LOCATION-BASED ACCESS CONTROL OF A MEDICAL ANALYZER

DETAILED ACTION Notice of Pre-AIA or AIA Status The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA . This Office Action is in response to the Amendment filed on 09/02/2025. In the instant Amendment, claims 19 and 20 have been added; claims 1-7, 10-14 and 16-18 have been amended; and claims 1, 12, 13 and 14 are independent claims. Claims 1-14 and 16-20 have been examined and are pending. This Action is made FINAL. Response to Arguments In attempt to promote compact prosecution, the Examiner has contacted the Applicants for possible amendments to move the case forward. However the Applicants and the Examiner could not come up with an agreement. Claims 1 and 12 are no longer interpreted under 35 U.S.C. 112(f) as claims have been amended. Applicant’s arguments with respect to claims 1-14 and 16-20 have been considered but are moot because the arguments do not apply to any of the references being used in the current rejection. The new reference Giobbi (US 11095640) used to address the limitations. The amended claims 1, 12, 13, 14 and new claims 19-20 have been addressed in rejection below. Claim Interpretation The following is a quotation of 35 U.S.C. 112(f): (f) Element in Claim for a Combination. – An element in a claim for a combination may be expressed as a means or step for performing a specified function without the recital of structure, material, or acts in support thereof, and such claim shall be construed to cover the corresponding structure, material, or acts described in the specification and equivalents thereof. The following is a quotation of pre-AIA 35 U.S.C. 112, sixth paragraph: An element in a claim for a combination may be expressed as a means or step for performing a specified function without the recital of structure, material, or acts in support thereof, and such claim shall be construed to cover the corresponding structure, material, or acts described in the specification and equivalents thereof. The claims in this application are given their broadest reasonable interpretation using the plain meaning of the claim language in light of the specification as it would be understood by one of ordinary skill in the art. The broadest reasonable interpretation of a claim element (also commonly referred to as a claim limitation) is limited by the description in the specification when 35 U.S.C. 112(f) or pre-AIA 35 U.S.C. 112, sixth paragraph, is invoked. As explained in MPEP § 2181, subsection I, claim limitations that meet the following three-prong test will be interpreted under 35 U.S.C. 112(f) or pre-AIA 35 U.S.C. 112, sixth paragraph: (A) the claim limitation uses the term “means” or “step” or a term used as a substitute for “means” that is a generic placeholder (also called a nonce term or a non-structural term having no specific structural meaning) for performing the claimed function; (B) the term “means” or “step” or the generic placeholder is modified by functional language, typically, but not always linked by the transition word “for” (e.g., “means for”) or another linking word or phrase, such as “configured to” or “so that”; and (C) the term “means” or “step” or the generic placeholder is not modified by sufficient structure, material, or acts for performing the claimed function. Use of the word “means” (or “step”) in a claim with functional language creates a rebuttable presumption that the claim limitation is to be treated in accordance with 35 U.S.C. 112(f) or pre-AIA 35 U.S.C. 112, sixth paragraph. The presumption that the claim limitation is interpreted under 35 U.S.C. 112(f) or pre-AIA 35 U.S.C. 112, sixth paragraph, is rebutted when the claim limitation recites sufficient structure, material, or acts to entirely perform the recited function. Absence of the word “means” (or “step”) in a claim creates a rebuttable presumption that the claim limitation is not to be treated in accordance with 35 U.S.C. 112(f) or pre-AIA 35 U.S.C. 112, sixth paragraph. The presumption that the claim limitation is not interpreted under 35 U.S.C. 112(f) or pre-AIA 35 U.S.C. 112, sixth paragraph, is rebutted when the claim limitation recites function without reciting sufficient structure, material or acts to entirely perform the recited function. Claim limitations in this application that use the word “means” (or “step”) are being interpreted under 35 U.S.C. 112(f) or pre-AIA 35 U.S.C. 112, sixth paragraph, except as otherwise indicated in an Office action. Conversely, claim limitations in this application that do not use the word “means” (or “step”) are not being interpreted under 35 U.S.C. 112(f) or pre-AIA 35 U.S.C. 112, sixth paragraph, except as otherwise indicated in an Office action. This application includes one or more claim limitations that do not use the word “means,” but are nonetheless being interpreted under 35 U.S.C. 112(f) or pre-AIA 35 U.S.C. 112, sixth paragraph, because the claim limitation(s) uses a generic placeholder that is coupled with functional language without reciting sufficient structure to perform the recited function and the generic placeholder is not preceded by a structural modifier. Such claim limitation(s) is/are: “location management system configured to detect,” and “a computer communication network configured to connect,” recited in claim 13; and “location management system [] configured to manage access,” recited in claim 14. Because this/these claim limitation(s) is/are being interpreted under 35 U.S.C. 112(f) or pre-AIA 35 U.S.C. 112, sixth paragraph, it/they is/are being interpreted to cover the corresponding structure described in the specification as performing the claimed function, and equivalents thereof. If applicant does not intend to have this/these limitation(s) interpreted under 35 U.S.C. 112(f) or pre-AIA 35 U.S.C. 112, sixth paragraph, applicant may: (1) amend the claim limitation(s) to avoid it/them being interpreted under 35 U.S.C. 112(f) or pre-AIA 35 U.S.C. 112, sixth paragraph (e.g., by reciting sufficient structure to perform the claimed function); or (2) present a sufficient showing that the claim limitation(s) recite(s) sufficient structure to perform the claimed function so as to avoid it/them being interpreted under 35 U.S.C. 112(f) or pre-AIA 35 U.S.C. 112, sixth paragraph. Claim Rejections - 35 USC § 103 In the event the determination of the status of the application as subject to AIA 35 U.S.C. 102 and 103 (or as subject to pre-AIA 35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis (i.e., changing from AIA to pre-AIA ) for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status. The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action: A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102 of this title, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made. This application currently names joint inventors. In considering patentability of the claims the examiner presumes that the subject matter of the various claims was commonly owned as of the effective filing date of the claimed invention(s) absent any evidence to the contrary. Applicant is advised of the obligation under 37 CFR 1.56 to point out the inventor and effective filing dates of each claim that was not commonly owned as of the effective filing date of the later invention in order for the examiner to consider the applicability of 35 U.S.C. 102(b)(2)(C) for any potential 35 U.S.C. 102(a)(2) prior art against the later invention. Claims 1-5, 10-14 and 19-20 are rejected under 35 U.S.C. 103 as being unpatentable over Roese et al. (“Roese,” US 2003/0217122) in view of Giobbi (US 11095640). Regarding claim 1: Roese discloses a computer implemented method for controlling user access to an analytical device based on a location of a user relative to the analytical device, the method comprising: receiving, by a computing apparatus, a first location credential from a location management server of an access-controlled facility configured to manage access of personnel to location within the facility (Roese: par. 0031 system 100 determines the location of user device 104b relative to typically multiple network devices (e.g., 120a and 120b) that receive transmitted signals from user device 104b; par. 0109 if system 100 determines (step 535) that the user location is authenticated at the level required, system 100 allows (step 540) access at the authenticated level), updating, by the computing apparatus and in response to receiving the first location credential (Roese: par. 0031 the system 100 updates the corresponding location information as user device 104b moves; par. 0040 system 100 maintains the location information centrally on the location server 134 in the location database in location module 185a [] system 100 dynamically modifies the location of the device stored in the location database as the device moves; par. 0099 during this authentication, system 100 verifies the location of device 104 [] if the user is authenticated and the location is both verified and authenticated for the requested network resources, system 100 proceeds in allowing device 104 to access the requested resources. System 100 can log each of these events for administrative use); receiving, by the computing apparatus, a user logon credential associated with the first user and provided to the first device as part of an attempted logon process (Roese: par. 0108 FIG. 5 represents another authentication process 500 [] system 100 obtains (step 505) the location information for a client device. In this case, system 100 employs only the location of the device in determining the appropriate level of service [] system 100 can also employ the user credentials (e.g., username and password), in addition to the location, to determine the appropriate level of service); and permitting or denying, by the computing apparatus, the attempted logon process to the first device based at least in part on the user logon credential and the updated permitted user record (Roese: par. 0107 system 100 determines (step 425) whether the user has the proper credentials for the level of the requested service. To do this, system 100 compares the user credentials, the location information, and the conditions of access requested [] with any stored location restrictions. If system 100 determines (step 425) the user is authenticated for the particular request, system 100 determines (step 430) whether the device used by the user is in a location approved or otherwise permitted to receive the requested information, application, and the like). Roese does not explicitly disclose an analytical device, the first location credential indicating that a first user has entered a first access control zone of the access-controlled facility, determining, based at least in part on receiving the first location credential, a first analytical device within the first access control zone and a permitted user record indicating that the first user is permitted to logon to the first analytical device. However, Giobbi discloses an analytical device (Giobbi: computing device 2254, col. 36 lines 17-19 the reader of the computing device 2254 also retrieves information from those PDKs 2256, 2258; col 32 line 9 a single workstation); the first location credential indicating that a first user has entered a first access control zone of the access-controlled facility (Giobbi: col. 7 lines 60-66 the Reader 108 wirelessly communicates with the PDK 102 when the PDK 102 is within a proximity zone of the Reader 108. The proximity zone can be, for example, several meters in radius and can be adjusted dynamically by the Reader 108. Thus, in contrast to many conventional radio frequency identification (RFID) devices, the Reader 108 is able to detect and communicate with the PDK 102); determining, based at least in part on receiving the first location credential, a first analytical device within the first access control zone (Giobbi: col. 19 lines 26-30 authorizing a communication connection using secure authentication. When a PDK 102 comes within range of a Reader 108, communication is automatically established 702 between the RDC 504 of the Reader 108 and the PDK 102); and a permitted user record indicating that the first user is permitted to logon to the first analytical device (Giobbi: col. 29 lines 64-67 through col. 30 lines 1-6 computing devices are also equipped with readers 1652 for receiving PDK information. The Readers 1650 and 1652 receive information from the provider PDKs 1654, patient PDKs 1656 and equipment PDKs 1658 enabling the location and tracking of providers, patients and equipment anywhere throughout the healthcare facility [] lines 4-6 the auto login server 220 allows for automated electronic signing on of providers into the healthcare computer system). Therefore, it would have been obvious to a person of ordinary skill in the art, before the effective filing date of the claimed invention to combine the teachings of Giobbi with the system/method of Roese to include a permitted user record indicating that the first user is permitted to logon to the first analytical device. One would have been motivated to provide a system for securely authenticating an individual for accessing data or one or more applications (Giobbi: col. 6 lines 44-45). Regarding claim 2: Roese in view of Giobbi discloses the computer implemented method according to claim 1. Roese further discloses obtaining a certification credential of the first user of the first analytical device from a user certification database (Roese: par. 0067 once the location database is established, system 100 can provide the location information to a device when that device connects to a connection point); obtaining certification requirement data of the first analytical device from an analytical device certification requirement database (Roese: par. 0139 location modules 185 are configured to include device location as a requirement to permit access to network-based information, applications, rate service, rate type, and the like); and permitting the first user to logon to the first analytical device if the certification credential of the first user accords with the certification requirement data or denying the first user the ability to logon to the first analytical device if the certification credential of the first user does not accord with the certification requirement data (Roese: par. 0108 system 100 determines (step 510) whether the obtained location is verified. If system 100 determines (step 510) that the location is not verified, system 100 denies (step 515) access or restricts (step 515) access according to predefined policies; par. 0109 if system 100 determines (step 535) that the user location is authenticated at the level required, system 100 allows (step 540) access at the authenticated level). Regarding claim 3: Roese in view of Giobbi discloses the computer implemented method according to claim 1. Roese further discloses detecting, via the location management server, that the first user has left the first access control zone containing the first analytical device based on a second received location credential (Roese: par. 0138 location module 185 may include an updateable table that changes with additions or deletions to system 100 and/or movement of devices associated with system 100; par. 0150 the location database can be dynamic in nature as the client's coordinates can potentially change very frequently); and removing the first user from the permitted user record associated with the first analytical device (Roese: par. 0030 the location of user device 104b changes as user device 104b moves. Stationary wireless connection points 160h-i may no longer be in communication with user device 104b as user device 104b moves away, thus no longer being connection points for 104b after a certain period of time). Giobbi further discloses an analytical device (Giobbi: computing device 2254, col. 36 lines 17-19 the reader of the computing device 2254 also retrieves information from those PDKs 2256, 2258; col 32 line 9 a single workstation). The motivation is the same that of claim 1 above. Regarding claim 4: Roese in view of Giobbi discloses the computer implemented method according to claim 1. Roese further discloses detecting, via the user certification database, that a certification status of the first user has been changed, such that the first user is no longer certified to logon, or remain logged on, to the first device (Roese: par. 0138 location module 185 may include an updateable table that changes with additions or deletions to system 100 and/or movement of devices associated with system 100; par. 0150 the location database can be dynamic in nature as the client's coordinates can potentially change very frequently); and removing the first user from the permitted user record associated with the first device (Roese: par. 0030 the location of user device 104b changes as user device 104b moves. Stationary wireless connection points 160h-i may no longer be in communication with user device 104b as user device 104b moves away, thus no longer being connection points for 104b after a certain period of time). Giobbi further discloses an analytical device (Giobbi: computing device 2254, col. 36 lines 17-19 the reader of the computing device 2254 also retrieves information from those PDKs 2256, 2258; col 32 line 9 a single workstation). The motivation is the same that of claim 1 above. Regarding claim 5: Roese in view of Giobbi discloses the computer implemented method according to claim 1. Roese further discloses wherein the permitted user record is hosted by the first device and the permitted user record is updated to define that the first user is permitted to logon to the first device based on the location credential (Roese: par. 0031 system 100 stores the location information corresponding to wireless user device 104b in association with one or more of the connection points 160h-i in location module 185 (e.g., 185a in an example of a centralized approach). The system 100 updates the corresponding location information as user device 104b moves). Giobbi further discloses an analytical device (Giobbi: computing device 2254, col. 36 lines 17-19 the reader of the computing device 2254 also retrieves information from those PDKs 2256, 2258; col 32 line 9 a single workstation). The motivation is the same that of claim 1 above. Regarding claim 10: Roese in view of Giobbi discloses the computer implemented method according to claim 1. Roese further discloses wherein the first location credential defines the presence of the first user in either (i) a first, insecure, location that does not contain the first device, or (ii) in a second, secure, location that does contain the first device (Roese: par. 0051 determining location information for an authenticated user by trustworthy devices (e.g., a device within infrastructure 101 that cannot be altered) enables system 100 to assign to the location information a higher value for the level of trust and enables greater security in the permitted access to system 100). Giobbi further discloses an analytical device (Giobbi: computing device 2254, col. 36 lines 17-19 the reader of the computing device 2254 also retrieves information from those PDKs 2256, 2258; col 32 line 9 a single workstation). The motivation is the same that of claim 1 above. Regarding claim 11: Roese in view of Giobbi disclose the computer implemented method according to claim 1. Glavina further discloses wherein the location management system obtains location credentials from an access control system configured to manage access of personnel to location within the facility using one or more of a swipe or radio-frequency identification (RFID) card access system, an iris scanning system, a quick response (QR) or barcode based access system, a Wiegand access system, a personal identification number (PIN) access system, a photo-identification (ID) system, an elevator control system, and/or a wireless network tracking system (Giobbi: col. 7 line 65 radio frequency identification (RFID); col. 7 lines 12-15 the Reader 108 receives a fingerprint, a retinal scan, an iris scan, a facial scan or any other suitable biometric input associated with the individual; col. 12 lines 54-56 the stored profiles 320 include a PIN profile that stores one or more PINs or passwords associated with the PDK owner). The motivation is the same that of claim 1 above. Regarding claim 12: Roese discloses a computing apparatus configured to control user access to an analytical device based on a location of a user relative to the analytical device, the computing apparatus comprising: a computer network communications interface (Roese: par. 0077 the network entity of FIG. 3 is the switching device 136, which has the connection port 165 through which device 114a communicates); and a non-transitory computer-readable media storing computer-executable instructions that when executed, cause the computing apparatus to: receive, by a computer network, a first location credential from a location management server of an access-controlled facility configured to manage access of personnel to location within the facility (Roese: par. 0031 system 100 determines the location of user device 104b relative to typically multiple network devices (e.g., 120a and 120b) that receive transmitted signals from user device 104b; par. 0109 if system 100 determines (step 535) that the user location is authenticated at the level required, system 100 allows (step 540) access at the authenticated level), update, in response to receiving the first location credential (Roese: par. 0031 the system 100 updates the corresponding location information as user device 104b moves; par. 0040 system 100 maintains the location information centrally on the location server 134 in the location database in location module 185a [] system 100 dynamically modifies the location of the device stored in the location database as the device moves; par. 0099 during this authentication, system 100 verifies the location of device 104 [] if the user is authenticated and the location is both verified and authenticated for the requested network resources, system 100 proceeds in allowing device 104 to access the requested resources. System 100 can log each of these events for administrative use); receive, a user logon credential associated with the first user and provided to the first device as part of an attempted logon process (Roese: par. 0108 FIG. 5 represents another authentication process 500 [] system 100 obtains (step 505) the location information for a client device. In this case, system 100 employs only the location of the device in determining the appropriate level of service [] system 100 can also employ the user credentials (e.g., username and password), in addition to the location, to determine the appropriate level of service); and permit or deny the attempted logon process to the first device based at least in part on the user logon credential and the updated permitted user record (Roese: par. 0107 system 100 determines (step 425) whether the user has the proper credentials for the level of the requested service. To do this, system 100 compares the user credentials, the location information, and the conditions of access requested [] with any stored location restrictions. If system 100 determines (step 425) the user is authenticated for the particular request, system 100 determines (step 430) whether the device used by the user is in a location approved or otherwise permitted to receive the requested information, application, and the like). Roese does not explicitly disclose an analytical device, the first location credential indicating that a first user has entered a first access control zone of the access-controlled facility, determine, based at least in part on receiving the first location credential, a first analytical device within the first access control zone and a permitted user record indicating that the first user is permitted to logon to the first analytical device. However, Giobbi discloses an analytical device (Giobbi: computing device 2254, col. 36 lines 17-19 the reader of the computing device 2254 also retrieves information from those PDKs 2256, 2258; col 32 line 9 a single workstation); the first location credential indicating that a first user has entered a first access control zone of the access-controlled facility (Giobbi: col. 7 lines 60-66 the Reader 108 wirelessly communicates with the PDK 102 when the PDK 102 is within a proximity zone of the Reader 108. The proximity zone can be, for example, several meters in radius and can be adjusted dynamically by the Reader 108. Thus, in contrast to many conventional radio frequency identification (RFID) devices, the Reader 108 is able to detect and communicate with the PDK 102); determine, based at least in part on receiving the first location credential, a first analytical device within the first access control zone (Giobbi: col. 19 lines 26-30 authorizing a communication connection using secure authentication. When a PDK 102 comes within range of a Reader 108, communication is automatically established 702 between the RDC 504 of the Reader 108 and the PDK 102); and a permitted user record indicating that the first user is permitted to logon to the first analytical device (Giobbi: col. 29 lines 64-67 through col. 30 lines 1-6 computing devices are also equipped with readers 1652 for receiving PDK information. The Readers 1650 and 1652 receive information from the provider PDKs 1654, patient PDKs 1656 and equipment PDKs 1658 enabling the location and tracking of providers, patients and equipment anywhere throughout the healthcare facility [] lines 4-6 the auto login server 220 allows for automated electronic signing on of providers into the healthcare computer system). Therefore, it would have been obvious to a person of ordinary skill in the art, before the effective filing date of the claimed invention to combine the teachings of Giobbi with the system/method of Roese to include a permitted user record indicating that the first user is permitted to logon to the first analytical device. One would have been motivated to provide a system for securely authenticating an individual for accessing data or one or more applications (Giobbi: col. 6 lines 44-45). Regarding claim 13: Roese discloses a system for controlling user access to an analytical device based on a location of a user relative to the analytical device for analytical device management, the system comprising: a location management system configured to detect when a user leaves or enters the vicinity of the one or more analytical devices (Roese: par. 0075 a wide variety of events may initiate the process of determining and validating the location of a device. These can include [] a new network device joining the network); a computing apparatus comprising one or more physical processors (Roese: fig. 1); and a computer communication network configured to communicatively connect the one or more devices, the location management system, and the computing apparatus (Roese: par. 0025 referring to FIG. 1, a location-aware system 100 operates and provides network-based services to users according to locations of devices that use or are part of the network associated with system 100); wherein the one or more physical processors of the computing apparatus are configured to: receive, over the computer communication network, a first location credential from a location management server of an access-controlled facility configured to manage access of personnel to location within the facility (Roese: par. 0031 system 100 determines the location of user device 104b relative to typically multiple network devices (e.g., 120a and 120b) that receive transmitted signals from user device 104b; par. 0109 if system 100 determines (step 535) that the user location is authenticated at the level required, system 100 allows (step 540) access at the authenticated level), update, in response to receiving the first location credential (Roese: par. 0031 the system 100 updates the corresponding location information as user device 104b moves; par. 0040 system 100 maintains the location information centrally on the location server 134 in the location database in location module 185a [] system 100 dynamically modifies the location of the device stored in the location database as the device moves; par. 0099 during this authentication, system 100 verifies the location of device 104 [] if the user is authenticated and the location is both verified and authenticated for the requested network resources, system 100 proceeds in allowing device 104 to access the requested resources. System 100 can log each of these events for administrative use); receive, a user logon credential associated with the first user and provided to the first device as part of an attempted logon process (Roese: par. 0108 FIG. 5 represents another authentication process 500 [] system 100 obtains (step 505) the location information for a client device. In this case, system 100 employs only the location of the device in determining the appropriate level of service [] system 100 can also employ the user credentials (e.g., username and password), in addition to the location, to determine the appropriate level of service); and permit or deny the attempted logon process to the first device based at least in part on the user logon credential and the updated permitted user record (Roese: par. 0107 system 100 determines (step 425) whether the user has the proper credentials for the level of the requested service. To do this, system 100 compares the user credentials, the location information, and the conditions of access requested [] with any stored location restrictions. If system 100 determines (step 425) the user is authenticated for the particular request, system 100 determines (step 430) whether the device used by the user is in a location approved or otherwise permitted to receive the requested information, application, and the like). Roese does not explicitly disclose an analytical device, the first location credential indicating that a first user has entered a first access control zone of the access-controlled facility, determine, based at least in part on receiving the first location credential, a first analytical device within the first access control zone and a permitted user record indicating that the first user is permitted to logon to the first analytical device. However, Giobbi discloses an analytical device (Giobbi: computing device 2254, col. 36 lines 17-19 the reader of the computing device 2254 also retrieves information from those PDKs 2256, 2258; col 32 line 9 a single workstation); the first location credential indicating that a first user has entered a first access control zone of the access-controlled facility (Giobbi: col. 7 lines 60-66 the Reader 108 wirelessly communicates with the PDK 102 when the PDK 102 is within a proximity zone of the Reader 108. The proximity zone can be, for example, several meters in radius and can be adjusted dynamically by the Reader 108. Thus, in contrast to many conventional radio frequency identification (RFID) devices, the Reader 108 is able to detect and communicate with the PDK 102); determine, based at least in part on receiving the first location credential, a first analytical device within the first access control zone (Giobbi: col. 19 lines 26-30 authorizing a communication connection using secure authentication. When a PDK 102 comes within range of a Reader 108, communication is automatically established 702 between the RDC 504 of the Reader 108 and the PDK 102); and a permitted user record indicating that the first user is permitted to logon to the first analytical device (Giobbi: col. 29 lines 64-67 through col. 30 lines 1-6 computing devices are also equipped with readers 1652 for receiving PDK information. The Readers 1650 and 1652 receive information from the provider PDKs 1654, patient PDKs 1656 and equipment PDKs 1658 enabling the location and tracking of providers, patients and equipment anywhere throughout the healthcare facility [] lines 4-6 the auto login server 220 allows for automated electronic signing on of providers into the healthcare computer system). Therefore, it would have been obvious to a person of ordinary skill in the art, before the effective filing date of the claimed invention to combine the teachings of Giobbi with the system/method of Roese to include a permitted user record indicating that the first user is permitted to logon to the first analytical device. One would have been motivated to provide a system for securely authenticating an individual for accessing data or one or more applications (Giobbi: col. 6 lines 44-45). Regarding claim 14: Roese disclose a non-transitory computer readable storage medium comprising computer-readable instruction, executable by one or more physical processors, for controlling a computing apparatus which, when being executed by a processing unit of the computing apparatus, is configured to perform operations comprising: receiving, by a computing apparatus, a first location credential from a location management system of an access-controlled facility configured to manage access of personnel to location within the facility (Roese: par. 0031 system 100 determines the location of user device 104b relative to typically multiple network devices (e.g., 120a and 120b) that receive transmitted signals from user device 104b; par. 0109 if system 100 determines (step 535) that the user location is authenticated at the level required, system 100 allows (step 540) access at the authenticated level), updating, by the computing apparatus and in response to receiving the first location credential (Roese: par. 0031 the system 100 updates the corresponding location information as user device 104b moves; par. 0040 system 100 maintains the location information centrally on the location server 134 in the location database in location module 185a [] system 100 dynamically modifies the location of the device stored in the location database as the device moves; par. 0099 during this authentication, system 100 verifies the location of device 104 [] if the user is authenticated and the location is both verified and authenticated for the requested network resources, system 100 proceeds in allowing device 104 to access the requested resources. System 100 can log each of these events for administrative use); receiving, by the computing apparatus, a user logon credential associated with the first user and provided to the computing apparatus as part of an attempted logon process (Roese: par. 0108 FIG. 5 represents another authentication process 500 [] system 100 obtains (step 505) the location information for a client device. In this case, system 100 employs only the location of the device in determining the appropriate level of service [] system 100 can also employ the user credentials (e.g., username and password), in addition to the location, to determine the appropriate level of service); and permitting or denying, by the computing apparatus, the attempted logon process to the computing apparatus based at least in part on the user logon credential and the updated permitted user record (Roese: par. 0107 system 100 determines (step 425) whether the user has the proper credentials for the level of the requested service. To do this, system 100 compares the user credentials, the location information, and the conditions of access requested [] with any stored location restrictions. If system 100 determines (step 425) the user is authenticated for the particular request, system 100 determines (step 430) whether the device used by the user is in a location approved or otherwise permitted to receive the requested information, application, and the like). Roese does not explicitly disclose the first location credential indicating that a first user has entered a first access control zone of the access-controlled facility, determining, based at least in part on receiving the first location credential, that the computing apparatus is installed in the first access control zone and a permitted user record indicating that the first user is permitted to logon to the first analytical device. However, Giobbi discloses the first location credential indicating that a first user has entered a first access control zone of the access-controlled facility (Giobbi: col. 7 lines 60-66 the Reader 108 wirelessly communicates with the PDK 102 when the PDK 102 is within a proximity zone of the Reader 108. The proximity zone can be, for example, several meters in radius and can be adjusted dynamically by the Reader 108. Thus, in contrast to many conventional radio frequency identification (RFID) devices, the Reader 108 is able to detect and communicate with the PDK 102); determining, based at least in part on receiving the first location credential, that the computing apparatus is installed in the first access control zone (Giobbi: col. 19 lines 26-30 authorizing a communication connection using secure authentication. When a PDK 102 comes within range of a Reader 108, communication is automatically established 702 between the RDC 504 of the Reader 108 and the PDK 102); and a permitted user record indicating that the first user is permitted to logon to the first analytical device (Giobbi: col. 29 lines 64-67 through col. 30 lines 1-6 computing devices are also equipped with readers 1652 for receiving PDK information. The Readers 1650 and 1652 receive information from the provider PDKs 1654, patient PDKs 1656 and equipment PDKs 1658 enabling the location and tracking of providers, patients and equipment anywhere throughout the healthcare facility [] lines 4-6 the auto login server 220 allows for automated electronic signing on of providers into the healthcare computer system). Therefore, it would have been obvious to a person of ordinary skill in the art, before the effective filing date of the claimed invention to combine the teachings of Giobbi with the system/method of Roese to include a permitted user record indicating that the first user is permitted to logon to the first analytical device. One would have been motivated to provide a system for securely authenticating an individual for accessing data or one or more applications (Giobbi: col. 6 lines 44-45). Regarding claim 19: Roese in view of Giobbi discloses the computer implemented method of claim 1. Giobbi further discloses wherein the first analytical device is a non-mobile device installed at fixed location within the first access control zone (Giobbi: computing device 2254 [i.e., fixed workstation/equipment], col. 36 lines 17-19 the reader of the computing device 2254 also retrieves information from those PDKs 2256, 2258; col 32 line 9 a single workstation; col. 7 lines 60-62 the Reader 108 wirelessly communicates with the PDK 102 when the PDK 102 is within a proximity zone [i.e., access control zone] of the Reader 108). The motivation is the same that of claim 1 above. Regarding claim 20: Roese in view of Giobbi discloses the computer implemented method of claim 1. Giobbi further discloses wherein updating the permitted user record associated with the first analytical device is performed prior to the attempted logon process (Giobbi: col. 29 lines 42-43 the information is updated 1610 in the location log 1604 of the tracking server 210; lines 56-59 this process 1600 occurs whenever a PDK 102 enters the proximity zone of each Reader 108 that it passes enabling constant tracking and location of individuals carrying PD Ks 102 and equipment with affixed PDKs 102). The motivation is the same that of claim 1 above. Claim 6 is rejected under 35 U.S.C. 103 as being unpatentable over Roese et al. (“Roese,” US 2003/0217122) in view of Giobbi (US 11095640) and Glavina et al. (“Glavina,” US 2014/0278832). Regarding claim 6: Roese in view of Giobbi discloses the computer implemented method according to claim 1. Roese in view of Giobbi does not explicitly disclose wherein the analytical device is configured to analyze biological samples to identify a biomarker of a medical condition. However, Glavina discloses wherein the analytical device is configured to analyze biological samples to identify a biomarker of a medical condition (Glavina: par. 0034 each device may be configured to perform at least one biological sample analysis, e.g., blood, plasma, urine tests and the like). Therefore, it would have been obvious to a person of ordinary skill in the art, before the effective filing date of the claimed invention to combine the teachings of Glavina with the system/method of Roese and Giobbi to include the analytical device is configured to analyze biological samples to identify a biomarker of a medical condition. One would have been motivated to provide a method and system for quality compliance, system and operator verification, and process management for point of care biological sample testing systems used in hospitals and other medical delivery environments (Glavina: par. 0002). Claims 7-9 are rejected under 35 U.S.C. 103 as being unpatentable over Roese et al. (“Roese,” US 2003/0217122) in view of Giobbi (US 11095640) and Knight et al. (“Knight,” US 2020/0412810). Regarding claim 7: Roese in view of Giobbi discloses the computer implemented method according to claim 1. Roese in view of Giobbi does not explicitly disclose obtaining a connectivity graph model representing an access scheme of the access-controlled facility, wherein the connectivity graph model comprises: a plurality of nodes, wherein each of the plurality of nodes represents an access control zone within the access-controlled facility, a plurality of edges, wherein each of the plurality of edges represents an access point between a set of access control zones, and mapping the first location credential received from the location management server to the connectivity graph model. However, Knight discloses obtaining a connectivity graph model representing an access scheme of the access-controlled facility (Knight: par. 0042 FIG. 7 illustrates an example graph schema 700 of the location entities); and wherein the connectivity graph model comprises: a plurality of nodes, wherein each of the plurality of nodes represents an access control zone within the access-controlled facility (Knight: par. 0042 graph schema 700 of the location entities [] the tower, building, floor, company, space zone, space, and zone are represented respectively as the nodes 705a-g [] of the graph 700); and a plurality of edges, wherein each of the plurality of edges represents an access point between a set of access control zones (Knight: par. 0042 the graph representation 700 includes a plurality of edges 710a-g that represent relationships between the location entities mapped to the nodes 705); and mapping the first location credential received from the location management server to the connectivity graph model (Knight: par. 0042 the relationship between the tower entity of node 705a and the building entity of node 705b is represented by the edge 710a. The direction of the edge 710a is from the tower entity of node 705a to the building entity of node 705b. The property of the edge 710a indicates that the tower entity of node 705a is a "located in" the building entity of node 705b). Therefore, it would have been obvious to a person of ordinary skill in the art, before the effective filing date of the claimed invention to combine the teachings of Knight with the system/method of Roese and Giobbi to include mapping the first location credential of the first user received from the location management system to the connectivity graph model. One would have been motivated to evaluate and filter the data received from the devices to perform edge-based analytics and edge-based control of devices (Knight: par. 0026). Regarding claim 8: Roese in view of Giobbi and Knight discloses the computer implemented method according to claim 7. Roese further discloses labelling one or more nodes in the connectivity graph model subsequent to a node of the connectivity graph model representing the first location of the first user (Roese: par. 0158 Table 4 illustrates an example of some entries that can be included in an expanded location database in this location advertising system example. In this example, the first five columns from the left (i.e., entry port to geographic location, inclusive) represent information provisioned on the location client. The last two columns from the left (i.e., client switch IP address and serial number) represent information obtained/learned from the location client); and updating the permitted user record to remove the first user from the permitted user record so that a second analytical device at a second location of the access-controlled facility represented by an unlabeled node of the connectivity graph model cannot be accessed by a second user using the same user logon credentials as the first user (Roese: par. 0031 system 100 stores the location information corresponding to wireless user device 104b in association with one or more of the connection points 160h-i in location module 185 (e.g., 185a in an example of a centralized approach). The system 100 updates the corresponding location information as user device 104b moves; par. 0159 it is also possible for the location advertising system in the provisioning switch to provide a temporary Internet address and/or the unified resource locator (URL) to a network attached location database where the location client can retrieve a more advanced configuration file. For example, see entries 6, 8, and 10 of Table 3 above. The configuration file can be retrieved via standard mechanisms such as trivial file transfer protocol or Internet file transfer protocol). Regarding claim 9: Roese in view of Giobbi and Knight discloses the computer implemented method according to claim 8. Roese further discloses labelling only a present node in the connectivity graph model as representing the first location of the first user (Roese: par. 0158 Table 4 illustrates an example of some entries that can be included in an expanded location database in this location advertising system example. In this example, the first five columns from the left (i.e., entry port to geographic location, inclusive) represent information provisioned on the location client. The last two columns from the left (i.e., client switch IP address and serial number) represent information obtained/learned from the location client); and updating the permitted user record to remove the first user from the permitted user record so that a third analytical device at a third location of the access-controlled facility represented by an unlabeled node of the connectivity graph model cannot be accessed by a third user using the same user logon credentials as the first user (Roese: par. 0031 system 100 stores the location information corresponding to wireless user device 104b in association with one or more of the connection points 160h-i in location module 185 (e.g., 185a in an example of a centralized approach). The system 100 updates the corresponding location information as user device 104b moves; par. 0159 it is also possible for the location advertising system in the provisioning switch to provide a temporary Internet address and/or the unified resource locator (URL) to a network attached location database where the location client can retrieve a more advanced configuration file. For example, see entries 6, 8, and 10 of Table 3 above. The configuration file can be retrieved via standard mechanisms such as trivial file transfer protocol or Internet file transfer protocol). Claims 16-18 are rejected under 35 U.S.C. 103 as being unpatentable over Roese et al. (“Roese,” US 2003/0217122) in view of Giobbi (US 11095640) and Malan (US 2019/0289016). Regarding claim 16: Roese in view of Giobbi discloses the computer implemented method of claim 1. Roese in view of Giobbi does not explicitly disclose wherein permitting or denying the attempted logon process comprises: determining an ambulation time associated with the first user, based at least in part on the first location of the first access control zone and a second location associated with the first analytical device. However, Malan discloses wherein permitting or denying the attempted logon process comprises: determining an ambulation time associated with the first user, based at least in part on the first location of the first access control zone and a second location associated with the first analytical device (Malan: par. 0063 at block 304, a geographic location and a time for the received authentication request are identified by the processing device; par. 0065 at block 308, it is determined whether a difference in time between the identified time and a stored time for the previous successful authentication request is large enough that a user of the account is able to travel a difference in distance between the identified geographic location and a stored geographic location for the previous successful authentic