DETAILED ACTION
	This action is responsive to applicant’s communication filed 11/08/2022.

Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .

Status of the Claims
	Claims 1, 3, 5-10, 12, and 14-20 are rejected under 35 U.S.C. 103.
	Claims 2, 4, 11, and 13 are cancelled.
	Claims 3 and 19 are objected to for minor informalities.

Claim Objections
Claims 3 and 19 are objected to because of the following informalities:
In line 2 of claim 3, the comma should be removed in “authentication of the user is failed, if an input value”.
In line 5 of claim 19, the comma should be removed in “authentication of the user is failed, if an input value”.
Appropriate correction is required.

Response to Arguments
The 35 U.S.C. 112(b) and 112(d) rejections made in the prior office action have been withdrawn.
Applicant's arguments filed 11/08/2022 have been fully considered but they are not persuasive.
While the current rejection now uses GARSIDE as the primary reference, the same references and rationale made by the examiner in the previous office action are being used. The change of the order of the references is merely done for clarity and does not constitute a new ground of rejection. See MPEP 1207.03(a).II.

Applicant argues on Pages 10-12 that there is no reason to combine the references, that the teachings of LANDQVIST are directly contradictory to the user inputs taught by GARSIDE and KORNELUK, and that the principle and purpose of LANDQVIST of authenticating a user using “unobtrusive challenges” is frustrated by the combination of the references. The examiner respectfully disagrees. 
In summary, the principle and purpose of LANDQVIST is the authentication of a user using a visual challenge based on the known traits of the user. The specific embodiment relied upon by the examiner is the physical traits, namely the user’s color vision, discussed in Paragraph 17 of LANDQVIST. The principle and purpose of GARSIDE is the use of a visual challenge, namely a pseudo-isochromatic test similar to the applicant’s own disclosure, for authorizing that a user requesting access to a resource is a human user. The principle and purpose of KORNELUK is the use of a pseudo-isochromatic test to tailor a user interface for a user after detecting any color vision deficiency in an enrollment procedure. LANDQVIST and GARSIDE are both directed to the field of user authentication or verification, with LANDQVIST being directed to authenticating a specific user and GARSIDE being directed to verifying that a user is human in general. It therefore would have been obvious to one of ordinary skill in the art to modify GARSIDE’s color vision test to instead authenticate a specific user if that user’s color vision is known. KORNELUK further supports this combination by teaching an enrollment procedure (using the same test as the applicant’s disclosure) that would have been used in order to register the user’s specific type of color vision trait, which as taught by LANDQVIST, would then be used to administer a specific visual authentication challenge that would only be successfully completed if the user has the known trait.
Furthermore, the test for obviousness is not whether the features of a secondary reference may be bodily incorporated into the structure of the primary reference; nor is it that the claimed invention must be expressly suggested in any one or all of the references.  Rather, the test is what the combined teachings of the references would have suggested to those of ordinary skill in the art.  See In re Keller, 642 F.2d 413, 208 USPQ 871 (CCPA 1981). In an effort to advance prosecution and clarify the rationale used for rejecting the claims, the examiner has changed the order of the references while still relying on the same teachings of the references. With GARSIDE as the starting point teaching the presentation of the visual authentication code and receiving the subsequent answer (i.e. a code entered through some type of user input mechanism) from the user, the teachings of LANDQVIST and KORNELUK provide the rationale for adapting the method to be used for the purpose of authenticating a specific user based on their known color vision trait. The teachings of the references are therefore not contradictory and do not frustrate the principle and purpose of any of the references.

Claim Rejections - 35 USC § 103
In the event the determination of the status of the application as subject to AIA  35 U.S.C. 102 and 103 (or as subject to pre-AIA  35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status.  

The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.


The factual inquiries for establishing a background for determining obviousness under 35 U.S.C. 103 are summarized as follows:
1. Determining the scope and contents of the prior art.
2. Ascertaining the differences between the prior art and the claims at issue.
3. Resolving the level of ordinary skill in the pertinent art.
4. Considering objective evidence present in the application indicating obviousness or nonobviousness.

Claims 1, 3, 5-10, 12, and 14-20 are rejected under 35 U.S.C. 103 as being unpatentable over GARSIDE (GB 2477561 A) in view of LANDQVIST (US 2017/0032137 A1) and further in view of KORNELUK (US 2006/0033880 A1).

Regarding Claim 1, GARSIDE teaches a user authentication method based on color vision information, performed by a user authentication apparatus, the user authentication method comprising: (See Figures 3-4, which provide summaries of methods used to authorize a user and grant the user access to services.)
transmitting, to a user terminal, a visual authentication code that is recognized differently according to color vision deficiency; (“In response to the occurrence of a restricted event in a computing device, a user of the computing device is presented with a challenge or puzzle including information designed to assist in determining whether the challenge or puzzle is answered by a human. The system and method of the invention provides for presenting challenges or puzzles utilising the Pseudo-lsochromatic techniques currently used to test for colour blindness. The invention is known as a Pseudo-lsochromatic challenge or puzzle. If it is determined that the challenge or puzzle was not answered or not answered correctly, perhaps due to a human deficiency in colour perception, a secondary challenge, which may take the form of 1 or more separate challenges or puzzles presented as alternatives or together forming the whole, may be invoked.” Page 11 section 2.6. See Figures 5-8, which provide examples of visual authentication codes that are recognized differently according to color vision deficiency.)
receiving, from the user terminal, a user input corresponding to the visual authentication code… (“The user then answers the Pseudo-lsochromatic challenge providing the answer to the user's trusted computing environment (process action 302). The user's trusted computing environment then evaluates the user's answer to the Pseudo-lsochromatic challenge, and if the answer is correct, generates a digital signature attesting to the successful completion of the challenge which is attached to the user's request for services and sent to the service provider” Last Paragraph of Page 9. A user input is received corresponding to the visual authentication code presented within the pseudo-isochromatic image.)
wherein the determining comprises determining that a user authentication of the user is successful if an input value with respect to the visual authentication code included in the user input matches the reference value… (“a user wishing to request a particular service creates its own Pseudo-lsochromatic challenge using its trusted computing device or environment which may be set up for the end users particular colour vision deficiencies if required. The user then answers the Pseudo-lsochromatic challenge and the trusted computing environment evaluates the user's answer to the challenge. The trusted computing environment generates a digital signature (e.g., a signed assertion) attesting to the user's successful completion of the challenge which is attached to the user's request for services and sent to the service provider. Once the service provider receives the user's message, the digital signature can then be verified by the service provider. If the digital signature is acceptable, the service provider processes the user's request for services and provides the user access to their services.” End of Page 3. The input value would be the user’s answer to the pseudoisochromatic challenge. A correct answer results in successful completion of the challenge. Also see the end of Page 9.)
among different values that may be read from the visual authentication code. (“The Pseudo-Isochromatic challenge is generated for the user by the user's trusted computing environment or device, and the user answers the challenge. A digital signature which may or may not include the user's answer, or may be appended to the user's answer, is provided as part of the user's service request to a service provider to access their services. For example, the digital signature can be appended to the message body (which may include such things as the correct answer, timestamp, request for services, and so on) to prove the authenticity and integrity of the message to the service provider.” Middle of Page 3. “The challenge will be in the form of letters, numbers, geometric shapes or pictures of recognizable objects, animals, or people presented in a Pseudo-Isochromatic style which can be defined as a pattern of dots or shapes which may be uniform or variable in size, in different colours, saturations, contrasts and colour hues which when perceived by the human eye are recognizable but are designed in such a way as to make optical character recognition (OCR) and other automated processes extremely difficult.” Top of Page 12. A pseudoisochromatic visual code, which is a type of color vision test, is presented to the user as an authentication challenge. The code is a number and/or character that is read differently depending on the color deficiency of the user. As discussed on Page 2, the challenge would have different answers depending on the color vision of the user.)
GARSIDE does not teach that the reference value that is checked is corresponding to the pre-enrolled color vision information of the user. 
While GARSIDE is directed to user liveness detection (Beginning of Pages 2, 3, and 12), GARSIDE does not teach and determining a user authentication result of a user based on a comparison result obtained by comparing the user input to a reference value determined based on pre-enrolled color vision information of the user.
However, LANDQVIST, which is directed to allowing access to a device based on adapting a visual challenge according to their physical capability (Paragraph 17), teaches that the reference value that is checked is corresponding to the pre-enrolled color vision information of the user  (“step S4 comprises selecting a visual challenge configured based on the personal information retrieved in the previous step… Step S5 comprises issuing the visual challenge to the user U. Typically the visual challenge is displayed on the display unit 150.” Paragraphs 0044-46. A visual challenge, which is equivalent to a “visual authentication code”, is created based on the personal information of the user. An example is given in Paragraph 0044 and 0017 of the personal information being the lack of color vision of the user and the challenge being configured with a portion that the user should not be able to see if they are the true user being authenticated. “a physical capacity may refer to the visual acuity of a user or the color vision of the user. Hence, the challenge may be configured with a portion that the user is not meant to see due to their visual acuity or lack of color vision, and if an attempt, e.g. a gaze direction is directed to such a portion of the visual challenge, it may be determined as an attempt to bypass the security measure” Paragraph 0017.)
LANDQVIST further teaches and determining a user authentication result of a user based on a comparison result obtained by comparing the user input to a reference value determined based on pre-enrolled color vision information of the user (“Step S7 comprises determining whether the user passed the challenge based on the received visual input corresponding to an eye movement of the user U… detecting whether the user focuses an eye-gaze on at least one specific area of the visual challenge. Determining whether the user U passed the visual challenge may thus comprise utilizing a set of predetermined rules or thresholds in order to determine whether the eye movement of the user U corresponds to an expected eye movement. Hereby, it is understood that the visual challenge that is selected and issued to the user U may have an expected response from the user U such as an expected eye-gaze, or eye-gaze direction described previously.” Paragraph 0049. Also see Paragraph 0050, which discusses that access is granted to the device if the user passes the challenge.
The direction or area of the user’s eye gaze [user input] is compared to an expected direction or area [reference area] in order to obtain the authentication result. As discussed in Paragraph 0017, the expected result would be the user with the lack of color vision to not gaze at a particular portion of the challenge, while the gaze of the false user would look at such a portion. If the personal traits of the user are being retrieved as discussed in Paragraph 0044, then the personal traits, such as the color vision of the user, must be pre-enrolled or pre-registered in the database.) 
“if an attempt, e.g. a gaze direction is directed to such a portion of the visual challenge, it may be determined as an attempt to bypass the security measure. In such an embodiment, the expected eye movement of the user which is received in order to determine whether the user passes the visual challenge may be… only receiving a eye movement which corresponds to a adaptation, e.g. a specific portion subjected to adaptation, of the visual challenge which the user should detect with his or her physical capacity.” Paragraph 0017)
Before the effective filing date of the invention, it would have been obvious to one of ordinary skill in the art to modify the pseudoisochromatic plate test for authenticating that the user making an access request is a human user taught by GARSIDE by adapting the test for the purpose of authenticating a specific, pre-enrolled user using a visual challenge configured based on the color vision traits of the user as taught by LANDQVIST. Since both references are directed to authentication or access control and teach designing the system around the color vision attributes of a user, the combination would have yielded predictable results. Such an implementation would amount to using a pseudoisochromatic test as the visual authentication code rather than the visual test taught by LANDQVIST. As taught by GARSIDE (Page 1 and 12), such an implementation would increase the security of a system by preventing OCR and other automated processes from intercepting an access code. In combination with LANDQVIST, prevention of access of the data of a specific user who is known by the system to be colorblind would be ensured since an automated process or malicious attacker would not be able to answer the challenge with the same answer.
While LANDQVIST teaches storing pre-enrolled color vision information of a user, GARSIDE in view of LANDQVIST does not explicitly teach and wherein the pre-enrolled color vision information is determined in a user enrollment procedure based on a user input with respect to color vision information of the user, and includes information regarding whether the user has color vision deficiency.
However, KORNELUK, which is directed to adjusting a display based on the color vision information of a user obtained from an enrollment procedure, teaches and wherein the pre-enrolled color vision information is determined in a user enrollment procedure based on a user input with respect to color vision information of the user, and includes information regarding whether the user has color vision deficiency (“A menu of colorblind types can be displayed from which a user can select his type of colorblindness, if known. If the user does not know his type of colorblindness, one or more test patterns can be presented to the user. For each test pattern, the user can select at least one identifier corresponding to an image visually perceived by the user. The user's selection can be compared to predetermined data corresponding to the test pattern.” Paragraph 0010. “a device can commence determining a colorblind condition of a user based on at least one user input.” Paragraph 0018. See Figure 1, which outlines a user enrollment procedure for determining whether the user has colorblindness, as well as the type of colorblindness.)
Before the effective filing date of the invention, it would have been obvious to one of ordinary skill in the art to modify the visual authentication challenge based on a physical trait of the user, such as colorblindness taught by GARSIDE in view of LANDQVIST by incorporating the enrollment procedure for determining whether a user is colorblind taught by KORNELUK. Since LANDQVIST teaches that the personal traits of the user are stored in a database (Paragraphs 0036, 0044), there must have been some enrollment procedure to obtain and store such information. It would have been reasonable for a person of ordinary skill in the art to use the enrollment procedure taught by KORNELUK as a necessary step to accomplish the method of GARSIDE and LANDQVIST. Furthermore, as suggested by KORNELUK, such an implementation would improve the user experience by aiding the user in tailoring the user interface to their type of colorblindness whether the user is aware of it or not.
Regarding Claim 10, GARSIDE further teaches a user authentication apparatus for performing a user authentication method, the user authentication apparatus comprising: a memory and a processor, wherein the memory is configured to store instructions executable by the processor, and when the instructions are executed by the processor, the processor is configured to (Fig. 1 processor 120, memory 130.)
	Claim 10 otherwise recites identical limitations to claim 1 and is therefore rejected using the same reasoning described above.

Regarding Claim 3, GARSIDE in view of LANDQVIST and KORNELUK further teaches wherein the determining comprises determining that a user authentication of the user is failed, if an input value with respect to the visual authentication code included in the user input is different from the reference value. (LANDQVISIT, “If the user U fails the challenge, access is denied to the device in step S8b.” Paragraph 0050. The input value would be the specific direction or area the user is looking with respect to the visual code on the display. If the direction or area is not the same as the expected direction or area, then the authentication is unsuccessful and the user is denied access to the device.
In view of GARSIDE, the reference value would be the expected result of the pseudoisochromatic test. If it does not match, then the authentication would have failed. See Pages 11-12 section 2.6.)
Claim 12 is directed to a user authentication apparatus but otherwise recites identical limitations to claim 3 and is therefore rejected using the same reasoning described above.

Regarding Claim 5, GARSIDE in view of LANDQVIST and KORNELUK further teaches wherein the pre-enrolled color vision information is enrolled information regarding whether the user has color vision deficiency, determined based on an input value with respect to a visual code that is read differently according to color vision deficiency input in the user enrollment procedure. (KORNELUK, “if the user does not know the type of colorblindness from which he suffers, a colorblindness test pattern can be presented to the user, as shown in step 140. For example, the colorblindness test pattern can be a test pattern of a pseudoisochromatic plate test… the user can be prompted to enter an input responsive to the test pattern. For instance, the user can be prompted to identify an image perceived in the test pattern. For example, if the user perceives an alphanumeric character which has a correlating key in the device's keypad, the user can enter the alphanumeric character using the keypad… If, however, the logged failures are consistent with colorblindness, the user's type of colorblindness can be determined” Paragraphs 0022-25. A pseudoisochromatic plate test, in which a user must identify a series of visual patterns that can be misread by those with a color vision deficiency, is used to determine the color vision deficiency of the user.)
Claim 14 is directed to a user authentication apparatus but otherwise recites identical limitations to claim 5 and is therefore rejected using the same reasoning described above.

Regarding Claim 6, GARSIDE in view of LANDQVIST and KORNELUK further teaches wherein the pre-enrolled color vision information is enrolled information regarding whether the user has color vision deficiency, determined based on a selected value with respect to color vision deficiency input in the user enrollment procedure. (KORNELUK, “a user response can be solicited to determine whether the user knows the type of colorblindness he suffers from. For example, the user can be prompted to enter a response using a keypad, a stylus, a mouse, a touch screen, a remote control unit, or any other user input device. If the user does know his type of colorblindness, a list of colorblindness types can be presented to the user, as shown in step 115. A user input then can be received to select a colorblindness type from the menu, as shown in step 120.” Paragraph 0019. See Figure 1 steps 110 and 115: A user manually selects their color vision deficiency from a menu if they know their color vision deficiency.)
Claim 15 is directed to a user authentication apparatus but otherwise recites identical limitations to claim 6 and is therefore rejected using the same reasoning described above.

Regarding Claim 7, GARSIDE in view of LANDQVIST and KORNELUK teaches all the limitations of claim 1, on which claim 7 depends.
GARSIDE further teaches wherein the visual authentication code is provided in the form of an image based on a color vision test, and the different values that may be read from the visual authentication code are each a number, a character, or a combination thereof that is read differently according to normal vision and color vision deficiency. (“The Pseudo-Isochromatic challenge is generated for the user by the user's trusted computing environment or device, and the user answers the challenge. A digital signature which may or may not include the user's answer, or may be appended to the user's answer, is provided as part of the user's service request to a service provider to access their services. For example, the digital signature can be appended to the message body (which may include such things as the correct answer, timestamp, request for services, and so on) to prove the authenticity and integrity of the message to the service provider.” Middle of Page 3. “The challenge will be in the form of letters, numbers, geometric shapes or pictures of recognizable objects, animals, or people presented in a Pseudo-Isochromatic style which can be defined as a pattern of dots or shapes which may be uniform or variable in size, in different colours, saturations, contrasts and colour hues which when perceived by the human eye are recognizable but are designed in such a way as to make optical character recognition (OCR) and other automated processes extremely difficult.” Top of Page 12. A pseudoisochromatic visual code, which is a type of color vision test, is presented to the user as an authentication challenge. The code is a number and/or character that is read differently depending on the color deficiency of the user. As discussed on Page 2, the challenge would have different answers depending on the color vision of the user. The challenge is used as a liveliness authentication; however, in view of LANDQVIST, it would have been obvious to use the challenge in a specific user authentication procedure based on the personal traits of the user stored in the database (i.e. known color vision of the user).)
Claim 16 is directed to a user authentication apparatus but otherwise recites identical limitations to claim 7 and is therefore rejected using the same reasoning described above.

Regarding Claim 8, GARSIDE in view of LANDQVIST and KORNELUK further teaches wherein the different values that may be read from the visual authentication code are each a number, a character, or a combination thereof that is read differently according to at least one of protanomaly, deuteranomaly, tritanomaly, protanopia, deuteranopia, tritanopia, cone monochromatism, and rod monochromatism. (GARSIDE, “The purpose of this is so that the challenges are designed to allow for all types of humans: Trichromats who have normal vision, Dichromats who are colour blind and who can be further defined as: protanopes who have a lack of red cones within their visual system, deuternopes who have a lack of green cones, tritanopes who have a lack of blue cones and anomalous trichromats who have a partial loss of any of the colour cones of the human visual system. The qualitative challenge is discernible by both protanopes and deuternopes but with different answers.” Middle of Page 2.)
Claim 17 is directed to a user authentication apparatus but otherwise recites identical limitations to claim 8 and is therefore rejected using the same reasoning described above.

Regarding Claim 9, GARSIDE in view of LANDQVIST and KORNELUK further teaches a non-transitory computer-readable storage medium storing instructions that, when executed by a processor, cause the processor to perform the user authentication method of claim 1. (GARSIDE, processor 120, memory 130.
LANDQVISIT, “In order to perform computations and carry out instructions received via hardware, e.g. communications means or software from a machine-readable memory (not shown) the device 110 comprises a processor (not shown)… The device 110 may of course comprise additional components such as the aforementioned machine-readable memory, both volatile and non-volatile” Paragraph 0034.)

Regarding Claim 18, GARSIDE teaches a user authentication method performed by a user terminal, the user authentication method comprising: (See Figures 3-4, which provide summaries of methods used to authorize a user and grant the user access to services.)
receiving, from a user authentication apparatus, a visual authentication code that is recognized differently according to color vision deficiency; (“In response to the occurrence of a restricted event in a computing device, a user of the computing device is presented with a challenge or puzzle including information designed to assist in determining whether the challenge or puzzle is answered by a human. The system and method of the invention provides for presenting challenges or puzzles utilising the Pseudo-lsochromatic techniques currently used to test for colour blindness. The invention is known as a Pseudo-lsochromatic challenge or puzzle. If it is determined that the challenge or puzzle was not answered or not answered correctly, perhaps due to a human deficiency in colour perception, a secondary challenge, which may take the form of 1 or more separate challenges or puzzles presented as alternatives or together forming the whole, may be invoked.” Page 11 section 2.6. See Figures 5-8, which provide examples of visual authentication codes that are recognized differently according to color vision deficiency.)
receiving a user input corresponding to the visual authentication code; and transmitting the received user input to the user authentication apparatus… (“The user then answers the Pseudo-lsochromatic challenge providing the answer to the user's trusted computing environment (process action 302). The user's trusted computing environment then evaluates the user's answer to the Pseudo-lsochromatic challenge, and if the answer is correct, generates a digital signature attesting to the successful completion of the challenge which is attached to the user's request for services and sent to the service provider” Last Paragraph of Page 9. A user input is received corresponding to the visual authentication code presented within the pseudo-isochromatic image. Also see sections 2.4 and 2.5 of Page 11, which discuss that the visual authentication challenge can be generated and evaluated by the service provider or a third-party service, which would include receiving the user authentication input.)
GARSIDE further teaches and wherein the user authentication apparatus is configured to determine that a user authentication of the user is successful if an input value with respect to the visual authentication code included in the user input matches the reference value… (“a user wishing to request a particular service creates its own Pseudo-lsochromatic challenge using its trusted computing device or environment which may be set up for the end users particular colour vision deficiencies if required. The user then answers the Pseudo-lsochromatic challenge and the trusted computing environment evaluates the user's answer to the challenge. The trusted computing environment generates a digital signature (e.g., a signed assertion) attesting to the user's successful completion of the challenge which is attached to the user's request for services and sent to the service provider. Once the service provider receives the user's message, the digital signature can then be verified by the service provider. If the digital signature is acceptable, the service provider processes the user's request for services and provides the user access to their services.” End of Page 3. The input value would be the user’s answer to the pseudoisochromatic challenge. A correct answer results in successful completion of the challenge.)
GARSIDE teaches that the reference value is among different values that may be read from the visual authentication code (“The Pseudo-Isochromatic challenge is generated for the user by the user's trusted computing environment or device, and the user answers the challenge. A digital signature which may or may not include the user's answer, or may be appended to the user's answer, is provided as part of the user's service request to a service provider to access their services. For example, the digital signature can be appended to the message body (which may include such things as the correct answer, timestamp, request for services, and so on) to prove the authenticity and integrity of the message to the service provider.” Middle of Page 3. “The challenge will be in the form of letters, numbers, geometric shapes or pictures of recognizable objects, animals, or people presented in a Pseudo-Isochromatic style which can be defined as a pattern of dots or shapes which may be uniform or variable in size, in different colours, saturations, contrasts and colour hues which when perceived by the human eye are recognizable but are designed in such a way as to make optical character recognition (OCR) and other automated processes extremely difficult.” Top of Page 12. A pseudoisochromatic visual code, which is a type of color vision test, is presented to the user as an authentication challenge. The code is a number and/or character that is read differently depending on the color deficiency of the user. As discussed on Page 2, the challenge would have different answers depending on the color vision of the user.)
GARSIDE does not teach that the reference value that is checked is corresponding to the pre-enrolled color vision information of the user. 
While GARSIDE is directed to user liveness detection (Beginning of Pages 2, 3, and 12), GARSIDE does not teach wherein the user authentication apparatus is configured to determine a user authentication result of a user based on a comparison result obtained by comparing the user input to a reference value determined based on pre-enrolled color vision information of the user.
However, LANDQVIST, which is directed to allowing access to a device based on adapting a visual challenge according to their physical capability (Paragraph 17), teaches that the reference value that is checked is corresponding to the pre-enrolled color vision information of the user  (“step S4 comprises selecting a visual challenge configured based on the personal information retrieved in the previous step… Step S5 comprises issuing the visual challenge to the user U. Typically the visual challenge is displayed on the display unit 150.” Paragraphs 0044-46. A visual challenge, which is equivalent to a “visual authentication code”, is created based on the personal information of the user. An example is given in Paragraph 0044 and 0017 of the personal information being the lack of color vision of the user and the challenge being configured with a portion that the user should not be able to see if they are the true user being authenticated. “a physical capacity may refer to the visual acuity of a user or the color vision of the user. Hence, the challenge may be configured with a portion that the user is not meant to see due to their visual acuity or lack of color vision, and if an attempt, e.g. a gaze direction is directed to such a portion of the visual challenge, it may be determined as an attempt to bypass the security measure” Paragraph 0017.)
LANDQVIST further teaches wherein the user authentication apparatus is configured to determine a user authentication result of a user based on a comparison result obtained by comparing the user input to a reference value determined based on pre-enrolled color vision information of the user (“Step S7 comprises determining whether the user passed the challenge based on the received visual input corresponding to an eye movement of the user U… detecting whether the user focuses an eye-gaze on at least one specific area of the visual challenge. Determining whether the user U passed the visual challenge may thus comprise utilizing a set of predetermined rules or thresholds in order to determine whether the eye movement of the user U corresponds to an expected eye movement. Hereby, it is understood that the visual challenge that is selected and issued to the user U may have an expected response from the user U such as an expected eye-gaze, or eye-gaze direction described previously.” Paragraph 0049. Also see Paragraph 0050, which discusses that access is granted to the device if the user passes the challenge.
The direction or area of the user’s eye gaze [user input] is compared to an expected direction or area [reference area] in order to obtain the authentication result. As discussed in Paragraph 0017, the expected result would be the user with the lack of color vision to not gaze at a particular portion of the challenge, while the gaze of the false user would look at such a portion. If the personal traits of the user are being retrieved as discussed in Paragraph 0044, then the personal traits, such as the color vision of the user, must be pre-enrolled or pre-registered in the database.) 
“if an attempt, e.g. a gaze direction is directed to such a portion of the visual challenge, it may be determined as an attempt to bypass the security measure. In such an embodiment, the expected eye movement of the user which is received in order to determine whether the user passes the visual challenge may be… only receiving a eye movement which corresponds to a adaptation, e.g. a specific portion subjected to adaptation, of the visual challenge which the user should detect with his or her physical capacity.” Paragraph 0017)
Before the effective filing date of the invention, it would have been obvious to one of ordinary skill in the art to modify the pseudoisochromatic plate test for authenticating that the user making an access request is a human user taught by GARSIDE by adapting the test for the purpose of authenticating a specific, pre-enrolled user using a visual challenge configured based on the color vision traits of the user as taught by LANDQVIST. Since both references are directed to authentication or access control and teach designing the system around the color vision attributes of a user, the combination would have yielded predictable results. Such an implementation would amount to using a pseudoisochromatic test as the visual authentication code rather than the visual test taught by LANDQVIST. As taught by GARSIDE (Page 1 and 12), such an implementation would increase the security of a system by preventing OCR and other automated processes from intercepting an access code. In combination with LANDQVIST, prevention of access of the data of a specific user who is known by the system to be colorblind would be ensured since an automated process or malicious attacker would not be able to answer the challenge with the same answer.
While LANDQVIST teaches storing pre-enrolled color vision information of a user, GARSIDE in view of LANDQVIST does not explicitly teach and wherein the pre-enrolled color vision information is determined in a user enrollment procedure based on a user input with respect to color vision information of the user, and includes information regarding whether the user has color vision deficiency.
However, KORNELUK, which is directed to adjusting a display based on the color vision information of a user obtained from an enrollment procedure, teaches and wherein the pre-enrolled color vision information is determined in a user enrollment procedure based on a user input with respect to color vision information of the user, and includes information regarding whether the user has color vision deficiency (“A menu of colorblind types can be displayed from which a user can select his type of colorblindness, if known. If the user does not know his type of colorblindness, one or more test patterns can be presented to the user. For each test pattern, the user can select at least one identifier corresponding to an image visually perceived by the user. The user's selection can be compared to predetermined data corresponding to the test pattern.” Paragraph 0010. “a device can commence determining a colorblind condition of a user based on at least one user input.” Paragraph 0018. See Figure 1, which outlines a user enrollment procedure for determining whether the user has colorblindness, as well as the type of colorblindness.)
Before the effective filing date of the invention, it would have been obvious to one of ordinary skill in the art to modify the visual authentication challenge based on a physical trait of the user, such as colorblindness taught by GARSIDE in view of LANDQVIST by incorporating the enrollment procedure for determining whether a user is colorblind taught by KORNELUK. Since LANDQVIST teaches that the personal traits of the user are stored in a database (Paragraphs 0036, 0044), there must have been some enrollment procedure to obtain and store such information. It would have been reasonable for a person of ordinary skill in the art to use the enrollment procedure taught by KORNELUK as a necessary step to accomplish the method of GARSIDE and LANDQVIST. Furthermore, as suggested by KORNELUK, such an implementation would improve the user experience by aiding the user in tailoring the user interface to their type of colorblindness whether the user is aware of it or not.

Regarding Claim 19, GARSIDE in view of LANDQVIST and KORNELUK further teaches determine that a user authentication of the user is failed, if the input value with respect to the visual authentication code included in the user input is different from the reference value. (LANDQVISIT, “If the user U fails the challenge, access is denied to the device in step S8b.” Paragraph 0050. The input value would be the specific direction or area the user is looking with respect to the visual code on the display. If the direction or area is not the same as the expected direction or area, then the authentication is unsuccessful and the user is denied access to the device. 
In view of GARSIDE, the reference value would be the expected result of the pseudoisochromatic test. If it does not match, then the authentication would have failed. See Pages 11-12 section 2.6.)

Regarding Claim 20, GARSIDE in view of LANDQVIST and KORNELUK further teaches the visual authentication code is provided in the form of an image based on a color vision test, and is read differently according to normal vision and color vision deficiency. (GARSIDE, “The Pseudo-Isochromatic challenge is generated for the user by the user's trusted computing environment or device, and the user answers the challenge. A digital signature which may or may not include the user's answer, or may be appended to the user's answer, is provided as part of the user's service request to a service provider to access their services. For example, the digital signature can be appended to the message body (which may include such things as the correct answer, timestamp, request for services, and so on) to prove the authenticity and integrity of the message to the service provider.” Middle of Page 3. “The challenge will be in the form of letters, numbers, geometric shapes or pictures of recognizable objects, animals, or people presented in a Pseudo-Isochromatic style which can be defined as a pattern of dots or shapes which may be uniform or variable in size, in different colours, saturations, contrasts and colour hues which when perceived by the human eye are recognizable but are designed in such a way as to make optical character recognition (OCR) and other automated processes extremely difficult.” Top of Page 12. A pseudoisochromatic visual code, which is a type of color vision test, is presented to the user as an authentication challenge. The code is a number and/or character that is read differently depending on the color deficiency of the user. As discussed on Page 2, the challenge would have different answers depending on the color vision of the user. The challenge is used as a liveliness authentication; however, in view of LANDQVIST, it would have been obvious to use the challenge in a specific user authentication procedure based on the personal traits of the user stored in the database (i.e. known color vision of the user).)

Conclusion
The prior art made of record and not relied upon is considered pertinent to applicant's disclosure.
Chen (US 2007/0130618 A1) teaches an authentication method using a visual challenge. (Abstract, Figs. 4-6)
Zhong (US 2014/0150057 A1) teaches verification of a user based on comparison of a code entered by a user to a reference value. (Fig. 2, ¶ 38)
Natividad (US 2014/0359734 A1) teaches authentication password generation based on a sequence of alphanumeric user inputs corresponding to displayed images. (¶ 28)
Tartz (US 2015/0319153 A1) teaches user verification based on entering a visual authentication code. (¶ 61, 73, Fig. 3)
Makofsky (US 2015/0379247 A1) teaches a user challenge-response authentication using a visual authentication code. (Figs. 3-6)
Dotan (US 9,430,634 B1) teaches a gesture password based on a sequence of input colors and objects. (Abstract, Fig. 3)
Mihai (US 2019/0066526 A1) teaches determining a color vision deficiency of a user and developing a vision profile for modifying an interface. (Abstract)
Krishnappa (US 10,586,037 B1) teaches providing OTPs to a user with different visual characteristics, including color. (Abstract, Fig. 3)

Any inquiry concerning this communication or earlier communications from the examiner should be directed to RAMI RAFAT OKASHA whose telephone number is (571)272-0675. The examiner can normally be reached M-F 9-5 EST.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Kieu Vu can be reached on (571) 272-4057. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. Visit https://www.uspto.gov/patents/apply/patent-center for more information about Patent Center and https://www.uspto.gov/patents/docx for information about filing in DOCX format. For additional questions, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.





/RAMI R OKASHA/Examiner, Art Unit 2173