Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .
Status of claims
This office action is in response to claims filed on 06/17/2022.
Claims 1-20 are pending and rejected; Claims 1, 8 and 15 are independent claims.

Response to Arguments
Applicant's arguments filed on 06/17/2022 have been fully considered but they are not persuasive. 
With respect to applicant’s argument: Oh does not teach “determining the operation mode of the electronic device when the user approaches the secure facility and when the mobile device is connected to the authentication service through a wireless network at the secure facility.”
Examiner respectfully disagrees with applicant’s argument for the following reasons: OH teaches (see OH ¶¶8 46, determining whether the electronic device is communicably connected to at least one of other electronic devices and determining… the operation mode includes a deactivated mode of the electronic device, or locked mode; ¶153, when it is determined that the other electronic device connected to the electronic device is in an unlocked state, the electronic device may switch to an activated mode. When it is determined that the other electronic device connected to the electronic device is in a locked state (for example, a locked mode), the electronic device may operate in a deactivated mod; ¶130; the communication link may include at least one of a wireless link and a wired link; Figs. 6 and 9, ) [i.e. determining the device is locked and when the device is connected through wireless network]; [i.e. mobile device is wireless device] and [i.e. the secure facility is an electronic device] In response to applicant assertion that since Oh does not mention the descriptive language and the intended use (i.e. “the user approaches a secure facility” and “when the mobile device is connected to the authentication service through a wireless network at the secure facility”; a recitation of the intended use of the claimed invention must result in a structural difference between the claimed invention and the prior art in order to patentably distinguish the claimed invention from the prior art.  If the prior art structure is capable of performing the intended use, then it meets the claim.
With respect to applicant’s argument: Ding does not teach “in response to determining that the mobile device is locked, requesting, by the authentication service, the user to unlock the mobile device, and determining whether the user has unlocked the mobile device”
Examiner disagrees with applicant’s argument for the following reasons: The secondary reference OH discloses (see OH ¶138, when establishing the communication link with the other electronic device, the electronic device may determine whether the other electronic device is authenticated. When the other electronic device is authenticated, the electronic device may recognize that the user is to use the electronic device according to the connection of the other electronic device and release a locked mode or perform a login process; Fig. 6 and ¶¶130-133, when the electronic device 700 establishes a communication link with another electronic device in FIG. 7A, the electronic device 700 may determine whether the other electronic device is authenticated. When the other electronic device is authenticated, the electronic device 700 may display notification information 710 for determining whether to share an operation mode on the display unit 350…the electronic device may determine whether a user accepts setting of sharing. For example, the electronic device 700 may determine whether “YES” 720 is selected in the notification information 710 for determining whether to share an operation mode in FIG. 7A .) Disclosing the recited claim limitation. Again, a recitation of the intended use of the claimed invention must result in a structural difference between the claimed invention and the prior art in order to patentably distinguish the claimed invention from the prior art.  If the prior art structure is capable of performing the intended use, then it meets the claim.
	With respect to applicant’s argument: Neither reference teach “the secure facility comprises a building and granting the user access to the secure facility comprises unlocking an entry door”
	Examiner respectfully disagree with applicant’s argument for the following reason: The phrase “wherein the security facility comprises a building and the granting the user access to the secure facility comprises unlocking an entry an entry door” is a recitation of the intended use of the claimed invention, and it does not result in a structural difference between the claimed invention and the prior art in order to patentably distinguish the claimed invention from the prior art.  If the prior art structure is capable of performing the intended use, then it meets the claim.

Claim Rejections - 35 USC § 103
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.

Claims 1-14 are rejected under 35 U.S.C. 103 as being unpatentable over Ding et al. US Pub. No.: 2019/0089693 A1 (hereinafter Ding) in view of OH et al. US Pub. No.: 2019/0075463 A1 (hereinafter OH)

Ding discloses:
As to claim 1. A computer-implemented method for using a mobile device to authenticate a user to access a secure facility, the method comprising: 
in response to determining that the user has unlocked the mobile device, retrieving, by the authentication service, from the mobile device, a first token and a media access control (MAC) address  (see Ding ¶63, up on receiving the request for authentication token management server may generate an authentication token based on the identification information target device including (MAC) address; ¶70, In response to the request for authentication information, management server 30 may retrieve, from database 40, the authentication pin or token associated with the MAC address, and return the retrieved authentication pin or token to terminal 22); 
retrieving, by the authentication service, from a database of the authentication service, a token identifier registered for the mobile device and a personal identifier registered for the user (see Ding ¶31,  Terminal 22 may obtain the authentication pin or token from terminal 20, and then pair with target device 10 using the authentication pin or token) ; 
generating, by the authentication service, a second token, based on the token identifier and the personal identifier retrieved from the database and based on the media access control (MAC) address retrieved from the mobile device (see Ding ¶22, the first terminal may relay the MAC address to the management server, which may generate a trusted token based on the MAC address and provide, via the first terminal, the trusted token to the target device); 
determining, by the authentication service, whether the first token and the second token match (see Ding ¶74,  target device 10 may verify the received authentication pin or token (step 717). If the received authentication pin or token matches the authentication pin or token of target device 10, target device 10 may return a discovery-confirmation message to terminal 22); and 
in response to determining that the first token and the second token match, granting, by the authentication service, the user access to the secure facility see Ding ¶74,  target device 10 may verify the received authentication pin or token (step 717). If the received authentication pin or token matches the authentication pin or token of target device 10, target device 10 may return a discovery-confirmation message to terminal 22);
Ding does not but the related art OH discloses:
determining, by an authentication service, whether the mobile device of the user is locked when the user approaches the secure facility and when the mobile device is connected to the authentication service through a wireless network at the secure facility (see OH Figs. 6 and 9, ¶¶8 46,, determining whether the electronic device is communicably connected to at least one of other electronic devices and determining… the operation mode includes a deactivated mode of the electronic device, or locked mode)
in response to determining that the mobile device is locked, requesting, by the authentication service, the user to unlock the mobile device, and determining whether the user has unlocked the mobile device ((see OH ¶138, when establishing the communication link with the other electronic device, the electronic device may determine whether the other electronic device is authenticated. When the other electronic device is authenticated, the electronic device may recognize that the user is to use the electronic device according to the connection of the other electronic device and release a locked mode or perform a login process. Figs. 6 and 9,  ¶¶130-133, when the electronic device 700 establishes a communication link with another electronic device in FIG. 7A, the electronic device 700 may determine whether the other electronic device is authenticated. When the other electronic device is authenticated, the electronic device 700 may display notification information 710 for determining whether to share an operation mode on the display unit 350…the electronic device may determine whether a user accepts setting of sharing. For example, the electronic device 700 may determine whether “YES” 720 is selected in the notification information 710 for determining whether to share an operation mode in FIG. 7A)

Therefore, it would have been obvious to one with ordinary skill in the art before the effective filing date of the invention, to modify the system and methods for authentication internet-of-things devices disclosed by Ding to include method and apparatus for controlling operations of electronic device, as thought by OH, in order to determine whether a device is locked  when connected to authentication service through a wireless network. A person with ordinary skill in the art would have been motivated to determine whether electronic device is locked or not because it is inconvenient for the user to change the setting information of the respective electronic devices so as to correspond to the setting information of the electronic devices according to service characteristics or use environment.

As to claim 2, the combination of Ding and OH teaches the computer-implemented method of claim 1, further comprising: in response to determining, when the user approaches the secure facility and when the mobile device is connected to the authentication service through a wireless network at the secure facility, that the mobile device is not locked, rejecting, by the authentication service, the user the access to the secure facility, and requesting the user to lock the mobile device (see HO ¶136, the deactivated mode may include one or more of a screensaver mode, a power saving mode, and a locked mode).

As to claim 3, the combination of Ding and OH teaches the computer-implemented method of claim 1, further comprising: in response to determining that the user has not unlocked the device, rejecting, by the authentication service, the user the access to the secure facility (see HO ¶136, the deactivated mode may include one or more of a screensaver mod, a power saving mode, and a locked mode)

As to claim 4, the combination of Ding and OH teaches the computer-implemented method of claim 1, further comprising: in response to determining that the first token and the second token do not match, rejecting, by the authentication service, the user the access to the secure facility (see Ding ¶74,  target device 10 may verify the received authentication pin or token (step 717). If the received authentication pin or token matches the authentication pin or token of target device 10, target device 10 may return a discovery-confirmation message to terminal 22).

As to claim 5, the combination of Ding and OH teaches the computer-implemented method of claim 1, further comprising: in response to determining that the first token and the second token match, generating, by the authentication service, a certificate for the user to access the secure facility; and deploying, by the authentication service, the certificate on the mobile device (see Ding ¶74,  target device 10 may verify the received authentication pin or token (step 717). If the received authentication pin or token matches the authentication pin or token of target device 10, target device 10 may return a discovery-confirmation message to terminal 22).

As to claim 6, the combination of Ding and OH teaches the computer-implemented method of claim 5, further comprising: retrieving, by the authentication service, from the mobile device of the user, the certificate; determining, by the authentication service, whether the certificate is expired; and in response to determining that the certificate is not expired, checking, by the authentication service, access policies; and in response to determining that the access policies grant the user to access, granting, by the authentication service, the user the access to the secure facility (see OH ¶60, deactivated-mode control variable may include a time point at which a switching to the deactivated mode is performed).

As to claim 7, the combination of Ding and OH teaches the computer-implemented method of claim 6, further comprising: in response to determining that the certificate is expired, requesting, by the authentication service, the user to extend the certificate (see OH, ¶60, deactivated-mode control variable may include a time point at which a switching to the deactivated mode is performed).

Ding discloses:
As to claim 8, a computer program product for using a mobile device to authenticate a user to access a secure facility, the computer program product comprising one or more computer-readable tangible storage devices and program instructions stored on at least one of the one or more computer- in response to determining that the user has unlocked the mobile device, retrieving, by the authentication service, from the mobile device, a first token and a media access control (MAC) address  (see Ding ¶63, up on receiving the request for authentication token management server may generate an authentication token based on the identification information target device including (MAC) address; ¶70, In response to the request for authentication information, management server 30 may retrieve, from database 40, the authentication pin or token associated with the MAC address, and return the retrieved authentication pin or token to terminal 22); 
retrieving, by the authentication service, from a database of the authentication service, a token identifier registered for the mobile device and a personal identifier registered for the user (see Ding ¶31,  Terminal 22 may obtain the authentication pin or token from terminal 20, and then pair with target device 10 using the authentication pin or token) ; 
generating, by the authentication service, a second token, based on the token identifier and the personal identifier retrieved from the database and based on the media access control (MAC) address retrieved from the mobile device (see Ding ¶22, the first terminal may relay the MAC address to the management server, which may generate a trusted token based on the MAC address and provide, via the first terminal, the trusted token to the target device); 
determining, by the authentication service, whether the first token and the second token match (see Ding ¶74,  target device 10 may verify the received authentication pin or token (step 717). If the received authentication pin or token matches the authentication pin or token of target device 10, target device 10 may return a discovery-confirmation message to terminal 22); and 
in response to determining that the first token and the second token match, granting, by the authentication service, the user access to the secure facility, wherein the security facility comprises a building and the granting the user access to the secure facility comprises unlocking an entry an entry door (see Ding ¶74,  target device 10 may verify the received authentication pin or token (step 717). If the received authentication pin or token matches the authentication pin or token of target device 10, target device 10 may return a discovery-confirmation message to terminal 22) [the phrase “wherein the security facility comprises a building and the granting the user access to the secure facility comprises unlocking an entry an entry door” is a recitation of the intended use of the claimed invention, and it does not result in a structural difference between the claimed invention and the prior art in order to patentably distinguish the claimed invention from the prior art.  If the prior art structure is capable of performing the intended use, then it meets the claim.]
Ding does not but the related art OH discloses:
determine, by an authentication service, whether the mobile device of the user is locked when the user approaches the secure facility and when the mobile device is connected to the authentication service through a wireless network at the secure facility (see OH ¶¶8 46,, determining whether the electronic device is communicably connected to at least one of other electronic devices and determining… the operation mode includes a deactivated mode of the electronic device, or locked mode); 
in response to determining that the mobile device is locked, request, by the authentication service, the user to unlock the mobile device, and determine whether the user has unlocked the mobile device ((see OH Figs. 6 and 9, ¶138, when establishing the communication link with the other electronic device, the electronic device may determine whether the other electronic device is authenticated. When the other electronic device is authenticated, the electronic device may recognize that the user is to use the electronic device according to the connection of the other electronic device and release a locked mode or perform a login process. Fig. 6 and ¶¶130-133, when the electronic device 700 establishes a communication link with another electronic device in FIG. 7A, the electronic device 700 may determine whether the other electronic device is authenticated. When the other electronic device is authenticated, the electronic device 700 may display notification information 710 for determining whether to share an operation mode on the display unit 350…the electronic device may determine whether a user accepts setting of sharing. For example, the electronic device 700 may determine whether “YES” 720 is selected in the notification information 710 for determining whether to share an operation mode in FIG. 7A); 
Therefore, it would have been obvious to one with ordinary skill in the art before the effective filing date of the invention, to modify the system and methods for authentication internet-of-things devices disclosed by Ding to include method and apparatus for controlling operations of electronic device, as thought by OH, in order to determine whether a device is locked  when connected to authentication service through a wireless network. A person with ordinary skill in the art would have been motivated to determine whether electronic device is locked or not because it is inconvenient for the user to change the setting information of the respective electronic devices so as to correspond to the setting information of the electronic devices according to service characteristics or use environment.
As to dependent claims 9-14, these claims contain substantially similar subject matter as claim 2-7; therefore, they are rejected along the same rationale.
Claims 15-20 are rejected under 35 U.S.C. 103 as being unpatentable over Ding et al. US Pub. No.: 2019/0089693 A1 (hereinafter Ding) in view of OH et al. US Pub. No.: 2019/0075463 A1 (hereinafter OH) further in view of Xia et al. US Pat. No.: 11,140,157 B1 (hereinafter Xia)

Ding discloses:
As to independent claim 15, a computer system for using a mobile device to authenticate a user to access a secure facility, the computer system comprising: 6302-400075Appl. No. 16/787,147P201905626US01 
one or more processors, one or more computer readable tangible storage devices, and program instructions stored on at least one of the one or more computer readable tangible storage devices for execution by at least one of the one or more processors, the program instructions executable to: 
in response to determining that the user has unlocked the mobile device, retrieve, by the authentication service, from the mobile device, a first token and a media access control (MAC) address (see Ding ¶63, up on receiving the request for authentication token management server may generate an authentication token based on the identification information target device including (MAC) address; ¶70, In response to the request for authentication information, management server 30 may retrieve, from database 40, the authentication pin or token associated with the MAC address, and return the retrieved authentication pin or token to terminal 22);; 
retrieve, by the authentication service, from a database of the authentication service, a token identifier registered for the mobile device and a personal identifier registered for the user (see Ding ¶31,  Terminal 22 may obtain the authentication pin or token from terminal 20, and then pair with target device 10 using the authentication pin or token); 
generate, by the authentication service, a second token, based on the token identifier and the personal identifier retrieved from the database and based on the media access control (MAC) address retrieved from the mobile device (see Ding ¶22, the first terminal may relay the MAC address to the management server, which may generate a trusted token based on the MAC address and provide, via the first terminal, the trusted token to the target device); 
determine, by the authentication service, whether the first token and the second token match(see Ding ¶74,  target device 10 may verify the received authentication pin or token (step 717). If the received authentication pin or token matches the authentication pin or token of target device 10, target device 10 may return a discovery-confirmation message to terminal 22); and 
in response to determining that the first token and the second token match, grant, by the authentication service, the user access to the secure facility (see Ding ¶74,  target device 10 may verify the received authentication pin or token (step 717). If the received authentication pin or token matches the authentication pin or token of target device 10, target device 10 may return a discovery-confirmation message to terminal 22), [the phrase “wherein the security facility comprises a building and the granting the user access to the secure facility comprises unlocking an entry an entry door” is a recitation of the intended use of the claimed invention, and it does not result in a structural difference between the claimed invention and the prior art in order to patentably distinguish the claimed invention from the prior art.  If the prior art structure is capable of performing the intended use, then it meets the claim.]

Ding does not but the related art OH discloses:
determining, by an authentication service, whether the mobile device of the user is locked when the user approaches the secure facility and when the mobile device is connected to the authentication service through a wireless network at the secure facility (see OH ¶¶8 46,, determining whether the electronic device is communicably connected to at least one of other electronic devices and determining… the operation mode includes a deactivated mode of the electronic device, or locked mode)
in response to determining that the mobile device is locked, requesting, by the authentication service, the user to unlock the mobile device, and determining whether the user has unlocked the mobile device ((see OH ¶138, when establishing the communication link with the other electronic device, the electronic device may determine whether the other electronic device is authenticated. When the other electronic device is authenticated, the electronic device may recognize that the user is to use the electronic device according to the connection of the other electronic device and release a locked mode or perform a login process. Fig. 6 and ¶¶130-133, when the electronic device 700 establishes a communication link with another electronic device in FIG. 7A, the electronic device 700 may determine whether the other electronic device is authenticated. When the other electronic device is authenticated, the electronic device 700 may display notification information 710 for determining whether to share an operation mode on the display unit 350…the electronic device may determine whether a user accepts setting of sharing. For example, the electronic device 700 may determine whether “YES” 720 is selected in the notification information 710 for determining whether to share an operation mode in FIG. 7A)
Therefore, it would have been obvious to one with ordinary skill in the art before the effective filing date of the invention, to modify the system and methods for authentication internet-of-things devices disclosed by Ding to include method and apparatus for controlling operations of electronic device, as thought by OH, in order to determine whether a device is locked  when connected to authentication service through a wireless network. A person with ordinary skill in the art would have been motivated to determine whether electronic device is locked or not because it is inconvenient for the user to change the setting information of the respective electronic devices so as to correspond to the setting information of the electronic devices according to service characteristics or use environment.

Ding and OH does not but the related art Xia discloses:
wherein the secure facility comprises a building and the granting the user access to the secure facility  (see Xia Col. 3, lines 42-45, the secured resource is a physical device, and wherein the message includes an identifier for the physical device) comprises: 
determining, using Wi-Fi triangulation, a location of the mobile device of the user and a door of the building closest to the location of the mobile device of the user; and unlocking the door of the building closest to the location of the mobile device of the user (see Xia Col. 11 lines 7-10, Col. 12 lines 8-15, and Col. 12 lines 31-45, for determining distance between devices, including GPS location tracking and WI-FI triangulation, can additionally or alternatively be used to determine proximity of one device to another).
Therefore, it would have been obvious to one with ordinary skill in the art before the effective filing date of the invention, to modify the system and methods for authentication internet-of-things devices disclosed by Ding and the method and apparatus for controlling operations of electronic device disclosed by OH to include proximity-based access, as thought by Xia, in order to use the wi-fi triangulation technology. A person with ordinary skill in the art would have been motivated to determine the closest facility to access by using wi-fi triangulation to enhance usability.
As to claim 16, the combination of Ding, OH and Xia teaches the computer system of claim 15, further comprising: in response to determining, when the user approaches the secure facility and when the mobile device is connected to the authentication service through a wireless network at the secure facility, that the mobile device is not locked, reject, by the authentication service, the user the access to the secure facility, and requesting the user to lock the mobile device (see HO ¶136, the deactivated mode may include one or more of a screensaver mode, a power saving mode, and a locked mode).

As to claim 17, the combination of Ding, OH and Xia teaches the computer system of claim 15, further comprising: in response to determining that the user has not unlocked the device, rejecting, by the authentication service, the user the access to the secure facility (see HO ¶136, the deactivated mode may include one or more of a screensaver mod, a power saving mode, and a locked mode)

As to claim 18, the combination of Ding, OH and Xia teaches the computer system of claim 15, further comprising: in response to determining that the first token and the second token do not match, rejecting, by the authentication service, the user the access to the secure facility (see Ding ¶74,  target device 10 may verify the received authentication pin or token (step 717). If the received authentication pin or token matches the authentication pin or token of target device 10, target device 10 may return a discovery-confirmation message to terminal 22).

As to claim 19, the combination of Ding, OH and Xia teaches the computer system of claim 15, further comprising: in response to determining that the first token and the second token match, generating, by the authentication service, a certificate for the user to access the secure facility; and deploying, by the authentication service, the certificate on the mobile device (see Ding ¶74,  target device 10 may verify the received authentication pin or token (step 717). If the received authentication pin or token matches the authentication pin or token of target device 10, target device 10 may return a discovery-confirmation message to terminal 22).

As to claim 20, the combination of Ding, OH and Xia teaches the computer system of claim 19, further comprising: retrieving, by the authentication service, from the mobile device of the user, the certificate; determining, by the authentication service, whether the certificate is expired; and in response to determining that the certificate is not expired, checking, by the authentication service, access policies; and in response to determining that the access policies grant the user to access, granting, by the authentication service, the user the access to the secure facility (see OH ¶60, deactivated-mode control variable may include a time point at which a switching to the deactivated mode is performed).


Conclusion
Applicant's amendment necessitated the new ground(s) of rejection presented in this Office action.  Accordingly, THIS ACTION IS MADE FINAL.  See MPEP § 706.07(a).  Applicant is reminded of the extension of time policy as set forth in 37 CFR 1.136(a).  
A shortened statutory period for reply to this final action is set to expire THREE MONTHS from the mailing date of this action.  In the event a first reply is filed within TWO MONTHS of the mailing date of this final action and the advisory action is not mailed until after the end of the THREE-MONTH shortened statutory period, then the shortened statutory period will expire on the date the advisory action is mailed, and any extension fee pursuant to 37 CFR 1.136(a) will be calculated from the mailing date of the advisory action.  In no event, however, will the statutory period for reply expire later than SIX MONTHS from the date of this final action. 

Any inquiry concerning this communication or earlier communications from the examiner should be directed to NEGA WOLDEMARIAM whose telephone number is (571)270-7478. The examiner can normally be reached Monday to Friday, 8am-5pm.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Jeffrey Pwu can be reached on 5712726798. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. Visit https://www.uspto.gov/patents/apply/patent-center for more information about Patent Center and https://www.uspto.gov/patents/docx for information about filing in DOCX format. For additional questions, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.





/NEGA WOLDEMARIAM/Examiner, Art Unit 2433                                                                                                                                                                                                        

/BRANDON HOFFMAN/Primary Examiner, Art Unit 2433