DETAILED ACTION
	This action is responsive to applicant’s communication filed 06/22/2022.

Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .

Status of the Claims
	Claims 1-20 are rejected under 35 U.S.C. 103.
	Claims 1-20 are rejected under 35 U.S.C. 112(b).
	Claims 2 and 11 are rejected under 35 U.S.C. 112(d).

Priority
Acknowledgment is made of the translation of the foreign priority document filed 06/22/2022. All priority documents have been received.

Response to Arguments
New grounds for rejection as necessitated by the amendments are submitted with this office action.

Applicant argues on Pages 11-12 that a person of ordinary skill in the art would not have a motivation to combine the references used in the prior art rejections below. The examiner respectfully disagrees. The examiner recognizes that obviousness may be established by combining or modifying the teachings of the prior art to produce the claimed invention where there is some teaching, suggestion, or motivation to do so found either in the references themselves or in the knowledge generally available to one of ordinary skill in the art.  See In re Fine, 837 F.2d 1071, 5 USPQ2d 1596 (Fed. Cir. 1988), In re Jones, 958 F.2d 347, 21 USPQ2d 1941 (Fed. Cir. 1992), and KSR International Co. v. Teleflex, Inc., 550 U.S. 398, 82 USPQ2d 1385 (2007).  
In this case, LANDQVIST teaches a method of authentication that uses physical information of the user, an embodiment of which is the “visual acuity” or “color vision” of the user (See Paragraph 0017). The examiner is interpreting the “visual authentication code” recited by the claims broadly to include the visual authentication challenges taught by LANDQVIST. LANDQVIST teaches that the vision capability of the user is known. It therefore would have been obvious to one of ordinary skill in the art to use visual authentication challenges that depend on known physical traits of the user, including the visual acuity as specifically taught. The secondary references, KORNELUK and GARSIDE, provide such visual challenges.
Regarding KORNELUK, since LANDQVIST teaches that the color vision information of the user is known, it therefore follows that this information must have been provided to the system at some point before an instance of authentication. It therefore would have been obvious to one of ordinary skill in the art to include an enrollment procedure that identifies and registers the color vision of the user, as taught by KORNELUK. Furthermore, since KORNELUK (Paragraph 0009) teaches tailoring user interfaces based on the color blindness of the user, it would have been obvious to also tailor the authentication procedure used by the user interface.
Regarding GARSIDE, a pseudoisochromatic test, which includes different answers depending on the color vision of the user, is used as a liveliness test that authenticates whether a user is human. Given the teachings of LANDQVIST, adaptation of the pseudoisochromatic test as a visual authentication code or challenge for authenticating a user with a known color vision trait would have been obvious to one of ordinary skill in the art. Both references have the goal of preventing malicious third parties from accessing protected information, are analogous art, and the combination of the references would have yielded predictable results to one of ordinary skill in the art.

Applicant argues on Pages 13-14 of the Remarks that the combination of LANDQVIST with GARSIDE and/or KORNELUK would change the principle of operation and frustrate the intended purpose of LANDQVIST. The examiner respectfully disagrees. The principle of operation and purpose of LANDQVIST is user authentication using a visual challenge, including using known physical traits, such as the color vision of the user. LANDQVIST’s discussion of using unobtrusive inputs is merely one identified benefit of the specific embodiment of the disclosure. Furthermore, whether an input is “obtrusive” is a subjective measure and one of ordinary skill in the art would not necessarily identify the pseudoisochromatic tests of KORNELUK and GARSIDE as being obtrusive.
Furthermore, the test for obviousness is not whether the features of a secondary reference may be bodily incorporated into the structure of the primary reference; nor is it that the claimed invention must be expressly suggested in any one or all of the references.  Rather, the test is what the combined teachings of the references would have suggested to those of ordinary skill in the art.  See In re Keller, 642 F.2d 413, 208 USPQ 871 (CCPA 1981).
In this case, a goal of LANDQVIST of providing authentication with unobtrusive user inputs would not have deterred one of ordinary skill in the art from combining the teachings of KORNELUK and/or GARSIDE with the teachings of LANDQVIST. Rather, as discussed above, since LANDQVIST teaches authentication based on color vision information of the user, it would have been obvious to one of ordinary skill in the art to use other visual challenges that depend on the color vision of the user, such as the pseudoisochromatic tests of KORNELUK and GARSIDE. GARSIDE also teaches use of the pseudoisochromatic challenge as a liveliness test, and adaptation of such a challenge for authentication of a specific user (rather than any human in general) given known information about the specific user would have yielded predictable results and would have been obvious to one of ordinary skill in the art.


Claim Rejections - 35 USC § 112
The following is a quotation of 35 U.S.C. 112(b):
(b)  CONCLUSION.—The specification shall conclude with one or more claims particularly pointing out and distinctly claiming the subject matter which the inventor or a joint inventor regards as the invention.


Claims 1-20 are rejected under 35 U.S.C. 112(b) or 35 U.S.C. 112 (pre-AIA ), second paragraph, as being indefinite for failing to particularly point out and distinctly claim the subject matter which the inventor or a joint inventor (or for applications subject to pre-AIA  35 U.S.C. 112, the applicant), regards as the invention. Claim 1 recites “a reference value determined based on pre-enrolled color vision information of the user”. Claim 1 also recites “determining that a user authentication of the user is successful if an input value with respect to the visual authentication code included in the user input matches a value corresponding to the pre-enrolled color vision information of the user”. Based on the disclosure on Page 7 lines 11-15, the claimed “reference value” seems to be the same as the “value”. The claim is therefore indefinite since it is unclear whether the claim is reciting two different components or if the components are the same.
Claims 10 and 18 recite the same limitations and are therefore rejected using the same reasoning. Claims 2-9, 11-17, and 19-20 are rejected due to their dependencies.
Note: Claims 2-3, 11-12, and 19 also recite the “reference value” and should be corrected in line with the independent claims.


The following is a quotation of 35 U.S.C. 112(d):
(d) REFERENCE IN DEPENDENT FORMS.—Subject to subsection (e), a claim in dependent form shall contain a reference to a claim previously set forth and then specify a further limitation of the subject matter claimed. A claim in dependent form shall be construed to incorporate by reference all the limitations of the claim to which it refers.


Claims 2 and 11 are rejected under 35 U.S.C. 112(d) or pre-AIA  35 U.S.C. 112, 4th paragraph, as being of improper dependent form for failing to further limit the subject matter of the claim upon which it depends, or for failing to include all the limitations of the claim upon which it depends. 
Claim 1 recites “a reference value determined based on pre-enrolled color vision information of the user”. 
Claim 1 also recites “determining that a user authentication of the user is successful if an input value with respect to the visual authentication code included in the user input matches a value corresponding to the pre-enrolled color vision information of the user”. 
Claim 2 recites “determining that a user authentication of the user is successful, if an input value with respect to the visual authentication code included in the user input is the same as the reference value”.
While unclear as discussed in the 35 U.S.C. 112(b) rejection above, the “reference value” recited by claim 1 corresponds to pre-enrolled color vision information of the user. The “value” recited by claim 1 also corresponds to pre-enrolled color vision information of the user. Since the “reference value” and the “value” seem to refer to the same value (i.e. an expected answer to the visual authentication code based on pre-enrolled color vision information of a user”), claim 2 does not further limit claim 1. Both limitations are substantially the same since they recite a determination that a user authentication is successful if an input value matches or is the same as a determined value.
Claim 11 recites the same limitations as claim 2 and is therefore rejected for the same reasoning.
Applicant may cancel the claim(s), amend the claim(s) to place the claim(s) in proper dependent form, rewrite the claim(s) in independent form, or present a sufficient showing that the dependent claim(s) complies with the statutory requirements.


Claim Rejections - 35 USC § 103
In the event the determination of the status of the application as subject to AIA  35 U.S.C. 102 and 103 (or as subject to pre-AIA  35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status.  

The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.


The factual inquiries for establishing a background for determining obviousness under 35 U.S.C. 103 are summarized as follows:
1. Determining the scope and contents of the prior art.
2. Ascertaining the differences between the prior art and the claims at issue.
3. Resolving the level of ordinary skill in the pertinent art.
4. Considering objective evidence present in the application indicating obviousness or nonobviousness.

Claims 1-3, 7-12 and 16-19 are rejected under 35 U.S.C. 103 as being unpatentable over LANDQVIST (US 2017/0032137 A1) in view of GARSIDE (GB 2477561 A).


Regarding Claim 1, LANDQVIST teaches a user authentication method based on color vision information, performed by a user authentication apparatus, the user authentication method comprising: (See Figure 2, which provides an overview of the method. At step S3, the personal information retrieved would be the color vision information of the user, as discussed in Paragraph 0044.)
transmitting, to a user terminal, a visual authentication code (“step S4 comprises selecting a visual challenge configured based on the personal information retrieved in the previous step… Step S5 comprises issuing the visual challenge to the user U. Typically the visual challenge is displayed on the display unit 150.” Paragraphs 0044-46. A visual challenge, which is equivalent to a “visual authentication code”, is created based on the personal information of the user. An example is given in Paragraph 0044 and 0017 of the personal information being the lack of color vision of the user and the challenge being configured with a portion that the user should not be able to see if they are the true user being authenticated.)
that is recognized differently according to color vision deficiency; (“a physical capacity may refer to the visual acuity of a user or the color vision of the user. Hence, the challenge may be configured with a portion that the user is not meant to see due to their visual acuity or lack of color vision, and if an attempt, e.g. a gaze direction is directed to such a portion of the visual challenge, it may be determined as an attempt to bypass the security measure” Paragraph 0017.)
receiving, from the user terminal, a user input corresponding to the visual authentication code; (“Subsequent step S6 comprises receiving visual input, by the visual input receiving unit 160, which corresponds to an eye-movement of the user U relating to the visual challenge presented on the display unit 150. The visual input may be at least one of eye-gaze direction of the user, a focus area for the eye-gaze of the user, and an eye-gaze direction of the user during a predetermined period of time.” Paragraph 0048. An eye gaze towards a specific area or direction of the visual challenge presented to the user is received. An eye gaze is a type of user input.)
and determining a user authentication result of a user based on a comparison result obtained by comparing the user input to a reference value determined based on pre-enrolled color vision information of the user. (“Step S7 comprises determining whether the user passed the challenge based on the received visual input corresponding to an eye movement of the user U… detecting whether the user focuses an eye-gaze on at least one specific area of the visual challenge. Determining whether the user U passed the visual challenge may thus comprise utilizing a set of predetermined rules or thresholds in order to determine whether the eye movement of the user U corresponds to an expected eye movement. Hereby, it is understood that the visual challenge that is selected and issued to the user U may have an expected response from the user U such as an expected eye-gaze, or eye-gaze direction described previously.” Paragraph 0049. 
The direction or area of the user’s eye gaze [user input] is compared to an expected direction or area [reference area] in order to obtain the authentication result. As discussed in Paragraph 0017, the expected result would be the user with the lack of color vision to not gaze at a particular portion of the challenge, while the gaze of the false user would look at such a portion. If the personal traits of the user are being retrieved as discussed in Paragraph 0044, then the personal traits, such as the color vision of the user, must be pre-enrolled or pre-registered in the database.) 
“if an attempt, e.g. a gaze direction is directed to such a portion of the visual challenge, it may be determined as an attempt to bypass the security measure. In such an embodiment, the expected eye movement of the user which is received in order to determine whether the user passes the visual challenge may be… only receiving a eye movement which corresponds to a adaptation, e.g. a specific portion subjected to adaptation, of the visual challenge which the user should detect with his or her physical capacity.” Paragraph 0017)
LANDQVIST therefore teaches that the correct answer to an authentication challenge is corresponding to the pre-enrolled color vision information of the user. 
LANDQVIST further teaches wherein the determining comprises determining that a user authentication of the user is successful if an input value with respect to the visual authentication code included in the user input matches a value… ( “If the user passed the visual challenge, access is allowed to the device for the user in step 8a... If the user U fails the challenge, access is denied to the device in step S8b.” Paragraph 0050. The input value would be the specific direction or area the user is looking with respect to the visual code on the display. If the direction or area is the same as the expected direction or area, then the authentication is successful and the user is granted access to the device.)
LANDQVIST does not teach that the value to be matched is a value among different values that may be read from the visual authentication code.
	However, GARSIDE, which is directed to authenticating a user based on a pseudo-isochromatic challenge, also teaches wherein the determining comprises determining that a user authentication of the user is successful if an input value with respect to the visual authentication code included in the user input matches a value… (“a user wishing to request a particular service creates its own Pseudo-lsochromatic challenge using its trusted computing device or environment which may be set up for the end users particular colour vision deficiencies if required. The user then answers the Pseudo-lsochromatic challenge and the trusted computing environment evaluates the user's answer to the challenge. The trusted computing environment generates a digital signature (e.g., a signed assertion) attesting to the user's successful completion of the challenge which is attached to the user's request for services and sent to the service provider. Once the service provider receives the user's message, the digital signature can then be verified by the service provider. If the digital signature is acceptable, the service provider processes the user's request for services and provides the user access to their services.” End of Page 3. The input value would be the user’s answer to the pseudoisochromatic challenge. A correct answer results in successful completion of the challenge.)
GARSIDE teaches that the value is among different values that may be read from the visual authentication code (“The Pseudo-Isochromatic challenge is generated for the user by the user's trusted computing environment or device, and the user answers the challenge. A digital signature which may or may not include the user's answer, or may be appended to the user's answer, is provided as part of the user's service request to a service provider to access their services. For example, the digital signature can be appended to the message body (which may include such things as the correct answer, timestamp, request for services, and so on) to prove the authenticity and integrity of the message to the service provider.” Middle of Page 3. “The challenge will be in the form of letters, numbers, geometric shapes or pictures of recognizable objects, animals, or people presented in a Pseudo-Isochromatic style which can be defined as a pattern of dots or shapes which may be uniform or variable in size, in different colours, saturations, contrasts and colour hues which when perceived by the human eye are recognizable but are designed in such a way as to make optical character recognition (OCR) and other automated processes extremely difficult.” Top of Page 12. A pseudoisochromatic visual code, which is a type of color vision test, is presented to the user as an authentication challenge. The code is a number and/or character that is read differently depending on the color deficiency of the user. As discussed on Page 2, the challenge would have different answers depending on the color vision of the user. The challenge is used as a liveliness authentication; however, in view of LANDQVIST, it would have been obvious to use the challenge in a specific user authentication procedure based on the personal traits of the user stored in the database (i.e. known color vision of the user).)
Before the effective filing date of the invention, it would have been obvious to one of ordinary skill in the art to modify the authentication of a user using a visual challenge configured based on the color vision traits of the user taught by LANDQVIST by using a pseudoisochromatic plate test to authenticate the user as taught by GARSIDE. Since both references are directed to authentication or access control and teach designing the system around the color vision attributes of a user, the combination would yield predictable results. Such an implementation would amount to using a pseudoisochromatic test as the visual authentication code rather than the visual test taught by LANDQVIST. As taught by GARSIDE (Page 1 and 12), such an implementation would increase the security of a system by preventing OCR and other automated processes from intercepting an access code. In combination with LANDQVIST, prevention of access of the data of a user who is known by the system to be colorblind would be ensured since an automated process or malicious attacker would not be able to answer the challenge with the same answer.
Regarding Claim 10, LANDQVIST further teaches a user authentication apparatus for performing a user authentication method, the user authentication apparatus comprising: a memory and a processor, wherein the memory is configured to store instructions executable by the processor, and when the instructions are executed by the processor, the processor is configured to (“In order to perform computations and carry out instructions received via hardware, e.g. communications means or software from a machine-readable memory (not shown) the device 110 comprises a processor (not shown).” Paragraph 0034.)
	Claim 10 otherwise recites identical limitations to claim 1 and is therefore rejected using the same reasoning described above.

Regarding Claim 2, LANDQVIST in view of GARSIDE further teaches wherein the determining comprises determining that a user authentication of the user is successful, if an input value with respect to the visual authentication code included in the user input is the same as the reference value. (LANDQVISIT, “If the user passed the visual challenge, access is allowed to the device for the user in step 8a.” Paragraph 0050. The input value would be the specific direction or area the user is looking with respect to the visual code on the display. If the direction or area is the same as the expected direction or area, then the authentication is successful and the user is granted access to the device.
In view of GARSIDE, the reference value would be the expected result of the pseudoisochromatic test. If it matches, then the authentication would be successful.)
Claim 11 is directed to a user authentication apparatus but otherwise recites identical limitations to claim 2 and is therefore rejected using the same reasoning described above.

Regarding Claim 3, LANDQVIST in view of GARSIDE further teaches wherein the determining comprises determining that a user authentication of the user is failed, if an input value with respect to the visual authentication code included in the user input is different from the reference value. (LANDQVISIT, “If the user U fails the challenge, access is denied to the device in step S8b.” Paragraph 0050. The input value would be the specific direction or area the user is looking with respect to the visual code on the display. If the direction or area is not the same as the expected direction or area, then the authentication is unsuccessful and the user is denied access to the device.
In view of GARSIDE, the reference value would be the expected result of the pseudoisochromatic test. If it does not match, then the authentication would have failed.)
Claim 12 is directed to a user authentication apparatus but otherwise recites identical limitations to claim 3 and is therefore rejected using the same reasoning described above.

Regarding Claim 7, LANDQVIST teaches all the limitations of claim 1, on which claim 7 depends.
LANDQVIST does not teach wherein the visual authentication code is provided in the form of an image based on a color vision test, and is a number, a character, or a combination thereof that is read differently according to normal vision and color vision deficiency.
However. GARSIDE, which is directed to authenticating a user based on a pseudo-isochromatic challenge, teaches wherein the visual authentication code is provided in the form of an image based on a color vision test, and is a number, a character, or a combination thereof that is read differently according to normal vision and color vision deficiency. (“The Pseudo-Isochromatic challenge is generated for the user by the user's trusted computing environment or device, and the user answers the challenge. A digital signature which may or may not include the user's answer, or may be appended to the user's answer, is provided as part of the user's service request to a service provider to access their services. For example, the digital signature can be appended to the message body (which may include such things as the correct answer, timestamp, request for services, and so on) to prove the authenticity and integrity of the message to the service provider.” Middle of Page 3. “The challenge will be in the form of letters, numbers, geometric shapes or pictures of recognizable objects, animals, or people presented in a Pseudo-Isochromatic style which can be defined as a pattern of dots or shapes which may be uniform or variable in size, in different colours, saturations, contrasts and colour hues which when perceived by the human eye are recognizable but are designed in such a way as to make optical character recognition (OCR) and other automated processes extremely difficult.” Top of Page 12. A pseudoisochromatic visual code, which is a type of color vision test, is presented to the user as an authentication challenge. The code is a number and/or character that is read differently depending on the color deficiency of the user. As discussed on Page 2, the challenge would have different answers depending on the color vision of the user. The challenge is used as a liveliness authentication; however, in view of LANDQVIST, it would have been obvious to use the challenge in a specific user authentication procedure based on the personal traits of the user stored in the database (i.e. known color vision of the user).)
The same motivation to combine LANDQVIST with GARSIDE discussed in the rejection of claim 1 applies to claim 7.
Claim 16 is directed to a user authentication apparatus but otherwise recites identical limitations to claim 7 and is therefore rejected using the same reasoning described above.

Regarding Claim 8, LANDQVIST in view of GARSIDE further teaches wherein the visual authentication code is a number, a character, or a combination thereof that is read differently according to at least one of protanomaly, deuteranomaly, tritanomaly, protanopia, deuteranopia, tritanopia, cone monochromatism, and rod monochromatism. (GARSIDE, “The purpose of this is so that the challenges are designed to allow for all types of humans: Trichromats who have normal vision, Dichromats who are colour blind and who can be further defined as: protanopes who have a lack of red cones within their visual system, deuternopes who have a lack of green cones, tritanopes who have a lack of blue cones and anomalous trichromats who have a partial loss of any of the colour cones of the human visual system. The qualitative challenge is discernible by both protanopes and deuternopes but with different answers.” Middle of Page 2.)
Claim 17 is directed to a user authentication apparatus but otherwise recites identical limitations to claim 8 and is therefore rejected using the same reasoning described above.

Regarding Claim 9, LANDQVIST in view of GARSIDE further teaches a non-transitory computer-readable storage medium storing instructions that, when executed by a processor, cause the processor to perform the user authentication method of claim 1. (LANDQVISIT, “In order to perform computations and carry out instructions received via hardware, e.g. communications means or software from a machine-readable memory (not shown) the device 110 comprises a processor (not shown)… The device 110 may of course comprise additional components such as the aforementioned machine-readable memory, both volatile and non-volatile” Paragraph 0034.)

Regarding Claim 18, LANDQVIST teaches a user authentication method performed by a user terminal, the user authentication method comprising: (See Figure 2, which provides an overview of the method. At step S3, the personal information retrieved would be the color vision information of the user, as discussed in Paragraph 0044.)
receiving, from a user authentication apparatus, a visual authentication code (“step S4 comprises selecting a visual challenge configured based on the personal information retrieved in the previous step… Step S5 comprises issuing the visual challenge to the user U. Typically the visual challenge is displayed on the display unit 150.” Paragraphs 0044-46. A visual challenge, which is equivalent to a “visual authentication code”, is created based on the personal information of the user. An example is given in Paragraph 0044 and 0017 of the personal information being the lack of color vision of the user and the challenge being configured with a portion that the user should not be able to see if they are the true user being authenticated.)
that is recognized differently according to color vision deficiency; (“a physical capacity may refer to the visual acuity of a user or the color vision of the user. Hence, the challenge may be configured with a portion that the user is not meant to see due to their visual acuity or lack of color vision, and if an attempt, e.g. a gaze direction is directed to such a portion of the visual challenge, it may be determined as an attempt to bypass the security measure” Paragraph 0017.)
receiving a user input corresponding to the visual authentication code; (“Subsequent step S6 comprises receiving visual input, by the visual input receiving unit 160, which corresponds to an eye-movement of the user U relating to the visual challenge presented on the display unit 150. The visual input may be at least one of eye-gaze direction of the user, a focus area for the eye-gaze of the user, and an eye-gaze direction of the user during a predetermined period of time.” Paragraph 0048. An eye gaze towards a specific area or direction of the visual challenge presented to the user is received. An eye gaze is a type of user input.)
and transmitting the received user input to the user authentication apparatus, (“The device 110 further comprises a determination and authentication unit 170, configured to determine whether the user passes the challenge based on the received visual input corresponding to an eye movement of the user… distributed with some parts and/or components remotely located. For example, some parts may be provided “on-demand” in the cloud, e.g. be provided when requested and be located be located remotely on a server or servers and be reached via a network interface such as the internet.” Paragraphs 0032-33. In the embodiment where the components, such as the authentication unit, are distributed, there would be transmission and receiving of information, such as the user’s eye gaze inputs, over the network.)
wherein the user authentication apparatus is configured to determine a user authentication result of a user based on a comparison result obtained by comparing the user input to a reference value determined based on pre-enrolled color vision information of the user. (“Step S7 comprises determining whether the user passed the challenge based on the received visual input corresponding to an eye movement of the user U… detecting whether the user focuses an eye-gaze on at least one specific area of the visual challenge. Determining whether the user U passed the visual challenge may thus comprise utilizing a set of predetermined rules or thresholds in order to determine whether the eye movement of the user U corresponds to an expected eye movement. Hereby, it is understood that the visual challenge that is selected and issued to the user U may have an expected response from the user U such as an expected eye-gaze, or eye-gaze direction described previously.” Paragraph 0049. 
The direction or area of the user’s eye gaze [user input] is compared to an expected direction or area [reference area] in order to obtain the authentication result. As discussed in Paragraph 0017, the expected result would be the user with the lack of color vision to not gaze at a particular portion of the challenge, while the gaze of the false user would look at such a portion. If the personal traits of the user are being retrieved as discussed in Paragraph 0044, then the personal traits, such as the color vision of the user, must be pre-enrolled or pre-registered in the database.) 
“if an attempt, e.g. a gaze direction is directed to such a portion of the visual challenge, it may be determined as an attempt to bypass the security measure. In such an embodiment, the expected eye movement of the user which is received in order to determine whether the user passes the visual challenge may be… only receiving a eye movement which corresponds to a adaptation, e.g. a specific portion subjected to adaptation, of the visual challenge which the user should detect with his or her physical capacity.” Paragraph 0017)
LANDQVIST therefore teaches that the correct answer to an authentication challenge is corresponding to the pre-enrolled color vision information of the user. 
LANDQVIST further teaches and wherein the user authentication apparatus is configured to determine that a user authentication of the user is successful if an input value with respect to the visual authentication code included in the user input matches a value… ( “If the user passed the visual challenge, access is allowed to the device for the user in step 8a... If the user U fails the challenge, access is denied to the device in step S8b.” Paragraph 0050. The input value would be the specific direction or area the user is looking with respect to the visual code on the display. If the direction or area is the same as the expected direction or area, then the authentication is successful and the user is granted access to the device.)
LANDQVIST does not teach that the value to be matched is a value among different values that may be read from the visual authentication code.
	However, GARSIDE, which is directed to authenticating a user based on a pseudo-isochromatic challenge, also teaches and wherein the user authentication apparatus is configured to determine that a user authentication of the user is successful if an input value with respect to the visual authentication code included in the user input matches a value… (“a user wishing to request a particular service creates its own Pseudo-lsochromatic challenge using its trusted computing device or environment which may be set up for the end users particular colour vision deficiencies if required. The user then answers the Pseudo-lsochromatic challenge and the trusted computing environment evaluates the user's answer to the challenge. The trusted computing environment generates a digital signature (e.g., a signed assertion) attesting to the user's successful completion of the challenge which is attached to the user's request for services and sent to the service provider. Once the service provider receives the user's message, the digital signature can then be verified by the service provider. If the digital signature is acceptable, the service provider processes the user's request for services and provides the user access to their services.” End of Page 3. The input value would be the user’s answer to the pseudoisochromatic challenge. A correct answer results in successful completion of the challenge.)
GARSIDE teaches that the value is among different values that may be read from the visual authentication code (“The Pseudo-Isochromatic challenge is generated for the user by the user's trusted computing environment or device, and the user answers the challenge. A digital signature which may or may not include the user's answer, or may be appended to the user's answer, is provided as part of the user's service request to a service provider to access their services. For example, the digital signature can be appended to the message body (which may include such things as the correct answer, timestamp, request for services, and so on) to prove the authenticity and integrity of the message to the service provider.” Middle of Page 3. “The challenge will be in the form of letters, numbers, geometric shapes or pictures of recognizable objects, animals, or people presented in a Pseudo-Isochromatic style which can be defined as a pattern of dots or shapes which may be uniform or variable in size, in different colours, saturations, contrasts and colour hues which when perceived by the human eye are recognizable but are designed in such a way as to make optical character recognition (OCR) and other automated processes extremely difficult.” Top of Page 12. A pseudoisochromatic visual code, which is a type of color vision test, is presented to the user as an authentication challenge. The code is a number and/or character that is read differently depending on the color deficiency of the user. As discussed on Page 2, the challenge would have different answers depending on the color vision of the user. The challenge is used as a liveliness authentication; however, in view of LANDQVIST, it would have been obvious to use the challenge in a specific user authentication procedure based on the personal traits of the user stored in the database (i.e. known color vision of the user).)
Before the effective filing date of the invention, it would have been obvious to one of ordinary skill in the art to modify the authentication of a user using a visual challenge configured based on the color vision traits of the user taught by LANDQVIST by using a pseudoisochromatic plate test to authenticate the user as taught by GARSIDE. Since both references are directed to authentication or access control and teach designing the system around the color vision attributes of a user, the combination would yield predictable results. Such an implementation would amount to using a pseudoisochromatic test as the visual authentication code rather than the visual test taught by LANDQVIST. As taught by GARSIDE (Page 1 and 12), such an implementation would increase the security of a system by preventing OCR and other automated processes from intercepting an access code. In combination with LANDQVIST, prevention of access of the data of a user who is known by the system to be colorblind would be ensured since an automated process or malicious attacker would not be able to answer the challenge with the same answer.


Regarding Claim 19, LANDQVIST in view of GARSIDE further teaches wherein the user authentication apparatus is configured to: determine that a user authentication of the user is successful, if an input value with respect to the visual authentication code included in the user input is the same as the reference value, (LANDQVISIT, “If the user passed the visual challenge, access is allowed to the device for the user in step 8a.” Paragraph 0050. The input value would be the specific direction or area the user is looking with respect to the visual code on the display. If the direction or area is the same as the expected direction or area, then the authentication is successful and the user is granted access to the device.
In view of GARSIDE, the reference value would be the expected result of the pseudoisochromatic test. If it matches, then the authentication would be successful.)
and determine that a user authentication of the user is failed, if the input value with respect to the visual authentication code included in the user input is different from the reference value. (LANDQVISIT, “If the user U fails the challenge, access is denied to the device in step S8b.” Paragraph 0050. The input value would be the specific direction or area the user is looking with respect to the visual code on the display. If the direction or area is not the same as the expected direction or area, then the authentication is unsuccessful and the user is denied access to the device. 
In view of GARSIDE, the reference value would be the expected result of the pseudoisochromatic test. If it does not match, then the authentication would have failed.)

Claims 4-6, 13-15, and 20 are rejected under 35 U.S.C. 103 as being unpatentable over LANDQVIST (US 2017/0032137 A1) in view of GARSIDE (GB 2477561 A) and further in view of KORNELUK (US 2006/0033880 A1).

Regarding Claim 4, LANDQVIST in view of GARSIDE teaches all the limitations of claim 1, on which claim 4 depends.
While LANDQVIST teaches storing pre-enrolled color vision information of a user, LANDQVIST in view of GARSIDE does not explicitly teach wherein the pre-enrolled color vision information is determined in a user enrollment procedure based on a user input with respect to color vision information of the user, and includes information regarding whether the user has color vision deficiency.
However, KORNELUK, which is directed to adjusting a display based on the color vision information of a user obtained from an enrollment procedure, teaches wherein the pre-enrolled color vision information is determined in a user enrollment procedure based on a user input with respect to color vision information of the user, and includes information regarding whether the user has color vision deficiency. (“A menu of colorblind types can be displayed from which a user can select his type of colorblindness, if known. If the user does not know his type of colorblindness, one or more test patterns can be presented to the user. For each test pattern, the user can select at least one identifier corresponding to an image visually perceived by the user. The user's selection can be compared to predetermined data corresponding to the test pattern.” Paragraph 0010. “a device can commence determining a colorblind condition of a user based on at least one user input.” Paragraph 0018. See Figure 1, which outlines a user enrollment procedure for determining whether the user has colorblindness, as well as the type of colorblindness.)
Before the effective filing date of the invention, it would have been obvious to one of ordinary skill in the art to modify the presentation of a visual authentication challenge based on a physical trait of the user, such as colorblindness taught by LANDQVIST in view of GARSIDE by incorporating the enrollment procedure for determining whether a user is colorblind taught by KORNELUK. Since LANDQVIST teaches that the personal traits of the user are stored in a database (Paragraphs 0036, 0044), there must have been some enrollment procedure to obtain and store such information. It would have been reasonable for a person of ordinary skill in the art to use the enrollment procedure taught by KORNELUK as a necessary step to accomplish the method of LANDQVIST. Furthermore, as suggested by KORNELUK, such an implementation would improve the user experience by aiding the user in tailoring the user interface to their type of colorblindness whether the user is aware of it or not.
Claim 13 is directed to a user authentication apparatus but otherwise recites identical limitations to claim 4 and is therefore rejected using the same reasoning described above.

Regarding Claim 5, LANDQVIST in view of GARSIDE and KORNELUK further teaches wherein the pre-enrolled color vision information is enrolled information regarding whether the user has color vision deficiency, determined based on an input value with respect to a visual code that is read differently according to color vision deficiency input in the user enrollment procedure. (KORNELUK, “if the user does not know the type of colorblindness from which he suffers, a colorblindness test pattern can be presented to the user, as shown in step 140. For example, the colorblindness test pattern can be a test pattern of a pseudoisochromatic plate test… the user can be prompted to enter an input responsive to the test pattern. For instance, the user can be prompted to identify an image perceived in the test pattern. For example, if the user perceives an alphanumeric character which has a correlating key in the device's keypad, the user can enter the alphanumeric character using the keypad… If, however, the logged failures are consistent with colorblindness, the user's type of colorblindness can be determined” Paragraphs 0022-25. A pseudoisochromatic plate test, in which a user must identify a series of visual patterns that can be misread by those with a color vision deficiency, is used to determine the color vision deficiency of the user.)
Claim 14 is directed to a user authentication apparatus but otherwise recites identical limitations to claim 5 and is therefore rejected using the same reasoning described above.

Regarding Claim 6, LANDQVIST in view of GARSIDE and KORNELUK further teaches wherein the pre-enrolled color vision information is enrolled information regarding whether the user has color vision deficiency, determined based on a selected value with respect to color vision deficiency input in the user enrollment procedure. (KORNELUK, “a user response can be solicited to determine whether the user knows the type of colorblindness he suffers from. For example, the user can be prompted to enter a response using a keypad, a stylus, a mouse, a touch screen, a remote control unit, or any other user input device. If the user does know his type of colorblindness, a list of colorblindness types can be presented to the user, as shown in step 115. A user input then can be received to select a colorblindness type from the menu, as shown in step 120.” Paragraph 0019. See Figure 1 steps 110 and 115: A user manually selects their color vision deficiency from a menu if they know their color vision deficiency.)
Claim 15 is directed to a user authentication apparatus but otherwise recites identical limitations to claim 6 and is therefore rejected using the same reasoning described above.

Regarding Claim 20, LANDQVIST in view of GARSIDE teaches all the limitations of claim 18, on which claim 20 depends.
LANDQVIST in view of GARSIDE further teaches and the visual authentication code is provided in the form of an image based on a color vision test, and is a number, a character, or a combination thereof that is read differently according to normal vision and color vision deficiency. (GARSIDE, “The Pseudo-Isochromatic challenge is generated for the user by the user's trusted computing environment or device, and the user answers the challenge. A digital signature which may or may not include the user's answer, or may be appended to the user's answer, is provided as part of the user's service request to a service provider to access their services. For example, the digital signature can be appended to the message body (which may include such things as the correct answer, timestamp, request for services, and so on) to prove the authenticity and integrity of the message to the service provider.” Middle of Page 3. “The challenge will be in the form of letters, numbers, geometric shapes or pictures of recognizable objects, animals, or people presented in a Pseudo-Isochromatic style which can be defined as a pattern of dots or shapes which may be uniform or variable in size, in different colours, saturations, contrasts and colour hues which when perceived by the human eye are recognizable but are designed in such a way as to make optical character recognition (OCR) and other automated processes extremely difficult.” Top of Page 12. A pseudoisochromatic visual code, which is a type of color vision test, is presented to the user as an authentication challenge. The code is a number and/or character that is read differently depending on the color deficiency of the user. As discussed on Page 2, the challenge would have different answers depending on the color vision of the user. The challenge is used as a liveliness authentication; however, in view of LANDQVIST, it would have been obvious to use the challenge in a specific user authentication procedure based on the personal traits of the user stored in the database (i.e. known color vision of the user).)
While LANDQVIST teaches storing pre-enrolled color vision information of a user, LANDQVIST in view of GARSIDE does not explicitly teach wherein the pre-enrolled color vision information is determined in a user enrollment procedure based on a user input with respect to color vision information of the user, and includes information regarding whether the user has color vision deficiency. 
However, KORNELUK, which is directed to adjusting a display based on the color vision information of a user obtained from an enrollment procedure, teaches wherein the pre-enrolled color vision information is determined in a user enrollment procedure based on a user input with respect to color vision information of the user, and includes information regarding whether the user has color vision deficiency (“A menu of colorblind types can be displayed from which a user can select his type of colorblindness, if known. If the user does not know his type of colorblindness, one or more test patterns can be presented to the user. For each test pattern, the user can select at least one identifier corresponding to an image visually perceived by the user. The user's selection can be compared to predetermined data corresponding to the test pattern.” Paragraph 0010. “a device can commence determining a colorblind condition of a user based on at least one user input.” Paragraph 0018. See Figure 1, which outlines a user enrollment procedure for determining whether the user has colorblindness, as well as the type of colorblindness.)
Before the effective filing date of the invention, it would have been obvious to one of ordinary skill in the art to modify the presentation of a visual authentication challenge based on a physical trait of the user, such as colorblindness taught by LANDQVIST in view of GARSIDE by incorporating the enrollment procedure for determining whether a user is colorblind taught by KORNELUK. Since LANDQVIST teaches that the personal traits of the user are stored in a database (Paragraphs 0036, 0044), there must have been some enrollment procedure to obtain and store such information. It would have been reasonable for a person of ordinary skill in the art to use the enrollment procedure taught by KORNELUK as a necessary step to accomplish the method of LANDQVIST. Furthermore, as suggested by KORNELUK, such an implementation would improve the user experience by aiding the user in tailoring the user interface to their type of colorblindness whether the user is aware of it or not.

Conclusion
The prior art made of record and not relied upon is considered pertinent to applicant's disclosure.
NATARAJAN (US 2016/0028730 A1) teaches an embodiment of user liveness detection or authentication in which the user is presented with a challenge that is read differently based on a color vision deficiency. (¶ 42, 46)

Applicant's amendment necessitated the new ground(s) of rejection presented in this Office action.  Accordingly, THIS ACTION IS MADE FINAL.  See MPEP § 706.07(a).  Applicant is reminded of the extension of time policy as set forth in 37 CFR 1.136(a).  
A shortened statutory period for reply to this final action is set to expire THREE MONTHS from the mailing date of this action.  In the event a first reply is filed within TWO MONTHS of the mailing date of this final action and the advisory action is not mailed until after the end of the THREE-MONTH shortened statutory period, then the shortened statutory period will expire on the date the advisory action is mailed, and any extension fee pursuant to 37 CFR 1.136(a) will be calculated from the mailing date of the advisory action.  In no event, however, will the statutory period for reply expire later than SIX MONTHS from the date of this final action. 


Any inquiry concerning this communication or earlier communications from the examiner should be directed to RAMI RAFAT OKASHA whose telephone number is (571)272-0675. The examiner can normally be reached M-F 9-5 EST.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Kieu Vu can be reached on (571) 272-4057. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. Visit https://www.uspto.gov/patents/apply/patent-center for more information about Patent Center and https://www.uspto.gov/patents/docx for information about filing in DOCX format. For additional questions, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.





/R.R.O./Examiner, Art Unit 2173                                                                                                                                                                                                        

/KIEU D VU/Supervisory Patent Examiner, Art Unit 2173