DETAILED ACTION
This office action is in response to the original application filed on August 18, 2022.
Notice of Pre-AIA or AIA Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .
Claims 1-20 are pending.
Claim Rejections - 35 USC § 102
The following is a quotation of the appropriate paragraphs of 35 U.S.C. 102 that form the basis for the rejections under this section made in this Office action:
A person shall be entitled to a patent unless –
(a)(1) the claimed invention was patented, described in a printed publication, or in public use, on sale or otherwise available to the public before the effective filing date of the claimed invention.
Claims 1-2, 8-9, and 14-15 are rejected under 35 U.S.C. 102(a)(1) as being anticipated by Xie (US Pub. No. 2021/0152534).
As per claim 1 Xie discloses:
A computer-implemented method for group-based authentication comprising: evaluating, by a computing device, each individual of a group for qualification for a task to acquire an aggregate skill score associated with the group; (paragraph 20 of Xie, the multi-tenant system 120 allows multiple tenants to use the system, each tenant representing a group of users. The term tenant refers to an entity, for example, an organization or enterprise that is a customer of the multi-tenant system. As an example, a tenant may be a company that employs sales people that use the multi-tenant system 120 to manage their sales processes. The term tenant as used herein can refer to the set of users of the entire organization that is the customer of the multi-tenant system or to a subset of users of the organization. Accordingly, the tenant-specific authentication plan may be customized for a set of users, for example, the entire set of users of the organization, a specific group of users within the organization, or an individual user within the organization) and (paragraph 94 of Xie, the authentication module 150 receives phrase accuracy scores for different phrases that are verified by phrase verification methods and determines a weighted aggregate score representing an authentication score the user by aggregating the phrase accuracy scores).
Based on the evaluation, determining, by the computing device, the aggregate skill score exceeds a group task authentication threshold; and responsive to the determination, granting the group authorization associated with the task. (Paragraph 33 of Xie, the authentication execution engine 230 determines that the authentication is successful if the measure of accuracy is above a threshold value. The authentication execution engine 230 allows access to the user if the accuracy of the authentication plan based on the conversation with the user exceeds a threshold value).
Claims 8 and 14 are rejected under the same reason set forth in rejection of claim 1.
As per claim 2 Xie discloses:
The computer-implemented method of claim 1, wherein the evaluating comprises: determining, by the computing device, a group policy associated with the task; wherein the aggregate skill score is based at least in part on the group policy and the group policy is a guideline for security or compliance conditions associated with the task. (Paragraph 84 of Xie, the techniques disclosed herein are not limited to authentication in a multi-tenant system. The authentication module 150 can operate in any online system. For example, an online system may store multiple authentication plans for different sets of users. An organization may divide users of the online system into different groups and apply different authentication plans to each group. This allows the online system to customize authentication for each user group. An organization may maintain only one authentication plan but customize it over time, for example, as policies of the organization change over time).
Claims 9 and 15 are rejected under the same reason set forth in rejection of claim 2.
Claim Rejections - 35 USC § 103
In the event the determination of the status of the application as subject to AIA 35 U.S.C. 102 and 103 (or as subject to pre-AIA 35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status.
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102 of this title, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.
.
This application currently names joint inventors. In considering patentability of the claims the examiner presumes that the subject matter of the various claims was commonly owned as of the effective filing date of the claimed invention(s) absent any evidence to the contrary. Applicant is advised of the obligation under 37 CFR 1.56 to point out the inventor and effective filing dates of each claim that was not commonly owned as of the effective filing date of the later invention in order for the examiner to consider the applicability of 35 U.S.C. 102(b)(2)(C) for any potential 35 U.S.C. 102(a)(2) prior art against the later invention.
Claims 5, 13 and 18 are rejected under 35 U.S.C. 103 as being unpatentable over Xie (US Pub. No. 2021/0152534) in view of Tkachev (US 2014/0331278).
As per claim 5:
Xie teaches the method of authenticating user/group of users in a multi-tenant system (see paragraph 20 of Xie) but fails to disclose:
The computer-implemented method of claim 1, wherein granting the group authorization comprises: providing an access code associated with the task to the individual; wherein the access code provides access to a restricted area associated with the task.
However, in the same field of endeavor, Tkachev teaches this limitation as, (paragraph 163 of Tkachev, the system checks a security policy for what parameters will be applied to the identity verification, as previously defined by the party requesting authentication. For example, a corporate entity using the system to verify identities and thereby restrict access tophysical or virtual resources may arrange/define a security policy which specifies variables used by the system to determine how stringently to verify a particular party's identity. As a further example, a government entity may arrange/define a different policy to restrict access to similar or different resources) and (paragraph 130 of Tkachev, the functionality of the system further extends to group environments where security measures require multiple team members to be present to facilitate access or extend additional functionality. In multi-member group interactions, verified participants can verify identities of other members in real time to allow additional verification prior to provision of access. Once respective identities have been verified for all members of the team, the system can automatically provide confirmation and extend authentication for access. This functionality can be applicable, for example, to extending security for systems where, for example, database access, production code changes or additional functionality can only be provided after all team members are available, their identities have been verified as per security policy and each member provided confirmations for the system to provide further authentication access to the entire group or a subset of the group).
Therefore, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to modify the teaching of Xie to include the above limitation using the teaching of Tkachev in order to secure the computing system by authenticating the identities of party’s and restrict or allow the physical access to the computing resource (see paragraph 88 of Tkachev).
Claims 13 and 18 are rejected under the same reason set forth in rejection of claim 5.
Allowable Subject Matter
Claims 3, 10 and 16 are objected to as being dependent upon a rejected base claim, but would be allowable if rewritten in independent form including all of the limitations of the base claim and any intervening claims. Examiner will furnish reason for allowance upon allowing of the claims.
Conclusion
The prior art made or record and not relied upon is considered pertinent to applicant’s disclosure is Schultz (US Pub. No. 2009/0116703). Schultz’s reference discloses:
A device may receive a request to authenticate a user, automatically establish a multimedia session with the user in response to receiving the request, and capture a group of biometric identifiers for the user from the multimedia session. The device may further perform a group of biometric authentication operations using the analyzed or captured biometric identifiers to obtain a group of authentication scores, determine whether the user is properly authenticated based on the group of authentication scores, and transmit a message representing the determination of whether the user is properly authenticated.
Any inquiry concerning this communication or earlier communications from the examiner should be directed to TESHOME HAILU whose telephone number is (571)270-3159. The examiner can normally be reached M-F 8 a.m. - 5 p.m..
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Kambiz Zand can be reached at (571) 272-3811. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. Visit https://www.uspto.gov/patents/apply/patent-center for more information about Patent Center and https://www.uspto.gov/patents/docx for information about filing in DOCX format. For additional questions, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.
/TESHOME HAILU/Primary Examiner, Art Unit 2434