USER AUTHENTICATION METHOD AND DEVICE FOR EXECUTING SAME

DETAILED ACTION Notice of Pre-AIA or AIA Status The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA . Response to Arguments The office action is in response to the applicant’s filing of a Remarks on 08/04/2025. Applicant amended claims 1, 10, and 15. The claims 1-18 are currently pending. Applicant’s arguments and amendments filed on 08/04/2025, with respect to rejection of claim under 35 USC 103, as seen pages 10-15 , over have been fully considered and are persuasive. Therefore, the rejection has withdrawn. However, upon further consideration, a ground of rejection is made in additional view of Pavlou et al. (US PGPub No. 20190236249-A1) and Arif Khan et al. (US PGPub No. 20200244639-A1). The office action has been updated reflecting the claims as currently presented. Claim Rejections - 35 USC § 103 The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action: A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made. Claims 1-18 are rejected under 35 U.S.C. 103 as being unpatentable over Deutschmann et al. (US PGPub No.20200380104-A1) in view of Melnikov et al. (US PGPub No.20210182370-A1), Patel et al. (US PGPub No.20250023856-A1), Marwah et al. (US PGPub No. 20190064752-A1) , Pavlou et al. (US PGPub No. 20190236249-A1) and Arif Khan et al. (US PGPub No. 20200244639-A1). With respect to claim 1, Deutschmann teaches a user authentication method performed by an electronic device, the method comprising: (¶0010: In accordance with an embodiment of the disclosed technology, there is provided a method of authenticating a user using a mobile device.) performing, by the electronic device, basic authentication of a user of the electronic device based on a received user input; (¶0010:There is provided a method of authenticating a user using a mobile device) obtaining, by the electronic device, behavioral characteristics of the user (¶0010: A first biometric user profile for a first user is generated and stored (obtaining behavioral of the user using the device), by detecting a position and velocity of the first user relative to the mobile device based on a received response from a radar transmission while the first user uses the mobile device (received user input) which is later refers as initial authentication in ¶0011-0014) authenticated in the basic authentication; (¶0055: The disclosed technology provides a method for authenticating a user based on radar-detected signals, which may be used to reinforce authentication based on user credentials (user authenticated in basic authentication)); Deutschmann does not disclose: determining, by the electronic device, a first learning model from among a plurality of learning models based on the obtained behavioral characteristics of the user according to obtained context information about a situation in which the authentication of the user is performed; and when the user has passed the basic authentication, performing, by the electronic device, additional authentication of the user by applying the obtained behavioral characteristics to the first learning model, wherein the plurality of learning models are set prior to the performing of the basic authentication, wherein the first learning model is a model trained to perform the additional authentication based on at least one of a plurality of behavioral characteristics of an authenticated user, wherein the obtained behavioral characteristics are accumulated in the electronic device, and wherein the first learning model is further trained by using the obtained behavioral characteristics as new data, wherein the basic authentication comprises typing a password to log into a service, wherein the obtained behavioral characteristics comprise a typing pattern for typing the password, and wherein each of the plurality of learning models is set according to each of a plurality of activity scenarios. However, Patel teaches determining, by the electronic device, a first learning model from among a plurality of learning models based on the obtained behavioral characteristics of the user according to obtained context information about a situation in which the authentication of the user is performed; (¶0007 & ¶0089: The server (e.g., machine learning module 126) determines (1110) validation information corresponding to the subsequent authentication information, including at least a second authentication decision 1006b and second explanation information 1008b, using the authentication model as described in Figures 10A-10C above. For example, the machine learning module 126 applies the refined authentication model 136 to perform image analysis (e.g., using computer vision techniques) for: (i) identifying one or more image faults in the image of the subsequent authentication request 124, wherein the one or more image faults are used as a basis for determining the subsequent authentication decision 1006b; and (ii) identifying the subsequent explanation information 1008b corresponding to the one or more image faults used as the basis for determining the subsequent authentication decision 1006b.); wherein the obtained behavioral characteristics are accumulated in the electronic device, and wherein the first learning model is further trained by using the obtained behavioral characteristics as new data, (¶0032: In some embodiments, for each received authentication request 124, machine learning module 126 stores data for training authentication model, such as: Channel via which authentication request 124 was received (e.g., mobile, web, and/or application programming interface (API)) ¶0081: In some embodiments, if a decision 1006 and/or a reason 1008 corresponding to any of the authorization request data 1002 is determined by human review, the image 1004 corresponding to the decision 1006 and/or the reason 1008 is used as machine learning input during subsequent training (refining) of the authentication model 136, and each image 1004 is labeled with corresponding decision data 1006 and reason data 1008. ). It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to utilize the teachings of Patel with regards to the first learning model to the method of Deutschmann in order to increase efficiency and reducing the processing and power while maintaining security of processed data (Patel: ¶0023- 0024). Deutschmann in view of Patel does not disclose: determining, by the electronic device, a first learning model from among a plurality of learning models when the user has passed the basic authentication, performing, by the electronic device, additional authentication of the user by applying the obtained behavioral characteristics to the first learning model, wherein the plurality of learning models are set prior to the performing of the basic authentication, wherein the first learning model is a model trained to perform the additional authentication based on at least one of a plurality of behavioral characteristics of an authenticated user, wherein the basic authentication comprises typing a password to log into a service, wherein the obtained behavioral characteristics comprise a typing pattern for typing the password, and wherein each of the plurality of learning models is set according to each of a plurality of activity scenarios. However, Marwah teaches determining, by the electronic device, a first learning model from among a plurality of learning models(¶0032-0033: In some examples, the model selector 148 can select just one machine-learning model. In other examples, the model selector 148 can select multiple machine-learning models for use as respective classifiers for application on features to determine whether authentication events are authorized or unauthorized as shown in Figure 1 ¶0023-0026 : A user 104 or a program 106 at device 1 can initiate an authentication event 108 with device 2. For example, the user 104 can type in the user's credential, or the user can use a security device (e.g., a badge, a smartphone, etc.) that stores a credential that can be communicated from the security device to device 1, demonstrating an initial authentication. In addition to logging event data of authentication events, the logging system 110 can also store event data of associated events in the log 112 (performing additional authentication of user by comparing events based off of timestamps not just logging (recording of user credentials)). In some examples, an associated event (that is associated with an authentication event) is an event that is temporally related to the authentication event) Patel does teach using a machine learning model based off the user’s authentication request to perform a secondary authentication. Patel does not disclose selecting a model from a plurality of models. Therefore, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to utilize the teachings of Marwah with regards to the selection of a first learning model from amount a plurality of learning models to the method of Deutschmann in view of Patel in order to determine which of machine learning models best fit and best performing for the authentication (Marwah: ¶0068-0069). Deutschmann in view of Patel and Marwah does not disclose: when the user has passed the basic authentication, performing, by the electronic device, additional authentication of the user by applying the obtained behavioral characteristics to the first learning model, wherein the plurality of learning models are set prior to the performing of the basic authentication, wherein the first learning model is a model trained to perform the additional authentication based on at least one of a plurality of behavioral characteristics of an authenticated user, wherein the basic authentication comprises typing a password to log into a service, wherein the obtained behavioral characteristics comprise a typing pattern for typing the password, and wherein each of the plurality of learning models is set according to each of a plurality of activity scenarios. However, Melnikov teaches when the user has passed the basic authentication, performing, by the electronic device, additional authentication of the user by applying the obtained behavioral characteristics to the first learning model, (¶0034-0036: Continuous module may perform authentication module 106 may perform a direct comparison of acquired usage attributes (obtained behavioral characteristics) and the historic usage attributes in utilize machine learning module 115 as seen in Figure 1). wherein the first learning model is a model trained (¶0044: For example, machine learning module may be trained based on historic usage to classify whether current suer’s appearance and/or behavior matches an authorized user’s appearance and behavior (as indicated by the historic usage attributes) to perform the additional authentication based on at least one of a plurality of behavioral characteristics of an authenticated user, (¶0035-0036: Machine learning module 115 may receive a plurality of usage attributes as inputs (plurality of behavioral characteristics) as well as timestamp information, and output whether the current user is authorized to access service 116, or has been replaced by an unauthorized user (performing additional authentication) . Machine learning module 115 may utilize algorithms such as classification and regression to provide such an output. Machine learning module 115 may also include the weights assigned by continuous authentication module 106 to each usage attribute to make a determination on discrepancies as seen in Figure 1). Although, Deutschmann does teaches an additional authentication as seen in, ¶0075, wherein a secondary mechanism for authenticating that the user of a device is authorized to access data on the data on the device (electronic device), or at least one of the data), and the secondary authentication may be used to grant access to data, including such data which requires a secondary and/or higher standard of authentication after a first authentication requirement has been met. But Deutschmann does not teach the limitation that the additional authentication for the user by applying the obtained the obtained behavioral characteristic to a first learning model. Therefore, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to utilize the teachings of Melnikov with regards to a machine learning model method of Deutschmann in view of Patel and Marwah in order to detect discrepancy (malicious actions by an unauthorized user) and to provide a non-invasive way to authenticate a user after login (Melnikov: ¶0003-0013). Deutschmann in view of Patel, Marwah, and Melnikov does not disclose: wherein the plurality of learning models are set prior to the performing of the basic authentication, wherein the basic authentication comprises typing a password to log into a service, wherein the obtained behavioral characteristics comprise a typing pattern for typing the password, and wherein each of the plurality of learning models is set according to each of a plurality of activity scenarios. However, Pavlou teaches wherein the plurality of learning models are set prior to the performing of the basic authentication, (¶0025-0026: The server 108 is also configured to access the datastore 110 in which various information 160 is stored and is also able to write/read from datastore(s) 110. The various information 160 includes, is not limited to, software applications, code, media content (e.g., text images, videos, etc.), user account information, user authentication information (e.g., user name and/or facial information), machine learning algorithms, and/or machine learning models. During the application's operation, an authentication process is performed for authenticating the end user 102 of a CD 104.sub.1, . . ., or 104.sub.N. The authentication process is performed to detect unauthorized users of the CD in an efficient, effective and reliable manner. The authentication process is provided with a higher degree of certainty as compared to conventional password based authentication methods and other conventional authentication methods which can be manipulated by malicious users. wherein each of the plurality of learning models is set according to each of a plurality of activity scenarios. (¶0028-0031: The collected data and/or correlated additional information is sent from the CD to the server 108 via network 106. The server 108 uses the received data/information to train a plurality of machine learning models with known user behavior patterns for the end user 102. Machine learning models are well known in the art, and therefore will not be described in detail herein. Any known or to be known machine learning model can be used herein. For example, binary classification based machine learning models and/or clustering based machine learning models is(are) employed here. The machine learning models are stored in the datastore 110 for later use. The trained machine learning models are subsequently used by the server to determine a confidence value reflecting the degree of confidence that the end user 102 is an authorized user of the CD or an unauthorized user of the CD 104.sub.1. The confidence value is determined based on the degree to which newly observed user behavior matches a corresponding one of the known user behavior patterns. In some scenarios, depending on CD's capabilities and connectivity (e.g., having sufficient CPU, memory, without Internet access, etc.), the machine learning models can be transferred to CD 104.sub.1 and the process of determining the confidence value can take place in CD 104.sub.1.). It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to utilize the teachings of Pavlou with regards to a plurality of learning model in association with basic authentication method of Deutschmann in view of Patel, Marwah, and Melnikov in order to better detect if the user is authorized or unauthorized (Pavlou: ¶0004). Deutschmann in view of Patel, Marwah, Melnikov, and Pavlou does disclose: wherein the basic authentication comprises typing a password to log into a service, wherein the obtained behavioral characteristics comprise a typing pattern for typing the password, and However, Arif Khan teaches wherein the basic authentication comprises typing a password to log into a service, wherein the obtained behavioral characteristics comprise a typing pattern for typing the password, and (¶0045: As part of this continued training, the authentication module 102 (through its APIs) may continue to collect more datasets (from subsequent/future logins by the user of the client machine 106 or non-users/hacking attempting to logins based on actual users’ log-in credentials) and continue to re-train the classifiers in the ML model, as indicated in by arrow 316 in Figure 3. In particular embodiments, the length of the length of data collection period (at arrow 316) may be dynamically monitoring the variability of the user’s typing/ data-entry pattern). It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to utilize the teachings of Arif Khan with regards to the basic authentication to the method of Deutschmann in view of Patel, Marwah, Melnikov, and Pavlou in order to better detect fraud and to enhance security (Arif Khan: ¶0001-0004). With respect to claim 2, the combination of Deutschmann in view of Patel, Marwah, Melnikov, Pavlou, and Arif Khan teaches the method of claim 1 (see rejection of claim 1 above), wherein the obtaining of the behavioral characteristics of the user and the performing of the additional authentication are performed in a background not requiring an additional action from the user. (Deutschmann: ¶0074: In some embodiments, at least some of the control commands are stochastically provided, and are hidden from the user. The user's interaction with these control commands is based on the user's desire to reach goal application as soon as possible without perceivable interference. In such embodiments, information relating to the user's behavioral pattern may be collected in the background without the user being away of receiving control commands for authentication purposes.). With respect to claim 3, the combination of Deutschmann in view of Patel, Marwah, Melnikov, Pavlou, and Arif Khan teaches the method of claim 1 (see rejection of claim 1 above), wherein the behavioral characteristics of the user are obtained from at least one of: at least one sensor, a user interface, or an application. (Deutschmann: ¶0037: In some embodiments, the method further includes authenticating the user by receiving user-specific credentials from the user, and extracting the recent behavioral pattern occurs during the receiving of the user-specific credentials from the user. In some cases, the recent behavioral pattern includes at least one of key pressing time stamps (typing timing), swiping time stamps, and scrolling time stamps, as well as behavioral patterns of the user's finger movement during the authenticating step (touch screen swiping pattern).). With respect to claim 4, the combination of Deutschmann in view of Patel, Marwah, Melnikov, Pavlou, and Arif Khan teaches the method of claim 1 (see rejection of claim 1 above), wherein the behavioral characteristics of the user comprise at least one of: a keyboard typing pattern, a keyboard heat map, a motion while typing or swiping, a typing timing, a touch screen swiping pattern, a touch input pattern, a context-dependent motion characteristic, behavioral information obtained through an acceleration sensor or a gravity sensor, an application usage habit, or a device grip pattern. (Deutschmann: ¶0037: In some embodiments, the method further includes authenticating the user by receiving user-specific credentials from the user, and extracting the recent behavioral pattern occurs during the receiving of the user-specific credentials from the user. In some cases, the recent behavioral pattern includes at least one of key pressing time stamps (typing timing), swiping time stamps, and scrolling time stamps, as well as behavioral patterns of the user's finger movement during the authenticating step (touch screen swiping pattern).). With respect to claim 5, the combination of Deutschmann in view of Patel, Marwah, Melnikov, Pavlou, and Arif Khan teaches the method of claim 1 (see rejection of claim 1 above), further comprising updating the first learning model in response to an error in a result of performing the additional authentication. (Melnikov: ¶0036-0038: Machine learning module 115 may be periodically retrained (update) by continuous authentication module to ensure that newly acquired usage attributes are utilized for future classification. In some aspects continuous authentication module may append a recently acquired usage attribute to the historic usage attributes during the access of service. For instance, authorized user may confirm whether continuous authentication module correctly or incorrectly (error) made the determination on discrepancy. Based on the authorized user’s (authenticated user) feedback, continuous module may retrain machine learning module adjust the wrights assigned to the respective usage attributes and/or append the acquired usage attributes (plurality of behavioral characteristics of authorized user) to the historic usage attributes (the behavioral characteristics being accumulated in the device) (if the current user is the authorized user).). It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to utilize the teachings of Melnikov with regards to a machine learning model method of Deutschmann in view of Patel, Marwah, Pavlou, and Arif Khan in order to detect discrepancy (malicious actions by an unauthorized user) and to provide a non-invasive way to authenticate a user after login (Melnikov: ¶0003-0013). With respect to claim 6, the combination of Deutschmann in view of Patel, Marwah, Melnikov, Pavlou, and Arif Khan teaches the method of claim 1 (see rejection of claim 1 above), wherein the plurality of behavioral characteristics of the authenticated user, accumulated in the electronic device, are obtained automatically when the authenticated user uses the electronic device or manually according to a user input of the authenticated user. (Deutschmann: ¶0076: During completion (when the user is authenticated) of the necessary user authentication task , (authenticated user) the behavioral pattern of the entering finger(s) is highly localized in space and exactly triggered in time by the secure login-routine of the application requested, facilitating recording and characterizing of specific behavioral pattern (automatically obtaining user’s behavioral characteristics during use) around each interaction such as key pressing, swiping, scrolling time stamps, without uncovering the user's credentials.). With respect to claim 7, the combination of Deutschmann in view of Patel, Marwah, Melnikov, Pavlou, and Arif Khan teaches the method of claim 1 (see rejection of claim 1 above) wherein the first learning model is further trained based on context information of the authenticated user, accumulated in the electronic device, and wherein the context information refers to at least one of a movement state of the user, a posture of the user, a location in which the authentication of the user is performed, or a time when the authentication of the user is performed. (Melnikov: ¶0033-0036: Each historic usage attributes (plurality of behavioral characteristics of authenticated user, accumulated in the device, and user which is used by the machine learning module as iterated in ¶0036) may be accompanied by historic timestamp information (time when the user authentication is performed). The purpose of time stamps is to capture when the user performs an action. Although the actions of an unauthorized use and an authorized user may match, exactly when the authorized user performs a certain action may differ. (additional authentication)). It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to utilize the teachings of Melnikov with regards to a machine learning model method of Deutschmann in view of Patel, Marwah, Pavlou, and Arif Khan in order to detect discrepancy (malicious actions by an unauthorized user) and to provide a non-invasive way to authenticate a user after login (Melnikov: ¶0003-0013). With respect to claim 8, the combination of Deutschmann in view of Patel, Marwah, Melnikov, Pavlou, and Arif Khan teaches the method of claim 1 (see rejection of claim 1 above) wherein the performing of the additional authentication comprises: (Melnikov: ¶0044: in some aspects, continuous authentication machine learning module to compare the acquired usage attributes with historic usage attributes.) determining a behavioral characteristic of the user associated with the obtained context information. (Melnikov: ¶0036: Output whether the current user is authorized to access service or as been replaced with unauthorized user and as reiterated in ¶0036: Although the actions of an unauthorized user performs a certain action may differ. For example, continuous authentication module may determine that a current user accessed a service such as a banking application on computing device. The current may access balances and initiates a withdrawal. Although the act of checking balance and initiating withdrawal may match the usage attributes of service by the authorized user, if the current withdrawal is being performed at 3:00 am and continuous authentication module determines that the authorized user neve-initiated withdrawal past 5:00 pm, continuous module may detect discrepancy). It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to utilize the teachings of Melnikov with regards to the additional authentication method of Deutschmann in view of Patel, Marwah, Pavlou, and Arif Khan in order to identify discrepancy in behavior of the current user and the authorized user of service (Melnikov: ¶0030). With respect to claim 9, the combination of Deutschmann in view of Patel, Marwah, Melnikov, Pavlou, and Arif Khan teaches the method of claim 1 (see rejection of claim 1 above) wherein a weight (Melnikov: ¶0034-0035: Continuous authentication module 106 may accordingly assign weights to each type of usage attribute that can be generated by parsers 107-110 and store them in a data structure. For example, the weight of a biometrics usage attribute may be greater than the weight of an input typing speed (e.g., for an email). Continuous authentication module 106 may assign these weights based on exclusivity of the usage attribute.) is assigned to each of the plurality of behavioral characteristics of the authenticated user, accumulated in the electronic device, and (Deutschmann: ¶0082: To identify patterns of characteristic data in radar sensors signals. For example, such machine learning algorithms may be used to create a classifier for distinguish between radar patterns stemming from different users, thus increasing the likelihood identification authorized and unauthorized users.). wherein the applying the obtained behavioral characteristics to the first learning model (Melnikov: ¶0036: Machine learning module 115 may receive a plurality of usage attributes as inputs as well as timestamp information, and output whether the current user is authorized to access service 116, or has been replaced by an unauthorized user.) is based on the weight assigned to each of the plurality of behavioral characteristics of the authenticated user. (Melnikov: ¶0036: Machine learning module 115 may also include the weights assigned by continuous authentication module 106 to each usage attribute to make a determination on discrepancies.). Therefore, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to utilize the teachings of Melnikov with regards to weight to the method of Deutschmann in view of Patel, Marwah, Pavlou, and Arif Khan in order to better determine and confirm a discrepancy within a device by uniquely assigning weights based on attributes (behavioral characteristics) (Melnikov: ¶0034-0035). With respect to claim 10, Deutschmann teaches a user authentication electronic device comprising: (¶0010: In accordance with an embodiment of the disclosed, there is provided a method of authenticating a user using a mobile device (electronic device) ) an input device configured to receive a user input for basic authentication from a user of the user authentication electronic device; (¶0039-0046: “Authentication” is verification of that a user is allowed to access certain data based on receiving an input from or related to the user including any of biometric, behaviometric, and/or input to sensors including key presses, passwords, code numbers, patterns and gestures); memory storing one or more computer programs; and (¶0089: As seen in Figure 4 (shows an embodiment wherein a memory stores one or more compute programs) , the device's program instructions may be stored in a storage device 420 (e.g., magnetic disk, database) and loaded into memory 430 when execution of the console's program instructions is desired.); one or more processors communicatively coupled to the input device and the memory, (¶0089: Device 400 also includes input/output 440 representing devices which allow for user interaction with a computer (e.g., display, keyboard, mouse, speakers, buttons, etc.).) wherein the one or more computer programs include computer-executable instructions that, when executed by the one or more processors individually or collectively, cause the user authentication electronic device to: perform basic authentication of the user based on the received user input, (¶0089: Thus, the device's operation will be defined by the device's program instructions stored in memory 430 and/or storage 420, and the console will be controlled by processor 450 executing the console's program instructions.) obtain behavioral characteristics of the user (¶0010: A first biometric user profile for a first user is generated and stored (obtaining behavioral of the user using the device), by detecting a position and velocity of the first user relative to the mobile device based on a received response from a radar transmission while the first user uses the mobile device which is later refers as initial authentication in ¶0011-0014) authenticated in the basic authentication, (¶0055: The disclosed technology provides a method for authenticating a user based on radar-detected signals, which may be used to reinforce authentication based on user credentials (user authenticated in basic authentication)); Deutschmann does not disclose: determine a first learning model from among a plurality of learning models based on the obtained behavioral characteristics of the user according to obtained context information about a situation in which the authentication of the user is performed, and when the user has passed the basic authentication, perform additional authentication of the user by applying the obtained behavioral characteristics to the first learning model, wherein the plurality of learning models are set prior to the performing of the basic authentication, wherein the first learning model is a model trained to perform the additional authentication, based on at least one of a plurality of behavioral characteristics of an authenticated user, wherein the obtained behavioral characteristics are accumulated in the user authentication electronic device, and wherein the first learning model is further trained by using the obtained behavioral characteristics as new data, wherein the basic authentication comprises typing a password to log into a service, wherein the obtained behavioral characteristics comprise a typing pattern for typing the password, and wherein each of the plurality of learning models is set according to each of a plurality of activity scenarios. However, Patel teaches determine a first learning model from among a plurality of learning models based on the obtained behavioral characteristics of the user according to obtained context information about a situation in which the authentication of the user is performed, (¶0007 & ¶0089: The server (e.g., machine learning module 126) determines (1110) validation information corresponding to the subsequent authentication information, including at least a second authentication decision 1006b and second explanation information 1008b, using the authentication model as described in Figures 10A-10C above. For example, the machine learning module 126 applies the refined authentication model 136 to perform image analysis (e.g., using computer vision techniques) for: (i) identifying one or more image faults in the image of the subsequent authentication request 124, wherein the one or more image faults are used as a basis for determining the subsequent authentication decision 1006b; and (ii) identifying the subsequent explanation information 1008b corresponding to the one or more image faults used as the basis for determining the subsequent authentication decision 1006b.); wherein the obtained behavioral characteristics are accumulated in the user authentication electronic device, and wherein the first learning model is further trained by using the obtained behavioral characteristics as new data, (¶0032: In some embodiments, for each received authentication request 124, machine learning module 126 stores data for training authentication model, such as: Channel via which authentication request 124 was received (e.g., mobile, web, and/or application programming interface (API)) ¶0081: In some embodiments, if a decision 1006 and/or a reason 1008 corresponding to any of the authorization request data 1002 is determined by human review, the image 1004 corresponding to the decision 1006 and/or the reason 1008 is used as machine learning input during subsequent training (refining) of the authentication model 136, and each image 1004 is labeled with corresponding decision data 1006 and reason data 1008. ). It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to utilize the teachings of Patel with regards to the first learning model to the method of Deutschmann in order to increase efficiency and reducing the processing and power while maintaining security of processed data (Patel: ¶0023- 0024). Deutschmann in view of Patel does not disclose: determine a first learning model from among a plurality of learning models when the user has passed the basic authentication, perform additional authentication of the user by applying the obtained behavioral characteristics to the first learning model, wherein the plurality of learning models are set prior to the performing of the basic authentication, wherein the first learning model is a model trained to perform the additional authentication, based on at least one of a plurality of behavioral characteristics of an authenticated user, wherein the basic authentication comprises typing a password to log into a service, wherein the obtained behavioral characteristics comprise a typing pattern for typing the password, and wherein each of the plurality of learning models is set according to each of a plurality of activity scenarios. However, Marwah teaches determine a first learning model from among a plurality of learning models(¶0032-0033: In some examples, the model selector 148 can select just one machine-learning model. In other examples, the model selector 148 can select multiple machine-learning models for use as respective classifiers for application on features to determine whether authentication events are authorized or unauthorized as shown in Figure 1 ¶0023-0026 : A user 104 or a program 106 at device 1 can initiate an authentication event 108 with device 2. For example, the user 104 can type in the user's credential, or the user can use a security device (e.g., a badge, a smartphone, etc.) that stores a credential that can be communicated from the security device to device 1, demonstrating an initial authentication. In addition to logging event data of authentication events, the logging system 110 can also store event data of associated events in the log 112 (performing additional authentication of user by comparing events based off of timestamps not just logging (recording of user credentials)). In some examples, an associated event (that is associated with an authentication event) is an event that is temporally related to the authentication event) Patel does teach using a machine learning model based off the user’s authentication request to perform a secondary authentication. Patel does not disclose selecting a model from a plurality of models. Therefore, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to utilize the teachings of Marwah with regards to the selection of a first learning model from amount a plurality of learning models to the method of Deutschmann in view of Patel in order to determine which of machine learning models best fit and best performing for the authentication (Marwah: ¶0068-0069). Deutschmann in view of Patel and Marwah does not disclose: when the user has passed the basic authentication, perform additional authentication of the user by applying the obtained behavioral characteristics to the first learning model, wherein the plurality of learning models are set prior to the performing of the basic authentication, wherein the first learning model is a model trained to perform the additional authentication, based on at least one of a plurality of behavioral characteristics of an authenticated user, wherein the basic authentication comprises typing a password to log into a service, wherein the obtained behavioral characteristics comprise a typing pattern for typing the password, and wherein each of the plurality of learning models is set according to each of a plurality of activity scenarios. However, Melnikov teaches when the user has passed the basic authentication, perform additional authentication of the user by applying the obtained behavioral characteristics to the first learning model, (¶0034-0036: Continuous module may perform authentication module 106 may perform a direct comparison of acquired usage attributes (obtained behavioral characteristics) and the historic usage attributes in utilize machine learning module 115 as seen in Figure 1). wherein the first learning model is a model trained (¶0044: For example, machine learning module may be trained based on historic usage to classify whether current suer’s appearance and/or behavior matches an authorized user’s appearance and behavior (as indicated by the historic usage attributes) to perform the additional authentication, based on at least one of a plurality of behavioral characteristics of an authenticated user, ¶0035-0036: Machine learning module 115 may receive a plurality of usage attributes as inputs (plurality of behavioral characteristics) as well as timestamp information, and output whether the current user is authorized to access service 116, or has been replaced by an unauthorized user (performing additional authentication) . Machine learning module 115 may utilize algorithms such as classification and regression to provide such an output. Machine learning module 115 may also include the weights assigned by continuous authentication module 106 to each usage attribute to make a determination on discrepancies as seen in Figure 1). Although, Deutschmann does teaches an additional authentication as seen in, ¶0075, wherein a secondary mechanism for authenticating that the user of a device is authorized to access data on the data on the device (electronic device), or at least one of the data), and the secondary authentication may be used to grant access to data, including such data which requires a secondary and/or higher standard of authentication after a first authentication requirement has been met. But Deutschmann does not teach the limitation that the additional authentication for the user by applying the obtained the obtained behavioral characteristic to a first learning model. Therefore, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to utilize the teachings of Melnikov with regards to a machine learning model method of Deutschmann in view of Patel and Marwah in order to detect discrepancy (malicious actions by an unauthorized user) and to provide a non-invasive way to authenticate a user after login (Melnikov: ¶0003-0013). Deutschmann in view of Patel, Marwah, and Melnikov does not disclose: wherein the plurality of learning models are set prior to the performing of the basic authentication, wherein the basic authentication comprises typing a password to log into a service, wherein the obtained behavioral characteristics comprise a typing pattern for typing the password, and wherein each of the plurality of learning models is set according to each of a plurality of activity scenarios. However, Pavlou teaches wherein the plurality of learning models are set prior to the performing of the basic authentication, (¶0025-0026: The server 108 is also configured to access the datastore 110 in which various information 160 is stored and is also able to write/read from datastore(s) 110. The various information 160 includes, is not limited to, software applications, code, media content (e.g., text images, videos, etc.), user account information, user authentication information (e.g., user name and/or facial information), machine learning algorithms, and/or machine learning models. During the application's operation, an authentication process is performed for authenticating the end user 102 of a CD 104.sub.1, . . ., or 104.sub.N. The authentication process is performed to detect unauthorized users of the CD in an efficient, effective and reliable manner. The authentication process is provided with a higher degree of certainty as compared to conventional password based authentication methods and other conventional authentication methods which can be manipulated by malicious users. wherein each of the plurality of learning models is set according to each of a plurality of activity scenarios. (¶0028-0031: The collected data and/or correlated additional information is sent from the CD to the server 108 via network 106. The server 108 uses the received data/information to train a plurality of machine learning models with known user behavior patterns for the end user 102. Machine learning models are well known in the art, and therefore will not be described in detail herein. Any known or to be known machine learning model can be used herein. For example, binary classification based machine learning models and/or clustering based machine learning models is(are) employed here. The machine learning models are stored in the datastore 110 for later use. The trained machine learning models are subsequently used by the server to determine a confidence value reflecting the degree of confidence that the end user 102 is an authorized user of the CD or an unauthorized user of the CD 104.sub.1. The confidence value is determined based on the degree to which newly observed user behavior matches a corresponding one of the known user behavior patterns. In some scenarios, depending on CD's capabilities and connectivity (e.g., having sufficient CPU, memory, without Internet access, etc.), the machine learning models can be transferred to CD 104.sub.1 and the process of determining the confidence value can take place in CD 104.sub.1.). It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to utilize the teachings of Pavlou with regards to a plurality of learning model in association with basic authentication method of Deutschmann in view of Patel, Marwah, and Melnikov in order to better detect if the user is authorized or unauthorized (Pavlou: ¶0004). Deutschmann in view of Patel, Marwah, Melnikov, and Pavlou does disclose: wherein the basic authentication comprises typing a password to log into a service, wherein the obtained behavioral characteristics comprise a typing pattern for typing the password, and However, Arif Khan teaches wherein the basic authentication comprises typing a password to log into a service, wherein the obtained behavioral characteristics comprise a typing pattern for typing the password, and (¶0045: As part of this continued training, the authentication module 102 (through its APIs) may continue to collect more datasets (from subsequent/future logins by the user of the client machine 106 or non-users/hacking attempting to logins based on actual users’ log-in credentials) and continue to re-train the classifiers in the ML model, as indicated in by arrow 316 in Figure 3. In particular embodiments, the length of the length of data collection period (at arrow 316) may be dynamically monitoring the variability of the user’s typing/ data-entry pattern). It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to utilize the teachings of Arif Khan with regards to the basic authentication to the method of Deutschmann in view of Patel, Marwah, Melnikov, and Pavlou in order to better detect fraud and to enhance security (Arif Khan: ¶0001-0004). With respect to claim 11, the combination of Deutschmann in view of Patel, Marwah, Melnikov, Pavlou, and Arif Khan teaches the device of claim 10 (see rejection of claim 10 above) wherein the one or more computer programs further include computer executable instructions that, when executed by the one or more processors individually or collectively, cause the user authentication electronic device to: obtain the behavioral characteristics of the user and perform the additional authentication for the user as background operations not requiring an additional action from the user. (Deutschmann: ¶0074: In some embodiments, at least some of the control commands are stochastically provided, and are hidden from the user. The user's interaction with these control commands is based on the user's desire to reach goal application as soon as possible without perceivable interference. In such embodiments, information relating to the user's behavioral pattern may be collected in the background without the user being away of receiving control commands for authentication purposes.). With respect to claim 12,the combination of Deutschmann in view of Patel, Marwah, Melnikov, Pavlou, and Arif Khan teaches the device of claim 10 (see rejection of claim 10 above) wherein the behavioral characteristics of the user are obtained from at least one of: at least one sensor, a user interface, or an application. (Deutschmann: ¶0026: In a preparatory stage, a user profile of an authenticated user is generated, by extracting, from signals received from at least one radar sensor of the mobile device working at least piece-wise continuously in time, an authenticated behavioral pattern of the authenticated user and by securely storing characteristic data relating to the authenticated behavioral pattern as part of the user profile. At some later stage, a recent behavioral pattern of a user is extracted from recent signals received from the at least one radar sensor.). With respect to claim 13,the combination of Deutschmann in view of Patel, Marwah, Melnikov, Pavlou, and Arif Khan teaches the device of claim 12 (see rejection of claim 12 above) wherein the behavioral characteristics of the user comprise at least one of: a keyboard typing pattern, a keyboard heat map, a motion while typing or swiping, a typing timing, a touch screen swiping pattern, a touch input pattern, a context-dependent motion characteristic, behavioral information obtained through an acceleration sensor or a gravity sensor, an application usage habit, or a device grip pattern. (Deutschmann: ¶0037: In some embodiments, the method further includes authenticating the user by receiving user-specific credentials from the user, and extracting the recent behavioral pattern occurs during the receiving of the user-specific credentials from the user. In some cases, the recent behavioral pattern includes at least one of key pressing time stamps (typing timing), swiping time stamps, and scrolling time stamps, as well as behavioral patterns of the user's finger movement during the authenticating step (touch screen swiping pattern).). With respect to claim 14,the combination of Deutschmann in view of Patel, Marwah, Melnikov, Pavlou, and Arif Khan teaches the device of claim