Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .


Claim Objections
Claims 10-12, and 15 objected to because of the following informalities:  
Claims 10-11 and 15, “the granular sensor,” it is unclear whether “sensor” should be plural, or if it is referring to a specific granular sensor of the “respective granular sensors of each of the plurality of mobile devices.”
Claim 12, “the plurality of devices,” should read “the plurality of mobile devices” 
Appropriate correction is required.


Specification
The disclosure is objected to because of the following informalities:
[0062] “being in involved in a car crash” should read “being involved in a car crash”
[0062] “The term "coarse" is used in a relative sense-that is, the fidelity/precision of the coarse sensor is lower than the fidelity of a granular sensor (e.g., detection of presence at an address as opposed to detection of presence at GPS coordinates within 1 foot). The precision used by the coarse sensor is such that is it readily feasible that multiple devices may come to the same conclusion at the same time.” Is duplicated text from [0016].
Appropriate correction is required.


Claim Rejections - 35 USC § 112
The following is a quotation of 35 U.S.C. 112(b):
(b)  CONCLUSION.—The specification shall conclude with one or more claims particularly pointing out and distinctly claiming the subject matter which the inventor or a joint inventor regards as the invention.


The following is a quotation of 35 U.S.C. 112 (pre-AIA ), second paragraph:
The specification shall conclude with one or more claims particularly pointing out and distinctly claiming the subject matter which the applicant regards as his invention.


Claims 6-21 are rejected under 35 U.S.C. 112(b) or 35 U.S.C. 112 (pre-AIA ), second paragraph, as being indefinite for failing to particularly point out and distinctly claim the subject matter which the inventor or a joint inventor (or for applications subject to pre-AIA  35 U.S.C. 112, the applicant), regards as the invention.

The terms “coarse” and “granular” in claims 6 and 16 are relative terms which render the claims indefinite. The terms “coarse” and “granular” are not defined by the claims, the specification does not provide a standard for ascertaining the requisite degree, and one of ordinary skill in the art would not be reasonably apprised of the scope of the invention. 
The instant specification recites, “The term "coarse" is used in a relative sense-that is, the fidelity/precision of the coarse sensor is lower than the fidelity of a granular sensor (e.g., detection of presence at an address as opposed to detection of presence at GPS coordinates within 1 foot). The Attorney Docket No. 139739-8001.USO1       precision used by the coarse sensor is such that is it readily feasible that multiple devices may come to the same conclusion at the same time.” [0016]. It is not clear what would be “feasible” without explicit disclosure of the specific degree of precision necessary for sensors to be considered “coarse” or “granular”. Further, the sensors, as claimed and described in the present disclosure may or may not include a GPS sensor, and the specific degree of precision recited merely by example for GPS coordinates does not clarify the precision needed for to detect an address as opposed to coordinates within 1 foot, nor for the various other sensors that could be used. Claims 7-15 and 17-21 fall accordingly.

Claim 17 recites the limitation "each of the asymmetric tokens" in line 2.  There is insufficient antecedent basis for this limitation in the claim. It is not clear if “tokens” should be singular, referring to the limitation of “generate an asymmetric token” or the “asymmetric cryptographic tokens” of the preamble of claim 16. It is noted, the preamble might disclose plural “tokens” but claim 16 is directed to generating a singular asymmetric token.


Claim Rejections - 35 USC § 102
In the event the determination of the status of the application as subject to AIA  35 U.S.C. 102 and 103 (or as subject to pre-AIA  35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status.  
The following is a quotation of the appropriate paragraphs of 35 U.S.C. 102 that form the basis for the rejections under this section made in this Office action:
A person shall be entitled to a patent unless –

(a)(1) the claimed invention was patented, described in a printed publication, or in public use, on sale, or otherwise available to the public before the effective filing date of the claimed invention.


(a)(2) the claimed invention was described in a patent issued under section 151, or in an application for patent published or deemed published under section 122(b), in which the patent or application, as the case may be, names another inventor and was effectively filed before the effective filing date of the claimed invention.



Claims 1-2 and 5 are rejected under 35 U.S.C. 102(a)(1) as being anticipated by Bose, Joy and Tasleem Arif. “Encryption in mobile devices using sensors.” 2013 IEEE Sensors Applications Symposium Proceedings (2013): 55-60, hereinafter Bose.

	Regarding claim 1, Bose discloses a method of generating a cryptographic token comprising: 
detecting an event reading via a sensor platform of a mobile device, (Bose, Pg. 3 Sec. V, “accelerometer readings of a motion gesture… or some other sensor readings such as GPS coordinates.”)
wherein the event reading is detected at a specificity that creates distinctive readings pertaining to a current physical circumstance of the mobile device; (Bose, Pg. 3 Sec. V, “…such as shaking the phone or coordinate set for a multi touch gesture”)
and generating the cryptographic token based on the event reading. (Bose, Pg. 3 Sec. V, “the encryption key could be either a user gesture… or some other sensor readings…”)
	A “sensor platform” is interpreted as being either a single sensor or a plurality of sensors, as is suggested in the instant specification of the present disclosure at [0012], “Based on the granularity of a given sensor or sensor platform… For example a sensor platform simultaneously detects…”

	Regarding claim 2, Bose discloses the method of claim 1 as set forth above, wherein the event reading is an amalgamation of readings by a plurality of sensors of the sensor platform. (Bose, Pg. 3 Sec. V, “Another way is to code the input as one dimensional vectors and use a bitwise XOR function to transform the input vectors into encoded data vectors.”; Pg. 5, Sec. IX, “the accelerometer … and gyroscope… readings can be combined to get a more accurate reading…”) 
The present disclosure describes an “amalgamation” as, “concatenation of raw data, hashing the combination of all sensors, translating the sensor output into a uniform language (e.g., binary), or generating a representative vector.” Bose suggests converting sensor input data into a vector and also suggests the data can be a combination of various sensor readings for improved accuracy.

Regarding claim 5, Bose discloses the method of claim 1 as set forth above, and wherein the detecting is performed in response to: 
identifying, via a machine learning model, input from the sensor platform as an occurrence of a first type of predetermined recognized event. (Bose, Pg. 3 Sec. VI, “While using a neural network, the system is trained to associate the mapping of the input data byte”)


Claim Rejections - 35 USC § 103
In the event the determination of the status of the application as subject to AIA  35 U.S.C. 102 and 103 (or as subject to pre-AIA  35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status.  
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.



Claim 3 is rejected under 35 U.S.C. 103 as being unpatentable over Bose in view of Lambert et al. (EP 3748898 A1), hereinafter Lambert.

	Regarding claim 3, Bose discloses the method of claim 1 as set forth above, but fails to disclose wherein generating the cryptographic token further comprises: hashing the amalgamation of readings. 
However, Lambert teaches generating a cryptographic token by hashing an amalgamation of readings. (Lambert, [0032] “the compression function may be a cryptographic hash function. such as, without limitation, MD5, SHA-1, SHA-2, SHA-3, RIPEMD-160, Whirlpool, or BLAKE2”)
Lambert is directed to using sensor data as input to a cryptographic pseudorandom number generator to generate sequences of numbers that are suitable for cryptographic applications, in other words, a cryptographic token. Therefore, it would be obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to modify Bose to incorporate the teachings of Lambert to include generating the cryptographic token further comprises hashing the amalgamation of readings. Such modification(s) would be motivated to obtain compressed sensor data. Lambert, [0032]


Claim 4 is rejected under 35 U.S.C. 103 as being unpatentable over Bose in view of Agarwal, G. (US-PGPUB 2019/0289017 A1), hereinafter Agarwal.

	Regarding claim 4, Bose discloses the method of claim 1 as set forth above, but fails to disclose linking the cryptographic token to an authentication procedure for a computer resource, wherein the computer resource is generated contemporaneously with the cryptographic token.
However, Agarwal teaches linking the cryptographic token to an authentication procedure for a computer resource, (Agarwal, [0041] “upon the user supplying the appropriate user identifier, knowledge factor credential, and demonstrating possession of the mobile user computing device 12, the application server 16 may then provide access to the requested resources”) 
wherein the computer resource is generated contemporaneously with the cryptographic token. (Agarwal, [0043] “authenticated session”)
Bose is directed to utilizing sensors of mobile devices for cryptographic purposes. Agarwal is directed to a time and location based authentication scheme using mobile devices. Therefore, it would be obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to modify Bose to incorporate the teachings of Agarwal to include linking the cryptographic token to an authentication procedure for a computer resource wherein the computer resource is generated contemporaneously with the cryptographic token. Such modification(s) would be motivated to force the user to re-authenticate after a given session ends. Agarwal [0043]


Claims 6-7, 9-10, and 12-13 are under 35 U.S.C. 103 as being unpatentable over Agarwal in view of Scheidt et al. (US Patent No. 6,490,680 B1), hereinafter Scheidt.

	Regarding claim 6, Agarwal discloses a method of generating asymmetric cryptographic tokens comprising: 
detecting a first event reading via respective coarse sensors of each of a plurality of mobile devices, (Argarwal, [0027] “a pair of computing devices”; [0028] “substantially more pairs of computing devices”; [0079] “second subset of digits… the second subset may be less significant digits than the first subset”) 
wherein the first event reading matches across each of the coarse sensors of the plurality of mobile devices; (Agarwal, [0037] “authorized access may be determined based the latitude and longitude of the mobile computing device being within a boundary… such that measurement error around the user's actual geolocation within some threshold… produces the same lower-resolution, lower-granularity output.”)
generating a shared token based on the first event reading for each of the plurality of mobile devices; (Agarwal, [0075] “… generate a limited-use authentication credential (e.g., a TLOTP) with a client… mobile computing device 64 may generate a limited-use authentication credential from… the coarser-geolocation value… ”)
detecting respective second event readings via respective granular sensors of each of the plurality of mobile devices, wherein the respective second event readings are distinctive to each of the plurality of mobile devices based on distinctive physical circumstances of each of the plurality of mobile devices; (Agarwal, [0079], “first subset of digits… the second subset may be less significant digits than the first subset”) 
A single sensor, such as a GPS module, would be capable of providing the required data for the present invention due to the relative terms “coarse” and “granular”. The term “distinctive” as defined in the instant specification does not indicate “unique.” [0048] It is sufficient that the second sensor readings have higher precision/granularity over the first sensor readings to produce “distinctive” readings.
and generating respective asymmetric tokens by each of the plurality of mobile devices where there is a cryptographic relationship between the respective asymmetric tokens of each of the plurality of mobile devices and the shared token. (Agarwal, [0073] “The additional credentials may be an encryption key with which the mobile computing device 64 is to encrypt or cryptographically hash a user supplied credential, or parameters by which a one-time password is generated, or a public or private encryption key.”) 
	Agarwal fails to disclose generating respective asymmetric tokens by each of the plurality of mobile devices based on the respective second event readings. 
However, Scheidt teaches generating respective asymmetric tokens by each of the plurality of mobile devices based on the respective second event readings. (Scheidt, Col. 13 ln. 53-60, “a user's biometric template forms the basis of a user's private key”). 
Biometric data is analogous to sensor readings of a given event, as both involve taking readings from sensors and may require user actions to affect the sensors of a device. This similarity is acknowledged in the instant specification at [0012]. Scheidt is directed to user authentication using Constructive Key management and biometric data. Agarwal, while directed to time and location based authentication, also suggests combining biometric data with location data at [0025]. Therefore, it would be obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to modify Agarwal to incorporate the teachings of Scheidt to include generating respective asymmetric tokens by each of the plurality of mobile devices based on the respective second event readings. Such modification would be motivated to implement a constructive key management scheme to improve security by incorporating public key cryptography and discarding private keys after use. Scheidt Col. 4 ln. 51-53.

Regarding claim 7, Agarwal discloses the method of claim 6 as set forth above, and
wherein the shared token identifies a shared computer resource and (Agarwal, [0059] “In some embodiments, the process 60 begins with a user interacting with the browser 66 to request access to resources available remotely over a network”)
each of the respective asymmetric tokens are used in login credentials to the shared computer resource that correspond to each of the plurality of mobile devices. (Agarwal, [0070] “a value that is cryptographically signed with a private encryption key of the authorization server… the value encoded may be a value selected based on a mobile computing device associated with the user requesting authentication in the user profile… the authorization server 70 may encode a different value that uniquely identifies different mobile computing devices associated with different users”)

Regarding claim 9, Agarwal discloses the method of claim 6 as set forth above, and
wherein the respective coarse sensors detect events as being within predetermined ranges of values. (Agarwal, [0037] “authorized access may be determined based the latitude and longitude of the mobile computing device being within a boundary, i.e. a circle or polygon (like a grid square or hexagon in a hexagonal grid), defining a geographic area.”)

Regarding claim 10, Agarwal discloses the method of claim 6 as set forth above, and wherein the granular sensor is a camera. (Agarwal, [0039] “the initial registration session may be enhanced by providing, in the machine-readable image, a set of features designed to be detected by the camera of the mobile user device.”)

Regarding claim 12, Agarwal discloses the method of claim 6 as set forth above, and wherein the first event reading is any of:
the plurality of devices are physically present within a single geographic region; or 
any combination of detections above. (Agarwal, [0037] “within a boundary”)
It is noted, “or any combination of detections” is an alternative form. The prior art need only disclose one of the listed limitations to apply. Agarwal suggests a threshold in which to restrict the authentication. Thus, the mobile devices involved in the authentication procedure must be “physically present” within the geolocation threshold.

	Regarding claim 13, Agarwal discloses the method of claim 6 as set forth above, and wherein the first event reading and the respective second event readings are detected contemporaneously. (Agarwal, [0037]; [0079] “the second subset may be less significant digits than the first subset”) 
It is noted, “contemporaneously” is synonymous with “at the same time.” As discussed above for claim 6, the first and second sensors may be the same, and thus the first and second event readings may be originating from the same reading. Agarwal teaches that coarseness is relative based on different resolutions or thresholds. Agarwal further suggests a difference of significant digits, which would sufficiently affect the granularity/coarseness of sensor values.


Claim 8 is rejected under 35 U.S.C. 103 as being unpatentable over Agarwal in view of Scheidt and in further view of Girdhar et al. (US-PGPUB 2020/0110870 A1), hereinafter Girdhar.

Regarding claim 8, Agarwal discloses the method of claim 6 as set forth above, but fails to disclose tracking changes made to the shared computer resource as logged to specific mobile device of the plurality of mobile devices. 
However, Girdhar teaches tracking changes made to the shared computer resource as logged to specific mobile device of the plurality of mobile devices. (Girdhar, [0044] “actions such as reading, copying, deleting, modifying files in a cloud computing account may be tracked”)
Girdhar is directed to detecting anomalies in user account authentication for a cloud resource, which is applicable to the authentication for a network resource of Agarwal. Therefore, it would be obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to modify Agarwal to incorporate the teachings of Girdhar to include tracking changes made to the shared computer resource as logged to specific mobile device of the plurality of mobile devices. Such modification(s) would be motivated to detect suspicious activity that might indicate a session hijacking attempt. Girdhar, [0044]


Claims 11 and 14 are rejected under 35 U.S.C. 103 as being unpatentable over Agarwal in view of Scheidt and in further view of Lambert.

	Regarding claim 11, Agarwal discloses the method of claim 6 as set forth above, but fails to disclose wherein the granular sensor detects gyroscopic drift over a predetermined period of time. 
However, Lambert teaches wherein the granular sensor detects gyroscopic drift over a predetermined period of time (Lambert, Fig. 1 #108, [0021]; [0030] “raw output data from the sensors may be transmitted upon request from the sensor data collection module 196 or automatically (e.g. on a periodic basis, upon detection of sensor events, etc.).”).
Lambert is directed to using sensor data as input to a cryptographic pseudorandom number generator to generate sequences of numbers that are suitable for cryptographic applications, in other words, a cryptographic token. Therefore, it would be obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to modify Agarwal to incorporate the teachings of Lambert to include wherein the granular sensor detects gyroscopic drift over a predetermined period of time. Such modification(s) would be motivated to provide a mobile computing device with useful random data for pseudorandom number generation. Lambert, [0012]

	Regarding claim 14, Agarwal discloses the method of claim 6 as set forth above, but fails to disclose hashing the respective second event readings. 
However, Lambert teaches hashing the respective second event readings. (Lambert, [0032] “the compression function may be a cryptographic hash function. such as, without limitation, MD5, SHA-1, SHA-2, SHA-3, RIPEMD-160, Whirlpool, or BLAKE2”)
Therefore, it would be obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to modify Agarwal to incorporate the teachings of Lambert to include hashing the respective second event readings. Such modification(s) would be motivated to obtain compressed sensor data. Lambert, [0032]


Claim 15 is rejected under 35 U.S.C. 103 as being unpatentable over Agarwal in view of Scheidt and in further view of Bose.

	Regarding claim 15, Agarwal discloses the method of claim 6, and wherein the granular sensor includes a suite of sensors (Agarwal, Fig. 1 #24 & #28, [0030] “a geolocation sensor 24” and “a camera 28”) but fails to disclose the respective second event readings are an amalgamation of readings by the suite of sensors. 
However, Bose teaches the granular sensor includes a suite of sensors (Bose, Pg. 1 Sec. I, “Accelerometer”, “Touch sensor”, “Gyroscope”, “Front facing camera”, “Global Positioning System (GPS) sensor”, “Ambient Light Sensor”, “Geomagnetic/Magnetometer Sensor”) and the respective second event readings are an amalgamation of readings by the suite of sensors. (Bose, Pg. 3 Sec. V, “Another way is to code the input as one dimensional vectors and use a bitwise XOR function to transform the input vectors into encoded data vectors.”; Pg. 5, Sec. IX, “the accelerometer … and gyroscope… readings can be combined to get a more accurate reading…”)
It is noted, “suite of sensors” is being interpreted as synonymous with a collection of sensors.
Bose is directed to encryption using sensors, which would be applicable to Agarwal’s location and time based authentication as both are cryptographic processes. Therefore, it would be obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to modify Agarwal to incorporate the teachings of Bose to include the respective second event readings are an amalgamation of readings by the suite of sensors. Such modification would be motivated to combine the readings for more accurate or distinct readings. Bose Pg. 3 Sec. V


	Claims 16-21 are substantially similar to that of claims 6-7, 9-10 and 14-15 respectively. Therefore, claims 16-21 are rejected on similar grounds as claims 6-7, 9-10 and 14-15.
	 

Conclusion
The prior art made of record and not relied upon is considered pertinent to applicant's disclosure.
Benson et al. (EP 3672146 A1) – Regarding a device registration and authentication system.
Joshi, S. (US-PGPUB 2017/0097816 A1) – Regarding reading device sensor data and determining from present context, relevant applications to the present context.
Agrawal et al. (WO 2020/07882 A1) – Regarding enhancing biometric authentication by leveraging multiple devices.
Abdurrahman, Usman Alhaji, Mustafa Kaiiali, and Jawad Muhammad. "A new mobile-based multi-factor authentication scheme using pre-shared number, GPS location and time stamp." 2013 International Conference on Electronics, Computer and Computation (ICECCO). IEEE, 2013. – Regarding a multi factor authentication scheme with location and time
Wu, Yunlong et al. “Research on gesture cryptographic platform based on trusted computing.” 2010 International Conference on Optics, Photonics and Energy Engineering (OPEE) 1 (2010): 254-257. – Regarding gesture based cryptography.

Any inquiry concerning this communication or earlier communications from the examiner should be directed to JOSHUA NEIL GONZALES whose telephone number is (571)272-0286. The examiner can normally be reached 10:00 AM-7:00 PM.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Jorge L. Ortiz-Criado can be reached on (571) 272-7624. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. Visit https://www.uspto.gov/patents/apply/patent-center for more information about Patent Center and https://www.uspto.gov/patents/docx for information about filing in DOCX format. For additional questions, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.





/J.N.G./Examiner, Art Unit 2496                                                                                                                                                                                                        

/JORGE L ORTIZ CRIADO/Supervisory Patent Examiner, Art Unit 2496