Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .

DETAILED ACTION
This Office Action is in response to the amendment filed on 08/01/2022. In the instant amendment, claims 1, 4, 8 and 15 were amended; claims 1, 8 and 15 are independent claims. Claims 1-16 are pending in this application. THIS ACTION IS MADE FINAL. 

Response to Arguments
The 35 U.S.C. 101 rejection to claim 8-14 have been withdrawn per applicant’s amendment filed on 08/01/2022. 
Applicant’s arguments in the instant Amendment, filed on 08/01/2022 with respect to the limitations below, have been fully considered but they are not persuasive. 
Applicant argues that on (pages 8-10): that Birgisson fails to disclose “wherein the one or more communication devices apply one or more requests to perform one or more offline interactions to the one or more local authentication models to determine an authentication result for one or more requests.” 
The Examiner respectfully disagrees with the applicant’s arguments because Birgisson discloses a local device token and local access tokens and sending these tokens to one or more devices (See Birgisson, [0004], [0005], [0069]). An access request is received from the client device and either granting access or not granting access (see Birgisson, FIG 3, [0057], [0082]-[0083]). FIG 5 and paragraph [0127] describes granting access based on the local token and Birgisson discloses putting restrictions on access and restrictions on off-line usage (see Birgisson, [0133], [0075], [0077]). 
Applicant’s arguments with respect to claim(s) 1, 8 and 15 with regard to the limitation “wherein the one or more location authentication models are stored on one or more communication devices,” have been considered but are moot because the new ground of rejection does not rely on any reference applied in the prior rejection of record for any teaching or matter specifically challenged in the argument.
Applicant's arguments (page 102): Additionally, as to dependent claims 2-7, 9-14 and 16 the Applicant argues that the claims are dependent directly
or indirectly from a respective one of claims of independent claims 1, 8 and 15 
and are therefore distinguished from the cited art at least by virtue or
allowable at least based on their additionally recited patentable subject matter.
The Examiner respectfully submits that the dependent claims 2-7, 9-14 and 16 are rejected at least based on the rationale and response presented to the argument for their respective base claims, and response presented to the argument for their respective base claims, and the reference applied to the claims 2-7, 9-14 and 16.  Therefore, in view of the above reasons, the Examiner maintains the rejection with the cited prior art.
Claim Rejections - 35 USC § 103
In the event the determination of the status of the application as subject to AIA  35 U.S.C. 102 and 103 (or as subject to pre-AIA  35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status.  
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.


Claim(s) 1, 8 and 15-16 are rejected under 35 U.S.C. 103 as being unpatentable over Birgisson et al (“Birgisson,” US 20170223005) in view of Kumar et al (“Kumar,” “Delegation-Based Robust Authentication Model for Wireless Roaming Using Portable Communication Devices,” IEEE Transactions on Consumer Electronics, Vol. 60, No. 4, November 2014, Pages 668-674) and further in view of Blessing et al (“Blessing,” EP 2515497). 

Regarding claim 1, Birgisson discloses a method comprising:
receiving, by a first communication device, a first local authentication
model, the first local authentication model being derived from a master
authentication model at a remote server computer; (Birgisson, [0026], [0035]-[0036], [0052]-[0053], [0132], [0005] describes receiving, by a first communication device, a first local authentication model, the token [first local authentication model] being derived from a master token [master authentication model] at a remote server computer)
receiving, by the first communication device, a request to perform an
interaction with a second communication device, the interaction being performed
in an offline manner; (Birgisson, [0082]-[0083], [0105]-[0106], [0113]; [0075], [0077], [0087], [0096], [0100], [0125], [0133] describes receiving, by the first communication device, a request to perform an interaction with a second communication device, the interaction being performed in an offline manner)
applying, by the first communication device, the stored first local authentication model to the interaction to determine a first authentication result; (Birgisson, [0053], [0073], [0082]-[0084], [0108] describes applying, by the first communication device, the stored first [token] local authentication model to the interaction to determine a first authentication result)
determining, by the first communication device, whether or not to allow the interaction to proceed based upon the first authentication result; (Birgisson, [0053], [0073], [0082]-[0084], [0108], [0131] describes determining, by the first communication device, whether or not to allow the interaction to proceed based upon the first authentication result) and
Birgisson fails to explicitly disclose storing, on the first communication device, the received first local authentication model
However, in an analogous art, Kumar discloses storing, on the first communication device, the received first local authentication model (Kumar, Pages 670-671, Under Section III. Proposed Robust Authentication Model, Subsection A. System Setup Phase, Step 2 describes storing on the Mobile Device (MD) SIM card, the received first token [local authentication model]; also see Abstract). 
Therefore, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to combine the teachings of Kumar with the method/system of Birgisson to include storing, on the first communication device, the received first local authentication model. One would have been motivated to provide strong security to delegation-based protocols and to mitigate mobile devices risks (Kumar, Page 670, Under Heading Proposed Robust Authentication Model)
Birgisson and Kumar fail to explicitly disclose updating, by the first communication device, the first local authentication model using the master authentication model when the first communication device is online.
However, in an analogous art, Blessing discloses updating, by the first communication device, the first local authentication model using the master authentication model when the first communication device is online, (Blessing, [0061] and claim 1 describes updating, by the first communication device, the first local authentication model using the master authentication model when the first communication device is online)
Therefore, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to combine the teachings of Kumar with the method/system of Birgisson to include updating, by the first communication device, the first local authentication model using the master authentication model when the first communication device is online. One would have been motivated to download a new status from the authentication server before the stored trust level has decayed and the service barred (Blessing, [0061 & Claim 1).  

Regarding claim 8, Birgisson discloses a first communication device comprising:
a processor including a memory; (Birgisson, [0006], processor; [0055], memory)
a communication interface; (Birgisson, [0094], [0099], interface) and
a non-transitory computer-readable medium storing instructions
executable by the processor, (Birgisson, [0055], memory; [0006], processor) the instructions including a method comprising: 
receiving a first local authentication model, the first local authentication model being derived from a master authentication model at a remote server computer; (Birgisson, [0026], [0035]-[0036], [0052]-[0053], [0132], [0005] describes receiving, by a first communication device, a first token [local authentication model], the first token [local authentication model] being derived from a master token [master authentication model] at a remote server computer)
receiving a request to perform an interaction with a second communication device, the interaction being performed in an offline manner; (Birgisson, [0082]-[0083], [0105]-[0106], [0113]; [0075], [0077], [0087], [0096], [0100], [0125], [0133] describes storing, on the first communication device, the received first [token] local authentication model receiving a request to perform an interaction with a second communication device, the interaction being performed in an offline manner)
applying the stored first local authentication model to the interaction to determine a first authentication result; (Birgisson, [0053], [0073], [0082]-[0084], [0108] describes applying, by the first communication device, the stored first token [local authentication model] to the interaction to determine a first authentication result)
determining whether or not to allow the interaction to proceed based upon the first authentication result; and (Birgisson, [0053], [0073], [0082]-[0084], [0108], [0131] describes determining, by the first communication device, whether or not to allow the interaction to proceed based upon the first authentication result)
Birgisson fails to explicitly disclose storing, on the first communication device, the received first local authentication model. 
However, in an analogous art, Kumar discloses storing, on the first communication device, the received first local authentication model, (Kumar, Pages 670-671, Under Section III. Proposed Robust Authentication Model, Subsection A. System Setup Phase, Step 2 describes storing on the Mobile Device (MD) SIM card, the received first token [local authentication model]; also see Abstract).
	Therefore, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to combine the teachings of Kumar with the method/system of Birgisson to include storing, on the first communication device, the received first local authentication model. One would have been motivated to provide strong security to delegation-based protocols and to mitigate mobile devices risks (Kumar, Page 670, Under Heading Proposed Robust Authentication Model)
Birgisson and Kumar fails to explicitly disclose updating the first local authentication model using the master authentication model when the communication device is online, 
However, in an analogous art, Blessing discloses updating the first local authentication model using the master authentication model when the communication device is online, (Blessing, [0061] and claim 1 describes updating, by the first communication device, the first local authentication model using the master authentication model when the first communication device is online)
	Therefore, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to combine the teachings of Blessing with the method/system of Birgisson and Kumar to include updating the first local authentication model using the master authentication model when the communication device is online. One would have been motivated to download a new status from the authentication server before the stored trust level has decayed and the service barred (Blessing, [0061 & Claim 1).  

Regarding claim 15, Birgisson discloses a method comprising:
receiving, by a server computer, data for a plurality of requests to perform
a plurality of interactions generated at a plurality of communication devices; (Birgisson, FIG’s 2, 4 and 6 and associated text; [0053] & [0058] describes receiving, by a server computer, data for a plurality of requests to perform a plurality of interactions generated at a plurality of communication devices)
generating, by the server computer, a master authentication model based
on the data for the plurality of requests to perform the plurality of interactions; (Birgisson, [0004], [0058], describes generating, by the server computer, a master token [master authentication model] based on the data for the plurality of requests to perform the plurality of interactions) 
deriving, by the server computer, one or more local authentication models
from the master authentication model; and (Birgisson, [0005], describes deriving, by the server computer, one or more token(s) [local authentication models] from the master token [master authentication model]) 
distributing, by the server computer, the one or more local authentication
models to one or more communication devices, (Birgisson, FIG’s 1, 3 & 6; [0105]-[0106], [0113]; [0075], [0077], [0096], [0100], [0125], [0133] describes distributing, by the server computer, the one or more token(s) [local authentication models] to one or more communication devices)
wherein the one or more communication devices apply one or more requests to
perform one or more offline interactions to the one or more local authentication
models to determine an authentication result for the one or more requests; (Birgisson, [0082]-[0083], [0105]-[0106], [0113]; [0075], [0077], [0087], [0096], [0100], [0125], [0133]; [0053], [0073], [0082]-[0084], [0108]; [0053], [0073], [0082]-[0084], [0108], [0131 describes wherein the one or more communication devices apply one or more requests to perform one or more offline interactions to the one or more token(s) [local authentication models] to determine an authentication result for the one or more requests)
	Birgisson fails to explicitly disclose wherein the one or more location
authentication models are stored on the one or more communication devices,
	However, in an analogous art, Kumar discloses wherein the one or more location
authentication models are stored on the one or more communication devices, (Kumar, Pages 670-671, Under Section III. Proposed Robust Authentication Model, Subsection A. System Setup Phase, Step 2 describes storing on the Mobile Device (MD) SIM card, the received first token [local authentication model]; also see Abstract).
Therefore, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to combine the teachings of Kumar with the method/system of Birgisson to include wherein the one or more location authentication models are stored on the one or more communication devices. One would have been motivated to provide strong security to delegation-based protocols and to mitigate mobile devices risks (Kumar, Page 670, Under Heading Proposed Robust Authentication Model)

Regarding claim 16, Birgisson and Kumar disclose the method of claim 15. 
Birgisson further discloses  further comprising: receiving, by the server computer, data relating to the one or more requests to perform the one or more offline interactions; (Birgisson, [0082]-[0083], [0105]-[0106], [0113]; [0075]; [0087], [0096], [0100], [0133] describe further comprising: receiving, by the server computer, data relating to the one or more requests to perform the one or more offline interactions)
updating, by the server computer, the master authentication model based on the data relating to the one or more requests to perform the one or more offline interactions to generate an updated master authentication model; (Birgisson, FIG 3 and associated text describes updating, by the server computer, the master token [master authentication model] based on the data relating to the one or more requests to perform the one or more offline interactions to generate an updated master token [master authentication model])
deriving, by the server computer, one or more updated local authentication models from the updated master authentication model; (Birgisson, [0005] describes deriving, by the server computer, one or more updated token(s) [local authentication models] from the updated master token [master authentication model])
and  distributing, by the server computer, the one or more local authentication models to the one or more communication devices, wherein the one or more communication devices apply one or more additional requests to perform one or more additional offline interactions to the one or more updated local authentication models to determine authentication results for each of the one or more additional requests, (Birgisson, FIG 3, associated text; [0075], [0077], [0087], [0096], [0100], [0125], [0133] describe and  distributing, by the server computer, the one or more local authentication models to the one or more communication devices, wherein the one or more communication devices apply one or more additional requests to perform one or more additional offline interactions to the one or more updated token(s) [local authentication models] to determine authentication results for each of the one or more additional requests)




Claim(s) 2-3 and 9-10 are rejected under 35 U.S.C. 103 as being unpatentable over Birgisson et al (“Birgisson,” US 20170223005), Kumar et al (“Kumar,” “Delegation-Based Robust Authentication Model for Wireless Roaming Using Portable Communication Devices,” IEEE Transactions on Consumer Electronics, Vol. 60, No. 4, November 2014, Pages 668-674) and in view of Blessing et al (“Blessing,” EP 2515497) and further in view of Han et al (“Han,” US 10366378). 

Regarding claim 2, Birgisson, Kumar and Blessing disclose the method of claim 1. 
Birgisson, Kumar and Blessing fail to explicitly disclose wherein determining
whether or not to allow the interaction to proceed based on the first authentication
result comprises: detecting one or more anomalies associated with the interaction;
initiating a risk analysis based on the anomalies to determine a risk score
for the interaction; and determining an appropriate action relating to the risk score.
However, in an analogous art, Han discloses wherein determining
whether or not to allow the interaction to proceed based on the first authentication
result comprises: detecting one or more anomalies associated with the interaction; (Han, Col. 5, Lines 50-55; Col. 20, Lines 31-34 describes detecting one or more anomalies associated with the interaction)
initiating a risk analysis based on the anomalies to determine a risk score
for the interaction; (Han, Col. 5, Lines 29-33; Col. 24, Lines 17-30 describes initiating a risk analysis based on the anomalies to determine a risk score
for the interaction) and 
determining an appropriate action relating to the risk score, (Han, Col. 24, Lines 31-45, describes determining an appropriate action relating to the risk score)
Therefore, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to combine the teachings of Han with the method/system of Birgisson, Kumar and Blessing to include wherein determining whether or not to allow the interaction to proceed based on the first authentication result comprises: detecting one or more anomalies associated with the interaction; initiating a risk analysis based on the anomalies to determine a risk score for the interaction; and determining an appropriate action relating to the risk score. One would have been motivated to capture and process payments in an offline mode (Han, Col. 2, Lines 39-46). 

Regarding claim 3, Birgisson, Kumar, Blessing and Han disclose the method of claim 2.
Birgisson further discloses wherein the appropriate action relating to the risk score comprises restricting offline access to one or more applications of the first communication device, (Birgisson, [0015] & [0024] describe wherein the appropriate action relating to the risk score comprises restricting offline access to one or more applications of the first communication device)

Regarding claim 9, Birgisson, Kumar and Blessing disclose the communication device of claim 8. 
Birgisson, Kumar and Blessing fail to explicitly disclose wherein determining whether or not to allow the interaction to proceed based on the first authentication result comprises: detecting one or more anomalies associated with the interaction; initiating a risk analysis based on the anomalies to determine a risk score for the interaction; and determining an appropriate action relating to the risk score.
However, in an analogous art, Han discloses wherein determining whether or not to allow the interaction to proceed based on the first authentication result comprises:
detecting one or more anomalies associated with the interaction; (Han, Col. 5, Lines 50-55; Col. 20, Lines 31-34 describes detecting one or more anomalies associated with the interaction)
initiating a risk analysis based on the anomalies to determine a risk score for the interaction; (Han, Col. 5, Lines 29-33; Col. 24, Lines 17-30 describes initiating a risk analysis based on the anomalies to determine a risk score for the interaction)
and determining an appropriate action relating to the risk score, (Han, Col. 24, Lines 31-45, describes determining an appropriate action relating to the risk score)
Therefore, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to combine the teachings of Han with the method/system of Birgisson, Kumar and Blessing to include wherein determining whether or not to allow the interaction to proceed based on the first authentication result comprises: detecting one or more anomalies associated with the interaction; initiating a risk analysis based on the anomalies to determine a risk score for the interaction; and determining an appropriate action relating to the risk score. One would have been motivated to capture and process payments in an offline mode (Han, Col. 2, Lines 39-46).

Regarding claim 10, Birgisson, Kumar, Blessing and Han disclose the communication device of claim 9.  
Birgisson further discloses wherein the appropriate action relating to the risk score comprises restricting offline access to one or more applications of the communication device, (Birgisson, [0015] & [0024] describe wherein the appropriate action relating to the risk score comprises restricting offline access to one or more applications of the first communication device)

Claim(s) 4 and 11 are rejected under 35 U.S.C. 103 as being unpatentable over Birgisson et al (“Birgisson,” US 20170223005), Kumar et al (“Kumar,” “Delegation-Based Robust Authentication Model for Wireless Roaming Using Portable Communication Devices,” IEEE Transactions on Consumer Electronics, Vol. 60, No. 4, November 2014, Pages 668-674), Blessing et al (“Blessing,” EP 2515497), in view of Han et al (“Han,” US 10366378) and further in view of Gonzalez-Perez et al (“Gonzalez-Perez,” “A Metamodel for Behavior Trees Modeling Technique,” Proceedings of the Third International Conference on Information Technology and Applications, IEEE Computer Society, Pages 1-5, 2005). 

Regarding claim 4, Birgisson, Kumar, Blessing and Han disclose the method of claim 2. 
Birgisson, Kumar, Blessing and Han fail to explicitly disclose wherein determining the appropriate action relating to the risk score comprises referencing a behavior tree.
However, in an analogous art, Gonzalez-Perez discloses wherein determining the appropriate action relating to the risk score comprises referencing a behavior tree, (Gonzalez-Perez, Page 1, FIG 1, shows an example behavior tree where each node references a given component (in all capitals inside the boxes) and a given state (in square brackets under the component's name)
Therefore, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to combine the teachings of Gonzalez-Perez with the method/system of Birgisson, Kumar, Blessing and Han to include wherein determining the appropriate action relating to the risk score comprises referencing a behavior tree. One would have been motivated to provide a modeling technique to develop a number of complex systems (Gonzalez-Perez, Page 1, Left Column, First Paragraph).

Regarding claim 11, Birgisson, Kumar, Blessing and Han disclose the communication device of claim 9. 
Birgisson, Kumar, Blessing and Han fail to explicitly disclose wherein determining an appropriate action relating to the risk score comprises referencing a behavior tree.
However, in an analogous art, Gonzalez-Perez discloses wherein determining an appropriate action relating to the risk score comprises referencing a behavior tree, (Gonzalez-Perez, Page 1, FIG 1, shows an example behavior tree where each node references a given component (in all capitals inside the boxes) and a given state (in square brackets under the component's name)
Therefore, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to combine the teachings of Gonzalez-Perez with the method/system of Birgisson, Kumar, Blessing and Han to include wherein determining an appropriate action relating to the risk score comprises referencing a behavior tree. One would have been motivated to provide a modeling technique to develop a number of complex systems (Gonzalez-Perez, Page 1, Left Column, First Paragraph).

Claim(s) 5 and 12 are rejected under 35 U.S.C. 103 as being unpatentable over Birgisson et al (“Birgisson,” US 20170223005), Kumar et al (“Kumar,” “Delegation-Based Robust Authentication Model for Wireless Roaming Using Portable Communication Devices,” IEEE Transactions on Consumer Electronics, Vol. 60, No. 4, November 2014, Pages 668-674), in view of Blessing et al (“Blessing,” EP 2515497) and further in view of Jeong et al (“Jeong,” US 20190056983). 

Regarding claim 5, Birgisson, Kumar and Blessing disclose the method of claim 1. 
Birgisson, Kumar and Blessing fail to explicitly disclose wherein the interaction is
associated with device information, and wherein the device information includes
one or more risk features including one or more of: a rate of CPU usage, an
install/uninstall history, and a network connection history.
However, in an analogous art, Jeong discloses wherein the interaction is
associated with device information, (Jeong, [0050] describes wherein the interaction is associated with device information)
and wherein the device information includes
one or more risk features including one or more of: 
a rate of CPU usage, (Jeong, [0050], describes a rate of CPU usage)
an install/uninstall history, 
and a network connection history.
Therefore, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to combine the teachings of Jeong with the method/system of Birgisson, Kumar and Blessing to include wherein the interaction is
associated with device information, and wherein the device information includes
one or more risk features including one or more of: a rate of CPU usage, an
install/uninstall history, and a network connection history. One would have been motivated to analyze and present a root cause for a fault phenomenon which occurs in an IT system in order to satisfy a demand in the art (Jeong, [0013]).

Regarding claim 12, Birgisson, Kumar and Blessing disclose the communication device of claim 8. 
Birgisson, Kumar and Blessing fail to explicitly disclose wherein the interaction is associated with device information, and wherein the device information includes one or more risk features including one or more of: a rate of CPU usage, an install/uninstall history, and a network connection history.
However, in an analogous art, Jeong discloses wherein the interaction is associated with device information, (Jeong, [0050] describes wherein the interaction is associated with device information)
and wherein the device information includes one or more risk features including one or more of: 
a rate of CPU usage, (Jeong, [0050], describes a rate of CPU usage)
an install/uninstall history, 
and a network connection history.
Therefore, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to combine the teachings of Jeong with the method/system of Birgisson, Kumar and Blessing to include wherein the interaction is associated with device information, and wherein the device information includes one or more risk features including one or more of: a rate of CPU usage, an install/uninstall history, and a network connection history. One would have been motivated to analyze and present a root cause for a fault phenomenon which occurs in an IT system in order to satisfy a demand in the art (Jeong, [0013]). 






Claim(s) 6 and 13 are rejected under 35 U.S.C. 103 as being unpatentable over Birgisson et al (“Birgisson,” US 20170223005), Kumar et al (“Kumar,” “Delegation-Based Robust Authentication Model for Wireless Roaming Using Portable Communication Devices,” IEEE Transactions on Consumer Electronics, Vol. 60, No. 4, November 2014, Pages 668-674), Blessing et al (“Blessing,” EP 2515497) in view of Jeong et al (“Jeong,” US 20190056983) and further in view of Abbe et al (“Abbe,” US 20130085916). 

Regarding claim 6, Birgisson, Kumar, Blessing and Jeong disclose the method of claim 5. 
Birgisson, Kumar, Blessing and Jeong fail to explicitly disclose wherein the device information is encrypted using secure multi-party computation.
However, in an analogous art, Abbe discloses wherein the device information is encrypted using secure multi-party computation, (Abbe, [0025] describes wherein the device information is encrypted using secure multi-party computation)
Therefore, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to combine the teachings of Abbe with the method/system of Birgisson, Kumar, Blessing and Jeong to include wherein the device information is encrypted using secure multi-party computation. One would have been motivated to secure confidential data (Abbe, [0001]).  

Regarding claim 13, Birgisson, Kumar, Blessing and Jeong disclose the communication device of claim 12. 
Birgisson, Kumar, Blessing and Jeong fail to explicitly disclose wherein the device information is encrypted using secure multi-party computation.
However, in an analogous art, Abbe discloses wherein the device information is encrypted using secure multi-party computation, (Abbe, [0025] describes wherein the device information is encrypted using secure multi-party computation)
Therefore, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to combine the teachings of Abbe with the method/system of Birgisson, Kumar, Blessing and Jeong to include wherein the device information is encrypted using secure multi-party computation. One would have been motivated to secure confidential data (Abbe, [0001]).  

Claim(s) 7 and 14 are rejected under 35 U.S.C. 103 as being unpatentable over Birgisson et al (“Birgisson,” US 20170223005), Kumar et al (“Kumar,” “Delegation-Based Robust Authentication Model for Wireless Roaming Using Portable Communication Devices,” IEEE Transactions on Consumer Electronics, Vol. 60, No. 4, November 2014, Pages 668-674), in view of Blessing et al (“Blessing,” EP 2515497) and further in view of Diaz Caceras et al (“Diaz Caceras,” US 20180218265). 

Regarding claim 7, Birgisson, Blessing and Ref_C disclose the method of claim 1. 
Birgisson, Kumar and Blessing fail to explicitly disclose wherein the master authentication model is a graph learning model generated from a plurality of requests to perform a plurality of interactions generated at a plurality of devices, and wherein the first local authentication model comprises one or more communities for a user of the first communication device.
However, in an analogous art, Diaz Caceras discloses wherein the master authentication model is a graph learning model generated from a plurality of requests to perform a plurality of interactions generated at a plurality of devices, (Diaz-Caceras, [0002], [0080], [0084] describes wherein the master authentication model is a graph learning model generated from a plurality of requests to perform a plurality of interactions generated at a plurality of devices)
and wherein the first local authentication model comprises one or more communities for a user of the first communication device, (Diaz-Caceras, [0002], [0080], [0084] describes and wherein the first local authentication model comprises one or more communities for a user of the first communication device)
Therefore, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to combine the teachings of Diaz Caceras with the method/system of Birgisson, Kumar and Blessing to include wherein the master authentication model is a graph learning model generated from a plurality of requests to perform a plurality of interactions generated at a plurality of devices, and wherein the first local authentication model comprises one or more communities for a user of the first communication device. One would have been motivated to transform a knowledge graph that represents semantics embedded in a knowledge graph (Diaz Caceras, [0001]). 

Regarding claim 14, Birgisson, Kumar and Blessing disclose the communication device of claim 8. 
Birgisson, Kumar and Blessing fail to explicitly disclose wherein the master authentication model is a graph learning model generated from a plurality of requests to perform a plurality of interactions generated at a plurality of devices, and wherein the first local authentication model comprises one or more communities for a user of the communication device.
However, in an analogous art, Diaz Caceras discloses wherein the master authentication model is a graph learning model generated from a plurality of requests to perform a plurality of interactions generated at a plurality of devices, (Diaz-Caceras, [0002], [0080], [0084] describes wherein the master authentication model is a graph learning model generated from a plurality of requests to perform a plurality of interactions generated at a plurality of devices)
and wherein the first local authentication model comprises one or more communities for a user of the communication device, (Diaz-Caceras, [0002], [0080], [0084] describes and wherein the first local authentication model comprises one or more communities for a user of the communication device)
Therefore, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to combine the teachings of Diaz Caceras with the method/system of Birgisson, Kumar and Blessing to include wherein the master authentication model is a graph learning model generated from a plurality of requests to perform a plurality of interactions generated at a plurality of devices, and wherein the first local authentication model comprises one or more communities for a user of the communication device. One would have been motivated to transform a knowledge graph that represents semantics embedded in a knowledge graph (Diaz Caceras, [0001]). 


Conclusion

Applicant's amendment necessitated the new ground(s) of rejection presented in this Office action.  Accordingly, THIS ACTION IS MADE FINAL.  See MPEP § 706.07(a).  Applicant is reminded of the extension of time policy as set forth in 37 CFR 1.136(a).  
A shortened statutory period for reply to this final action is set to expire THREE MONTHS from the mailing date of this action.  In the event a first reply is filed within TWO MONTHS of the mailing date of this final action and the advisory action is not mailed until after the end of the THREE-MONTH shortened statutory period, then the shortened statutory period will expire on the date the advisory action is mailed, and any extension fee pursuant to 37 CFR 1.136(a) will be calculated from the mailing date of the advisory action.  In no event, however, will the statutory period for reply expire later than SIX MONTHS from the date of this final action. 
Any inquiry concerning this communication or earlier communications from the examiner should be directed to JAMES J WILCOX whose telephone number is (571)270-3774. The examiner can normally be reached M-F: 8 A.M. to 5 P.M..
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Luu T. Pham can be reached on (571)270-5002. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. Visit https://www.uspto.gov/patents/apply/patent-center for more information about Patent Center and https://www.uspto.gov/patents/docx for information about filing in DOCX format. For additional questions, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.





/JAMES J WILCOX/Examiner, Art Unit 2439                                                                                                                                                                                                        


/LUU T PHAM/Supervisory Patent Examiner, Art Unit 2439