DETAILED ACTION

Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .



Response to Amendments
This communication is in response to the amendments filed on 8 July 2022:
	Claims 1, 4-5, 10, 13 and 19 are amended.
	Claims 1-20 are pending.


Response to Arguments
In response to Applicant’s remarks filed on 8 July 2022:
a.	Applicant’s arguments and amendments regarding the objections on claims 4 and 13 have been fully considered and are deemed fully persuasive. The objections on claims 4 and 13 have been withdrawn.
b.	Applicant’s arguments that the cited art fails to teach or suggest any embodiment that simultaneously activates two portions of a user interface where each portion is associated only with the permission attributes of a distinct user and where each portion permits the distinct user to enter and/or data has been fully considered but is deemed partially not-persuasive and partially moot. For the limitation regarding “simultaneously activating two portions of a user interface”, Applicant’s attention is directed to Smith, FIG. 3A, see “301A’” which is being read as the user interface displaying both portions simultaneously, where “303A” is being read as the second user associated with the second portion of the user interface (e.g., edit privilege) and where “303B” is being read as the first user associated with the first portion of the user interface (e.g., view only privilege). For the limitation regarding “where each portion permits the distinct user to enter data”, Applicant’s attention is directed to the new grounds of rejection presented in this Office Action. 




Claim Rejections - 35 USC § 103
In the event the determination of the status of the application as subject to AIA  35 U.S.C. 102 and 103 (or as subject to pre-AIA  35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status.  
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.


The factual inquiries for establishing a background for determining obviousness under 35 U.S.C. 103 are summarized as follows:
1. Determining the scope and contents of the prior art.
2. Ascertaining the differences between the prior art and the claims at issue.
3. Resolving the level of ordinary skill in the pertinent art.
4. Considering objective evidence present in the application indicating obviousness or nonobviousness.

Claims 1-4, 6, 10-15 and 19-20 are rejected under 35 U.S.C. 103 as being unpatentable over Smith (U.S. PGPub. 2012/0240220), in view of GUERTIN et al. (U.S. PGPub. 2016/0196390), hereinafter Guertin. 

	Regarding claim 1, Smith teaches A computer system for just-in-time authentication (Smith, Paragraph [0038], see “…user information manager 140 may authenticate users 101 by cross-checking user identification information with user attributes obtained from sensors…”) (Smith, Paragraph [0062], see “FIG. 7 illustrates a computer 2100 suitable for supporting the operation of an embodiment of the inventive systems, concepts, and techniques described herein”), comprising:
	one or more processors (Smith, Paragraph [0062], see “…The computer 2100 includes a processor 2102…it should be understood that the computer 2100 may use other microprocessors”); and
	one or more computer-readable media having stored thereon executable instructions that when executed by the one or more processors configure the computer system to perform at least the following (Smith, Paragraph [0069], see “The computer-readable modules 2140 include compiled instructions for implementing embodiments directed to controlling data access to users at the user interface level as described herein and/or as a data access component of a context-aware system…the computer 2100 may execute embodiments one or more processors”):
		display a user interface comprising a first portion and a second portion (Smith, Paragraph [0046], see “…first user 303A located within interface zone 360A (and more particularly, seated in a chair facing device 301A) can view and edit text data on device 301A. Second user 303B located within interface zone 360A (and more particularly, looking over user’s (303A) shoulder) can view data on device 301A, but cannot edit data…”, where “view and edit text data on device 301A” is being read as a user interface comprising a second portion and where “view data on device 301A, but cannot edit data” is being read as a user interface comprising a first portion), wherein:
			the first portion is associated with a first permission attribute of a first user (Smith, Paragraph [0046], see “…first user 303A located within interface zone 360A (and more particularly, seated in a chair facing device 301A) can view and edit text data on device 301A. Second user 303B located within interface zone 360A (and more particularly, looking over user’s (303A) shoulder) can view data on device 301A, but cannot edit data…”, where “view data on device 301A, but cannot edit data” is being read as the first portion being associated with a first permission attribute of a first user), and
			the second portion is associated with a second permission attribute of a second user (Smith, Paragraph [0042], see “User database 152 may also include user name 152C and user attributes 152D to authenticate and validate users 103. For example, user attributes 152D can include one or more of the following: finger print records, facial patterns, and radio frequency tag identification numbers, etc. User database 152 may also include general security clearances 152E which may be used to override any particular user permission settings so that device access controller 130 can control data access by, for example, room number, certain types of tasks, operational status, etc.”, where each user is associated with different (i.e., first and second) permission attributes) (Smith, Paragraph [0046], see “…first user 303A located within interface zone 360A…can view and edit text data on device 301A. Second user 303B located within interface zone 360A…can view data on device 301A, but cannot edit data”, where “first user” is being read as being associated with a first permission attribute (i.e., can view and edit text data) and where “second user” is being read as being associated with a second permission attribute (i.e., can view data but cannot edit)) (Smith, Paragraph [0046], see “…first user 303A located within interface zone 360A (and more particularly, seated in a chair facing device 301A) can view and edit text data on device 301A. Second user 303B located within interface zone 360A (and more particularly, looking over user’s (303A) shoulder) can view data on device 301A, but cannot edit data…”, where “view and edit text data on device 301A” is being read as the second portion being associated with a second permission attribute of a second user);
		receive, from one or more proximity sensors, a proximity of the first user relative to the user interface (Smith, Paragraph [0028], see “…Device permissions manager 110 includes device permissions comparator 120 configured to receive plurality of user profiles (generally designated by reference numeral 105), each user profile corresponding to a user (e.g., first user 103A, second user 103B, etc. up to N user 103N) in proximity to one or more devices 101 and including user permissions (generally designated by reference numeral 106) to data”, where device permissions manager receives a proximity of each user (i.e. first user) relative to a user interface) (Smith, Paragraph [0035], see “…User tracking system 115 is configured to receive user location and identification information from one or more sensors, location tracking devices, and/or user identification devices…the user tracking system 115 may receive information from camera tracking and video processing sensors 116A, heat sensors 116B, movement sensors 116B, biometric sensors…”);
		receive, from one or more identity-verification sensors, a verification of an identification of the first user (Smith, Paragraph [0035], see “…User tracking system 115 is configured to receive user location and identification information from one or more sensors, location tracking devices, and/or user identification devices…the user tracking system 115 may receive information from camera tracking and video processing sensors 116A…biometric sensors (including, but not limited to, finger print readers 116D, face recognition readers 116E, and iris readers 116F)…”, where “biometric sensors” is being read as one or more identity-verification sensors, which output a verification of an identification of a first user) (Smith, Paragraph [0058], see “…generating a comparison of the user permissions to determine data access on the device, and, at 606, controlling access to data on the device in response to the comparison of user permissions);
		activate the first portion of the user interface for interaction from the first user (Smith, Paragraph [0009], see “the inventive concepts, systems, and techniques are not limited to enabling and/or disabling data access, but can also be applied to enable and/or disable some or all user interface components in a user interface environment…”) (Smith, Paragraph [0058], see “…if data access is to be enabled, then controlling data access to the device includes rendering a command to enable data access on the device”), 
		receive, from one or more proximity sensors, a proximity of the second user relative to the user interface (Smith, Paragraph [0028], see “…Device permissions manager 110 includes device permissions comparator 120 configured to receive plurality of user profiles (generally designated by reference numeral 105), each user profile corresponding to a user (e.g., first user 103A, second user 103B, etc. up to N user 103N) in proximity to one or more devices 101 and including user permissions (generally designated by reference numeral 106) to data”, where device permissions manager receives a proximity of each user (i.e. second user) relative to a user interface) (Smith, Paragraph [0035], see “…User tracking system 115 is configured to receive user location and identification information from one or more sensors, location tracking devices, and/or user identification devices…the user tracking system 115 may receive information from camera tracking and video processing sensors 116A, heat sensors 116B, movement sensors 116B, biometric sensors…”);
		receive, from one or more identity-verification sensors, a verification of an identification of the second user (Smith, Paragraph [0035], see “…User tracking system 115 is configured to receive user location and identification information from one or more sensors, location tracking devices, and/or user identification devices…the user tracking system 115 may receive information from camera tracking and video processing sensors 116A…biometric sensors (including, but not limited to, finger print readers 116D, face recognition readers 116E, and iris readers 116F)…”, where “biometric sensors” is being read as one or more identity-verification sensors, which output a verification of an identification of a second user) (Smith, Paragraph [0058], see “…generating a comparison of the user permissions to determine data access on the device, and, at 606, controlling access to data on the device in response to the comparison of user permissions); and
		activate the second portion of the user interface for interaction from the second user (Smith, Paragraph [0009], see “the inventive concepts, systems, and techniques are not limited to enabling and/or disabling data access, but can also be applied to enable and/or disable some or all user interface components in a user interface environment…”) (Smith, Paragraph [0058], see “…if data access is to be enabled, then controlling data access to the device includes rendering a command to enable data access on the device”), 
 	Smith does not teach the following limitation(s) as taught by Guertin: wherein activating the first portion comprises permitting the first user to enter data into the computer system using the first portion (Guertin, Paragraph [0073], see “…certain field(s) in the user interface is allowed to be accessed only by user(s) with certain privilege(s). For example, in some embodiments, the box 756 is not allowed to be checked by a nurse, and is allowed to be checked only by a doctor”) (Guertin, Claim 30, see “…wherein a first tab of the plurality of user-selectable tabs is selectable to configure the user interface into a first configuration for allowing a user to access and/or input treatment information regarding treatment parameters for treating a patient”, where “allowing a user to access and/or input treatment information regarding treatment parameters…” is analogous to permitting the first user to enter data into the computer system using the first portion, where “treatment information” is analogous to comprising a first portion as seen in FIG. 3B);
	wherein activating the second portion comprises permitting the second user to enter data into the computer system using the second portion (Guertin, Claim 30, see “…wherein a second tab of the plurality of user-selectable tabs is selectable to configure the user interface into a second configuration for allowing the user or another user to access and/or input diagnostic information for the patient”, where “allowing the user or another user to access and/or input diagnostic information for the patient” is analogous to permitting a second user to enter data into the computer system using the second portion, where “diagnostic information” is analogous to comprising a second portion as seen in FIG. 3B). 
Therefore, it would have been obvious for one of ordinary skill in the art before the effective filing date of the claimed invention to have modified the techniques for controlling data access on user interfaces, disclosed of Smith, by implementing techniques for an electronic medical chart, comprising of permitting a first or second user to enter data into the computer system using the respective portion, disclosed of Guertin.   
One of ordinary skill in the art would have been motivated to make this modification in order to implement techniques for just-in-time authentication, comprising of permitting a first or second user to enter data into the computer system using the respective portion. This allows for better security management and a friendlier user-interface environment by enabling the first and/or second user to enter data with respect to the respective portions. Guertin is deemed as analogous art due to the art disclosing techniques for permitting a first and second user to enter data into a computer system using specified portions (Guertin, Claim 30). 

Regarding claim 2, Smith as modified by Guertin teaches The computer system of claim 1, wherein the executable instructions include instructions that are executable to configure the computer system to:
prior to activation the second portion, determine that the second user is within a threshold distance from the user interface (Smith, FIG. 3A, see “303A” being read as the first user and see “303B” being read as the second user, where the system makes a determination that the second user is within a threshold distance from the user interface) (Smith, Paragraph [0014], see “…a method for controlling data access on a device includes receiving a plurality of user profiles, each user profile corresponding to a user in proximity to a device and including user permissions to data, generating a comparison of user permissions to determine data access on the device, and, in response to the comparison of user permissions, controlling access to data on the device”). 

Regarding claim 3, Smith as modified by Guertin teaches The computer system of claim 2, wherein the executable instructions include instructions that are executable to configure the computer system to:
determine that the second user is closer to the user interface than the first user before activating the second portion of the user interface for interaction from the second user (Smith, FIG. 3A, see “303A” being read as a second user (seated) and “303B” being read as a first user (observing behind the second user), wherein the system determines that the second user is closer to the user interface than the first user (e.g., through determining that the second user is the one seated behind the device) before activating the second portion (e.g., edit privilege) of the user interface for interaction from the second user) (Smith, Paragraph [0014], see “…a method for controlling data access on a device includes receiving a plurality of user profiles, each user profile corresponding to a user in proximity to a device and including user permissions to data, generating a comparison of user permissions to determine data access on the device, and, in response to the comparison of user permissions, controlling access to data on the device”, where permissions are granted to each user (e.g., view and edit, view only, etc.) based on proximity and authorization to the user interface, therefore, the system determines that a second user is closer to the user interface than the first user before activating the second portion (e.g., edit privileges) of the user interface for interaction from the second user) (Smith, Paragraph [0015], see “…the method includes one or more of the following features: determining user proximity to the device based on users located within an interface zone about the device; receiving user profile updates based on a predetermined condition corresponding to at least one of a user entering the interface zone about the device or a user exiting the interface zone about the device; determining user proximity to the device based on the device being located within interface zones defined about each user, and; receiving user profile updates based on a predetermined condition corresponding to a device location relative to at least one of the interface zones”).  

	Regarding claim 4, Smith as modified by Guertin teaches The computer system of claim 2, wherein the executable instructions include instructions that are executable to configure the computer system to:
	prior to activating the second portion, determine that both the first user and the second user are within the threshold distance from the user interface (Smith, Paragraph [0028], see “…Device permissions manager 110 includes device permissions comparator 120 configured to receive plurality of user profiles…each user profile corresponding to a user (e.g., first user 103A, second user 103B, etc. up to N user 103N) in proximity to one or more devices 101 and including user permissions…to data. Device permissions comparator 120 is also configured to generate comparison…of user permissions 106. Device permissions manager 110 also includes device access controller 130 configured to control access to data on at least one of the devices 101 in response to comparison COMP of user permissions 106”, where a determination is made for both the first user and the second user on whether both users are within a threshold distance from the user interface prior to activating the second portion);
	display the first portion and the second portion simultaneously (Smith, FIG. 3A, see “301A’” which is being read as the user interface displaying both portions simultaneously, where “303A” is being read as the second user associated with the second portion of the user interface (e.g., edit privilege) and where “303B” is being read as the first user associated with the first portion of the user interface (e.g., view only privilege)); and
	activate both the first portion for interaction with the first user and the second portion for interaction from the second user (Smith, Paragraph [0005], see “In general overview, the concepts, systems, and techniques, described herein enable a device permissions manager to control access to data on a user interface device. The device permissions manager generates a comparison of user permissions to access data, the result of which is used to enable and/or disable data access on a user interface device. The user permissions correspond to users in proximity to the device”) (Smith, Paragraph [0010], see “…a device permissions manager receives tracking information about a particular user and enables data access to the user’s privileged data (which may include data needed or desired to perform certain tasks) on user interface devices proximate to the user. For example, the device permissions manager may enable data access when the user enters an interface zone about a device (and disables data access when the user exits the interface zone about the device)…data access is modified based on data access permissions of other users who may enter or exit the interface zone”, where both portions of a user interface are activated for interaction from both users that are in proximity and privileged to do so).

	Regarding claim 6, Smith as modified by Guertin teaches The computer system of claim 1, wherein the one or more proximity sensors and the one or more identity-verification sensors comprise the same physical sensor (Smith, Paragraph [0052], see “…USER 001 enters control room 473A and is tracked at entryway sensor 416B which includes a facial recognition scanner and/or a finger print scanner to identify user 403A”, where “entryway sensor 416B” is being read as comprising one or more proximity sensors and one or more identity-verification sensors, due to entryway sensor 416B tracking the user entering the room, as well as identifying the user through verification in the included facial recognition scanner). 

	Regarding claim 10, Smith teaches A computer-implemented method for just-in-time authentication (Smith, Paragraph [0038], see “…user information manager 140 may authenticate users 101 by cross-checking user identification information with user attributes obtained from sensors…”) (Smith, Paragraph [0062], see “FIG. 7 illustrates a computer 2100 suitable for supporting the operation of an embodiment of the inventive systems, concepts, and techniques described herein”), executed on one or more processors (Smith, Paragraph [0062], see “…The computer 2100 includes a processor 2102…it should be understood that the computer 2100 may use other microprocessors”), the method comprising:
	displaying a user interface comprising a first portion and a second portion (Smith, Paragraph [0046], see “…first user 303A located within interface zone 360A (and more particularly, seated in a chair facing device 301A) can view and edit text data on device 301A. Second user 303B located within interface zone 360A (and more particularly, looking over user’s (303A) shoulder) can view data on device 301A, but cannot edit data…”, where “view and edit text data on device 301A” is being read as a user interface comprising a second portion and where “view data on device 301A, but cannot edit data” is being read as a user interface comprising a first portion), wherein:
		the first portion is associated with a first permission attribute of a first user (Smith, Paragraph [0046], see “…first user 303A located within interface zone 360A (and more particularly, seated in a chair facing device 301A) can view and edit text data on device 301A. Second user 303B located within interface zone 360A (and more particularly, looking over user’s (303A) shoulder) can view data on device 301A, but cannot edit data…”, where “view data on device 301A, but cannot edit data” is being read as the first portion being associated with a first permission attribute of a first user), and
		the second portion is associated with a second permission attribute of a second user (Smith, Paragraph [0042], see “User database 152 may also include user name 152C and user attributes 152D to authenticate and validate users 103. For example, user attributes 152D can include one or more of the following: finger print records, facial patterns, and radio frequency tag identification numbers, etc. User database 152 may also include general security clearances 152E which may be used to override any particular user permission settings so that device access controller 130 can control data access by, for example, room number, certain types of tasks, operational status, etc.”, where each user is associated with different (i.e., first and second) permission attributes) (Smith, Paragraph [0046], see “…first user 303A located within interface zone 360A…can view and edit text data on device 301A. Second user 303B located within interface zone 360A…can view data on device 301A, but cannot edit data”, where “first user” is being read as being associated with a first permission attribute (i.e., can view and edit text data) and where “second user” is being read as being associated with a second permission attribute (i.e., can view data but cannot edit)) (Smith, Paragraph [0046], see “…first user 303A located within interface zone 360A (and more particularly, seated in a chair facing device 301A) can view and edit text data on device 301A. Second user 303B located within interface zone 360A (and more particularly, looking over user’s (303A) shoulder) can view data on device 301A, but cannot edit data…”, where “view and edit text data on device 301A” is being read as the second portion being associated with a second permission attribute of a second user );
	receiving, from one or more proximity sensors, a proximity of the first user relative to the user interface (Smith, Paragraph [0028], see “…Device permissions manager 110 includes device permissions comparator 120 configured to receive plurality of user profiles (generally designated by reference numeral 105), each user profile corresponding to a user (e.g., first user 103A, second user 103B, etc. up to N user 103N) in proximity to one or more devices 101 and including user permissions (generally designated by reference numeral 106) to data”, where device permissions manager receives a proximity of each user (i.e. first user) relative to a user interface) (Smith, Paragraph [0035], see “…User tracking system 115 is configured to receive user location and identification information from one or more sensors, location tracking devices, and/or user identification devices…the user tracking system 115 may receive information from camera tracking and video processing sensors 116A, heat sensors 116B, movement sensors 116B, biometric sensors…”);
	receiving, from one or more identity-verification sensors, a verification of an identification of the first user (Smith, Paragraph [0035], see “…User tracking system 115 is configured to receive user location and identification information from one or more sensors, location tracking devices, and/or user identification devices…the user tracking system 115 may receive information from camera tracking and video processing sensors 116A…biometric sensors (including, but not limited to, finger print readers 116D, face recognition readers 116E, and iris readers 116F)…”, where “biometric sensors” is being read as one or more identity-verification sensors, which output a verification of an identification of a first user) (Smith, Paragraph [0058], see “…generating a comparison of the user permissions to determine data access on the device, and, at 606, controlling access to data on the device in response to the comparison of user permissions);
	activating the first portion of the user interface for interaction from the first user (Smith, Paragraph [0009], see “the inventive concepts, systems, and techniques are not limited to enabling and/or disabling data access, but can also be applied to enable and/or disable some or all user interface components in a user interface environment…”) (Smith, Paragraph [0058], see “…if data access is to be enabled, then controlling data access to the device includes rendering a command to enable data access on the device”), 
	receiving, from one or more proximity sensors, a proximity of the second user relative to the user interface (Smith, Paragraph [0028], see “…Device permissions manager 110 includes device permissions comparator 120 configured to receive plurality of user profiles (generally designated by reference numeral 105), each user profile corresponding to a user (e.g., first user 103A, second user 103B, etc. up to N user 103N) in proximity to one or more devices 101 and including user permissions (generally designated by reference numeral 106) to data”, where device permissions manager receives a proximity of each user (i.e. second user) relative to a user interface) (Smith, Paragraph [0035], see “…User tracking system 115 is configured to receive user location and identification information from one or more sensors, location tracking devices, and/or user identification devices…the user tracking system 115 may receive information from camera tracking and video processing sensors 116A, heat sensors 116B, movement sensors 116B, biometric sensors…”);
	receiving, from one or more identity-verification sensors, a verification of an identification of the second user (Smith, Paragraph [0035], see “…User tracking system 115 is configured to receive user location and identification information from one or more sensors, location tracking devices, and/or user identification devices…the user tracking system 115 may receive information from camera tracking and video processing sensors 116A…biometric sensors (including, but not limited to, finger print readers 116D, face recognition readers 116E, and iris readers 116F)…”, where “biometric sensors” is being read as one or more identity-verification sensors, which output a verification of an identification of a second user) (Smith, Paragraph [0058], see “…generating a comparison of the user permissions to determine data access on the device, and, at 606, controlling access to data on the device in response to the comparison of user permissions); and
	activating the second portion of the user interface for interaction from the second user (Smith, Paragraph [0009], see “the inventive concepts, systems, and techniques are not limited to enabling and/or disabling data access, but can also be applied to enable and/or disable some or all user interface components in a user interface environment…”) (Smith, Paragraph [0058], see “…if data access is to be enabled, then controlling data access to the device includes rendering a command to enable data access on the device”), 
	Smith does not teach the following limitation(s) as taught by Guertin: wherein activating the first portion comprises permitting the first user to enter data into the first portion of the user interface (Guertin, Paragraph [0073], see “…certain field(s) in the user interface is allowed to be accessed only by user(s) with certain privilege(s). For example, in some embodiments, the box 756 is not allowed to be checked by a nurse, and is allowed to be checked only by a doctor”) (Guertin, Claim 30, see “…wherein a first tab of the plurality of user-selectable tabs is selectable to configure the user interface into a first configuration for allowing a user to access and/or input treatment information regarding treatment parameters for treating a patient”, where “allowing a user to access and/or input treatment information regarding treatment parameters…” is analogous to permitting the first user to enter data into the computer system using the first portion, where “treatment information” is analogous to comprising a first portion as seen in FIG. 3B);
	wherein activating the second portion comprises permitting the second user to enter data into the second portion of the user interface (Guertin, Claim 30, see “…wherein a second tab of the plurality of user-selectable tabs is selectable to configure the user interface into a second configuration for allowing the user or another user to access and/or input diagnostic information for the patient”, where “allowing the user or another user to access and/or input diagnostic information for the patient” is analogous to permitting a second user to enter data into the computer system using the second portion, where “diagnostic information” is analogous to comprising a second portion as seen in FIG. 3B). 
Therefore, it would have been obvious for one of ordinary skill in the art before the effective filing date of the claimed invention to have modified the techniques for controlling data access on user interfaces, disclosed of Smith, by implementing techniques for an electronic medical chart, comprising of permitting a first or second user to enter data into the computer system using the respective portion, disclosed of Guertin.   
One of ordinary skill in the art would have been motivated to make this modification in order to implement techniques for just-in-time authentication, comprising of permitting a first or second user to enter data into the computer system using the respective portion. This allows for better security management and a friendlier user-interface environment by enabling the first and/or second user to enter data with respect to the respective portions. Guertin is deemed as analogous art due to the art disclosing techniques for permitting a first and second user to enter data into a computer system using specified portions (Guertin, Claim 30). 

	Regarding claim 11, Smith as modified by Guertin teaches The computer-implemented method of claim 10, further comprising:
	prior to activating the second portion, determining that the second user is within a threshold distance from the user interface (Smith, FIG. 3A, see “303A” being read as the first user and see “303B” being read as the second user, where the system makes a determination that the second user is within a threshold distance from the user interface) (Smith, Paragraph [0014], see “…a method for controlling data access on a device includes receiving a plurality of user profiles, each user profile corresponding to a user in proximity to a device and including user permissions to data, generating a comparison of user permissions to determine data access on the device, and, in response to the comparison of user permissions, controlling access to data on the device”).

	Regarding claim 12, Smith as modified by Guertin teaches The computer-implemented method of claim 11, further comprising:
determine that the second user is closer to the user interface than the first user before activating the second portion of the user interface for interaction from the second user (Smith, FIG. 3A, see “303A” being read as a second user (seated) and “303B” being read as a first user (observing behind the second user), wherein the system determines that the second user is closer to the user interface than the first user (e.g., through determining that the second user is the one seated behind the device) before activating the second portion (e.g., edit privilege) of the user interface for interaction from the second user) (Smith, Paragraph [0014], see “…a method for controlling data access on a device includes receiving a plurality of user profiles, each user profile corresponding to a user in proximity to a device and including user permissions to data, generating a comparison of user permissions to determine data access on the device, and, in response to the comparison of user permissions, controlling access to data on the device”, where permissions are granted to each user (e.g., view and edit, view only, etc.) based on proximity and authorization to the user interface, therefore, the system determines that a second user is closer to the user interface than the first user before activating the second portion (e.g., edit privileges) of the user interface for interaction from the second user) (Smith, Paragraph [0015], see “…the method includes one or more of the following features: determining user proximity to the device based on users located within an interface zone about the device; receiving user profile updates based on a predetermined condition corresponding to at least one of a user entering the interface zone about the device or a user exiting the interface zone about the device; determining user proximity to the device based on the device being located within interface zones defined about each user, and; receiving user profile updates based on a predetermined condition corresponding to a device location relative to at least one of the interface zones”).  

	Regarding claim 13, Smith as modified by Guertin teaches The computer-implemented method of claim 11, further comprising:
	prior to activating the second portion, determining that both the first user and the second user are within the threshold distance from the user interface (Smith, Paragraph [0028], see “…Device permissions manager 110 includes device permissions comparator 120 configured to receive plurality of user profiles…each user profile corresponding to a user (e.g., first user 103A, second user 103B, etc. up to N user 103N) in proximity to one or more devices 101 and including user permissions…to data. Device permissions comparator 120 is also configured to generate comparison…of user permissions 106. Device permissions manager 110 also includes device access controller 130 configured to control access to data on at least one of the devices 101 in response to comparison COMP of user permissions 106”, where a determination is made for both the first user and the second user on whether both users are within a threshold distance from the user interface prior to activating the second portion); and
	activating both the first portion of the user interface for interaction with the first user and the second portion of the user interface for interaction from the second user (Smith, Paragraph [0005], see “In general overview, the concepts, systems, and techniques, described herein enable a device permissions manager to control access to data on a user interface device. The device permissions manager generates a comparison of user permissions to access data, the result of which is used to enable and/or disable data access on a user interface device. The user permissions correspond to users in proximity to the device”) (Smith, Paragraph [0010], see “…a device permissions manager receives tracking information about a particular user and enables data access to the user’s privileged data (which may include data needed or desired to perform certain tasks) on user interface devices proximate to the user. For example, the device permissions manager may enable data access when the user enters an interface zone about a device (and disables data access when the user exits the interface zone about the device)…data access is modified based on data access permissions of other users who may enter or exit the interface zone”, where both portions of a user interface are activated for interaction from both users that are in proximity and privileged to do so).

	Regarding claim 14, Smith as modified by Guertin teaches The computer-implemented method of claim 10, wherein the first portion of the user interface and the second portion of the user interface are displayed simultaneously (FIG. 3A, see “301A’” which is being read as the user interface displaying both portions simultaneously, where “303A” is being read as the second user associated with the second portion of the user interface (e.g., edit privilege) and where “303B” is being read as the first user associated with the first portion of the user interface (e.g., view only privilege)).

	Regarding claim 15, Smith as modified by Guertin teaches The computer-implemented method of claim 10, wherein the one or more proximity sensors and the one or more identity-verification sensors comprise the same physical sensor (Smith, Paragraph [0052], see “…USER 001 enters control room 473A and is tracked at entryway sensor 416B which includes a facial recognition scanner and/or a finger print scanner to identify user 403A”, where “entryway sensor 416B” is being read as comprising one or more proximity sensors and one or more identity-verification sensors, due to entryway sensor 416B tracking the user entering the room, as well as identifying the user through verification in the included facial recognition scanner).

	Regarding claim 19, Smith teaches A computer-readable media comprising one or more physical computer-readable storage media having stored thereon computer-executable instructions that, when executed at a processor, cause a computer system to perform a method for just-in-time authentication, executed on one or more processors (Smith, Paragraph [0038], see “…user information manager 140 may authenticate users 101 by cross-checking user identification information with user attributes obtained from sensors…”) (Smith, Paragraph [0062], see “FIG. 7 illustrates a computer 2100 suitable for supporting the operation of an embodiment of the inventive systems, concepts, and techniques described herein”) (Smith, Paragraph [0069], see “The computer-readable modules 2140 include compiled instructions for implementing embodiments directed to controlling data access to users at the user interface level as described herein and/or as a data access component of a context-aware system…the computer 2100 may execute embodiments one or more processors”), the method comprising:
	displaying a user interface comprising a first portion and a second portion (Smith, Paragraph [0046], see “…first user 303A located within interface zone 360A (and more particularly, seated in a chair facing device 301A) can view and edit text data on device 301A. Second user 303B located within interface zone 360A (and more particularly, looking over user’s (303A) shoulder) can view data on device 301A, but cannot edit data…”, where “view and edit text data on device 301A” is being read as a user interface comprising a second portion and where “view data on device 301A, but cannot edit data” is being read as a user interface comprising a first portion), wherein:
		the first portion is associated with a first permission attribute of a first user (Smith, Paragraph [0046], see “…first user 303A located within interface zone 360A (and more particularly, seated in a chair facing device 301A) can view and edit text data on device 301A. Second user 303B located within interface zone 360A (and more particularly, looking over user’s (303A) shoulder) can view data on device 301A, but cannot edit data…”, where “view data on device 301A, but cannot edit data” is being read as the first portion being associated with a first permission attribute); and
		the second portion is associated with a second permission attribute of a second user (Smith, Paragraph [0042], see “User database 152 may also include user name 152C and user attributes 152D to authenticate and validate users 103. For example, user attributes 152D can include one or more of the following: finger print records, facial patterns, and radio frequency tag identification numbers, etc. User database 152 may also include general security clearances 152E which may be used to override any particular user permission settings so that device access controller 130 can control data access by, for example, room number, certain types of tasks, operational status, etc.”, where each user is associated with different (i.e., first and second) permission attributes) (Smith, Paragraph [0046], see “…first user 303A located within interface zone 360A…can view and edit text data on device 301A. Second user 303B located within interface zone 360A…can view data on device 301A, but cannot edit data”, where “first user” is being read as being associated with a first permission attribute (i.e., can view and edit text data) and where “second user” is being read as being associated with a second permission attribute (i.e., can view data but cannot edit)) (Smith, Paragraph [0046], see “…first user 303A located within interface zone 360A (and more particularly, seated in a chair facing device 301A) can view and edit text data on device 301A. Second user 303B located within interface zone 360A (and more particularly, looking over user’s (303A) shoulder) can view data on device 301A, but cannot edit data…”, where “view and edit text data on device 301A” is being read as the second portion being associated with a second permission attribute);
	receiving, from one or more proximity sensors, a proximity of the first user relative to the user interface (Smith, Paragraph [0028], see “…Device permissions manager 110 includes device permissions comparator 120 configured to receive plurality of user profiles (generally designated by reference numeral 105), each user profile corresponding to a user (e.g., first user 103A, second user 103B, etc. up to N user 103N) in proximity to one or more devices 101 and including user permissions (generally designated by reference numeral 106) to data”, where device permissions manager receives a proximity of each user (i.e. first user) relative to a user interface) (Smith, Paragraph [0035], see “…User tracking system 115 is configured to receive user location and identification information from one or more sensors, location tracking devices, and/or user identification devices…the user tracking system 115 may receive information from camera tracking and video processing sensors 116A, heat sensors 116B, movement sensors 116B, biometric sensors…”);
	receiving, from one or more identity-verification sensors, a verification of an identification of the first user (Smith, Paragraph [0035], see “…User tracking system 115 is configured to receive user location and identification information from one or more sensors, location tracking devices, and/or user identification devices…the user tracking system 115 may receive information from camera tracking and video processing sensors 116A…biometric sensors (including, but not limited to, finger print readers 116D, face recognition readers 116E, and iris readers 116F)…”, where “biometric sensors” is being read as one or more identity-verification sensors, which output a verification of an identification of a first user) (Smith, Paragraph [0058], see “…generating a comparison of the user permissions to determine data access on the device, and, at 606, controlling access to data on the device in response to the comparison of user permissions);
	activating the first portion of the user interface for interaction from the first user (Smith, Paragraph [0009], see “the inventive concepts, systems, and techniques are not limited to enabling and/or disabling data access, but can also be applied to enable and/or disable some or all user interface components in a user interface environment…”) (Smith, Paragraph [0058], see “…if data access is to be enabled, then controlling data access to the device includes rendering a command to enable data access on the device”), w
	receiving, from one or more proximity sensors, a proximity of the second user relative to the user interface (Smith, Paragraph [0028], see “…Device permissions manager 110 includes device permissions comparator 120 configured to receive plurality of user profiles (generally designated by reference numeral 105), each user profile corresponding to a user (e.g., first user 103A, second user 103B, etc. up to N user 103N) in proximity to one or more devices 101 and including user permissions (generally designated by reference numeral 106) to data”, where device permissions manager receives a proximity of each user (i.e. second user) relative to a user interface) (Smith, Paragraph [0035], see “…User tracking system 115 is configured to receive user location and identification information from one or more sensors, location tracking devices, and/or user identification devices…the user tracking system 115 may receive information from camera tracking and video processing sensors 116A, heat sensors 116B, movement sensors 116B, biometric sensors…”);
	receiving, from one or more identity-verification sensors, a verification of an identification of the second user (Smith, Paragraph [0035], see “…User tracking system 115 is configured to receive user location and identification information from one or more sensors, location tracking devices, and/or user identification devices…the user tracking system 115 may receive information from camera tracking and video processing sensors 116A…biometric sensors (including, but not limited to, finger print readers 116D, face recognition readers 116E, and iris readers 116F)…”, where “biometric sensors” is being read as one or more identity-verification sensors, which output a verification of an identification of a second user) (Smith, Paragraph [0058], see “…generating a comparison of the user permissions to determine data access on the device, and, at 606, controlling access to data on the device in response to the comparison of user permissions); and
	activating the second portion of the user interface for interaction from the second user (Smith, Paragraph [0009], see “the inventive concepts, systems, and techniques are not limited to enabling and/or disabling data access, but can also be applied to enable and/or disable some or all user interface components in a user interface environment…”) (Smith, Paragraph [0058], see “…if data access is to be enabled, then controlling data access to the device includes rendering a command to enable data access on the device”), 
	Smith does not teach the following limitation(s) as taught by Guertin: wherein activating the first portion comprises permitting the first user to enter data into the computer system using the first portion (Guertin, Paragraph [0073], see “…certain field(s) in the user interface is allowed to be accessed only by user(s) with certain privilege(s). For example, in some embodiments, the box 756 is not allowed to be checked by a nurse, and is allowed to be checked only by a doctor”) (Guertin, Claim 30, see “…wherein a first tab of the plurality of user-selectable tabs is selectable to configure the user interface into a first configuration for allowing a user to access and/or input treatment information regarding treatment parameters for treating a patient”, where “allowing a user to access and/or input treatment information regarding treatment parameters…” is analogous to permitting the first user to enter data into the computer system using the first portion, where “treatment information” is analogous to comprising a first portion as seen in FIG. 3B);
	where activating the second portion comprises permitting the second user to enter data into the computer system using the second portion (Guertin, Claim 30, see “…wherein a second tab of the plurality of user-selectable tabs is selectable to configure the user interface into a second configuration for allowing the user or another user to access and/or input diagnostic information for the patient”, where “allowing the user or another user to access and/or input diagnostic information for the patient” is analogous to permitting a second user to enter data into the computer system using the second portion, where “diagnostic information” is analogous to comprising a second portion as seen in FIG. 3B). 
Therefore, it would have been obvious for one of ordinary skill in the art before the effective filing date of the claimed invention to have modified the techniques for controlling data access on user interfaces, disclosed of Smith, by implementing techniques for an electronic medical chart, comprising of permitting a first or second user to enter data into the computer system using the respective portion, disclosed of Guertin.   
One of ordinary skill in the art would have been motivated to make this modification in order to implement techniques for just-in-time authentication, comprising of permitting a first or second user to enter data into the computer system using the respective portion. This allows for better security management and a friendlier user-interface environment by enabling the first and/or second user to enter data with respect to the respective portions. Guertin is deemed as analogous art due to the art disclosing techniques for permitting a first and second user to enter data into a computer system using specified portions (Guertin, Claim 30). 

	Regarding claim 20, Smith as modified by Guertin teaches The computer-readable media of claim 19, wherein the computer-executable instructions when executed further cause the computer system to perform the method comprising:
	prior to activating the second portion, determining that the second user is within a threshold distance from the user interface (Smith, FIG. 3A, see “303A” being read as the first user and see “303B” being read as the second user, where the system makes a determination that the second user is within a threshold distance from the user interface) (Smith, Paragraph [0014], see “…a method for controlling data access on a device includes receiving a plurality of user profiles, each user profile corresponding to a user in proximity to a device and including user permissions to data, generating a comparison of user permissions to determine data access on the device, and, in response to the comparison of user permissions, controlling access to data on the device”).



Claim 5 is rejected under 35 U.S.C. 103 as being unpatentable over Smith, in view of Guertin, in further view of Reggiardo et al. (U.S. PGPub. 2010/0069732), hereinafter Reggiardo. 

	Regarding claim 5, Smith as modified by Guertin do not teach the following limitation(s) as taught by Reggiardo: The computer system of claim 2, wherein the executable instructions include instructions that are executable to configure the computer system to:
	prior to activating the second portion of the user interface for interaction from the second user, deauthenticates the first user, wherein deauthenticating the first user comprises disabling data entry into the computer system through use of the first portion of the user interface (Reggiardo, Paragraph [0015], see “…a medical device can be provided with alert, alarm and reminder settings, or other healthcare information that can be configured and locked by an authorized individual in a supervisory role, e.g., a HCP or caregiver. The information may be locked until an access code is supplied, such as by an authorized individual, e.g., a HCP or a caregiver”) (Reggiardo, Paragraph [0038], see “Embodiments also include supervisor-controllable, including person-restrictive (e.g., user-restrictive), medical devices…For example, certain configurations of a medical device may be settable and/or lockable by a first person (e.g., a HCP) having a first access level (e.g., full access such as full Read/Write permission) and certain configurations that may be settable and/or lockable by a second person (e.g., a caregiver) having a second access level (e.g., limited Read/Write permission)”, where when a caregiver (second user) inputs their access code into the medical device, the HCP (first user) portion is deauthenticated, or in other words, data entry through the first portion is disabled on the user interface. In Figure 5A, when the caregiver logs into the medical device, “HCP Only” and “HCP Settings” (first portion) are disabled, whilst the second portion (i.e., everything underneath HCP Settings) is activated) (Reggiardo, Paragraph [0044], see “FIG. 5A shows the hierarchal permission scheme of an embodiment of a medical device 300 having restrictive control, e.g., restrictive caregiver and user control. The most critical settings and portions of the user interface (e.g. the ability to set values and activate menu items) may be set by a HCP. Values that must be prescribed by a HCP are in the HCP Only portion of the user interface as bounded by the dashed line 310…A caregiver (e.g. a parent) may set additional restrictions by the Caregiver settings region 340 as bounded by the solid line 350…”).
Therefore, it would have been obvious for one of ordinary skill in the art before the effective filing date of the claimed invention to have modified the techniques for controlling data access on user interfaces, disclosed of Smith, and techniques disclosed of Guertin, by implementing techniques for medical devices, comprising of disabling data entry into the computer system through use of the first portion of the user interface prior to activating the second portion of the user interface for interaction from the second user, disclosed of Reggiardo.   
One of ordinary skill in the art would have been motivated to make this modification in order to implement techniques for just-in-time authentication, comprising of disabling data entry into the computer system through use of the first portion of the user interface prior to activating the second portion of the user interface for interaction from the second user. This allows for better security management by disabling data entry into the computer system through use of the first portion that is restricted for authorized personnel with the respective privilege, prior to activating the second portion for a second user associated with limited privileges that restricts viewing and/or editing of the first portion. Reggiardo is deemed as analogous art due to the art disclosing techniques for disabling data entry into the computer system through use of the first portion of the user interface prior to activating the second portion of the user interface for interaction from the second user (Reggiardo, Figure 5A and Paragraph [0038]). 



Claims 7-9 and 16-18 are rejected under 35 U.S.C. 103 as being unpatentable over Smith, in view of Guertin, in further view of Azam et al. (U.S. PGPub. 2017/0329399), hereinafter Azam.

	Regarding claim 7, Smith as modified by Guertin teaches The computer system of claim 6, wherein the one or more proximity sensors and the one or more identity-verification sensors comprise a facial recognition sensor (Smith, Paragraph [0052], see “…At time t2, USER 001 enters control room 473A and is tracked at entryway sensor 416B which includes a facial recognition scanner and/or a finger print scanner to identify user 403A”, where “facial recognition scanner” is being read as a facial recognition sensor) 
	Smith as modified by Guertin do not teach the following limitation(s) as taught by Azam: The computer system of claim 6, wherein the one or more proximity sensors and the one or more identity-verification sensors comprise a facial recognition sensor that is configured to track gaze direction (Azam, Paragraph [0017], see “…Display 104 may also comprise a camera, sensor, LED, or other sensor 106 for detecting a user or users, distances between users and display 104, location of users, and eye gazes”). 
Therefore, it would have been obvious for one of ordinary skill in the art before the effective filing date of the claimed invention to have modified the techniques for controlling data access on user interfaces, disclosed of Smith, and techniques disclosed of Guertin, by implementing techniques for electronic display illumination, comprising of tracking gaze direction of users, disclosed of Azam.  
One of ordinary skill in the art would have been motivated to make this modification in order to implement techniques for just-in-time authentication, comprising of tracking gaze direction of users. This allows for better security management and a friendlier method of authenticating a user by configuring the proximity and/or identity-verification sensors to track gaze direction of users, which allows for a hands-free strong user authentication. Azam is deemed as analogous art due to the art disclosing methods of tracking user gaze direction (Azam, Paragraph [0017]). 

	Regarding claim 8, Smith as modified by Guertin teaches The computer system of claim 7, wherein receiving, from the one or more proximity sensors, the proximity of the second user relative to the user interface (Smith, Paragraph [0055], see “…USER 001 receives a message to proceed to office 473B. Entryway sensor 416E tracks USER 001 entering office 473B all of which defines interface zone 460E about device 401E which includes a projection system. Device permissions manager enables display of data X on device 401E”, where “Entryway sensor 416E” is being read as one or more proximity sensors receiving the proximity of a second user relative to the user interface) comprising detecting, with the facial recognition sensor (Smith, Paragraph [0052], see “…At time t2, USER 001 enters control room 473A and is tracked at entryway sensor 416B which includes a facial recognition scanner and/or a finger print scanner to identify user 403A”, where “facial recognition scanner” is being read as a facial recognition sensor), 
	Smith as modified by Guertin do not teach the following limitation(s) as taught by Azam: The computer system of claim 7, wherein receiving, from the one or more proximity sensors, the proximity of the second user relative to the user interface comprises detecting, with the facial recognition sensor, that the second user is gazing at the user interface (Azam, Paragraph [0017], see “…Display 104 may also comprise a camera, sensor, LED, or other sensor 106 for detecting a user or users, distances between users and display 104, location of users, and eye gazes”). 
Therefore, it would have been obvious for one of ordinary skill in the art before the effective filing date of the claimed invention to have modified the techniques for controlling data access on user interfaces, disclosed of Smith, and techniques disclosed of Guertin, by implementing techniques for electronic display illumination, comprising of tracking gaze direction of users, disclosed of Azam.  
One of ordinary skill in the art would have been motivated to make this modification in order to implement techniques for just-in-time authentication, comprising of tracking gaze direction of users. This allows for better security management and a friendlier method of authenticating a user by configuring the proximity and/or identity-verification sensors to track gaze direction of users, which allows for a hands-free strong user authentication. Azam is deemed as analogous art due to the art disclosing methods of tracking user gaze direction (Azam, Paragraph [0017]). 
 
	Regarding claim 9, Smith as modified by Guertin teaches The computer system of claim 8, wherein receiving, from the one or more identity-verification sensors, the verification of the identification of the second user comprises detecting, with the facial recognition sensor (Smith, Paragraph [0052], see “…At time t2, USER 001 enters control room 473A and is tracked at entryway sensor 416B which includes a facial recognition scanner and/or a finger print scanner to identify user 403A”, where “entryway sensor 416B” is being read as the one or more identity-verification sensors, where “facial recognition scanner” is being read as a facial recognition sensor), 
	Smith as modified by Guertin do not teach the following limitation(s) as taught by Azam: The computer system of claim 8, wherein receiving, from the one or more identity-verification sensors, the verification of the identification of the second user comprises detecting, with the facial recognition sensor, that the second user is gazing at the user interface (Azam, Paragraph [0017], see “…Display 104 may also comprise a camera, sensor, LED, or other sensor 106 for detecting a user or users, distances between users and display 104, location of users, and eye gazes”). 
Therefore, it would have been obvious for one of ordinary skill in the art before the effective filing date of the claimed invention to have modified the techniques for controlling data access on user interfaces, disclosed of Smith, and techniques disclosed of Guertin, by implementing techniques for electronic display illumination, comprising of tracking gaze direction of users, disclosed of Azam.  
One of ordinary skill in the art would have been motivated to make this modification in order to implement techniques for just-in-time authentication, comprising of tracking gaze direction of users. This allows for better security management and a friendlier method of authenticating a user by configuring the proximity and/or identity-verification sensors to track gaze direction of users, which allows for a hands-free strong user authentication. Azam is deemed as analogous art due to the art disclosing methods of tracking user gaze direction (Azam, Paragraph [0017]). 

	Regarding claim 16, Smith as modified by Guertin teaches The computer-implemented method of claim 15, wherein the one or more proximity sensors and the one or more identity-verification sensors comprise a facial recognition sensor (Smith, Paragraph [0052], see “…At time t2, USER 001 enters control room 473A and is tracked at entryway sensor 416B which includes a facial recognition scanner and/or a finger print scanner to identify user 403A”, where “facial recognition scanner” is being read as a facial recognition sensor) 
	Smith as modified by Guertin do not teach the following limitation(s) as taught by Azam: The computer-implemented method of claim 15, wherein the one or more proximity sensors and the one or more identity-verification sensors comprise a facial recognition sensor that is configured to track gaze direction (Azam, Paragraph [0017], see “…Display 104 may also comprise a camera, sensor, LED, or other sensor 106 for detecting a user or users, distances between users and display 104, location of users, and eye gazes”). 
Therefore, it would have been obvious for one of ordinary skill in the art before the effective filing date of the claimed invention to have modified the techniques for controlling data access on user interfaces, disclosed of Smith, and techniques disclosed of Guertin, by implementing techniques for electronic display illumination, comprising of tracking gaze direction of users, disclosed of Azam.  
One of ordinary skill in the art would have been motivated to make this modification in order to implement techniques for just-in-time authentication, comprising of tracking gaze direction of users. This allows for better security management and a friendlier method of authenticating a user by configuring the proximity and/or identity-verification sensors to track gaze direction of users, which allows for a hands-free strong user authentication. Azam is deemed as analogous art due to the art disclosing methods of tracking user gaze direction (Azam, Paragraph [0017]). 

	Regarding claim 17, Smith as modified by Guertin teaches The computer-implemented method of claim 16, wherein receiving, from the one or more proximity sensors, the proximity of the second user relative to the user interface (Smith, Paragraph [0055], see “…USER 001 receives a message to proceed to office 473B. Entryway sensor 416E tracks USER 001 entering office 473B all of which defines interface zone 460E about device 401E which includes a projection system. Device permissions manager enables display of data X on device 401E”, where “Entryway sensor 416E” is being read as one or more proximity sensors receiving the proximity of a second user relative to the user interface) comprises detecting, with the facial recognition sensor (Smith, Paragraph [0052], see “…At time t2, USER 001 enters control room 473A and is tracked at entryway sensor 416B which includes a facial recognition scanner and/or a finger print scanner to identify user 403A”, where “facial recognition scanner” is being read as a facial recognition sensor), 
	Smith as modified by Guertin do not teach the following limitation(s) as taught by Azam: The computer-implemented method of claim 16, wherein receiving, from the one or more proximity sensors, the proximity of the second user relative to the user interface comprises detecting, with the facial recognition sensor, that the second user is gazing at the user interface (Azam, Paragraph [0017], see “…Display 104 may also comprise a camera, sensor, LED, or other sensor 106 for detecting a user or users, distances between users and display 104, location of users, and eye gazes”). 
Therefore, it would have been obvious for one of ordinary skill in the art before the effective filing date of the claimed invention to have modified the techniques for controlling data access on user interfaces, disclosed of Smith, and techniques disclosed of Guertin, by implementing techniques for electronic display illumination, comprising of tracking gaze direction of users, disclosed of Azam.  
One of ordinary skill in the art would have been motivated to make this modification in order to implement techniques for just-in-time authentication, comprising of tracking gaze direction of users. This allows for better security management and a friendlier method of authenticating a user by configuring the proximity and/or identity-verification sensors to track gaze direction of users, which allows for a hands-free strong user authentication. Azam is deemed as analogous art due to the art disclosing methods of tracking user gaze direction (Azam, Paragraph [0017]). 

	Regarding claim 18, Smith as modified by Guertin teaches The computer-implemented method of claim 17, wherein receiving, from the one or more identity-verification sensors, the verification of the identification of the second user comprises detecting, with the facial recognition sensor (Smith, Paragraph [0052], see “…At time t2, USER 001 enters control room 473A and is tracked at entryway sensor 416B which includes a facial recognition scanner and/or a finger print scanner to identify user 403A”, where “entryway sensor 416B” is being read as the one or more identity-verification sensors, where “facial recognition scanner” is being read as a facial recognition sensor), 
	Smith as modified by Guertin do not teach the following limitation(s) as taught by Azam: The computer-implemented method of claim 17, wherein receiving, from the one or more identity-verification sensors, the verification of the identification of the second user comprises detecting, with the facial recognition sensor, that the second user is gazing at the user interface (Azam, Paragraph [0017], see “…Display 104 may also comprise a camera, sensor, LED, or other sensor 106 for detecting a user or users, distances between users and display 104, location of users, and eye gazes”). 
Therefore, it would have been obvious for one of ordinary skill in the art before the effective filing date of the claimed invention to have modified the techniques for controlling data access on user interfaces, disclosed of Smith, and techniques disclosed of Guertin, by implementing techniques for electronic display illumination, comprising of tracking gaze direction of users, disclosed of Azam.  
One of ordinary skill in the art would have been motivated to make this modification in order to implement techniques for just-in-time authentication, comprising of tracking gaze direction of users. This allows for better security management and a friendlier method of authenticating a user by configuring the proximity and/or identity-verification sensors to track gaze direction of users, which allows for a hands-free strong user authentication. Azam is deemed as analogous art due to the art disclosing methods of tracking user gaze direction (Azam, Paragraph [0017]). 


Conclusion
Applicant’s amendment necessitated the new ground(s) of rejection presented in this Office Action.  Accordingly, THIS ACTION IS MADE FINAL.  See MPEP § 706.07(a).  Applicant is reminded of the extension of time policy as set forth in 37 CFR 1.136(a). 
	A shortened statutory period for reply to this final action is set to expire THREE MONTHS from the mailing date of this action. In the event a first reply is filed within TWO MONTHS of the mailing date of this final action and the advisory action is not mailed until after the end of the THREE-MONTH shortened statutory period, then the shortened statutory period will expire on the date the advisory action is mailed, and any extension fee pursuant to 37 CFR 1.136(a) will be calculated from the mailing date of the advisory action. In no event, however, will the statutory period for reply expire later than SIX MONTHS from the date of this final action.

Any inquiry concerning this communication or earlier communications from the examiner should be directed to RODMAN ALEXANDER MAHMOUDI whose telephone number is (571)272-8747.  The examiner can normally be reached on M-F 11:00am – 7:00pm.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Philip Chea can be reached on (571) 272-3951.  The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system.  Status information for published applications may be obtained from either Private PAIR or Public PAIR.  Status information for unpublished applications is available through Private PAIR only.  For more information about the PAIR system, see http://pair-direct.uspto.gov. Should you have questions on access to the Private PAIR system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative or access to the automated information system, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.

/R.A.M./Examiner, Art Unit 2499                                                                                                                                                                                                        /PHILIP J CHEA/Supervisory Patent Examiner, Art Unit 2499