DETAILED ACTION
	The instant application having Application No. 17/679,259 filed on 02/24/2022 is presented for examination by the Examiner.

Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .

Claim Objections
Claims 3 and 13 are objected to because of the following informalities:  
Claim 3 recites the limitation “ ‘(i) the first use device and a second credential entry method that is different from the second credential entry method,” which should be changed to “ ‘(i) the first use device and a second credential entry method that is different from the  first credential entry method,”.  
Claim 13 is objected for the same rational as claim 3 above. Appropriate correction is required.

Claim Rejections - 35 USC § 112
The following is a quotation of 35 U.S.C. 112(b):
(b)  CONCLUSION.—The specification shall conclude with one or more claims particularly pointing out and distinctly claiming the subject matter which the inventor or a joint inventor regards as the invention.


The following is a quotation of 35 U.S.C. 112 (pre-AIA ), second paragraph:
The specification shall conclude with one or more claims particularly pointing out and distinctly claiming the subject matter which the applicant regards as his invention.


Claims 1-20  are rejected under 35 U.S.C. 112(b) or 35 U.S.C. 112 (pre-AIA ), second paragraph, as being indefinite for failing to particularly point out and distinctly claim the subject matter which the inventor or a joint inventor (or for applications subject to pre-AIA  35 U.S.C. 112, the applicant), regards as the invention.
Claim 1 recites the limitations “initiate a secondary authentication method if a level of similarity between the behavioral biometric data and the stored behavioral biometric data of the first user model is less than a first predetermined threshold;” and   “responsive to determining that the level of similarity is below the first predetermined threshold and a second predetermined threshold: initiate the secondary authentication method; and in response to the secondary authentication method being validated, associate the behavioral biometric data with a second user model.” It is unclear if these two limitations should be connected by an “or” instead of an “and” as currently recited, because they both call to initiate a second authentication method, but the conditions to which the second authentication method is initiated are different.

	Claim 11 is rejected for the same rationale as claim 1 above.
	All dependent claims 2-10 and 12-20 are rejected for the same rationale as their independent claims 1 & 11 above.

Double Patenting
The nonstatutory double patenting rejection is based on a judicially created doctrine grounded in public policy (a policy reflected in the statute) so as to prevent the unjustified or improper timewise extension of the “right to exclude” granted by a patent and to prevent possible harassment by multiple assignees. A nonstatutory double patenting rejection is appropriate where the conflicting claims are not identical, but at least one examined application claim is not patentably distinct from the reference claim(s) because the examined application claim is either anticipated by, or would have been obvious over, the reference claim(s). See, e.g., In re Berg, 140 F.3d 1428, 46 USPQ2d 1226 (Fed. Cir. 1998); In re Goodman, 11 F.3d 1046, 29 USPQ2d 2010 (Fed. Cir. 1993); In re Longi, 759 F.2d 887, 225 USPQ 645 (Fed. Cir. 1985); In re Van Ornum, 686 F.2d 937, 214 USPQ 761 (CCPA 1982); In re Vogel, 422 F.2d 438, 164 USPQ 619 (CCPA 1970); In re Thorington, 418 F.2d 528, 163 USPQ 644 (CCPA 1969).
A timely filed terminal disclaimer in compliance with 37 CFR 1.321(c) or 1.321(d) may be used to overcome an actual or provisional rejection based on nonstatutory double patenting provided the reference application or patent either is shown to be commonly owned with the examined application, or claims an invention made as a result of activities undertaken within the scope of a joint research agreement. See MPEP § 717.02 for applications subject to examination under the first inventor to file provisions of the AIA  as explained in MPEP § 2159. See MPEP § 2146 et seq. for applications not subject to examination under the first inventor to file provisions of the AIA . A terminal disclaimer must be signed in compliance with 37 CFR 1.321(b). 
The USPTO Internet website contains terminal disclaimer forms which may be used. Please visit www.uspto.gov/patent/patents-forms. The filing date of the application in which the form is filed determines what form (e.g., PTO/SB/25, PTO/SB/26, PTO/AIA /25, or PTO/AIA /26) should be used. A web-based eTerminal Disclaimer may be filled out completely online using web-screens. An eTerminal Disclaimer that meets all requirements is auto-processed and approved immediately upon submission. For more information about eTerminal Disclaimers, refer to www.uspto.gov/patents/process/file/efs/guidance/eTD-info-I.jsp.
At least claims 1, 3, 5-8, 10-11, 13 and 15 are rejected on the ground of nonstatutory double patenting as being unpatentable over at least claims 1-2, and 5  of U.S. Patent No. 10,652,238, and of at least claims 1-2 of U.S. Patent No. 11,290,450 because the claims in the instant application are a subset of the claims in the patents as exemplified below
                 Instant Application
                Patent 10,652,238
Claim 1:
     A system comprising: 
     one or more processors; and 
     memory having instructions stored thereon that, when executed by the one or more processors, cause the system to: 
          receive behavioral biometric data from a user device, the behavioral biometric data being associated with an entry of primary authentication credentials on the user device; 





          compare the behavioral biometric data to a first user model associated with (i) the user device and (ii) a credential entry method on the user device, the first user model being based at least in part on stored behavioral biometric data personalized to a user associated with the user device; 
          initiate a secondary authentication method if a level of similarity between the behavioral biometric data and the stored behavioral biometric data of the first user model is less than a first predetermined threshold; and
         responsive to determining that the level of similarity is below the first predetermined threshold and a second predetermined threshold: 
               initiate the secondary authentication method; and 
              



     in response to the secondary authentication method being validated, associate the behavioral biometric data with a second user model.


Claim 1:
     A system comprising: 
     one or more processors; and 
     memory storing instructions, that when executed by the one or more processors, cause the system to: 

     receive, from a user device, first behavioral biometric data indicative of a first current entry of primary authentication credentials on the user device, the primary authentication credentials being a username and password and the first behavioral biometric data comprising current typing time data indicative of a period of time taken for input of the first current entry of the primary authentication credentials into the user device; 
     compare the received first behavioral biometric data to a first user model, the first user model comprising first model time data, the first model time data being associated with the user device and a first credential entry method on the user device and being based at least in part on stored behavioral biometric data personalized to a user of the user device; 
     


     responsive to determining, based on the comparison, that a level of similarity between the received first behavioral biometric data and the stored behavioral biometric data of the first user model is at or above a first predetermined threshold corresponding to secondary authentication of entries of primary authentication credentials, determine that the first current entry of primary authentication credentials meets a secondary authentication requirement; 
     responsive to determining that the level of similarity is below the first predetermined threshold, initiate a secondary authentication method with the user of the user device; responsive to (i) the secondary authentication method being validated and (ii) determining that the level of similarity is below a second predetermined threshold that is less than the first predetermined threshold and indicates that the primary authentication credentials were entered via a second credential entry method different from the first credential entry method, associate the received first behavioral biometric data with a second user model associated with the second credential entry method, wherein one of the first and second credential entry methods is a manual credential entry method and the other of the first and second credential entry methods is an automatic entry method utilizing a password manager service; 
     associate the first user model and the second user model with the user device; 
     subsequent to receiving the first current entry of the primary authentication credentials, receive second behavioral biometric data indicative of a second current entry of the primary authentication credentials; 
     determine a first level of similarity based on a comparison of the received second behavioral biometric data to the first user model and a second level of similarity based on a comparison of the received second behavioral biometric data to the second user model; and 
     responsive to determining that the first and second levels of similarity are both below the second predetermined threshold, associate the received second behavioral biometric data with a third user model, the third user model being associated with a third credential entry method.


               Instant Application 
                  Patent 11,290,450
Claim 1:
     A system comprising: 
     one or more processors; and 
     memory having instructions stored thereon that, when executed by the one or more processors, cause the system to: 
          





















     receive behavioral biometric data from a user device, the behavioral biometric data being associated with an entry of primary authentication credentials on the user device; 


          
     compare the behavioral biometric data to a first user model associated with (i) the user device and (ii) a credential entry method on the user device, the first user model being based at least in part on stored behavioral biometric data personalized to a user associated with the user device; 
          initiate a secondary authentication method if a level of similarity between the behavioral biometric data and the stored behavioral biometric data of the first user model is less than a first predetermined threshold; and
         responsive to determining that the level of similarity is below the first predetermined threshold and a second predetermined threshold: 
               initiate the secondary authentication method; and 
              



     in response to the secondary authentication method being validated, associate the behavioral biometric data with a second user model.


Claim 1:
     A method comprising:
     



     receiving, from a user device, one or more submissions comprising (i) authentication credentials and (ii) scenario data comprising (a) device elevation data corresponding to a height of the user device relative a reference point and (b) device orientation data corresponding to a physical orientation of the user device, the scenario data being contemporaneously detected by one or more sensors of the user device along with a corresponding entry of the authentication credentials; 
     creating, based at least in part on the one or more submissions, one or more user models personalized to a user associated with the user device by: 
          determining, based at least in part on the scenario data, one or more use-poses of the user during entry of the authentication credentials, each use-pose corresponding to a full-body position of the user; 
and 
     associating each of the one or more user models with a use-pose of the user during entry of the authentication credentials; 
     receiving, from the user device, a current submission comprising (i) current authentication data indicative of a current entry of the authentication credentials and (ii) current scenario data comprising current device elevation data and current device orientation data; 
     for each of the one or more user models: 
          comparing the current submission to a corresponding user model of the one or more user models; and 
        

  
          determining a level of similarity between the current submission and the corresponding user model of the one or more user models; and 
     
          responsive to determining that the level of similarity is above a predetermined threshold, determining that the current submission meets a secondary authentication requirement.



Claim 2:
     The method of claim 1 further comprising, responsive to determining that at least one of each level of similarity is not above the predetermined threshold, transmitting, to the user device, a request for secondary authentication credentials.


Claim Rejections - 35 USC § 103
In the event the determination of the status of the application as subject to AIA  35 U.S.C. 102 and 103 (or as subject to pre-AIA  35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status.  
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.

Claims 1-3, 5-13 and 15-20 are rejected under 35 U.S.C. 103 as being unpatentable over Moritz (US Patent 9/185,095 B1-hereinafter Moritz) and in view of Yeom.
Regarding claim 1, Moritz discloses a system comprising: 
one or more processors (figure 7, element 710, column 23, lines 47-56, processor(s)); and 
memory having instructions stored thereon that, when executed by the one or more processors (figure 7, elements 720, 730 and 735, memory), cause the system to: 
receive behavioral biometric data from a user device, the behavioral biometric data being associated with an entry of primary authentication credentials on the user device (figure 5, step 10, column 7, lines 27-48, column 9, lines 25-46, user’s usage pattern, i.e.: information of a particular device and place in which a user logs in to a current session is received); 
compare the behavioral biometric data to a first user model associated with the user device, the first user model being based at least in part on stored behavioral biometric data personalized to a user associated with the user device (at least column 4, line 60-column 5, line 17; column 10, line 45-column 11, line 34; column 19, lines 12-26, comparing user’s usage pattern collected from current session to a pattern of a plurality of patterns stored from previous sessions); 
initiate a secondary authentication method if a level of similarity between the behavioral biometric data and the stored behavioral biometric data of the first user model is less than a first predetermined threshold (at least column 19, line 51-column 20, line 28, if variations identified is high, additional information is required from user); and 
responsive to determining that the level of similarity is below the first predetermined threshold and a second predetermined threshold (column 5, lines 18-28; column 9, line 58-column 10, line 3; column 19, line 51-column 20, line 28, if variations identified is high, and activity is below a reliable level/high risk): 
initiate the secondary authentication method (column 5, lines 18-28; column 9, line 58-column 10, line 3; column 19, line 51-column 20, line 28, additional informational is needed from the user); and 
in response to the secondary authentication method being validated, associate the behavioral biometric data with a second user model (at least column 7, lines 14-26; column 20, lines 24-35, user’s behavior pattern from current session is associated with a new user’s usage pattern created/generated.)
	Moritz does not explicitly disclose a credential entry method on the user device. 
	However, Yeom discloses a credential entry method on a user device ([0056]-[0069], password input condition.)
	Therefore, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to incorporate the features discloses by Yeom into the system of Moritz to enhance the security level of the system.

Regarding claim 2, Moritz and Yeom disclose the system of claim 1. Moritz also discloses  the second user model is (i) associated with the user device and (ii) separate and distinct from the first user model (at least column 7, lines 14-26; column 20, lines 24-35, user’s new usage pattern created/generated is different from those previously generated.)

Regarding claim 3, Moritz and Yeom disclose the system of claim 1. Moritz and Yeom also disclose the user device is a first user device (Moritz-column 9, lines 37-40, mobile device), the credential entry method is a first credential entry method (Yeom-at least [0056], i.e.: manual input in portrait mode), and the instructions, when executed by the one or more processors, further cause the system to identify the second user model as being associated with at least one from among: (i) the first user device and a second credential entry method that is different from the second credential entry method (Moritz-i.e.: column 9, lines 37-40, mobile device; Yeom-i.e.: [0057], grip state of electronic device.) 

Regarding claim 5, Moritz and Yeom disclose the system of claim 1. Moritz also discloses wherein comparing the behavioral biometric data to the first user model comprises comparing current typing time data of the behavioral biometric data to model time data of the first user model (at least column 7, lines 35-40, activities and times associated with the activities i.e.: input typing time.)

Regarding claim 6, Moritz and Yeom disclose the system of claim 1. Moritz and Yeom also disclose comparing the behavioral biometric data to the first user model comprises comparing scenario data of the behavioral biometric data to model scenario data of the first user model, the scenario data (i) comprising device elevation data and device orientation data and (ii) being contemporaneously detected by one or more sensors of the user device along with the entry of primary authentication credentials (Moritz-at least column 4, line 60-column 5, line 17; column 10, line 45-column 11, line 34; column 19, lines 12-26, comparing information collected from current session to information stored from previous sessions; Yeom-at least [0040][0069], movement (elevation) and rotation (orientation) data of electronic device are received at time when password is inputted.)

Regarding claim 7, Moritz and Yeom disclose the system of claim 1. Moritz and Yeom also disclose the instructions, when executed by the one or more processors, further cause the system to: determine that the entry of primary authentication credentials meets a secondary authentication requirement if the level of similarity between the behavioral biometric data and the stored behavioral biometric data of the first user model is greater than or equal to the first predetermined threshold (at least column 5, lines 18-28, column 19, line 62-column 20, line 6; column 22, lines 11-23, if variation in user usage pattern identified is small, user is allowed to proceed without having to provide additional information.)

Regarding claim 8, Moritz and Yeom disclose the system of claim 7. Moritz and Yeom also discloses the instructions, when executed by the one or more processors, further cause the system to: 
receive, from the user device, the primary authentication credentials (at least figure 5, step 510, column 7, lines 27-48; column 21, lines 25-46, user name and password for a current session are received from user’s mobile device); 
responsive to matching the primary authentication credentials to stored primary authentication credentials, determine that the user meets a primary authentication requirement (at least column 5, lines 18-28, column 19, line 62-column 20, line 6; column 22, lines 11-23, if variation identified is small, user is allowed to proceed without having to provide additional information); and 
responsive to determining that the entry of primary authentication credentials meets the primary authentication requirement and a secondary authentication requirement, provide access to user-accessible system resources (at least column 5, lines 18-28, column 19, line 62-column 20, line 6; column 22, lines 11-23, if variation identified is small, and activity is below a reliable level/high risk, user is allowed to proceed without having to provide additional information.)

Regarding claim 9, Moritz and Yeom disclose the system of claim 7. wherein the instructions, when executed by the one or more processors, further cause the system to: 
in response to the secondary authentication method being validated, determine that the entry of primary authentication credentials meets a secondary authentication requirement that level of similarity between the behavioral biometric data and the stored behavioral biometric data of the first user model is less than a first predetermined threshold(at least column 5, lines 18-28, column 19, line 62-column 20, line 6; column 22, lines 11-23, if variation identified is small, user is allowed to proceed without having to provide additional information.)
	
	Regarding claim 10, Moritz and Yeom disclose the system of claim 1. Moritz also discloses the behavioral biometric data comprises device identification data, and the instructions, when executed by the one or more processors, further cause the system to, identify, based on the behavioral biometric data, the user device from a plurality of user devices associated with the user (at least column 10, lines 4-9, i.e.: identify user device based on device identification or phone number.)

	Claim 11 is rejected for the same rationale as claim 1 above.
Claim 12 is rejected for the same rationale as claim 2 above.
Claim 13 is rejected for the same rationale as claim 3 above.
Claim 15 is rejected for the same rationale as claim 5 above.
Claim 16 is rejected for the same rationale as claim 6 above.
Claim 17 is rejected for the same rationale as claim 7 above.
Claim 18 is rejected for the same rationale as claim 8 above.
Claim 19 is rejected for the same rationale as claim 9 above.
Claim 20 is rejected for the same rationale as claim 10 above.

Claims 4 & 14 are rejected under 35 U.S.C. 103 as being unpatentable over Moritz, Yeom and further in view of Lurey et al. (US 2014/0157390 A1-hereinafter Lurey.)
Regarding claim 4, Moritz and Yeom disclose the system of claim 3.  Moritz and Yeom also discloses one of the first and second credential entry methods is a manual credential entry method (Moritz-column 9, lines 32-36, user name and password are entered manually; Yeom-[0085], password is manually inputted.)
Moritz and Yeom do not explicitly disclose the other of the first and second credential entry methods is an automatic entry method utilizing a password manager service.
However, Lurey discloses a credential entry method is an auto-fill to fill in password (figure 23D, [0148].)
	Therefore, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to include the feature discloses by Lurey into the system of Moritz and Yeom to add another criteria of biometric behavioral of users to the system.

Claim 14 is rejected for the same rationale as claim 4 above.

Conclusion
Any inquiry concerning this communication or earlier communications from the examiner should be directed to PHY ANH TRAN VU whose telephone number is (571)270-7317. The examiner can normally be reached Monday-Friday 7 am-1 pm.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Taghi T Arani can be reached on (571) 272-3787. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. Visit https://www.uspto.gov/patents/apply/patent-center for more information about Patent Center and https://www.uspto.gov/patents/docx for information about filing in DOCX format. For additional questions, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.





/PHY ANH T VU/Primary Examiner, Art Unit 2438