Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .

DETAILED ACTION
Claims 1-21, 23-26 and 28-36 have been examined.

Priority
Acknowledgment is made of applicant's claim for priority based on a provisional U.S. Patent Application No. 62/960,449, filed Jan. 13, 2020. 

Information Disclosure Statement
The examiner reviewed IDS document(s) on 10/21/22, carefully considering the art cited within the document(s).


Claim Rejections - 35 USC § 102
The following is a quotation of the appropriate paragraphs of 35 U.S.C. 102 that form the basis for the rejections under this section made in this Office action:
A person shall be entitled to a patent unless –

(a)(1) the claimed invention was patented, described in a printed publication, or in public use, on sale or otherwise available to the public before the effective filing date of the claimed invention.


(a)(2) the claimed invention was described in a patent issued under section 151, or in an application for patent published or deemed published under section 122(b), in which the patent or application, as the case may be, names another inventor and was effectively filed before the effective filing date of the claimed invention.


Claim(s) 1-5, 16, 23, 26 and 28-32 is/are rejected under 35 U.S.C. 102 (a)(1) as being anticipated by Burchett (USPUB 20070174906).
As illustrated in Fig. 4-7 and discussed in the related text, Burchett teaches user access to resources within computing systems, such as systems implementing a Windows based product (e.g. para 57), which a skilled in the art would readily appreciate as the systems utilizing processor and memory to execute a plurality of program instructions stored on a non-transitory media.
Specifically, Burchett teaches controlling access to a computing resource, comprising the steps of: 
receiving a request for access to a computing resource, where access to the computing resource is restricted (a client access request detected, para 59); 
administering a cognitive readiness test on a client electronic device, where the cognitive readiness test comprises a presentation of a stimulus on the client electronic device (prompt the user with the logging request to provide credentials for the client access, para 59); 
controlling access to the computing resource based on a reaction time of a user to the stimulus of the cognitive readiness test, wherein the step of controlling access comprises the step of granting access to the computing resource in response to determining the one or more authentication credentials are valid and determining the reaction time of the user to the cognitive readiness test is within the predefined range of acceptable reaction times (access based on receiving credentials within a time period, para 60-62) and  denying access to the computing resource in response to determining the reaction time of the user to the cognitive readiness test is not within the predefined range of acceptable reaction times (not only implicit given the fact that the access is based on the proper respond within the predefined range of acceptable reaction time but also Burchett suggests actions such as shut down, for example, e.g. para 69).
Furthermore, not only the broadest reasonable interpretation is inherent: clearly upon the successful authentication of the user at the very least there is a temporary and/or session exchange and Burchett also talks about the additional control (e.g. verifying whether the user is authorized for a particular action, e.g. modification of the credentials, see various citations in the prior art, e.g. para 67-75), and Burchett also contemplates the step of redirecting the user to an authentication authority after receiving the request for access to the computing resource, and wherein the step of receiving the one or more authentication credentials comprises receiving the one or more authentication credentials at the authentication authority (forward or otherwise communicate the generated authentication request to an associated authentication provider that respond regarding whether the user client access credentials have been authenticated with the authentication provider, para 67)

Claim Rejections - 35 USC § 103

The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102 of this title, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains.  Patentability shall not be negated by the manner in which the invention was made.


The factual inquiries set forth in Graham v. John Deere Co., 383 U.S. 1, 148 USPQ 459 (1966), that are applied for establishing a background for determining obviousness under 35 U.S.C. 103 are summarized as follows:
1. Determining the scope and contents of the prior art.
2. Ascertaining the differences between the prior art and the claims at issue.
3. Resolving the level of ordinary skill in the pertinent art.
4. Considering objective evidence present in the application indicating obviousness or nonobviousness.


This rejection under 35 U.S.C. 103 might be overcome by: (1) a showing under 37 CFR 1.130(a) that the subject matter disclosed in the reference was obtained directly or indirectly from the inventor or a joint inventor of this application and is thus not prior art in accordance with  35 U.S.C. 102(b)(2)(A); (2) a showing under 37 CFR 1.130(b) of a prior public disclosure under 35 U.S.C. 102(b)(2)(B); or (3) a statement pursuant to 35 U.S.C. 102(b)(2)(C) establishing that, not later than the effective filing date of the claimed invention, the subject matter disclosed and the claimed invention were either owned by the same person or subject to an obligation of assignment to the same person or subject to a joint research agreement.  See generally MPEP § 706.02(l)(1) and § 706.02(l)(2).  


Claim(s) 24-25 is/are rejected under 35 U.S.C. 103 unpatentable over Burchett (USPUB 20070174906).
Burchett teaches a process (authentication) failure in response to determining the reaction time of the user to the cognitive readiness test is not within the predefined range of acceptable times as discussed above. 
Although Burchett does not teach notifying a second user and/or recording the data (reaction time of the user) that resulted in the failure, Official Notice is taken that having such solution would have been old and well known to one of ordinary skill in the art before the effective filling date of the invention (security log and admin notification) to given the predictable benefit of increased security.
Claim(s) 6-10, 12-14 and 33-36 is/are rejected under 35 U.S.C. 103 unpatentable over Burchett (USPUB 20070174906) in view of Sanderson (Steven Sanderson, “Using the browser’s native login prompt”, “Using the browser’s native login prompt”, found at blog.stevensanderson.com/2008/08/25/using-the-browsers-native-login-prompt, 8/08).
As per claims 6 and 33, Burchett teaches administering a cognitive readiness test comprising a presentation of a stimulus on the client device, as discussed above. Although Burchett does not expressly teach the administering comprising the step of presenting the test on a graphical user interface of the client electronic device, the examiner asserts that the limitation if not inherent would have been implicit: not only clearly a space to type the credentials would have to be shown to a person but also as noted above, Burchett’s invention applies to Windows based product (e.g. para 57) and but also a skilled in the art would readily appreciate that Windows presents a stimulus on the client device during the described process (e.g. Windows Logon prompt or website logon prompt accessed via Windows environment, for example).  
However, for the purpose of the expedited prosecution the examiner offers Sanderson’s teaching expressly teaching such a graphical user interface (see figures with the associated text), and it would have been obvious to one of ordinary skill in the art before the effective filling date of the invention to include Sanderson’s teaching given the predictable benefit of usability.
As per claims 7-9 and 33-36, in the broadest reasonable interpretation, the prompt/presentation of the stimulus on the graphical user interface from which the user’s cognitive readiness is timed meets the limitation of a user’s cognitive marker.
As per claims 13-14, in the broadest interpretation the prompt could be reasonably be interpreted as a question (for a user’s response) and as clearly seen Burchett uses more than one colors.
Furthermore, as per claims in one interpretation, 10 and 12, and the display sharing a common area with the area that a credential character start and end meets the limitation of the stimulus that is a bar intersecting with a goal element, where the area between gray areas would meet the limitation of a goal element having a start (left side of the white space) and an end (right side of the white space) elements and the overlapping/intersected area that would be filled/started and ended of with the user’s response (e.g. represented by pixels in form of letters) would satisfy the limitation of the stimulus.
Claim(s) 15 is/are rejected under 35 U.S.C. 103 unpatentable over Burchett (USPUB 20070174906) in view of Zheng (USPUB 20110035582).
Burchet teaches the authentication authority but fails to indicate the authority being a single sign-on authority.  
However, these differences are only found in the nonfunctional descriptive material and do not alter the method disclosed by Burchett (i.e., the method would have been performed regardless of the type of the authentication authority).  Thus, this descriptive material will not distinguish the claimed invention from the prior art in terms of patentability, see In re Gulack, 703 F.2d 1381, 1385, 217 USPQ 401, 404 (Fed. Cir. 1983); In re Lowry, 32 F.3d 1579, 32 USPQ2d 1031 (Fed. Cir. 1994). 
Furthermore, for the purpose of the expedited prosecution the examiner offers Zheng’s reference that expressly teach the authentication server being SSO server (see para 23 and 80).  It would have been obvious to one of ordinary skill in the art before the effective filling date of the invention to include such solution in order to implement centralized security authentication.
Claim(s) 1-21, 23-26 and 28-36 is/are rejected under 35 U.S.C. 103 unpatentable over Damjanovic (USPUB 20180225985).
Damjanovic discloses a computer-implemented method/computer program product computing resource access control system/cognitive readiness determination system on a non-transitory computer readable medium having a plurality of program instructions stored thereon, which when executed by a processor, causes the processor to perform operations of controlling/determining a user's cognitive readiness to access to a computing resource (operator readiness testing and tracking system tests operator-readiness in situations in which the operator must perform in a highly reliable manner - provides a number of tests designed to provide physiological responses to sound and light stimuli, and responses to cognitive testing, Abstract, presenting the test-subject with various visual stimuli - and/or audio stimuli, para 07-13, with denial of access to the work place by those who fail the test, para 32-34. test-subject inputs their fingerprint into the fingerprint reader FPR - high security situations - physiologic test - cognitive test or sub-tests are likewise performed and the quantitative values thereof also stored in the database - results of the physiologic and cognitive tests are then displayed - access denial, training, scheduling, drug testing and/or more detailed readiness testing, or some other action, para 51), comprising: a processor, a memory comprising a plurality of program instructions stored thereon that are executable by the processor to perform operations comprising (para 32-34): receiving a request from a client electronic device (operator-readiness in situations in which the operator must perform in a highly reliable manner, Abstract, para 32-34; test-subject inputs their fingerprint into the fingerprint reader FPR - high security situations - physiologic test - cognitive test or sub-tests are likewise performed and the quantitative values thereof also stored in the database, para 51); administering a cognitive readiness test on a client electronic device, where the cognitive readiness test comprises a presentation of a stimulus on the client electronic device (presenting the test-subject with various visual stimuli - and/or audio stimuli, para 07-13, suitable test device in the form of a portable tablet 10A, para 35-36, physiologic test- cognitive test or sub-tests are likewise performed and the quantitative values thereof also stored in the database, para 51); comparing a reaction time of the first user to the stimulus of the cognitive readiness test to a predefined range of acceptable reaction times to determine a cognitive readiness of the first user (Any particular test value is seen in the context of the larger data set and compared to the statistically derived expected values. Those values would be calculated with respect to the operators own historic performance and the performance of the test-subject's peers in the same or a similar industry, para 07-13, calculate the test-subject's reaction times, para 37-44); controlling access based on a reaction time of a user to the stimulus of the cognitive readiness test (operator-readiness test - provide a relative performance level or - yes/no answer to the question of operator readiness - test subject's performance is compared to his/her own historic performance and/or performance of test subjects in the same position – with denial of access to the work place by those who fail the test, para 32-34, calculate the test-subject's reaction times, para 37-44, 51 etc.), 
Although Damjanovic does not expressly teach that the access request is to the computing resource to which access granted or denied, the reference discloses that the process flow is started and, thereafter, the test-subject inputs their fingerprint into the fingerprint reader FPR - high security situations - physiologic test - cognitive test or sub-tests are likewise performed - results of the physiologic and cognitive tests are then displayed - access denial, training, scheduling, drug testing and/or more detailed readiness testing, or some other action (see para 51-61, for example). Accordingly, it would have been obvious to a person having ordinary skill in the art that receiving a request from a client electronic device for access to a computing resource is performed every instance after the user logs in to the system as part of overall readiness testing.
Damjanovic further discloses determining the reaction time of the user to the stimulus of the cognitive readiness test being within a predefined range of acceptable reaction times, wherein the step of controlling access comprises the step of granting access to the computing resource in response to determining the reaction time of the user to the stimulus of the cognitive readiness test is within the predefined range of acceptable reaction times (para 07-13), operator-readiness test - provide a relative performance level or - yes/no answer to the question of operator readiness – test subject's performance is compared to his/her own historic performance and/or performance of test subjects in the same position – with denial of access to the work place by those who fail the test, para 32-34), calculate the test-subject's reaction times, para 37, 44, 51, etc.), controlling access comprises the step of continuing previously granted access to the computing resource (recognize readiness deterioration before it becomes a safety event can be achieved through continuous or near-continuous readiness testing, para 06-13), performance deterioration limits could be set (see FIG. 5), by the end user resulting in some form of corrective action taken: yes/no readiness answer, for example, with denial of access to the work place by those who fail the test, para 32-34), receiving a one or more authentication credentials of the user from the client electronic device; determining the one or more authentication credentials are valid; and, wherein the step of granting or denying access is further defined in that access is granted to the computing resource in response to determining the one or more authentication credentials are valid and determining the reaction time of the user to the cognitive readiness test is within the predefined range of acceptable reaction times (para 32-34), test-subject inputs their fingerprint into the fingerprint reader FPR - query is presented As per whether or not the fingerprint has been registered, and, if NO, the registration process is performed and the program ends with the test-subject potentially locked out of system -Once the fingerprint input identification procedure has been accomplished - physiologic test - cognitive test or sub-tests are likewise performed and the quantitative values thereof also stored in the database - results of the physiologic and cognitive tests are then displayed - access denial, training, scheduling, drug testing and/or more detailed readiness testing, or some other action, para 51), redirecting the user to an authentication authority after receiving the request for access to the computing resource, and wherein the step of receiving the one or more authentication credentials comprises receiving the one or more authentication credentials at the authentication authority (the process flow is started and, thereafter, the test-subject inputs their fingerprint into the fingerprint reader FPR, para 51), the step of administering comprises the step of presenting the cognitive readiness test on a graphical user interface of the client electronic device (readiness-testing system includes a computer-controlled display with touch-screen and/or voice input capability for presenting the test-subject with various visual stimuli, audio speakers for presenting the test-subject with instructions and/or audio stimuli, para 07-13, suitable test device in the form of a portable tablet 10A, para 35-36), the step of measuring, with the cognitive readiness test, a cognitive marker indicative of a user's cognitive readiness (cognitive performance, para 07-13, para 59-61), the step of measuring the reaction time of the user on the client electronic device to the stimulus presented in the cognitive readiness test by measuring a time between the presentation of the stimulus on the graphical user interface and a receipt of a predefined user input on the client electronic device (response time calculation; movement start time, movement duration time, gaze restoration time and drift, respectively, para 54-61), measuring the reaction time on the client electronic device and sending the reaction time to a cognitive authority (para 0713, para 32-34. relevant data-response time (how quickly the test-subject starts and how quickly delivers the answer) and number of attempts are recorded in the database, para 51-61), the stimulus that is a bar intersecting with a goal element (variety of executive function tests described above delivered in a visual and/or audio modality test audio-visual-cognitive pathways of the test-subject, para 37-44), the bar moves along a circular track toward the goal element (circular portion 12 of the screen is provided on the upper left side of the screen and another circular portion 14 on the upper right side of the screen. Each circular screen portion represents a screen area that is momentarily and selectively activated to display a white (or other color} in response to a stored-program controlled processor to define a blinking or flashing light stimulus - variety of executive function tests described above delivered in a visual and/or audio modality test audio-visual-cognitive pathways of the test-subject, para 37-44), the stimulus is a block arriving in a goal area between a start element and an end element (variety of executive function tests described above delivered in a visual and/or audio modality test audio-visual-cognitive pathways of the test-subject, para 37-44), the stimulus that is a question (error in answering the question will result in another sequence of the same type being given but at the lower speed, para 59-61), the stimulus that is an illumination or a color change of a user interface element on the graphical user interface (Each circular screen portion represents a screen area that is momentarily and selectively activated to display a white (or other color} in response to a stored-program controlled processor to define a blinking or flashing light stimulus, para 37-44), instructing the client electronic device to prompt the user to take the cognitive readiness test, and the step of receiving from the user one or more authentication credentials at the authentication authority is further defined in that the authentication authority is a single sign-on authority (test-subject inputs their fingerprint into the fingerprint reader FPR. A query is presented As per whether or not the so-inputted fingerprint is in the system (i.e., the fingerprint is already in system memory}. If the answer is NO – the program ends with the test-subject potentially locked out of system - in high security situations, the attempts may be limited to one, para 51), sending the cognitive readiness test to the client electronic device (presenting the test-subject with various visual stimuli - and/or audio stimuli, para 07-13, suitable test device in the form of a portable tablet 10A, para 35-36. physiologic test - cognitive test or sub-tests are likewise performed, para 51), the computing resource being selected from the group consisting of: a software, a computer, a computer system, a system resource, a website, and a webpage (tests operator-readiness in situations in which the operator must perform in a highly reliable manner, Abstract, with denial of access to the work place by those who fail the test, para 32-34), the predefined range of acceptable reaction limes that is a user personalized predefined range of acceptable reaction times determined based on one or more previous reaction times of one or more prior cognitive readiness tests taken by the user, para 07-13), operator-readiness test - provide a relative performance level or - yes/no answer to the question of operator readiness – test subject's performance is compared to his/her own historic performance and/or performance of test subjects in the same position – with denial of access to the work place by those who fail the test, para 32-34), calculate the test-subject's reaction times, para 37-44, para 51, etc.), the user personalized predefined range of acceptable reaction times that is further defined as within an acceptable deviation range from an average of two or more previous reaction times of two or more prior cognitive readiness tests taken by the user (recognize readiness deterioration before it becomes a safety event can be achieved through continuous or near-continuous readiness testing, para 06-13), performance deterioration limits could be set (see FIG. 5), by the end user resulting in some form of corrective action taken: yes/no readiness answer, for example, with denial of access to the work place by those who fail the test, para 32-34, 51, etc.), receiving a one-time use password or a second input after receiving a first set of the one or more authentication credentials (readiness-testing system - activated either by the fingerprint, iris scan, or some other unique biometric identifier, para 07-13), process flow repeats the input-fingerprint step based on the number of attempts (in high security situations, the attempts may be limited to one) - Once the fingerprint input identification procedure has been accomplished - cognitive test or sub-tests are likewise performed, para 51), before receiving the one-lime use password or the second input, sending a sent one-time use password or a request for the second input to the client electronic device (readiness-testing system - activated either by the fingerprint, iris scan, or some other unique biometric identifier, para 07-13), process flow repeats the input-fingerprint step based on the number of attempts (in high security situations, the attempts may be limited to one) - Once the fingerprint input identification procedure has been accomplished - cognitive test or sub-tests are likewise performed, para 51), determining the reaction time of the user to the stimulus of the cognitive readiness test that is not within a predefined range of acceptable reaction times; and, wherein the step of controlling access is a step of denying access to the computing resource in response to determining the reaction time of the user to the cognitive readiness test is not within the predefined range of acceptable reaction times (para 32-34, results can be displayed to the test-subject at the time the test is completed and/or at the management level as a part of performance inquiry -response time calculation; movement start time, movement duration time, gaze  restoration lime and drift, respectively - performance index calculation, para 51-61), notifying a second user in response to determining the reaction time of the first user to the cognitive readiness test is not within the predefined range of acceptable reaction times (operator-readiness in situations in which the operator must perform in a highly reliable manner - system provides a number of tests designed to provide physiological responses to sound and light stimuli, and responses to cognitive testing. Data collected for each operator tested is stored in a historical database to provide baseline information for current testing in the event of a decline in operator performance, Abstract, para 07-13, 32-34, 51-61, etc.), recording in a data store the reaction time of the user in response to determining the reaction time of the user to the cognitive readiness test is not within the predefined range of acceptable reaction times (Data collected for each operator tested is stored in a historical database to provide baseline information for current testing in the event of a decline in operator performance, Abstract, para 07-13, 32-34, 51-61, etc.), instructing the client electronic device to prompt the user to take the cognitive readiness test (The test-subject, after successful log-in (FIG. 6), is instructed in a brief audio instruction to look at two marks (e.g., Xs or circulus or any mark designed to function as a focal point) displayed on the test device. The Xs roughly correspond to the location of the test-subject's gaze. First, the audio test is performed as discussed in preceding paragraph, followed by a brief audio instruction and video test, para 51 -61).

Conclusion

Any inquiry concerning this communication or earlier communications from the examiner should be directed to Peter Poltorak whose telephone number is (571) 272-3840.  The examiner can normally be reached Monday through Thursday from 9:00 a.m. to 5:00 p.m. 
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Jeffrey Pwu can be reached on (571) 272-6798.  The fax phone number for the organization where this application or proceeding is assigned is (571) 273-8300.
Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system.  Status information for published applications may be obtained from either Private PAIR or Public PAIR.  Status information for unpublished applications is available through Private PAIR only.  For more information about the PAIR system, see http://pair-direct.uspto.gov. Should you have questions on access to the Private PAIR system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free).
/PIOTR POLTORAK/Primary Examiner, Art Unit 2433