Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .

Claim Rejections - 35 USC § 102
The following is a quotation of the appropriate paragraphs of 35 U.S.C. 102 that form the basis for the rejections under this section made in this Office action:
A person shall be entitled to a patent unless –

(a)(1) the claimed invention was patented, described in a printed publication, or in public use, on sale, or otherwise available to the public before the effective filing date of the claimed invention.


(a)(2) the claimed invention was described in a patent issued under section 151, or in an application for patent published or deemed published under section 122(b), in which the patent or application, as the case may be, names another inventor and was effectively filed before the effective filing date of the claimed invention.


Claim(s) 1, 3, 4, 6, 10, 12, 13, 15, 19, 21, 22, 24, 28, 30, 31, and 33  are rejected under 35 U.S.C. 102(a)(1) as being anticipated by Masterman(US-10108791-B1), hereinafter Mast.

Regarding claim 1:
An apparatus for authenticating a user, the apparatus comprising: a memory configured to store: computer-executable instructions; and first data, wherein the first data comprises first user data and first behavioral data; (“Over a period of time, a first set of behavioral information indicating a first order of the user access to the plurality of applications for the user device may be collected and used as historical behavioral information. The historical behavioral information can be associated with a user, user account, user identifier, user device, or the like.” (col 3 rows 21-26))
and one or more processors configured to execute the computer-executable instructions to: receive, from a remote authentication engine, an authentication response for authenticating the user; (“For instance, actions may include prompting a user for authentication credentials. Prompting a user for authentication credentials may include providing an authentication page or screen to a user device.” (col 2 rows 15-18))
determine second data based on the received authentication response, wherein the second data comprises second user data and second behavioral data; (“Subsequently-collected user behavioral information for a second user (e.g., during a later application session or the same application session) may be compared with the existing patterns to determine a confidence level that the second user is the first user.” (col 2 rows 8-12))
determine a first plurality of confidence scores, based on a first comparison of the second data and the first data; (“Based on the confidence level, an appropriate course of action may be determined.” (col 2 rows 12-13)
determine a second confidence score based on the first plurality of confidence scores (“The historical behavioral information (and/or patterns derived therefrom) may be compared with the current behavioral information to determine a confidence level or score that the subsequent user interactions with or access to the user device are indeed associated with the intended user, user account, or user identifier.” (col 3 rows 39-44))
and authenticate the user based on the second confidence score, wherein the authentication is done based on a second comparison of the second confidence score with a threshold confidence score (“The current behavioral information may be compared with the historical user behavioral information to determine an authentication strategy (e.g., whether to require additional authentication and/or whether to increase/decrease authentication frequency or authentication strength).” (col 3 54-59)
and wherein the user is authenticated as a valid user when the second confidence score is greater than the threshold confidence score. (“In an example, multiple confidence levels may be calculated for each of some or all of the historical patterns. The multiple confidence levels may be combined with respective weights that indicate the relative importance of the patterns to generate an overall confidence level. The confidence level may indicate a likelihood that the later user is the intended user. In this case, a higher confidence level indicates a closer match between the new behavioral information and the historical patterns.” (col 4, rows 37-45))


Regarding claim 3, Mast teaches all the features with respect to claim 1 as outlined above. Mast further teaches:
The apparatus of claim 1, wherein: the first data comprises the first user data and the first behavioral data, wherein the first user data comprises at least one of first password data associated with the user, first fingerprint data associated with the user, first facial data associated with the user or a combination thereof, (“Alternatively, a relatively weak method of authentication (e.g., a simple username/password authentication form) may be required.”(col 2, rows 24-26 )) The claim states at least one of and the reference speaks on a password associated with the user. 
and the first behavioral data comprises at least one of first location data associated with the user, first gait data associated with the user, first transaction data associated with the user, first network data associated with the user, first connection data associated with the user or a combination thereof, (“Alternatively or additionally, the fraud behavioral patterns and/or the fraud behavioral data may be provided by a third-party entity such as an Intrusion Detection System (IDS) or Intrusion Prevention System (IPS). When used for fraud detection purposes, warnings or error messages, log files, or other data may be provided as a result of the fraud detection.”(col 22, rows 52-58)) The reference speaks on network data that can be provided by the third party systems for behavioral data. 
and the second data comprises the second user data and the second behavioral data, wherein the second user data comprises at least second facial data associated with the user; (The reference in claim 1 speaks on using current data and comparing it to comparing it to historical data to determine an authentication strategy. Therefore, this embodiment is rejected on the same grounds as claim 1.)
and the second behavioral data comprises at least one of second location data associated with the user, second gait data associated with the user, second transaction data associated with the user, second network data associated with the user, second connection data associated with the user or a combination thereof. (“Over a period of time, a first set of behavioral information indicating a first order of the user access to the plurality of applications for the user device may be collected and used as historical behavioral information. The historical behavioral information can be associated with a user, user account, user identifier, user device, or the like.” (col 3 rows 21-26))

Regarding claim 4, Mast teaches all the features with respect to claims 1 and 3. Mast further teaches: 
The apparatus of claim 3, wherein the first data is previously stored data, and the second data is current data. (“Over a period of time, a first set of behavioral information indicating a first order of the user access to the plurality of applications for the user device may be collected and used as historical behavioral information. The historical behavioral information can be associated with a user, user account, user identifier, user device, or the like.” (col 3 rows 21-26))

	Regarding claim 6, Mast teaches all the features with respect to claim 1. Mast further teaches:
The apparatus of claim 1, wherein to determine the second confidence score, the one or more processors are further configured to execute the computer-executable instructions to: determine a weight associated with each of the first plurality of confidence scores; (“ In an example, multiple confidence levels may be calculated for each of some or all of the historical patterns. The multiple confidence levels may be combined with respective weights that indicate the relative importance of the patterns to generate an overall confidence level”(18))
A pattern-specific confidence level may be generated for each of some or all of the behavioral patterns and combined to generate an overall confidence level. (“In an example, multiple confidence levels may be calculated for each of some or all of the historical patterns. The multiple confidence levels may be combined with respective weights that indicate the relative importance of the patterns to generate an overall confidence level. The confidence level may indicate a likelihood that the later user is the intended user.”(18)
wherein the weighted confidence score for each of the first plurality of confidence scores is obtained by multiplying a respective weight associated with each of the first plurality of confidence scores with the respective confidence score of the first plurality of confidence scores; (“In some embodiments, one or more confidence levels or scores may be generated based on a match or comparison between the new behavioral information and the historical patterns. In particular, the order of access information may be compared. In an example, multiple confidence levels may be calculated for each of some or all of the historical patterns. The multiple confidence levels may be combined with respective weights that indicate the relative importance of the patterns to generate an overall confidence level.”(col 4, rows 32-41))
and determine the second confidence score based on a function of the determined second plurality of weighted confidence scores.  (“In some embodiments, one or more confidence levels or scores may be generated based on a match or comparison between the new behavioral information and the historical patterns. In particular, the order of access information may be compared. In an example, multiple confidence levels may be calculated for each of some or all of the historical patterns. The multiple confidence levels may be combined with respective weights that indicate the relative importance of the patterns to generate an overall confidence level.” (col 4, rows 32-41)) The reference speaks on building multiple confidence levels by checking new info vs historical patterns, therefore it is obvious that multiple confidence scores are created based on previous confidence scores. 

Regarding claims 10, 12, 13, 15, 19, 21, 22, 24, 28, 30, 31, and 33, applicant recites limitations of the same or substantially the same scope as claims 1, 3, 4, and 6.  
Accordingly, claims 10, 12, 13, 15, 19, 21, 22, 24, 28, 30, 31, and 33  are rejected in the same or substantially the same manner as claims 1, 3, 4, and 6, shown above.

Claim Rejections - 35 USC § 103
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.

Claim 2 are rejected under 35 U.S.C. 103 as being unpatentable over Mast in view of Kamal (US-20160005038-A1), hereinafter Kam. 
	
	Regarding claim 2, Mast teaches all of the features with respect to claim 1 as outlined above. Mast however appears to not teach The apparatus of claim 1, wherein the one or more processors are further configured to execute the computer-executable instructions to: display a confirmation user interface to the user based on receiving the authentication response from the remote authentication engine;
receive, on the displayed confirmation user interface, user response data;
capture current facial data of the user based on the received user response data, wherein the current facial data of the user comprises a selfie video of the user
and authenticate the user based on the received user response data and the captured current facial data of the user. However, in an analogous art, Kam teaches a system/method for user authentication, and further teaches:
The apparatus of claim 1, wherein the one or more processors are further configured to execute the computer-executable instructions to: display a confirmation user interface to the user based on receiving the authentication response from the remote authentication engine; (“then the IdentityCheck application initiates and causes a Confirmation interface screen 214 to appear, which in some embodiments includes a count-down timer 216 that indicates the time remaining for the user or consumer to verify his or her identity” (28))
receive, on the displayed confirmation user interface, user response data;
capture current facial data of the user based on the received user response data, wherein the current facial data of the user comprises a selfie video of the user (“a “Take Picture” icon 232 may be provided for use to take a “selfie” or self-portrait of the user's face for authentication purposes” (29))
and authenticate the user based on the received user response data and the captured current facial data of the user. (“a “Take Picture” icon 232 may be provided for use to take a “selfie” or self-portrait of the user's face for authentication purposes” (29))

Furthermore, it would have been obvious for one skilled in the art, before the effective filing date of the claimed invention, to modify the method/system of providing user authentication of Mast with the system/method for user authentication of Kam. One would be motivated to do so as “Such enhanced authentication processes deliver a frictionless authentication experience to users (such as cardholders and/or consumers), and minimize fraud risk (Kam 35)”

Regarding claims 11, 20, 29, applicant recites limitations of the same or substantially the same scope as claims 2.  
Accordingly, claims 11, 20, 29 are rejected in the same or substantially the same manner as claims 2, shown above.

Claims 5 are rejected under 35 U.S.C. 103 as being unpatentable over Mast in view of Douglas (US-20190220583-A1), hereinafter Doug. 
Regarding claim 5, Mast teaches all aspects with respect to claims 1, 3, and 4. Mast teaches on using historical data compared to current data to create a proper confidence score as mapped above. However, Mast does not appear to teach The apparatus of claim 4, wherein to determine the first plurality of confidence scores, the one or more processors are further configured to execute the computer-executable instructions to at least: determine a facial confidence score based on comparing the second facial data and the first facial data; 
determine a location confidence score based on comparing the second location data and the first location data;
 determine a gait confidence score based on comparing the second gait data and the first gait data; 
determine a transaction confidence score based on comparing the second transaction data and the first transaction data; 
and determine a network confidence score based on comparing the second network data and the first network data.
However, in an analogous art, Doug teaches an authentication, identification, and/or verification system and further teaches:
The apparatus of claim 4, wherein to determine the first plurality of confidence scores, the one or more processors are further configured to execute the computer-executable instructions to at least: determine a facial confidence score based on comparing the second facial data and the first facial data; (“and while there may be a successful verification using a facial recognition sensor, the adjusted contribution to the score may be reduced to reflect that the enrollment may no longer be representative of the user.” (245))
determine a location confidence score based on comparing the second location data and the first location data; (“[0266] Geolocation: What geolocation data has been captured from the authentication events? Is this authentication request coming from a new location? Does the location match typical usage patterns for the time of day?”)
determine a gait confidence score based on comparing the second gait data and the first gait data; (“features of contextual information may include passively tracked information, such as connected network, surrounding WiFi network SSIDs, time of use, geolocation, hand grip, gait (as measured by a gyroscope or accelerometer)(32))”
 determine a transaction confidence score based on comparing the second transaction data and the first transaction data; (“[0268] Time of Day: What is the user's normal usage patterns based on the time of day? Are the applications or transaction types that are being authenticated in line with normal usage patterns for that user?”) 
and determine a network confidence score based on comparing the second network data and the first network data. (“features of contextual information may include passively tracked information, such as connected network, surrounding WiFi network SSIDs, time of use,”(Doug 32)). 

Furthermore, it would have been obvious for one skilled in the art, before the effective filing date of the claimed invention, to modify the method/system of providing user authentication of Mast with the system to authenticate verifiable claims of Doug. One would be motivated to do so “users can trust the system to display the correct transaction and user approval will be required before actually authorizing/signing a transaction.” (649)

Regarding claims 14, 23, and 32 applicant recites limitations of the same or substantially the same scope as claims 5.  
Accordingly, claims 14, 23, and 32 are rejected in the same or substantially the same manner as claims 5, shown above.

Claim 7 are rejected under 35 U.S.C. 103 as being unpatentable over Mast in view of Hitchcock (US 11233788 B1), hereinafter Hitch.
Regarding claim 7, Mast teaches all of the features with respect to claims 1 and 6. Mast does not appear to teach The apparatus of claim 6, wherein the function is at least one of a summation function and a sigmoid function. However, in an analogous art, Hitch teaches a method of determining authentication from historical inputs and further teaches:
The apparatus of claim 6, wherein the function is at least one of a summation function and a sigmoid function.  (“determine a measure of authentication assurance as an average of the authentication confidence level and a weighted sum of a plurality of authentication assurance values subjected to an exponential time decay and individually corresponding to the plurality of historical authentication events;”(col 24 rows-6-11))  
Furthermore, it would have been obvious for one skilled in the art, before the effective filing date of the claimed invention, to modify the method/system of providing user authentication of Mast with the embodiments to discover authentication assurance of Hitch. One would be motivated to do so as it allows for “an efficient user interface and reduced computer hardware resource consumption (i.e., memory usage, processor time, and network resources) by avoiding authentication challenges that are unnecessary to perform a requested transaction in view of a measure of authentication assurance;” (col 3 rows 26-29).

Regarding claims 16, 25, and 34 applicant recites limitations of the same or substantially the same scope as claims 7.  
Accordingly, claims 16, 25, and 34 are rejected in the same or substantially the same manner as claims 7, shown above.

Claims 8-9 are rejected under 35 U.S.C. 103 as being unpatentable over Mast in view of Tang (US-10735198-B1), hereinafter Tang, in further view of ICHIHARA(US 20200380110 A1), Ichi, in further view of Wang (US 20190268332 A1), hereinafter Wang.

Regarding claim 8, Mast teaches all of the features with respect to claim 1. Mast does not appear to teach 8. The apparatus of claim 1, wherein the one or more processors are further configured to execute the computer-executable instructions to: obtain, from the user, a user account information and a user identity information, wherein the user account information comprises at least a user email information, a user communication information, and a user password information, and wherein the user identity information comprises at least user image data,  user financial data and user government id data; 
verify an identity of the user based on the obtained user identity information; and generate a digital token associated with the user account information based on the verification of the user, wherein the digital token comprises a cryptographic key pair.
However, in analogous arts, Tang teaches creating an access token for authentication, Ichi teaches a medium that can authenticate multiple users, Wang teaches a token and trust management system, and further teaches: 
The apparatus of claim 1, wherein the one or more processors are further configured to execute the computer-executable instructions to: obtain, from the user, a user account information and a user identity information, wherein the user account information comprises at least a user email information, (“email address” (Tang 34))
a user communication information, (“telephone number” (Tang 34))
and a user password information, (“Alternatively, a relatively weak method of authentication (e.g., a simple username/password authentication form) may be required”(Tang 15))
and wherein the user identity information comprises at least user image data, (“biometric authentication such as a facial image”(Ichi 110)  
user financial data (“credit history” (Tang col 9, row 53 34))
and user government id data; (“Social Security number” (Tang col 9, row 51))
verify an identity of the user based on the obtained user identity information; (“prior to the acceptance of private information at step 205, the data device may perform a verification procedure to confirm the user's identity. The verification procedure may include, without limitation, requesting a login credential (e.g., a user name, a password, a security code, a biometric identifier) via the user device, requiring the establishment of an account for the user, and requiring the completion of a multifactor authentication.”(col 13, rows 28-35)
and generate a digital token associated with the user account information based on the verification of the user, wherein the digital token comprises a cryptographic key pair. (“a token may be encrypted using a public-private key pair that is maintained by a registrar computer system”(Wang 69)). 
Furthermore, it would have been obvious for one skilled in the art, before the effective filing date of the claimed invention, to modify the method/system of providing user authentication of Mast with the access token for authentication of Tang. One would be motivated to do so as “These benefits may include more effective and efficient compliance with “Know Your Customer” (KYC) regulations, improving the likelihood that identities, information, and transactions can be trusted.” (Tang 9). Additionally, it would have been obvious to modify the method/system of providing user authentication of Mast and the access token for authentication of Tang with the  medium that can authenticate multiple users of Ichi. One would be motivated to do as it allows “biometric information used for biometric authentication (biometric authentication information) such as a facial image, a fingerprint, voice, and the like of the user A may be input as the authentication information of the user A”(Ichi 110). Additionally, it would have been motivated to modify the method/system of providing user authentication of Mast and the access token for authentication of Tang and the  medium that can authenticate multiple users of Ichi with the token and trust management system of Wang.  One would be motivated to do so as “Security benefits may be gained as the hierarchical addressing scheme and trust establishment allows communication to the address maintained by each registrar and only after trust has been established” (33).

Regarding claim 9, the combination of Mast, Tang, Ichi, and Wang teach all of the features with respect to claims 1 and 8. Mast fails to teach  The apparatus of claim 8, wherein the digital token is used to transmit an authentication request to the remote authentication engine and to receive the authentication response from the remote authentication engine. However, Wang further teaches:
The apparatus of claim 8, wherein the digital token is used to transmit an authentication request to the remote authentication engine and to receive the authentication response from the remote authentication engine (“Instead, the tokens can be temporarily retrieved from a remote server or cloud server when a communication and/or transaction request is being performed. In embodiments, the tokens may be generated and provided by the trust management system. In some embodiments, the token module 700L may store and utilize one or more private-public key pairs to sign and or encrypt the generated and provided tokens”)
Regarding claims 17-18, 26-27, 35-36, applicant recites limitations of the same or substantially the same scope as claims 8-9. Accordingly, claims 17-18, 26-27, 35-36, are rejected in the same or substantially the same manner as claims 8-9, shown above.
Any inquiry concerning this communication or earlier communications from the examiner should be directed to AUSTIN W COLLIER whose telephone number is (571)272-0066. The examiner can normally be reached Mon-Fri.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Phlip Chea can be reached on 571-272-3951. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. Visit https://www.uspto.gov/patents/apply/patent-center for more information about Patent Center and https://www.uspto.gov/patents/docx for information about filing in DOCX format. For additional questions, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.





/AUSTIN W COLLIER/
Examiner, Art Unit 2499                                                                                                                                                                                                        
/PHILIP J CHEA/Supervisory Patent Examiner, Art Unit 2499