Prosecution Insights
Last updated: July 17, 2026
Application No. 17/402,808

LOCATION-BASED ACCESS CONTROL OF A MEDICAL ANALYZER

Non-Final OA §103
Filed
Aug 16, 2021
Priority
Aug 21, 2020 — EU 20192152.5
Examiner
MOHAMMADI, FAHIMEH M
Art Unit
2439
Tech Center
2400 — Computer Networks
Assignee
Roche Diagnostics Operations Inc.
OA Round
5 (Non-Final)
76%
Grant Probability
Favorable
5-6
OA Rounds
0m
Est. Remaining
99%
With Interview

Examiner Intelligence

Grants 76% — above average
76%
Career Allowance Rate
225 granted / 296 resolved
+18.0% vs TC avg
Strong +52% interview lift
Without
With
+52.2%
Interview Lift
resolved cases with interview
Typical timeline
3y 1m
Avg Prosecution
20 currently pending
Career history
325
Total Applications
across all art units

Statute-Specific Performance

§101
0.4%
-39.6% vs TC avg
§103
98.5%
+58.5% vs TC avg
§102
0.7%
-39.3% vs TC avg
§112
0.1%
-39.9% vs TC avg
Black line = Tech Center average estimate • Based on career data from 296 resolved cases

Office Action

§103
DETAILED ACTION Notice of Pre-AIA or AIA Status The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA . Continued Examination Under 37 CFR 1.114 A request for continued examination under 37 CFR 1.114, including the fee set forth in 37 CFR 1.17(e), was filed in this application after final rejection. Since this application is eligible for continued examination under 37 CFR 1.114, and the fee set forth in 37 CFR 1.17(e) has been timely paid, the finality of the previous Office action has been withdrawn pursuant to 37 CFR 1.114. Applicant’s submission filed on 04/15/2026 has been entered. As per instant Amendment, Claims 6 and 10 were canceled; Claims 21 and 22 have been added; Claims 1, 12, 13, and 15 are independent claims. Claims 1-5, 7-9, 11-14 and 16-22 have been examined and are pending. This Action is made Non-FINAL. Response to Arguments Claim 14 is no longer interpreted under 35 U.S.C. 112(f) as claims have been amended. Applicants’ arguments in the instant Amendment, filed on 04/15/2026, with respect to limitations listed below, have been fully considered but they are not persuasive. Applicant’s arguments: “neither Roese nor Giobbi teaches or suggests “receiving, [] from a location server ..., a first location credential identifying a first user and a first access control zone of the access-controlled facility,” as recited in amended independent claim 1.” The Examiner disagrees with the Applicants. The Examiner respectfully submits that Roese discloses receiving, by a computing apparatus and from a location management server of an access-controlled facility, a first location credential identifying a first user and a first access control zone of the access-controlled facility (Roese: par. 0031 system 100 determines the location of user device 104b relative to typically multiple network devices (e.g., 120a and 120b) that receive transmitted signals from user device 104b; par. 0025 a location of a device can relate to the physical location of the device, which can be characterized in a variety of ways including [] a geographic region, or in terms of building structures, such as coordinates on a particular floor in a building or a room number in a building). More specifically, Roese discloses system 100 can use location information to enforce restrictions regarding the transmission of data [] location information allows system 100 to deny access to certain sensitive information upon request from a location client outside of a specified region, or to prohibit data from being transmitted through an intermediate device that is located outside of a specified region. FIG. 6 illustrates an example process 601 that system 100 employs to effect these data transmission restrictions [] System 100 then determines (step 610) whether the requested data is location sensitive. That is, whether the data should not be moved beyond certain defined boundaries (e.g., a present device, a room, a building, a campus, a city, a country and the like) [par. 0115] and location-aware system 100 operates and provides network-based services to users according to locations of devices that use or are part of the network associated with system 100 [] a location of a device can relate to the physical location of the device, which can be characterized in a variety of ways including as grid or map coordinates (e.g., latitude, longitude, and elevation), a geographic region, or in terms of building structures, such as coordinates on a particular floor in a building or a room number in a building [par. 0025]. Therefore, the examiner finds this argument not persuasive. Applicant’s arguments: “neither Roese nor Giobbi teaches or suggests “based at least in part on receiving the first location credential: identifying, by the computing apparatus, a first analytic device that is present within the first access control zone,” as recited in amended independent claim 1.” The Examiner disagrees with the Applicants. The Examiner respectfully submits that Roese discloses based at least in part on receiving the first location credential: identifying, by the computing apparatus, a first analytic device that is present within the first access control zone (Roese: par. 0075 a wide variety of events may initiate the process of determining and validating the location of a device. These can include [] triggering of a firewall alarm; par. 0098 firewalls (e.g., 140 (FIG. 8)) also provide a technique for network usage regulation. Firewalls are primarily computer programs designed to analyze packets). More specifically, Roese discloses if the device cannot provide its own location information, or the location information is not associated with a level of trust acceptable to system 100 for the particular transaction requested, the location information is determined (step 225) independently of the device, by system 100 itself or a trusted third party agent. After determining (step 225) a trustworthy location, system 100 establishes (step 230) the device location information [par. 0069] and whether system 100 can trust the location information from a device (e.g., associate a high enough level of trust value with the location) can depend on the source of that location information. For example, if the location information can from a secure device within infrastructure 101 not vulnerable to modification, system 100 can trust the location information and assign a the location information a high level of trust value [par. 0070]. Therefore, the examiner finds this argument not persuasive. Applicant’s arguments: “neither Roese nor Giobbi teaches or suggests “updating, by the computing apparatus, a permitted user record defining a subset of users that are permitted to logon to the first analytical device, to include the first user in the subset of users permitted to logon on the first analytical device,” as recited in amended independent claim 1.” The Examiner disagrees with the Applicants. The Examiner respectfully submits that Giobbi discloses updating, by the computing apparatus, a permitted user record defining a subset of users that are permitted to logon to the first analytical device, to include the first user in the subset of users permitted to logon on the first analytical device (Giobbi: col. 29 lines 34-44 once connection is authorized 1602, the Reader 108 retrieves 1604 the PDK 102 information, such as PDK ID 312 and other information identifying the owner or entity associated with the PDK 102 [] the reader ID 518 of the Reader 108 is sent to the PDK 102 and stored in the activity log 390 of the PDK 102. The reader and PDK information is sent 1606 to the tracking server 210. The location data retrieval module 1502 receives 1608 the information, including the PDK ID 312. The information is updated 1610 in the location log 1604 of the tracking server 210; col. 29 lines 1-4 the tracking server 210 includes a location data retrieval module 1502 and a location log 1504 [] the location log 1504 is a database). More specifically, Giobbi discloses a Reader 108 is adapted to detect and prevent fraudulent use of PD Ks that are lost, stolen, revoked, expired or otherwise invalid. For example, the Reader 108 can download lists of invalid PD Ks IDs 312 from a remote database and block these PDKs 102 from use with the Reader 108. Furthermore, in one embodiment, the Reader 108 can update the blocked list and/or send updates to remote registries 114,116a, 116b or remote Readers 108 upon detecting a fraudulently used PDK 102. For example, if a biometric input 122 is received by the Reader 108 that does not match the biometric profile received from the PDK 102, the Reader 108 can obtain the PDK ID 312 and add it to a list of blocked PDK IDs 312 [col. 17 lines 44-56]. Therefore, the examiner finds this argument not persuasive. The amended claims 1, 3, 12, 13, and 14 have been addressed in rejection below. Claim Interpretation The following is a quotation of 35 U.S.C. 112(f): (f) Element in Claim for a Combination. – An element in a claim for a combination may be expressed as a means or step for performing a specified function without the recital of structure, material, or acts in support thereof, and such claim shall be construed to cover the corresponding structure, material, or acts described in the specification and equivalents thereof. The following is a quotation of pre-AIA 35 U.S.C. 112, sixth paragraph: An element in a claim for a combination may be expressed as a means or step for performing a specified function without the recital of structure, material, or acts in support thereof, and such claim shall be construed to cover the corresponding structure, material, or acts described in the specification and equivalents thereof. The claims in this application are given their broadest reasonable interpretation using the plain meaning of the claim language in light of the specification as it would be understood by one of ordinary skill in the art. The broadest reasonable interpretation of a claim element (also commonly referred to as a claim limitation) is limited by the description in the specification when 35 U.S.C. 112(f) or pre-AIA 35 U.S.C. 112, sixth paragraph, is invoked. As explained in MPEP § 2181, subsection I, claim limitations that meet the following three-prong test will be interpreted under 35 U.S.C. 112(f) or pre-AIA 35 U.S.C. 112, sixth paragraph: (A) the claim limitation uses the term “means” or “step” or a term used as a substitute for “means” that is a generic placeholder (also called a nonce term or a non-structural term having no specific structural meaning) for performing the claimed function; (B) the term “means” or “step” or the generic placeholder is modified by functional language, typically, but not always linked by the transition word “for” (e.g., “means for”) or another linking word or phrase, such as “configured to” or “so that”; and (C) the term “means” or “step” or the generic placeholder is not modified by sufficient structure, material, or acts for performing the claimed function. Use of the word “means” (or “step”) in a claim with functional language creates a rebuttable presumption that the claim limitation is to be treated in accordance with 35 U.S.C. 112(f) or pre-AIA 35 U.S.C. 112, sixth paragraph. The presumption that the claim limitation is interpreted under 35 U.S.C. 112(f) or pre-AIA 35 U.S.C. 112, sixth paragraph, is rebutted when the claim limitation recites sufficient structure, material, or acts to entirely perform the recited function. Absence of the word “means” (or “step”) in a claim creates a rebuttable presumption that the claim limitation is not to be treated in accordance with 35 U.S.C. 112(f) or pre-AIA 35 U.S.C. 112, sixth paragraph. The presumption that the claim limitation is not interpreted under 35 U.S.C. 112(f) or pre-AIA 35 U.S.C. 112, sixth paragraph, is rebutted when the claim limitation recites function without reciting sufficient structure, material or acts to entirely perform the recited function. Claim limitations in this application that use the word “means” (or “step”) are being interpreted under 35 U.S.C. 112(f) or pre-AIA 35 U.S.C. 112, sixth paragraph, except as otherwise indicated in an Office action. Conversely, claim limitations in this application that do not use the word “means” (or “step”) are not being interpreted under 35 U.S.C. 112(f) or pre-AIA 35 U.S.C. 112, sixth paragraph, except as otherwise indicated in an Office action. This application includes one or more claim limitations that do not use the word “means,” but are nonetheless being interpreted under 35 U.S.C. 112(f) or pre-AIA 35 U.S.C. 112, sixth paragraph, because the claim limitation(s) uses a generic placeholder that is coupled with functional language without reciting sufficient structure to perform the recited function and the generic placeholder is not preceded by a structural modifier. Such claim limitation(s) is/are: “location management system configured to detect,” and “a computer communication network configured to connect,” recited in claim 13. Because this/these claim limitation(s) is/are being interpreted under 35 U.S.C. 112(f) or pre-AIA 35 U.S.C. 112, sixth paragraph, it/they is/are being interpreted to cover the corresponding structure described in the specification as performing the claimed function, and equivalents thereof. If applicant does not intend to have this/these limitation(s) interpreted under 35 U.S.C. 112(f) or pre-AIA 35 U.S.C. 112, sixth paragraph, applicant may: (1) amend the claim limitation(s) to avoid it/them being interpreted under 35 U.S.C. 112(f) or pre-AIA 35 U.S.C. 112, sixth paragraph (e.g., by reciting sufficient structure to perform the claimed function); or (2) present a sufficient showing that the claim limitation(s) recite(s) sufficient structure to perform the claimed function so as to avoid it/them being interpreted under 35 U.S.C. 112(f) or pre-AIA 35 U.S.C. 112, sixth paragraph. Claim Rejections - 35 USC § 103 In the event the determination of the status of the application as subject to AIA 35 U.S.C. 102 and 103 (or as subject to pre-AIA 35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis (i.e., changing from AIA to pre-AIA ) for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status. The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action: A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102 of this title, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made. This application currently names joint inventors. In considering patentability of the claims the examiner presumes that the subject matter of the various claims was commonly owned as of the effective filing date of the claimed invention(s) absent any evidence to the contrary. Applicant is advised of the obligation under 37 CFR 1.56 to point out the inventor and effective filing dates of each claim that was not commonly owned as of the effective filing date of the later invention in order for the examiner to consider the applicability of 35 U.S.C. 102(b)(2)(C) for any potential 35 U.S.C. 102(a)(2) prior art against the later invention. Claims 1-5, 11-14 and 19-22 are rejected under 35 U.S.C. 103 as being unpatentable over Roese et al. (“Roese,” US 2003/0217122) in view of Giobbi (US 11095640). Regarding claim 1: Roese discloses a computer implemented method for controlling user access to an analytical device based on a location of a user relative to the analytical device, the method comprising: receiving, by a computing apparatus and from a location management server of an access-controlled facility, a first location credential identifying a first user and a first access control zone of the access-controlled facility (Roese: par. 0031 system 100 determines the location of user device 104b relative to typically multiple network devices (e.g., 120a and 120b) that receive transmitted signals from user device 104b; par. 0025 a location of a device can relate to the physical location of the device, which can be characterized in a variety of ways including [] a geographic region, or in terms of building structures, such as coordinates on a particular floor in a building or a room number in a building); based at least in part on receiving the first location credential: identifying, by the computing apparatus, a first analytic device that is present within the first access control zone (Roese: par. 0075 a wide variety of events may initiate the process of determining and validating the location of a device. These can include [] triggering of a firewall alarm; par. 0098 firewalls (e.g., 140 (FIG. 8)) also provide a technique for network usage regulation. Firewalls are primarily computer programs designed to analyze packets); and receiving, by the computing apparatus, a user logon credential associated with the first user and provided to the first device as part of an attempted logon process (Roese: par. 0108 FIG. 5 represents another authentication process 500 [] system 100 obtains (step 505) the location information for a client device. In this case, system 100 employs only the location of the device in determining the appropriate level of service [] system 100 can also employ the user credentials (e.g., username and password), in addition to the location, to determine the appropriate level of service); and permitting or denying, by the computing apparatus, the attempted logon process to the first device based at least in part on the user logon credential and the updated permitted user record (Roese: par. 0107 system 100 determines (step 425) whether the user has the proper credentials for the level of the requested service. To do this, system 100 compares the user credentials, the location information, and the conditions of access requested [] with any stored location restrictions. If system 100 determines (step 425) the user is authenticated for the particular request, system 100 determines (step 430) whether the device used by the user is in a location approved or otherwise permitted to receive the requested information, application, and the like). Roese does not explicitly disclose updating, by the computing apparatus, a permitted user record defining a subset of users that are permitted to logon to the first analytical device, to include the first user in the subset of users permitted to logon on the first analytical device. However, Giobbi discloses updating, by the computing apparatus, a permitted user record defining a subset of users that are permitted to logon to the first analytical device, to include the first user in the subset of users permitted to logon on the first analytical device (Giobbi: col. 29 lines 34-44 once connection is authorized 1602, the Reader 108 retrieves 1604 the PDK 102 information, such as PDK ID 312 and other information identifying the owner or entity associated with the PDK 102 [] the reader ID 518 of the Reader 108 is sent to the PDK 102 and stored in the activity log 390 of the PDK 102. The reader and PDK information is sent 1606 to the tracking server 210. The location data retrieval module 1502 receives 1608 the information, including the PDK ID 312. The information is updated 1610 in the location log 1604 of the tracking server 210; col. 29 lines 1-4 the tracking server 210 includes a location data retrieval module 1502 and a location log 1504 [] the location log 1504 is a database). Therefore, it would have been obvious to a person of ordinary skill in the art, before the effective filing date of the claimed invention to combine the teachings of Giobbi with the system/method of Roese to include updating a permitted user record defining a subset of users that are permitted to logon to the first analytical device. One would have been motivated to provide a system for securely authenticating an individual for accessing data or one or more applications (Giobbi: col. 6 lines 44-45). Regarding claim 2: Roese in view of Giobbi discloses the computer implemented method according to claim 1. Roese further discloses obtaining a certification credential of the first user of the first analytical device from a user certification database (Roese: par. 0067 once the location database is established, system 100 can provide the location information to a device when that device connects to a connection point); obtaining certification requirement data of the first analytical device from an analytical device certification requirement database (Roese: par. 0139 location modules 185 are configured to include device location as a requirement to permit access to network-based information, applications, rate service, rate type, and the like); and permitting the attempted logon process if the certification credential of the first user accords with the certification requirement data or denying the first user the ability to logon to the first analytical device if the certification credential of the first user does not accord with the certification requirement data (Roese: par. 0108 system 100 determines (step 510) whether the obtained location is verified. If system 100 determines (step 510) that the location is not verified, system 100 denies (step 515) access or restricts (step 515) access according to predefined policies; par. 0109 if system 100 determines (step 535) that the user location is authenticated at the level required, system 100 allows (step 540) access at the authenticated level). Regarding claim 3: Roese in view of Giobbi discloses the computer implemented method according to claim 1. Roese further discloses receiving, by the computing apparatus and from the location management server, a second location credential identifying the first user and a second access control zone of the access- controlled facility (Roese: par. 0031 system 100 determines the location of user device 104b relative to typically multiple network devices (e.g., 120a and 120b) that receive transmitted signals from user device 104b; par. 0025 a location of a device can relate to the physical location of the device, which can be characterized in a variety of ways including [] a geographic region, or in terms of building structures, such as coordinates on a particular floor in a building or a room number in a building); and based at least in part on receiving the second location credential, removing the first user from the permitted user record associated with the first analytical device (Roese: par. 0030 the location of user device 104b changes as user device 104b moves. Stationary wireless connection points 160h-i may no longer be in communication with user device 104b as user device 104b moves away, thus no longer being connection points for 104b after a certain period of time). Regarding claim 4: Roese in view of Giobbi discloses the computer implemented method according to claim 1. Roese further discloses detecting, via the user certification database, that a certification status of the first user has been changed, such that the first user is no longer certified to logon, or remain logged on, to the first device (Roese: par. 0138 location module 185 may include an updateable table that changes with additions or deletions to system 100 and/or movement of devices associated with system 100; par. 0150 the location database can be dynamic in nature as the client's coordinates can potentially change very frequently); and removing the first user from the permitted user record associated with the first device (Roese: par. 0030 the location of user device 104b changes as user device 104b moves. Stationary wireless connection points 160h-i may no longer be in communication with user device 104b as user device 104b moves away, thus no longer being connection points for 104b after a certain period of time). Giobbi further discloses an analytical device (Giobbi: computing device 2254, col. 36 lines 17-19 the reader of the computing device 2254 also retrieves information from those PDKs 2256, 2258; col 32 line 9 a single workstation). The motivation is the same that of claim 1 above. Regarding claim 5: Roese in view of Giobbi discloses the computer implemented method according to claim 1. Roese further discloses wherein the permitted user record is stored on the first device and the permitted user record is updated to define that the first user is permitted to logon to the first device based on the location credential (Roese: par. 0031 system 100 stores the location information corresponding to wireless user device 104b in association with one or more of the connection points 160h-i in location module 185 (e.g., 185a in an example of a centralized approach). The system 100 updates the corresponding location information as user device 104b moves). Giobbi further discloses an analytical device (Giobbi: computing device 2254, col. 36 lines 17-19 the reader of the computing device 2254 also retrieves information from those PDKs 2256, 2258; col 32 line 9 a single workstation). The motivation is the same that of claim 1 above. Regarding claim 11: Roese in view of Giobbi disclose the computer implemented method according to claim 1. Glavina further discloses wherein the location management system obtains location credentials from an access control system configured to manage access of personnel to location within the facility using one or more of a swipe or radio-frequency identification (RFID) card access system, an iris scanning system, a quick response (QR) or barcode based access system, a Wiegand access system, a personal identification number (PIN) access system, a photo-identification (ID) system, an elevator control system, and/or a wireless network tracking system (Giobbi: col. 7 line 65 radio frequency identification (RFID); col. 7 lines 12-15 the Reader 108 receives a fingerprint, a retinal scan, an iris scan, a facial scan or any other suitable biometric input associated with the individual; col. 12 lines 54-56 the stored profiles 320 include a PIN profile that stores one or more PINs or passwords associated with the PDK owner). The motivation is the same that of claim 1 above. Regarding claim 12: Roese discloses a computing apparatus configured to control user access to an analytical device based on a location of a user relative to the analytical device, the computing apparatus comprising: a computer network communications interface (Roese: par. 0077 the network entity of FIG. 3 is the switching device 136, which has the connection port 165 through which device 114a communicates); and a non-transitory computer-readable media storing computer-executable instructions that when executed, cause the computing apparatus to: receive, over a computing network and from a location management server of an access-controlled facility configured to manage access of personnel to location within the facility, a first location credential identifying a first user and a first access control zone of the access-controlled facility (Roese: par. 0031 system 100 determines the location of user device 104b relative to typically multiple network devices (e.g., 120a and 120b) that receive transmitted signals from user device 104b; par. 0025 a location of a device can relate to the physical location of the device, which can be characterized in a variety of ways including [] a geographic region, or in terms of building structures, such as coordinates on a particular floor in a building or a room number in a building); based at least in part on receiving the first location credential: identify a first analytic device that is present within the first access control zone (Roese: par. 0075 a wide variety of events may initiate the process of determining and validating the location of a device. These can include [] triggering of a firewall alarm; par. 0098 firewalls (e.g., 140 (FIG. 8)) also provide a technique for network usage regulation. Firewalls are primarily computer programs designed to analyze packets); and receive, a user logon credential associated with the first user and provided to the first device as part of an attempted logon process (Roese: par. 0108 FIG. 5 represents another authentication process 500 [] system 100 obtains (step 505) the location information for a client device. In this case, system 100 employs only the location of the device in determining the appropriate level of service [] system 100 can also employ the user credentials (e.g., username and password), in addition to the location, to determine the appropriate level of service); and permit or deny the attempted logon process to the first device based at least in part on the user logon credential and the updated permitted user record (Roese: par. 0107 system 100 determines (step 425) whether the user has the proper credentials for the level of the requested service. To do this, system 100 compares the user credentials, the location information, and the conditions of access requested [] with any stored location restrictions. If system 100 determines (step 425) the user is authenticated for the particular request, system 100 determines (step 430) whether the device used by the user is in a location approved or otherwise permitted to receive the requested information, application, and the like). Roese does not explicitly disclose update a permitted user record defining a subset of users that are permitted to logon to the first analytical device, to include the first user in the subset of users permitted to logon on the first analytical device. However, Giobbi discloses update a permitted user record defining a subset of users that are permitted to logon to the first analytical device, to include the first user in the subset of users permitted to logon on the first analytical device (Giobbi: col. 29 lines 34-44 once connection is authorized 1602, the Reader 108 retrieves 1604 the PDK 102 information, such as PDK ID 312 and other information identifying the owner or entity associated with the PDK 102 [] the reader ID 518 of the Reader 108 is sent to the PDK 102 and stored in the activity log 390 of the PDK 102. The reader and PDK information is sent 1606 to the tracking server 210. The location data retrieval module 1502 receives 1608 the information, including the PDK ID 312. The information is updated 1610 in the location log 1604 of the tracking server 210; col. 29 lines 1-4 the tracking server 210 includes a location data retrieval module 1502 and a location log 1504 [] the location log 1504 is a database). Therefore, it would have been obvious to a person of ordinary skill in the art, before the effective filing date of the claimed invention to combine the teachings of Giobbi with the system/method of Roese to include update a permitted user record defining a subset of users that are permitted to logon to the first analytical device. One would have been motivated to provide a system for securely authenticating an individual for accessing data or one or more applications (Giobbi: col. 6 lines 44-45). Regarding claim 13: Roese discloses a system for controlling user access to an analytical device based on a location of a user relative to the analytical device for analytical device management, the system comprising: a location management system configured to detect when a user leaves or enters the vicinity of the one or more analytical devices (Roese: par. 0075 a wide variety of events may initiate the process of determining and validating the location of a device. These can include [] a new network device joining the network); a computing apparatus comprising one or more physical processors (Roese: fig. 1); and a computer communication network configured to communicatively connect the one or more devices, the location management system, and the computing apparatus (Roese: par. 0025 referring to FIG. 1, a location-aware system 100 operates and provides network-based services to users according to locations of devices that use or are part of the network associated with system 100); wherein the one or more physical processors of the computing apparatus are configured to: receive, over the computer communication network, a first location credential from a location management server of an access-controlled facility, the first location credential identifying a first user and a first access control zone of the access-controlled facility (Roese: par. 0031 system 100 determines the location of user device 104b relative to typically multiple network devices (e.g., 120a and 120b) that receive transmitted signals from user device 104b; par. 0025 a location of a device can relate to the physical location of the device, which can be characterized in a variety of ways including [] a geographic region, or in terms of building structures, such as coordinates on a particular floor in a building or a room number in a building), based at least in part on receiving the first location credential: identify a first analytic device that is present within the first access control zone (Roese: par. 0075 a wide variety of events may initiate the process of determining and validating the location of a device. These can include [] triggering of a firewall alarm; par. 0098 firewalls (e.g., 140 (FIG. 8)) also provide a technique for network usage regulation. Firewalls are primarily computer programs designed to analyze packets); receive, a user logon credential associated with the first user and provided to the first device as part of an attempted logon process (Roese: par. 0108 FIG. 5 represents another authentication process 500 [] system 100 obtains (step 505) the location information for a client device. In this case, system 100 employs only the location of the device in determining the appropriate level of service [] system 100 can also employ the user credentials (e.g., username and password), in addition to the location, to determine the appropriate level of service); and permit or deny the attempted logon process to the first device based at least in part on the user logon credential and the updated permitted user record (Roese: par. 0107 system 100 determines (step 425) whether the user has the proper credentials for the level of the requested service. To do this, system 100 compares the user credentials, the location information, and the conditions of access requested [] with any stored location restrictions. If system 100 determines (step 425) the user is authenticated for the particular request, system 100 determines (step 430) whether the device used by the user is in a location approved or otherwise permitted to receive the requested information, application, and the like). Roese does not explicitly disclose update a permitted user record defining a subset of users that are permitted to logon to the first analytical device, to include the first user in the subset of users permitted to logon on the first analytical device. However, Giobbi discloses update a permitted user record defining a subset of users that are permitted to logon to the first analytical device, to include the first user in the subset of users permitted to logon on the first analytical device (Giobbi: col. 29 lines 34-44 once connection is authorized 1602, the Reader 108 retrieves 1604 the PDK 102 information, such as PDK ID 312 and other information identifying the owner or entity associated with the PDK 102 [] the reader ID 518 of the Reader 108 is sent to the PDK 102 and stored in the activity log 390 of the PDK 102. The reader and PDK information is sent 1606 to the tracking server 210. The location data retrieval module 1502 receives 1608 the information, including the PDK ID 312. The information is updated 1610 in the location log 1604 of the tracking server 210; col. 29 lines 1-4 the tracking server 210 includes a location data retrieval module 1502 and a location log 1504 [] the location log 1504 is a database). Therefore, it would have been obvious to a person of ordinary skill in the art, before the effective filing date of the claimed invention to combine the teachings of Giobbi with the system/method of Roese to include update a permitted user record defining a subset of users that are permitted to logon to the first analytical device. One would have been motivated to provide a system for securely authenticating an individual for accessing data or one or more applications (Giobbi: col. 6 lines 44-45). Regarding claim 14: Roese disclose a non-transitory computer readable storage medium comprising computer-readable instruction, executable by one or more physical processors, for controlling a computing apparatus which, when being executed by a processing unit of the computing apparatus, is configured to perform operations comprising: receive, by the computing apparatus and from a location management system of an access-controlled facility, a first location credential identifying a first user and a first access control zone of the access-controlled facility (Roese: par. 0031 system 100 determines the location of user device 104b relative to typically multiple network devices (e.g., 120a and 120b) that receive transmitted signals from user device 104b; par. 0025 a location of a device can relate to the physical location of the device, which can be characterized in a variety of ways including [] a geographic region, or in terms of building structures, such as coordinates on a particular floor in a building or a room number in a building), based at least in part on receiving the first location credential: identifying that the computing apparatus is installed in the first access control zone (Roese: par. 0075 a wide variety of events may initiate the process of determining and validating the location of a device. These can include [] triggering of a firewall alarm; par. 0098 firewalls (e.g., 140 (FIG. 8)) also provide a technique for network usage regulation. Firewalls are primarily computer programs designed to analyze packets); receiving, by the computing apparatus, a user logon credential associated with the first user and provided to the computing apparatus as part of an attempted logon process (Roese: par. 0108 FIG. 5 represents another authentication process 500 [] system 100 obtains (step 505) the location information for a client device. In this case, system 100 employs only the location of the device in determining the appropriate level of service [] system 100 can also employ the user credentials (e.g., username and password), in addition to the location, to determine the appropriate level of service); and permitting or denying, by the computing apparatus, the attempted logon process to the computing apparatus based at least in part on the user logon credential and the updated permitted user record (Roese: par. 0107 system 100 determines (step 425) whether the user has the proper credentials for the level of the requested service. To do this, system 100 compares the user credentials, the location information, and the conditions of access requested [] with any stored location restrictions. If system 100 determines (step 425) the user is authenticated for the particular request, system 100 determines (step 430) whether the device used by the user is in a location approved or otherwise permitted to receive the requested information, application, and the like). Roese does not explicitly disclose updating, by the computing apparatus, a permitted user record defining a subset of users that are permitted to logon to the first analytical device, to include the first user in the subset of users permitted to logon on the first analytical device. However, Giobbi discloses updating, by the computing apparatus, a permitted user record defining a subset of users that are permitted to logon to the first analytical device, to include the first user in the subset of users permitted to logon on the first analytical device (Giobbi: col. 29 lines 34-44 once connection is authorized 1602, the Reader 108 retrieves 1604 the PDK 102 information, such as PDK ID 312 and other information identifying the owner or entity associated with the PDK 102 [] the reader ID 518 of the Reader 108 is sent to the PDK 102 and stored in the activity log 390 of the PDK 102. The reader and PDK information is sent 1606 to the tracking server 210. The location data retrieval module 1502 receives 1608 the information, including the PDK ID 312. The information is updated 1610 in the location log 1604 of the tracking server 210; col. 29 lines 1-4 the tracking server 210 includes a location data retrieval module 1502 and a location log 1504 [] the location log 1504 is a database). Therefore, it would have been obvious to a person of ordinary skill in the art, before the effective filing date of the claimed invention to combine the teachings of Giobbi with the system/method of Roese to include updating a permitted user record defining a subset of users that are permitted to logon to the first analytical device. One would have been motivated to provide a system for securely authenticating an individual for accessing data or one or more applications (Giobbi: col. 6 lines 44-45). Regarding claim 19: Roese in view of Giobbi discloses the computer implemented method of claim 1. Giobbi further discloses wherein the first analytical device is a non-mobile device installed at fixed location within the first access control zone (Giobbi: computing device 2254 [i.e., fixed workstation/equipment], col. 36 lines 17-19 the reader of the computing device 2254 also retrieves information from those PDKs 2256, 2258; col 32 line 9 a single workstation; col. 7 lines 60-62 the Reader 108 wirelessly communicates with the PDK 102 when the PDK 102 is within a proximity zone [i.e., access control zone] of the Reader 108). The motivation is the same that of claim 1 above. Regarding claim 20: Roese in view of Giobbi discloses the computer implemented method of claim 1. Giobbi further discloses wherein updating the permitted user record associated with the first analytical device is performed prior to the attempted logon process (Giobbi: col. 29 lines 42-43 the information is updated 1610 in the location log 1604 of the tracking server 210; lines 56-59 this process 1600 occurs whenever a PDK 102 enters the proximity zone of each Reader 108 that it passes enabling constant tracking and location of individuals carrying PD Ks 102 and equipment with affixed PDKs 102). The motivation is the same that of claim 1 above. Regarding claim 21: Roese in view of Giobbi discloses the computer implemented method of claim 1. wherein receiving the first location credential comprises: detecting, by the location management server, that the first user has passed through an access point into the first access control zone (Giobbi: col. 7 lines 60-66 the Reader 108 wirelessly communicates with the PDK 102 when the PDK 102 is within a proximity zone of the Reader 108. The proximity zone can be, for example, several meters in radius and can be adjusted dynamically by the Reader 108. Thus, in contrast to many conventional radio frequency identification (RFID) devices, the Reader 108 is able to detect and communicate with the PDK 102); and generating, by the location management server, the first location credential based on the detection (Giobbi: col. 19 lines 26-30 authorizing a communication connection using secure authentication. When a PDK 102 comes within range of a Reader 108, communication is automatically established 702 between the RDC 504 of the Reader 108 and the PDK 102). Regarding claim 22: Roese in view of Giobbi discloses the computer implemented method of claim 1. in response to receiving the first location credential, adding the first location credential to a plurality of location credentials stored on the computing apparatus, wherein the plurality of location credentials identifies a set of users that are currently present in the first access control zone (Roese: par. 0040 system 100 dynamically modifies the location of the device stored in the location database [] system 100 updates the location database; par. 0058 the current location information derived by the user device be sent to the location database in the location server 134. Upon receipt of that information, system 100 updates the location information in its location database for that connection point). Claims 7-9 are rejected under 35 U.S.C. 103 as being unpatentable over Roese et al. (“Roese,” US 2003/0217122) in view of Giobbi (US 11095640) and Knight et al. (“Knight,” US 2020/0412810). Regarding claim 7: Roese in view of Giobbi discloses the computer implemented method according to claim 1. Roese in view of Giobbi does not explicitly disclose obtaining a connectivity graph model representing an access scheme of the access-controlled facility, wherein the connectivity graph model comprises: a plurality of nodes, wherein each of the plurality of nodes represents an access control zone within the access-controlled facility, a plurality of edges, wherein each of the plurality of edges represents an access point between a set of access control zones, and mapping the first location credential received from the location management server to the connectivity graph model. However, Knight discloses obtaining a connectivity graph model representing an access scheme of the access-controlled facility (Knight: par. 0042 FIG. 7 illustrates an example graph schema 700 of the location entities); and wherein the connectivity graph model comprises: a plurality of nodes, wherein each of the plurality of nodes represents an access control zone within the access-controlled facility (Knight: par. 0042 graph schema 700 of the location entities [] the tower, building, floor, company, space zone, space, and zone are represented respectively as the nodes 705a-g [] of the graph 700); and a plurality of edges, wherein each of the plurality of edges represents an access point between a set of access control zones (Knight: par. 0042 the graph representation 700 includes a plurality of edges 710a-g that represent relationships between the location entities mapped to the nodes 705); and mapping the first location credential received from the location management server to the connectivity graph model (Knight: par. 0042 the relationship between the tower entity of node 705a and the building entity of node 705b is represented by the edge 710a. The direction of the edge 710a is from the tower entity of node 705a to the building entity of node 705b. The property of the edge 710a indicates that the tower entity of node 705a is a "located in" the building entity of node 705b). Therefore, it would have been obvious to a person of ordinary skill in the art, before the effective filing date of the claimed invention to combine the teachings of Knight with the system/method of Roese and Giobbi to include mapping the first location credential of the first user received from the location management system to the connectivity graph model. One would have been motivated to evaluate and filter the data received from the devices to perform edge-based analytics and edge-based control of devices (Knight: par. 0026). Regarding claim 8: Roese in view of Giobbi and Knight discloses the computer implemented method according to claim 7. Roese further discloses labelling one or more nodes in the connectivity graph model subsequent to a node of the connectivity graph model representing the first location of the first user (Roese: par. 0158 Table 4 illustrates an example of some entries that can be included in an expanded location database in this location advertising system example. In this example, the first five columns from the left (i.e., entry port to geographic location, inclusive) represent information provisioned on the location client. The last two columns from the left (i.e., client switch IP address and serial number) represent information obtained/learned from the location client); and updating the permitted user record to remove the first user from the permitted user record so that a second analytical device at a second location of the access-controlled facility represented by an unlabeled node of the connectivity graph model cannot be accessed by a second user using the a same user logon credentials associated with the first user (Roese: par. 0031 system 100 stores the location information corresponding to wireless user device 104b in association with one or more of the connection points 160h-i in location module 185 (e.g., 185a in an example of a centralized approach). The system 100 updates the corresponding location information as user device 104b moves; par. 0159 it is also possible for the location advertising system in the provisioning switch to provide a temporary Internet address and/or the unified resource locator (URL) to a network attached location database where the location client can retrieve a more advanced configuration file. For example, see entries 6, 8, and 10 of Table 3 above. The configuration file can be retrieved via standard mechanisms such as trivial file transfer protocol or Internet file transfer protocol). Regarding claim 9: Roese in view of Giobbi and Knight discloses the computer implemented method according to claim 8. Roese further discloses labelling only a present node in the connectivity graph model as representing the first location of the first user (Roese: par. 0158 Table 4 illustrates an example of some entries that can be included in an expanded location database in this location advertising system example. In this example, the first five columns from the left (i.e., entry port to geographic location, inclusive) represent information provisioned on the location client. The last two columns from the left (i.e., client switch IP address and serial number) represent information obtained/learned from the location client); and updating the permitted user record to remove the first user from the permitted user record so that a third analytical device at a third location of the access-controlled facility represented by an unlabeled node of the connectivity graph model cannot be accessed by a third user using a same user logon credentials with the first user (Roese: par. 0031 system 100 stores the location information corresponding to wireless user device 104b in association with one or more of the connection points 160h-i in location module 185 (e.g., 185a in an example of a centralized approach). The system 100 updates the corresponding location information as user device 104b moves; par. 0159 it is also possible for the location advertising system in the provisioning switch to provide a temporary Internet address and/or the unified resource locator (URL) to a network attached location database where the location client can retrieve a more advanced configuration file. For example, see entries 6, 8, and 10 of Table 3 above. The configuration file can be retrieved via standard mechanisms such as trivial file transfer protocol or Internet file transfer protocol). Claims 16-18 are rejected under 35 U.S.C. 103 as being unpatentable over Roese et al. (“Roese,” US 2003/0217122) in view of Giobbi (US 11095640) and Malan (US 2019/0289016). Regarding claim 16: Roese in view of Giobbi discloses the computer implemented method of claim 1. Roese in view of Giobbi does not explicitly disclose wherein permitting or denying the attempted logon process comprises: determining an ambulation time associated with the first user, based at least in part on the first location of the first access control zone and a second location associated with the first analytical device. However, Malan discloses wherein permitting or denying the attempted logon process comprises: determining an ambulation time associated with the first user, based at least in part on the first location of the first access control zone and a second location associated with the first analytical device (Malan: par. 0063 at block 304, a geographic location and a time for the received authentication request are identified by the processing device; par. 0065 at block 308, it is determined whether a difference in time between the identified time and a stored time for the previous successful authentication request is large enough that a user of the account is able to travel a difference in distance between the identified geographic location and a stored geographic location for the previous successful authentication request within the difference in time). Therefore, it would have been obvious to a person of ordinary skill in the art, before the effective filing date of the claimed invention to combine the teachings of Malan with the system/method of Roese and Giobbi to include determining an ambulation time associated with the first user, based at least in part on the first location of the first access control zone and a second location associated with the first analytical device. One would have been motivated to preventing unauthorized access of an account based on a location and time of the access (Malan: par. 0001). Regarding claims 17-18: Claims 17-18 are similar in scope to claim 16 and are therefore rejected under similar rationale. Conclusion Any inquiry concerning this communication or earlier communications from the examiner should be directed to Fahimeh Mohammadi whose telephone number is (571)270-7857. The examiner can normally be reached Monday - Friday 9:00 - 5:00. Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice. If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Luu Pham can be reached at 5712705002. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300. Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. Visit https://www.uspto.gov/patents/apply/patent-center for more information about Patent Center and https://www.uspto.gov/patents/docx for information about filing in DOCX format. For additional questions, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000. /FAHIMEH MOHAMMADI/ Examiner, Art Unit 2439 /LUU T PHAM/Supervisory Patent Examiner, Art Unit 2439
Read full office action

Prosecution Timeline

Show 8 earlier events
Jun 02, 2025
Non-Final Rejection mailed — §103
Aug 29, 2025
Examiner Interview Summary
Aug 29, 2025
Applicant Interview (Telephonic)
Sep 02, 2025
Response Filed
Dec 17, 2025
Final Rejection mailed — §103
Apr 15, 2026
Request for Continued Examination
Apr 26, 2026
Response after Non-Final Action
Jun 03, 2026
Non-Final Rejection mailed — §103 (current)

Precedent Cases

Applications granted by this same examiner with similar technology

Patent 12665896
ELECTRICITY METER AND SYSTEM HARDENED AGAINST ATTACK VECTORS
2y 8m to grant Granted Jun 23, 2026
Patent 12604186
Methods and Systems for Network Authentication Using a Unique Authentication Identifier
2y 12m to grant Granted Apr 14, 2026
Patent 12598078
NETWORK ACCESS USING HARDWARE-BASED SECURITY
3y 1m to grant Granted Apr 07, 2026
Patent 12598174
FLEET MANAGEMENT SYSTEM AND METHOD
1y 9m to grant Granted Apr 07, 2026
Patent 12568073
SECURE EXCHANGE OF CERTIFICATE AUTHORITY CERTIFICATE INLINE AS PART OF FILE TRANSFER PROTOCOL
3y 7m to grant Granted Mar 03, 2026
Study what changed to get past this examiner. Based on 5 most recent grants.

Strategy Recommendation AI-generated — please review before filing

Get a prosecution strategy drawn from examiner precedents, rejection analysis, and claim mapping.
Typically takes 5-10 seconds — AI-generated, attorney review required before filing

Prosecution Projections

5-6
Expected OA Rounds
76%
Grant Probability
99%
With Interview (+52.2%)
3y 1m (~0m remaining)
Median Time to Grant
High
PTA Risk
Based on 296 resolved cases by this examiner. Grant probability derived from career allowance rate.

Sign in with your work email

Enter your email to receive a magic link. No password needed.

Personal email addresses (Gmail, Yahoo, etc.) are not accepted.

Free tier: 3 strategy analyses per month