Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .

Response to Arguments
Applicant’s arguments with respect to claim(s) 1, 4-16, 19-20 have been considered but are moot because the new ground of rejection does not rely on any reference applied in the prior rejection of record for any teaching or matter specifically challenged in the argument.


Claim Rejections - 35 USC § 103
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:

The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.

Claim(s) 1-2, 4, 11, 13, 15-17, 19-20 is/are rejected under 35 U.S.C. 103 as being unpatentable over Wethington (US 2014/0053250) in view of Trinh (US 10,206,099)

Regarding Claim 1,

Wethington (US 2014/0053250) teaches a computing system comprising: 
one or more processors; and one or more hardware storage devices having stored thereon computer-executable instructions that are structured such that, when executed by the one or more processors, configure the computing system to perform the following: 
receive an authentication request associated with an identifier of a user for accessing an application, wherein the authentication request includes a request to login to a user account; (Paragraph [0042] teaches user name and password can be collected); 
retrieve user information associated with the identifier and the application (Paragraph [0043] and Figure 4, 402, information about the user device and application may be collected from the device);
determine that the user information includes a geofence and information associated with a device of the user, the geofence requiring the user to be within a predetermined area for the authentication request to be granted (Paragraph [0044] teaches determine whether the geo-location of the device is within boundaries defined for the application); based on the geofence and the information associated with the device of the user, send a geolocation data request to the device, causing the device to gather and send the device's current geolocation data to the computing system (Paragraph [0043] teaches sending the GPS signals); based on the device's current geolocation data received from the device, generate a data structure storing data related to the device's current geolocation; and cause the data structure to be sent to the application, which in turn causes the application to grant or deny the authentication request (Paragraph [0045]. Fig. 4, based on the authentication results, either abort (i.e., deny) or continue to the next portion (grant)) 
Wethington does not explicitly teach determine whether the user account is associated with a geofence that requires the user to be within a predetermined area when the user logs into the user account in order for the authentication request to be granted; only upon determining that the user account is associated with a geofence that requires the user to be within the predetermined area when the user logs into the user account in order for the authentication request to be granted, perform the following: (ii) generate a data structure storing data related to the information associated with the identifier and any geolocation data received from the device corresponding to the device’s geolocation and iii) cause the data structure to be sent to the application, to grant or deny based on the information associated with the identifier and said any geolocation information received,
And, alternatively, subsequent to determining that the user account is not associated with the geofence, refrain from sending the geolocation data request to the device for causing the device to gather and send the device’s current geolocation data to the computing system
Trinh (US 10,206,099) teaches determine whether the user account is associated with a geofence that requires the user to be within a predetermined area when the user logs into the user account in order for the authentication request to be granted; (Col. 4, lines 33-35, teaches an administrator may configure a user account to be geolocation 2FA enabled)
 only upon determining that the user account is associated with a geofence that requires the user to be within the predetermined area when the user logs into the user account in order for the authentication request to be granted, perform the following: (ii) generate a data structure storing data related to the information associated with the identifier and any geolocation data received from the device corresponding to the device’s geolocation  (Col. 4, lines 35-55, “if enabled…the authentication service compares the location of the mobile device with the location of the authentication request”) and iii) cause the data structure to be sent to the application, to grant or deny based on the information associated with the identifier and said any geolocation information received, (Col. 4, lines 53-55, teaches granting if the received geolocation is within range)
And, alternatively, subsequent to determining that the user account is not associated with the geofence, refrain from sending the geolocation data request to the device for causing the device to gather and send the device’s current geolocation data to the computing system (Col. 4, lines 33-55, are only enabled if geolocation 2FA is enabled otherwise the geolocation is not gathered)

It would have been obvious to one of ordinary skill in the art before the effective filing date of the invention to modify Wethington with the geolocation enabled user account of Trinh
The motivation is to allow the administrator of the network the choice to configure two factor geolocation (Col. 4, lines 33-35, teaches an administrator may optionally enable a user account to be geolocation 2FA enabled)





Regarding Claim 4,

Wethington and Trinh teaches the computing system of claim 1. Wethington teaches wherein the authentication request includes a request for access to a portion of data, and the computing system determines whether the portion of data is associated with a geofence that requires any user to be within the geofence for the data access request to be granted (Paragraph [0051] teaches determining whether user is in geofencing, and if so granting access to the application).

Regarding Claim 5,

Wethington and Trinh teaches the computing system of claim 1, in response to determining that the portion of data is not associated with any geofence, the computing system refrains from gathering the device's current geolocation data (Col. 4, lines 33-55, are only enabled if geolocation 2FA is enabled otherwise the geolocation is not gathered).

Regarding Claim 8,

Claim 8 is similar in scope to Claims 3 and 5 and are rejected for a similar rationale.


Regarding Claim 11,

Wethington and Trinh teaches the computing system of claim 1. Wethington teaches wherein: the data structure is set to expire in a predetermined period; and in response to the expiration of the data structure, the computing system is configured to: send a second geolocation data request to the device, causing the device to gather the device's current geolocation data again; in response to receiving the device's current geolocation data again, generate a second data structure storing data associated with the device's current geolocation data; and send the second data structure to the application (Paragraph [0038] teaches setting a temporary location for a defined period of time, and at the end of the time period the location may be de-authorized for the application).

Regarding Claim 13,

Wethington and Trinh teaches the computing system of claim 1. Wethington teaches wherein: the geolocation data is obtained based on at least one of the following resources coupled to the device: (1) a Global Positioning System (GPS), (2) a Wi-Fi access point connected to the device, (3) another device connected to the device via Bluetooth connection (Paragraph [0027] GPS, Wi-Fi).


Regarding Claim 15,

Wethington and Trinh teaches the computing system of claim 10. Wethington teaches wherein definition of the geofence is based on at least one of the following: (1) a particular country, a political state, or a territory of an organized political community under one civil government, (2) a particular building, (3) a particular campus of a particular organization, (4) an area of a latitude- longitude polygon, or (5) an area of a circle having a particular radius around a particular latitude-longitude center (Paragraph [0051] teaches boundary may be a building)

Regarding Claims 16-17, 19,

Claims 16-17, 19 are similar in scope to Claims 1-2, 4 and are rejected for a similar rationale.

Regarding Claim 20,

Claim 20 is similar in scope to Claim 1 and is rejected for a similar rationale.


Claim 9, 18 is/are rejected under 35 U.S.C. 103 as being unpatentable over Wethington and Trinh in view of Parecki (US 2014/0059695).





Regarding Claim 9,

 Wethington and Trinh teaches the computing system of claim 1, but does not explicitly teach wherein the computing system is configured to: send a consent request at the device of the user before causing the device to gather the device's geolocation data; and in response to receiving a user's consent, cause the device to gather the device's current geolocation data.
Parecki teaches send a consent request at the device of the user before causing the device to gather the device's geolocation data; and in response to receiving a user's consent, cause the device to gather the device's current geolocation data (Figure 12, allow)
It would have been obvious to one of ordinary skill in the art before the effective filing date to modify Wethington with asking consent for gathering geolocation data as taught by Parecki
The motivation is to limit exposure to PII data (Paragraph [0082] of Parecki)



Claims 6-7 is/are rejected under 35 U.S.C. 103 as being unpatentable over Wethington and Trinh in view of Hansen (US 2017/0034178)


Regarding Claim 6,

Wethington and Trinh teaches the computing system of claim 1, but does not explicitly teach wherein: the computing system further configured to determine whether the device is located within the geofence; and the data structure stores a binary field indicating whether the device is located within the geofence.
Hansen (US 2017/0034178) teaches the computing system further configured to determine whether the device is located within the geofence; and the data structure stores a binary field indicating whether the device is located within the geofence (Paragraph [0016, 0048, 0050] teaches a binary geofence)
It would have been obvious to one of ordinary skill in the art before the effective filing date of the invention to modify Wethington with the binary geofence of Hansen
The motivation is for enabling and disabling features (Paragraph [0050] of Hansen)

Regarding Claim 7,

Wethington and Trinh and Hansen teaches the computing system of claim 6, but does not explicitly teach wherein the computing system deletes the geolocation data associated with precise geolocation of the device after the determination of whether the device is located within the geofence.
The Examiner takes Official Notice it is well known to delete data
It would have been obvious to one of ordinary skill in the art before the effective filing date of the invention to delete geolocation data after determining the device is located in a geofence and the results would be predictable (i.e. data would be deleted)


Claims 10 is/are rejected under 35 U.S.C. 103 as being unpatentable over Wethington and Trinh in view of Hansen (US 2017/0034178) further in view of Jung (US 2018/0213405)


Regarding Claim 10,

Wethington, Trinh and Hansen teaches the computing system of claim 7, but does not explicitly teach wherein when a plurality of devices are associated with the user, the computing system is configured to: determine whether one of the plurality of devices is a primary device; when the primary device exists, send the consent request to the primary device; and when the primary device does not exist, send the consent request to each of the plurality of devices.
Jung (US 2018/0213405) teaches determine whether one of the plurality of devices is a primary device; when the primary device exists, send the consent request to the primary device (Paragraph [0293] teaches receiving “consent of a user of the primary device”)
It would have been obvious to one of ordinary skill in the art before the effective filing date of the invention to modify Wethington and Hansen with the primary device consent method of Jung
The motivation is to confirm that the primary device user authorizes a feature
Jung does not explicitly teach when the primary device does not exist, send the consent request to each of the plurality of devices.
It would have been obvious to one of ordinary skill in the art before the effective filing date of the invention to modify Jung with determining when the primary device does not exist, send the consent request to each of the plurality of devices and the results would be predictable (i.e. each device would be sent a consent request)

Claim 12 is/are rejected under 35 U.S.C. 103 as being unpatentable over Wethington and Trinh in view of Oberheide (US 2020/0186520)


Regarding Claim 12,

Wethington and Trinh teaches the computing system of claim 1, but does not explicitly teach wherein the computing system is further configured to: in response to detecting that an IP address of the device changes, revoke the data structure; send a second request to the device, causing the device to gather the device's current geolocation data again; in response to receiving the device's current geolocation data again, generate a second data structure storing data associated with the device's current geolocation data; and send the second data structure to the application.
Oberheide (US 2020/0186520) teaches in response to detecting that an IP address of the device changes, revoke the data structure; send a second request to the device, causing the device to gather the device's current geolocation data again; in response to receiving the device's current geolocation data again, generate a second data structure storing data associated with the device's current geolocation data; and send the second data structure to the application (Paragraph [0048] teaches upon change in IP address updating the state of the device for the account, wherein the state of the device includes geolocation of the IP address)
It would have been obvious to one of ordinary skill in the art before the effective filing date of the invention to modify Wethington with the updating of the state of the device as taught by Oberheide
The motivation is to for verifying users (Paragraph [0005] of Oberheide)

Claim 14 is/are rejected under 35 U.S.C. 103 as being unpatentable over Wethington and Trinh in view of Colon (US 2021/0058383)


Regarding Claim 14,

Wethington and Trinh teaches the computing system of claim 1, but does not explicitly teach wherein the computing system is further configured to receive a user input, defining the geofence.
Colon (US 2021/0058383) teaches wherein the computing system is further configured to receive a user input, defining the geofence (Paragraph [0050] teaches user defined geofence)
It would have been obvious to one of ordinary skill in the art before the effective filing date of the invention to modify the Wethington with the user defined geo-fencing of Colon
The motivation is to allow a custom definition of a geofence by the user (Paragraph [0050] of Colon)

Conclusion
Applicant's amendment necessitated the new ground(s) of rejection presented in this Office action.  Accordingly, THIS ACTION IS MADE FINAL.  See MPEP § 706.07(a).  Applicant is reminded of the extension of time policy as set forth in 37 CFR 1.136(a).  
A shortened statutory period for reply to this final action is set to expire THREE MONTHS from the mailing date of this action.  In the event a first reply is filed within TWO MONTHS of the mailing date of this final action and the advisory action is not mailed until after the end of the THREE-MONTH shortened statutory period, then the shortened statutory period will expire on the date the advisory action is mailed, and any extension fee pursuant to 37 CFR 1.136(a) will be calculated from the mailing date of the advisory action.  In no event, however, will the statutory period for reply expire later than SIX MONTHS from the date of this final action. 
Any inquiry concerning this communication or earlier communications from the examiner should be directed to HARRIS C WANG whose telephone number is (571)270-1462. The examiner can normally be reached M-F 9:00-5:30.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, LUU PHAM can be reached on 571-270-5002. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. Visit https://www.uspto.gov/patents/apply/patent-center for more information about Patent Center and https://www.uspto.gov/patents/docx for information about filing in DOCX format. For additional questions, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.





/HARRIS C WANG/Primary Examiner, Art Unit 2439