim 7, the references as combined above teach the access control system of claim 2, wherein the authorization system compares the fingerprint and the photo to a stored fingerprint and a stored photo already stored at the authorization system to determine if the fingerprint and the photo match the stored fingerprint and the stored photo (Kocher, col. 4, lines 12-14: The biometric on file 6, is compared to the biometric provided from the biometric reader 9, in the biometric matching algorithms 15).

As per claim 8, the references as combined above teach the access control system of claim 7, wherein if the fingerprint and photo match the stored fingerprint and the stored photo, communicating to the access control system to grant access (Kocher, col. 4, lines 64-67 and col. 5, lines 1-7: granted access; see also col. 2, lines 49-54: obtaining a live-scan image of said person; comparing said person's biometrics to a live-scan at said facility, determining whether the said person's live-scan biometrics match said authoritative biometrics; and, determining whether or not access should be granted to said person).

As per claim 9, Watters teaches a computer implemented method of granting access to a secure zone, the method comprising: 
receiving an RFID information from an access control device in a first community of interest (Watters, par. 0011-0013: a holder of an RFID badge positioning (holding) the RFID badge near the RFID lock. As shown in FIG. 1, the RFID lock 52 (and the RFID sensor 53) receives the RFID from the RFID badge 54); 
comparing the RFID information to RFID information already stored (Watters, par. 0030-0031: matches the …RFID or RFID badge); 
While Watters discloses using the personal information 106 as authorization information for granting or denying access upon receiving the RFID information (par. 0017 0034) and that, in some examples, other [personal] information [may be] such as an identification photograph 108 (e.g., a facial picture) of the user that is assigned to the RFID badge 54.  Watters does not explicitly disclose using a biometric device for receiving authentication information.  This aspect of the claim is identified as a difference.
In a related art, Kocher teaches:
if the RFID information does not match the RFID information already stored, sending a deny access code to the access control device (Kocher, col. 4, lines 30-34: an ID number 3, which is transmitted by an RFID device. The ID number 3, is matched to an authorized person in the authorized credentials database 26. For the military, the authorized credential database 26, could be the Defense Manpower Data Center (DMDC).); 
if the authentication information does not match the authentication information already stored, sending a deny access code to the access control device (Kocher, par. 0042-0043: At 340, the access server can deny the open lock request, such that the RFID lock remains locked); and 
if the authentication information does match the authentication information already stored, sending a grant access code to the access control device (Kocher, col. 5, lines 3-7: compares the live-scan to the authoritative biometric provided from the NACC. The “traffic light 29” is a display which indicates whether or not a match has been determined and whether the person should proceed and be granted access).
if the RFID information does match the RFID information already stored, requesting authentication information from a biometric device in the first community of interest; (Kocher, FIG. 1: the biometric reader 9; col. 3, lines 49-67); 
receiving the authentication information (Kocher, FIG. 1: the biometric reader 9; col. 3, lines 49-67: the RFID device 3 and biometric reader 9 [for receiving authentication information]); 
comparing the authentication information to authentication information already stored (Kocher, col. 4, lines 12-14: The biometric on file 6, is compared to the biometric provided from the biometric reader 9, in the biometric matching algorithms 15); 
Watters and Kocher are analogous art to the claimed invention in a similar field of endeavor in improving multifactor authentication of a user for secure access to a physical area such as a building or a military base.  Thus, it would have been obvious to one of ordinary in the art, before the effective filing date of the claimed invention, to combine Watters and Kocher’s teachings, and modify Watters personal information with Kocher’s biometric information collected at the access point (e.g. a base) for improved security. For this combination, the motivation would have been to improve the level of security with enhanced capability of comparing the biometric information of the individual with the stored biometric information for access authorization.

As per claim 10, the references as combined above teach the method of claim 9, wherein receiving authentication information includes receiving a fingerprint and a photo of a user (Kocher, col. 4, lines 44-52: a live scan biometric such as a face photo, fingerprint, or iris).

As per claim 11, the references as combined above teach the method of claim 9, wherein comparing the RFID includes comparing the RFID by a remote authorization system (Watters, par. 0040-0042: the access server, which is a remote authorization system).

As per claim 12, the references as combined above teach the method of claim 9, wherein requesting authentication information and receiving authentication information includes requesting authentication information from the access control device and receiving authentication information includes receiving at a remote authorization system (Watters, par. 0026: a holder of an RFID badge, when positioning the RFID badge in close proximity to the RFID lock 52, sends a request for authentication, which is an open lock request; par. 0027-0029: the identification verifier 212 can access a user database 214 and retrieve a user record based on the unique ID of the RFID badge, stored externally (e.g., on a dedicated database server) and accessed through the network 208).

As per claim 13, the references as combined above teach the method of claim 12, wherein comparing the authentication information includes comparing by the remote authorization system (Watters, par. 0027-0031: verifying a user RFID by using a look-up table stored on an external system).

As per claim 15, Watters teaches an access control device in a first community of interest comprising: 
an RFID reader for receiving RFID information (Watters, par. 0011-0013: a holder of an RFID badge positioning (holding) the RFID badge near the RFID lock. As shown in FIG. 1, the RFID sensor 53 is an RFID reader); 
wherein the access control device captures and sends the RFID information to a remote authorization system in the first community of interest (Watters, par. 0011 and 0013: an access server … configured to receive an open lock request from the RFID lock which sends RFID information [for verification]; par. 0019: the access server 56 can continue with verification of the holder of the RFID badge 54).
While Watters discloses using the personal information 106 as authorization information for granting or denying access upon receiving the RFID information (par. 0017 0034) and that, in some examples, other [personal] information [may be] such as an identification photograph 108 (e.g., a facial picture) of the user that is assigned to the RFID badge 54.  Watters does not explicitly disclose using a biometric device for receiving authentication information.  This aspect of the claim is identified as a difference.
In a related art, Kocher teaches:
a fingerprint scanner for scanning a fingerprint (Kocher, FIG. 1: the biometric reader 9; col. 3, lines 49-67: an individual walking to a [military] base for access authorization; col. 4, lines 44-52: a live scan biometric such as a face photo, fingerprint, or iris); 
a camera for taking a photo (Kocher, FIG. 1: the biometric reader 9; col. 4, lines 44-52: a live scan biometric such as a face photo, fingerprint, or iris); 
after receiving a request from the authorization system for additional authentication information, sends the fingerprint and photo to the remote authorization system for granting or denying access to a secure area (Kocher, col. 4, lines 51-55: sending the personal data… including [the fingerprint and photo] to the National Criminal Information Center (NCIC) 23; Kocher discloses that, for the military, the authorized credential database 26, could be the Defense Manpower Data Center (DMDC). DMDC … stores face and fingerprint data on all military and DoD personnel; col. 4, lines 32-36).

As per claim 16, the references as combined above teach the access control device of claim 15, wherein the access control device is connected to an electronic lock mechanism (Watters, par. 0013: The RFID lock 52 can include an RFID sensor 53 that can emit a low frequency (LF) electromagnetic signal that can be detected by an RFID badge 54; par. 0002: powered by electromagnetic induction from magnetic fields produced near the reader).

As per claim 18, the references as combined above teach the access control device of claim 16, wherein the access control device and the remote authorization system both have security applications installed (Watters, par. 0021 and 0033: operate as a servlet application that communicates with a client application executing on the secondary device (e.g., an “app”))..

As per claim 19, the references as combined above teach the access control device of claim 18, wherein the security application is stealth (Watters, par. 0021: a security question, etc. that can be provided to an application (e.g., an app) executing on the secondary device 58, which may be a wireless end-user device, such as a mobile phone; see 0014. Because a mobile phone can be hidden from the public or an onlooker, it is inherently stealth).

Claims 14 is rejected under 35 U.S.C. 103 as being unpatentable over Watters and Kocher, as applied to claim 9 above, and further in view of Buer (US 20050105734 A1).

As per claim 14, the references of Watters and Kocher as combined above teach the method of claim 12, but do not explicitly disclose receiving RFID information by a remote authorization system from an access control device through an encrypted secure environment. This aspect of the claim is identified as a further difference.
In a related art, Buer teaches:
wherein receiving an RFlD includes receiving RFID information by a remote authorization system from an access control device through an encrypted secure environment (Buer, par. 0057: any important information that is sent between the integrated circuit 312 and the service provider 304 may be encrypted. For example, information (e.g., credentials 328) received from an RFID token 316 may be encrypted before being sent to the service provider 302).
Buer is analogous art to the claimed invention in a similar field of endeavor in improving multifactor authentication of a user for secure access.  Thus, it would have been obvious to one of ordinary in the art, before the effective filing date of the claimed invention, to modify Watters-Kocher system with Buer’s technique for encrypting credentials for transmission and storage. For this combination, the motivation would have been to improve the level of security with encryption.

Claim 20 is rejected under 35 U.S.C. 103 as being unpatentable over Watters and Kocher, as applied to claim 15 above, and further in view of Kirkjan (US 20210327177 A1; hereinafter “Kirk”).

As per claim 20, the references of Watters and Kocher as combined above teach the access control device of claim 15, but do not explicitly disclose using a USB connection for the access control device. This aspect of the claim is identified as a further difference.
In a related art, Kirk teaches:
wherein the access control device has a USB connection (Kirk, par. 0009: the lock USB connector of the electronic lock; par. 0040 and 0061: When the USB connector on the key is plugged into a lock, Pin 1 of the USB connector attaches to the electrical power interface 326 of the lock; par. 0074: The modules and program logic on the electronic key allow it to operate as both an access control device and as a USB storage device).
Kirk is analogous art to the claimed invention in a similar field of endeavor in improving access controls that has RFID information.  Thus, it would have been obvious to one of ordinary in the art, before the effective filing date of the claimed invention, to combine Kirk with Watters-Kocher system with a modification to include an USB connection on the access control device. For this combination, the motivation would have been to improve the connectivity of a security device and an improved user experience.

Conclusion
Applicant's amendment necessitated the new ground(s) of rejection presented in this Office action.  Accordingly, THIS ACTION IS MADE FINAL.  See MPEP § 706.07(a).  Applicant is reminded of the extension of time policy as set forth in 37 CFR 1.136(a).  
A shortened statutory period for reply to this final action is set to expire THREE MONTHS from the mailing date of this action.  In the event a first reply is filed within TWO MONTHS of the mailing date of this final action and the advisory action is not mailed until after the end of the THREE-MONTH shortened statutory period, then the shortened statutory period will expire on the date the advisory action is mailed, and any extension fee pursuant to 37 CFR 1.136(a) will be calculated from the mailing date of the advisory action.  In no event, however, will the statutory period for reply expire later than SIX MONTHS from the date of this final action. 

Any inquiry concerning this communication or earlier communications from the examiner should be directed to Don Zhao whose telephone number is (571)272-9953.  The examiner can normally be reached on 9 am to 5 pm Monday thru Friday.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Carl Colin can be reached on 571-272-3862.  The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system.  Status information for published applications may be obtained from either Private PAIR or Public PAIR.  Status information for unpublished applications is available through Private PAIR only.  For more information about the PAIR system, see http://pair-direct.uspto.gov. Should you have questions on access to the Private PAIR system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative or access to the automated information system, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.

/Don G Zhao/
Primary Examiner, Art Unit 2493
07/27/2022