DETAILED ACTION
This Office Action is in response to amendment filed on filed on July 20, 2022.
In the event the determination of the status of the application as subject to AIA  35 U.S.C. 102 and 103 (or as subject to pre-AIA  35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status.  
Claims 1, 3-9, 11-17 and 19-20 are pending and herein considered.

Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .

Continued Examination Under 37 CFR 1.114
A request for continued examination under 37 CFR 1.114, including the fee set forth in 37 CFR 1.17(e), was filed in this application after final rejection.  Since this application is eligible for continued examination under 37 CFR 1.114, and the fee set forth in 37 CFR 1.17(e) has been timely paid, the finality of the previous Office action has been withdrawn pursuant to 37 CFR 1.114.  Applicant's submission filed on 07/20/2022 has been entered.
 





Response to Amendment
The amendment filed on 07/20/2022 has been entered and fully considered.

Claim Objections
Claims 19-20 are objected to because of the following informalities: claims 19-20 depend on a canceled claim 18.  Appropriate correction is required.

Claim Rejections - 35 USC § 103
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.

Claims 1, 3-9, 11-17 and 19-20 are rejected under 35 U.S.C. 103 as being unpatentable over Agarwal U.S. Pub. Number 2016/0055324 in view of Lindemann U.S. Pub. Number 2019/0222424 and further in view of Khosravi et al. (Khosravi) U.S. Pub. Number 2016/0179554. 
Regarding claim 1; Agarwal discloses a method comprising:
receiving, [[by a security agent]] running on a client device, a request to unlock the client device from a user (para. [0031] when the user desires to unlock a device that is protected by an authentication mechanism); and
responsive to the request:
obtaining, [[by the security agent,]] information regarding a set of operating characteristics of the client device (para. [0031] when the user desires to unlock a device that is protected by an authentication mechanism… the device gathers the device's current device context factors and user context as it may affect the suitability of the currently set authentication mode); and
selectively enabling or disabling, [[by the security agent,]] one or more authentication mechanisms of a plurality of authentication mechanisms available on the client device based on the information regarding the set of operating characteristics [[and a set of user-defined rules concerning at least time and location, a Service Set Identifier (SSID) of a wireless network associated with the client device]] (para. [0031] the device gathers the device's current device context factors and user context as it may affect the suitability of the currently set authentication mode. The device then uses this information to determine whether the current authentication mode is suitable or not. If the currently set authentication mode is suitable then the user executes the required authentication steps and unlocks the device using the current authentication mode; para. [0035] device then gathers device context information and user context information…ambient light and noise information, as well as accelerometer, GPS; para. [0040] the device determines whether the voice command authentication mode of the device currently configured is compatible with the high level of ambient noise. If the high noise level is nonetheless not so high as to render voice command authentication unfeasible… and the user proceeds to authenticate using voice command authentication);
collecting, by an enabled authentication mechanism of the plurality of authentication mechanisms, authentication parameters from the user via one or more sensors of the client device (para. [0046] If it is determined at stage 503 that the user is not driving a vehicle and that the user context does not otherwise weigh against the current mode, then the device permits authentication via the current authentication mode at stage 504. Otherwise, the process 500 flows to stage 505, wherein the device configures itself to use an alternative authentication mode that is not incompatible with the gathered device and user context information); and
when the authentication parameters match reference parameters associated with the client device, causing, by the enabled authentication mechanism, the client device to be unlocked (para. [0031] the device gathers the device's current device context factors and user context as it may affect the suitability of the currently set authentication mode. The device then uses this information to determine whether the current authentication mode is suitable or not. If the currently set authentication mode is suitable then the user executes the required authentication steps and unlocks the device using the current authentication mode).

Agarwal does not disclose which Lindemann discloses security agent and user-defined rules concerning at least time and location (Lindemann: para. [0024] various metrics are used to determine if the person initiating the transaction is actually the user that owns the account. Factors such as the time of the transaction, the location of the transaction, and the circumstances of the transactions are all good ways to assess whether a transaction has risk; para. [0109] a non-intrusive privacy-preserving authenticator (NIPPA) 210 …based on input from non-intrusive authentication mechanism; para. [0186] an authentication policy that allows authentication mechanisms to be selected based on the physical location of the client device being used for authentication... rules specify classes of locations and the authentication mechanism or mechanisms that must be applied if the client location matches the location definition in the rule).
Therefore, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to modify the teaching of Agarwal to provide user-defined rules concerning at least time and location, as taught by Lindemann. The motivation would be to increase strength of authentication based on the current environment in which authentication is performed, so It would be beneficial to select and/or combine authentication modalities based on the current detected risk. For example, a user loses a phone and someone attempts to hack it, it may take a day before the fingerprint can be captured from the display, an appropriate rubber finger created and subsequently used to gain access. Consequently, requiring a PIN entry after 24 hours or less since last trusted state.

The combination of Agarwal and Lindemann does not disclose, which Khosravi discloses user-defined rules concerning a Service Set Identifier (SSID) of a wireless network associated with the client device (Khosravi: para. [0026] fig.3, proximate to the SSID name “Home,” then the example authentication input manager 206 prompts the user for alternate input credentials 318 (i.e. authenticate with voice and facial rec). Emphasis added.
Therefore, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to modify the teaching of Agarwal, in view of Lindemann to provide rules concerning a Service Set Identifier (SSID) of a wireless network associated with the client device, as taught by Khosravi. The motivation would be to improvement over traditional password-based and biometric-based unlocking mechanisms, which may be susceptible to being cracked.

Regarding claim 3; the combination of Agarwal, Lindemann and Khosravi discloses the method of claim 1, wherein the security agent is integrated within an operating system of the client device (Lindemann: para. [0109]) FIG. 2 which includes a non-intrusive privacy-preserving authenticator (NIPPA) 210 including an assurance calculator 212 for determining the current assurance level based on input from non-intrusive authentication mechanisms 230 (e.g., location, gait measurements, etc.). The reason to combine Agarwal, Lindemann and Khosravi is the same as claim 1, above.

Regarding claim 4; the combination of Agarwal, Lindemann and Khosravi discloses the method of claim 1, wherein the security agent is integrated within an endpoint protection platform installed on the client device (Lindemann: para. [0110] the non-intrusive authentication 230 includes a location authentication module 231 for performing location-based authentication using a location sensor(s) 241 and historical or user-specified location data stored within a user/location data storage device 245 (e.g., which may be implemented as a file system or database)). The reason to combine Agarwal, Lindemann and Khosravi is the same as claim 1, above.

Regarding claim 5; the combination of Agarwal, Lindemann and Khosravi discloses the method of claim 1, wherein the set of operating characteristics include any or a combination of location information associated with the client device, a duration of time for which the client device was locked, and time at which the request was initiated (Agarwal: para. [0017] the device 100 may also include a sensor configured for determining location of the device such as a GPS module; [0048] If the task required by the current authentication mode is the capture of a user audible signal, then the process 500 flows to stage 507, wherein the device determines whether the gathered device context factors indicate a low enough level of ambient noise to allow an accurate user voice record to be captured (and whether the current user context would prevent an audible command, e.g., if the user has a meeting scheduled for the current time)).

Regarding claim 6; the combination of Agarwal, Lindemann and Khosravi discloses the method of claim 1, wherein the location information is based on a Global Positioning System (GPS) sensor of the client device, a geolocation of an Internet Protocol (IP) address of the client device, a Service Set Identifier (SSID) of a wireless network associated with the client device, or a network name of a mobile network associated with the client device (Agarwal: para. [0017] the device 100 may also include a sensor configured for determining location of the device such as a GPS module).

Regarding claim 7; the combination of Agarwal, Lindemann and Khosravi discloses the method of claim 1, wherein the authentication parameters comprise any or a combination of biometric information, facial recognition information, an alpha-numeric password, a touch pattern, a voice recognition pattern and a gesture (Agarwal: para. [0026] a user device is configured to require an x-character password or multi-point drawn pattern for authentication; if the device user is currently driving a vehicle, then typing a multi-digit password or drawing a multi-point pattern on the device screen is not practical or advisable; para. [0027] Continuing, consider a device that is configured to require facial recognition for authentication; para. [0033] the device may be initially configured to use voice authentication but may be switched to password authentication in a noisy concert).

Regarding claim 8; the combination of Agarwal, Lindemann and Khosravi discloses the method of claim 1, wherein the plurality of sensors include any or a combination of an image sensor, a camera, a biometric sensor, an audio sensor, an electronic switch, an electronic button and one or more touch screen elements (Agarwal: para. [0050] the device determines whether the device context information indicates the presence of sufficiently low ambient noise to allow voice recognition. If the device context information indicates the presence of sufficiently low ambient noise to allow voice recognition, the process 600 flows to stage 605 wherein the user authenticates using voice recognition. Otherwise, the device temporarily changes the current authentication mode to the next alternative mode at stage 606; para. [0051] the capture of a user image… or the capture of a user audible signal).

Regarding claims 9, 11-16; claims 9, 11-16 are direct to computer-readable storage media which has similar scope as claims 1, 3-8, respectively. Therefore, claims 9, 11-16 remain un-patentable for the same reason.
Regarding claim 19; the combination of Agarwal, Lindemann and Khosravi discloses the computer system of claim 18, wherein the computer system comprises a smartphone (Lindemann: para. [0410] sensitive information such as fingerprint data and other data which may uniquely identify the user may be retained locally on the user's client device (e.g., smartphone, notebook computer, etc.) to protect the user's privacy.). The reason to combine Agarwal, Lindemann and Khosravi is the same as claim 1, above.

Regarding claims 17 and 20; claims 17 and 20 are direct to a client device which has similar scope as claims 1 and 5, respectively. Therefore, claims 17 and 20 remain un-patentable for the same reason.

Examiner’s remarks 
The Examiner encourage to contact the examiner to discuss any further question before responding to this Office Action to expedite prosecution.

Related Art
The following prior art made of record and cited on PTO-892, but not relied upon, is considered pertinent to applicant’s disclosure:
U.S. Pub. Number 2014/0289833 to Briceno-Briceno teaches an authentication policy that allows authentication mechanisms to be selected based on the physical location of the client device being used for authentication. For example, the client and/or server may make a determination of the physical location of the client device, and feed that location to a policy engine that evaluates an ordered set of policy rules. In one embodiment, these rules specify classes of locations and the authentication mechanism or mechanisms that must be applied if the client location matches the location definition in the rule.
U.S. Pat. Number 9,569,605 to Schneider-Schneider teaches enabling biometric authentication options by capturing biometric data for authenticating to a device during normal usage of the device, including, e.g., during authentication actions on the device. And capturing biometric data describing the biometric trait of the user in connection with the user performing the authentication action on the device, and using the biometric data that describes the biometric trait as training data for the biometric authentication option to enable the user to access the protected feature of the device via the biometric authentication option.

Conclusion
Any inquiry concerning this communication or earlier communications from the examiner should be directed to VU V TRAN whose telephone number is (571)270-1708. The examiner can normally be reached M-F, 8 AM- 4 PM.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Ashok Patel can be reached on 571-272-3972. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. Visit https://www.uspto.gov/patents/apply/patent-center for more information about Patent Center and https://www.uspto.gov/patents/docx for information about filing in DOCX format. For additional questions, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.
/VU V TRAN/Primary Examiner, Art Unit 2491