Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .

This action is in response to the claims filed 6/17/2021.  Claims 1-20 are pending.  Of such, claims 1 (a method), 12 (a machine), and 18 (a non-transitory CRM) are independent.

Double Patenting
The nonstatutory double patenting rejection is based on a judicially created doctrine grounded in public policy (a policy reflected in the statute) so as to prevent the unjustified or improper timewise extension of the “right to exclude” granted by a patent and to prevent possible harassment by multiple assignees. A nonstatutory double patenting rejection is appropriate where the conflicting claims are not identical, but at least one examined application claim is not patentably distinct from the reference claim(s) because the examined application claim is either anticipated by, or would have been obvious over, the reference claim(s). See, e.g., In re Berg, 140 F.3d 1428, 46 USPQ2d 1226 (Fed. Cir. 1998); In re Goodman, 11 F.3d 1046, 29 USPQ2d 2010 (Fed. Cir. 1993); In re Longi, 759 F.2d 887, 225 USPQ 645 (Fed. Cir. 1985); In re Van Ornum, 686 F.2d 937, 214 USPQ 761 (CCPA 1982); In re Vogel, 422 F.2d 438, 164 USPQ 619 (CCPA 1970); In re Thorington, 418 F.2d 528, 163 USPQ 644 (CCPA 1969).
A timely filed terminal disclaimer in compliance with 37 CFR 1.321(c) or 1.321(d) may be used to overcome an actual or provisional rejection based on nonstatutory double patenting provided the reference application or patent either is shown to be commonly owned with the examined application, or claims an invention made as a result of activities undertaken within the scope of a joint research agreement. See MPEP § 717.02 for applications subject to examination under the first inventor to file provisions of the AIA  as explained in MPEP § 2159. See MPEP § 2146 et seq. for applications not subject to examination under the first inventor to file provisions of the AIA . A terminal disclaimer must be signed in compliance with 37 CFR 1.321(b). 
The USPTO Internet website contains terminal disclaimer forms which may be used. Please visit www.uspto.gov/patent/patents-forms. The filing date of the application in which the form is filed determines what form (e.g., PTO/SB/25, PTO/SB/26, PTO/AIA /25, or PTO/AIA /26) should be used. A web-based eTerminal Disclaimer may be filled out completely online using web-screens. An eTerminal Disclaimer that meets all requirements is auto-processed and approved immediately upon submission. For more information about eTerminal Disclaimers, refer to www.uspto.gov/patents/process/file/efs/guidance/eTD-info-I.jsp.
Claims 1-20 are rejected on the ground of nonstatutory double patenting as being unpatentable over claims 1-20 of U.S. Patent No. 11,122,045. Although the claims at issue are not identical, they are not patentably distinct from each other because the presently presented claims (1-18) are broader than their counterparts (1-18) in ‘045 and are anticipated thereby. Note that presently presented claims 19 and 20 are analogous to claim 20 of ‘045.


Claims 1-20 are rejected on the ground of nonstatutory double patenting as being unpatentable over claims 1-20 of U.S. Patent No. 10,356,096 in view of Kirsch (US 2013/0246280. 
The presently presented claims (1-18) are broader than their counterparts (1-18) in ‘045. Note that presently presented claims 19 and 20 are analogous to claim 20 of ‘045.  However, the claims of ‘096 do not require the limitation recited in independent claims 1, 12 and 18: “generating, by the first system, a time duration for the credential to be input into the user premises equipment.”

Kirsch discloses:
generating, by the first system, a time duration for the credential to be input into the user premises equipment.
(“transactions may use a varying “Level of Assurance” (LoA) mode. In one embodiment, four modes are supported: disabled, enabled with no security, password with a timeout, and out-of-band (OOB) authorization required with an optional PIN and timeout…. a PIN should be entered on the control device 110 within a time period, such as 5 minutes.” Kirsch ¶ 52)

A person of ordinary skill in the art before the effective filing date of the claimed invention would have modified the claims 1, 12, and 18 of ‘096 by including a timeout in the prompt request of ‘096. A person of ordinary skill in the art would have recognized the prompt timeout to be an obvious variant of claims 1, 12, and 18, because password timeouts are common and are taught in the art to increase security.

Claim Rejections - 35 USC § 103
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.

Claim(s) 1, 5-9, 12, and 16-20 is/are rejected under 35 U.S.C. 103 as being unpatentable over Faibish et al., US 8,955,076 (filed 2012-12), in view of Raounak US 2015/0256973 (filed 2014-03).

As to claims 1, 12, and 18 Faibish discloses a method/machine/CRM comprising:
receiving, by a first system comprising a processor, an unlock request (“any failed authentication attempt may be followed by a subsequent authentication operation (i.e., a retry), a lockout (e.g., after a set number of failed authentication attempts), and alert, and so on. In some arrangements, after a failed authentication attempt, the user is provided with a more difficult challenge (i.e., step up authentication).” Faibish col. 3, ln. 50) that was transmitted by a second system in response to a condition in which a user identity has been denied access to the second system for a period based on repeated unsuccessful attempts to access the second system using login information associated with the user identity; (“a lockout (e.g., after a set number of failed authentication attempts)” Faibish col. 3, ln. 50)
based on receipt of the unlock request, (“If user is in the user database, the resource server 26 returns a challenge message 112.” Fabish col. 7, ln. 46) sending, by the first system, (“Upon receipt of the challenge message 112 from the resource server 26, the resource accessing device 22 then sends a permission request 120 to the access control device 24.” Faibish col. 7, ln. 49. “The resource accessing device 22 and the access control device 24 are intended to be in the possession of a single user” Faibish col. 4, l. 63) a prompt for a credential displayed on (“the user manually provides input into the user interface 62 of the access control device 24. This input may include a passcode, e.g., the user may re-enter the same passcode that the user entered to unlock the access control device 24, or a new passcode. Alternatively, the user may provide biometric input, e.g., a fingerprint scan, a facial scan, a retina scan, a voice scan, etc.” Faibish col. 8, ln. 6) a user premises equipment (the access control device)
…
receiving, by the first system from the user premises equipment, the credential that was input into the user premises equipment (“the access control device 24 may send the answer to the user challenge back to the resource server 26 in a manner which is out of band with the resource accessing device 22” Faibish col. 8, ln. 34) …
comparing, by the first system, the credential with a stored credential obtained prior to receipt of the credential; and (“the resource server 26 simply compares the received answer to an expected answer (e.g., single factor authentication, multi-factor authentication, etc.).” Faibish col. 8, ln. 40)
in response to the credential being determined to match the stored credential, transmitting, by the first system, an authentication verification to the second system enabling the access to the second system. (“If the result of the authentication operation indicates successful authentication, the user is considered legitimate and the resource server 26 provides the resource accessing device 22 with access to the protected resource 28.” Faibish col. 8, ln. 57)

Faibish does not disclose:
located within a premises associated with the user identity;
generating, by the first system, a time duration for the credential to be input into the user premises equipment; 
within the time duration;

Raounak discloses:
located within a premises associated with the user identity; (“The trusted device 135 is associated with one or more user accounts, and may be used to assist in a multi-step authentication process by providing another authentication factor and/or to respond to an acknowledgment request. The trusted device 135 …, a home- or vehicle-installed computer,” Raounak ¶ 26. “Location B may be provided by the trusted device itself or any other network element that maintains a record of the location of the trusted device.” Raounak ¶ 38)
generating, by the first system, a time duration for the credential to be input into the user premises equipment; (“If the user of the at least one trusted device does not respond within a pre-determined period of time, the request may time out. This may happen because a user fails to respond to the acknowledgment request in time, due to network delay, or due to network disconnection of the trusted or other device. If the acknowledgment request times out, the access request may fail, though access requests may be reattempted.” Raounak ¶ 50)
within the time duration; (“If the acknowledgment request times out, the access request may fail, though access requests may be reattempted.” Raounak ¶ 50)

A person of ordinary skill in the art before the effective filing date of the claimed invention would have combined Faibish with Raounak by utilizing a location-based authentication with a home installed computer of Raounak to implement the access control device of Faibish.  It would have been obvious to a person of ordinary skill in the art before the effective filing date of the claimed invention to combine Faibish with Raounak in order to assess the trustworthiness of the devices based on the location, thereby helping to prevent bots or spoofing attacks within the system. 

With respect to claims 12 and 18, Faibish contemplates that the user devices may be comprised with memory storing instructions that are to be executed in a processor, see Faibish col. 6, ll. 14-66.  However, Faibish in view of Raounak does not describe that the authentication server 42 and resource server 26 may similarly be comprised of a processor and memory storing instructions. 
	A person of ordinary skill in the art before the effective filing date of the claimed invention would have further modified Faibish in view of Raounak with the description of Faibish col. 6 by providing physical authentication and resource servers that comprise a processor and memory storing instructions.  It would have been obvious to a person of ordinary skill in the art before the effective filing date of the claimed invention to provide for servers comprising a processor and a memory storing instructions as such elements are ordinary and necessary to implement the disclosed system of Faibish.

As to claims 5 and 16, Faibish in view of Raounak disclose the method/machine of claims 1 and 12 and further discloses:
wherein the credential comprises a picture associated with the user identity, and wherein the picture is taken by a camera associated with the user premises equipment.
(“the user manually provides input into the user interface 62 of the access control device 24. This input may include a passcode, e.g., the user may re-enter the same passcode that the user entered to unlock the access control device 24, or a new passcode. Alternatively, the user may provide biometric input, e.g., a fingerprint scan, a facial scan, a retina scan, a voice scan, etc.” Faibish col. 8, ln. 6. The element that samples the user’s face or retina is a camera.)

As to claims 6, 17, and 19, Faibish in view of Raounak disclose the method/machine/CRM of claims 1, 12, and 18 and further discloses:
wherein the credential comprises a biometric credential associated with the user identity, and wherein the biometric credential is input via a biometric reader associated with the user premises equipment.
(“the user manually provides input into the user interface 62 of the access control device 24. This input may include a passcode, e.g., the user may re-enter the same passcode that the user entered to unlock the access control device 24, or a new passcode. Alternatively, the user may provide biometric input, e.g., a fingerprint scan, a facial scan, a retina scan, a voice scan, etc.” Faibish col. 8, ln. 6. The element that samples the user’s biometric is a biometric reader.)

As to claim 7, Faibish in view of Raounak disclose the method of claim 1 and further discloses:
wherein the credential is a fingerprint relating to a finger associated with the user identity.
(“the user manually provides input into the user interface 62 of the access control device 24. This input may include a passcode, e.g., the user may re-enter the same passcode that the user entered to unlock the access control device 24, or a new passcode. Alternatively, the user may provide biometric input, e.g., a fingerprint scan, a facial scan, a retina scan, a voice scan, etc.” Faibish col. 8, ln. 6. The element that samples the user’s biometric is a biometric reader.)

As to claim 8, Faibish in view of Raounak disclose the method of claim 1 and further discloses:
 wherein the credential is a voice print relating to speech associated with the user identity. (“the user manually provides input into the user interface 62 of the access control device 24. This input may include a passcode, e.g., the user may re-enter the same passcode that the user entered to unlock the access control device 24, or a new passcode. Alternatively, the user may provide biometric input, e.g., a fingerprint scan, a facial scan, a retina scan, a voice scan, etc.” Faibish col. 8, ln. 6. The element that samples the user’s biometric is a biometric reader.)

As to claim 9, Faibish in view of Raounak disclose the method of claim 1 and further discloses:
wherein the credential is a retinal scan relating to an eye associated with the user identity.
(“e.g., a fingerprint scan, a facial scan, a retina scan, a voice scan, etc.” Faibish col. 8, ln. 11.)

As to claim 20, Faibish in view of Raounak discloses the CRM of claim 18 and further discloses: 
wherein the second credential comprises a biometric credential associated with the user identity. (“the user manually provides input into the user interface 62 of the access control device 24. This input may include a passcode, e.g., the user may re-enter the same passcode that the user entered to unlock the access control device 24, or a new passcode. Alternatively, the user may provide biometric input, e.g., a fingerprint scan, a facial scan, a retina scan, a voice scan, etc.” Faibish col. 8, ln. 6. The element that samples the user’s biometric is a biometric reader.)




Claim(s) 2-4, and 13-15 is/are rejected under 35 U.S.C. 103 as being unpatentable over Faibish et al., US 8,955,076 (filed 2012-12), in view of Raounak US 2015/0256973 (filed 2014-03), and Karp et al., US 2017/0192402 (filed 2016-12).
As to claims 2 and 13, Faibish in view of Raounak disclose the method/machine of claims 1 and 12 but does not disclose:
wherein the user premises equipment monitors and controls a lighting equipment in the premises.

Karp discloses:
wherein the user premises equipment monitors and controls a lighting equipment in the premises.
(“mobile devices 1328 and/or applications that have access to and control of the automation system 1320 may change the thermostat 10A settings (mode, temperature) and change the settings of the smart devices 10A and 10B to either “AWAY” or “HOME” mode. The user may adjust the thermostat 10A with the mobile devices 1328 remotely from the structure in which the thermostat 10A is located over a wireless or wired communication network. In some embodiments, the mobile devices 1328 may include a smart phone, tablet, laptop, remote controller, computer, vehicle based computer system, and so forth…. smart lights 1322, the smart shades 1326” Karp ¶ 442. See also Karp ¶ 444: “electronic device (mobile device, tablet, etc.) with a touch-screen that may be handheld, disposed on a wall or a surface, and so forth.”) 

	A person of ordinary skill in the art before the effective filing date of the claimed invention would have modified Faibish in view of Raounak with Karp by including the smart home components of Karp with the home based computer of Faibish in view of Raounak.  It would have been obvious to a person of ordinary skill in the art before the effective filing date of the claimed invention to modify Faibish in view of Raounak with Karp in order to provide home automation features allowing users to control smart devices within the premises (Karp ¶ 166) providing convenience and automation in the control of the smart appliances within the home using their home computers; thereby providing convenience to the residents of the home.


As to claims 3 and 14, Faibish in view of Raounak disclose the method/machine of claims 1 and 12 but does not disclose:
wherein the user premises equipment monitors and controls a parameter of a security equipment of a physical security network of the premises.

Karp discloses: wherein the user premises equipment monitors and controls a parameter of a security equipment of a physical security network of the premises.
 (“perform “away” functionalities or that otherwise are desirable to be active when the home is unoccupied (hereinafter “away-service robots”). Included in the embodiments are methods and systems for ensuring that home security systems, intrusion detection systems, and/or occupancy-sensitive environmental control systems (for example, occupancy-sensitive automated setback thermostats that enter into a lower-energy-using condition when the home is unoccupied) are not erroneously triggered by the away-service robots.” Karp ¶ 121. See Karp ¶¶ 442 and 444 for control of away mode.)
 
	A person of ordinary skill in the art before the effective filing date of the claimed invention would have modified Faibish in view of Raounak with Karp by including the smart home components of Karp with the home based computer of Faibish in view of Raounak.  It would have been obvious to a person of ordinary skill in the art before the effective filing date of the claimed invention to modify Faibish in view of Raounak with Karp in order to provide home automation features allowing users to control smart devices within the premises (Karp ¶ 166) providing convenience and automation in the control of the smart appliances within the home using their home computers; thereby providing convenience to the residents of the home and also providing for home security to monitor the premises when the user is away.

As to claims 4 and 15, Faibish in view of Raounak disclose the method/machine of claims 1 and 12 but does not disclose:
wherein the user premises equipment monitors and controls a temperature in the premises.

Karp discloses: wherein the user premises device monitors and controls a temperature in the premises. (“The smart thermostat 10A and/or detector 10B may include a basic set of identifying information, such as: a user-defined device name, physical location in the structure, locale, software version and containing structure. The data model also exposes thermostat capabilities, such as whether the HVAC system can heat or cool, or has a fan. Further, the thermostat 10A may include three states related to presence: home, away or auto-away. In some embodiments” Karp ¶ 159. Also Karp ¶ 214, thermostat data. See Karp ¶¶ 442 and 444 for control of away mode.)

	A person of ordinary skill in the art before the effective filing date of the claimed invention would have modified Faibish in view of Raounak with Karp by including the smart home components of Karp with the home based computer of Faibish in view of Raounak.  It would have been obvious to a person of ordinary skill in the art before the effective filing date of the claimed invention to modify Faibish in view of Raounak with Karp in order to provide home automation features allowing users to control smart devices within the premises (Karp ¶ 166) providing convenience and automation in the control of the smart appliances within the home using their home computers; thereby providing convenience to the residents of the home.


Claims 10 and 11 is/are rejected under 35 U.S.C. 103 as being unpatentable over Faibish et al., US 8,955,076 (filed 2012-12), in view of Raounak US 2015/0256973 (filed 2014-03), and French et al., US 2001/0001877 (filed 1999-05).
As to claim 10, Faibish in view of Raounak discloses the method of claim 1 but does not disclose: 
wherein the credential comprises an iris image relating to an eye associated with the user identity.

French discloses: 
wherein the credential comprises an iris image relating to an eye associated with the user identity. (“Biometric data may be employed either alone or in combination with the above preprocessing as well as subsequent authentication levels to ensure the identity of a user. That biometric data may include, for example, fingerprint information from the user, captured in analog or digital form, for instance, via an imprint peripheral connected to client 110. Biometric data may also include infrared or other retinal or iris scans, or finger or hand geometry matches.” French ¶ 131)

A person of ordinary skill in the art before the effective filing date of the claimed invention would have utilized the iris scan of French ¶ 131 as an alternative to the listed biometric types of Faibish col. 8, ln. 11.  It would have been obvious to a person of ordinary skill in the art before the effective filing date of the claimed invention to use the iris scan as an alternative to the biometrics of Faibish because Raounak discloses that an iris scan was a known alternative to the retina scan.
Thus, it would have been obvious to modify Faibish in view of Raounak with French as a simple substitution of one known element for another to obtain predictable results, MPEP 2143(I)(B).
The prior art (Faibish in view of Raounak) contained the base method of claim 6 but differs from claim 10 in that it does not disclose an iris scan.
The substitutability of the iris scan was known in the art as evidenced by French ¶ 131.
A person of ordinary skill in the art could have substituted one biometric authentication type for another as evidenced by Faibish col. 8, ln. 11 and French ¶ 131, which mutually describe multiple biometric authentication alternatives. 

As to claim 11, Faibish in view of Raounak discloses the method of claim 1 but does not disclose: 
wherein the credential is a hand geometry measurement relating to a hand associated with the user identity.

French discloses: 
wherein the credential is a hand geometry measurement relating to a hand associated with the user identity. (“Biometric data may be employed either alone or in combination with the above preprocessing as well as subsequent authentication levels to ensure the identity of a user. That biometric data may include, for example, fingerprint information from the user, captured in analog or digital form, for instance, via an imprint peripheral connected to client 110. Biometric data may also include infrared or other retinal or iris scans, or finger or hand geometry matches.” French ¶ 131)

A person of ordinary skill in the art before the effective filing date of the claimed invention would have combined Faibish in view of Raounak with French by utilizing the hand geometry of French ¶ 131 as an alternative to the listed biometric types of Faibish col. 8, ln. 6.  It would have been obvious to a person of ordinary skill in the art before the effective filing date of the claimed invention to use the hand geometry as an alternative to the biometrics of Faibish because French discloses that an iris scan was a known alternative to the retina scan.
Thus, it would have been obvious to modify Faibish in view of Raounak with French as a simple substitution of one known element for another to obtain predictable results, MPEP 2143(I)(B).
The prior art (Faibish in view of Raounak) contained the base method of claim 6 but differs from claim 10 in that it does not disclose a hand geometry.
The substitutability of the iris scan was known in the art as evidenced by French ¶ 131.
A person of ordinary skill in the art could have substituted one biometric authentication type for another as evidenced by Faibish col. 8, ln. 6 and French ¶ 131, which mutually describe multiple biometric authentication alternatives. 

Conclusion
The prior art made of record and not relied upon is considered pertinent to applicant's disclosure. See PTO-892, particularly:
Headley et al., US 2009/0288148, discloses multi-channel multi-factor authentication. 
Ziraknejad et al., US 10,231,128, discloses a proximity-based access system that utilizes the proximity of a cellphone to authenticate a home automation device. 
Katz et al., US 2003/0061503, discloses and authentication timer for placing a maximal time limit on authentication. 

Any inquiry concerning this communication or earlier communications from the examiner should be directed to MICHAEL W CHAO whose telephone number is (571)272-5165. The examiner can normally be reached M, W-F 8-5.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Saleh Najjar can be reached on (571) 272-4006. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. Visit https://www.uspto.gov/patents/apply/patent-center for more information about Patent Center and https://www.uspto.gov/patents/docx for information about filing in DOCX format. For additional questions, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.





/MICHAEL W CHAO/           Examiner, Art Unit 2492